diff options
Diffstat (limited to 'meta/recipes-core/glibc/glibc_2.31.bb')
| -rw-r--r-- | meta/recipes-core/glibc/glibc_2.31.bb | 50 |
1 files changed, 49 insertions, 1 deletions
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 3d486fbb59..296c892994 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -1,7 +1,40 @@ require glibc.inc require glibc-version.inc -CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752" +CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \ + CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \ + CVE-2022-23218 CVE-2022-23219 \ +" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 +# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. +# "this is being treated as a non-security bug and no real threat." +CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 +# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow +# easier access for another. "ASLR bypass itself is not a vulnerability." +# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 +CVE_CHECK_WHITELIST += "CVE-2019-1010025" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 +# The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash +# or read arbitrary memory in parse_param (in posix/wordexp.c) when called with +# an untrusted, crafted pattern, potentially resulting in a denial of service +# or disclosure of information. Patch was backported to 2.31 branch already: +# https://sourceware.org/git/?p=glibc.git;a=commit;h=4f0a61f75385c9a5879cbe7202042e88f692a3c8 +# which is already included in the dunfell branch of poky: +# https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b +CVE_CHECK_WHITELIST += "CVE-2021-35942" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 +# This vulnerability was introduced in 2.36 by commit +# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option +# so our version is not yet vulnerable +# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842 +CVE_CHECK_WHITELIST += "CVE-2023-4527" DEPENDS += "gperf-native bison-native make-native" @@ -41,6 +74,21 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0027-intl-Emit-no-lines-in-bison-generated-files.patch \ file://0028-inject-file-assembly-directives.patch \ file://0029-locale-prevent-maybe-uninitialized-errors-with-Os-BZ.patch \ + file://CVE-2020-29573.patch \ + file://CVE-2021-33574_1.patch \ + file://CVE-2021-33574_2.patch \ + file://CVE-2021-38604.patch \ + file://0030-elf-Refactor_dl_update-slotinfo-to-avoid-use-after-free.patch \ + file://0031-elf-Fix-data-races-in-pthread_create-and-TLS-access-BZ-19329.patch \ + file://0032-elf-Use-relaxed-atomics-for-racy-accesses-BZ-19329.patch \ + file://0033-elf-Add-test-case-for-BZ-19329.patch \ + file://0034-elf-Fix-DTV-gap-reuse-logic-BZ-27135.patch \ + file://0035-x86_64-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ + file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \ + file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \ + file://CVE-2023-0687.patch \ + file://CVE-2023-4911.patch \ + file://CVE-2023-4813.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" |