Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Saturday 10 January 2009 23:52:15 Magnus Granberg wrote: On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. Any patches ready? patches for what ? -mike signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 09.39.08 Mike Frysinger wrote: On Saturday 10 January 2009 23:52:15 Magnus Granberg wrote: On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. Any patches ready? patches for what ? -mike For the FORTIFY and Wformat thing but i will see when it hit the tree.
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 08:23:14 Magnus Granberg wrote: On Sunday 11 January 2009 09.39.08 Mike Frysinger wrote: On Saturday 10 January 2009 23:52:15 Magnus Granberg wrote: On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. Any patches ready? patches for what ? For the FORTIFY and Wformat thing but i will see when it hit the tree. the patches are going into 4.3.2-r3. i'm testing them locally before i push out 4.3.2-r3. -mike signature.asc Description: This is a digitally signed message part.
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger vap...@gentoo.org wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively -mike I'm really hoping this isn't a stable candidate. :P -- gcc-porting, by design, by neglect treecleaner, for a fact or just for effect wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662 signature.asc Description: PGP signature
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sat, 10 Jan 2009 18:03:17 -0600 Ryan Hill dirtye...@gentoo.org wrote: I'm really hoping this isn't a stable candidate. :P Is an earlier gcc 4.3 a stable candidate, or have those plans been abandoned? (I'm wondering whether it's worth the pain of dealing with 4.1's lack of tr1 regex support...) -- Ciaran McCreesh signature.asc Description: PGP signature
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 01.06.45 Ciaran McCreesh wrote: On Sat, 10 Jan 2009 18:03:17 -0600 Ryan Hill dirtye...@gentoo.org wrote: I'm really hoping this isn't a stable candidate. :P Is an earlier gcc 4.3 a stable candidate, or have those plans been abandoned? (I'm wondering whether it's worth the pain of dealing with 4.1's lack of tr1 regex support...) We will get more bugs if we enable FORTIFY_SOURCE for the stable canididet of gcc 4.3 like /usr/include/bits/fcntl2.h:51: error: call to '__open_missing_mode' declared with attribute error: open with O_CREAT in second argument needs 3 arguments GLIBC won't even compile with it. /Zorry
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. -mike signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] Re: gcc 4.3.2 security updates
On Sunday 11 January 2009 04.26.00 Mike Frysinger wrote: On Saturday 10 January 2009 19:03:17 Ryan Hill wrote: On Sat, 10 Jan 2009 16:22:50 -0500 Mike Frysinger wrote: not to be out done, gcc-4.3.2-r3 will include changes like some other distros are now carrying: - the -Wformat-security flag is enabled by default - the -D_FORTIFY_SOURCE=2 flag is enabled by default if you dont want this stuff, you can use the flag -Wno-format-security and the flag -U_FORTIFY_SOURCE respectively I'm really hoping this isn't a stable candidate. :P gcc-4.3.2-r0 is still the stable candidate. nothing has changed. -mike Any patches ready? /Zorry
[gentoo-dev] Re: gcc 4.3.2 security updates
On Sun, 11 Jan 2009 00:06:45 + Ciaran McCreesh ciaran.mccre...@googlemail.com wrote: On Sat, 10 Jan 2009 18:03:17 -0600 Ryan Hill dirtye...@gentoo.org wrote: I'm really hoping this isn't a stable candidate. :P Is an earlier gcc 4.3 a stable candidate, or have those plans been abandoned? (I'm wondering whether it's worth the pain of dealing with 4.1's lack of tr1 regex support...) I was hoping to have the tree ready by Mar/Apr. Flameeyes dug up a lot of broken packages with his tinderbox runs that need addressing though. I'm going to go through the list, posting patches next week. Then we have to wait until they can be stabilized. Which reminds me - maintainers, if you have a bug blocking #245547 that you have not yet CC'd arches on, do so now please. Most of these were opened in November and haven't seen any action. Thanks. -- gcc-porting, by design, by neglect treecleaner, for a fact or just for effect wxwidgets @ gentoo EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662 signature.asc Description: PGP signature