This is an automated email from the git hooks/post-receive script. aurel32 pushed a commit to branch sid in repository glibc.
commit 82a888594125b1d05bed4092b23af44fc23907a2 Author: Aurelien Jarno <aurel...@aurel32.net> Date: Sat Jan 13 16:14:06 2018 +0100 debian/patches/git-updates.diff: update from upstream stable branch: * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a buffer underflow in getcwd() (CVE-2018-1000001). Closes: #887001. --- debian/changelog | 3 + debian/patches/git-updates.diff | 137 ++++++++++++++++++++++++++++++++++++++-- 2 files changed, 136 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index f72b868..f1cebf4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,9 @@ glibc (2.26-4) UNRELEASED; urgency=medium the multilib flavours, simplify the mips* entries into mips*, mips be and mips le, instead of trying to keep all the flavours in sync. Remove XFAILs for tests that have been fixed. + * debian/patches/git-updates.diff: update from upstream stable branch: + - Fix a buffer underflow in getcwd() (CVE-2018-1000001). Closes: + #887001. -- Aurelien Jarno <aure...@debian.org> Fri, 12 Jan 2018 22:26:33 +0100 diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff index be70c25..532da88 100644 --- a/debian/patches/git-updates.diff +++ b/debian/patches/git-updates.diff @@ -1,10 +1,19 @@ GIT update of https://sourceware.org/git/glibc.git/release/2.26/master from glibc-2.26 diff --git a/ChangeLog b/ChangeLog -index 8dbfc7eaff..efc8395ebb 100644 +index 8dbfc7eaff..98ef90f461 100644 --- a/ChangeLog +++ b/ChangeLog -@@ -1,3 +1,1136 @@ +@@ -1,3 +1,1146 @@ ++2018-01-12 Dmitry V. Levin <l...@altlinux.org> ++ ++ [BZ #22679] ++ CVE-2018-1000001 ++ * sysdeps/unix/sysv/linux/getcwd.c (__getcwd): Fall back to ++ generic_getcwd if the path returned by getcwd syscall is not absolute. ++ * io/tst-getcwd-abspath.c: New test. ++ * io/Makefile (tests): Add tst-getcwd-abspath. ++ +2017-12-19 Adhemerval Zanella <adhemerval.zane...@linaro.org> + James Clarke <jrt...@jrtc27.com> + @@ -981,6 +990,7 @@ index 8dbfc7eaff..efc8395ebb 100644 + +2017-09-01 Florian Weimer <fwei...@redhat.com> + ++ [BZ #20532] + * sysdeps/posix/getaddrinfo.c (gaih_inet): Make reporting of NSS + function lookup failures more reliable. + @@ -1165,10 +1175,10 @@ index 9bb707c168..828a445f24 100644 # Don't try to use -lc when making libc.so itself. # Also omits crti.o and crtn.o, which we do not want diff --git a/NEWS b/NEWS -index 8295f20c0a..f04b3ed4e8 100644 +index 8295f20c0a..7f88e9e310 100644 --- a/NEWS +++ b/NEWS -@@ -5,6 +5,98 @@ See the end for copying conditions. +@@ -5,6 +5,105 @@ See the end for copying conditions. Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> using `glibc' in the "product" field. @@ -1226,10 +1236,15 @@ index 8295f20c0a..f04b3ed4e8 100644 + for AT_SECURE or SUID binaries could be used to load libraries from the + current directory. + ++ CVE-2018-1000001: Buffer underflow in realpath function when getcwd function ++ succeeds without returning an absolute path due to unexpected behaviour ++ of the Linux kernel getcwd syscall. Reported by halfdog. ++ +The following bugs are resolved with this release: + + [16750] ldd: Never run file directly. + [17956] crypt: Use NSPR header files in addition to NSS header files ++ [20532] getaddrinfo: More robust handling of dlopen failures + [21242] assert: Suppress pedantic warning caused by statement expression + [21265] x86-64: Use fxsave/xsave/xsavec in _dl_runtime_resolve + [21780] posix: Set p{read,write}v2 to return ENOTSUP @@ -1263,6 +1278,8 @@ index 8295f20c0a..f04b3ed4e8 100644 + [22325] glibc: Memory leak in glob with GLOB_TILDE (CVE-2017-15671) + [22375] malloc returns pointer from tcache instead of NULL (CVE-2017-17426) + [22627] $ORIGIN in $LD_LIBRARY_PATH is substituted twice ++ [22679] getcwd(3) can succeed without returning an absolute path ++ (CVE-2018-1000001) + Version 2.26 @@ -1828,6 +1845,91 @@ index 2b2632c7ba..b2135893e8 100644 libc_hidden_proto (__inet6_scopeid_pton) +diff --git a/io/Makefile b/io/Makefile +index 2f26bf56db..f0bdc838bb 100644 +--- a/io/Makefile ++++ b/io/Makefile +@@ -70,7 +70,7 @@ tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \ + tst-symlinkat tst-linkat tst-readlinkat tst-mkdirat \ + tst-mknodat tst-mkfifoat tst-ttyname_r bug-ftw5 \ + tst-posix_fallocate tst-posix_fallocate64 \ +- tst-fts tst-fts-lfs tst-open-tmpfile ++ tst-fts tst-fts-lfs tst-open-tmpfile tst-getcwd-abspath + + ifeq ($(run-built-tests),yes) + tests-special += $(objpfx)ftwtest.out +diff --git a/io/tst-getcwd-abspath.c b/io/tst-getcwd-abspath.c +new file mode 100644 +index 0000000000..3a3636f2ed +--- /dev/null ++++ b/io/tst-getcwd-abspath.c +@@ -0,0 +1,66 @@ ++/* BZ #22679 getcwd(3) should not succeed without returning an absolute path. ++ ++ Copyright (C) 2018 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <errno.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <support/check.h> ++#include <support/namespace.h> ++#include <support/support.h> ++#include <support/temp_file.h> ++#include <support/test-driver.h> ++#include <support/xunistd.h> ++#include <unistd.h> ++ ++static char *chroot_dir; ++ ++/* The actual test. Run it in a subprocess, so that the test harness ++ can remove the temporary directory in --direct mode. */ ++static void ++getcwd_callback (void *closure) ++{ ++ xchroot (chroot_dir); ++ ++ errno = 0; ++ char *cwd = getcwd (NULL, 0); ++ TEST_COMPARE (errno, ENOENT); ++ TEST_VERIFY (cwd == NULL); ++ ++ errno = 0; ++ cwd = realpath (".", NULL); ++ TEST_COMPARE (errno, ENOENT); ++ TEST_VERIFY (cwd == NULL); ++ ++ _exit (0); ++} ++ ++static int ++do_test (void) ++{ ++ support_become_root (); ++ if (!support_can_chroot ()) ++ return EXIT_UNSUPPORTED; ++ ++ chroot_dir = support_create_temp_directory ("tst-getcwd-abspath-"); ++ support_isolate_in_subprocess (getcwd_callback, NULL); ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> diff --git a/malloc/Makefile b/malloc/Makefile index 3fa395b949..9e23db9343 100644 --- a/malloc/Makefile @@ -21550,6 +21652,33 @@ index 82a9a296a7..0000000000 +++ /dev/null @@ -1 +0,0 @@ -#include <sysdeps/unix/sysv/linux/i386/glob64.c> +diff --git a/sysdeps/unix/sysv/linux/getcwd.c b/sysdeps/unix/sysv/linux/getcwd.c +index 3b556fd450..f485de88a5 100644 +--- a/sysdeps/unix/sysv/linux/getcwd.c ++++ b/sysdeps/unix/sysv/linux/getcwd.c +@@ -76,7 +76,7 @@ __getcwd (char *buf, size_t size) + int retval; + + retval = INLINE_SYSCALL (getcwd, 2, path, alloc_size); +- if (retval >= 0) ++ if (retval > 0 && path[0] == '/') + { + #ifndef NO_ALLOCATION + if (buf == NULL && size == 0) +@@ -92,10 +92,10 @@ __getcwd (char *buf, size_t size) + return buf; + } + +- /* The system call cannot handle paths longer than a page. +- Neither can the magic symlink in /proc/self. Just use the ++ /* The system call either cannot handle paths longer than a page ++ or can succeed without returning an absolute path. Just use the + generic implementation right away. */ +- if (errno == ENAMETOOLONG) ++ if (retval >= 0 || errno == ENAMETOOLONG) + { + #ifndef NO_ALLOCATION + if (buf == NULL && size == 0) diff --git a/sysdeps/unix/sysv/linux/glob.c b/sysdeps/unix/sysv/linux/glob.c new file mode 100644 index 0000000000..057ae7fe25 -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-glibc/glibc.git