From 91c3fc996ea1c4946295918e58d762a4bfcf7b3b Mon Sep 17 00:00:00 2001 From: Soumya Sambu Date: Wed, 4 Oct 2023 11:01:22 +0000 Subject: glibc: Update to latest on stable 2.35 branch Adresses CVE-2023-4813, CVE-2023-4806, CVE-2023-5156. Added these to CVE_CHECK_IGNORE to avoid in cve-check reports since the recipe version did not change. These are the complete list of changes this brings * 73d4ce728a Document CVE-2023-4806 and CVE-2023-5156 in NEWS * 17092c0311 Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843]* * 762a747fae io: Fix record locking contants for powerpc64 with __USE_FILE_OFFSET64 * e3ccb230a9 getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) * 1b9087dcec gethosts: Return EAI_MEMORY on allocation failure * f5f88f142a gaih_inet: Split result generation into its own function * a6da106892 gaih_inet: split loopback lookup into its own function * 8b70d97b08 gaih_inet: make gethosts into a function * 9098deb96a gaih_inet: separate nss lookup loop into its own function * ce64e72b7d gaih_inet: Split nscd lookup code into its own function. * 4897bf7968 gaih_inet: Split simple gethostbyname into its own function * 571c531b3b gaih_inet: make numeric lookup a separate routine * 9aad91abe6 gaih_inet: Simplify service resolution * d02808dee9 getaddrinfo: Fix leak with AI_ALL [BZ #28852] * f366eaa608 gaih_inet: Simplify canon name resolution * b126325fc7 nss: Sort tests and tests-container and put one test per line * 6e867146ee Simplify allocations and fix merge and continue actions [BZ #28931] * 59ee83b0c2 elf: Move l_init_called_next to old place of l_text_end in link map * 34b07bdbdd elf: Remove unused l_text_end field from struct link_map * 02a67e102f elf: Always call destructors in reverse constructor order (bug 30785) * aeea91fd15 elf: Do not run constructors for proxy objects * 1d828d5855 elf: Introduce to _dl_call_fini (From OE-Core rev: be0bca7eaa08948b6c4eabe63e68a6e14d8dad3b) Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.35.bb | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index f23ceb5a25..c23a43576c 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.35/master" PV = "2.35" -SRCREV_glibc ?= "561e9dadc02f46a7ba2190c0a04259583479f6c9" +SRCREV_glibc ?= "73d4ce728a59deb2fd18969e559769b3f590fac9" SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb index df847e76bf..b4bad5b7ac 100644 --- a/meta/recipes-core/glibc/glibc_2.35.bb +++ b/meta/recipes-core/glibc/glibc_2.35.bb @@ -16,6 +16,9 @@ CVE_CHECK_IGNORE += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" # Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 CVE_CHECK_IGNORE += "CVE-2019-1010025" +# To avoid these in cve-check reports since the recipe version did not change +CVE_CHECK_IGNORE += "CVE-2023-4813 CVE-2023-4806 CVE-2023-5156" + DEPENDS += "gperf-native bison-native" NATIVESDKFIXES ?= "" -- cgit v1.2.3-54-g00ecf