[packages/glibc] - rel 2; fixes CVE-2016-3075; update from upstream git
arekm
arekm at pld-linux.org
Fri Apr 29 23:34:11 CEST 2016
commit 42c30fa8bd9f1c1875c9bc07f4b6273b98852e30
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Apr 29 23:33:42 2016 +0200
- rel 2; fixes CVE-2016-3075; update from upstream git
glibc-git.patch | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
glibc.spec | 2 +-
2 files changed, 195 insertions(+), 8 deletions(-)
---
diff --git a/glibc.spec b/glibc.spec
index bd5794f..1fdfc5f 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -41,7 +41,7 @@ Summary(tr.UTF-8): GNU libc
Summary(uk.UTF-8): GNU libc версії
Name: glibc
Version: %{core_version}
-Release: 1
+Release: 2
Epoch: 6
License: LGPL v2.1+
Group: Libraries
diff --git a/glibc-git.patch b/glibc-git.patch
index 1d5ad4b..3acd9dd 100644
--- a/glibc-git.patch
+++ b/glibc-git.patch
@@ -1,8 +1,27 @@
diff --git a/ChangeLog b/ChangeLog
-index 2e4afb7..64a2746 100644
+index 2e4afb7..29b7cf5 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,5 +1,163 @@
+@@ -1,5 +1,182 @@
++2016-04-20 Yvan Roux <yvan.roux at linaro.org>
++
++ * stdlib/setenv.c (unsetenv): Fix ambiguous 'else'.
++ * nis/nis_call.c (nis_server_cache_add): Likewise.
++
++2016-04-09 Mike Frysinger <vapier at gentoo.org>
++
++ * sysdeps/i386/configure.ac: Change == to = when calling test.
++ * sysdeps/x86_64/configure.ac: Likewise.
++ * sysdeps/i386/configure: Regenerated.
++ * sysdeps/x86_64/configure: Likewise.
++
++2016-04-01 Florian Weimer <fweimer at redhat.com>
++
++ [BZ #19879]
++ CVE-2016-3075
++ * resolv/nss_dns/dns-network.c (_nss_dns_getnetbyname_r): Do not
++ copy name.
++
+2016-04-01 Stefan Liebler <stli at linux.vnet.ibm.com>
+
+ * sysdeps/s390/bits/link.h: (La_s390_vr) New typedef.
@@ -167,10 +186,10 @@ index 2e4afb7..64a2746 100644
(VERSION): Set to 2.23.
* include/feature.h (__GLIBC_MINOR__): Set to 23.
diff --git a/NEWS b/NEWS
-index c0276cf..674d217 100644
+index c0276cf..a08f96b 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,23 @@ See the end for copying conditions.
+@@ -5,6 +5,29 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -178,7 +197,10 @@ index c0276cf..674d217 100644
+
+Security related changes:
+
-+ [Add security related changes here]
++* The getnetbyname implementation in nss_dns had a potentially unbounded
++ alloca call (in the form of a call to strdupa), leading to a stack
++ overflow (stack exhaustion) and a crash if getnetbyname is invoked
++ on a very long name. (CVE-2016-3075)
+
+The following bugs are resolved with this release:
+
@@ -186,15 +208,18 @@ index c0276cf..674d217 100644
+ [19758] Or bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS
+ [19759] Don't inline mempcpy for x86
+ [19762] Use HAS_ARCH_FEATURE with Fast_Rep_String
-+ [19791] Assertion failure in res_query.c with un-connectable name server addresses
++ [19791] Assertion failure in res_query.c with un-connectable name server
++ addresses
+ [19792] MIPS: backtrace yields infinite backtrace with makecontext
+ [19822] libm.so install clobbers old version
++ [19879] network: nss_dns: Stack overflow in getnetbyname implementation
++ (CVE-2016-3075)
+
+
Version 2.23
* Unicode 8.0.0 Support: Character encoding, character type info, and
-@@ -38,7 +55,7 @@ Version 2.23
+@@ -38,7 +61,7 @@ Version 2.23
unnecessary serialization of memory allocation requests across threads.
The defect is now corrected. Users should see a substantial increase in
the concurent throughput of allocation requests for applications which
@@ -278,6 +303,38 @@ index 195d753..ecff1dc 100644
{
printf ("FAIL: Failed to call is* functions.\n");
exit (1);
+diff --git a/nis/nis_call.c b/nis/nis_call.c
+index 3fa37e4..cb7839a 100644
+--- a/nis/nis_call.c
++++ b/nis/nis_call.c
+@@ -680,16 +680,18 @@ nis_server_cache_add (const_nis_name name, int search_parent,
+ /* Choose which entry should be evicted from the cache. */
+ loc = &nis_server_cache[0];
+ if (*loc != NULL)
+- for (i = 1; i < 16; ++i)
+- if (nis_server_cache[i] == NULL)
+- {
++ {
++ for (i = 1; i < 16; ++i)
++ if (nis_server_cache[i] == NULL)
++ {
++ loc = &nis_server_cache[i];
++ break;
++ }
++ else if ((*loc)->uses > nis_server_cache[i]->uses
++ || ((*loc)->uses == nis_server_cache[i]->uses
++ && (*loc)->expires > nis_server_cache[i]->expires))
+ loc = &nis_server_cache[i];
+- break;
+- }
+- else if ((*loc)->uses > nis_server_cache[i]->uses
+- || ((*loc)->uses == nis_server_cache[i]->uses
+- && (*loc)->expires > nis_server_cache[i]->expires))
+- loc = &nis_server_cache[i];
++ }
+ old = *loc;
+ *loc = new;
+
diff --git a/po/be.po b/po/be.po
index 66d1235..ffb39b4 100644
--- a/po/be.po
@@ -55270,6 +55327,29 @@ index 90c47e4..9ca8cb1 100644
#~ msgid "compile-time support for database policy missing"
#~ msgstr "compile-time 支援用於資料庫策略缺少"
+diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
+index 2eb2f67..8f301a7 100644
+--- a/resolv/nss_dns/dns-network.c
++++ b/resolv/nss_dns/dns-network.c
+@@ -118,17 +118,14 @@ _nss_dns_getnetbyname_r (const char *name, struct netent *result,
+ } net_buffer;
+ querybuf *orig_net_buffer;
+ int anslen;
+- char *qbuf;
+ enum nss_status status;
+
+ if (__res_maybe_init (&_res, 0) == -1)
+ return NSS_STATUS_UNAVAIL;
+
+- qbuf = strdupa (name);
+-
+ net_buffer.buf = orig_net_buffer = (querybuf *) alloca (1024);
+
+- anslen = __libc_res_nsearch (&_res, qbuf, C_IN, T_PTR, net_buffer.buf->buf,
++ anslen = __libc_res_nsearch (&_res, name, C_IN, T_PTR, net_buffer.buf->buf,
+ 1024, &net_buffer.ptr, NULL, NULL, NULL, NULL);
+ if (anslen < 0)
+ {
diff --git a/resolv/res_init.c b/resolv/res_init.c
index e0b6a80..6c951f5 100644
--- a/resolv/res_init.c
@@ -55449,6 +55529,43 @@ index 25c19f1..b4efcb6 100644
else {
/* poll should not have returned > 0 in this case. */
abort ();
+diff --git a/stdlib/setenv.c b/stdlib/setenv.c
+index da61ee0..e66045f 100644
+--- a/stdlib/setenv.c
++++ b/stdlib/setenv.c
+@@ -278,18 +278,20 @@ unsetenv (const char *name)
+ ep = __environ;
+ if (ep != NULL)
+ while (*ep != NULL)
+- if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
+- {
+- /* Found it. Remove this pointer by moving later ones back. */
+- char **dp = ep;
+-
+- do
+- dp[0] = dp[1];
+- while (*dp++);
+- /* Continue the loop in case NAME appears again. */
+- }
+- else
+- ++ep;
++ {
++ if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
++ {
++ /* Found it. Remove this pointer by moving later ones back. */
++ char **dp = ep;
++
++ do
++ dp[0] = dp[1];
++ while (*dp++);
++ /* Continue the loop in case NAME appears again. */
++ }
++ else
++ ++ep;
++ }
+
+ UNLOCK;
+
diff --git a/sysdeps/arm/nacl/libc.abilist b/sysdeps/arm/nacl/libc.abilist
index 561441e..0560510 100644
--- a/sysdeps/arm/nacl/libc.abilist
@@ -55463,6 +55580,32 @@ index 561441e..0560510 100644
+GLIBC_2.23 fts64_open F
+GLIBC_2.23 fts64_read F
+GLIBC_2.23 fts64_set F
+diff --git a/sysdeps/i386/configure b/sysdeps/i386/configure
+index 9515719..5b55c5a 100644
+--- a/sysdeps/i386/configure
++++ b/sysdeps/i386/configure
+@@ -72,7 +72,7 @@ rm -f conftest*
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_asm_mpx" >&5
+ $as_echo "$libc_cv_asm_mpx" >&6; }
+-if test $libc_cv_asm_mpx == yes; then
++if test $libc_cv_asm_mpx = yes; then
+ $as_echo "#define HAVE_MPX_SUPPORT 1" >>confdefs.h
+
+ fi
+diff --git a/sysdeps/i386/configure.ac b/sysdeps/i386/configure.ac
+index f8f9e44..19ef33f 100644
+--- a/sysdeps/i386/configure.ac
++++ b/sysdeps/i386/configure.ac
+@@ -41,7 +41,7 @@ else
+ libc_cv_asm_mpx=no
+ fi
+ rm -f conftest*])
+-if test $libc_cv_asm_mpx == yes; then
++if test $libc_cv_asm_mpx = yes; then
+ AC_DEFINE(HAVE_MPX_SUPPORT)
+ fi
+
diff --git a/sysdeps/i386/i686/multiarch/bcopy.S b/sysdeps/i386/i686/multiarch/bcopy.S
index d5b408d..ce6661b 100644
--- a/sysdeps/i386/i686/multiarch/bcopy.S
@@ -56569,6 +56712,50 @@ index e4e019f..8dfce05 100644
/* Enable inline functions only for i486 or better when compiling for
ia32. */
#if !defined __x86_64__ && (defined __i486__ || defined __pentium__ \
+diff --git a/sysdeps/x86_64/configure b/sysdeps/x86_64/configure
+index c72b9d3..88fbfe4 100644
+--- a/sysdeps/x86_64/configure
++++ b/sysdeps/x86_64/configure
+@@ -24,7 +24,7 @@ rm -f conftest*
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_asm_avx512" >&5
+ $as_echo "$libc_cv_asm_avx512" >&6; }
+-if test $libc_cv_asm_avx512 == yes; then
++if test $libc_cv_asm_avx512 = yes; then
+ $as_echo "#define HAVE_AVX512_ASM_SUPPORT 1" >>confdefs.h
+
+ fi
+@@ -77,7 +77,7 @@ rm -f conftest*
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_asm_mpx" >&5
+ $as_echo "$libc_cv_asm_mpx" >&6; }
+-if test $libc_cv_asm_mpx == yes; then
++if test $libc_cv_asm_mpx = yes; then
+ $as_echo "#define HAVE_MPX_SUPPORT 1" >>confdefs.h
+
+ fi
+diff --git a/sysdeps/x86_64/configure.ac b/sysdeps/x86_64/configure.ac
+index 37b1059..b39309e 100644
+--- a/sysdeps/x86_64/configure.ac
++++ b/sysdeps/x86_64/configure.ac
+@@ -13,7 +13,7 @@ else
+ libc_cv_asm_avx512=no
+ fi
+ rm -f conftest*])
+-if test $libc_cv_asm_avx512 == yes; then
++if test $libc_cv_asm_avx512 = yes; then
+ AC_DEFINE(HAVE_AVX512_ASM_SUPPORT)
+ fi
+
+@@ -37,7 +37,7 @@ else
+ libc_cv_asm_mpx=no
+ fi
+ rm -f conftest*])
+-if test $libc_cv_asm_mpx == yes; then
++if test $libc_cv_asm_mpx = yes; then
+ AC_DEFINE(HAVE_MPX_SUPPORT)
+ fi
+
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
index 9fb6b13..39b8771 100644
--- a/sysdeps/x86_64/dl-trampoline.S
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/glibc.git/commitdiff/42c30fa8bd9f1c1875c9bc07f4b6273b98852e30
More information about the pld-cvs-commit
mailing list