From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 75463C76196 for ; Mon, 10 Apr 2023 19:27:51 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 1DA2D607F0; Mon, 10 Apr 2023 19:27:51 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1DA2D607F0 X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AOVZ_C2vUiwk; Mon, 10 Apr 2023 19:27:49 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by smtp3.osuosl.org (Postfix) with ESMTP id E08D360E92; Mon, 10 Apr 2023 19:27:48 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp3.osuosl.org E08D360E92 Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id D65B11BF316 for ; Mon, 10 Apr 2023 19:27:46 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp2.osuosl.org (Postfix) with ESMTP id AF0F34090D for ; Mon, 10 Apr 2023 19:27:46 +0000 (UTC) DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org AF0F34090D X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp2.osuosl.org ([127.0.0.1]) by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NOq7bV4_avk1 for ; Mon, 10 Apr 2023 19:27:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp2.osuosl.org 477CA40376 Received: from smtp5-g21.free.fr (smtp5-g21.free.fr [IPv6:2a01:e0c:1:1599::14]) by smtp2.osuosl.org (Postfix) with ESMTPS id 477CA40376 for ; Mon, 10 Apr 2023 19:27:45 +0000 (UTC) Received: from ymorin.is-a-geek.org (unknown [171.22.1.1]) (Authenticated sender: yann.morin.1998@free.fr) by smtp5-g21.free.fr (Postfix) with ESMTPSA id C9B665FF95; Mon, 10 Apr 2023 21:27:37 +0200 (CEST) Received: by ymorin.is-a-geek.org (sSMTP sendmail emulation); Mon, 10 Apr 2023 21:27:37 +0200 Date: Mon, 10 Apr 2023 21:27:37 +0200 From: "Yann E. MORIN" To: Sebastian Weyer Message-ID: <20230410192737.GK2819@scaer> References: <20230329193028.775041-1-sebastian.weyer@smile.fr> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20230329193028.775041-1-sebastian.weyer@smile.fr> User-Agent: Mutt/1.5.22 (2013-10-16) X-Mailman-Original-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=free.fr; s=smtp-20201208; t=1681154863; bh=0WVyzw3xfPpgwkoy7EGM8Qk7RoYFMIqTkvKJHMCm71I=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=q1nieT7lW3I/TVOeEhwjGPTN8enyr/q0hMx+SkgMAZfTM9yrqRNj03lk9DdZ/z8VB W9cmr0kVdXgiq276lNYzi2gzY2Zekv+SiSHH5q3xbAUHtHPts71tYNx74lxrlF9kyf 5jEyLkUEk5kJUXyV2GlKgxkqY7O+RnQCE7YgLF29aPBnS77N64sM6VGsyXF9N9V4zx Be2uFYtiORc12tZSLPUewBL+m7qs7arcjNtjKaMoAhQcYX+fDnOLa5yG28zSdpHAYw oP27qfHV6GvdFRssirwZW+TuvAGR1yWjn0Tn2omDjCPkCtnPsDZSYVlz9ZY9e7kolW jbp62KR1+GEhA== X-Mailman-Original-Authentication-Results: smtp2.osuosl.org; dkim=pass (2048-bit key) header.d=free.fr header.i=@free.fr header.a=rsa-sha256 header.s=smtp-20201208 header.b=q1nieT7l Subject: Re: [Buildroot] [PATCH 1/1] package/glibc: bump to version 2.37 X-BeenThere: buildroot@buildroot.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Romain Naour , Romain Naour , Thomas Petazzoni , buildroot@buildroot.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" Sebastian. Romain. All, On 2023-03-29 21:30 +0200, Sebastian Weyer spake thusly: > From: Romain Naour > > See: > https://sourceware.org/glibc/wiki/Release/2.37 > https://lists.gnu.org/archive/html/info-gnu/2023-02/msg00000.html > > Security related changes: > > CVE-2022-39046: When the syslog function is passed a crafted input > string larger than 1024 bytes, it reads uninitialized memory from the > heap and prints it to the target log file, potentially revealing a > portion of the contents of the heap LWN classified it as "low-key release": https://lwn.net/Articles/922003/ so I applied without too much worry. > Remove patch 0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch fixed > in 2.37 release by [1]. > > [1] https://sourceware.org/bugzilla/show_bug.cgi?id=29249 > > Signed-off-by: Romain Naour > Signed-off-by: Sebastian Weyer Applied to master, thanks. Regards, Yann E. MORIN. > --- > ...lement-a-useful-version-of-_startup_.patch | 132 ------------------ > package/glibc/glibc.hash | 2 +- > package/glibc/glibc.mk | 2 +- > package/localedef/localedef.mk | 2 +- > 4 files changed, 3 insertions(+), 135 deletions(-) > delete mode 100644 package/glibc/0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch > > diff --git a/package/glibc/0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch b/package/glibc/0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch > deleted file mode 100644 > index 549650aca1..0000000000 > --- a/package/glibc/0001-Revert-Linux-Implement-a-useful-version-of-_startup_.patch > +++ /dev/null > @@ -1,132 +0,0 @@ > -From dfda505870f94a7ac8063eb47f622ddc65665ff1 Mon Sep 17 00:00:00 2001 > -From: James Hilliard > -Date: Tue, 14 Jun 2022 19:42:43 -0600 > -Subject: [PATCH] Revert "Linux: Implement a useful version of _startup_fatal" > - > -Fixes: > -csu/libc-tls.c:202: undefined reference to `_startup_fatal_not_constant' > - > -This reverts commit 2d05ba7f8ef979947e910a37ae8115a816eb4d08. > - > -Signed-off-by: James Hilliard > ---- > - sysdeps/unix/sysv/linux/i386/startup.h | 23 ++++++++++++--- > - sysdeps/unix/sysv/linux/ia64/startup.h | 22 --------------- > - sysdeps/unix/sysv/linux/startup.h | 39 -------------------------- > - 3 files changed, 19 insertions(+), 65 deletions(-) > - delete mode 100644 sysdeps/unix/sysv/linux/ia64/startup.h > - delete mode 100644 sysdeps/unix/sysv/linux/startup.h > - > -diff --git a/sysdeps/unix/sysv/linux/i386/startup.h b/sysdeps/unix/sysv/linux/i386/startup.h > -index 213805d7d2..67c9310f3a 100644 > ---- a/sysdeps/unix/sysv/linux/i386/startup.h > -+++ b/sysdeps/unix/sysv/linux/i386/startup.h > -@@ -1,5 +1,5 @@ > - /* Linux/i386 definitions of functions used by static libc main startup. > -- Copyright (C) 2022 Free Software Foundation, Inc. > -+ Copyright (C) 2017-2022 Free Software Foundation, Inc. > - This file is part of the GNU C Library. > - > - The GNU C Library is free software; you can redistribute it and/or > -@@ -16,7 +16,22 @@ > - License along with the GNU C Library; if not, see > - . */ > - > --/* Can't use "call *%gs:SYSINFO_OFFSET" during startup. */ > --#define I386_USE_SYSENTER 0 > -+#if BUILD_PIE_DEFAULT > -+/* Can't use "call *%gs:SYSINFO_OFFSET" during statup in static PIE. */ > -+# define I386_USE_SYSENTER 0 > - > --#include_next > -+# include > -+# include > -+ > -+__attribute__ ((__noreturn__)) > -+static inline void > -+_startup_fatal (const char *message __attribute__ ((unused))) > -+{ > -+ /* This is only called very early during startup in static PIE. > -+ FIXME: How can it be improved? */ > -+ ABORT_INSTRUCTION; > -+ __builtin_unreachable (); > -+} > -+#else > -+# include_next > -+#endif > -diff --git a/sysdeps/unix/sysv/linux/ia64/startup.h b/sysdeps/unix/sysv/linux/ia64/startup.h > -deleted file mode 100644 > -index 77f29f15a2..0000000000 > ---- a/sysdeps/unix/sysv/linux/ia64/startup.h > -+++ /dev/null > -@@ -1,22 +0,0 @@ > --/* Linux/ia64 definitions of functions used by static libc main startup. > -- Copyright (C) 2022 Free Software Foundation, Inc. > -- This file is part of the GNU C Library. > -- > -- The GNU C Library is free software; you can redistribute it and/or > -- modify it under the terms of the GNU Lesser General Public > -- License as published by the Free Software Foundation; either > -- version 2.1 of the License, or (at your option) any later version. > -- > -- The GNU C Library is distributed in the hope that it will be useful, > -- but WITHOUT ANY WARRANTY; without even the implied warranty of > -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > -- Lesser General Public License for more details. > -- > -- You should have received a copy of the GNU Lesser General Public > -- License along with the GNU C Library; if not, see > -- . */ > -- > --/* This code is used before the TCB is set up. */ > --#define IA64_USE_NEW_STUB 0 > -- > --#include_next > -diff --git a/sysdeps/unix/sysv/linux/startup.h b/sysdeps/unix/sysv/linux/startup.h > -deleted file mode 100644 > -index 39859b404a..0000000000 > ---- a/sysdeps/unix/sysv/linux/startup.h > -+++ /dev/null > -@@ -1,39 +0,0 @@ > --/* Linux definitions of functions used by static libc main startup. > -- Copyright (C) 2017-2022 Free Software Foundation, Inc. > -- This file is part of the GNU C Library. > -- > -- The GNU C Library is free software; you can redistribute it and/or > -- modify it under the terms of the GNU Lesser General Public > -- License as published by the Free Software Foundation; either > -- version 2.1 of the License, or (at your option) any later version. > -- > -- The GNU C Library is distributed in the hope that it will be useful, > -- but WITHOUT ANY WARRANTY; without even the implied warranty of > -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > -- Lesser General Public License for more details. > -- > -- You should have received a copy of the GNU Lesser General Public > -- License along with the GNU C Library; if not, see > -- . */ > -- > --#ifdef SHARED > --# include_next > --#else > --# include > -- > --/* Avoid a run-time invocation of strlen. */ > --#define _startup_fatal(message) \ > -- do \ > -- { \ > -- size_t __message_length = __builtin_strlen (message); \ > -- if (! __builtin_constant_p (__message_length)) \ > -- { \ > -- extern void _startup_fatal_not_constant (void); \ > -- _startup_fatal_not_constant (); \ > -- } \ > -- INTERNAL_SYSCALL_CALL (write, STDERR_FILENO, (message), \ > -- __message_length); \ > -- INTERNAL_SYSCALL_CALL (exit_group, 127); \ > -- } \ > -- while (0) > --#endif /* !SHARED */ > --- > -2.25.1 > - > diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash > index 4ce4c6f6d1..453aadae11 100644 > --- a/package/glibc/glibc.hash > +++ b/package/glibc/glibc.hash > @@ -1,5 +1,5 @@ > # Locally calculated (fetched from Github) > -sha256 666482e657c319f7e139121121a0d97d303c65207b9f9730f42a3ee83c79f686 glibc-2.36-81-g4f4d7a13edfd2fdc57c9d76e1fd6d017fb47550c.tar.gz > +sha256 0f8bfad0b853a0c6e1dd1c3254a30b58d4c7050870fe2b0da90ad40f4d450ce2 glibc-2.37-2-g9f8513dc64119a424b312db97cef5d87d376defa.tar.gz > > # Hashes for license files > sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING > diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk > index 354f035d33..79e6c76cb4 100644 > --- a/package/glibc/glibc.mk > +++ b/package/glibc/glibc.mk > @@ -7,7 +7,7 @@ > # Generate version string using: > # git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2- > # When updating the version, please also update localedef > -GLIBC_VERSION = 2.36-81-g4f4d7a13edfd2fdc57c9d76e1fd6d017fb47550c > +GLIBC_VERSION = 2.37-2-g9f8513dc64119a424b312db97cef5d87d376defa > # Upstream doesn't officially provide an https download link. > # There is one (https://sourceware.org/git/glibc.git) but it's not reliable, > # sometimes the connection times out. So use an unofficial github mirror. > diff --git a/package/localedef/localedef.mk b/package/localedef/localedef.mk > index 6699840854..6f8b170516 100644 > --- a/package/localedef/localedef.mk > +++ b/package/localedef/localedef.mk > @@ -7,7 +7,7 @@ > # Use the same VERSION and SITE as target glibc > # As in glibc.mk, generate version string using: > # git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2- > -LOCALEDEF_VERSION = 2.36-81-g4f4d7a13edfd2fdc57c9d76e1fd6d017fb47550c > +LOCALEDEF_VERSION = 2.37-2-g9f8513dc64119a424b312db97cef5d87d376defa > LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION).tar.gz > LOCALEDEF_SITE = $(call github,bminor,glibc,$(LOCALEDEF_VERSION)) > HOST_LOCALEDEF_DL_SUBDIR = glibc > -- > 2.25.1 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot