All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
@ 2020-08-29  9:36 Peter Korsgaard
  2020-08-29 10:24 ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2020-08-29  9:36 UTC (permalink / raw)
  To: buildroot

Fixes the following security issue:

arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
Unsigned branch instructions could be used for r2 to fix the wrong behavior
when a negative length is passed to memcpy.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 .../glibc.hash                                                  | 2 +-
 package/glibc/glibc.mk                                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename package/glibc/{2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427 => 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d}/glibc.hash (70%)

diff --git a/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash b/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
similarity index 70%
rename from package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
rename to package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
index 6677d32db9..21ee1faeaf 100644
--- a/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
+++ b/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c  glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
+sha256  ce788d30851a215d58ff94c972d9cff5956725cc5ee906298711ddc63078c315  glibc-2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d.tar.gz
 
 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 4621c9c2f9..08170fbbcf 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -17,7 +17,7 @@ else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
 # When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
+GLIBC_VERSION = 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
  2020-08-29  9:36 [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes Peter Korsgaard
@ 2020-08-29 10:24 ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2020-08-29 10:24 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issue:
 > arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
 > Unsigned branch instructions could be used for r2 to fix the wrong behavior
 > when a negative length is passed to memcpy.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2020.02.x and 2020.05.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
  2021-01-28 22:52 Peter Korsgaard
@ 2021-01-29  9:00 ` Peter Korsgaard
  0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-01-29  9:00 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issue:
 > - CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
 >   combining characters

 > For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
 > https://www.openwall.com/lists/oss-security/2021/01/27/3

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2020.02.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
@ 2021-01-28 22:52 Peter Korsgaard
  2021-01-29  9:00 ` Peter Korsgaard
  0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2021-01-28 22:52 UTC (permalink / raw)
  To: buildroot

Fixes the following security issue:

- CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
  combining characters

For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
https://www.openwall.com/lists/oss-security/2021/01/27/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 .../glibc.hash                                                  | 2 +-
 package/glibc/glibc.mk                                          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename package/glibc/{2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d => 2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c}/glibc.hash (70%)

diff --git a/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash b/package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
similarity index 70%
rename from package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
rename to package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
index 21ee1faeaf..9985f93ed8 100644
--- a/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
+++ b/package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
@@ -1,5 +1,5 @@
 # Locally calculated (fetched from Github)
-sha256  ce788d30851a215d58ff94c972d9cff5956725cc5ee906298711ddc63078c315  glibc-2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d.tar.gz
+sha256  b07ce01d26094074912cf718eb8715386758776d4c050ecbfc5ac64d21d63001  glibc-2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c.tar.gz
 
 # Hashes for license files
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 08170fbbcf..75d73f9c16 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -17,7 +17,7 @@ else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
 # When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d
+GLIBC_VERSION = 2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-29  9:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-29  9:36 [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes Peter Korsgaard
2020-08-29 10:24 ` Peter Korsgaard
2021-01-28 22:52 Peter Korsgaard
2021-01-29  9:00 ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.