From 37ca92bb2ae613b889881738ab5644a571c1fec3 Mon Sep 17 00:00:00 2001 From: Armin Kuster Date: Mon, 15 Dec 2014 18:19:05 -0800 Subject: glibc: CVE 2014-7817 and 2012-3406 fixes (From OE-Core rev: 41eb5a1ae2a92034bed93c735e712d18ea3d9d1d) (From OE-Core rev: 007144bdfb2dfb10e4b1794799f8b5aa6976266c) Signed-off-by: Armin Kuster Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie --- meta/recipes-core/glibc/glibc_2.20.bb | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'meta/recipes-core/glibc/glibc_2.20.bb') diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb index 30a4397cd6..9dd5e67ce8 100644 --- a/meta/recipes-core/glibc/glibc_2.20.bb +++ b/meta/recipes-core/glibc/glibc_2.20.bb @@ -24,6 +24,7 @@ SRC_URI = "git://sourceware.org/git/glibc.git;branch=release/${PV}/master \ file://grok_gold.patch \ file://fix_am_rootsbindir.patch \ ${EGLIBCPATCHES} \ + ${CVEPATCHES} \ " EGLIBCPATCHES = "\ file://timezone-re-written-tzselect-as-posix-sh.patch \ @@ -40,6 +41,10 @@ EGLIBCPATCHES = "\ # file://initgroups_keys.patch \ # +CVEPATCHES = "\ + file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \ + file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \ + " LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://posix/rxspencer/COPYRIGHT;md5=dc5485bb394a13b2332ec1c785f5d83a \ -- cgit v1.2.3-54-g00ecf