glibc: switch to 2.24 by default and remove old versions, fixes security issues

2.24 fixes the following CVEs compared to 2.23:
- CVE-2016-3075
- CVE-2016-3706
- CVE-2016-1234
- CVE-2016-4429
- CVE-2016-5417

CVEs fixed in 2.23:
- CVE-2015-8776
- CVE-2015-8777
- CVE-2015-8778
- CVE-2015-8779
- CVE-2014-9761
- CVE-2015-7547

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2016-08-30 11:02:54 +02:00
parent 8e0cb8f582
commit 4badb8a023
5 changed files with 2 additions and 85 deletions

View file

@ -1,14 +1,10 @@
choice
prompt "glibc version"
depends on TOOLCHAINOPTS && USE_GLIBC
default GLIBC_USE_VERSION_2_22
default GLIBC_USE_VERSION_2_24
help
Select the version of glibc you wish to use.
config GLIBC_USE_VERSION_2_22
bool "glibc 2.22"
select GLIBC_VERSION_2_22
config GLIBC_USE_VERSION_2_24
bool "glibc 2.24"
select GLIBC_VERSION_2_24

View file

@ -2,14 +2,10 @@ if USE_GLIBC
config GLIBC_VERSION
string
default "2.22" if GLIBC_VERSION_2_22
default "2.24" if GLIBC_VERSION_2_24
config GLIBC_VERSION_2_22
config GLIBC_VERSION_2_24
default y if !TOOLCHAINOPTS
bool
config GLIBC_VERSION_2_24
bool
endif

View file

@ -7,15 +7,6 @@
include $(TOPDIR)/rules.mk
MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38
REVISION_2.19 = 25243
MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed
REVISION_2.21 = 16d0a0c
MD5SUM_2.22 = b575850e77b37d70f96472285290b391
REVISION_2.22 = b995d95
MD5SUM_2.24 = 5c5a6f1ac6fce866e37643c41ac116f3
REVISION_2.24 = 8c716c2

View file

@ -1,52 +0,0 @@
--- a/sunrpc/rpc/types.h
+++ b/sunrpc/rpc/types.h
@@ -75,18 +75,23 @@ typedef unsigned long rpcport_t;
#endif
#ifndef __u_char_defined
-typedef __u_char u_char;
-typedef __u_short u_short;
-typedef __u_int u_int;
-typedef __u_long u_long;
-typedef __quad_t quad_t;
-typedef __u_quad_t u_quad_t;
-typedef __fsid_t fsid_t;
+typedef unsigned char u_char;
+typedef unsigned short u_short;
+typedef unsigned int u_int;
+typedef unsigned long u_long;
+#if __WORDSIZE == 64
+typedef long int quad_t;
+typedef unsigned long int u_quad_t;
+#elif defined __GLIBC_HAVE_LONG_LONG
+typedef long long int quad_t;
+typedef unsigned long long int u_quad_t;
+#endif
+typedef u_quad_t fsid_t;
# define __u_char_defined
#endif
-#ifndef __daddr_t_defined
-typedef __daddr_t daddr_t;
-typedef __caddr_t caddr_t;
+#if !defined(__daddr_t_defined) && defined(linux)
+typedef long int daddr_t;
+typedef char *caddr_t;
# define __daddr_t_defined
#endif
--- a/sunrpc/rpc_main.c
+++ b/sunrpc/rpc_main.c
@@ -958,9 +958,10 @@ mkfile_output (struct commandline *cmd)
abort ();
temp = rindex (cmd->infile, '.');
cp = stpcpy (mkfilename, "Makefile.");
- if (temp != NULL)
- *((char *) stpncpy (cp, cmd->infile, temp - cmd->infile)) = '\0';
- else
+ if (temp != NULL) {
+ strncpy(cp, cmd->infile, temp - cmd->infile);
+ cp[temp - cmd->infile - 1] = 0;
+ } else
stpcpy (cp, cmd->infile);
}

View file

@ -1,14 +0,0 @@
add /usr/lib to default search path for the dynamic linker
--- a/Makeconfig
+++ b/Makeconfig
@@ -527,6 +527,9 @@ else
default-rpath = $(libdir)
endif
+# Add /usr/lib to default search path for the dynamic linker
+user-defined-trusted-dirs := /usr/lib
+
ifndef link-extra-libs
link-extra-libs = $(LDLIBS-$(@F))
link-extra-libs-static = $(link-extra-libs)