Can you describe the regressions in some more detail > On Feb 25, 2016, at 5:43 PM, Darcy Watkins <dwatk...@sierrawireless.com> > wrote: > > Be careful about rushing out fixes. We are observing regressions in software > triggered by changes in glibc behaviour. > > > --- > > Regards, > > Darcy > > Darcy Watkins > Staff Engineer, Firmware > Sierra Wireless > http://sierrawireless.com > [M3] > >> On Feb 24, 2016, at 8:57 AM, akuster808 <akuster...@gmail.com> wrote: >> >> >> >>> On 02/24/2016 08:38 AM, Mark Hatle wrote: >>>> On 2/23/16 6:14 PM, akuster808 wrote: >>>> >>>> >>>>> On 02/23/2016 02:52 PM, Darcy Watkins wrote: >>>>>> On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote: >>>>>>> On 2/23/16 1:53 PM, Khem Raj wrote: >>>>>>> On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins >>>>>>>> CVE-2015-7547 glibc vulnerability has been published as affecting glibc >>>>>>>> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21). >>>>>>>> >>>>>>>> Anyone know if we need the same security fixes in eglibc? >>>>>>> >>>>>>> yes you do. Eglibc was nothing but glibc+few fixes. >>>>>> >>>>>> Yes this affects all eglibc version 2.9 and newer up to glibc 2.23. >>>>>> >>>>>> As far as I'm aware, this affects all Yocto Project versions up to 2.0. >>>>> >>>>> I will be interested in knowing which Yocto Project versions will >>>>> receive the fixes. >>>> >>>> Master, 2.0 and 1.8 all have the fixes. >>>> How far back do we go in matters like this? >>> >>> Official support is current (in development) and the last two releases. So >>> up >>> to about a year and a half of support. >>> >>> After this point, it becomes community support. This really means, if >>> someone >>> in the community wants to continue support past the YP's support guidelines >>> they >>> are welcome to do so -- but there won't be any official releases, only >>> checkins >>> to the repository. >> >> much better explanation than mine. >> >> thanks, >> Armin >>> >>> We have done this on some OpenSSL fixes in the past, but it was based on >>> specific requests and people submitting the fixes to be included with older >>> versions. >>> >>>> 1.7 (dizzy) I plan on doing soon. beyond that I do not know. those are >>>> all community supported. >>>> >>>> - armin >>>>> >>>>> Thanks in advance! >>>>> >>>>>> (The patch referenced by the security announcement applies to all of the >>>>>> versions of glibc I've needed to apply it to for my customers. A few >>>>>> per-line >>>>>> tweaks might be necessary, but it was fairly easy.) >> -- >> _______________________________________________ >> yocto mailing list >> yocto@yoctoproject.org >> https://lists.yoctoproject.org/listinfo/yocto > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto
signature.asc
Description: Message signed with OpenPGP using GPGMail
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
