[OpenWrt-Devel] [PATCH] CC: toolchain: use latest glibc 2.21 revision
Michael Marley
michael at michaelmarley.com
Wed Mar 16 06:55:13 EDT 2016
OK, I was planning on making a patch for 2.23 in trunk later today.
Michael
On 03/16/16 06:23, John Crispin wrote:
>
> On 16/03/2016 11:21, Michael Marley wrote:
>> When I originally posted this patch, GLIBC 2.23 had not yet been
>> released. Additionally, this was a patch to fix the issue for the
>> stable release (CC), so I didn't figure bumping the GLIBC version would
>> be a good idea. The issue is fixed because the patch was backported to
>> the 2.21 branch, which is why this patch switched from the 2.21 release
>> to the head of the 2.21 branch.
>>
>> Michael
>>
>>
> i was just about to post the same. happy to include a patch for the
> latest version though
>
> John
>
>> On 03/16/16 05:14, Naresh Kumar Mehta wrote:
>>> From http://www.gnu.org/software/libc/, it seems CVE-2015-7547 was fixed in
>>> v2.23. How come using v2.21 will fix this issue?
>>>
>>> -----Original Message-----
>>> From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org] On
>>> Behalf Of Michael Marley
>>> Sent: Wednesday, February 17, 2016 7:46 PM
>>> To: openwrt-devel at lists.openwrt.org
>>> Subject: [OpenWrt-Devel] [PATCH] CC: toolchain: use latest glibc 2.21
>>> revision
>>>
>>> Fixes "CVE-2015-7547 --- glibc getaddrinfo() stack-based buffer overflow"
>>>
>>> Signed-off-by: Michael Marley <michael at michaelmarley.com>
>>> ---
>>> toolchain/glibc/Config.version | 6 ------
>>> toolchain/glibc/common.mk | 12
>>> +++++++++++-
>>> toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch | 2 +-
>>> 3 files changed, 12 insertions(+), 8 deletions(-)
>>>
>>> diff --git a/toolchain/glibc/Config.version b/toolchain/glibc/Config.version
>>> index 2ac01d7..4ceed09 100644
>>> --- a/toolchain/glibc/Config.version
>>> +++ b/toolchain/glibc/Config.version
>>> @@ -12,12 +12,6 @@ config EGLIBC_VERSION_2_19 config GLIBC_VERSION_2_21
>>> bool
>>>
>>> -config GLIBC_REVISION
>>> - string
>>> - default "25243" if EGLIBC_VERSION_2_19
>>> - default "4e42b5b8f8" if GLIBC_VERSION_2_21
>>> - default ""
>>> -
>>> endif
>>>
>>> menu "eglibc configuration"
>>> diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk index
>>> 7487ca2..3d680bb 100644
>>> --- a/toolchain/glibc/common.mk
>>> +++ b/toolchain/glibc/common.mk
>>> @@ -6,9 +6,19 @@
>>> #
>>> include $(TOPDIR)/rules.mk
>>>
>>> +
>>> +MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38
>>> +REVISION_2.19 = 25243
>>> +
>>> +MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed
>>> +REVISION_2.21 = 16d0a0c
>>> +
>>> +
>>> PKG_NAME:=glibc
>>> PKG_VERSION:=$(call qstrip,$(CONFIG_GLIBC_VERSION)) -PKG_REVISION:=$(call
>>> qstrip,$(CONFIG_GLIBC_REVISION))
>>> +
>>> +PKG_REVISION:=$(REVISION_$(PKG_VERSION))
>>> +PKG_MIRROR_MD5SUM:=$(MD5SUM_$(PKG_VERSION))
>>>
>>> PKG_SOURCE_PROTO:=git
>>> PKG_SOURCE_URL:=git://sourceware.org/git/glibc.git
>>> diff --git a/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch
>>> b/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch
>>> index a6200f7..070f938 100644
>>> --- a/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch
>>> +++ b/toolchain/glibc/patches/2.21/200-add-dl-search-paths.patch
>>> @@ -2,7 +2,7 @@ add /usr/lib to default search path for the dynamic linker
>>>
>>> --- a/Makeconfig
>>> +++ b/Makeconfig
>>> -@@ -501,6 +501,9 @@ else
>>> +@@ -499,6 +499,9 @@ else
>>> default-rpath = $(libdir)
>>> endif
>>>
>>> --
>>> 2.7.1
>>> _______________________________________________
>>> openwrt-devel mailing list
>>> openwrt-devel at lists.openwrt.org
>>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>>
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list