diff options
6 files changed, 2 insertions, 447 deletions
diff --git a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb index fc5d70dbb9..af02a0ce1d 100644 --- a/meta/recipes-core/glibc/cross-localedef-native_2.26.bb +++ b/meta/recipes-core/glibc/cross-localedef-native_2.26.bb | |||
@@ -21,7 +21,7 @@ SRCBRANCH ?= "release/${PV}/master" | |||
21 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" | 21 | GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" |
22 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" | 22 | UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>\d+\.\d+(\.\d+)*)" |
23 | 23 | ||
24 | SRCREV_glibc ?= "1c9a5c270d8b66f30dcfaf1cb2d6cf39d3e18369" | 24 | SRCREV_glibc ?= "d300041c533a3d837c9f37a099bcc95466860e98" |
25 | SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843" | 25 | SRCREV_localedef ?= "dfb4afe551c6c6e94f9cc85417bd1f582168c843" |
26 | 26 | ||
27 | SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | 27 | SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ |
diff --git a/meta/recipes-core/glibc/glibc/0029-malloc-add-missing-arena-lock-in-malloc-info.patch b/meta/recipes-core/glibc/glibc/0029-malloc-add-missing-arena-lock-in-malloc-info.patch deleted file mode 100644 index 626e0e9039..0000000000 --- a/meta/recipes-core/glibc/glibc/0029-malloc-add-missing-arena-lock-in-malloc-info.patch +++ /dev/null | |||
@@ -1,172 +0,0 @@ | |||
1 | From: Florian Weimer <fweimer@redhat.com> | ||
2 | Date: Wed, 15 Nov 2017 11:39:01 +0100 | ||
3 | Subject: [PATCH] malloc: Add missing arena lock in malloc_info [BZ #22408] | ||
4 | |||
5 | Obtain the size information while the arena lock is acquired, and only | ||
6 | print it later. | ||
7 | |||
8 | Upstream-Status: Backport | ||
9 | |||
10 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
11 | |||
12 | Index: git/malloc/Makefile | ||
13 | =================================================================== | ||
14 | --- git.orig/malloc/Makefile 2017-09-04 17:34:06.758018978 +0800 | ||
15 | +++ git/malloc/Makefile 2017-11-20 14:57:43.440337572 +0800 | ||
16 | @@ -35,6 +35,7 @@ | ||
17 | tst-interpose-thread \ | ||
18 | tst-alloc_buffer \ | ||
19 | tst-malloc-tcache-leak \ | ||
20 | + tst-malloc_info \ | ||
21 | |||
22 | tests-static := \ | ||
23 | tst-interpose-static-nothread \ | ||
24 | @@ -245,3 +246,5 @@ | ||
25 | $(evaluate-test) | ||
26 | |||
27 | $(objpfx)tst-malloc-tcache-leak: $(shared-thread-library) | ||
28 | + | ||
29 | +$(objpfx)tst-malloc_info: $(shared-thread-library) | ||
30 | Index: git/malloc/malloc.c | ||
31 | =================================================================== | ||
32 | --- git.orig/malloc/malloc.c 2017-09-04 17:34:06.758018978 +0800 | ||
33 | +++ git/malloc/malloc.c 2017-11-20 15:01:02.412338959 +0800 | ||
34 | @@ -5547,6 +5547,15 @@ | ||
35 | avail += sizes[NFASTBINS - 1 + i].total; | ||
36 | } | ||
37 | |||
38 | + size_t heap_size = 0; | ||
39 | + size_t heap_mprotect_size = 0; | ||
40 | + if (ar_ptr != &main_arena) | ||
41 | + { | ||
42 | + heap_info *heap = heap_for_ptr (top (ar_ptr)); | ||
43 | + heap_size = heap->size; | ||
44 | + heap_mprotect_size = heap->mprotect_size; | ||
45 | + } | ||
46 | + | ||
47 | __libc_lock_unlock (ar_ptr->mutex); | ||
48 | |||
49 | total_nfastblocks += nfastblocks; | ||
50 | @@ -5580,13 +5589,12 @@ | ||
51 | |||
52 | if (ar_ptr != &main_arena) | ||
53 | { | ||
54 | - heap_info *heap = heap_for_ptr (top (ar_ptr)); | ||
55 | fprintf (fp, | ||
56 | "<aspace type=\"total\" size=\"%zu\"/>\n" | ||
57 | "<aspace type=\"mprotect\" size=\"%zu\"/>\n", | ||
58 | - heap->size, heap->mprotect_size); | ||
59 | - total_aspace += heap->size; | ||
60 | - total_aspace_mprotect += heap->mprotect_size; | ||
61 | + heap_size, heap_mprotect_size); | ||
62 | + total_aspace += heap_size; | ||
63 | + total_aspace_mprotect += heap_mprotect_size; | ||
64 | } | ||
65 | else | ||
66 | { | ||
67 | Index: git/malloc/tst-malloc_info.c | ||
68 | =================================================================== | ||
69 | --- /dev/null 1970-01-01 00:00:00.000000000 +0000 | ||
70 | +++ git/malloc/tst-malloc_info.c 2017-11-20 15:02:03.208339383 +0800 | ||
71 | @@ -0,0 +1,101 @@ | ||
72 | +/* Smoke test for malloc_info. | ||
73 | + Copyright (C) 2017 Free Software Foundation, Inc. | ||
74 | + This file is part of the GNU C Library. | ||
75 | + | ||
76 | + The GNU C Library is free software; you can redistribute it and/or | ||
77 | + modify it under the terms of the GNU Lesser General Public | ||
78 | + License as published by the Free Software Foundation; either | ||
79 | + version 2.1 of the License, or (at your option) any later version. | ||
80 | + | ||
81 | + The GNU C Library is distributed in the hope that it will be useful, | ||
82 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
83 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
84 | + Lesser General Public License for more details. | ||
85 | + | ||
86 | + You should have received a copy of the GNU Lesser General Public | ||
87 | + License along with the GNU C Library; if not, see | ||
88 | + <http://www.gnu.org/licenses/>. */ | ||
89 | + | ||
90 | +/* The purpose of this test is to provide a quick way to run | ||
91 | + malloc_info in a multi-threaded process. */ | ||
92 | + | ||
93 | +#include <array_length.h> | ||
94 | +#include <malloc.h> | ||
95 | +#include <stdlib.h> | ||
96 | +#include <support/support.h> | ||
97 | +#include <support/xthread.h> | ||
98 | + | ||
99 | +/* This barrier is used to have the main thread wait until the helper | ||
100 | + threads have performed their allocations. */ | ||
101 | +static pthread_barrier_t barrier; | ||
102 | + | ||
103 | +enum | ||
104 | + { | ||
105 | + /* Number of threads performing allocations. */ | ||
106 | + thread_count = 4, | ||
107 | + | ||
108 | + /* Amount of memory allocation per thread. This should be large | ||
109 | + enough to cause the allocation of multiple heaps per arena. */ | ||
110 | + per_thread_allocations | ||
111 | + = sizeof (void *) == 4 ? 16 * 1024 * 1024 : 128 * 1024 * 1024, | ||
112 | + }; | ||
113 | + | ||
114 | +static void * | ||
115 | +allocation_thread_function (void *closure) | ||
116 | +{ | ||
117 | + struct list | ||
118 | + { | ||
119 | + struct list *next; | ||
120 | + long dummy[4]; | ||
121 | + }; | ||
122 | + | ||
123 | + struct list *head = NULL; | ||
124 | + size_t allocated = 0; | ||
125 | + while (allocated < per_thread_allocations) | ||
126 | + { | ||
127 | + struct list *new_head = xmalloc (sizeof (*new_head)); | ||
128 | + allocated += sizeof (*new_head); | ||
129 | + new_head->next = head; | ||
130 | + head = new_head; | ||
131 | + } | ||
132 | + | ||
133 | + xpthread_barrier_wait (&barrier); | ||
134 | + | ||
135 | + /* Main thread prints first statistics here. */ | ||
136 | + | ||
137 | + xpthread_barrier_wait (&barrier); | ||
138 | + | ||
139 | + while (head != NULL) | ||
140 | + { | ||
141 | + struct list *next_head = head->next; | ||
142 | + free (head); | ||
143 | + head = next_head; | ||
144 | + } | ||
145 | + | ||
146 | + return NULL; | ||
147 | +} | ||
148 | + | ||
149 | +static int | ||
150 | +do_test (void) | ||
151 | +{ | ||
152 | + xpthread_barrier_init (&barrier, NULL, thread_count + 1); | ||
153 | + | ||
154 | + pthread_t threads[thread_count]; | ||
155 | + for (size_t i = 0; i < array_length (threads); ++i) | ||
156 | + threads[i] = xpthread_create (NULL, allocation_thread_function, NULL); | ||
157 | + | ||
158 | + xpthread_barrier_wait (&barrier); | ||
159 | + puts ("info: After allocation:"); | ||
160 | + malloc_info (0, stdout); | ||
161 | + | ||
162 | + xpthread_barrier_wait (&barrier); | ||
163 | + for (size_t i = 0; i < array_length (threads); ++i) | ||
164 | + xpthread_join (threads[i]); | ||
165 | + | ||
166 | + puts ("\ninfo: After deallocation:"); | ||
167 | + malloc_info (0, stdout); | ||
168 | + | ||
169 | + return 0; | ||
170 | +} | ||
171 | + | ||
172 | +#include <support/test-driver.c> | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch deleted file mode 100644 index 9a08784106..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch +++ /dev/null | |||
@@ -1,65 +0,0 @@ | |||
1 | From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Eggert <eggert@cs.ucla.edu> | ||
3 | Date: Sun, 22 Oct 2017 10:00:57 +0200 | ||
4 | Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ | ||
5 | #22332] | ||
6 | |||
7 | (cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8) | ||
8 | |||
9 | Upstream-Status: Backport | ||
10 | CVE: CVE-2017-15671 | ||
11 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
12 | |||
13 | --- | ||
14 | ChangeLog | 6 ++++++ | ||
15 | NEWS | 4 ++++ | ||
16 | posix/glob.c | 4 ++-- | ||
17 | 3 files changed, 12 insertions(+), 2 deletions(-) | ||
18 | |||
19 | Index: git/NEWS | ||
20 | =================================================================== | ||
21 | --- git.orig/NEWS | ||
22 | +++ git/NEWS | ||
23 | @@ -20,6 +20,10 @@ Security related changes: | ||
24 | on the stack or the heap, depending on the length of the user name). | ||
25 | Reported by Tim Rühsen. | ||
26 | |||
27 | + The glob function, when invoked with GLOB_TILDE and without | ||
28 | + GLOB_NOESCAPE, could write past the end of a buffer while | ||
29 | + unescaping user names. Reported by Tim Rühsen. | ||
30 | + | ||
31 | The following bugs are resolved with this release: | ||
32 | |||
33 | [16750] ldd: Never run file directly. | ||
34 | Index: git/posix/glob.c | ||
35 | =================================================================== | ||
36 | --- git.orig/posix/glob.c | ||
37 | +++ git/posix/glob.c | ||
38 | @@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in | ||
39 | char *p = mempcpy (newp, dirname + 1, | ||
40 | unescape - dirname - 1); | ||
41 | char *q = unescape; | ||
42 | - while (*q != '\0') | ||
43 | + while (q != end_name) | ||
44 | { | ||
45 | if (*q == '\\') | ||
46 | { | ||
47 | - if (q[1] == '\0') | ||
48 | + if (q + 1 == end_name) | ||
49 | { | ||
50 | /* "~fo\\o\\" unescape to user_name "foo\\", | ||
51 | but "~fo\\o\\/" unescape to user_name | ||
52 | Index: git/ChangeLog | ||
53 | =================================================================== | ||
54 | --- git.orig/ChangeLog | ||
55 | +++ git/ChangeLog | ||
56 | @@ -1,3 +1,9 @@ | ||
57 | +2017-10-22 Paul Eggert <eggert@cs.ucla.edu> | ||
58 | + | ||
59 | + [BZ #22332] | ||
60 | + * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE | ||
61 | + unescaping. | ||
62 | + | ||
63 | 2017-10-13 James Clarke <jrtc27@jrtc27.com> | ||
64 | |||
65 | * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela): | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch b/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch deleted file mode 100644 index d9bde7f20a..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2017-16997.patch +++ /dev/null | |||
@@ -1,151 +0,0 @@ | |||
1 | From 4ebd0c4191c6073cc8a7c5fdcf1d182c4719bcbb Mon Sep 17 00:00:00 2001 | ||
2 | From: Aurelien Jarno <aurelien@aurel32.net> | ||
3 | Date: Sat, 30 Dec 2017 10:54:23 +0100 | ||
4 | Subject: [PATCH] elf: Check for empty tokens before dynamic string token | ||
5 | expansion [BZ #22625] | ||
6 | |||
7 | The fillin_rpath function in elf/dl-load.c loops over each RPATH or | ||
8 | RUNPATH tokens and interprets empty tokens as the current directory | ||
9 | ("./"). In practice the check for empty token is done *after* the | ||
10 | dynamic string token expansion. The expansion process can return an | ||
11 | empty string for the $ORIGIN token if __libc_enable_secure is set | ||
12 | or if the path of the binary can not be determined (/proc not mounted). | ||
13 | |||
14 | Fix that by moving the check for empty tokens before the dynamic string | ||
15 | token expansion. In addition, check for NULL pointer or empty strings | ||
16 | return by expand_dynamic_string_token. | ||
17 | |||
18 | The above changes highlighted a bug in decompose_rpath, an empty array | ||
19 | is represented by the first element being NULL at the fillin_rpath | ||
20 | level, but by using a -1 pointer in decompose_rpath and other functions. | ||
21 | |||
22 | Changelog: | ||
23 | [BZ #22625] | ||
24 | * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic | ||
25 | string token expansion. Check for NULL pointer or empty string possibly | ||
26 | returned by expand_dynamic_string_token. | ||
27 | (decompose_rpath): Check for empty path after dynamic string | ||
28 | token expansion. | ||
29 | (cherry picked from commit 3e3c904daef69b8bf7d5cc07f793c9f07c3553ef) | ||
30 | |||
31 | Upstream-Status: Backport | ||
32 | CVE: CVE-2017-16997 | ||
33 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
34 | |||
35 | --- | ||
36 | ChangeLog | 10 ++++++++++ | ||
37 | NEWS | 4 ++++ | ||
38 | elf/dl-load.c | 49 +++++++++++++++++++++++++++++++++---------------- | ||
39 | 3 files changed, 47 insertions(+), 16 deletions(-) | ||
40 | |||
41 | Index: git/NEWS | ||
42 | =================================================================== | ||
43 | --- git.orig/NEWS | ||
44 | +++ git/NEWS | ||
45 | @@ -211,6 +211,10 @@ Security related changes: | ||
46 | on the stack or the heap, depending on the length of the user name). | ||
47 | Reported by Tim Rühsen. | ||
48 | |||
49 | + CVE-2017-16997: Incorrect handling of RPATH or RUNPATH containing $ORIGIN | ||
50 | + for AT_SECURE or SUID binaries could be used to load libraries from the | ||
51 | + current directory. | ||
52 | + | ||
53 | The following bugs are resolved with this release: | ||
54 | |||
55 | [984] network: Respond to changed resolv.conf in gethostbyname | ||
56 | Index: git/elf/dl-load.c | ||
57 | =================================================================== | ||
58 | --- git.orig/elf/dl-load.c | ||
59 | +++ git/elf/dl-load.c | ||
60 | @@ -433,32 +433,41 @@ fillin_rpath (char *rpath, struct r_sear | ||
61 | { | ||
62 | char *cp; | ||
63 | size_t nelems = 0; | ||
64 | - char *to_free; | ||
65 | |||
66 | while ((cp = __strsep (&rpath, sep)) != NULL) | ||
67 | { | ||
68 | struct r_search_path_elem *dirp; | ||
69 | + char *to_free = NULL; | ||
70 | + size_t len = 0; | ||
71 | |||
72 | - to_free = cp = expand_dynamic_string_token (l, cp, 1); | ||
73 | + /* `strsep' can pass an empty string. */ | ||
74 | + if (*cp != '\0') | ||
75 | + { | ||
76 | + to_free = cp = expand_dynamic_string_token (l, cp, 1); | ||
77 | |||
78 | - size_t len = strlen (cp); | ||
79 | + /* expand_dynamic_string_token can return NULL in case of empty | ||
80 | + path or memory allocation failure. */ | ||
81 | + if (cp == NULL) | ||
82 | + continue; | ||
83 | + | ||
84 | + /* Compute the length after dynamic string token expansion and | ||
85 | + ignore empty paths. */ | ||
86 | + len = strlen (cp); | ||
87 | + if (len == 0) | ||
88 | + { | ||
89 | + free (to_free); | ||
90 | + continue; | ||
91 | + } | ||
92 | |||
93 | - /* `strsep' can pass an empty string. This has to be | ||
94 | - interpreted as `use the current directory'. */ | ||
95 | - if (len == 0) | ||
96 | - { | ||
97 | - static const char curwd[] = "./"; | ||
98 | - cp = (char *) curwd; | ||
99 | + /* Remove trailing slashes (except for "/"). */ | ||
100 | + while (len > 1 && cp[len - 1] == '/') | ||
101 | + --len; | ||
102 | + | ||
103 | + /* Now add one if there is none so far. */ | ||
104 | + if (len > 0 && cp[len - 1] != '/') | ||
105 | + cp[len++] = '/'; | ||
106 | } | ||
107 | |||
108 | - /* Remove trailing slashes (except for "/"). */ | ||
109 | - while (len > 1 && cp[len - 1] == '/') | ||
110 | - --len; | ||
111 | - | ||
112 | - /* Now add one if there is none so far. */ | ||
113 | - if (len > 0 && cp[len - 1] != '/') | ||
114 | - cp[len++] = '/'; | ||
115 | - | ||
116 | /* Make sure we don't use untrusted directories if we run SUID. */ | ||
117 | if (__glibc_unlikely (check_trusted) && !is_trusted_path (cp, len)) | ||
118 | { | ||
119 | @@ -621,6 +630,14 @@ decompose_rpath (struct r_search_path_st | ||
120 | necessary. */ | ||
121 | free (copy); | ||
122 | |||
123 | + /* There is no path after expansion. */ | ||
124 | + if (result[0] == NULL) | ||
125 | + { | ||
126 | + free (result); | ||
127 | + sps->dirs = (struct r_search_path_elem **) -1; | ||
128 | + return false; | ||
129 | + } | ||
130 | + | ||
131 | sps->dirs = result; | ||
132 | /* The caller will change this value if we haven't used a real malloc. */ | ||
133 | sps->malloced = 1; | ||
134 | Index: git/ChangeLog | ||
135 | =================================================================== | ||
136 | --- git.orig/ChangeLog | ||
137 | +++ git/ChangeLog | ||
138 | @@ -1,3 +1,13 @@ | ||
139 | +2017-12-30 Aurelien Jarno <aurelien@aurel32.net> | ||
140 | + Dmitry V. Levin <ldv@altlinux.org> | ||
141 | + | ||
142 | + [BZ #22625] | ||
143 | + * elf/dl-load.c (fillin_rpath): Check for empty tokens before dynamic | ||
144 | + string token expansion. Check for NULL pointer or empty string possibly | ||
145 | + returned by expand_dynamic_string_token. | ||
146 | + (decompose_rpath): Check for empty path after dynamic string | ||
147 | + token expansion. | ||
148 | + | ||
149 | 2017-10-22 Paul Eggert <eggert@cs.ucla.edu> | ||
150 | |||
151 | [BZ #22332] | ||
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch b/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch deleted file mode 100644 index bfa58bc1d6..0000000000 --- a/meta/recipes-core/glibc/glibc/CVE-2017-17426.patch +++ /dev/null | |||
@@ -1,53 +0,0 @@ | |||
1 | From 34697694e8a93b325b18f25f7dcded55d6baeaf6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Arjun Shankar <arjun@redhat.com> | ||
3 | Date: Thu, 30 Nov 2017 13:31:45 +0100 | ||
4 | Subject: [PATCH] Fix integer overflow in malloc when tcache is enabled [BZ | ||
5 | #22375] | ||
6 | |||
7 | When the per-thread cache is enabled, __libc_malloc uses request2size (which | ||
8 | does not perform an overflow check) to calculate the chunk size from the | ||
9 | requested allocation size. This leads to an integer overflow causing malloc | ||
10 | to incorrectly return the last successfully allocated block when called with | ||
11 | a very large size argument (close to SIZE_MAX). | ||
12 | |||
13 | This commit uses checked_request2size instead, removing the overflow. | ||
14 | |||
15 | Upstream-Status: Backport | ||
16 | CVE: CVE-2017-17426 | ||
17 | Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> | ||
18 | Rebase on new master | ||
19 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
20 | |||
21 | --- | ||
22 | ChangeLog | 6 ++++++ | ||
23 | malloc/malloc.c | 3 ++- | ||
24 | 2 files changed, 8 insertions(+), 1 deletion(-) | ||
25 | |||
26 | Index: git/malloc/malloc.c | ||
27 | =================================================================== | ||
28 | --- git.orig/malloc/malloc.c | ||
29 | +++ git/malloc/malloc.c | ||
30 | @@ -3064,7 +3064,8 @@ __libc_malloc (size_t bytes) | ||
31 | return (*hook)(bytes, RETURN_ADDRESS (0)); | ||
32 | #if USE_TCACHE | ||
33 | /* int_free also calls request2size, be careful to not pad twice. */ | ||
34 | - size_t tbytes = request2size (bytes); | ||
35 | + size_t tbytes; | ||
36 | + checked_request2size (bytes, tbytes); | ||
37 | size_t tc_idx = csize2tidx (tbytes); | ||
38 | |||
39 | MAYBE_INIT_TCACHE (); | ||
40 | Index: git/ChangeLog | ||
41 | =================================================================== | ||
42 | --- git.orig/ChangeLog | ||
43 | +++ git/ChangeLog | ||
44 | @@ -1,3 +1,9 @@ | ||
45 | +2017-11-30 Arjun Shankar <arjun@redhat.com> | ||
46 | + | ||
47 | + [BZ #22375] | ||
48 | + * malloc/malloc.c (__libc_malloc): Use checked_request2size | ||
49 | + instead of request2size. | ||
50 | + | ||
51 | 2017-12-30 Aurelien Jarno <aurelien@aurel32.net> | ||
52 | Dmitry V. Levin <ldv@altlinux.org> | ||
53 | |||
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb index 7eb56b328a..464b65434e 100644 --- a/meta/recipes-core/glibc/glibc_2.26.bb +++ b/meta/recipes-core/glibc/glibc_2.26.bb | |||
@@ -7,7 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ | |||
7 | 7 | ||
8 | DEPENDS += "gperf-native bison-native" | 8 | DEPENDS += "gperf-native bison-native" |
9 | 9 | ||
10 | SRCREV ?= "77f921dac17c5fa99bd9e926d926c327982895f7" | 10 | SRCREV ?= "d300041c533a3d837c9f37a099bcc95466860e98" |
11 | 11 | ||
12 | SRCBRANCH ?= "release/${PV}/master" | 12 | SRCBRANCH ?= "release/${PV}/master" |
13 | 13 | ||
@@ -42,10 +42,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
42 | file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \ | 42 | file://0025-locale-fix-hard-coded-reference-to-gcc-E.patch \ |
43 | file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ | 43 | file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \ |
44 | file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ | 44 | file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \ |
45 | file://0029-malloc-add-missing-arena-lock-in-malloc-info.patch \ | ||
46 | file://CVE-2017-15671.patch \ | ||
47 | file://CVE-2017-16997.patch \ | ||
48 | file://CVE-2017-17426.patch \ | ||
49 | " | 45 | " |
50 | 46 | ||
51 | NATIVESDKFIXES ?= "" | 47 | NATIVESDKFIXES ?= "" |