1983d2e6a3
Fixes the following security issues: CVE-2022-23219: Passing an overlong file name to the clnt_create legacy function could result in a stack-based buffer overflow when using the "unix" protocol. Reported by Martin Sebor. CVE-2022-23218: Passing an overlong file name to the svcunix_create legacy function could result in a stack-based buffer overflow. CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath function could result in a memory leak and potential access of uninitialized memory. Reported by Qualys. CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd function may result in an off-by-one buffer underflow and overflow when the current working directory is longer than PATH_MAX and also corresponds to the / directory through an unprivileged mount namespace. Reported by Qualys. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
64 lines
2.7 KiB
Diff
64 lines
2.7 KiB
Diff
From 85412262460f6ba9f6e2cf8da74fc1904c54c854 Mon Sep 17 00:00:00 2001
|
|
From: Matt Weber <matthew.weber@rockwellcollins.com>
|
|
Date: Thu, 6 Feb 2020 14:36:21 -0600
|
|
Subject: [PATCH] relax dependency on GCC to 4.8 and binutils to 2.24
|
|
|
|
The glibc package has been updating the toolchain version
|
|
dependency since 2.28.x. The dependencies don't currently
|
|
apply to the localedef build of the package, so this
|
|
patchset relaxes the restriction such that builds can still
|
|
occur on older host machines.
|
|
|
|
Here's a related post from 2018 for a similar patchset.
|
|
http://lists.busybox.net/pipermail/buildroot/2018-December/237949.html
|
|
|
|
Timeline of relevant commits that adjust the dependency upstream.
|
|
GCC 4.9+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=4add86749a31f302674599b69d2eea691d69341a
|
|
Binutils 2.25+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=073e8fa7739ed453d6854b834f290c263a6cdb9f
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=b4396163aa8666f970aaf43eaca25f3a92b18c1b
|
|
GCC 5+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=192963be49678b48f60218f1f794991cdd9fe472
|
|
GCC 6.2+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=4dcbbc3b28aaeafe23e1a30db84055aa6f6fa987
|
|
|
|
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
|
|
---
|
|
configure | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/configure b/configure
|
|
index 9619c10991..0c481d2339 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -4651,7 +4651,7 @@ $as_echo_n "checking version of $AS... " >&6; }
|
|
ac_prog_version=`$AS --version 2>&1 | sed -n 's/^.*GNU assembler.* \([0-9]*\.[0-9.]*\).*$/\1/p'`
|
|
case $ac_prog_version in
|
|
'') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
|
|
- 2.1[0-9][0-9]*|2.2[5-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
+ 2.1[0-9][0-9]*|2.2[4-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
|
|
*) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
|
|
|
|
@@ -4781,7 +4781,7 @@ $as_echo_n "checking version of $LD... " >&6; }
|
|
ac_prog_version=`$LD --version 2>&1 | sed -n 's/^.*GNU ld.* \([0-9][0-9]*\.[0-9.]*\).*$/\1/p'`
|
|
case $ac_prog_version in
|
|
'') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
|
|
- 2.1[0-9][0-9]*|2.2[5-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
+ 2.1[0-9][0-9]*|2.2[4-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
|
|
*) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
|
|
|
|
@@ -5189,7 +5189,7 @@ int
|
|
main ()
|
|
{
|
|
|
|
-#if !defined __GNUC__ || __GNUC__ < 6 || (__GNUC__ == 6 && __GNUC_MINOR__ < 2)
|
|
+#if !defined __GNUC__ || __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
|
|
#error insufficient compiler
|
|
#endif
|
|
;
|
|
--
|
|
2.33.0
|