From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] package/glibc: bump version for post-2.29 security fixes
Date: Fri, 29 Mar 2019 11:24:14 +0100 [thread overview]
Message-ID: <20190329102414.10080-1-peter@korsgaard.com> (raw)
Fixes the following security vulnerability:
CVE-2019-9169: Attempted case-insensitive regular-expression match
via proceed_next_node in posix/regexec.c leads to heap-based buffer
over-read. Reported by Hongxu Chen.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../glibc.hash | 2 +-
package/glibc/glibc.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
rename package/glibc/{2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61 => 2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436}/glibc.hash (70%)
diff --git a/package/glibc/2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61/glibc.hash b/package/glibc/2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436/glibc.hash
similarity index 70%
rename from package/glibc/2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61/glibc.hash
rename to package/glibc/2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436/glibc.hash
index 56e4bf1c18..b62487ce19 100644
--- a/package/glibc/2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61/glibc.hash
+++ b/package/glibc/2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436/glibc.hash
@@ -1,5 +1,5 @@
# Locally calculated (fetched from Github)
-sha256 fdc2f7966eac7071ac4d66bc38d9236476d670f042645f9566746a1fd42a6a9d glibc-2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61.tar.gz
+sha256 a5d4cbe7eceaefd8bce1104994379818169961b59346d2f3897966912237b1e6 glibc-2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436.tar.gz
# Hashes for license files
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 5ee53df2b2..0345f1f392 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -13,7 +13,7 @@ GLIBC_SITE = $(call github,riscv,riscv-glibc,$(GLIBC_VERSION))
else
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
-GLIBC_VERSION = 2.29-6-g067fc32968b601493f4b247a3ac00caeea3f3d61
+GLIBC_VERSION = 2.29-11-ge28ad442e73b00ae2047d89c8cc7f9b2a0de5436
# Upstream doesn't officially provide an https download link.
# There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
# sometimes the connection times out. So use an unofficial github mirror.
--
2.11.0
next reply other threads:[~2019-03-29 10:24 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-29 10:24 Peter Korsgaard [this message]
2019-03-29 16:03 ` [Buildroot] [PATCH] package/glibc: bump version for post-2.29 security fixes Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190329102414.10080-1-peter@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.