Re: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch
-Original Message- From: openembedded-core@lists.openembedded.org On Behalf Of Peter Marko via lists.openembedded.org Sent: Wednesday, September 27, 2023 16:21 To: soumya.sa...@windriver.com Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch > -Original Message- > From: openembedded-core@lists.openembedded.org > On Behalf Of Soumya via > lists.openembedded.org > Sent: Wednesday, September 27, 2023 9:46 > To: openembedded-core@lists.openembedded.org > Subject: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable > 2.35 branch > > > From: Soumya Sambu > > > > Adresses CVE-2023-4813, CVE-2023-4806 > > Could you also add these to CVE_CHECK_IGNORE? > Otherwise they will stay in cve-check reports since the recipe version did > not change. Additionally, this fixes CVE-2023-5156 > > Thanks, > Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188328): https://lists.openembedded.org/g/openembedded-core/message/188328 Mute This Topic: https://lists.openembedded.org/mt/101613417/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch
Sure, will send v2. Regards, Soumya From: Marko, Peter Sent: Wednesday, September 27, 2023 7:50 PM To: Sambu, Soumya Cc: openembedded-core@lists.openembedded.org Subject: RE: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch CAUTION: This email comes from a non Wind River email account! Do not click links or open attachments unless you recognize the sender and know the content is safe. -Original Message- From: openembedded-core@lists.openembedded.org On Behalf Of Soumya via lists.openembedded.org Sent: Wednesday, September 27, 2023 9:46 To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch > From: Soumya Sambu > > Adresses CVE-2023-4813, CVE-2023-4806 Could you also add these to CVE_CHECK_IGNORE? Otherwise they will stay in cve-check reports since the recipe version did not change. Thanks, Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188327): https://lists.openembedded.org/g/openembedded-core/message/188327 Mute This Topic: https://lists.openembedded.org/mt/101613417/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch
-Original Message- From: openembedded-core@lists.openembedded.org On Behalf Of Soumya via lists.openembedded.org Sent: Wednesday, September 27, 2023 9:46 To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch > From: Soumya Sambu > > Adresses CVE-2023-4813, CVE-2023-4806 Could you also add these to CVE_CHECK_IGNORE? Otherwise they will stay in cve-check reports since the recipe version did not change. Thanks, Peter -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188326): https://lists.openembedded.org/g/openembedded-core/message/188326 Mute This Topic: https://lists.openembedded.org/mt/101613417/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
[OE-core][kirkstone][PATCH 1/1] glibc: Update to latest on stable 2.35 branch
From: Soumya Sambu Adresses CVE-2023-4813, CVE-2023-4806 These are the complete list of changes this brings * 73d4ce728a Document CVE-2023-4806 and CVE-2023-5156 in NEWS * 17092c0311 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]* * 762a747fae io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 * e3ccb230a9 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) * 1b9087dcec gethosts: Return EAI_MEMORY on allocation failure * f5f88f142a gaih_inet: Split result generation into its own function * a6da106892 gaih_inet: split loopback lookup into its own function * 8b70d97b08 gaih_inet: make gethosts into a function * 9098deb96a gaih_inet: separate nss lookup loop into its own function * ce64e72b7d gaih_inet: Split nscd lookup code into its own function. * 4897bf7968 gaih_inet: Split simple gethostbyname into its own function * 571c531b3b gaih_inet: make numeric lookup a separate routine * 9aad91abe6 gaih_inet: Simplify service resolution * d02808dee9 getaddrinfo: Fix leak with AI_ALL [BZ #28852] * f366eaa608 gaih_inet: Simplify canon name resolution * b126325fc7 nss: Sort tests and tests-container and put one test per line * 6e867146ee Simplify allocations and fix merge and continue actions [BZ #28931] * 59ee83b0c2 elf: Move l_init_called_next to old place of l_text_end in link map * 34b07bdbdd elf: Remove unused l_text_end field from struct link_map * 02a67e102f elf: Always call destructors in reverse constructor order (bug 30785) * aeea91fd15 elf: Do not run constructors for proxy objects * 1d828d5855 elf: Introduce to _dl_call_fini Signed-off-by: Soumya Sambu --- meta/recipes-core/glibc/glibc-version.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index f23ceb5a25..c23a43576c 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "561e9dadc02f46a7ba2190c0a04259583479f6c9" +SRCREV_glibc ?= "73d4ce728a59deb2fd18969e559769b3f590fac9" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" -- 2.40.0 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188294): https://lists.openembedded.org/g/openembedded-core/message/188294 Mute This Topic: https://lists.openembedded.org/mt/101613417/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-