From: Peter Marko <peter.ma...@siemens.com>
Adresses CVEs: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
Changes:
273a835fe7 time: Allow later version licensing.
acc56074b0 nscd: Use time_t for return type of addgetnetgrentX
836d43b989 login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug
30701)
9831f98c26 login: Check default sizes of structs utmp, utmpx, lastlog
fd658f026f elf: Also compile dl-misc.os with $(rtld-early-cflags)
a9a8d3eebb CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in
addgetnetgrentX (bug 31680)
c99f886de5 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound
response (bug 31678)
5a508e0b50 CVE-2024-33600: nscd: Do not send missing not-found response in
addgetnetgrentX (bug 31678)
1263d583d2 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache
(bug 31677)
2f8f157eb0 x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676]
e701c7d761 i386: ulp update for SSE2 --disable-multi-arch configurations
e828914cf9 nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
Since glibc introduced file sysdeps/arm/bits/wordsize.h
our multilib patch needed to be updated.
Signed-off-by: Peter Marko <peter.ma...@siemens.com>
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...y-the-header-between-arm-and-aarch64.patch | 47 +++++++++++++++----
meta/recipes-core/glibc/glibc_2.39.bb | 2 +-
3 files changed, 40 insertions(+), 11 deletions(-)
diff --git a/meta/recipes-core/glibc/glibc-version.inc
b/meta/recipes-core/glibc/glibc-version.inc
index 4fc6986ffc..1e4a323d64 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.39/master"
PV = "2.39+git"
-SRCREV_glibc ?= "31da30f23cddd36db29d5b6a1c7619361b271fb4"
+SRCREV_glibc ?= "273a835fe7c685cc54266bb8b502787bad5e9bae"
SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git
a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
index 066c3b1ea2..9bdfa76318 100644
---
a/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
+++
b/meta/recipes-core/glibc/glibc/0016-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch
@@ -11,16 +11,15 @@ Upstream-Status: Inappropriate [ OE-Specific ]
Signed-off-by: Khem Raj <raj.k...@gmail.com>
---
- sysdeps/aarch64/bits/wordsize.h | 8 ++++++--
- sysdeps/arm/bits/wordsize.h | 1 +
- 2 files changed, 7 insertions(+), 2 deletions(-)
- create mode 120000 sysdeps/arm/bits/wordsize.h
+ sysdeps/aarch64/bits/wordsize.h | 11 +++++++++--
+ sysdeps/arm/bits/wordsize.h | 22 +---------------------
+ 2 files changed, 10 insertions(+), 23 deletions(-)
diff --git a/sysdeps/aarch64/bits/wordsize.h b/sysdeps/aarch64/bits/wordsize.h
-index 118e59172d..b4b0692eb5 100644
+index 118e59172d..ff86359fe8 100644
--- a/sysdeps/aarch64/bits/wordsize.h
+++ b/sysdeps/aarch64/bits/wordsize.h
-@@ -17,12 +17,16 @@
+@@ -17,12 +17,19 @@
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
@@ -33,12 +32,42 @@ index 118e59172d..b4b0692eb5 100644
# define __WORDSIZE32_SIZE_ULONG 1
# define __WORDSIZE32_PTRDIFF_LONG 1
+#else
-+# define __WORDSIZE 32
-+# define __WORDSIZE32_SIZE_ULONG 0
-+# define __WORDSIZE32_PTRDIFF_LONG 0
++#define __WORDSIZE 32
++#define __WORDSIZE_TIME64_COMPAT32 1
++#define __WORDSIZE32_SIZE_ULONG 0
++#define __WORDSIZE32_PTRDIFF_LONG 0
#endif
++#ifdef __aarch64__
#define __WORDSIZE_TIME64_COMPAT32 0
++#endif
+diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
+deleted file mode 100644
+index 6ecbfe7c86..0000000000
+--- a/sysdeps/arm/bits/wordsize.h
++++ /dev/null
+@@ -1,21 +0,0 @@
+-/* Copyright (C) 1999-2024 Free Software Foundation, Inc.
+- This file is part of the GNU C Library.
+-
+- The GNU C Library is free software; you can redistribute it and/or
+- modify it under the terms of the GNU Lesser General Public
+- License as published by the Free Software Foundation; either
+- version 2.1 of the License, or (at your option) any later version.
+-
+- The GNU C Library is distributed in the hope that it will be useful,
+- but WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- Lesser General Public License for more details.
+-
+- You should have received a copy of the GNU Lesser General Public
+- License along with the GNU C Library; if not, see
+- <https://www.gnu.org/licenses/>. */
+-
+-#define __WORDSIZE 32
+-#define __WORDSIZE_TIME64_COMPAT32 1
+-#define __WORDSIZE32_SIZE_ULONG 0
+-#define __WORDSIZE32_PTRDIFF_LONG 0
diff --git a/sysdeps/arm/bits/wordsize.h b/sysdeps/arm/bits/wordsize.h
new file mode 120000
index 0000000000..4c4a788ec2
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb
b/meta/recipes-core/glibc/glibc_2.39.bb
index 988e43c014..2484ae1cd9 100644
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an
exploit in itself, m
easier access for another. 'ASLR bypass itself is not a vulnerability.'"
CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
-CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961"
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600
CVE-2024-33601 CVE-2024-33602"
CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in
used git hash"
DEPENDS += "gperf-native bison-native"
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#199577):
https://lists.openembedded.org/g/openembedded-core/message/199577
Mute This Topic: https://lists.openembedded.org/mt/106203031/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
