* [PATCH] glibc: Fix CVE-2021-35942
@ 2021-07-28 7:52 Vinay Kumar
2021-08-15 7:49 ` Vinay Kumar
0 siblings, 1 reply; 8+ messages in thread
From: Vinay Kumar @ 2021-07-28 7:52 UTC (permalink / raw)
To: openembedded-core
Cc: anuj.mittal, richard.purdie, rwmacleod, umesh.kalappa0,
vinay.kumar, Vinay Kumar
Source: https://sourceware.org/git/glibc.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
glibc-2.33 source.
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
---
.../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
meta/recipes-core/glibc/glibc_2.33.bb | 1 +
2 files changed, 45 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
new file mode 100644
index 0000000000..5cae1bc91c
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
@@ -0,0 +1,44 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+
+Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
+CVE: CVE-2021-35942
+Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+ { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+ { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+ { 0, NULL, "", 0, 0, { NULL, }, IFS },
++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+
+ /* Flags not already covered (testit() has special handling for these) */
+ { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+ /* Is it a numeric parameter? */
+ else if (isdigit (env[0]))
+ {
+- int n = atoi (env);
++ unsigned long n = strtoul (env, NULL, 10);
+
+ if (n >= __libc_argc)
+ /* Substitute NULL. */
+--
+2.17.1
+
diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
index e9f01a14c5..abb01f8468 100644
--- a/meta/recipes-core/glibc/glibc_2.33.bb
+++ b/meta/recipes-core/glibc/glibc_2.33.bb
@@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
file://mte-backports.patch \
file://CVE-2021-33574.patch \
+ file://CVE-2021-35942.patch \
"
S = "${WORKDIR}/git"
B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942
2021-07-28 7:52 [PATCH] glibc: Fix CVE-2021-35942 Vinay Kumar
@ 2021-08-15 7:49 ` Vinay Kumar
2021-08-15 9:19 ` Alexandre Belloni
0 siblings, 1 reply; 8+ messages in thread
From: Vinay Kumar @ 2021-08-15 7:49 UTC (permalink / raw)
To: Richard Purdie
Cc: Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar, alexandre.belloni
Hi Richard,
Any update on the above patch.
Please let me know if anything is pending from my side.
Regards,
Vinay
On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
>
> Source: https://sourceware.org/git/glibc.git
> Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
>
> Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> glibc-2.33 source.
>
> Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
>
> Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> ---
> .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> 2 files changed, 45 insertions(+)
> create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> new file mode 100644
> index 0000000000..5cae1bc91c
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> @@ -0,0 +1,44 @@
> +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> +From: Andreas Schwab <schwab@linux-m68k.org>
> +Date: Fri, 25 Jun 2021 15:02:47 +0200
> +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> + 28011)
> +
> +Use strtoul instead of atoi so that overflow can be detected.
> +
> +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> +CVE: CVE-2021-35942
> +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> +---
> + posix/wordexp-test.c | 1 +
> + posix/wordexp.c | 2 +-
> + 2 files changed, 2 insertions(+), 1 deletion(-)
> +
> +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> +index f93a546d7e..9df02dbbb3 100644
> +--- a/posix/wordexp-test.c
> ++++ b/posix/wordexp-test.c
> +@@ -183,6 +183,7 @@ struct test_case_struct
> + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> +
> + /* Flags not already covered (testit() has special handling for these) */
> + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> +diff --git a/posix/wordexp.c b/posix/wordexp.c
> +index bcbe96e48d..1f3b09f721 100644
> +--- a/posix/wordexp.c
> ++++ b/posix/wordexp.c
> +@@ -1399,7 +1399,7 @@ envsubst:
> + /* Is it a numeric parameter? */
> + else if (isdigit (env[0]))
> + {
> +- int n = atoi (env);
> ++ unsigned long n = strtoul (env, NULL, 10);
> +
> + if (n >= __libc_argc)
> + /* Substitute NULL. */
> +--
> +2.17.1
> +
> diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> index e9f01a14c5..abb01f8468 100644
> --- a/meta/recipes-core/glibc/glibc_2.33.bb
> +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> file://mte-backports.patch \
> file://CVE-2021-33574.patch \
> + file://CVE-2021-35942.patch \
> "
> S = "${WORKDIR}/git"
> B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.31.1
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942
2021-08-15 7:49 ` Vinay Kumar
@ 2021-08-15 9:19 ` Alexandre Belloni
2021-08-15 9:53 ` Vinay Kumar
2021-08-15 17:31 ` [OE-core] " Khem Raj
0 siblings, 2 replies; 8+ messages in thread
From: Alexandre Belloni @ 2021-08-15 9:19 UTC (permalink / raw)
To: Vinay Kumar
Cc: Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
Hello,
On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> Hi Richard,
>
> Any update on the above patch.
> Please let me know if anything is pending from my side.
>
I didn't test because the plan is to switch to glibc2.34 which IIRC has
the fix.
> Regards,
> Vinay
>
> On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> >
> > Source: https://sourceware.org/git/glibc.git
> > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> >
> > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > glibc-2.33 source.
> >
> > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> >
> > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > ---
> > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > 2 files changed, 45 insertions(+)
> > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> >
> > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > new file mode 100644
> > index 0000000000..5cae1bc91c
> > --- /dev/null
> > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > @@ -0,0 +1,44 @@
> > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > +From: Andreas Schwab <schwab@linux-m68k.org>
> > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > + 28011)
> > +
> > +Use strtoul instead of atoi so that overflow can be detected.
> > +
> > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > +CVE: CVE-2021-35942
> > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > +---
> > + posix/wordexp-test.c | 1 +
> > + posix/wordexp.c | 2 +-
> > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > +
> > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > +index f93a546d7e..9df02dbbb3 100644
> > +--- a/posix/wordexp-test.c
> > ++++ b/posix/wordexp-test.c
> > +@@ -183,6 +183,7 @@ struct test_case_struct
> > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > +
> > + /* Flags not already covered (testit() has special handling for these) */
> > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > +index bcbe96e48d..1f3b09f721 100644
> > +--- a/posix/wordexp.c
> > ++++ b/posix/wordexp.c
> > +@@ -1399,7 +1399,7 @@ envsubst:
> > + /* Is it a numeric parameter? */
> > + else if (isdigit (env[0]))
> > + {
> > +- int n = atoi (env);
> > ++ unsigned long n = strtoul (env, NULL, 10);
> > +
> > + if (n >= __libc_argc)
> > + /* Substitute NULL. */
> > +--
> > +2.17.1
> > +
> > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > index e9f01a14c5..abb01f8468 100644
> > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > file://mte-backports.patch \
> > file://CVE-2021-33574.patch \
> > + file://CVE-2021-35942.patch \
> > "
> > S = "${WORKDIR}/git"
> > B = "${WORKDIR}/build-${TARGET_SYS}"
> > --
> > 2.31.1
> >
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] glibc: Fix CVE-2021-35942
2021-08-15 9:19 ` Alexandre Belloni
@ 2021-08-15 9:53 ` Vinay Kumar
2021-08-15 17:31 ` [OE-core] " Khem Raj
1 sibling, 0 replies; 8+ messages in thread
From: Vinay Kumar @ 2021-08-15 9:53 UTC (permalink / raw)
To: Alexandre Belloni
Cc: Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
Hi Alexandre,
Thanks for confirming.
Regards,
Vinay
On Sun, Aug 15, 2021 at 2:49 PM Alexandre Belloni
<alexandre.belloni@bootlin.com> wrote:
>
> Hello,
>
> On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > Hi Richard,
> >
> > Any update on the above patch.
> > Please let me know if anything is pending from my side.
> >
>
> I didn't test because the plan is to switch to glibc2.34 which IIRC has
> the fix.
>
> > Regards,
> > Vinay
> >
> > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> > >
> > > Source: https://sourceware.org/git/glibc.git
> > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > >
> > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > glibc-2.33 source.
> > >
> > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > >
> > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > ---
> > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > > 2 files changed, 45 insertions(+)
> > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > >
> > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > new file mode 100644
> > > index 0000000000..5cae1bc91c
> > > --- /dev/null
> > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > @@ -0,0 +1,44 @@
> > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > +From: Andreas Schwab <schwab@linux-m68k.org>
> > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > > + 28011)
> > > +
> > > +Use strtoul instead of atoi so that overflow can be detected.
> > > +
> > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > +CVE: CVE-2021-35942
> > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > +---
> > > + posix/wordexp-test.c | 1 +
> > > + posix/wordexp.c | 2 +-
> > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > +
> > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > +index f93a546d7e..9df02dbbb3 100644
> > > +--- a/posix/wordexp-test.c
> > > ++++ b/posix/wordexp-test.c
> > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > +
> > > + /* Flags not already covered (testit() has special handling for these) */
> > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > +index bcbe96e48d..1f3b09f721 100644
> > > +--- a/posix/wordexp.c
> > > ++++ b/posix/wordexp.c
> > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > + /* Is it a numeric parameter? */
> > > + else if (isdigit (env[0]))
> > > + {
> > > +- int n = atoi (env);
> > > ++ unsigned long n = strtoul (env, NULL, 10);
> > > +
> > > + if (n >= __libc_argc)
> > > + /* Substitute NULL. */
> > > +--
> > > +2.17.1
> > > +
> > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > > index e9f01a14c5..abb01f8468 100644
> > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > file://mte-backports.patch \
> > > file://CVE-2021-33574.patch \
> > > + file://CVE-2021-35942.patch \
> > > "
> > > S = "${WORKDIR}/git"
> > > B = "${WORKDIR}/build-${TARGET_SYS}"
> > > --
> > > 2.31.1
> > >
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942
2021-08-15 9:19 ` Alexandre Belloni
2021-08-15 9:53 ` Vinay Kumar
@ 2021-08-15 17:31 ` Khem Raj
2021-08-16 8:59 ` Vinay Kumar
1 sibling, 1 reply; 8+ messages in thread
From: Khem Raj @ 2021-08-15 17:31 UTC (permalink / raw)
To: Alexandre Belloni
Cc: Vinay Kumar, Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni
<alexandre.belloni@bootlin.com> wrote:
>
> Hello,
>
> On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > Hi Richard,
> >
> > Any update on the above patch.
> > Please let me know if anything is pending from my side.
> >
>
> I didn't test because the plan is to switch to glibc2.34 which IIRC has
> the fix.
We perhaps still need it for hardknott.
>
> > Regards,
> > Vinay
> >
> > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> > >
> > > Source: https://sourceware.org/git/glibc.git
> > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > >
> > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > glibc-2.33 source.
> > >
> > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > >
> > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > ---
> > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > > 2 files changed, 45 insertions(+)
> > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > >
> > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > new file mode 100644
> > > index 0000000000..5cae1bc91c
> > > --- /dev/null
> > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > @@ -0,0 +1,44 @@
> > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > +From: Andreas Schwab <schwab@linux-m68k.org>
> > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > > + 28011)
> > > +
> > > +Use strtoul instead of atoi so that overflow can be detected.
> > > +
> > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > +CVE: CVE-2021-35942
> > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > +---
> > > + posix/wordexp-test.c | 1 +
> > > + posix/wordexp.c | 2 +-
> > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > +
> > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > +index f93a546d7e..9df02dbbb3 100644
> > > +--- a/posix/wordexp-test.c
> > > ++++ b/posix/wordexp-test.c
> > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > +
> > > + /* Flags not already covered (testit() has special handling for these) */
> > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > +index bcbe96e48d..1f3b09f721 100644
> > > +--- a/posix/wordexp.c
> > > ++++ b/posix/wordexp.c
> > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > + /* Is it a numeric parameter? */
> > > + else if (isdigit (env[0]))
> > > + {
> > > +- int n = atoi (env);
> > > ++ unsigned long n = strtoul (env, NULL, 10);
> > > +
> > > + if (n >= __libc_argc)
> > > + /* Substitute NULL. */
> > > +--
> > > +2.17.1
> > > +
> > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > > index e9f01a14c5..abb01f8468 100644
> > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > file://mte-backports.patch \
> > > file://CVE-2021-33574.patch \
> > > + file://CVE-2021-35942.patch \
> > > "
> > > S = "${WORKDIR}/git"
> > > B = "${WORKDIR}/build-${TARGET_SYS}"
> > > --
> > > 2.31.1
> > >
>
> --
> Alexandre Belloni, co-owner and COO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
>
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942
2021-08-15 17:31 ` [OE-core] " Khem Raj
@ 2021-08-16 8:59 ` Vinay Kumar
2021-08-16 15:14 ` Khem Raj
0 siblings, 1 reply; 8+ messages in thread
From: Vinay Kumar @ 2021-08-16 8:59 UTC (permalink / raw)
To: Khem Raj
Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
Hi Khen Raj,
The patch for hardknott branch was also submitted.
https://lists.openembedded.org/g/openembedded-core/message/154810
Regards,
Vinay
On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni
> <alexandre.belloni@bootlin.com> wrote:
> >
> > Hello,
> >
> > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > > Hi Richard,
> > >
> > > Any update on the above patch.
> > > Please let me know if anything is pending from my side.
> > >
> >
> > I didn't test because the plan is to switch to glibc2.34 which IIRC has
> > the fix.
>
> We perhaps still need it for hardknott.
>
> >
> > > Regards,
> > > Vinay
> > >
> > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> > > >
> > > > Source: https://sourceware.org/git/glibc.git
> > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > > >
> > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > > glibc-2.33 source.
> > > >
> > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > >
> > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > ---
> > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > > > 2 files changed, 45 insertions(+)
> > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > >
> > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > new file mode 100644
> > > > index 0000000000..5cae1bc91c
> > > > --- /dev/null
> > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > @@ -0,0 +1,44 @@
> > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > > +From: Andreas Schwab <schwab@linux-m68k.org>
> > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > > > + 28011)
> > > > +
> > > > +Use strtoul instead of atoi so that overflow can be detected.
> > > > +
> > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > +CVE: CVE-2021-35942
> > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > +---
> > > > + posix/wordexp-test.c | 1 +
> > > > + posix/wordexp.c | 2 +-
> > > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > > +
> > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > > +index f93a546d7e..9df02dbbb3 100644
> > > > +--- a/posix/wordexp-test.c
> > > > ++++ b/posix/wordexp-test.c
> > > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > > +
> > > > + /* Flags not already covered (testit() has special handling for these) */
> > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > > +index bcbe96e48d..1f3b09f721 100644
> > > > +--- a/posix/wordexp.c
> > > > ++++ b/posix/wordexp.c
> > > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > > + /* Is it a numeric parameter? */
> > > > + else if (isdigit (env[0]))
> > > > + {
> > > > +- int n = atoi (env);
> > > > ++ unsigned long n = strtoul (env, NULL, 10);
> > > > +
> > > > + if (n >= __libc_argc)
> > > > + /* Substitute NULL. */
> > > > +--
> > > > +2.17.1
> > > > +
> > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > index e9f01a14c5..abb01f8468 100644
> > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > > file://mte-backports.patch \
> > > > file://CVE-2021-33574.patch \
> > > > + file://CVE-2021-35942.patch \
> > > > "
> > > > S = "${WORKDIR}/git"
> > > > B = "${WORKDIR}/build-${TARGET_SYS}"
> > > > --
> > > > 2.31.1
> > > >
> >
> > --
> > Alexandre Belloni, co-owner and COO, Bootlin
> > Embedded Linux and Kernel engineering
> > https://bootlin.com
> >
> >
> >
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942
2021-08-16 8:59 ` Vinay Kumar
@ 2021-08-16 15:14 ` Khem Raj
2021-08-19 5:15 ` Vinay Kumar
0 siblings, 1 reply; 8+ messages in thread
From: Khem Raj @ 2021-08-16 15:14 UTC (permalink / raw)
To: Vinay Kumar
Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
On Mon, Aug 16, 2021 at 1:59 AM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
>
> Hi Khen Raj,
>
> The patch for hardknott branch was also submitted.
> https://lists.openembedded.org/g/openembedded-core/message/154810
OK, now we have glibc 2.34 in master so the master version is not
needed anymore but we still should pursue the hardknott version.
Please bring it to hardknott maintainer's attention if need be.
>
> Regards,
> Vinay
>
> On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote:
> >
> > On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni
> > <alexandre.belloni@bootlin.com> wrote:
> > >
> > > Hello,
> > >
> > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > > > Hi Richard,
> > > >
> > > > Any update on the above patch.
> > > > Please let me know if anything is pending from my side.
> > > >
> > >
> > > I didn't test because the plan is to switch to glibc2.34 which IIRC has
> > > the fix.
> >
> > We perhaps still need it for hardknott.
> >
> > >
> > > > Regards,
> > > > Vinay
> > > >
> > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> > > > >
> > > > > Source: https://sourceware.org/git/glibc.git
> > > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > > > >
> > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > > > glibc-2.33 source.
> > > > >
> > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > >
> > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > > ---
> > > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > > > > 2 files changed, 45 insertions(+)
> > > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > >
> > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > > new file mode 100644
> > > > > index 0000000000..5cae1bc91c
> > > > > --- /dev/null
> > > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > > @@ -0,0 +1,44 @@
> > > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > > > +From: Andreas Schwab <schwab@linux-m68k.org>
> > > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > > > > + 28011)
> > > > > +
> > > > > +Use strtoul instead of atoi so that overflow can be detected.
> > > > > +
> > > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > > +CVE: CVE-2021-35942
> > > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > > +---
> > > > > + posix/wordexp-test.c | 1 +
> > > > > + posix/wordexp.c | 2 +-
> > > > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > > > +
> > > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > > > +index f93a546d7e..9df02dbbb3 100644
> > > > > +--- a/posix/wordexp-test.c
> > > > > ++++ b/posix/wordexp-test.c
> > > > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > > > +
> > > > > + /* Flags not already covered (testit() has special handling for these) */
> > > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > > > +index bcbe96e48d..1f3b09f721 100644
> > > > > +--- a/posix/wordexp.c
> > > > > ++++ b/posix/wordexp.c
> > > > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > > > + /* Is it a numeric parameter? */
> > > > > + else if (isdigit (env[0]))
> > > > > + {
> > > > > +- int n = atoi (env);
> > > > > ++ unsigned long n = strtoul (env, NULL, 10);
> > > > > +
> > > > > + if (n >= __libc_argc)
> > > > > + /* Substitute NULL. */
> > > > > +--
> > > > > +2.17.1
> > > > > +
> > > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > index e9f01a14c5..abb01f8468 100644
> > > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > > > file://mte-backports.patch \
> > > > > file://CVE-2021-33574.patch \
> > > > > + file://CVE-2021-35942.patch \
> > > > > "
> > > > > S = "${WORKDIR}/git"
> > > > > B = "${WORKDIR}/build-${TARGET_SYS}"
> > > > > --
> > > > > 2.31.1
> > > > >
> > >
> > > --
> > > Alexandre Belloni, co-owner and COO, Bootlin
> > > Embedded Linux and Kernel engineering
> > > https://bootlin.com
> > >
> > >
> > >
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [OE-core] [PATCH] glibc: Fix CVE-2021-35942
2021-08-16 15:14 ` Khem Raj
@ 2021-08-19 5:15 ` Vinay Kumar
0 siblings, 0 replies; 8+ messages in thread
From: Vinay Kumar @ 2021-08-19 5:15 UTC (permalink / raw)
To: Khem Raj
Cc: Alexandre Belloni, Richard Purdie, Mittal, Anuj, Randy MacLeod,
Patches and discussions about the oe-core layer, umesh kalappa0,
vinay.kumar
Hi Khem Raj,
FYI, the patch is committed in hardknott branch,
https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=9df882ce6835692774c649405fcb474ea0eacda4
Regards,
Vinay
On Mon, Aug 16, 2021 at 8:45 PM Khem Raj <raj.khem@gmail.com> wrote:
>
> On Mon, Aug 16, 2021 at 1:59 AM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> >
> > Hi Khen Raj,
> >
> > The patch for hardknott branch was also submitted.
> > https://lists.openembedded.org/g/openembedded-core/message/154810
>
> OK, now we have glibc 2.34 in master so the master version is not
> needed anymore but we still should pursue the hardknott version.
> Please bring it to hardknott maintainer's attention if need be.
>
> >
> > Regards,
> > Vinay
> >
> > On Sun, Aug 15, 2021 at 11:01 PM Khem Raj <raj.khem@gmail.com> wrote:
> > >
> > > On Sun, Aug 15, 2021 at 2:19 AM Alexandre Belloni
> > > <alexandre.belloni@bootlin.com> wrote:
> > > >
> > > > Hello,
> > > >
> > > > On 15/08/2021 13:19:33+0530, Vinay Kumar wrote:
> > > > > Hi Richard,
> > > > >
> > > > > Any update on the above patch.
> > > > > Please let me know if anything is pending from my side.
> > > > >
> > > >
> > > > I didn't test because the plan is to switch to glibc2.34 which IIRC has
> > > > the fix.
> > >
> > > We perhaps still need it for hardknott.
> > >
> > > >
> > > > > Regards,
> > > > > Vinay
> > > > >
> > > > > On Wed, Jul 28, 2021 at 1:22 PM Vinay Kumar <vinay.m.engg@gmail.com> wrote:
> > > > > >
> > > > > > Source: https://sourceware.org/git/glibc.git
> > > > > > Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=28011
> > > > > >
> > > > > > Backported upstream commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c to
> > > > > > glibc-2.33 source.
> > > > > >
> > > > > > Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > > >
> > > > > > Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > > > ---
> > > > > > .../glibc/glibc/CVE-2021-35942.patch | 44 +++++++++++++++++++
> > > > > > meta/recipes-core/glibc/glibc_2.33.bb | 1 +
> > > > > > 2 files changed, 45 insertions(+)
> > > > > > create mode 100644 meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > > >
> > > > > > diff --git a/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > > > new file mode 100644
> > > > > > index 0000000000..5cae1bc91c
> > > > > > --- /dev/null
> > > > > > +++ b/meta/recipes-core/glibc/glibc/CVE-2021-35942.patch
> > > > > > @@ -0,0 +1,44 @@
> > > > > > +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
> > > > > > +From: Andreas Schwab <schwab@linux-m68k.org>
> > > > > > +Date: Fri, 25 Jun 2021 15:02:47 +0200
> > > > > > +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
> > > > > > + 28011)
> > > > > > +
> > > > > > +Use strtoul instead of atoi so that overflow can be detected.
> > > > > > +
> > > > > > +Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=5adda61f62b77384718b4c0d8336ade8f2b4b35c]
> > > > > > +CVE: CVE-2021-35942
> > > > > > +Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
> > > > > > +---
> > > > > > + posix/wordexp-test.c | 1 +
> > > > > > + posix/wordexp.c | 2 +-
> > > > > > + 2 files changed, 2 insertions(+), 1 deletion(-)
> > > > > > +
> > > > > > +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
> > > > > > +index f93a546d7e..9df02dbbb3 100644
> > > > > > +--- a/posix/wordexp-test.c
> > > > > > ++++ b/posix/wordexp-test.c
> > > > > > +@@ -183,6 +183,7 @@ struct test_case_struct
> > > > > > + { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
> > > > > > + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
> > > > > > + { 0, NULL, "", 0, 0, { NULL, }, IFS },
> > > > > > ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
> > > > > > +
> > > > > > + /* Flags not already covered (testit() has special handling for these) */
> > > > > > + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
> > > > > > +diff --git a/posix/wordexp.c b/posix/wordexp.c
> > > > > > +index bcbe96e48d..1f3b09f721 100644
> > > > > > +--- a/posix/wordexp.c
> > > > > > ++++ b/posix/wordexp.c
> > > > > > +@@ -1399,7 +1399,7 @@ envsubst:
> > > > > > + /* Is it a numeric parameter? */
> > > > > > + else if (isdigit (env[0]))
> > > > > > + {
> > > > > > +- int n = atoi (env);
> > > > > > ++ unsigned long n = strtoul (env, NULL, 10);
> > > > > > +
> > > > > > + if (n >= __libc_argc)
> > > > > > + /* Substitute NULL. */
> > > > > > +--
> > > > > > +2.17.1
> > > > > > +
> > > > > > diff --git a/meta/recipes-core/glibc/glibc_2.33.bb b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > > index e9f01a14c5..abb01f8468 100644
> > > > > > --- a/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > > +++ b/meta/recipes-core/glibc/glibc_2.33.bb
> > > > > > @@ -58,6 +58,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> > > > > > file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \
> > > > > > file://mte-backports.patch \
> > > > > > file://CVE-2021-33574.patch \
> > > > > > + file://CVE-2021-35942.patch \
> > > > > > "
> > > > > > S = "${WORKDIR}/git"
> > > > > > B = "${WORKDIR}/build-${TARGET_SYS}"
> > > > > > --
> > > > > > 2.31.1
> > > > > >
> > > >
> > > > --
> > > > Alexandre Belloni, co-owner and COO, Bootlin
> > > > Embedded Linux and Kernel engineering
> > > > https://bootlin.com
> > > >
> > > >
> > > >
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-08-19 5:15 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-28 7:52 [PATCH] glibc: Fix CVE-2021-35942 Vinay Kumar
2021-08-15 7:49 ` Vinay Kumar
2021-08-15 9:19 ` Alexandre Belloni
2021-08-15 9:53 ` Vinay Kumar
2021-08-15 17:31 ` [OE-core] " Khem Raj
2021-08-16 8:59 ` Vinay Kumar
2021-08-16 15:14 ` Khem Raj
2021-08-19 5:15 ` Vinay Kumar
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.