| Message ID | af3e5e432d9bf1e5811ea92f3e29c0874b6b9405.1754750560.git.steve@sakoman.com |
|---|---|
| State | New |
| Headers | show |
| Series | [walnascar,1/6] avahi: fix CVE-2024-52615 | expand |
On Sat, Aug 9, 2025 at 7:44 AM Steve Sakoman via lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> wrote: > > From: Peter Marko <peter.marko@siemens.com> > > $ git log --oneline 6e489c17f827317bcf8544efefa65f13b5a079dc..e7c419a2957590fb657900fc92a89708f41abd9d > e7c419a295 (origin/release/2.41/master, release/2.41/master) iconv: iconv -o should not create executable files (bug 33164) > 1e16d0096d posix: Fix double-free after allocation failure in regcomp (bug 33185) > > Add CVE-2025-8058 to CVE ignore list as this is (bug 33185) commit. > Hi Steve Should we wait for WRT to report back on glibc regression test results ? > Signed-off-by: Peter Marko <peter.marko@siemens.com> > Signed-off-by: Steve Sakoman <steve@sakoman.com> > --- > meta/recipes-core/glibc/glibc-version.inc | 2 +- > meta/recipes-core/glibc/glibc_2.41.bb | 2 +- > 2 files changed, 2 insertions(+), 2 deletions(-) > > diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc > index a2cfd0f308..881a9cce2c 100644 > --- a/meta/recipes-core/glibc/glibc-version.inc > +++ b/meta/recipes-core/glibc/glibc-version.inc > @@ -1,6 +1,6 @@ > SRCBRANCH ?= "release/2.41/master" > PV = "2.41+git" > -SRCREV_glibc ?= "6e489c17f827317bcf8544efefa65f13b5a079dc" > +SRCREV_glibc ?= "e7c419a2957590fb657900fc92a89708f41abd9d" > SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" > > GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" > diff --git a/meta/recipes-core/glibc/glibc_2.41.bb b/meta/recipes-core/glibc/glibc_2.41.bb > index 7ddf7f9127..8a65e8ce9f 100644 > --- a/meta/recipes-core/glibc/glibc_2.41.bb > +++ b/meta/recipes-core/glibc/glibc_2.41.bb > @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m > easier access for another. 'ASLR bypass itself is not a vulnerability.'" > > CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" > -CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 CVE-2025-5745" > +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 CVE-2025-5745 CVE-2025-8058" > CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" > > DEPENDS += "gperf-native bison-native" > -- > 2.43.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#221679): https://lists.openembedded.org/g/openembedded-core/message/221679 > Mute This Topic: https://lists.openembedded.org/mt/114616374/1997914 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
> -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Khem Raj via > lists.openembedded.org > Sent: Saturday, August 9, 2025 17:45 > To: steve@sakoman.com > Cc: openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][walnascar 4/6] glibc: stable 2.41 branch updates > > On Sat, Aug 9, 2025 at 7:44 AM Steve Sakoman via > lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> > wrote: > > > > From: Peter Marko <peter.marko@siemens.com> > > > > $ git log --oneline > 6e489c17f827317bcf8544efefa65f13b5a079dc..e7c419a2957590fb657900fc92a897 > 08f41abd9d > > e7c419a295 (origin/release/2.41/master, release/2.41/master) iconv: iconv -o > should not create executable files (bug 33164) > > 1e16d0096d posix: Fix double-free after allocation failure in regcomp (bug > 33185) > > > > Add CVE-2025-8058 to CVE ignore list as this is (bug 33185) commit. > > > > Hi Steve > > Should we wait for WRT to report back on glibc regression test results ? Testresults on my setup: Before After Diff PASS 5843 5847 +4 XPASS 4 4 0 FAIL 145 142 -3 XFAIL 16 16 0 UNSUPPORTED 243 243 0 Diff of testcase status: malloc/tst-free-errno-malloc-hugetlb1 FAIL -> PASS malloc/tst-free-errno-mcheck FAIL-> PASS nptl/tst-getpid3 FAIL -> PASS nptl/tst-mutexpi8 FAIL -> PASS nptl/tst-mutexpi8-static PASS -> FAIL tst-regcomp-bracket-free N/A -> PASS (new testcase) Peter > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > > --- > > meta/recipes-core/glibc/glibc-version.inc | 2 +- > > meta/recipes-core/glibc/glibc_2.41.bb | 2 +- > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes- > core/glibc/glibc-version.inc > > index a2cfd0f308..881a9cce2c 100644 > > --- a/meta/recipes-core/glibc/glibc-version.inc > > +++ b/meta/recipes-core/glibc/glibc-version.inc > > @@ -1,6 +1,6 @@ > > SRCBRANCH ?= "release/2.41/master" > > PV = "2.41+git" > > -SRCREV_glibc ?= "6e489c17f827317bcf8544efefa65f13b5a079dc" > > +SRCREV_glibc ?= "e7c419a2957590fb657900fc92a89708f41abd9d" > > SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" > > > > GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" > > diff --git a/meta/recipes-core/glibc/glibc_2.41.bb b/meta/recipes- > core/glibc/glibc_2.41.bb > > index 7ddf7f9127..8a65e8ce9f 100644 > > --- a/meta/recipes-core/glibc/glibc_2.41.bb > > +++ b/meta/recipes-core/glibc/glibc_2.41.bb > > @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, > not an exploit in itself, m > > easier access for another. 'ASLR bypass itself is not a vulnerability.'" > > > > CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" > > -CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 > CVE-2025-5745" > > +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 > CVE-2025-5745 CVE-2025-8058" > > CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix > available in used git hash" > > > > DEPENDS += "gperf-native bison-native" > > -- > > 2.43.0 > > > > > > > >
On Sat, Aug 9, 2025 at 3:23 PM Marko, Peter <Peter.Marko@siemens.com> wrote: > > > -----Original Message----- > > From: openembedded-core@lists.openembedded.org <openembedded- > > core@lists.openembedded.org> On Behalf Of Khem Raj via > > lists.openembedded.org > > Sent: Saturday, August 9, 2025 17:45 > > To: steve@sakoman.com > > Cc: openembedded-core@lists.openembedded.org > > Subject: Re: [OE-core][walnascar 4/6] glibc: stable 2.41 branch updates > > > > On Sat, Aug 9, 2025 at 7:44 AM Steve Sakoman via > > lists.openembedded.org <steve=sakoman.com@lists.openembedded.org> > > wrote: > > > > > > From: Peter Marko <peter.marko@siemens.com> > > > > > > $ git log --oneline > > 6e489c17f827317bcf8544efefa65f13b5a079dc..e7c419a2957590fb657900fc92a897 > > 08f41abd9d > > > e7c419a295 (origin/release/2.41/master, release/2.41/master) iconv: > iconv -o > > should not create executable files (bug 33164) > > > 1e16d0096d posix: Fix double-free after allocation failure in regcomp > (bug > > 33185) > > > > > > Add CVE-2025-8058 to CVE ignore list as this is (bug 33185) commit. > > > > > > > Hi Steve > > > > Should we wait for WRT to report back on glibc regression test results ? > > Testresults on my setup: > Before After Diff > PASS 5843 5847 +4 > XPASS 4 4 0 > FAIL 145 142 -3 > XFAIL 16 16 0 > UNSUPPORTED 243 243 0 > > Diff of testcase status: > malloc/tst-free-errno-malloc-hugetlb1 FAIL -> PASS > malloc/tst-free-errno-mcheck FAIL-> PASS > nptl/tst-getpid3 FAIL -> PASS > nptl/tst-mutexpi8 FAIL -> PASS > nptl/tst-mutexpi8-static PASS -> FAIL > tst-regcomp-bracket-free N/A -> PASS (new testcase) Thanks Peter I think this looks good > Peter > > > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > > Signed-off-by: Steve Sakoman <steve@sakoman.com> > > > --- > > > meta/recipes-core/glibc/glibc-version.inc | 2 +- > > > meta/recipes-core/glibc/glibc_2.41.bb | 2 +- > > > 2 files changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes- > > core/glibc/glibc-version.inc > > > index a2cfd0f308..881a9cce2c 100644 > > > --- a/meta/recipes-core/glibc/glibc-version.inc > > > +++ b/meta/recipes-core/glibc/glibc-version.inc > > > @@ -1,6 +1,6 @@ > > > SRCBRANCH ?= "release/2.41/master" > > > PV = "2.41+git" > > > -SRCREV_glibc ?= "6e489c17f827317bcf8544efefa65f13b5a079dc" > > > +SRCREV_glibc ?= "e7c419a2957590fb657900fc92a89708f41abd9d" > > > SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" > > > > > > GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" > > > diff --git a/meta/recipes-core/glibc/glibc_2.41.bb b/meta/recipes- > > core/glibc/glibc_2.41.bb > > > index 7ddf7f9127..8a65e8ce9f 100644 > > > --- a/meta/recipes-core/glibc/glibc_2.41.bb > > > +++ b/meta/recipes-core/glibc/glibc_2.41.bb > > > @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, > > not an exploit in itself, m > > > easier access for another. 'ASLR bypass itself is not a > vulnerability.'" > > > > > > CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" > > > -CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 > > CVE-2025-5745" > > > +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 > > CVE-2025-5745 CVE-2025-8058" > > > CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix > > available in used git hash" > > > > > > DEPENDS += "gperf-native bison-native" > > > -- > > > 2.43.0 > > > > > > > > > > > > >
diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index a2cfd0f308..881a9cce2c 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.41/master" PV = "2.41+git" -SRCREV_glibc ?= "6e489c17f827317bcf8544efefa65f13b5a079dc" +SRCREV_glibc ?= "e7c419a2957590fb657900fc92a89708f41abd9d" SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https" diff --git a/meta/recipes-core/glibc/glibc_2.41.bb b/meta/recipes-core/glibc/glibc_2.41.bb index 7ddf7f9127..8a65e8ce9f 100644 --- a/meta/recipes-core/glibc/glibc_2.41.bb +++ b/meta/recipes-core/glibc/glibc_2.41.bb @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m easier access for another. 'ASLR bypass itself is not a vulnerability.'" CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" -CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 CVE-2025-5745" +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-4802 CVE-2025-5702 CVE-2025-5745 CVE-2025-8058" CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" DEPENDS += "gperf-native bison-native"