[PATCH 0/3] Several Glibc security fixes

[PATCH 0/3] Several Glibc security fixes

[Armin Kuster]

The pending 2.27 update does not need these. Only apply if that update is delayed too long.

affects glibc < 2.27

This will hit stable/Rocko-next shortly

Armin Kuster (3):
  glibc: Security fix CVE-2017-15670
  glibc: Security fix CVE-2017-15671
  glibc: Security fix for CVE-2017-15804

 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch |  61 ++++++
 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 215 +++++++++++++++++++++
 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch | 111 +++++++++++
 meta/recipes-core/glibc/glibc_2.26.bb              |   3 +
 4 files changed, 390 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch

-- 
2.7.4

[PATCH 1/3] glibc: Security fix CVE-2017-15670

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

Affects: glibc < 2.27

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch | 61 ++++++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.26.bb              |  1 +
 2 files changed, 62 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 0000000..aeecb92
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,61 @@
+From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Fri, 20 Oct 2017 18:41:14 +0200
+Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15670
+Affects: glibc < 2.27
+signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog    | 6 ++++++
+ NEWS         | 5 +++++
+ posix/glob.c | 2 +-
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -206,6 +206,11 @@ Security related changes:
+ * A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+   fixed (CVE-2017-12133).
+ 
++  CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
++  suffered from a one-byte overflow during ~ operator processing (either
++  on the stack or the heap, depending on the length of the user name).
++  Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+ 
+   [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
++++ git/posix/glob.c
+@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
+ 		  *p = '\0';
+ 		}
+ 	      else
+-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ 		  = '\0';
+ 	      user_name = newp;
+ 	    }
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
++
++       [BZ #22320]
++       CVE-2017-15670
++       * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-08-02  Siddhesh Poyarekar  <siddhesh@sourceware.org>
+ 
+ 	* version.h (RELEASE): Set to "stable"
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index 135ec4f..ed4ea4f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
            file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
+           file://CVE-2017-15670.patch \
 "
 
 NATIVESDKFIXES ?= ""
-- 
2.7.4

[PATCH 2/3] glibc: Security fix CVE-2017-15671

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak).

Affects: glibc < 2.27

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 215 +++++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.26.bb              |   1 +
 2 files changed, 216 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000..425aaa7
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,215 @@
+From 6182b3708b7af316454c81467538a8c20c1b046d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Sat, 21 Oct 2017 18:03:30 +0200
+Subject: [PATCH] glob: Add new test tst-glob-tilde
+
+The new test checks for memory leaks (see bug 22325) and attempts
+to trigger the buffer overflow in bug 22320.
+
+(cherry picked from commit e80fc1fc98bf614eb01cf8325503df3a1451a99c)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15671
+Affects: glibx < 2.27
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog              |   8 +++
+ posix/Makefile         |  11 +++-
+ posix/tst-glob-tilde.c | 136 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 153 insertions(+), 2 deletions(-)
+ create mode 100644 posix/tst-glob-tilde.c
+
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,11 @@
++2017-10-21  Florian Weimer  <fweimer@redhat.com>
++
++	* posix/Makefile (tests): Add tst-glob-tilde.
++	(tests-special): Add tst-glob-tilde-mem.out
++	(tst-glob-tilde-ENV): Set MALLOC_TRACE.
++	(tst-glob-tilde-mem.out): Add mtrace check.
++	* posix/tst-glob-tilde.c: New file.
++
+ 2017-10-20  Paul Eggert <eggert@cs.ucla.edu>
+ 
+        [BZ #22320]
+Index: git/posix/Makefile
+===================================================================
+--- git.orig/posix/Makefile
++++ git/posix/Makefile
+@@ -93,7 +93,7 @@ tests		:= test-errno tstgetopt testfnm r
+ 		   tst-fnmatch3 bug-regex36 tst-getaddrinfo5 \
+ 		   tst-posix_spawn-fd tst-posix_spawn-setsid \
+ 		   tst-posix_fadvise tst-posix_fadvise64 \
+-		   tst-sysconf-empty-chroot
++		   tst-sysconf-empty-chroot tst-glob-tilde
+ tests-internal	:= bug-regex5 bug-regex20 bug-regex33 \
+ 		   tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3
+ xtests		:= bug-ga2
+@@ -141,7 +141,8 @@ tests-special += $(objpfx)bug-regex2-mem
+ 		 $(objpfx)tst-rxspencer-no-utf8-mem.out $(objpfx)tst-pcre-mem.out \
+ 		 $(objpfx)tst-boost-mem.out $(objpfx)tst-getconf.out \
+ 		 $(objpfx)bug-glob2-mem.out $(objpfx)tst-vfork3-mem.out \
+-		 $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out
++		 $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out \
++		 $(objpfx)tst-glob-tilde-mem.out
+ xtests-special += $(objpfx)bug-ga2-mem.out
+ endif
+ 
+@@ -350,6 +351,12 @@ $(objpfx)bug-glob2-mem.out: $(objpfx)bug
+ 	$(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@; \
+ 	$(evaluate-test)
+ 
++tst-glob-tilde-ENV = MALLOC_TRACE=$(objpfx)tst-glob-tilde.mtrace
++
++$(objpfx)tst-glob-tilde-mem.out: $(objpfx)tst-glob-tilde.out
++	$(common-objpfx)malloc/mtrace $(objpfx)tst-glob-tilde.mtrace > $@; \
++	$(evaluate-test)
++
+ $(inst_libexecdir)/getconf: $(inst_bindir)/getconf \
+ 			    $(objpfx)getconf.speclist FORCE
+ 	$(addprefix $(..)./scripts/mkinstalldirs ,\
+Index: git/posix/tst-glob-tilde.c
+===================================================================
+--- /dev/null
++++ git/posix/tst-glob-tilde.c
+@@ -0,0 +1,136 @@
++/* Check for GLOB_TIDLE heap allocation issues (bug 22320, bug 22325).
++   Copyright (C) 2017 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++#include <glob.h>
++#include <mcheck.h>
++#include <nss.h>
++#include <pwd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/support.h>
++
++/* Flag which indicates whether to pass the GLOB_ONLYDIR flag.  */
++static int do_onlydir;
++
++/* Flag which indicates whether to pass the GLOB_NOCHECK flag.  */
++static int do_nocheck;
++
++/* Flag which indicates whether to pass the GLOB_MARK flag.  */
++static int do_mark;
++
++static void
++one_test (const char *prefix, const char *middle, const char *suffix)
++{
++  char *pattern = xasprintf ("%s%s%s", prefix, middle, suffix);
++  int flags = GLOB_TILDE;
++  if (do_onlydir)
++    flags |= GLOB_ONLYDIR;
++  if (do_nocheck)
++    flags |= GLOB_NOCHECK;
++  if (do_mark)
++    flags |= GLOB_MARK;
++  glob_t gl;
++  /* This glob call might result in crashes or memory leaks.  */
++  if (glob (pattern, flags, NULL, &gl) == 0)
++    globfree (&gl);
++  free (pattern);
++}
++
++enum
++  {
++    /* The largest base being tested.  */
++    largest_base_size = 500000,
++
++    /* The actual size is the base size plus a variable whose absolute
++       value is not greater than this.  This helps malloc to trigger
++       overflows.  */
++    max_size_skew = 16,
++
++    /* The maximum string length supported by repeating_string
++       below.  */
++    repeat_size = largest_base_size + max_size_skew,
++  };
++
++/* Used to construct strings which repeat a single character 'x'.  */
++static char *repeat;
++
++/* Return a string of SIZE characters.  */
++const char *
++repeating_string (int size)
++{
++  TEST_VERIFY (size >= 0);
++  TEST_VERIFY (size <= repeat_size);
++  const char *repeated_shifted = repeat + repeat_size - size;
++  TEST_VERIFY (strlen (repeated_shifted) == size);
++  return repeated_shifted;
++}
++
++static int
++do_test (void)
++{
++  /* Avoid network-based NSS modules and initialize nss_files with a
++     dummy lookup.  This has to come before mtrace because NSS does
++     not free all memory.  */
++  __nss_configure_lookup ("passwd", "files");
++  (void) getpwnam ("root");
++
++  mtrace ();
++
++  repeat = xmalloc (repeat_size + 1);
++  memset (repeat, 'x', repeat_size);
++  repeat[repeat_size] = '\0';
++
++  /* These numbers control the size of the user name.  The values
++     cover the minimum (0), a typical size (8), a large
++     stack-allocated size (100000), and a somewhat large
++     heap-allocated size (largest_base_size).  */
++  static const int base_sizes[] = { 0, 8, 100, 100000, largest_base_size, -1 };
++
++  for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir)
++    for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck)
++      for (do_mark = 0; do_mark < 2; ++do_mark)
++        for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
++          {
++            for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
++                 ++size_skew)
++              {
++                int size = base_sizes[base_idx] + size_skew;
++                if (size < 0)
++                  continue;
++
++                const char *user_name = repeating_string (size);
++                one_test ("~", user_name, "/a/b");
++              }
++
++            const char *user_name = repeating_string (base_sizes[base_idx]);
++            one_test ("~", user_name, "");
++            one_test ("~", user_name, "/");
++            one_test ("~", user_name, "/a");
++            one_test ("~", user_name, "/*/*");
++            one_test ("~", user_name, "\\/");
++            one_test ("/~", user_name, "");
++            one_test ("*/~", user_name, "/a/b");
++          }
++
++  free (repeat);
++
++  return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index ed4ea4f..e4ba28f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -44,6 +44,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
            file://CVE-2017-15670.patch \
+           file://CVE-2017-15671.patch \
 "
 
 NATIVESDKFIXES ?= ""
-- 
2.7.4

[PATCH 3/3] glibc: Security fix for CVE-2017-15804

[Armin Kuster]

From: Armin Kuster <akuster@mvista.com>

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

Affects: glibx < 2.27

Signed-off-by: Armin Kuster <akuster@mvista.com>
---
 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch | 111 +++++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.26.bb              |   1 +
 2 files changed, 112 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
new file mode 100644
index 0000000..b0dada3
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
@@ -0,0 +1,111 @@
+From 2fac6a6cd50c22ac28c97d0864306594807ade3e Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Thu, 2 Nov 2017 11:06:45 +0100
+Subject: [PATCH] posix/tst-glob-tilde.c: Add test for bug 22332
+
+Upstream-Status: Backport
+CVE: CVE-2017-15804
+Affects: glibx < 2.27
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ ChangeLog              |  7 +++++++
+ posix/tst-glob-tilde.c | 53 ++++++++++++++++++++++++++++----------------------
+ 2 files changed, 37 insertions(+), 23 deletions(-)
+
+Index: git/posix/tst-glob-tilde.c
+===================================================================
+--- git.orig/posix/tst-glob-tilde.c
++++ git/posix/tst-glob-tilde.c
+@@ -1,4 +1,4 @@
+-/* Check for GLOB_TIDLE heap allocation issues (bug 22320, bug 22325).
++/* Check for GLOB_TIDLE heap allocation issues (bugs 22320, 22325, 22332).
+    Copyright (C) 2017 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+@@ -34,6 +34,9 @@ static int do_nocheck;
+ /* Flag which indicates whether to pass the GLOB_MARK flag.  */
+ static int do_mark;
+ 
++/* Flag which indicates whether to pass the GLOB_NOESCAPE flag.  */
++static int do_noescape;
++
+ static void
+ one_test (const char *prefix, const char *middle, const char *suffix)
+ {
+@@ -45,6 +48,8 @@ one_test (const char *prefix, const char
+     flags |= GLOB_NOCHECK;
+   if (do_mark)
+     flags |= GLOB_MARK;
++  if (do_noescape)
++    flags |= GLOB_NOESCAPE;
+   glob_t gl;
+   /* This glob call might result in crashes or memory leaks.  */
+   if (glob (pattern, flags, NULL, &gl) == 0)
+@@ -105,28 +110,30 @@ do_test (void)
+   for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir)
+     for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck)
+       for (do_mark = 0; do_mark < 2; ++do_mark)
+-        for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
+-          {
+-            for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
+-                 ++size_skew)
+-              {
+-                int size = base_sizes[base_idx] + size_skew;
+-                if (size < 0)
+-                  continue;
+-
+-                const char *user_name = repeating_string (size);
+-                one_test ("~", user_name, "/a/b");
+-              }
+-
+-            const char *user_name = repeating_string (base_sizes[base_idx]);
+-            one_test ("~", user_name, "");
+-            one_test ("~", user_name, "/");
+-            one_test ("~", user_name, "/a");
+-            one_test ("~", user_name, "/*/*");
+-            one_test ("~", user_name, "\\/");
+-            one_test ("/~", user_name, "");
+-            one_test ("*/~", user_name, "/a/b");
+-          }
++	for (do_noescape = 0; do_noescape < 2; ++do_noescape)
++	  for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
++	    {
++	      for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
++		   ++size_skew)
++		{
++		  int size = base_sizes[base_idx] + size_skew;
++		  if (size < 0)
++		    continue;
++
++		  const char *user_name = repeating_string (size);
++		  one_test ("~", user_name, "/a/b");
++		  one_test ("~", user_name, "x\\x\\x////x\\a");
++		}
++
++	      const char *user_name = repeating_string (base_sizes[base_idx]);
++	      one_test ("~", user_name, "");
++	      one_test ("~", user_name, "/");
++	      one_test ("~", user_name, "/a");
++	      one_test ("~", user_name, "/*/*");
++	      one_test ("~", user_name, "\\/");
++	      one_test ("/~", user_name, "");
++	      one_test ("*/~", user_name, "/a/b");
++	    }
+ 
+   free (repeat);
+ 
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-22  Paul Eggert <eggert@cs.ucla.edu>
++
++       [BZ #22332]
++       * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++       unescaping.
++
+ 2017-10-21  Florian Weimer  <fweimer@redhat.com>
+ 
+ 	* posix/Makefile (tests): Add tst-glob-tilde.
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index e4ba28f..76a410d 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -45,6 +45,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
            file://CVE-2017-15670.patch \
            file://CVE-2017-15671.patch \
+           file://CVE-2017-15804.patch \
 "
 
 NATIVESDKFIXES ?= ""
-- 
2.7.4

✗ patchtest: failure for Several Glibc security fixes

[Patchwork]

== Series Details ==

Series: Several Glibc security fixes
Revision: 1
URL   : https://patchwork.openembedded.org/series/9928/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue             A patch file has been added, but does not have a Signed-off-by tag [test_signed_off_by_presence] 
  Suggested fix    Sign off the added patch file (meta/recipes-core/glibc/glibc/CVE-2017-15670.patch)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines:     https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite:     http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

Re: [PATCH 0/3] Several Glibc security fixes

[Burton, Ross]

[-- Attachment #1: Type: text/plain, Size: 321 bytes --]

On 23 November 2017 at 03:52, Armin Kuster <akuster808@gmail.com> wrote:

> The pending 2.27 update does not need these. Only apply if that update is
> delayed too long.
>

I don't see a pending 2.27 update, just a 2.26 update (to
77f921dac17c5fa99bd9e926d926c327982895f7).  Is there a patch I'm missing?

Ross

[-- Attachment #2: Type: text/html, Size: 717 bytes --]

Re: [PATCH 0/3] Several Glibc security fixes

[akuster808]

[-- Attachment #1: Type: text/plain, Size: 663 bytes --]



On 11/23/2017 04:00 AM, Burton, Ross wrote:
> On 23 November 2017 at 03:52, Armin Kuster <akuster808@gmail.com
> <mailto:akuster808@gmail.com>> wrote:
>
>     The pending 2.27 update does not need these. Only apply if that
>     update is delayed too long.
>
>
> I don't see a pending 2.27 update, just a 2.26 update (to
> 77f921dac17c5fa99bd9e926d926c327982895f7).  Is there a patch I'm missing?

I was hoping, would have made things easier.. so how do we plan on
disgusting between the two 2.26 versions ?? The CVE checker wont be able
too.

its possible this set of patchs may be different for the pending merge.

- armin
>
> Ross 


[-- Attachment #2: Type: text/html, Size: 2001 bytes --]

Re: [PATCH 0/3] Several Glibc security fixes

[Khem Raj]

On Thu, Nov 23, 2017 at 8:16 AM, akuster808 <akuster808@gmail.com> wrote:
>
>
> On 11/23/2017 04:00 AM, Burton, Ross wrote:
>
> On 23 November 2017 at 03:52, Armin Kuster <akuster808@gmail.com> wrote:
>>
>> The pending 2.27 update does not need these. Only apply if that update is
>> delayed too long.
>
>
> I don't see a pending 2.27 update, just a 2.26 update (to
> 77f921dac17c5fa99bd9e926d926c327982895f7).  Is there a patch I'm missing?
>
>
> I was hoping, would have made things easier.. so how do we plan on
> disgusting between the two 2.26 versions ?? The CVE checker wont be able
> too.
>
> its possible this set of patchs may be different for the pending merge.
>

validate it in master and if its a specific backport thats already
covered with master
sha then create independent backport for release branches.

> - armin
>
>
> Ross
>
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>