Thanks Michael for explanation. Thanks, Naresh
-----Original Message----- From: Michael Marley [mailto:mich...@michaelmarley.com] Sent: Wednesday, March 16, 2016 4:25 PM To: John Crispin <j...@phrozen.org>; Naresh Kumar Mehta <nar...@codeaurora.org>; openwrt-devel@lists.openwrt.org Subject: Re: [OpenWrt-Devel] [PATCH] CC: toolchain: use latest glibc 2.21 revision OK, I was planning on making a patch for 2.23 in trunk later today. Michael On 03/16/16 06:23, John Crispin wrote: > > On 16/03/2016 11:21, Michael Marley wrote: >> When I originally posted this patch, GLIBC 2.23 had not yet been >> released. Additionally, this was a patch to fix the issue for the >> stable release (CC), so I didn't figure bumping the GLIBC version >> would be a good idea. The issue is fixed because the patch was >> backported to the 2.21 branch, which is why this patch switched from >> the 2.21 release to the head of the 2.21 branch. >> >> Michael >> >> > i was just about to post the same. happy to include a patch for the > latest version though > > John > >> On 03/16/16 05:14, Naresh Kumar Mehta wrote: >>> From http://www.gnu.org/software/libc/, it seems CVE-2015-7547 was >>> fixed in v2.23. How come using v2.21 will fix this issue? >>> >>> -----Original Message----- >>> From: openwrt-devel [mailto:openwrt-devel-boun...@lists.openwrt.org] >>> On Behalf Of Michael Marley >>> Sent: Wednesday, February 17, 2016 7:46 PM >>> To: openwrt-devel@lists.openwrt.org >>> Subject: [OpenWrt-Devel] [PATCH] CC: toolchain: use latest glibc >>> 2.21 revision >>> >>> Fixes "CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow" >>> >>> Signed-off-by: Michael Marley <mich...@michaelmarley.com> >>> --- >>> toolchain/glibc/Config.version | 6 ------ >>> toolchain/glibc/common.mk | 12 >>> +++++++++++- >>> toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch | 2 +- >>> 3 files changed, 12 insertions(+), 8 deletions(-) >>> >>> diff --git a/toolchain/glibc/Config.version >>> b/toolchain/glibc/Config.version index 2ac01d7..4ceed09 100644 >>> --- a/toolchain/glibc/Config.version >>> +++ b/toolchain/glibc/Config.version >>> @@ -12,12 +12,6 @@ config EGLIBC_VERSION_2_19 config GLIBC_VERSION_2_21 >>> bool >>> >>> -config GLIBC_REVISION >>> - string >>> - default "25243" if EGLIBC_VERSION_2_19 >>> - default "4e42b5b8f8" if GLIBC_VERSION_2_21 >>> - default "" >>> - >>> endif >>> >>> menu "eglibc configuration" >>> diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk >>> index 7487ca2..3d680bb 100644 >>> --- a/toolchain/glibc/common.mk >>> +++ b/toolchain/glibc/common.mk >>> @@ -6,9 +6,19 @@ >>> # >>> include $(TOPDIR)/rules.mk >>> >>> + >>> +MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38 >>> +REVISION_2.19 = 25243 >>> + >>> +MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed >>> +REVISION_2.21 = 16d0a0c >>> + >>> + >>> PKG_NAME:=glibc >>> PKG_VERSION:=$(call qstrip,$(CONFIG_GLIBC_VERSION)) >>> -PKG_REVISION:=$(call >>> qstrip,$(CONFIG_GLIBC_REVISION)) >>> + >>> +PKG_REVISION:=$(REVISION_$(PKG_VERSION)) >>> +PKG_MIRROR_MD5SUM:=$(MD5SUM_$(PKG_VERSION)) >>> >>> PKG_SOURCE_PROTO:=git >>> PKG_SOURCE_URL:=git://sourceware.org/git/glibc.git >>> diff --git >>> a/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch >>> b/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch >>> index a6200f7..070f938 100644 >>> --- a/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch >>> +++ b/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch >>> @@ -2,7 +2,7 @@ add /usr/lib to default search path for the dynamic >>> linker >>> >>> --- a/Makeconfig >>> +++ b/Makeconfig >>> -@@ -501,6 +501,9 @@ else >>> +@@ -499,6 +499,9 @@ else >>> default-rpath = $(libdir) >>> endif >>> >>> -- >>> 2.7.1 >>> _______________________________________________ >>> openwrt-devel mailing list >>> openwrt-devel@lists.openwrt.org >>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >>> >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >> _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
