On viernes, 7 de octubre de 2016 4:56:03 P. M. ART Daniel Kahn Gillmor wrote:
[snip]
> > And also: yes, -fPIE needs overriding if using hardening flags.
>
> can you explain that in more detail? what specifically should be
> overridden and where?
Sure. Hardening adds -fPIE to CFLAGS/CXXFLAGS, so
Hey,
> >> -PIC implies -fPIE. Replacing -fPIE with -fPIC is the right thing to do,
> >> and is needed to get the code working with Qt 5.4.2+.
> >
> > And also: yes, -fPIE needs overriding if using hardening flags.
>
> can you explain that in more detail? what specifically should be
> overridden
Hey,
> I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't
> apply cleanly, it would be nice if the advisory includes the list of the
> commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release.
Yes another patch is missing there - I already informed them and ho
On Fri 2016-10-07 16:33:20 -0400, Lisandro Damián Nicanor Pérez Meyer wrote:
> On viernes, 7 de octubre de 2016 6:35:00 P. M. ART Dmitry Shachnev wrote:
>> On Fri, 07 Oct 2016 08:54:53 -0400, Daniel Kahn Gillmor wrote:
>> > I've been reading about -fPIC and -fpic and -fPIE and -fpie and -pie for
>>
Hey,
> I'm not entirely sure what to do about the name of the library during
> this handoff -- it might drop the "kf5" prefix. If we don't drop the
> "kf5" prefix, i suppose we'll need an epoch number in the package
> version to make sure that upgrades happen. It's also possible that
> we'll nee
On viernes, 7 de octubre de 2016 6:35:00 P. M. ART Dmitry Shachnev wrote:
> On Fri, 07 Oct 2016 08:54:53 -0400, Daniel Kahn Gillmor wrote:
> > I've been reading about -fPIC and -fpic and -fPIE and -fpie and -pie for
> > years and i confess i've never completely understood the differences or
> > whe
¡Hola Maximiliano!
On Fri 2016-10-07 09:45:25 -0400, Maximiliano Curia wrote:
> Yes, sorry for not replying sooner. We are not planning to upload a new
> version of gpgmepp (we are currently skipping 16.08 and upstream is
> apparently
> dropping gpgmepp for 16.12).
ok, cool. so then taking it
On Fri, 07 Oct 2016 08:54:53 -0400, Daniel Kahn Gillmor wrote:
> I've been reading about -fPIC and -fpic and -fPIE and -fpie and -pie for
> years and i confess i've never completely understood the differences or
> whether one is "stronger" than another.
>
> gcc says of -fPIE and -fpic "generated po
¡Hola Daniel!
El 2016-10-07 a las 15:26 +0200, Maximiliano Curia escribió:
On Fri 2016-10-07 04:33:36 -0400, Maximiliano Curia wrote:
Qt and KDE libs are built with -fPIC, which, afaik, is stronger and
incompatible with -fPIE, would it be an option to use -fPIC for
gpgme?
I've been reading a
Forwarding as requested.
- Forwarded message from Daniel Kahn Gillmor -
Date: Fri, 07 Oct 2016 08:54:53 -0400
From: Daniel Kahn Gillmor
To: Maximiliano Curia
Subject: Re: gpgme 1.7.0~ alpha or beta to debian experimental?
X-CRM114-Status: GOOD ( 6.40 )
[ offlist because your respo
(resending on list)
Qt and KDE libs are built with -fPIC, which, afaik, is stronger and
incompatible with -fPIE, would it be an option to use -fPIC for gpgme?
On October 7, 2016 3:48:39 AM GMT+02:00, Daniel Kahn Gillmor
wrote:
> On Thu 2016-10-06 19:51:57 -0400, Sandro Knauß wrote:
>
>> I now
Hi,
About: https://www.kde.org/info/security/advisory-20161006-1.txt
I tried to backport the CVE-2016-7966 fix commit to kf 5.26 and it didn't
apply cleanly, it would be nice if the advisory includes the list of the
commits to backport, or maybe a new 5.26.1 kcoreaddons bugfix release.
About
12 matches
Mail list logo