GNU bug report logs - #50698
[PATCH] WIP patches for recently-known hurd security vulnerabilities

Previous Next

Package: guix-patches;

Reported by: Maxime Devos <maximedevos <at> telenet.be>

Date: Mon, 20 Sep 2021 10:41:02 UTC

Severity: normal

Tags: patch, security

Full log

Message #22 received at 50698 <at> debbugs.gnu.org (full text, mbox):

From: <janneke <at> gnu.org>
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: Ludovic Courtès <ludo <at> gnu.org>,
 Maxime Devos <maximedevos <at> telenet.be>, 50698 <at> debbugs.gnu.org
Subject: Re: [bug#50698] [PATCH] WIP patches for recently-known hurd
 security vulnerabilities
Date: Mon, 11 Nov 2024 08:57:53 +0100

Maxim Cournoyer writes:

Hey Maxim,

> Would you know if this series is still relevant, following your recent
> series that update most of the Hurd components?

Yes.  Debian is still carrying these agains their glibc:

<https://salsa.debian.org/glibc-team/glibc/-/blob/sid/debian/patches/hurd-i386/tg-sendmsg-SCM_CREDS.diff>
<https://salsa.debian.org/glibc-team/glibc/-/blob/sid/debian/patches/hurd-i386/proc_reauth.diff>

I have no idea about their status or why Debian hasn't upstreamed them.

Maybe now is a good time to add these to glibc/hurd (it seems we still
have a hook for a custom glibc library in place, yay!).

Would you like to rebase/create a patch for the hurd-team branch?

Greetings,
Janneke

-- 
Janneke Nieuwenhuizen <janneke <at> gnu.org>  | GNU LilyPond https://LilyPond.org
Freelance IT https://www.JoyOfSource.com | Avatar® https://AvatarAcademy.com
This bug report was last modified 214 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.