[dunfell,01/20] glibc: update to lastest 2.31 release HEAD

Message ID	8785405a214b5af5da0b5deae559539531b1c237.1643917717.git.steve@sakoman.com
State	Accepted, archived
Commit	eb03d3f72472539b10de49a32bdd3c68c34b658e
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.180, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Date: Thu, 3 Feb 2022 09:50:25 -1000 Message-Id: <8785405a214b5af5da0b5deae559539531b1c237.1643917717.git.steve@sakoman.com> In-Reply-To: <cover.1643917717.git.steve@sakoman.com> References: <cover.1643917717.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[dunfell,01/20] glibc: update to lastest 2.31 release HEAD \| expand [dunfell,01/20] glibc: update to lastest 2.31 release HEAD [dunfell,02/20] systemd: Fix CVE-2021-3997 [dunfell,03/20] grub: add a fix for CVE-2020-25632 [dunfell,04/20] grub: add a fix for CVE-2020-25647 [dunfell,05/20] ghostscript: fix CVE-2021-45949 [dunfell,06/20] expat: fix CVE-2022-23852 [dunfell,07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch [dunfell,08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 [dunfell,09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_… [dunfell,10/20] sstate: A third fix for for touching files inside pseudo [dunfell,11/20] common-licenses: add Spencer-94 [dunfell,12/20] lsof: correct LICENSE [dunfell,13/20] tzdata: Remove BSD License specifier [dunfell,14/20] e2fsprogs: Use specific BSD license variant [dunfell,15/20] glib-2.0: Use specific BSD license variant [dunfell,16/20] shadow: Use specific BSD license variant [dunfell,17/20] shadow-sysroot: sync license with shadow [dunfell,18/20] libcap: Use specific BSD license variant [dunfell,19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package [dunfell,20/20] libusb1: correct SRC_URI

Message ID

8785405a214b5af5da0b5deae559539531b1c237.1643917717.git.steve@sakoman.com

State

Accepted, archived

Commit

eb03d3f72472539b10de49a32bdd3c68c34b658e

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD
Date: Thu,  3 Feb 2022 09:50:25 -1000
Message-Id: 
 <8785405a214b5af5da0b5deae559539531b1c237.1643917717.git.steve@sakoman.com>
In-Reply-To: <cover.1643917717.git.steve@sakoman.com>
References: <cover.1643917717.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[dunfell,01/20] glibc: update to lastest 2.31 release HEAD | expand

Commit Message

Steve Sakoman Feb. 3, 2022, 7:50 p.m. UTC

Includes the following fixes:

3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC
412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
547b63bf6d socket: Add the __sockaddr_un_set function
b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to stack-protector"
95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector
e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524)
094618d401 x86_64: Remove unneeded static PIE check for undefined weak diagnostic

Also add CVE-2022-23218 and CVE-2022-23218 to ignore list since they are fixed
by the above changes.

Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 meta/recipes-core/glibc/glibc_2.31.bb     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

Comments

Ranjitsinh Rathod Feb. 5, 2022, 12:06 a.m. UTC | #1

It seems in commit message you have mentioned 2 times CVE-2022-23218
instead of CVE-2022-23218 and CVE-2022-23219.

On Fri, 4 Feb, 2022, 1:21 am Steve Sakoman, <steve@sakoman.com> wrote:

> Includes the following fixes:
>
> 3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug
> 28768)
> e5c8da9826 <shlib-compat.h>: Support compat_symbol_reference for _ISOMAC
> 412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug
> 22542)
> c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for
> "unix" (bug 22542)
> 547b63bf6d socket: Add the __sockaddr_un_set function
> b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to
> stack-protector"
> 95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector
> e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug
> 28524)
> 094618d401 x86_64: Remove unneeded static PIE check for undefined weak
> diagnostic
>
> Also add CVE-2022-23218 and CVE-2022-23218 to ignore list since they are
> fixed
> by the above changes.
>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
>  meta/recipes-core/glibc/glibc-version.inc | 2 +-
>  meta/recipes-core/glibc/glibc_2.31.bb     | 1 +
>  2 files changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/meta/recipes-core/glibc/glibc-version.inc
> b/meta/recipes-core/glibc/glibc-version.inc
> index aac0d9b3bf..68efd09ece 100644
> --- a/meta/recipes-core/glibc/glibc-version.inc
> +++ b/meta/recipes-core/glibc/glibc-version.inc
> @@ -1,6 +1,6 @@
>  SRCBRANCH ?= "release/2.31/master"
>  PV = "2.31+git${SRCPV}"
> -SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8"
> +SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f"
>  SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
>
>  GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
> diff --git a/meta/recipes-core/glibc/glibc_2.31.bb
> b/meta/recipes-core/glibc/glibc_2.31.bb
> index 4a545cb97d..0c37467fe4 100644
> --- a/meta/recipes-core/glibc/glibc_2.31.bb
> +++ b/meta/recipes-core/glibc/glibc_2.31.bb
> @@ -3,6 +3,7 @@ require glibc-version.inc
>
>  CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228
> CVE-2020-1751 CVE-2020-1752 \
>                          CVE-2021-27645 CVE-2021-3326 CVE-2020-27618
> CVE-2020-29562 CVE-2019-25013 \
> +                        CVE-2022-23218 CVE-2022-23219 \
>  "
>
>  # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#161296):
> https://lists.openembedded.org/g/openembedded-core/message/161296
> Mute This Topic: https://lists.openembedded.org/mt/88891348/6360406
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> ranjitsinhrathod1991@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index aac0d9b3bf..68efd09ece 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@ 
 SRCBRANCH ?= "release/2.31/master"
 PV = "2.31+git${SRCPV}"
-SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8"
+SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f"
 SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 4a545cb97d..0c37467fe4 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -3,6 +3,7 @@  require glibc-version.inc
 
 CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \
                         CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \
+                        CVE-2022-23218 CVE-2022-23219 \
 "
 
 # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022

[dunfell,01/20] glibc: update to lastest 2.31 release HEAD

Commit Message

Comments

Patch