From 4badb8a023bf187c235f1e558ab96c41729edbcb Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 30 Aug 2016 11:02:54 +0200 Subject: [PATCH] glibc: switch to 2.24 by default and remove old versions, fixes security issues 2.24 fixes the following CVEs compared to 2.23: - CVE-2016-3075 - CVE-2016-3706 - CVE-2016-1234 - CVE-2016-4429 - CVE-2016-5417 CVEs fixed in 2.23: - CVE-2015-8776 - CVE-2015-8777 - CVE-2015-8778 - CVE-2015-8779 - CVE-2014-9761 - CVE-2015-7547 Signed-off-by: Felix Fietkau --- toolchain/glibc/Config.in | 6 +-- toolchain/glibc/Config.version | 6 +-- toolchain/glibc/common.mk | 9 ---- .../patches/2.22/100-fix_cross_rpcgen.patch | 52 ------------------- .../2.22/200-add-dl-search-paths.patch | 14 ----- 5 files changed, 2 insertions(+), 85 deletions(-) delete mode 100644 toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch delete mode 100644 toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch diff --git a/toolchain/glibc/Config.in b/toolchain/glibc/Config.in index ef5ef562f4..036604f4a7 100644 --- a/toolchain/glibc/Config.in +++ b/toolchain/glibc/Config.in @@ -1,14 +1,10 @@ choice prompt "glibc version" depends on TOOLCHAINOPTS && USE_GLIBC - default GLIBC_USE_VERSION_2_22 + default GLIBC_USE_VERSION_2_24 help Select the version of glibc you wish to use. - config GLIBC_USE_VERSION_2_22 - bool "glibc 2.22" - select GLIBC_VERSION_2_22 - config GLIBC_USE_VERSION_2_24 bool "glibc 2.24" select GLIBC_VERSION_2_24 diff --git a/toolchain/glibc/Config.version b/toolchain/glibc/Config.version index ec8280f5dd..1df7719ac8 100644 --- a/toolchain/glibc/Config.version +++ b/toolchain/glibc/Config.version @@ -2,14 +2,10 @@ if USE_GLIBC config GLIBC_VERSION string - default "2.22" if GLIBC_VERSION_2_22 default "2.24" if GLIBC_VERSION_2_24 -config GLIBC_VERSION_2_22 - default y if !TOOLCHAINOPTS - bool - config GLIBC_VERSION_2_24 + default y if !TOOLCHAINOPTS bool endif diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk index 11de291ab8..0ffa44f320 100644 --- a/toolchain/glibc/common.mk +++ b/toolchain/glibc/common.mk @@ -7,15 +7,6 @@ include $(TOPDIR)/rules.mk -MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38 -REVISION_2.19 = 25243 - -MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed -REVISION_2.21 = 16d0a0c - -MD5SUM_2.22 = b575850e77b37d70f96472285290b391 -REVISION_2.22 = b995d95 - MD5SUM_2.24 = 5c5a6f1ac6fce866e37643c41ac116f3 REVISION_2.24 = 8c716c2 diff --git a/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch b/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch deleted file mode 100644 index 6a5e537b77..0000000000 --- a/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- a/sunrpc/rpc/types.h -+++ b/sunrpc/rpc/types.h -@@ -75,18 +75,23 @@ typedef unsigned long rpcport_t; - #endif - - #ifndef __u_char_defined --typedef __u_char u_char; --typedef __u_short u_short; --typedef __u_int u_int; --typedef __u_long u_long; --typedef __quad_t quad_t; --typedef __u_quad_t u_quad_t; --typedef __fsid_t fsid_t; -+typedef unsigned char u_char; -+typedef unsigned short u_short; -+typedef unsigned int u_int; -+typedef unsigned long u_long; -+#if __WORDSIZE == 64 -+typedef long int quad_t; -+typedef unsigned long int u_quad_t; -+#elif defined __GLIBC_HAVE_LONG_LONG -+typedef long long int quad_t; -+typedef unsigned long long int u_quad_t; -+#endif -+typedef u_quad_t fsid_t; - # define __u_char_defined - #endif --#ifndef __daddr_t_defined --typedef __daddr_t daddr_t; --typedef __caddr_t caddr_t; -+#if !defined(__daddr_t_defined) && defined(linux) -+typedef long int daddr_t; -+typedef char *caddr_t; - # define __daddr_t_defined - #endif - ---- a/sunrpc/rpc_main.c -+++ b/sunrpc/rpc_main.c -@@ -958,9 +958,10 @@ mkfile_output (struct commandline *cmd) - abort (); - temp = rindex (cmd->infile, '.'); - cp = stpcpy (mkfilename, "Makefile."); -- if (temp != NULL) -- *((char *) stpncpy (cp, cmd->infile, temp - cmd->infile)) = '\0'; -- else -+ if (temp != NULL) { -+ strncpy(cp, cmd->infile, temp - cmd->infile); -+ cp[temp - cmd->infile - 1] = 0; -+ } else - stpcpy (cp, cmd->infile); - - } diff --git a/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch b/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch deleted file mode 100644 index d82686c079..0000000000 --- a/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch +++ /dev/null @@ -1,14 +0,0 @@ -add /usr/lib to default search path for the dynamic linker - ---- a/Makeconfig -+++ b/Makeconfig -@@ -527,6 +527,9 @@ else - default-rpath = $(libdir) - endif - -+# Add /usr/lib to default search path for the dynamic linker -+user-defined-trusted-dirs := /usr/lib -+ - ifndef link-extra-libs - link-extra-libs = $(LDLIBS-$(@F)) - link-extra-libs-static = $(link-extra-libs) -- 2.30.2