diff options
Diffstat (limited to 'poky/meta/recipes-core/glibc/glibc_2.33.bb')
| -rw-r--r-- | poky/meta/recipes-core/glibc/glibc_2.33.bb | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/poky/meta/recipes-core/glibc/glibc_2.33.bb b/poky/meta/recipes-core/glibc/glibc_2.33.bb index 5e0baa53e..b70cd0978 100644 --- a/poky/meta/recipes-core/glibc/glibc_2.33.bb +++ b/poky/meta/recipes-core/glibc/glibc_2.33.bb @@ -1,7 +1,20 @@ require glibc.inc require glibc-version.inc -CVE_CHECK_WHITELIST += "CVE-2020-10029" +CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2021-27645" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 +# Upstream glibc maintainers dispute there is any issue and have no plans to address it further. +# "this is being treated as a non-security bug and no real threat." +CVE_CHECK_WHITELIST += "CVE-2019-1010022 CVE-2019-1010023 CVE-2019-1010024" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 +# Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, may allow +# easier access for another. "ASLR bypass itself is not a vulnerability." +# Potential patch at https://sourceware.org/bugzilla/show_bug.cgi?id=22853 +CVE_CHECK_WHITELIST += "CVE-2019-1010025" DEPENDS += "gperf-native bison-native make-native" @@ -43,11 +56,6 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ file://0028-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch \ file://0029-wordsize.h-Unify-the-header-between-arm-and-aarch64.patch \ file://0030-powerpc-Do-not-ask-compiler-for-finding-arch.patch \ - file://0031-x86-Require-full-ISA-support-for-x86-64-level-marker.patch \ - file://0032-string-Work-around-GCC-PR-98512-in-rawmemchr.patch \ - file://0033-x86-Handle-_SC_LEVEL1_ICACHE_LINESIZE-BZ-27444.patch \ - file://CVE-2021-27645.patch \ - file://0001-nptl-Remove-private-futex-optimization-BZ-27304.patch \ " S = "${WORKDIR}/git" B = "${WORKDIR}/build-${TARGET_SYS}" @@ -82,6 +90,7 @@ EXTRA_OECONF += "${@get_libc_fpu_setting(bb, d)}" EXTRA_OECONF_append_x86 = " --enable-cet" EXTRA_OECONF_append_x86-64 = " --enable-cet" +EXTRA_OECONF_append_aarch64 = " --enable-memory-tagging" PACKAGECONFIG ??= "nscd" PACKAGECONFIG[nscd] = "--enable-nscd,--disable-nscd" |