Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Core 11.0.2 #4751

Closed
wants to merge 2 commits into from
Closed

Core 11.0.2 #4751

wants to merge 2 commits into from

Conversation

billchenchina
Copy link
Member

@billchenchina billchenchina commented Oct 4, 2023
edited by MingcongBai
Loading

Topic Description

Apply glibc upstream patch, fixes CVE-2023-4911.

Package(s) Affected

glibc aosc-aaa

Security Update?

Yes

Test Build(s) Done

Primary Architectures

  • AMD64 amd64
  • AArch64 arm64

Secondary Architectures

Architectural progress for "secondary," or experimental ports does not impede on merging of this topic.

  • Loongson 3 loongson3
  • MIPS R6 64-bit (Little Endian) mips64r6el
  • PowerPC 64-bit (Little Endian) ppc64el
  • RISC-V 64-bit riscv64

Update(s) Uploaded to Stable

Primary Architectures

  • AMD64 amd64
  • AArch64 arm64

Secondary Architectures

Architectural progress for "secondary," or experimental ports does not impede on merging of this topic.

  • Loongson 3 loongson3
  • MIPS R6 64-bit (Little Endian) mips64r6el
  • PowerPC 64-bit (Little Endian) ppc64el
  • RISC-V 64-bit riscv64

@MingcongBai MingcongBai added security Topic/issue involves a security issue/fixed core AOSC OS Core related priority High-priority issue/topic labels Oct 4, 2023
@billchenchina
Copy link
Member Author

Confirmed not affected.

# env -i "GLIBC_TUNABLES=glibc.malloc.mxfast=glibc.malloc.mxfast=A" "Z=`printf '%08192x' 1`" /usr/bin/su --help
Usage: su [options] [-] [username [args]]

Options:
  -c, --command COMMAND         pass COMMAND to the invoked shell
  -h, --help                    display this help message and exit
  -, -l, --login                make the shell a login shell
  -m, -p,
  --preserve-environment        do not reset environment variables, and
                                keep the same shell
  -s, --shell SHELL             use SHELL instead of the default in passwd

If no username is given, assume root.
# /lib/ld-linux-x86-64.so.2 --list-tunables
/lib/ld-linux-x86-64.so.2: unrecognized option '--list-tunables'
Try '/lib/ld-linux-x86-64.so.2 --help' for more information.

tunable disabled by https://github.com/AOSC-Dev/aosc-os-abbs/blame/460c589e13d8e05c5847939025c2abcdef629ae2/core-libs/glibc/autobuild/defines#L33

@MingcongBai MingcongBai added the invalid Issue is not valid or could not be reproduced label Oct 4, 2023
@MingcongBai
Copy link
Member

That's good news (?). Closing.

@MingcongBai MingcongBai closed this Oct 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
core AOSC OS Core related invalid Issue is not valid or could not be reproduced priority High-priority issue/topic security Topic/issue involves a security issue/fixed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@billchenchina @MingcongBai