On Fri, Oct 10, 2014 at 08:37:15AM +0100, Adam D. Barratt wrote: > Control: tags -1 + pending > > On 2014-10-09 0:16, Aurelien Jarno wrote: > >On Wed, Oct 08, 2014 at 11:27:30PM +0100, Adam D. Barratt wrote: > >>Control: tags -1 + confirmed > >> > >>On Wed, 2014-10-08 at 23:49 +0200, Aurelien Jarno wrote: > >>> I would like to do an update of eglibc in wheezy, with the patches we > >>> have accumulated in the SVN over the last months. I understand that > >>> it's a bit late with the stable release schedule, that said all this > >>> patches have been upstream and in jessie/sid for months. > >>[...] > >>> +eglibc (2.13-38+deb7u5) wheezy; urgency=medium > >>> + > >>> + * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream > >>> + to fix invalid file descriptor reuse while sending DNS query. > >>> Closes: > >>> + #722075, #756343. > >>> + * debian/patches/any/cvs-CVE-2013-4357.diff: new patch from upstream to > >>> + fix stack overflow issues. Closes: #742925. > >>> + * debian/patches/any/submitted-CVE-2014-0475.diff: update from upstream > >>> + to fix a localplt regression introduced in version 2.13-38+deb7u3. > >>> + * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to > >>> + fix a memory leak with dlopen() and thread-local storage variables. > >>> + Closes: #763559. > >> > >>Please go ahead; thanks. > >> > > > >Thanks! I have just uploaded it. > > Flagged for acceptance; thanks. >
As discussed on IRC, this update introduced a serious regression when using nscd (see bugs #765506, #765526, #765562), due to the patch cvs-CVE-2013-4357.diff. Sorry about that. The upstream commit is broken and a later commit that I missed is fixing that. I have included it in the new version 2.13-38+deb7u6. I also updated the changelog entry for 2.13-38+deb7u5 as discussed in the bug report. You will find the debdiff against 2.13-38+deb7u5 below. Is it fine to upload it? Regards, Aurelien diff -u eglibc-2.13/debian/changelog eglibc-2.13/debian/changelog --- eglibc-2.13/debian/changelog +++ eglibc-2.13/debian/changelog @@ -1,3 +1,13 @@ +eglibc (2.13-38+deb7u6) wheezy; urgency=medium + + * Update 2.13-38+deb7u5 changelog to mention that some lost glibc-doc + files have been re-added in this version. + * debian/patches/any/cvs-CVE-2013-4357.diff: update patch with upstream + commit c8fc0c91 to fix segmentation faults when nscd is in use. + Closes: #765506, #765526, #765562. + + -- Aurelien Jarno <[email protected]> Thu, 16 Oct 2014 15:29:00 +0200 + eglibc (2.13-38+deb7u5) wheezy; urgency=medium * debian/patches/any/cvs-resolv-reuse-fd.diff: new patch from upstream @@ -10,6 +20,9 @@ * patches/any/cvs-dlopen-tls-memleak.patch: new patch from upstream to fix a memory leak with dlopen() and thread-local storage variables. Closes: #763559. + * debian/TODO, debian/debhelper.in/glibc-doc.{install,links,manpage}: + re-add files lost in the deb7u3 and deb7u4 security upgrades, causing + the glibc-doc package to be almost empty. -- Aurelien Jarno <[email protected]> Wed, 08 Oct 2014 22:50:01 +0200 diff -u eglibc-2.13/debian/patches/any/cvs-CVE-2013-4357.diff eglibc-2.13/debian/patches/any/cvs-CVE-2013-4357.diff --- eglibc-2.13/debian/patches/any/cvs-CVE-2013-4357.diff +++ eglibc-2.13/debian/patches/any/cvs-CVE-2013-4357.diff @@ -1,3 +1,8 @@ +2011-05-31 Andreas Schwab <[email protected]> + + * nscd/nscd_getserv_r.c (nscd_getserv_r): Don't free non-malloced + memory. Use alloca_account. Fix memory leak when retrying. + 2011-05-22 Ulrich Drepper <[email protected]> [BZ #12671] @@ -134,7 +139,15 @@ const uint32_t *aliases_len = NULL; const char *aliases_list = NULL; int retval = -1; -@@ -136,8 +148,22 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, +@@ -112,6 +124,7 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, + s_name = (char *) (&found->data[0].servdata + 1); + serv_resp = found->data[0].servdata; + s_proto = s_name + serv_resp.s_name_len; ++ alloca_aliases_len = 1; + aliases_len = (uint32_t *) (s_proto + serv_resp.s_proto_len); + aliases_list = ((char *) aliases_len + + serv_resp.s_aliases_cnt * sizeof (uint32_t)); +@@ -136,8 +149,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1)) != 0) { @@ -146,7 +159,9 @@ + + (serv_resp.s_aliases_cnt + * sizeof (uint32_t))); + if (alloca_aliases_len) -+ tmp = __alloca (serv_resp.s_aliases_cnt * sizeof (uint32_t)); ++ tmp = alloca_account (serv_resp.s_aliases_cnt ++ * sizeof (uint32_t), ++ alloca_used); + else + { + tmp = malloc (serv_resp.s_aliases_cnt * sizeof (uint32_t)); @@ -159,7 +174,7 @@ aliases_len = memcpy (tmp, aliases_len, serv_resp.s_aliases_cnt * sizeof (uint32_t)); -@@ -217,8 +243,24 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, +@@ -217,8 +246,25 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, if (serv_resp.s_aliases_cnt > 0) { @@ -171,8 +186,9 @@ + + (serv_resp.s_aliases_cnt + * sizeof (uint32_t))); + if (alloca_aliases_len) -+ aliases_len = alloca (serv_resp.s_aliases_cnt -+ * sizeof (uint32_t)); ++ aliases_len = alloca_account (serv_resp.s_aliases_cnt ++ * sizeof (uint32_t), ++ alloca_used); + else + { + aliases_len = malloc (serv_resp.s_aliases_cnt @@ -186,8 +202,16 @@ vec[n].iov_base = (void *) aliases_len; vec[n].iov_len = serv_resp.s_aliases_cnt * sizeof (uint32_t); -@@ -329,5 +371,10 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, - goto retry; +@@ -326,8 +372,17 @@ nscd_getserv_r (const char *crit, size_t critlen, const char *proto, + } + + if (retval != -1) +- goto retry; ++ { ++ if (!alloca_aliases_len) ++ free (aliases_len); ++ goto retry; ++ } } + if (!alloca_aliases_len) -- Aurelien Jarno GPG: 4096R/1DDD8C9B [email protected] http://www.aurel32.net
signature.asc
Description: Digital signature
