34f8d874ee
Enable mathvec explicitly on aarch64(be) since it's now enabled by default [1]. aarch64 mathvec requires at gcc-10 but Buildroot already provide gcc-11 as minimum version. Don't use --enable-fortify-source for now in order to keep original behavior while doing the glibc version bump (and because some architecture doesn't support well fortify-source, i.e Microblaze). Postpone this change to a follow up commit. Keep the "deprecated" libcrypt enabled just in case if some application are not yet ready to use an alternative such as libxcrypt. Security related changes: CVE-2023-25139: When the printf family of functions is called with a format specifier that uses an <apostrophe> (enable grouping) and a minimum width specifier, the resulting output could be larger than reasonably expected by a caller that computed a tight bound on the buffer size. The resulting larger than expected output could result in a buffer overflow in the printf family of functions. See: https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00010.html Runtime tested with Qemu on Gitlab-ci: https://gitlab.com/kubu93/buildroot/-/pipelines/998435203 https://gitlab.com/buildroot.org/toolchains-builder/-/pipelines/998926028 [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd94326a1326c4e3f1ee7a8d0a161cc0bdcaf07e Signed-off-by: Romain Naour <romain.naour@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
From add730a680075ed611797b9ea771bf977667a7de Mon Sep 17 00:00:00 2001
|
|
From: Matt Weber <matthew.weber@rockwellcollins.com>
|
|
Date: Thu, 6 Feb 2020 14:36:21 -0600
|
|
Subject: [PATCH] relax dependency on GCC to 4.8 and binutils to 2.24
|
|
|
|
The glibc package has been updating the toolchain version
|
|
dependency since 2.28.x. The dependencies don't currently
|
|
apply to the localedef build of the package, so this
|
|
patchset relaxes the restriction such that builds can still
|
|
occur on older host machines.
|
|
|
|
Here's a related post from 2018 for a similar patchset.
|
|
http://lists.busybox.net/pipermail/buildroot/2018-December/237949.html
|
|
|
|
Timeline of relevant commits that adjust the dependency upstream.
|
|
GCC 4.9+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=4add86749a31f302674599b69d2eea691d69341a
|
|
Binutils 2.25+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=073e8fa7739ed453d6854b834f290c263a6cdb9f
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=b4396163aa8666f970aaf43eaca25f3a92b18c1b
|
|
GCC 5+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=192963be49678b48f60218f1f794991cdd9fe472
|
|
GCC 6.2+
|
|
https://sourceware.org/git/?p=glibc.git;a=commit;h=4dcbbc3b28aaeafe23e1a30db84055aa6f6fa987
|
|
|
|
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
|
|
[yann.morin.1998@free.fr: update for 2.37]
|
|
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
|
|
[Romain: rebase on 2.38]
|
|
Signed-off-by: Romain Naour <romain.naour@gmail.com>
|
|
---
|
|
configure | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/configure b/configure
|
|
index 4ef387146d..4c6f91117d 100755
|
|
--- a/configure
|
|
+++ b/configure
|
|
@@ -5293,7 +5293,7 @@ printf %s "checking version of $LD... " >&6; }
|
|
ac_prog_version=`$LD --version 2>&1 | sed -n 's/^.*GNU ld.* \([0-9][0-9]*\.[0-9.]*\).*$/\1/p'`
|
|
case $ac_prog_version in
|
|
'') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
|
|
- 2.1[0-9][0-9]*|2.2[5-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
+ 2.1[0-9][0-9]*|2.2[4-9]*|2.[3-9][0-9]*|[3-9].*|[1-9][0-9]*)
|
|
ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
|
|
*) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
|
|
|
|
@@ -5735,7 +5735,7 @@ int
|
|
main (void)
|
|
{
|
|
|
|
-#if !defined __GNUC__ || __GNUC__ < 6 || (__GNUC__ == 6 && __GNUC_MINOR__ < 2)
|
|
+#if !defined __GNUC__ || __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 8)
|
|
#error insufficient compiler
|
|
#endif
|
|
;
|
|
--
|
|
2.41.0
|
|
|