[scarthgap,09/11] glibc: fix CVE-2025-8058

Message ID	c2b63f171719e2b1c12ba049cbe776adf9e0244b.1753910853.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.171, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/11] glibc: fix CVE-2025-8058 Date: Wed, 30 Jul 2025 14:29:00 -0700 Message-ID: <c2b63f171719e2b1c12ba049cbe776adf9e0244b.1753910853.git.steve@sakoman.com> In-Reply-To: <cover.1753910853.git.steve@sakoman.com> References: <cover.1753910853.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/11] gnutls: patch CVE-2025-32989 \| expand [scarthgap,01/11] gnutls: patch CVE-2025-32989 [scarthgap,02/11] gnutls: patch read buffer overrun in the "pre_shared_key" extension [scarthgap,03/11] gnutls: patch reject zero-length version in certificate request [scarthgap,04/11] gnutls: patch CVE-2025-32988 [scarthgap,05/11] gnutls: patch CVE-2025-32990 [scarthgap,06/11] gnutls: patch CVE-2025-6395 [scarthgap,07/11] ncurses: patch CVE-2025-6141 [scarthgap,08/11] libxml2: patch CVE-2025-6170 [scarthgap,09/11] glibc: fix CVE-2025-8058 [scarthgap,10/11] scripts/install-buildtools: Update to 5.0.11 [scarthgap,11/11] linux-libc-headers: Fix invalid conversion in cn_proc.h

Message ID

c2b63f171719e2b1c12ba049cbe776adf9e0244b.1753910853.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 09/11] glibc: fix CVE-2025-8058
Date: Wed, 30 Jul 2025 14:29:00 -0700
Message-ID: 
 <c2b63f171719e2b1c12ba049cbe776adf9e0244b.1753910853.git.steve@sakoman.com>
In-Reply-To: <cover.1753910853.git.steve@sakoman.com>
References: <cover.1753910853.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,01/11] gnutls: patch CVE-2025-32989 | expand

Commit Message

Steve Sakoman July 30, 2025, 9:29 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This is a single commit bump containing only CVE fix
$ git log --oneline cff1042cceec3502269947e96cf7023451af22f3..b027d5b145f1b2908f370bdb96dfe40180d0fcb6
b027d5b145 posix: Fix double-free after allocation failure in regcomp (bug 33185)

Test results didn't change except newly added test succeeding.
(tst-regcomp-bracket-free)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/glibc/glibc-version.inc | 2 +-
 meta/recipes-core/glibc/glibc_2.39.bb     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc
index 6ee9fc7a0b..89e532fd67 100644
--- a/meta/recipes-core/glibc/glibc-version.inc
+++ b/meta/recipes-core/glibc/glibc-version.inc
@@ -1,6 +1,6 @@ 
 SRCBRANCH ?= "release/2.39/master"
 PV = "2.39+git"
-SRCREV_glibc ?= "cff1042cceec3502269947e96cf7023451af22f3"
+SRCREV_glibc ?= "b027d5b145f1b2908f370bdb96dfe40180d0fcb6"
 SRCREV_localedef ?= "fab74f31b3811df543e24b6de47efdf45b538abc"
 
 GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git;protocol=https"
diff --git a/meta/recipes-core/glibc/glibc_2.39.bb b/meta/recipes-core/glibc/glibc_2.39.bb
index c87eb76f41..ff6c8f3b43 100644
--- a/meta/recipes-core/glibc/glibc_2.39.bb
+++ b/meta/recipes-core/glibc/glibc_2.39.bb
@@ -18,7 +18,7 @@  easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
 CVE_STATUS_STABLE_BACKPORTS = "CVE-2024-2961 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2025-0395 \
-    CVE-2025-4802 CVE-2025-5702"
+    CVE-2025-4802 CVE-2025-5702 CVE-2025-8058"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
 
 DEPENDS += "gperf-native bison-native"

[scarthgap,09/11] glibc: fix CVE-2025-8058

Commit Message

Patch