[Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Yann E. MORIN
yann.morin.1998 at free.fr
Mon Feb 5 21:41:57 UTC 2018
Baruch, All,
On 2018-02-05 23:01 +0200, Baruch Siach spake thusly:
> On Mon, Feb 05, 2018 at 09:57:16PM +0100, Romain Naour wrote:
> > See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
> > https://sourceware.org/glibc/wiki/Release/2.27
> Note that this is a security bump fixing CVE-2017-1000408, CVE-2017-1000409,
> CVE-2017-16997, CVE-2018-1000001, and CVE-2018-6485.
There are 10 CVE listed in the release annoucement mail, but you list
only five here. Why only those?
Do we want to list all the CVEs fixed in a release? And if we don't list
all, why do we even list only a subset?
I don't think we should, especially since the release mail is linked to
the commit log and has all the details.
Regards,
Yann E. MORIN.
> > Add hash files
>
> You mean license files hash, right?
>
> baruch
>
> > Signed-off-by: Romain Naour <romain.naour at gmail.com>
> > ---
> > package/glibc/glibc.hash | 6 +++++-
> > package/glibc/glibc.mk | 2 +-
> > 2 files changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/package/glibc/glibc.hash b/package/glibc/glibc.hash
> > index f3a6577d2a..86d3bb56dd 100644
> > --- a/package/glibc/glibc.hash
> > +++ b/package/glibc/glibc.hash
> > @@ -1,4 +1,8 @@
> > # Locally calculated (fetched from Github)
> > -sha256 0766875391224153502c5542a71b6e46db53b44691078b3130e1a0df41586430 glibc-glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40.tar.gz
> > +sha256 a74489d14f4017bee6a6c6fe76f1de0dbf7d66c8695116de5aadd141c4757892 glibc-glibc-2.27.tar.gz
> > # Locally calculated (fetched from Github)
> > sha256 5aa9adeac09727db0b8a52794186563771e74d70410e9fd86431e339953fd4bb glibc-arc-2017.09-release.tar.gz
> > +
> > +sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
> > +sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LIB
> > +sha256 61abdd6930c9c599062d89e916b3e7968783879b6be0ee1c6229dd6169def431 LICENSES
> > diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
> > index cf4bdec065..b674191b22 100644
> > --- a/package/glibc/glibc.mk
> > +++ b/package/glibc/glibc.mk
> > @@ -10,7 +10,7 @@ GLIBC_SITE = $(call github,foss-for-synopsys-dwc-arc-processors,glibc,$(GLIBC_VE
> > else
> > # Generate version string using:
> > # git describe --match 'glibc-*' --abbrev=40 origin/release/MAJOR.MINOR/master
> > -GLIBC_VERSION = glibc-2.26-107-g73a92363619e52c458146e903dfb9b1ba823aa40
> > +GLIBC_VERSION = glibc-2.27
> > # Upstream doesn't officially provide an https download link.
> > # There is one (https://sourceware.org/git/glibc.git) but it's not reliable,
> > # sometimes the connection times out. So use an unofficial github mirror.
>
> --
> http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
> =}------------------------------------------------ooO--U--Ooo------------{=
> - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 223 225 172 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list