summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core/glibc/glibc_2.20.bb
Commit message (Collapse)AuthorAgeFilesLines
* glibc: CVE-2015-8779Armin Kuster2016-03-211-0/+1
| | | | | | | | | | | | | | | | | | A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) (From OE-Core rev: 01e9f306e0af4ea2d9fe611c1592b0f19d83f487) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-8777Armin Kuster2016-03-211-1/+3
| | | | | | | | | | | | | | | | | | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) (From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc 2.20: Security fix CVE-2015-7547Koen Kooi2016-03-031-0/+1
| | | | | | | | | CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc) Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Fixes a heap buffer overflow in glibc wscanf.Armin Kuster2016-01-301-0/+1
| | | | | | | | | | | | | | | | | | | | | References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 (From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Hand applied. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: use patch for CVE-2015-1781Tudor Florea2016-01-301-3/+1
| | | | | | | | | | | Patch added to the repo wasn't actually considered due to a erronously way of specifying the sources. (From OE-Core rev: 2cdc3dd4cc4426aa081b6cb99b67f1143cc64f81) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflowHaris Okanovic2015-07-201-0/+3
| | | | | | | | | | | | | | | | | | | | | | | Backport Arjun Shankar's patch for CVE-2015-1781: A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. https://sourceware.org/bugzilla/show_bug.cgi?id=18287 (From OE-Core rev: c0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6) (From OE-Core rev: 96ff830b79c64d8f35c311b66906b492cbeeeb55) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Reviewed-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2014-9402 endless loop in getaddr_rArmin Kuster2015-02-111-0/+1
| | | | | | | | | | | | | | | | | The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name. (From OE-Core rev: f03bf84c179f69ef4800ed92a4a9d9401d0e5966) (From OE-Core rev: 7e3f4ddd001f9c50a49d8ba5ab548af311e6b51f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Fix up minimal build with libc-libmSaul Wold2015-02-111-0/+3
| | | | | | | | | | | | | | | | | | This addresses 2 issues discovered trying to build a minimal libc with libm option. By default nscd was always being built and without inet enabled there were missing symbols. [YOCTO #7108] (From OE-Core rev: 89649881bcd0e76d6ee7c85c30e75bb01e1c004f) (From OE-Core rev: 965943176c580b7943bb4d94efd58b8818c04919) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE 2014-7817 and 2012-3406 fixesArmin Kuster2014-12-311-0/+5
| | | | | | | | | | | | (From OE-Core rev: 41eb5a1ae2a92034bed93c735e712d18ea3d9d1d) (From OE-Core rev: 007144bdfb2dfb10e4b1794799f8b5aa6976266c) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Incremental bump to 2.20 release branchKhem Raj2014-09-101-3/+2
| | | | | | | | | | | Now that glibc 2.20 has been released. We switch to use release branch and remove the already applied patch (From OE-Core rev: 70bfccd8e13af712381b4feea3ef882369951264) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Migrate eglibc 2.19 -> glibc 2.20Khem Raj2014-09-011-0/+154
- This is a big swoop change where we switch to using glibc - option-groups are forward ported - cross-localedef is extracted out from eglibc and hosted at github.com/kraj/localedef, its used for cross-localedef recipe - Other non ported patches from eglibc are forward ported ppc8xx cache line workaround SH fpcr values dynamic resolver installing PIC archives is there but is not applied libc header bootstrap - Delete eglibc recipes we moved back to using glibc now - Fix ppc/e500 build - Fix crypt module build when options are used - Fix fnmatch build when options OPTION_EGLIBC_LOCALE_CODE is unset HAVE_MBSTATE_T and HAVE_MBSRTOWCS should be defined conditionally based upon OPTION_EGLIBC_LOCALE_CODE being set/unset - Move the ports/ patches to relevant files now that ports is gone (From OE-Core rev: 1027c535ea753e63d9ffe469a423e04467cf8940) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-15 07:49:38 +0000