From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Re-shipping binaries due to _FORTIFY_SOURCE=3 Date: Tue, 21 May 2024 15:55:27 +0100 Message-ID: In-Reply-To: <72272574-b5a9-4c86-a9de-dc6f16a0e3b0@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5825347490293935477==" List-Id: --===============5825347490293935477== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Peter, well, this is a difficult topic. We have shipped quite a lot in the consecuti= ve updates, but generally when we have any changes on the toolchain we cannot= ship everything rebuilt at once. That would simply make the update too large. Either we spend some time on Pakfire to upload less and then install so that = we don=E2=80=99t have to worry about the update size at all any more, or we h= ave to keep being conservative with what we ship at a time. On this particular change, glibc is not affected, as it is being configured w= ith its own CFLAGS. However, this particular change probably changes every si= ngle binary. We have re-shipped everything that exposes any network stuff, an= d crucial libraries that parse images, XML, and so on. I think that this pret= ty much the best we can do. Best, -Michael > On 21 May 2024, at 10:50, Peter M=C3=BCller wr= ote: >=20 > Hello *, >=20 > while trying to figure out the odd Suricata and kernel behavior with Core U= pdate 186 > I encountered the other day, I noted that cecad543cb59d0e052cea437cc064bb09= 24cdbd2 > mentions that having properly applied the _FORTIFY_SOURCE=3D3 change entai= ls that we > re-ship "everything" (I assume that means every executable binary :-) ). >=20 > It seems like we didn't do so ever since this commit was merged into next, = and while > doing so in one go is not possible, I was wondering if we perhaps want to r= e-ship > the most critical parts, such as binaries of services directly exposed to t= he network, > the glibc, and similar components. >=20 > Just a thought that occurred to me. >=20 > Thanks, and best regards, > Peter M=C3=BCller --===============5825347490293935477==--