From: Peter Korsgaard Date: Fri, 28 Aug 2020 20:08:59 +0000 (+0200) Subject: package/glibc: security bump for additional post-2.31.x fixes X-Git-Url: https://git.libre-soc.org/?a=commitdiff_plain;h=aa70a16caf534fd93fdd34a4f740357c14764618;p=buildroot.git package/glibc: security bump for additional post-2.31.x fixes Fixes the following security issue: CVE-2016-10228: An infinite loop has been fixed in the iconv program when invoked with the -c option and when processing invalid multi-byte input sequences. Reported by Jan Engelhardt. Signed-off-by: Peter Korsgaard --- diff --git a/package/glibc/2.31-49-g6f3459f9859a7b506c64fa1823769ab631072c6e/glibc.hash b/package/glibc/2.31-49-g6f3459f9859a7b506c64fa1823769ab631072c6e/glibc.hash deleted file mode 100644 index 01c48b74b5..0000000000 --- a/package/glibc/2.31-49-g6f3459f9859a7b506c64fa1823769ab631072c6e/glibc.hash +++ /dev/null @@ -1,7 +0,0 @@ -# Locally calculated (fetched from Github) -sha256 a105837271b66e92f1ed4a5f10f3bb9e993842d592f67d352c6637126bd3d58c glibc-2.31-49-g6f3459f9859a7b506c64fa1823769ab631072c6e.tar.gz - -# Hashes for license files -sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING -sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB -sha256 b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc LICENSES diff --git a/package/glibc/2.31-54-g6fdf971c9dbf7dac9bea552113fe4694015bbc4d/glibc.hash b/package/glibc/2.31-54-g6fdf971c9dbf7dac9bea552113fe4694015bbc4d/glibc.hash new file mode 100644 index 0000000000..a1b2ae12fd --- /dev/null +++ b/package/glibc/2.31-54-g6fdf971c9dbf7dac9bea552113fe4694015bbc4d/glibc.hash @@ -0,0 +1,7 @@ +# Locally calculated (fetched from Github) +sha256 e1f2c9b424a4e0c00e7ad123a4204f7bc8afd3c504aeb8c79b1086509fd67176 glibc-2.31-54-g6fdf971c9dbf7dac9bea552113fe4694015bbc4d.tar.gz + +# Hashes for license files +sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING +sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB +sha256 b33d0bd9f685b46853548814893a6135e74430d12f6d94ab3eba42fc591f83bc LICENSES diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk index fe27842b07..ed03a6911f 100644 --- a/package/glibc/glibc.mk +++ b/package/glibc/glibc.mk @@ -17,7 +17,7 @@ else # Generate version string using: # git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2- # When updating the version, please also update localedef -GLIBC_VERSION = 2.31-49-g6f3459f9859a7b506c64fa1823769ab631072c6e +GLIBC_VERSION = 2.31-54-g6fdf971c9dbf7dac9bea552113fe4694015bbc4d # Upstream doesn't officially provide an https download link. # There is one (https://sourceware.org/git/glibc.git) but it's not reliable, # sometimes the connection times out. So use an unofficial github mirror.