From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id F03B13858D35 for ; Thu, 25 Nov 2021 17:24:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org F03B13858D35 Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-537-gbkEh5WaN3KtxJKnzfoFHg-1; Thu, 25 Nov 2021 12:24:15 -0500 X-MC-Unique: gbkEh5WaN3KtxJKnzfoFHg-1 Received: by mail-pj1-f70.google.com with SMTP id p12-20020a17090b010c00b001a65bfe8054so3382589pjz.8 for ; Thu, 25 Nov 2021 09:24:15 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:organization:in-reply-to :content-transfer-encoding; bh=Vg2v1trBCcW8y52x+vMiZuF7LSbfR0uuLORfdNV63cw=; b=AOTpn5xVRSOnzY0BLnmjCnD7j8pjZhPAtuc5Tzx+btnhT8xQAcxi3aNv2w3y7cJry+ JpKxYAsy9VQRIiY+5xbq6qYgHkB7b+QLgFuJPClP23m83IyXS5Iw3cl1VlRF3xJ7/UDN hxBHh5e/xaEr75aR6zXo6ymR/8KM9F+7WolLGGzCQ/GLuWDT/OLRl+DEuo2rPCHnUQMa YZwEuBtEToOaQKmPo8E8eDaz0A2e4Yc+1uzGhjJzI/dRT6rEiFA047slQRRaEhCgvyxG 2DmokpXA/K2R6kUhFbe6HsxEpT7DdYtGWyCLIGxF8w6NDpQE9J8gwMhTLS0h1LAKwmK9 LQEA== X-Gm-Message-State: AOAM531FExRKRqjaoBVFUbMZKVwaPpSLcwqp63ls7dxeIxnSOmz4mdQ+ y7EZAAUGhMjD0cnD2FxrjE5Wp3BS8rwi6AodHMJghKY3NH6Fv03CeHLGS1RmXlTJvUPJq/3LBIM 00CuhmxmoOCPg/MREefA= X-Received: by 2002:a17:90a:98f:: with SMTP id 15mr8738723pjo.166.1637861054437; Thu, 25 Nov 2021 09:24:14 -0800 (PST) X-Google-Smtp-Source: ABdhPJzq/6/t42/1JUyGbIYtGb5rd+/FP4ltUrFfnU3q4mvKMucuq4VqOHaquFrv9bBrZh1FneavYg== X-Received: by 2002:a17:90a:98f:: with SMTP id 15mr8738682pjo.166.1637861054187; Thu, 25 Nov 2021 09:24:14 -0800 (PST) Received: from [192.168.0.241] (135-23-175-80.cpe.pppoe.ca. [135.23.175.80]) by smtp.gmail.com with ESMTPSA id j127sm4011904pfg.14.2021.11.25.09.24.11 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 25 Nov 2021 09:24:13 -0800 (PST) Message-ID: <174ee8fb-70d4-a24e-ba36-a232d232090a@redhat.com> Date: Thu, 25 Nov 2021 12:24:09 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.1.0 Subject: Re: Patching glibc 2.27 on Ubuntu To: Evgeny Morozov , libc-help@sourceware.org References: From: Carlos O'Donell Organization: Red Hat In-Reply-To: X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-8.4 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, NICE_REPLY_A, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-help@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-help mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Nov 2021 17:24:24 -0000 On 11/25/21 03:53, Evgeny Morozov wrote: > Hi, > > I'd like to apply a patch from > https://sourceware.org/bugzilla/show_bug.cgi?id=25847 (the "mitigation > patch": https://sourceware.org/bugzilla/attachment.cgi?id=12484) to many > x64 systems running Ubuntu 18.04. They should all have the same version of > the libc6 package installed. Is it possible to build it on one system and > just copy the affected binaries to all of them, or do I have to build and > install it on each system? If I can copy just a few binaries, should I copy > only libpthread.so, libc.so, both, something else? You need to integrate the patch into the Ubuntu version of glibc shipping with the distribution. You should take the patch, and add it to the Ubuntu glibc package as a patch and build the package using dpkg-buildpackage or a build service. It is not recommended to build your own glibc and install it into your distribution. -- Cheers, Carlos.