From: "\"Tóth Attila\"" <atoth@atoth.sote.hu>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] Re: Security notice regarding hardened-sources
Date: Fri, 17 Sep 2010 18:40:51 +0200 [thread overview]
Message-ID: <1b59d6e1fb88fbb46e64a87c8db9961f.squirrel@atoth.sote.hu> (raw)
In-Reply-To: <4C92B492.8010008@gentoo.org>
Thanks for the feedback about the sources.
What about the toolchain? What are the gcc, binutils and glibc versions
supported? What versions of the toolchain components advised for the brave
folk?
Thx:
Dw.
--
dr Tóth Attila, Radiológus, 06-20-825-8057, 06-30-5962-962
Attila Toth MD, Radiologist, +36-20-825-8057, +36-30-5962-962
2010.Szeptember 17.(P) 02:21 időpontban Anthony G. Basile ezt írta:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/16/2010 06:47 PM, 7v5w7go9ub0o wrote:
>> On 09/16/10 17:15, Anthony G. Basile wrote:
>> []
>>
>>>
>>>
>>> As a result, certain configurations of hardened-sources are also
>>> vulnerable. As a work around until I get the fix into the tree and
>>> fast track stabilization, keep the following in mind:
>>
>> []
>>
>> Thank you for this note, Anthony!
>>
>> 1. Will hardened-sources be distributed via the tree, or via an overlay?
>> (IIRC, I got 2.6.34-r5 via the overlay, then it disappeared)
>>
>> 2. Same question about gcc; will hardened gcc come to us via an overlay?
>> (I see an update to 4.4.4-r2; IIRC I got 4.4.4-r1 via overlay).
>>
>> TIA
>>
>
>
> The overlay should not be used for anything anymore. Its around only
> for reference. (Zorry and I may want to look back at stuff we did.)
>
> In about a day or so you should see hardened-sources-2.6.32-r18.ebuild
> and hardened-sources-2.6.34-r6.ebuild appear in portage. Use one of
> those two.
>
>
> - --
> Anthony G. Basile, Ph.D.
> Gentoo Developer
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkyStJIACgkQl5yvQNBFVTUnnACgg1lYVsSGM2k5SG6VSBeJTPOI
> hhIAn0WTyGjbplsXD3JavTuBP6Xf2N5D
> =08GV
> -----END PGP SIGNATURE-----
>
next prev parent reply other threads:[~2010-09-17 17:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-16 21:15 [gentoo-hardened] Security notice regarding hardened-sources Anthony G. Basile
2010-09-16 22:47 ` [gentoo-hardened] " 7v5w7go9ub0o
2010-09-17 0:21 ` Anthony G. Basile
2010-09-17 16:40 ` "Tóth Attila" [this message]
2010-09-17 4:06 ` Magnus Granberg
2010-09-17 23:12 ` 7v5w7go9ub0o
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1b59d6e1fb88fbb46e64a87c8db9961f.squirrel@atoth.sote.hu \
--to=atoth@atoth.sote.hu \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox