From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 53794 invoked by alias); 4 Feb 2019 21:14:05 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 53784 invoked by uid 89); 4 Feb 2019 21:14:05 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-1.4 required=5.0 tests=BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 spammy=wednesday, firm X-Spam-Status: No, score=-1.4 required=5.0 tests=BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-qk1-f182.google.com Received: from mail-qk1-f182.google.com (HELO mail-qk1-f182.google.com) (209.85.222.182) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 04 Feb 2019 21:14:04 +0000 Received: by mail-qk1-f182.google.com with SMTP id c21so865124qkl.6 for ; Mon, 04 Feb 2019 13:14:03 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp :organization:message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=qTxPbN2PjJO4TtQyWKxm697k+Gt4Jgeb4IZu0bHmN1g=; b=mDJpgAO+uzwFwGlclkDEcx8UvjDw7e4hlP0DwEO9vLtl1sel8twhDPzafBhKeROCQf W+CH7pjq53aFftAfoX/qk//O2UasxkRpMgJz4pG3dEHgF0Acshcu6vuzHSmA6e2zjfM6 CYcBQKHdpNLZUsySco5yos8lA7BGn2ueUQL+POQlJFaUAvGsRnbr+qDohD2Q7fLYhuKk skSWYh3BhG742aGqBw9MJ/vcHFdcXxUSCHtWqoiBjKytwagw9cdlJh3vL8M6oyP1xcUQ TzE5LdyorCQuMuDAtVcdkGUGsSsFXZT6cFb2cYW7GysMTP4T51y+HVPinvHopLJd4yzO YB9A== X-Gm-Message-State: AHQUAuYMgLZgAxln0xEMxf3PdleSv62s3Kay/Ddi8o7Q99+cXEwlUGMM KmXclY+C8aeeKb724qoe8WzzddZ+KftqNg== X-Google-Smtp-Source: AHgI3IZp8yaA+c9wEnUfHtu8+yVQOMMPf5VaGZaxog4YDMnHsQn9L8h3fB8j2l2xW8Z6ema7HAQ8xA== X-Received: by 2002:a37:5dc3:: with SMTP id r186mr1067480qkb.90.1549314842039; Mon, 04 Feb 2019 13:14:02 -0800 (PST) Received: from [10.150.73.190] (125.sub-174-228-143.myvzw.com. [174.228.143.125]) by smtp.gmail.com with ESMTPSA id c11sm11925841qtn.95.2019.02.04.13.14.00 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Feb 2019 13:14:01 -0800 (PST) Subject: Re: Backporting CVE-2016-10739 To: Florian Weimer Cc: Aurelien Jarno , libc-stable@sourceware.org References: <20190204134254.GA13816@aurel32.net> <871s4nppu4.fsf@oldenburg2.str.redhat.com> <87r2cno9qq.fsf@oldenburg2.str.redhat.com> <0a9daa70-7ea9-1ebd-8690-04b6ff2acd88@redhat.com> <87munbo8wy.fsf@oldenburg2.str.redhat.com> <47ca567f-7120-19c5-7ed6-c67c9f6306ca@redhat.com> <87y36vmsr9.fsf@oldenburg2.str.redhat.com> <877eefmk3z.fsf@oldenburg2.str.redhat.com> <2e644830-b506-f5b6-e020-99fc9ee9b94f@redhat.com> <87h8djl16h.fsf@oldenburg2.str.redhat.com> From: Carlos O'Donell Openpgp: preference=signencrypt Organization: Red Hat Message-ID: <990dc4b0-6221-d7e5-f897-309ed4ad7a66@redhat.com> Date: Tue, 01 Jan 2019 00:00:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <87h8djl16h.fsf@oldenburg2.str.redhat.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-SW-Source: 2019-02/txt/msg00019.txt.bz2 On 2/4/19 3:59 PM, Florian Weimer wrote: > * Carlos O'Donell: > >>> Patch below. What do you think? >> >> This looks good to me, you make direct use of "__attribute__ >> ((visibility ("hidden")))" in an exceptional case, and that's fine. > >> If this becomes less rare for some reason we might want a >> libc-symbols.h macro to define something that expresses the intent of >> the hidden visibility e.g. attr_dup_sym_hidden. > > I'm not a firm believer in those macros. The fact that attribute_hidden > expanded to nothing at all was quite a surprise to me. I care about documenting intent, since this is what keeps the code maintainable and the interfaces working. You don't have to use the macros, but they self-document without needing to have a comment. In your case the comment is what's important, that we don't want to export the symbol. > I've pushed the last version. Thanks! > Aurelien, I will not be able to do any more backports before Wednesday, > so please feel free to take over. -- Cheers, Carlos.