package/glibc: security bump to 2.38-81 for post-2.38 security fixes
Fixes the following security issues: GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Null pointer crash after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Yann E. MORIN <yann.morin.1998@free.fr> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
73c3457dca
commit
d2320372a9
@ -1,5 +1,5 @@
|
|||||||
# Locally calculated (fetched from Github)
|
# Locally calculated (fetched from Github)
|
||||||
sha256 e38f4284d6909c6b5db7d79c6e450daeaf136a67e547290eec0b063a55eaaa42 glibc-2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0.tar.gz
|
sha256 f36243d2500f714e1333a93f0d029f92d6b0e2e8e80ccb3936b7b40ceeb36d54 glibc-2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5.tar.gz
|
||||||
|
|
||||||
# Hashes for license files
|
# Hashes for license files
|
||||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
# Generate version string using:
|
# Generate version string using:
|
||||||
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
||||||
# When updating the version, please also update localedef
|
# When updating the version, please also update localedef
|
||||||
GLIBC_VERSION = 2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0
|
GLIBC_VERSION = 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5
|
||||||
# Upstream doesn't officially provide an https download link.
|
# Upstream doesn't officially provide an https download link.
|
||||||
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
|
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
|
||||||
# sometimes the connection times out. So use an unofficial github mirror.
|
# sometimes the connection times out. So use an unofficial github mirror.
|
||||||
@ -52,6 +52,19 @@ GLIBC_IGNORE_CVES += CVE-2023-6779
|
|||||||
# 2.38 and the version we're really using.
|
# 2.38 and the version we're really using.
|
||||||
GLIBC_IGNORE_CVES += CVE-2023-6780
|
GLIBC_IGNORE_CVES += CVE-2023-6780
|
||||||
|
|
||||||
|
# Fixed by glibc-2.38-66-ge1135387deded5d73924f6ca20c72a35dc8e1bda
|
||||||
|
GLIBC_IGNORE_CVES += CVE-2024-2961
|
||||||
|
|
||||||
|
# Fixed by glibc-2.38-72-g5968aebb86164034b8f8421b4abab2f837a5bdaf
|
||||||
|
GLIBC_IGNORE_CVES += CVE-2024-33599
|
||||||
|
|
||||||
|
# Fixed by glibc-2.38-73-g541ea5172aa658c4bd5c6c6d6fd13903c3d5bb0a +
|
||||||
|
# glibc-2.38-74-g2ae9446c1b7a3064743b4a51c0bbae668ee43e4c
|
||||||
|
GLIBC_IGNORE_CVES += CVE-2024-33600
|
||||||
|
|
||||||
|
# Fixed by glibc-2.38-75-g71af8ca864345d39b746d5cee84b94b430fad5db
|
||||||
|
GLIBC_IGNORE_CVES += CVE-2024-33601 CVE-2024-33602
|
||||||
|
|
||||||
# All these CVEs are considered as not being security issues by
|
# All these CVEs are considered as not being security issues by
|
||||||
# upstream glibc:
|
# upstream glibc:
|
||||||
# https://security-tracker.debian.org/tracker/CVE-2010-4756
|
# https://security-tracker.debian.org/tracker/CVE-2010-4756
|
||||||
|
@ -7,7 +7,7 @@
|
|||||||
# Use the same VERSION and SITE as target glibc
|
# Use the same VERSION and SITE as target glibc
|
||||||
# As in glibc.mk, generate version string using:
|
# As in glibc.mk, generate version string using:
|
||||||
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
||||||
LOCALEDEF_VERSION = 2.38-44-gd37c2b20a4787463d192b32041c3406c2bd91de0
|
LOCALEDEF_VERSION = 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5
|
||||||
LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION).tar.gz
|
LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION).tar.gz
|
||||||
LOCALEDEF_SITE = $(call github,bminor,glibc,$(LOCALEDEF_VERSION))
|
LOCALEDEF_SITE = $(call github,bminor,glibc,$(LOCALEDEF_VERSION))
|
||||||
HOST_LOCALEDEF_DL_SUBDIR = glibc
|
HOST_LOCALEDEF_DL_SUBDIR = glibc
|
||||||
|
Loading…
Reference in New Issue
Block a user