From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 47610 invoked by alias); 4 Feb 2019 13:42:59 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 47597 invoked by uid 89); 4 Feb 2019 13:42:58 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-0.4 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,KAM_NUMSUBJECT autolearn=no version=3.3.2 spammy=H*r:4.89, conflicts, acceptable, queries X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,KAM_LAZY_DOMAIN_SECURITY,KAM_NUMSUBJECT autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: hall.aurel32.net Received: from hall.aurel32.net (HELO hall.aurel32.net) (163.172.24.10) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 04 Feb 2019 13:42:56 +0000 Received: from [2a01:e35:2e4c:a861:655e:aef3:f589:b897] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gqeWU-0004NN-N5 for libc-stable@sourceware.org; Mon, 04 Feb 2019 14:42:54 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.92-RC4) (envelope-from ) id 1gqeWU-0003cB-59 for libc-stable@sourceware.org; Mon, 04 Feb 2019 14:42:54 +0100 Date: Tue, 01 Jan 2019 00:00:00 -0000 From: Aurelien Jarno To: libc-stable@sourceware.org Subject: Backporting CVE-2016-10739 Message-ID: <20190204134254.GA13816@aurel32.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-IsSubscribed: yes X-SW-Source: 2019-02/txt/msg00002.txt.bz2 Hi, I am looking at backporting fixes for CVE-2016-10739 (ie commit 108bc404) in the 2.28 branch first, and probably in the 2.24 branch later. I would need some guidance how to proceed: - Is it acceptable to also to backport commit 5e30b8ef ("resolv: Reformat inet_addr, inet_aton to GNU style")? Without this patch, there's a lot of conflicts that are a pain to fix. - According to the commit message 6ca53a24 ("resolv: Do not send queries for non-host-names in nss_dns [BZ #24112]"), also needs to be backported. Is it fine to do so? - The commit introduces a new symbol, which is something we usually do not want in a stable branch. However the __inet_aton_exact symbol is added under GLIBC_PRIVATE. Therefore I wonder if it is acceptable for a stable branch. Thanks, Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net