Buildroot Archive on lore.kernel.org
 help / color / mirror / Atom feed
From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit branch/next] package/glibc: security bump to 2.27
Date: Tue, 6 Feb 2018 13:45:36 +0100	[thread overview]
Message-ID: <20180206124536.GB28439@scaer> (raw)
In-Reply-To: <20180206124246.13C0B884B3@busybox.osuosl.org>

All,

On 2018-02-06 13:41 +0100, Thomas Petazzoni spake thusly:
> commit: https://git.buildroot.net/buildroot/commit/?id=c032e6825ad96e6d4b69cecde2402c02a2a356b5
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/next

Subject says "security bump". Sorry, but this is not a security bump.
This is a normal bump that happens to have security fixes.

Otherwise, almost any bump of almost any package is a security bump...

Regards,
Yann E. MORIN.

> See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
> https://sourceware.org/glibc/wiki/Release/2.27
> 
> Fixes the following CVEs:
>  CVE-2017-1000408
>  CVE-2017-1000409
>  CVE-2017-16997
>  CVE-2018-1000001
>  CVE-2018-6485
> 
> While at it, add license file hashes.
> 
> Signed-off-by: Romain Naour <romain.naour@gmail.com>
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
> ---
>  package/glibc/glibc.hash | 6 +++++-
>  package/glibc/glibc.mk   | 2 +-
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash
> index f3a6577d2a..86d3bb56dd 100644
> --- a/package/glibc/glibc.hash
> +++ b/package/glibc/glibc.hash
> @@ -1,4 +1,8 @@
>  # Locally calculated (fetched from Github)
> -sha256  0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430     glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
> +sha256  a74489d14f4017bee6a6c6fe76f1de0dbf7d66c8695116de5aadd141c4757892     glibc-glibc-2.27.tar.gz
>  # Locally calculated (fetched from Github)
>  sha256  5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb     glibc-arc-2017.09-release.tar.gz
> +
> +sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> +sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB
> +sha256  61abdd6930c9c599062d89e916b3e7968783879b6be0ee1c6229dd6169def431  LICENSES
> diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
> index cf4bdec065..b674191b22 100644
> --- a/package/glibc/glibc.mk
> +++ b/package/glibc/glibc.mk
> @@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
>  else
>  # Generate version string using:
>  #   git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
> -GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
> +GLIBC_VERSION = glibc-2.27
>  # Upstream doesn't officially provide an https download link.
>  # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
>  # sometimes the connection times out. So use an unofficial github mirror.
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 223 225 172 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

  reply	other threads:[~2018-02-06 12:45 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-02-06 12:41 [Buildroot] [git commit branch/next] package/glibc: security bump to 2.27 Thomas Petazzoni
2018-02-06 12:45 ` Yann E. MORIN [this message]
2018-02-06 12:52   ` Baruch Siach
2018-02-06 13:51     ` Peter Korsgaard
2018-02-06 16:50 ` Baruch Siach
2018-02-06 18:43   ` Romain Naour
2018-02-06 18:58     ` Thomas Petazzoni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180206124536.GB28439@scaer \
    --to=yann.morin.1998@free.fr \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox