From: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Date: Wed, 28 Jun 2017 20:27:14 +0000 (+0200)
Subject: Fix for CVE-2017-1000366 in glibc
X-Git-Tag: chinook_3.0.5
X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=commitdiff_plain;h=refs%2Ftags%2Fchinook_3.0.5;p=AGL%2Fmeta-agl.git

Fix for CVE-2017-1000366 in glibc

This changeset fixes CVE-2017-1000366 by using the latest glibc
revision from the 2.23 glibc git as of today which includes the needed fix.
A few patch files included in poky had to be skipped as they're already
included in this later version.

Bug-AGL: SPEC-705 SPEC-706

Change-Id: Ie7ec64e524c68a4d5f2ca2a5363392c0588eb7d3
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/9935
Tested-by: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-build: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
ci-image-boot-test: Jenkins Job builder account <agl-jobbuilder@automotivelinux.org>
---

diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend b/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend
new file mode 100644
index 000000000..577552259
--- /dev/null
+++ b/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.23.bbappend
@@ -0,0 +1,11 @@
+FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
+
+# include fix for CVE-2017-1000366
+SRCREV = "d990d79610362f823292f9d869b84b4ec4491159"
+
+# already in above revision
+SRC_URI_remove = "file://CVE-2016-3706.patch"
+SRC_URI_remove = "file://CVE-2016-4429.patch"
+SRC_URI_remove = "file://CVE-2016-1234.patch"
+SRC_URI_remove = "file://CVE-2016-3075.patch"
+SRC_URI_remove = "file://CVE-2016-5417.patch"