glibc: backport patch to fix CVE-2023-4911 #46415
Conversation
| @@ -0,0 +1,417 @@ | |||
| From patchwork Tue Oct 3 17:08:10 2023 | |||
There was a problem hiding this comment.
do we need to include all the email headers?
There was a problem hiding this comment.
Removed most of the headers.
Johnnynator
force-pushed
the
CVE-2023-4911
branch
from
8699f96
to
6b20f80
Compare
Johnnynator
force-pushed
the
CVE-2023-4911
branch
from
6b20f80
to
fd2b430
Compare
| revision=1 | ||
| revision=2 |
There was a problem hiding this comment.
Just sanity-checking myself here: I'm doing a custom rootfs build courtesy of @JamiKettunen, and it's failing on unresolved shlibs from the glibc package. Should the revision suffix in common/shlibs have been bumped to glibc-2.36_2?
There was a problem hiding this comment.
no
that error probably means there's something being installed that was removed from the repositories at some point
the full error message is generally useful to include but also this is not the place to discuss this. create an issue instead
There was a problem hiding this comment.
I did not want to spam a massive error message here for something that's likely broken on our end in either the script or our (dated!) package overlay(s).
In any case, substituting glibc-2.36_1 for glibc-2.36_2 in common/shlibs fixes it. I'll leave it to @JamiKettunen to sort out whether that's expected.
https://lwn.net/ml/oss-security/20231003175031.GA16924@localhost.localdomain/