[gentoo-dev] gcc 4.3.2 security updates
not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively -mike signature.asc Description: This is a digitally signed message part.
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: > not to be out done, gcc-4.3.2-r3 will include changes like some other > distros are now carrying: > - the -Wformat-security flag is enabled by default > - the -D_FORTIFY_SOURCE=2 flag is enabled by default > > if you dont want this stuff, you can use the flag > -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively > -mike > I'm really hoping this isn't a stable candidate. :P -- gcc-porting, by design, by neglect treecleaner, for a fact or just for effect wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662 signature.asc Description: PGP signature
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sat, 10 Jan 2009 18:03:17 -0600 Ryan Hill wrote: > I'm really hoping this isn't a stable candidate. :P Is an earlier gcc 4.3 a stable candidate, or have those plans been abandoned? (I'm wondering whether it's worth the pain of dealing with 4.1's lack of tr1 regex support...) -- Ciaran McCreesh signature.asc Description: PGP signature
[gentoo-dev] Re: [gentoo-commits] gentoo-x86 commit in profiles: package.mask
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benedikt Boehm (hollow) schrieb: > hollow 09/01/10 21:41:41 > > Modified: package.mask > Log: > mask sys-apps/baselayout-vserver for removal > > Revision ChangesPath > 1.9378 profiles/package.mask > > file : > http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/package.mask?rev=1.9378&view=markup > plain: > http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/package.mask?rev=1.9378&content-type=text/plain > diff : > http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/package.mask?r1=1.9377&r2=1.9378 > > Index: package.mask > === > RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v > retrieving revision 1.9377 > retrieving revision 1.9378 > diff -u -r1.9377 -r1.9378 > --- package.mask 10 Jan 2009 17:17:32 - 1.9377 > +++ package.mask 10 Jan 2009 21:41:41 - 1.9378 > @@ -1,5 +1,5 @@ > > -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.9377 2009/01/10 > 17:17:32 ulm Exp $ > +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.9378 2009/01/10 > 21:41:41 hollow Exp $ > # > # When you add an entry to the top of this file, add your name, the date, and > # an explanation of why something is getting masked. Please be extremely > @@ -31,6 +31,11 @@ > > #--- END OF EXAMPLES --- > > +# Benedikt Böhm (10 Jan 2009) > +# baselayout-vserver is unmaintained and obsoleted by > +# baselayout-2/openrc. please upgrade. removal in 30 days. > +sys-apps/baselayout-vserver > + > # Rémi Cardona (09 Jan 2009) > # old virtual left from the transition from monolithic > # to modular X. Use x11-libs/libXft directly > > > > This is bad, because: - - you forgot the ChangeLog entry - - you forgot the last rites mail - - baselayout-2/openrc isn't stable yet, in fact it's even masked in profiles/targets/vserver/package.mask Regards, Friedrich -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklpQ9MACgkQknxn9PmJ76VnyQCdHNTqkJVvMiD3Pr1/j8Ri8R3F 0nAAn35fDhWFUatM7er/sX6aPvAS4OwP =vVPy -END PGP SIGNATURE-
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 01.06.45 Ciaran McCreesh wrote: > On Sat, 10 Jan 2009 18:03:17 -0600 > > Ryan Hill wrote: > > I'm really hoping this isn't a stable candidate. :P > > Is an earlier gcc 4.3 a stable candidate, or have those plans been > abandoned? > > (I'm wondering whether it's worth the pain of dealing with 4.1's lack > of tr1 regex support...) We will get more bugs if we enable FORTIFY_SOURCE for the stable canididet of gcc 4.3 like /usr/include/bits/fcntl2.h:51: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments GLIBC won't even compile with it. /Zorry
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: > On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: > > not to be out done, gcc-4.3.2-r3 will include changes like some other > > distros are now carrying: > > - the -Wformat-security flag is enabled by default > > - the -D_FORTIFY_SOURCE=2 flag is enabled by default > > > > if you dont want this stuff, you can use the flag > > -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively > > I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. -mike signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: > On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: > > On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: > > > not to be out done, gcc-4.3.2-r3 will include changes like some other > > > distros are now carrying: > > > - the -Wformat-security flag is enabled by default > > > - the -D_FORTIFY_SOURCE=2 flag is enabled by default > > > > > > if you dont want this stuff, you can use the flag > > > -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively > > > > I'm really hoping this isn't a stable candidate. :P > > gcc-4.3.2-r0 is still the stable candidate. nothing has changed. > -mike Any patches ready? /Zorry
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sun, 11 Jan 2009 00:06:45 + Ciaran McCreesh wrote: > On Sat, 10 Jan 2009 18:03:17 -0600 > Ryan Hill wrote: > > I'm really hoping this isn't a stable candidate. :P > > Is an earlier gcc 4.3 a stable candidate, or have those plans been > abandoned? > > (I'm wondering whether it's worth the pain of dealing with 4.1's lack > of tr1 regex support...) I was hoping to have the tree ready by Mar/Apr. Flameeyes dug up a lot of broken packages with his tinderbox runs that need addressing though. I'm going to go through the list, posting patches next week. Then we have to wait until they can be stabilized. Which reminds me - maintainers, if you have a bug blocking #245547 that you have not yet CC'd arches on, do so now please. Most of these were opened in November and haven't seen any action. Thanks. -- gcc-porting, by design, by neglect treecleaner, for a fact or just for effect wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662 signature.asc Description: PGP signature