Re: [Buildroot] [PATCH 2/2] package/glibc: security bump to 2.39-74 for post-2.39 security fixes

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Cc: Romain Naour <romain.naour@gmail.com>,
	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: Re: [Buildroot] [PATCH 2/2] package/glibc: security bump to 2.39-74 for post-2.39 security fixes
Date: Fri, 05 Jul 2024 21:28:59 +0200	[thread overview]
Message-ID: <87bk3bvds4.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20240616124322.692320-2-peter@korsgaard.com> (Peter Korsgaard's message of "Sun, 16 Jun 2024 14:43:22 +0200")

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issues:
 >   GLIBC-SA-2024-0004:
 >     ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
 >     sequence (CVE-2024-2961)

 >   GLIBC-SA-2024-0005:
 >     nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

 >   GLIBC-SA-2024-0006:
 >     nscd: Null pointer crash after notfound response (CVE-2024-33600)

 >   GLIBC-SA-2024-0007:
 >     nscd: netgroup cache may terminate daemon on memory allocation
 >     failure (CVE-2024-33601)

 >   GLIBC-SA-2024-0008:
 >     nscd: netgroup cache assumes NSS callback uses in-buffer strings
 >     (CVE-2024-33602)

 > In addition, the following bugs are fixed:

 >   [19622] network: Support aliasing with struct sockaddr
 >   [30701] time: getutxent misbehaves on 32-bit x86 when _TIME_BITS=64
 >   [30994] REP MOVSB performance suffers from page aliasing on Zen 4
 >   [31339] libc: arm32 loader crash after cleanup in 2.36
 >   [31325] mips: clone3 is wrong for o32
 >   [31335] math: Compile glibc with -march=x86-64-v3 should disable FMA4
 >     multi-arch version
 >   [31402] libc: clone (NULL, NULL, ...) clobbers %r7 register on
 >     s390{,x}
 >   [31479] libc: Missing #include <sys/rseq.h> in sched_getcpu.c may
 >     result in a loss of rseq acceleration
 >   [31316] build: Fails test misc/tst-dirname "Didn't expect signal from
 >     child: got `Illegal instruction'" on non SSE CPUs
 >   [31371] x86-64: APX and Tile registers aren't preserved in ld.so
 >     trampoline
 >   [31372] dynamic-link: _dl_tlsdesc_dynamic doesn't preserve all caller-
 >     saved registers
 >   [31429] build: Glibc failed to build with -march=x86-64-v3
 >   [31501] dynamic-link: _dl_tlsdesc_dynamic_xsavec may clobber %rbx
 >   [31640] dynamic-link: POWER10 ld.so crashes in
 >     elf_machine_load_address with GCC 14
 >   [31676] Configuring with CC="gcc -march=x86-64-v3"
 >     --with-rtld-early-cflags=-march=x86-64 results in linker failure
 >   [31677] nscd: nscd: netgroup cache: invalid memcpy under low
 >     memory/storage conditions
 >   [31678] nscd: nscd: Null pointer dereferences after failed netgroup
 >     cache insertion
 >   [31679] nscd: nscd: netgroup cache may terminate daemon on memory
 >     allocation failure
 >   [31680] nscd: nscd: netgroup cache assumes NSS callback uses in-buffer
 >     strings
 >   [31686] dynamic-link: Stack-based buffer overflow in
 >     parse_tunables_string
 >   [31719] dynamic-link: --enable-hardcoded-path-in-tests doesn't work
 >     with -Wl,--enable-new-dtags
 >   [31782] Test build failure with recent GCC trunk
 >     (x86/tst-cpu-features-supports.c:69:3: error: parameter to builtin
 >     not valid: avx5124fmaps)
 >   [31798] pidfd_getpid.c is miscompiled by GCC 6.4
 >   [31867] build: "CPU ISA level is lower than required" on SSE2-free
 >     CPUs
 >   [31883] build: ISA level support configure check relies on bashism /
 >     is otherwise broken for arithmetic

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2024.05.x, thanks.

-- 
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot