From: Peter Korsgaard <peter@korsgaard.com>
To: Romain Naour <romain.naour@gmail.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/2] package/{glibc, localedef}: bump to version 2.38-13-g92201f16cbcfd9eafe314ef6654be2ea7ba25675
Date: Fri, 29 Sep 2023 21:32:32 +0200 [thread overview]
Message-ID: <87edigg4hb.fsf@48ers.dk> (raw)
In-Reply-To: <20230911210917.1114974-1-romain.naour@gmail.com> (Romain Naour's message of "Mon, 11 Sep 2023 23:09:16 +0200")
>>>>> "Romain" == Romain Naour <romain.naour@gmail.com> writes:
> Enable mathvec explicitely on aarch64(be) since it's now enabled by
> default [1]. aarch64 mathvec requires at gcc-10 but Buildroot already
> provide gcc-11 as minimum version.
> Don't use --enable-fortify-source for now in order to keep original
> behavior while doing the glibc version bump (and because some
> architecture doesn't support well fortiry-source, i.e Microblaze).
> Postpone this change to a follow up commit.
> Keep the "deprecated" libcrypt enabled just in case if some
> application are not yet ready to use an alternative such as libxcrypt.
> Security related changes:
> CVE-2023-25139: When the printf family of functions is called with a
> format specifier that uses an <apostrophe> (enable grouping) and a
> minimum width specifier, the resulting output could be larger than
> reasonably expected by a caller that computed a tight bound on the
> buffer size. The resulting larger than expected output could result
> in a buffer overflow in the printf family of functions.
It would have been handy to first bump to the 2.37.x version fixing this
issue for easy backporting, but OK - I will do it separately.
> See:
> https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00010.html
> Runtime tested with Qemu on Gitlab-ci:
> https://gitlab.com/kubu93/buildroot/-/pipelines/998435203
> https://gitlab.com/buildroot.org/toolchains-builder/-/pipelines/998926028
> [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=cd94326a1326c4e3f1ee7a8d0a161cc0bdcaf07e
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2023-09-29 19:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-11 21:09 [Buildroot] [PATCH 1/2] package/{glibc, localedef}: bump to version 2.38-13-g92201f16cbcfd9eafe314ef6654be2ea7ba25675 Romain Naour
2023-09-11 21:09 ` [Buildroot] [PATCH 2/2] package/localedef: build issue with old glibc (<= 2.38) Romain Naour
2023-09-29 19:33 ` Peter Korsgaard
2023-09-29 19:32 ` Peter Korsgaard [this message]
2023-09-30 13:48 ` [Buildroot] [PATCH 1/2] package/{glibc, localedef}: bump to version 2.38-13-g92201f16cbcfd9eafe314ef6654be2ea7ba25675 Romain Naour
[not found] ` <87edigg4hb.fsf__32334.269203578$1696015980$gmane$org@48ers.dk>
2023-09-30 20:08 ` Bernd Kuhls
2023-09-30 20:59 ` Peter Korsgaard
2023-10-02 19:53 ` Bernd Kuhls
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87edigg4hb.fsf@48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=romain.naour@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.