glibc: switch to 2.24 by default and remove old versions, fixes security issues
authorFelix Fietkau <nbd@nbd.name>
Tue, 30 Aug 2016 09:02:54 +0000 (11:02 +0200)
committerFelix Fietkau <nbd@nbd.name>
Tue, 30 Aug 2016 10:12:34 +0000 (12:12 +0200)
2.24 fixes the following CVEs compared to 2.23:
- CVE-2016-3075
- CVE-2016-3706
- CVE-2016-1234
- CVE-2016-4429
- CVE-2016-5417

CVEs fixed in 2.23:
- CVE-2015-8776
- CVE-2015-8777
- CVE-2015-8778
- CVE-2015-8779
- CVE-2014-9761
- CVE-2015-7547

Signed-off-by: Felix Fietkau <nbd@nbd.name>
toolchain/glibc/Config.in
toolchain/glibc/Config.version
toolchain/glibc/common.mk
toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch [deleted file]
toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch [deleted file]

index ef5ef56..036604f 100644 (file)
@@ -1,14 +1,10 @@
 choice
        prompt "glibc version"
        depends on TOOLCHAINOPTS && USE_GLIBC
-       default GLIBC_USE_VERSION_2_22
+       default GLIBC_USE_VERSION_2_24
        help
          Select the version of glibc you wish to use.
 
-       config GLIBC_USE_VERSION_2_22
-               bool "glibc 2.22"
-               select GLIBC_VERSION_2_22
-
        config GLIBC_USE_VERSION_2_24
                bool "glibc 2.24"
                select GLIBC_VERSION_2_24
index ec8280f..1df7719 100644 (file)
@@ -2,14 +2,10 @@ if USE_GLIBC
 
 config GLIBC_VERSION
        string
-       default "2.22" if GLIBC_VERSION_2_22
        default "2.24" if GLIBC_VERSION_2_24
 
-config GLIBC_VERSION_2_22
-       default y if !TOOLCHAINOPTS
-       bool
-
 config GLIBC_VERSION_2_24
+       default y if !TOOLCHAINOPTS
        bool
 
 endif
index 11de291..0ffa44f 100644 (file)
@@ -7,15 +7,6 @@
 include $(TOPDIR)/rules.mk
 
 
-MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38
-REVISION_2.19 = 25243
-
-MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed
-REVISION_2.21 = 16d0a0c
-
-MD5SUM_2.22 = b575850e77b37d70f96472285290b391
-REVISION_2.22 = b995d95
-
 MD5SUM_2.24 = 5c5a6f1ac6fce866e37643c41ac116f3
 REVISION_2.24 = 8c716c2
 
diff --git a/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch b/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch
deleted file mode 100644 (file)
index 6a5e537..0000000
+++ /dev/null
@@ -1,52 +0,0 @@
---- a/sunrpc/rpc/types.h
-+++ b/sunrpc/rpc/types.h
-@@ -75,18 +75,23 @@ typedef unsigned long rpcport_t;
- #endif
- #ifndef __u_char_defined
--typedef __u_char u_char;
--typedef __u_short u_short;
--typedef __u_int u_int;
--typedef __u_long u_long;
--typedef __quad_t quad_t;
--typedef __u_quad_t u_quad_t;
--typedef __fsid_t fsid_t;
-+typedef unsigned char u_char;
-+typedef unsigned short u_short;
-+typedef unsigned int u_int;
-+typedef unsigned long u_long;
-+#if __WORDSIZE == 64
-+typedef long int quad_t;
-+typedef unsigned long int u_quad_t;
-+#elif defined __GLIBC_HAVE_LONG_LONG
-+typedef long long int quad_t;
-+typedef unsigned long long int u_quad_t;
-+#endif
-+typedef u_quad_t fsid_t;
- # define __u_char_defined
- #endif
--#ifndef __daddr_t_defined
--typedef __daddr_t daddr_t;
--typedef __caddr_t caddr_t;
-+#if !defined(__daddr_t_defined) && defined(linux)
-+typedef long int daddr_t;
-+typedef char *caddr_t;
- # define __daddr_t_defined
- #endif
---- a/sunrpc/rpc_main.c
-+++ b/sunrpc/rpc_main.c
-@@ -958,9 +958,10 @@ mkfile_output (struct commandline *cmd)
-       abort ();
-       temp = rindex (cmd->infile, '.');
-       cp = stpcpy (mkfilename, "Makefile.");
--      if (temp != NULL)
--      *((char *) stpncpy (cp, cmd->infile, temp - cmd->infile)) = '\0';
--      else
-+      if (temp != NULL) {
-+        strncpy(cp, cmd->infile, temp - cmd->infile);
-+        cp[temp - cmd->infile - 1] = 0;
-+      } else
-       stpcpy (cp, cmd->infile);
-     }
diff --git a/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch b/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch
deleted file mode 100644 (file)
index d82686c..0000000
+++ /dev/null
@@ -1,14 +0,0 @@
-add /usr/lib to default search path for the dynamic linker
-
---- a/Makeconfig
-+++ b/Makeconfig
-@@ -527,6 +527,9 @@ else
- default-rpath = $(libdir)
- endif
-+# Add /usr/lib to default search path for the dynamic linker
-+user-defined-trusted-dirs := /usr/lib
-+
- ifndef link-extra-libs
- link-extra-libs = $(LDLIBS-$(@F))
- link-extra-libs-static = $(link-extra-libs)