| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
(From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5)
(From OE-Core rev: 01e9f306e0af4ea2d9fe611c1592b0f19d83f487)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)
(From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7547: getaddrinfo() stack-based buffer overflow
(From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc)
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1
Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
(From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Hand applied.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport Arjun Shankar's patch for CVE-2015-1781:
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
(From OE-Core rev: c0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6)
(From OE-Core rev: 96ff830b79c64d8f35c311b66906b492cbeeeb55)
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop
if the DNS backend is activated in the system Name Service Switch
configuration, and the DNS resolver receives a positive answer while processing
the network name.
(From OE-Core rev: f03bf84c179f69ef4800ed92a4a9d9401d0e5966)
(From OE-Core rev: 7e3f4ddd001f9c50a49d8ba5ab548af311e6b51f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses 2 issues discovered trying to build a minimal libc with
libm option. By default nscd was always being built and without inet
enabled there were missing symbols.
[YOCTO #7108]
(From OE-Core rev: 89649881bcd0e76d6ee7c85c30e75bb01e1c004f)
(From OE-Core rev: 965943176c580b7943bb4d94efd58b8818c04919)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 41eb5a1ae2a92034bed93c735e712d18ea3d9d1d)
(From OE-Core rev: 007144bdfb2dfb10e4b1794799f8b5aa6976266c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
option-groups.h only explicitely #defines options that are enabled.
EGLIBC options are typically pre-processed under the assumption that if
an option is not explicitely defined then it evaluates as 0.
This assumption is correct, but it generates a compiler warning
message each time an undefined symbol is being evaluated.
In order to remove the warnings, each EGLIBC option is now defined
as 1 if the option is enabled or as 0 otherwise.
The consequence is we cannot use #ifdef OPTION_XXX when evaluating
the option, we must always use #if OPTION_XXX.
[YOCTO #7001]
(From OE-Core rev: 7f1bdc331304a61a4836a5752bca210450b6c5b5)
(From OE-Core rev: bce598f21ee9f21228766d4bb19fef21695981da)
Signed-off-by: Juro Bystricky <jurobystricky@hotmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The s_sin.c patch undoes some code changes in glibc itself, these changes have nothing to
do with the option groups and I suspect crept in as part of the initial conversion. Undoing
this patch also fixes a test failure in test-double and test-idouble.
[YOCTO #6808]
(From OE-Core rev: 5f225067dcb7244065f857d34e1041171844b243)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that glibc 2.20 has been released. We switch
to use release branch and remove the already applied
patch
(From OE-Core rev: 70bfccd8e13af712381b4feea3ef882369951264)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
- This is a big swoop change where we switch to using glibc
- option-groups are forward ported
- cross-localedef is extracted out from eglibc and hosted
at github.com/kraj/localedef, its used for cross-localedef
recipe
- Other non ported patches from eglibc are forward ported
ppc8xx cache line workaround
SH fpcr values
dynamic resolver
installing PIC archives is there but is not applied
libc header bootstrap
- Delete eglibc recipes we moved back to using glibc now
- Fix ppc/e500 build
- Fix crypt module build when options are used
- Fix fnmatch build when options OPTION_EGLIBC_LOCALE_CODE is unset
HAVE_MBSTATE_T and HAVE_MBSRTOWCS should be defined conditionally
based upon OPTION_EGLIBC_LOCALE_CODE being set/unset
- Move the ports/ patches to relevant files now that ports is gone
(From OE-Core rev: 1027c535ea753e63d9ffe469a423e04467cf8940)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
