[Bug 225660] Merge Review: crash
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jan 23 17:11:24 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=225660
--- Comment #3 from Dave Anderson <anderson at redhat.com> 2009-01-23 12:11:22 EDT ---
I'm not sure why the review was made of the crash.spec file from the
upstream package instead of the Fedora version? When updating the Fedora
package, the upstream spec file is not pulled into Fedora. In any case,
I'm presuming that the relevant issues brought up re: the upstream spec
file should be addressed in the Fedora version if they haven't already.
The Fedora crash utility NVR scheme has (up until now) simply mirrored the
upstream version upon which it was based, but I can see the validity in
encapsulating the upstream NVR into the Fedora version. It's been an
annoyance in the past when somebody has come in (unbeknownst to me) and
bumped up the release number, which in turn screwed up the upstream NVR
relationship.
With respect to the CVE's, both 1704 and 4146 are highly unlikely
to be issues given that the crash utility does a number of checks
on the vmlinux object file prior to the embedded gdb module ever
being invoked. (i.e., using the supplied sample hand-carved object
files, they get rejected by the crash code as not being legitimate vmlinux
files) Nonetheless, the patches for both of those issues are reasonable and
safe to add, and I have done so. I've also incorporated the patch for
the .gdbinit-related 1705 issue.
When I update the upstream version, I will follow up with a Fedora
update -- after I figure out how to check into my account given that
I haven't been there since the Fedora break-in.
Thanks,
Dave Anderson
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the Fedora-package-review
mailing list