diff mbox series

[scarthgap] glibc: stable 2.39 branch updates

Message ID 20260708120108.73199-1-jaipaul.cheernam@est.tech
State New
Headers show
Series [scarthgap] glibc: stable 2.39 branch updates | expand

Commit Message

Jaipaul Cheernam July 8, 2026, 12:01 p.m. UTC
git log --oneline ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc..be1e627cd72db31161a3b4ce1c8114674f0895eb
be1e627cd7 Linux: Only define OPEN_TREE_* macros in <sys/mount.h> if undefined (bug 33921)
98bc06a361 include: isolate __O_CLOEXEC flag for sys/mount.h and fcntl.h
3e13579841 Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046)
0dc95ae109 elf: parse /proc/self/maps as the last resort to find the gap for tst-link-map-contiguous-ldso
9344c796f7 resolv: Check hostname for validity (CVE-2026-4438)
5663ab0b83 resolv: Count records correctly (CVE-2026-4437)
c53cd6e738 posix: Run tst-wordexp-reuse-mem test
2760e4c5ed iconvdata: Fix invalid pointer arithmetic in ANSI_X3.110 module
ba29a36aa3 posix: Fix invalid flags test for p{write,read}v2
60b039bf6a socket: Add new test for shutdown

Testing Results:
             Before    After    Diff
PASS         4892      4896     +4
XPASS        4         4         0
FAIL         371       372      +1
XFAIL        16        16        0
UNSUPPORTED  224       224       0

Changes in testcases:

testcase-name                                before  after
posix/tst-wordexp-reuse-mem(new)               -     PASS (native)

[Note: posix/tst-wordexp-reuse-mem is a new test added by this uplift
(c53cd6e738). It fails under QEMU user-mode because the test-wrapper
cannot support LD_PRELOAD and MALLOC_TRACE needed for mtrace. Running
natively with LD_PRELOAD=libc_malloc_debug.so confirms the test passes
with no memory leaks.

nptl/tst-getpid3 is a flaky test under QEMU user-mode (passes 7/10
re-runs). No nptl code was changed in this uplift.]

Signed-off-by: Jaipaul Cheernam <jaipaul.cheernam@est.tech>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 meta/recipes-core/glibc/glibc_2.39.bb     | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 03a8e5d01e..5d57dafed0 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@ 
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "ce65d944e38a20cb70af2a48a4b8aa5d8fabe1cc"
+SRCREV_glibc ?= "be1e627cd72db31161a3b4ce1c8114674f0895eb"
 SRCREV_localedef ?= "cba02c503d7c853a38ccfb83c57e343ca5ecd7e5"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb
index 7958d64eed..f6be1b5fc9 100644
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -18,7 +18,8 @@  easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
 CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
-    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
+    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 \
+    CVE-2026-4046 CVE-2026-4437 CVE-2026-4438"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
 
 DEPENDS += "gperf-native bison-native"