Fix for CVE-2017-1000366 in glibc

This changeset fixes CVE-2017-1000366 by using the latest glibc
revision from the 2.23 glibc git as of today which includes the needed fix.
A few patch files included in poky had to be skipped as they're already
included in this later version.

Bug-AGL: SPEC-705 SPEC-706

Change-Id: Ie7ec64e524c68a4d5f2ca2a5363392c0588eb7d3
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9935
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-boot-test: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>

diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend b/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend
new file mode 100644 (file)
index 0000000..5775522
--- /dev/null
+++ b/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+# include fix for CVE-2017-1000366
+SRCREV = "d990d79610362f823292f9d869b84b4ec4491159"
+
+# already in above revision
+SRC_URI_remove = "file://CVE-2016-3706.patch"
+SRC_URI_remove = "file://CVE-2016-4429.patch"
+SRC_URI_remove = "file://CVE-2016-1234.patch"
+SRC_URI_remove = "file://CVE-2016-3075.patch"
+SRC_URI_remove = "file://CVE-2016-5417.patch"