diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc_2.31.bb')
-rw-r--r-- | meta/recipes-core/glibc/glibc_2.31.bb | 51 |
1 files changed, 48 insertions, 3 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index b75bbb4196..296c892994 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb | |||
@@ -1,7 +1,40 @@ | |||
1 | require glibc.inc | 1 | require glibc.inc |
2 | require glibc-version.inc | 2 | require glibc-version.inc |
3 | 3 | ||
4 | CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752" | 4 | CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \ |
5 | CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \ | ||
6 | CVE-2022-23218 CVE-2022-23219 \ | ||
7 | " | ||
8 | |||
9 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 | ||
10 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 | ||
11 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 | ||
12 | # Upstream glibc maintainers dispute there is any issue and have no plans to address it further. | ||
13 | # "this is being treated as a non-security bug and no real threat." | ||
14 | CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" | ||
15 | |||
16 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 | ||
17 | # Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow | ||
18 | # easier access for another. "ASLR bypass itself is not a vulnerability." | ||
19 | # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 | ||
20 | CVE_CHECK_WHITELIST += "CVE-2019-1010025" | ||
21 | |||
22 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 | ||
23 | # The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash | ||
24 | # or read arbitrary memory in parse_param (in posix/wordexp.c) when called with | ||
25 | # an untrusted, crafted pattern, potentially resulting in a denial of service | ||
26 | # or disclosure of information. Patch was backported to 2.31 branch already: | ||
27 | # https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8 | ||
28 | # which is already included in the dunfell branch of poky: | ||
29 | # https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b | ||
30 | CVE_CHECK_WHITELIST += "CVE-2021-35942" | ||
31 | |||
32 | # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 | ||
33 | # This vulnerability was introduced in 2.36 by commit | ||
34 | # f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option | ||
35 | # so our version is not yet vulnerable | ||
36 | # See https://sourceware.org/bugzilla/show_bug.cgi?id=30842 | ||
37 | CVE_CHECK_WHITELIST += "CVE-2023-4527" | ||
5 | 38 | ||
6 | DEPENDS += "gperf-native bison-native make-native" | 39 | DEPENDS += "gperf-native bison-native make-native" |
7 | 40 | ||
@@ -41,9 +74,21 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ | |||
41 | file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \ | 74 | file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \ |
42 | file://0028-inject-file-assembly-directives.patch \ | 75 | file://0028-inject-file-assembly-directives.patch \ |
43 | file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ | 76 | file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ |
44 | file://CVE-2020-29562.patch \ | ||
45 | file://CVE-2020-29573.patch \ | 77 | file://CVE-2020-29573.patch \ |
46 | file://CVE-2019-25013.patch \ | 78 | file://CVE-2021-33574_1.patch \ |
79 | file://CVE-2021-33574_2.patch \ | ||
80 | file://CVE-2021-38604.patch \ | ||
81 | file://0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch \ | ||
82 | file://0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch \ | ||
83 | file://0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch \ | ||
84 | file://0033-elf-Add-test-case-for-BZ-19329.patch \ | ||
85 | file://0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch \ | ||
86 | file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ | ||
87 | file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ | ||
88 | file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ | ||
89 | file://CVE-2023-0687.patch \ | ||
90 | file://CVE-2023-4911.patch \ | ||
91 | file://CVE-2023-4813.patch \ | ||
47 | " | 92 | " |
48 | S = "${WORKDIR}/git" | 93 | S = "${WORKDIR}/git" |
49 | B = "${WORKDIR}/build-${TARGET_SYS}" | 94 | B = "${WORKDIR}/build-${TARGET_SYS}" |