kumquat-buildroot/package/glibc/glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa/glibc.hash

# Locally calculated (fetched from Github)
sha256  b070f746f932cfce107bb9be2d59ded5b44b25ddafb480c9110c52b88cc2dec1  glibc-glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.tar.gz

# Hashes for license files
sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
sha256  35bdb41dc0bcb10702ddacbd51ec4c0fe6fb3129f734e8c85fc02e4d3eb0ce3f  LICENSES
package: prepare for per-version hash files The Qt5 packages may have different licensing terms between the two versions we support, and in some cases, those different terms are expressed in similarly named files, like files named plain 'LICENSE' for example. Similarly, glibc also has different license files, especially since the arc version still has libidn, which got dropped from upstream. This is problematic, because, in a .hash file, we can't store two different hashes for the same file. We've started to handle this case by moving the licenses hashes to the per-version sub directories. However, the hashes for the downloads are still stored inside the non- versioned hash file of the package, which is not totally coherent: if we have a per-version hash file, it should list all the hases for that version, downloads included, and there should be no unversioned hash file. In preparation for this, we duplicate the downloads hashes from the main hash files, and into the versioned ones. Once the download infra learns to look for those hashes in these per-version subdirs, we'll remove the unversioned hash files. Note that, now that we have versioned hash files, the main hash files will not be used to check license files, so we can already drop the hashes for license files from the main hash files. Note also that there are a few other packages for which we support different versions (binutils, gcc, gdb, lua, xserver_xorg-server, uboot), but none of those have different licensing terms due to the version. Qt5 and glibc are alone in this case. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gaël Portay <gael.portay@savoirfairelinux.com> Cc: Peter Seiderer <ps.report@gmx.net> Cc: Julien Corjon <corjon.j@ecagroup.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Luca Ceresoli <luca@lucaceresoli.net> Cc: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-10-14 14:25:42 +02:00			`# Locally calculated (fetched from Github)`
glibc: bump version for post-2.28 security fixes Fixes the following security vulnerability: CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a denial of service due to resource exhaustion when processing getaddrinfo calls with crafted host names. Reported by Guido Vranken. Adhemerval Zanella (2): Fix misreported errno on preadv2/pwritev2 (BZ#23579) x86: Fix Haswell CPU string flags (BZ#23709) Alexandra Hájková (1): Add an additional test to resolv/tst-resolv-network.c Andreas Schwab (2): Fix stack overflow in tst-setcontext9 (bug 23717) libanl: properly cleanup if first helper thread creation failed (bug 22927) DJ Delorie (2): malloc: tcache double free check malloc: tcache double free check Florian Weimer (9): conform: XFAIL siginfo_t si_band test on sparc64 stdlib/test-bz22786: Avoid spurious test failures using alias mappings stdlib/test-bz22786: Avoid memory leaks in the test itself support_blob_repeat: Call mkstemp directory for the backing file stdlib/tst-strtod-overflow: Switch to support_blob_repeat nscd: Fix use-after-free in addgetnetgrentX [BZ #23520] support: Print timestamps in timeout handler Revert "malloc: tcache double free check" [BZ #23907] CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927] H.J. Lu (2): i386: Use _dl_runtime_[resolve\|profile]_shstk for SHSTK [BZ #23716] Check multiple NT_GNU_PROPERTY_TYPE_0 notes [BZ #23509] Ilya Yu. Malakhov (1): signal: Use correct type for si_band in siginfo_t [BZ #23562] Istvan Kurucsai (1): malloc: Additional checks for unsorted bin integrity I. Joseph Myers (2): Update syscall-names.list for Linux 4.18. Update kernel version in syscall-names.list to 4.19. Moritz Eckert (1): malloc: Mitigate null-byte overflow attacks Paul Eggert (1): Fix tzfile low-memory assertion failure Paul Pluzhnikov (2): Fix BZ#23400 (creating temporary files in source tree), and undefined behavior in test. [BZ #20271] Add newlines in __libc_fatal calls. Pochang Chen (1): malloc: Verify size of top chunk. Rafal Luzynski (1): kl_GL: Fix spelling of Sunday, should be "sapaat" (bug 20209). Stefan Liebler (2): Fix race in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP [BZ #23275] Test stdlib/test-bz22786 exits now with unsupported if malloc fails. Szabolcs Nagy (2): i64: fix missing exp2f, log2f and powf symbols in libm.a [BZ #23822] Increase timeout of libio/tst-readline Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2018-11-30 10:05:57 +01:00			`sha256 b070f746f932cfce107bb9be2d59ded5b44b25ddafb480c9110c52b88cc2dec1 glibc-glibc-2.28-50-gb8dd0f42780a3133c02f064a2c0c5c4e7ab61aaa.tar.gz`
package: prepare for per-version hash files The Qt5 packages may have different licensing terms between the two versions we support, and in some cases, those different terms are expressed in similarly named files, like files named plain 'LICENSE' for example. Similarly, glibc also has different license files, especially since the arc version still has libidn, which got dropped from upstream. This is problematic, because, in a .hash file, we can't store two different hashes for the same file. We've started to handle this case by moving the licenses hashes to the per-version sub directories. However, the hashes for the downloads are still stored inside the non- versioned hash file of the package, which is not totally coherent: if we have a per-version hash file, it should list all the hases for that version, downloads included, and there should be no unversioned hash file. In preparation for this, we duplicate the downloads hashes from the main hash files, and into the versioned ones. Once the download infra learns to look for those hashes in these per-version subdirs, we'll remove the unversioned hash files. Note that, now that we have versioned hash files, the main hash files will not be used to check license files, so we can already drop the hashes for license files from the main hash files. Note also that there are a few other packages for which we support different versions (binutils, gcc, gdb, lua, xserver_xorg-server, uboot), but none of those have different licensing terms due to the version. Qt5 and glibc are alone in this case. Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Cc: Gaël Portay <gael.portay@savoirfairelinux.com> Cc: Peter Seiderer <ps.report@gmx.net> Cc: Julien Corjon <corjon.j@ecagroup.com> Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Cc: Arnout Vandecappelle <arnout@mind.be> Cc: Luca Ceresoli <luca@lucaceresoli.net> Cc: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-10-14 14:25:42 +02:00
			`# Hashes for license files`
glibc: split hash files for licenses, fixes ARC Configuration that build a glibc toolchain on ARC currently fail to run "make legal-info", because the hash for the LICENSES file is different between the ARC glibc version, and glibc 2.28. To fix this, this commit moves the hashes for the glibc license files to per-version hash files. Fixes: http://autobuild.buildroot.net/results/5a98a801dccaaeb4b5cbc26d9a017726d0953157/ Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2018-10-10 15:24:03 +02:00			`sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING`
			`sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB`
			`sha256 35bdb41dc0bcb10702ddacbd51ec4c0fe6fb3129f734e8c85fc02e4d3eb0ce3f LICENSES`