Date: Friday, August 7, 2015 @ 14:54:10 Author: heftig Revision: 243110
Remove old patch Deleted: glibc/trunk/glibc-2.21-roundup.patch --------------------------+ glibc-2.21-roundup.patch | 97 --------------------------------------------- 1 file changed, 97 deletions(-) Deleted: glibc-2.21-roundup.patch =================================================================== --- glibc-2.21-roundup.patch 2015-08-07 12:39:10 UTC (rev 243109) +++ glibc-2.21-roundup.patch 2015-08-07 12:54:10 UTC (rev 243110) @@ -1,97 +0,0 @@ -diff --git a/ChangeLog b/ChangeLog -index dc1ed1b..26feb07 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,15 @@ -+2015-04-21 Arjun Shankar <arjun...@lostca.se> -+ -+ [BZ #18287] -+ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length -+ based on padding. (CVE-2015-1781) -+ -+2015-02-10 Evangelos Foutras <evange...@foutrelis.com> -+ -+ [BZ #17949] -+ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of -+ jump label. -+ - 2015-02-06 Carlos O'Donell <car...@systemhalted.org> - - * version.h (RELEASE): Set to "stable". -@@ -7,6 +19,7 @@ - * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h. - - 2015-02-05 Paul Pluzhnikov <ppluzhni...@google.com> -+ Paul Eggert <egg...@cs.ucla.edu> - - [BZ #16618] - * stdio-common/tst-sscanf.c (main): Test for buffer overflow. -diff --git a/NEWS b/NEWS -index 617cdbb..c9f6b58 100644 ---- a/NEWS -+++ b/NEWS -@@ -5,6 +5,19 @@ See the end for copying conditions. - Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> - using `glibc' in the "product" field. - -+Version 2.21.1 -+ -+* The following bugs are resolved with this release: -+ -+ 17949, 18287. -+ -+* A buffer overflow in gethostbyname_r and related functions performing DNS -+ requests has been fixed. If the NSS functions were called with a -+ misaligned buffer, the buffer length change due to pointer alignment was -+ not taken into account. This could result in application crashes or, -+ potentially arbitrary code execution, using crafted, but syntactically -+ valid DNS responses. (CVE-2015-1781) -+ - Version 2.21 - - * The following bugs are resolved with this release: -@@ -21,10 +34,11 @@ Version 2.21 - 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, - 17892. - --* CVE-2015-1472 Under certain conditions wscanf can allocate too little -- memory for the to-be-scanned arguments and overflow the allocated -- buffer. The implementation now correctly computes the required buffer -- size when using malloc. -+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate -+ too little memory for the to-be-scanned arguments and overflow the -+ allocated buffer. The implementation now correctly computes the required -+ buffer size when using malloc, and switches to malloc from alloca as -+ intended. - - * A new semaphore algorithm has been implemented in generic C code for all - machines. Previous custom assembly implementations of semaphore were -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index f715ab0..40069a7 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, - int have_to_map = 0; - uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); - buffer += pad; -- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) -+ buflen = buflen > pad ? buflen - pad : 0; -+ if (__glibc_unlikely (buflen < sizeof (struct host_data))) - { - /* The buffer is too small. */ - too_small: -diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S -index 207b648..b6fa202 100644 ---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S -+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S -@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk) - cmpl $0, KIND_OFFSET+__cpu_features@GOTOFF(%ebx) - jne 1f - call __init_cpu_features -- leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax --1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) -+1: leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax -+ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) - jz 2f - leal __mempcpy_chk_sse2_unaligned@GOTOFF(%ebx), %eax - testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features@GOTOFF(%ebx)