* [Buildroot] [PATCH 1/1] package/{glibc, localedef}: security bump to version 2.43-16-g5c6fca0c6
@ 2026-03-26 21:15 Bernd Kuhls
2026-03-27 12:56 ` Julien Olivain via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Bernd Kuhls @ 2026-03-26 21:15 UTC (permalink / raw)
To: buildroot; +Cc: Romain Naour, Thomas Petazzoni
Fixes CVE-2026-4437:
https://sourceware.org/git/?p=glibc.git;a=commit;h=5c6fca0c62ce5bd6e68e259f138097756cbafd4d
For a full list of changes, see:
https://sourceware.org/git/?p=glibc.git;a=shortlog;h=5c6fca0c62ce5bd6e68e259f138097756cbafd4d
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
package/glibc/glibc.hash | 2 +-
package/glibc/glibc.mk | 2 +-
package/localedef/localedef.mk | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash
index ed6d69acc2..abf8d4db18 100644
--- a/package/glibc/glibc.hash
+++ b/package/glibc/glibc.hash
@@ -1,5 +1,5 @@
# Locally calculated (fetched from git)
-sha256 5e21722755f466d15770574788394a4abb4fb1e02603a707beeb199706a26a46 glibc-2.43-10-gc3ceb93dc4f67253037644dc8f194831e27f3160-git4.tar.gz
+sha256 f19dbfef9499e97a63b1f309252d43fba36edf244561f38f8e00cbbbe04e106b glibc-2.43-16-g5c6fca0c62ce5bd6e68e259f138097756cbafd4d-git4.tar.gz
# Hashes for license files
sha256 edaef632cbb643e4e7a221717a6c441a4c1a7c918e6e4d56debc3d8739b233f6 COPYINGv2
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index 64a2c58377..6cdcf5ce93 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -7,7 +7,7 @@
# Generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
# When updating the version, please also update localedef
-GLIBC_VERSION = 2.43-10-gc3ceb93dc4f67253037644dc8f194831e27f3160
+GLIBC_VERSION = 2.43-16-g5c6fca0c62ce5bd6e68e259f138097756cbafd4d
GLIBC_SITE = https://sourceware.org/git/glibc.git
GLIBC_SITE_METHOD = git
diff --git a/package/localedef/localedef.mk b/package/localedef/localedef.mk
index aa746a9d70..bac90d47c1 100644
--- a/package/localedef/localedef.mk
+++ b/package/localedef/localedef.mk
@@ -7,7 +7,7 @@
# Use the same VERSION and SITE as target glibc
# As in glibc.mk, generate version string using:
# git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
-LOCALEDEF_VERSION = 2.43-10-gc3ceb93dc4f67253037644dc8f194831e27f3160
+LOCALEDEF_VERSION = 2.43-16-g5c6fca0c62ce5bd6e68e259f138097756cbafd4d
LOCALEDEF_SOURCE = glibc-$(LOCALEDEF_VERSION)$(BR_FMT_VERSION_git).tar.gz
LOCALEDEF_SITE = https://sourceware.org/git/glibc.git
LOCALEDEF_SITE_METHOD = git
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/{glibc, localedef}: security bump to version 2.43-16-g5c6fca0c6
2026-03-26 21:15 [Buildroot] [PATCH 1/1] package/{glibc, localedef}: security bump to version 2.43-16-g5c6fca0c6 Bernd Kuhls
@ 2026-03-27 12:56 ` Julien Olivain via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Julien Olivain via buildroot @ 2026-03-27 12:56 UTC (permalink / raw)
To: Bernd Kuhls; +Cc: buildroot, Romain Naour, Thomas Petazzoni
Hi Bernd,
Thanks for the patch.
On 26/03/2026 22:15, Bernd Kuhls wrote:
> Fixes CVE-2026-4437:
> https://sourceware.org/git/?p=glibc.git;a=commit;h=5c6fca0c62ce5bd6e68e259f138097756cbafd4d
>
> For a full list of changes, see:
> https://sourceware.org/git/?p=glibc.git;a=shortlog;h=5c6fca0c62ce5bd6e68e259f138097756cbafd4d
>
> Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
> ---
[...]
> diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
> index 64a2c58377..6cdcf5ce93 100644
> --- a/package/glibc/glibc.mk
> +++ b/package/glibc/glibc.mk
> @@ -7,7 +7,7 @@
> # Generate version string using:
> # git describe --match 'glibc-*' --abbrev=40
> origin/release/MAJOR.MINOR/master | cut -d '-' -f 2-
> # When updating the version, please also update localedef
> -GLIBC_VERSION = 2.43-10-gc3ceb93dc4f67253037644dc8f194831e27f3160
> +GLIBC_VERSION = 2.43-16-g5c6fca0c62ce5bd6e68e259f138097756cbafd4d
It there is one extra commit pushed upstream addressing another
CVE-2026-4438. See:
https://sourceware.org/git/?p=glibc.git;a=commit;h=dd9945c0ba40d2dbc9eb7c99291ba6b69bd66718
So we should probably bump directly to:
glibc-2.43-17-gdd9945c0ba40d2dbc9eb7c99291ba6b69bd66718
Can you send an updated patch to this newer version, please?
> GLIBC_SITE = https://sourceware.org/git/glibc.git
> GLIBC_SITE_METHOD = git
>
Best regards,
Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-27 12:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-26 21:15 [Buildroot] [PATCH 1/1] package/{glibc, localedef}: security bump to version 2.43-16-g5c6fca0c6 Bernd Kuhls
2026-03-27 12:56 ` Julien Olivain via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox