[OE-core] [PATCH] gcc-9.2: Security fix for CVE-2019-14250
akuster808
akuster808 at gmail.com
Mon Sep 2 16:10:27 UTC 2019
On 9/2/19 5:40 AM, Adrian Bunk wrote:
> On Sun, Sep 01, 2019 at 10:07:13AM -0700, akuster808 wrote:
>>
>> On 9/1/19 7:05 AM, Adrian Bunk wrote:
>>> thud and zeus are providing 2 gcc versions each that need fixing.
>> That is a true statement. What are you expecting?
> The other versions also being fixed?
By whom?
>
> gcc-8 being fixed in warrior before it gets fixed in master would be
> the wrong order, and would introduce a security regression in master.
Warrior mainline does not have this fix nor does Thud. There is nothing
wrong doing all the prep-work so changes can land in the the proper
order. I am fine if they don't get accepted.
>
> The code should be nearly identical in warrior and master, so fixing
> this also in gcc-8 in master should be trivial.
If I find some additional free time and resources, I might be able to
swing that. We currently don't validate the Alt gcc's and they add a
maintenance burden.
IMHO, the older one should be dropped, like we did for Warrior.
>
> Fixing gcc-7 in thud would be a bonus.
Patches welcome for the bonus.
- armin
>
>> - armin
> cu
> Adrian
>
More information about the Openembedded-core
mailing list