lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200501142008.GC2470@localhost.localdomain>
Date:   Fri, 1 May 2020 11:20:08 -0300
From:   Marcelo Ricardo Leitner <marcelo.leitner@...il.com>
To:     Harald Welte <laforge@...monks.org>
Cc:     Xin Long <lucien.xin@...il.com>,
        network dev <netdev@...r.kernel.org>,
        linux-sctp@...r.kernel.org
Subject: Re: ABI breakage in sctp_event_subscribe (was [PATCH net-next 0/4]
 sctp: add some missing events from rfc5061)

On Fri, May 01, 2020 at 03:16:07PM +0200, Harald Welte wrote:
> Dear Linux SCTP developers,
> 
> On Sun, Apr 19, 2020 at 12:25:36PM +0200, Harald Welte wrote:
> > this patchset (merged back in Q4/2019) has broken ABI compatibility, more
> > or less exactly as it was discussed/predicted in Message-Id
> > <20190206201430.18830-1-julien@...sta.com>
> > "[PATCH net] sctp: make sctp_setsockopt_events() less strict about the option length"
> > on this very list in February 2019.
> 
> does the lack of any follow-up so far seems to indicate nobody considers
> this a problem?  Even without any feedback from the Linux kernel
> developers, I would be curious to hear What do other SCTP users say.

No. Speaking for myself only, I just didn't have the time to check
your report yet. I'm a developer but it's not on my main priorities.

> 
> So far I have a somewhat difficult time understanding that I would be
> the only one worried about ABI breakage?  If that's the case, I guess
> it would be best to get the word out that people using Linux SCTP should
> better make sure to not use binary packages but always build on the
> system they run it on, to ensure kernel headers are identical.
> 
> I don't mean this in any cynical way.  The point is either the ABI is
> stable and people can move binaries between different OS/kernel
> versions, or they cannot.  So far the general assumption on Linux is you
> can, but with SCTP you can not, so this needs to be clarified.

That's what we want as well. Some breakage happened, yes, by mistake,
and fixing that properly now, without breaking anything else, may be
just impossible, unfortunatelly. But you can be sure that we are
engaged on not doing it again.

Thanks,
Marcelo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ