[source] glibc: switch to 2.24 by default and remove old versions, fixes security issues

Tue Aug 30 03:13:55 PDT 2016

nbd pushed a commit to source.git, branch master:
https://git.lede-project.org/4badb8a023bf187c235f1e558ab96c41729edbcb

commit 4badb8a023bf187c235f1e558ab96c41729edbcb
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Tue Aug 30 11:02:54 2016 +0200

    glibc: switch to 2.24 by default and remove old versions, fixes security issues
    
    2.24 fixes the following CVEs compared to 2.23:
    - CVE-2016-3075
    - CVE-2016-3706
    - CVE-2016-1234
    - CVE-2016-4429
    - CVE-2016-5417
    
    CVEs fixed in 2.23:
    - CVE-2015-8776
    - CVE-2015-8777
    - CVE-2015-8778
    - CVE-2015-8779
    - CVE-2014-9761
    - CVE-2015-7547
    
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 toolchain/glibc/Config.in                          |  6 +--
 toolchain/glibc/Config.version                     |  6 +--
 toolchain/glibc/common.mk                          |  9 ----
 .../glibc/patches/2.22/100-fix_cross_rpcgen.patch  | 52 ----------------------
 .../patches/2.22/200-add-dl-search-paths.patch     | 14 ------
 5 files changed, 2 insertions(+), 85 deletions(-)

diff --git a/toolchain/glibc/Config.in b/toolchain/glibc/Config.in
index ef5ef56..036604f 100644
--- a/toolchain/glibc/Config.in
+++ b/toolchain/glibc/Config.in
@@ -1,14 +1,10 @@
 choice
 	prompt "glibc version"
 	depends on TOOLCHAINOPTS && USE_GLIBC
-	default GLIBC_USE_VERSION_2_22
+	default GLIBC_USE_VERSION_2_24
 	help
 	  Select the version of glibc you wish to use.
 
-	config GLIBC_USE_VERSION_2_22
-		bool "glibc 2.22"
-		select GLIBC_VERSION_2_22
-
 	config GLIBC_USE_VERSION_2_24
 		bool "glibc 2.24"
 		select GLIBC_VERSION_2_24
diff --git a/toolchain/glibc/Config.version b/toolchain/glibc/Config.version
index ec8280f..1df7719 100644
--- a/toolchain/glibc/Config.version
+++ b/toolchain/glibc/Config.version
@@ -2,14 +2,10 @@ if USE_GLIBC
 
 config GLIBC_VERSION
 	string
-	default "2.22" if GLIBC_VERSION_2_22
 	default "2.24" if GLIBC_VERSION_2_24
 
-config GLIBC_VERSION_2_22
-	default y if !TOOLCHAINOPTS
-	bool
-
 config GLIBC_VERSION_2_24
+	default y if !TOOLCHAINOPTS
 	bool
 
 endif
diff --git a/toolchain/glibc/common.mk b/toolchain/glibc/common.mk
index 11de291..0ffa44f 100644
--- a/toolchain/glibc/common.mk
+++ b/toolchain/glibc/common.mk
@@ -7,15 +7,6 @@
 include $(TOPDIR)/rules.mk
 
 
-MD5SUM_2.19 = 42dad4edd3bcb38006d13b5640b00b38
-REVISION_2.19 = 25243
-
-MD5SUM_2.21 = 76050a65c444d58b5c4aa0d6034736ed
-REVISION_2.21 = 16d0a0c
-
-MD5SUM_2.22 = b575850e77b37d70f96472285290b391
-REVISION_2.22 = b995d95
-
 MD5SUM_2.24 = 5c5a6f1ac6fce866e37643c41ac116f3
 REVISION_2.24 = 8c716c2
 
diff --git a/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch b/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch
deleted file mode 100644
index 6a5e537..0000000
--- a/toolchain/glibc/patches/2.22/100-fix_cross_rpcgen.patch
+++ /dev/null
@@ -1,52 +0,0 @@
---- a/sunrpc/rpc/types.h
-+++ b/sunrpc/rpc/types.h
-@@ -75,18 +75,23 @@ typedef unsigned long rpcport_t;
- #endif
- 
- #ifndef __u_char_defined
--typedef __u_char u_char;
--typedef __u_short u_short;
--typedef __u_int u_int;
--typedef __u_long u_long;
--typedef __quad_t quad_t;
--typedef __u_quad_t u_quad_t;
--typedef __fsid_t fsid_t;
-+typedef unsigned char u_char;
-+typedef unsigned short u_short;
-+typedef unsigned int u_int;
-+typedef unsigned long u_long;
-+#if __WORDSIZE == 64
-+typedef long int quad_t;
-+typedef unsigned long int u_quad_t;
-+#elif defined __GLIBC_HAVE_LONG_LONG
-+typedef long long int quad_t;
-+typedef unsigned long long int u_quad_t;
-+#endif
-+typedef u_quad_t fsid_t;
- # define __u_char_defined
- #endif
--#ifndef __daddr_t_defined
--typedef __daddr_t daddr_t;
--typedef __caddr_t caddr_t;
-+#if !defined(__daddr_t_defined) && defined(linux)
-+typedef long int daddr_t;
-+typedef char *caddr_t;
- # define __daddr_t_defined
- #endif
- 
---- a/sunrpc/rpc_main.c
-+++ b/sunrpc/rpc_main.c
-@@ -958,9 +958,10 @@ mkfile_output (struct commandline *cmd)
- 	abort ();
-       temp = rindex (cmd->infile, '.');
-       cp = stpcpy (mkfilename, "Makefile.");
--      if (temp != NULL)
--	*((char *) stpncpy (cp, cmd->infile, temp - cmd->infile)) = '\0';
--      else
-+      if (temp != NULL) {
-+        strncpy(cp, cmd->infile, temp - cmd->infile);
-+        cp[temp - cmd->infile - 1] = 0;
-+      } else
- 	stpcpy (cp, cmd->infile);
- 
-     }
diff --git a/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch b/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch
deleted file mode 100644
index d82686c..0000000
--- a/toolchain/glibc/patches/2.22/200-add-dl-search-paths.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-add /usr/lib to default search path for the dynamic linker
-
---- a/Makeconfig
-+++ b/Makeconfig
-@@ -527,6 +527,9 @@ else
- default-rpath = $(libdir)
- endif
- 
-+# Add /usr/lib to default search path for the dynamic linker
-+user-defined-trusted-dirs := /usr/lib
-+
- ifndef link-extra-libs
- link-extra-libs = $(LDLIBS-$(@F))
- link-extra-libs-static = $(link-extra-libs)

