projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c9c7213)
package/glibc: bump version for additional post-2.30 security fixes
authorPeter Korsgaard <peter@korsgaard.com>
Tue, 12 May 2020 08:53:23 +0000 (10:53 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 12 May 2020 10:27:19 +0000 (12:27 +0200)
Fixes the following security vulnerabilities:

CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack
  corruption when they were passed a pseudo-zero argument.  Reported by Guido
  Vranken / ForAllSecure Mayhem.

CVE-2020-1751: A defect in the PowerPC backtrace function could cause an
  out-of-bounds write when executed in a signal frame context.

CVE-2020-1752: A use-after-free vulnerability in the glob function when
  expanding ~user has been fixed.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/glibc/2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91/glibc.hash [deleted file] patch | blob | history
package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash [new file with mode: 0644] patch | blob
package/glibc/glibc.mk patch | blob | history

diff --git a/package/glibc/2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91/glibc.hash b/package/glibc/2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91/glibc.hash
deleted file mode 100644 (file)
index 4283ea0..0000000
--- a/package/glibc/2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91/glibc.hash
+++ /dev/null
@@ -1,7 +0,0 @@
-# Locally calculated (fetched from Github)
-sha256  fe1ca8099bc2cda997d8a585f1a512e59df56c52c9c7363a4058da2725c8f4a9  glibc-2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91.tar.gz
-
-# Hashes for license files
-sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
-sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
-sha256  35bdb41dc0bcb10702ddacbd51ec4c0fe6fb3129f734e8c85fc02e4d3eb0ce3f  LICENSES
diff --git a/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash b/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
new file mode 100644 (file)
index 0000000..6677d32
--- /dev/null
+++ b/package/glibc/2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427/glibc.hash
@@ -0,0 +1,7 @@
+# Locally calculated (fetched from Github)
+sha256  4462f56696332efbc5b0c2f86d7aa75a2a02c3d44bc4345fa42b5bab1225de5c  glibc-2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427.tar.gz
+
+# Hashes for license files
+sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
+sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
+sha256  35bdb41dc0bcb10702ddacbd51ec4c0fe6fb3129f734e8c85fc02e4d3eb0ce3f  LICENSES
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 2ca73343b35483b15d43834686f025fac6412885..4621c9c2f97bd67e8d933311fc7da37199fe83d8 100644 (file)
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -17,7 +17,7 @@ else
 # Generate version string using:
 #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
 # When updating the version, please also update localedef
-GLIBC_VERSION = 2.30-20-g50f20fe506abb8853641006a7b90a81af21d7b91
+GLIBC_VERSION = 2.30-67-g4748829f86a458b76642f3e98b1d80f7b868e427
 # Upstream doesn't officially provide an https download link.
 # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
 # sometimes the connection times out. So use an unofficial github mirror.