1983d2e6a3
Fixes the following security issues: CVE-2022-23219: Passing an overlong file name to the clnt_create legacy function could result in a stack-based buffer overflow when using the "unix" protocol. Reported by Martin Sebor. CVE-2022-23218: Passing an overlong file name to the svcunix_create legacy function could result in a stack-based buffer overflow. CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath function could result in a memory leak and potential access of uninitialized memory. Reported by Qualys. CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd function may result in an off-by-one buffer underflow and overflow when the current working directory is longer than PATH_MAX and also corresponds to the / directory through an unprivileged mount namespace. Reported by Qualys. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Reviewed-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
57 lines
1.8 KiB
Makefile
57 lines
1.8 KiB
Makefile
################################################################################
|
|
#
|
|
# localedef
|
|
#
|
|
################################################################################
|
|
|
|
# Use the same VERSION and SITE as target glibc
|
|
# As in glibc.mk, generate version string using:
|
|
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
|
|
LOCALEDEF_VERSION = 2.34-109-gd64b08d5ba7ffbc9155630f4843cf2e271b1629c
|
|
LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION).tar.gz
|
|
LOCALEDEF_SITE = $(call github,bminor,glibc,$(LOCALEDEF_VERSION))
|
|
HOST_LOCALEDEF_DL_SUBDIR = glibc
|
|
|
|
HOST_LOCALEDEF_DEPENDENCIES = \
|
|
$(BR2_MAKE_HOST_DEPENDENCY) \
|
|
$(BR2_PYTHON3_HOST_DEPENDENCY) \
|
|
host-bison \
|
|
host-gawk
|
|
|
|
HOST_LOCALEDEF_CONF_ENV += ac_cv_prog_MAKE="$(BR2_MAKE)"
|
|
|
|
# Even though we use the autotools-package infrastructure, we have to override
|
|
# the default configure commands for since we have to build out-of-tree, but we
|
|
# can't use the same 'symbolic link to configure' used with the gcc packages.
|
|
define HOST_LOCALEDEF_CONFIGURE_CMDS
|
|
mkdir -p $(@D)/build
|
|
# Do the configuration
|
|
(cd $(@D)/build; \
|
|
$(HOST_LOCALEDEF_CONF_ENV) \
|
|
$(HOST_CONFIGURE_OPTS) \
|
|
$(SHELL) $(@D)/configure \
|
|
libc_cv_forced_unwind=yes \
|
|
libc_cv_ssp=no \
|
|
--target=$(GNU_HOST_NAME) \
|
|
--host=$(GNU_HOST_NAME) \
|
|
--build=$(GNU_HOST_NAME) \
|
|
--prefix=/usr \
|
|
--with-pkgversion="Buildroot" \
|
|
--without-cvs \
|
|
--disable-profile \
|
|
--without-gd \
|
|
--enable-obsolete-rpc)
|
|
endef
|
|
|
|
define HOST_LOCALEDEF_BUILD_CMDS
|
|
$(HOST_MAKE_ENV) $(BR2_MAKE1) $(HOST_LOCALEDEF_MAKE_OPTS) \
|
|
-C $(@D)/build locale/others
|
|
endef
|
|
|
|
# The makefile does not implement an install target for localedef
|
|
define HOST_LOCALEDEF_INSTALL_CMDS
|
|
$(INSTALL) -D -m 0755 $(@D)/build/locale/localedef $(HOST_DIR)/bin/localedef
|
|
endef
|
|
|
|
$(eval $(host-autotools-package))
|