diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2023-09-14 14:25:04 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@xry111.site> | 2023-09-14 14:32:37 +0800 |
| commit | efd11134bb9bfa33f3c64aee634b2232bee571d3 (patch) | |
| tree | a032307dfae235fd4beb4b1a2e0d01e22b4d6f3f | |
| parent | b91b12adf3d7926f570b900f758e4670de3d4ec1 (diff) | |
Glibc: Fix CVE-2023-4806
| -rw-r--r-- | chapter01/changelog.xml | 20 | ||||
| -rw-r--r-- | chapter01/whatsnew.xml | 23 | ||||
| -rw-r--r-- | chapter03/patches.xml | 6 | ||||
| -rw-r--r-- | chapter08/glibc.xml | 20 | ||||
| -rw-r--r-- | patches.ent | 6 |
5 files changed, 34 insertions, 41 deletions
diff --git a/chapter01/changelog.xml b/chapter01/changelog.xml index 07493ad16..5f2d4860f 100644 --- a/chapter01/changelog.xml +++ b/chapter01/changelog.xml @@ -41,6 +41,26 @@ --> <listitem> + <para>2023-09-13</para> + <itemizedlist> + <listitem> + <para>[xry111] - Fix CVE-2023-4806 for Glibc-2.38. Fixes + <ulink url='&lfs-ticket-root;5347'>#5347</ulink>.</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> + <para>2023-09-12</para> + <itemizedlist> + <listitem> + <para>[xry111] - Fix CVE-2023-4527 for Glibc-2.38. Fixes + <ulink url='&lfs-ticket-root;5346'>#5346</ulink>.</para> + </listitem> + </itemizedlist> + </listitem> + + <listitem> <para>2023-09-07</para> <itemizedlist> <listitem> diff --git a/chapter01/whatsnew.xml b/chapter01/whatsnew.xml index 6f1291ad6..e1fca225c 100644 --- a/chapter01/whatsnew.xml +++ b/chapter01/whatsnew.xml @@ -287,35 +287,20 @@ <title>Added:</title> <listitem><para></para></listitem> <!-- satisfy build --> - <!--<listitem> - <para>&grub-upstream-fixes-patch;</para> - </listitem>--> - - <!--<listitem> - <para>&readline-fixes-patch;</para> - </listitem>--> + <listitem> + <para>&glibc-upstream-fixes-patch;</para> + </listitem> - <!--<listitem revision="systemd"> - <para>&systemd-upstream-patch;</para> - </listitem>--> </itemizedlist> <itemizedlist> <title>Removed:</title> <listitem><para></para></listitem> <!-- satisfy build --> -<!-- - <listitem revision='sysv'> - <para>eudev-3.2.12</para> - </listitem> <listitem> - <para>Pkg-config-0.29.2</para> + <para>glibc-2.38-memalign_fix-1.patch</para> </listitem> - <listitem revision='systemd'> - <para>systemd-252-security_fix-1.patch</para> - </listitem> ---> </itemizedlist> </sect1> diff --git a/chapter03/patches.xml b/chapter03/patches.xml index bbf09ae27..00628bda7 100644 --- a/chapter03/patches.xml +++ b/chapter03/patches.xml @@ -78,10 +78,10 @@ </varlistentry> --> <varlistentry> - <term>Glibc Memalign Patch - <token>&glibc-memalign-patch-size;</token>:</term> + <term>Glibc Upstream Fixes Patch - <token>&glibc-upstream-fixes-patch-size;</token>:</term> <listitem> - <para>Download: <ulink url="&patches-root;&glibc-memalign-patch;"/></para> - <para>MD5 sum: <literal>&glibc-memalign-patch-md5;</literal></para> + <para>Download: <ulink url="&patches-root;&glibc-upstream-fixes-patch;"/></para> + <para>MD5 sum: <literal>&glibc-upstream-fixes-patch-md5;</literal></para> </listitem> </varlistentry> diff --git a/chapter08/glibc.xml b/chapter08/glibc.xml index c648fe129..f48d95d09 100644 --- a/chapter08/glibc.xml +++ b/chapter08/glibc.xml @@ -50,22 +50,10 @@ <screen><userinput remap="pre">patch -Np1 -i ../&glibc-fhs-patch;</userinput></screen> - <para>Now fix a regression causing the posix_memalign() function - to be very slow in some conditions:</para> - -<screen><userinput remap="pre">patch -Np1 -i ../&glibc-memalign-patch;</userinput></screen> - - <!-- CVE-2023-4527 - https://sourceware.org/bugzilla/show_bug.cgi?id=30842 - https://sourceware.org/ml/libc-alpha/2023-September/151522.html --> - <para>Then fix a security vulnerability exploitable when the - <option>no-aaaa</option> option is used in - <filename>/etc/resolv.conf</filename>:</para> - -<screen><userinput remap="pre">sed \ - -E "/__res_context_search/\ - {N;N;s/(search \(([^,]*,){6}[^,]*)NULL/\1\&alt_dns_packet_buffer/}" \ - -i resolv/nss_dns/dns-host.c</userinput></screen> + <para>Now fix two security vulnerabilities and a regression causing the + posix_memalign() function very slow in some conditions:</para> + +<screen><userinput remap="pre">patch -Np1 -i ../&glibc-upstream-fixes-patch;</userinput></screen> <para>The Glibc documentation recommends building Glibc in a dedicated build directory:</para> diff --git a/patches.ent b/patches.ent index 7bb34e656..6634d1f2f 100644 --- a/patches.ent +++ b/patches.ent @@ -14,9 +14,9 @@ <!ENTITY glibc-fhs-patch-md5 "9a5997c3452909b1769918c759eff8a2"> <!ENTITY glibc-fhs-patch-size "2.8 KB"> -<!ENTITY glibc-memalign-patch "glibc-&glibc-version;-memalign_fix-1.patch"> -<!ENTITY glibc-memalign-patch-md5 "2c3552bded42a83ad6a7087c5fbf3857"> -<!ENTITY glibc-memalign-patch-size "20 KB"> +<!ENTITY glibc-upstream-fixes-patch "glibc-&glibc-version;-upstream_fixes-1.patch"> +<!ENTITY glibc-upstream-fixes-patch-md5 "2e347e291804b62a18a43a8cdc79e01e"> +<!ENTITY glibc-upstream-fixes-patch-size "24 KB"> <!ENTITY grub-upstream-fixes-patch "grub-&grub-version;-upstream_fixes-1.patch"> <!ENTITY grub-upstream-fixes-patch-md5 "da388905710bb4cbfbc7bd7346ff9174"> |