git log --oneline 
ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc..be1e627cd72db31161a3b4ce1c8114674f0895eb
be1e627cd7 Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined 
(bug 33921)
98bc06a361 include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h
3e13579841 Use pending character state in IBM1390, IBM1399 character sets 
(CVE-2026-4046)
0dc95ae109 elf: parse /proc/self/maps as the last resort to find the gap for 
tst-link-map-contiguous-ldso
9344c796f7 resolv: Check hostname for validity (CVE-2026-4438)
5663ab0b83 resolv: Count records correctly (CVE-2026-4437)
c53cd6e738 posix: Run tst-wordexp-reuse-mem test
2760e4c5ed iconvdata: Fix invalid pointer arithmetic in ANSI_X3.110 module
ba29a36aa3 posix: Fix invalid flags test for p{write,read}v2
60b039bf6a socket: Add new test for shutdown

Testing Results:
             Before    After    Diff
PASS         4892      4896     +4
XPASS        4         4         0
FAIL         371       372      +1
XFAIL        16        16        0
UNSUPPORTED  224       224       0

Changes in testcases:

testcase-name                                before  after
posix/tst-wordexp-reuse-mem(new)               -     PASS (native)

[Note: posix/tst-wordexp-reuse-mem is a new test added by this uplift
(c53cd6e738). It fails under QEMU user-mode because the test-wrapper
cannot support LD_PRELOAD and MALLOC_TRACE needed for mtrace. Running
natively with LD_PRELOAD=libc_malloc_debug.so confirms the test passes
with no memory leaks.

nptl/tst-getpid3 is a flaky test under QEMU user-mode (passes 7/10
re-runs). No nptl code was changed in this uplift.]

Signed-off-by: Jaipaul Cheernam <[email protected]>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 meta/recipes-core/glibc/glibc_2.39.bb     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc 
b/meta/recipes-core/glibc/glibc-version.inc
index 03a8e5d01e..5d57dafed0 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc"
+SRCREV_glibc ?= "be1e627cd72db31161a3b4ce1c8114674f0895eb"
 SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb 
b/meta/recipes-core/glibc/glibc_2.39.bb
index 7958d64eed..f6be1b5fc9 100644
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -18,7 +18,8 @@ easier access for another. 'ASLR bypass itself is not a 
vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
 CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 
CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
-    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 
CVE-2026-0915"
+    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 
CVE-2026-0915 \
+    CVE-2026-4046 CVE-2026-4437 CVE-2026-4438"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in 
used git hash"
 
 DEPENDS += "gperf-native bison-native"
-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240478): 
https://lists.openembedded.org/g/openembedded-core/message/240478
Mute This Topic: https://lists.openembedded.org/mt/120171975/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to