lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190429145248.GA7111@kroah.com>
Date:   Mon, 29 Apr 2019 16:52:48 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Paul Moore <paul@...l-moore.com>
Cc:     Sasha Levin <sashal@...nel.org>,
        Nathan Chancellor <natechancellor@...il.com>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Eric Paris <eparis@...isplace.org>, selinux@...r.kernel.org,
        linux-kernel@...r.kernel.org, stable@...r.kernel.org,
        Nicolas Iooss <nicolas.iooss@....org>
Subject: Re: scripts/selinux build error in 4.14 after glibc update

On Mon, Apr 29, 2019 at 10:47:00AM -0400, Paul Moore wrote:
> On Mon, Apr 29, 2019 at 10:09 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > On Mon, Apr 29, 2019 at 10:02:29AM -0400, Paul Moore wrote:
> > > On Mon, Apr 29, 2019 at 8:40 AM Greg KH <gregkh@...uxfoundation.org> wrote:
> > > > On Tue, Apr 23, 2019 at 09:43:09AM -0400, Paul Moore wrote:
> > > > > On Tue, Apr 23, 2019 at 9:29 AM Sasha Levin <sashal@...nel.org> wrote:
> > > > > > On Mon, Apr 22, 2019 at 09:59:47PM -0400, Paul Moore wrote:
> > > > > > >On Mon, Apr 22, 2019 at 5:00 PM Nathan Chancellor
> > > > > > ><natechancellor@...il.com> wrote:
> > > > > > >> Hi all,
> > > > > > >>
> > > > > > >> After a glibc update to 2.29, my 4.14 builds started failing like so:
> > > > > > >
> > > > > > >...
> > > > > > >
> > > > > > >>   HOSTCC  scripts/selinux/genheaders/genheaders
> > > > > > >> In file included from scripts/selinux/genheaders/genheaders.c:19:
> > > > > > >> ./security/selinux/include/classmap.h:245:2: error: #error New address family defined, please update secclass_map.
> > > > > > >>  #error New address family defined, please update secclass_map.
> > > > > > >>   ^~~~~
> > > > > > >
> > > > > > >This is a known problem that has a fix in the selinux/next branch and
> > > > > > >will be going up to Linus during the next merge window.  The fix is
> > > > > > >quite small and should be relatively easy for you to backport to your
> > > > > > >kernel build if you are interested; the patch can be found at the
> > > > > > >archive link below:
> > > > > > >
> > > > > > >https://lore.kernel.org/selinux/20190225005528.28371-1-paulo@paulo.ac
> > > > > >
> > > > > > Why is it waiting for the next merge window? It fixes a build bug that
> > > > > > people hit.
> > > > >
> > > > > I place a reasonably high bar on patches that I send up to Linus
> > > > > outside of the merge window and I didn't feel this patch met that
> > > > > criteria.  Nathan is only the second person I've seen who has
> > > > > encountered this problem, the first being the original patch author.
> > > > > As far as I've seen, the problem is only seen by users building older
> > > > > kernels on very new userspaces (e.g. glibc v2.29 was released in
> > > > > February 2019, Linux v4.14 was released in 2017); this doesn't appear
> > > > > to be a large group of people and I didn't want to risk breaking the
> > > > > main kernel tree during the -rcX phase for such a small group.
> > > >
> > > > Ugh, this breaks my local builds, I would recommend getting it to Linus
> > > > sooner please.
> > >
> > > Well, we are at -rc7 right now and it looks like an -rc8 is unlikely
> > > so the question really comes down to can/do you want to wait a week?
> >
> > It's a regression in the 5.1-rc tree, that is hitting people now.  Why
> > do you want to have a 5.1-final that is known to be broken?
> 
> I believe I answered that in my reply to Sasha.  Can you answer the
> question I asked of you above?

If you don't submit it this week, I guess I can wait as I have no other
choice.

But note, this did break my build systems, and my main development
system this weekend.  So yes, the number of people being affected might
be "small", but that "small" number includes the people responsible for
maintaining those stable kernels :(

Anyway, it's your call, just letting you know I'm really annoyed at the
moment by this...

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ