From: Deepesh.Varatharajan@windriver.com
To: openembedded-core@lists.openembedded.org
Cc: Sundeep.Kokkonda@windriver.com, Deepesh.Varatharajan@windriver.com
Subject: [kirkstone][PATCH] glibc: stable 2.35 branch updates
Date: Thu, 24 Jul 2025 00:56:27 -0700 [thread overview]
Message-ID: <20250724075627.2132259-1-Deepesh.Varatharajan@windriver.com> (raw)
From: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Below commits on glibc-2.35 stable branch are updated.
git log --oneline d2febe7c407665c18cfea1930c65f41899ab3aa3..80401002011f470d9c6eb604bf734715e9b3a8c2
8040100201 Fix error reporting (false negatives) in SGID tests
c6ec750be5 support: Pick group in support_capture_subprogram_self_sgid if UID == 0
c9e44b6467 support: Don't fail on fchown when spawning sgid processes
621c65ccf1 elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
c7ff2bc297 Revert "elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static"
8624f6431b elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
ed10034f00 elf: Test case for bug 32976 (CVE-2025-4802)
08aea7712d support: Add support_record_failure_barrier
901e24b128 support: Use const char * argument in support_capture_subprogram_self_sgid
bff3b0f16c elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
Dropped :
0025-CVE-2025-4802.patch
ed10034f00 elf: Test case for bug 32976 (CVE-2025-4802)
Test results:
Before after diff
PASS 4833 4839 +6
XPASS 6 6 0
FAIL 133 130 -3
XFAIL 16 16 0
UNSUPPORTED 200 197 -3
Following commits improved test results:
8040100201 Fix error reporting (false negatives) in SGID tests
Improved SGID test handling by unifying error reporting and using secure temporary directories.
Replaced non-standard exit codes and fixed premature exits to avoid masking failures.
These changes reduced false negatives, increasing overall test pass rates.
8624f6431b elf: Fix subprocess status handling for tst-dlopen-sgid (bug 32987)
Fixed tst-dlopen-sgid false positives by correctly handling subprocess exit status (bug 32987).
Ensured test fails on abnormal or non-zero child exits.
This commit restores reliability in SGID testing and is the first step toward centralized SGID test error handling.
UNSUPPORTED tests changes
-UNSUPPORTED: elf/tst-env-setuid
-UNSUPPORTED: elf/tst-env-setuid-tunables
-UNSUPPORTED: stdlib/tst-secure-getenv
FAILed tests changes
-FAIL: elf/tst-dlopen-sgid
-FAIL: misc/tst-error1
-FAIL: resolv/tst-resolv-aliases
PASSed tests changes
+PASS: elf/tst-env-setuid
+PASS: elf/tst-env-setuid-tunables
+PASS: stdlib/tst-secure-getenv
+PASS: elf/tst-dlopen-sgid
+PASS: misc/tst-error1
+PASS: resolv/tst-resolv-aliases
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch | 3 ++-
meta/recipes-core/glibc/glibc_2.35.bb | 2 +-
3 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 34b199c02b..b269518af4 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@
SRCBRANCH ?= "release/2.35/master"
PV = "2.35"
-SRCREV_glibc ?= "d2febe7c407665c18cfea1930c65f41899ab3aa3"
+SRCREV_glibc ?= "80401002011f470d9c6eb604bf734715e9b3a8c2"
SRCREV_localedef ?= "794da69788cbf9bf57b59a852f9f11307663fa87"
GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git"
diff --git a/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch b/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
index 0298f5a865..a1197c0318 100644
--- a/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
+++ b/meta/recipes-core/glibc/glibc/0025-CVE-2025-4802.patch
@@ -81,7 +81,7 @@ index 09079c12..c2baed69 100644
- NULL, NULL);
-
- /* Remember the last search directory added at startup. */
-- _dl_init_all_dirs = GL(dl_all_dirs);
+_dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;- _dl_init_all_dirs = GL(dl_all_dirs);
-
- _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0';
-
@@ -97,6 +97,7 @@ index 09079c12..c2baed69 100644
if (__libc_enable_secure)
{
static const char unsecure_envvars[] =
+ setup_vdso_pointers ();
@@ -324,6 +301,29 @@ _dl_non_dynamic_init (void)
#endif
}
diff --git a/meta/recipes-core/glibc/glibc_2.35.bb b/meta/recipes-core/glibc/glibc_2.35.bb
index 3023e9c1ed..df5f14984a 100644
--- a/meta/recipes-core/glibc/glibc_2.35.bb
+++ b/meta/recipes-core/glibc/glibc_2.35.bb
@@ -27,6 +27,7 @@ CVE_CHECK_IGNORE += "CVE-2023-4527"
CVE_CHECK_IGNORE += " \
CVE-2023-0687 CVE-2023-4813 CVE-2023-4806 CVE-2023-4911 CVE-2023-5156 \
CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 \
+ CVE-2025-4802 \
"
DEPENDS += "gperf-native bison-native"
@@ -61,7 +62,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0022-sysdeps-gnu-configure.ac-Set-libc_cv_rootsbindir-onl.patch \
file://0023-timezone-Make-shell-interpreter-overridable-in-tzsel.patch \
file://0024-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \
- file://0025-CVE-2025-4802.patch \
file://0026-PR25847-1.patch \
file://0026-PR25847-2.patch \
file://0026-PR25847-3.patch \
--
2.49.0
next reply other threads:[~2025-07-24 7:56 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-24 7:56 Deepesh.Varatharajan [this message]
2025-07-24 15:58 ` [OE-core] [kirkstone][PATCH] glibc: stable 2.35 branch updates Khem Raj
-- strict thread matches above, loose matches on Subject: below --
2026-01-25 16:16 [OE-core][kirkstone][PATCH] " Peter Marko
2026-02-23 21:14 ` [kirkstone][PATCH] " Colin McAllister
2025-10-06 12:51 Deepesh.Varatharajan
2025-05-09 4:30 Deepesh.Varatharajan
2025-01-30 8:54 Deepesh.Varatharajan
2024-09-27 12:56 [OE-core] " Steve Sakoman
2024-10-03 11:22 ` Hemraj, Deepthi
2024-09-25 15:17 [OE-core] " Khem Raj
2024-09-26 5:34 ` Hemraj, Deepthi
2024-09-25 13:11 Deepthi.Hemraj
2024-09-25 13:16 ` Hemraj, Deepthi
2024-05-30 5:17 Deepthi.Hemraj
2024-05-30 15:57 ` Hemraj, Deepthi
2023-09-13 11:18 Sanjana
2023-09-13 11:30 ` Sanjana V
2023-06-12 9:44 Deepthi Hemraj
2023-06-12 9:58 ` Deepthi.Hemraj
2023-06-12 10:00 ` Deepthi.Hemraj
2023-06-13 7:08 ` Deepthi.Hemraj
2023-06-13 7:09 ` Deepthi.Hemraj
2023-04-28 8:29 Deepthi Hemraj
2023-04-28 8:43 ` Deepthi Hemraj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250724075627.2132259-1-Deepesh.Varatharajan@windriver.com \
--to=deepesh.varatharajan@windriver.com \
--cc=Sundeep.Kokkonda@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox