* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
@ 2020-08-29 9:36 Peter Korsgaard
2020-08-29 10:24 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2020-08-29 9:36 UTC (permalink / raw)
To: buildroot
Fixes the following security issue:
arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
Unsigned branch instructions could be used for r2 to fix the wrong behavior
when a negative length is passed to memcpy.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../glibc.hash | 2 +-
package/glibc/glibc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename package/glibc/{2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427 => 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d}/glibc.hash (70%)
diff --git a/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash b/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
similarity index 70%
rename from package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
rename to package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
index 6677d32db9..21ee1faeaf 100644
--- a/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
+++ b/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
@@ -1,5 +1,5 @@
# Locally calculated (fetched from Github)
-sha256 4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
+sha256 ce788d30851a215d58ff94c972d9cff5956725cc5ee906298711ddc63078c315 glibc-2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d.tar.gz
# Hashes for license files
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 4621c9c2f9..08170fbbcf 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -17,7 +17,7 @@ else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
# When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
+GLIBC_VERSION = 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
2020-08-29 9:36 [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes Peter Korsgaard
@ 2020-08-29 10:24 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2020-08-29 10:24 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issue:
> arm: CVE-2020-6096: Fix multiarch memcpy for negative length [BZ #25620]
> Unsigned branch instructions could be used for r2 to fix the wrong behavior
> when a negative length is passed to memcpy.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2020.02.x and 2020.05.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
2021-01-28 22:52 Peter Korsgaard
@ 2021-01-29 9:00 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-01-29 9:00 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
> combining characters
> For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
> https://www.openwall.com/lists/oss-security/2021/01/27/3
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2020.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes
@ 2021-01-28 22:52 Peter Korsgaard
2021-01-29 9:00 ` Peter Korsgaard
0 siblings, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2021-01-28 22:52 UTC (permalink / raw)
To: buildroot
Fixes the following security issue:
- CVE-2021-3326: Assertion failure in ISO-2022-JP-3 gconv module related to
combining characters
For details, see https://sourceware.org/bugzilla/show_bug.cgi?id=27256 and
https://www.openwall.com/lists/oss-security/2021/01/27/3
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../glibc.hash | 2 +-
package/glibc/glibc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename package/glibc/{2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d => 2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c}/glibc.hash (70%)
diff --git a/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash b/package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
similarity index 70%
rename from package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
rename to package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
index 21ee1faeaf..9985f93ed8 100644
--- a/package/glibc/2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d/glibc.hash
+++ b/package/glibc/2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c/glibc.hash
@@ -1,5 +1,5 @@
# Locally calculated (fetched from Github)
-sha256 ce788d30851a215d58ff94c972d9cff5956725cc5ee906298711ddc63078c315 glibc-2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d.tar.gz
+sha256 b07ce01d26094074912cf718eb8715386758776d4c050ecbfc5ac64d21d63001 glibc-2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c.tar.gz
# Hashes for license files
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 08170fbbcf..75d73f9c16 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -17,7 +17,7 @@ else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
# When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-73-gd59630f9959b0bb8991964758ab854ff4378b20d
+GLIBC_VERSION = 2.30-85-g79bf3c9774b0c2aa865b2ca397554ff425225d3c
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-29 9:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-08-29 9:36 [Buildroot] [PATCH-2020.02.x] package/glibc: security bump for additional post-2.30.x fixes Peter Korsgaard
2020-08-29 10:24 ` Peter Korsgaard
2021-01-28 22:52 Peter Korsgaard
2021-01-29 9:00 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.