On 2026/06/23 02:36, Theo de Raadt wrote: > I disagree. > > This diff is many, many weeks old, and has effectively been ignored. > There are multiple ports builders who did not incorporate it into their > base system to explore what it does in ports. I don't see a reason to believe > this diff is going to cause a problem.
We are only just (end of last week) clear of most of the noise and failures from the llvm update, until that happened each build meant softing through failures to figure out the cause. Before then it would not have been a good time for a test build. > So now it can be in the next snapshot diff, that process which has been > deferred can happen. I could have also put it into the snapshot builds > without having it be commited, and we'd be in the same situation. > > I also think that is fair because renaud has shown he's pretty careful. > > Theo Buehler <[email protected]> wrote: > > > On Tue, Jun 23, 2026 at 02:27:37AM -0600, Renaud Allard wrote: > > > CVSROOT: /cvs > > > Module name: src > > > Changes by: [email protected] 2026/06/23 02:27:37 > > > > > > Modified files: > > > usr.bin/tsort : tsort.c > > > > > > Log message: > > > Fix heap buffer overread with embedded null bytes in input > > > > > > > Please back this out. > > You did not have an ok and this did not go through a ports bulk. > > >
