[arch-commits] Commit in glibc/trunk (PKGBUILD glibc-2.14.1-tzfile-overflow.patch)
Allan McRae
allan at archlinux.org
Sun Dec 18 02:28:17 UTC 2011
Date: Saturday, December 17, 2011 @ 21:28:16
Author: allan
Revision: 145147
upgpkg: glibc 2.14.1-3
fix potential heap overflow vulnerability, do less stripping to fix valgrind issues
Added:
glibc/trunk/glibc-2.14.1-tzfile-overflow.patch
Modified:
glibc/trunk/PKGBUILD
------------------------------------+
PKGBUILD | 23 +++++++----
glibc-2.14.1-tzfile-overflow.patch | 72 +++++++++++++++++++++++++++++++++++
2 files changed, 87 insertions(+), 8 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-12-18 00:41:44 UTC (rev 145146)
+++ PKGBUILD 2011-12-18 02:28:16 UTC (rev 145147)
@@ -6,7 +6,7 @@
pkgname=glibc
pkgver=2.14.1
-pkgrel=2
+pkgrel=3
_glibcdate=20111025
pkgdesc="GNU C Library"
arch=('i686' 'x86_64')
@@ -31,6 +31,7 @@
glibc-2.14-revert-4768ae77.patch
glibc-2.14-reexport-rpc-interface.patch
glibc-2.14-reinstall-nis-rpc-headers.patch
+ glibc-2.14.1-tzfile-overflow.patch
nscd
locale.gen.txt
locale-gen)
@@ -45,11 +46,11 @@
'7da8c554a3b591c7401d7023b1928afc'
'c5de2a946215d647c8af5432ec4b0da0'
'55febbb72139ac7b65757df085024b83'
+ '1c5fe2ad0120a40432d429f958d18965'
'b587ee3a70c9b3713099295609afde49'
'07ac979b6ab5eeb778d55f041529d623'
'476e9113489f93b348b21e144b6a8fcf')
-
mksource() {
git clone git://sourceware.org/git/glibc.git
pushd glibc
@@ -99,6 +100,10 @@
# http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=bdd816a3 (only fedora branch...)
patch -Np1 -i ${srcdir}/glibc-2.14-reinstall-nis-rpc-headers.patch
+ # http://sourceware.org/bugzilla/show_bug.cgi?id=13506
+ # http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=97ac2654
+ patch -Np1 -i ${srcdir}/glibc-2.14.1-tzfile-overflow.patch
+
install -dm755 ${pkgdir}/etc
touch ${pkgdir}/etc/ld.so.conf
@@ -181,9 +186,12 @@
ln -v -s ../lib/ld* .
fi
- # manually strip files as stripping libpthread-*.so and libthread_db.so
- # with the default $STRIP_SHARED breaks gdb and stripping ld-*.so breaks
- # valgrind on x86_64
+ # Do not strip the following files for improved debugging support
+ # ("improved" as in not breaking gdb and valgrind...):
+ # ld-${pkgver}.so
+ # libc-${pkgver}.so
+ # libpthread-${pkgver}.so
+ # libthread_db-1.0.so
cd $pkgdir
strip $STRIP_BINARIES sbin/{ldconfig,sln} \
@@ -193,10 +201,9 @@
usr/sbin/{iconvconfig,nscd}
[[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4
- strip $STRIP_STATIC usr/lib/*.a \
- lib/{{ld,libpthread}-${pkgver},libthread_db-1.0}.so
+ strip $STRIP_STATIC usr/lib/*.a
- strip $STRIP_SHARED lib/{libanl,libBrokenLocale,libc,libcidn,libcrypt}-${pkgver}.so \
+ strip $STRIP_SHARED lib/{libanl,libBrokenLocale,libcidn,libcrypt}-${pkgver}.so \
lib/libnss_{compat,dns,files,hesiod,nis,nisplus}-${pkgver}.so \
lib/{libdl,libm,libnsl,libresolv,librt,libutil}-${pkgver}.so \
lib/{libmemusage,libpcprofile,libSegFault}.so \
Added: glibc-2.14.1-tzfile-overflow.patch
===================================================================
--- glibc-2.14.1-tzfile-overflow.patch (rev 0)
+++ glibc-2.14.1-tzfile-overflow.patch 2011-12-18 02:28:16 UTC (rev 145147)
@@ -0,0 +1,72 @@
+diff --git a/time/tzfile.c b/time/tzfile.c
+index 144e20b..402389c 100644
+--- a/time/tzfile.c
++++ b/time/tzfile.c
+@@ -234,23 +234,58 @@ __tzfile_read (const char *file, size_t extra, char **extrap)
+ goto read_again;
+ }
+
++ if (__builtin_expect (num_transitions
++ > ((SIZE_MAX - (__alignof__ (struct ttinfo) - 1))
++ / (sizeof (time_t) + 1)), 0))
++ goto lose;
+ total_size = num_transitions * (sizeof (time_t) + 1);
+ total_size = ((total_size + __alignof__ (struct ttinfo) - 1)
+ & ~(__alignof__ (struct ttinfo) - 1));
+ types_idx = total_size;
+- total_size += num_types * sizeof (struct ttinfo) + chars;
++ if (__builtin_expect (num_types
++ > (SIZE_MAX - total_size) / sizeof (struct ttinfo), 0))
++ goto lose;
++ total_size += num_types * sizeof (struct ttinfo);
++ if (__builtin_expect (chars > SIZE_MAX - total_size, 0))
++ goto lose;
++ total_size += chars;
++ if (__builtin_expect (__alignof__ (struct leap) - 1
++ > SIZE_MAX - total_size, 0))
++ goto lose;
+ total_size = ((total_size + __alignof__ (struct leap) - 1)
+ & ~(__alignof__ (struct leap) - 1));
+ leaps_idx = total_size;
++ if (__builtin_expect (num_leaps
++ > (SIZE_MAX - total_size) / sizeof (struct leap), 0))
++ goto lose;
+ total_size += num_leaps * sizeof (struct leap);
+- tzspec_len = (sizeof (time_t) == 8 && trans_width == 8
+- ? st.st_size - (ftello (f)
+- + num_transitions * (8 + 1)
+- + num_types * 6
+- + chars
+- + num_leaps * 12
+- + num_isstd
+- + num_isgmt) - 1 : 0);
++ tzspec_len = 0;
++ if (sizeof (time_t) == 8 && trans_width == 8)
++ {
++ off_t rem = st.st_size - ftello (f);
++ if (__builtin_expect (rem < 0
++ || (size_t) rem < (num_transitions * (8 + 1)
++ + num_types * 6
++ + chars), 0))
++ goto lose;
++ tzspec_len = (size_t) rem - (num_transitions * (8 + 1)
++ + num_types * 6
++ + chars);
++ if (__builtin_expect (num_leaps > SIZE_MAX / 12
++ || tzspec_len < num_leaps * 12, 0))
++ goto lose;
++ tzspec_len -= num_leaps * 12;
++ if (__builtin_expect (tzspec_len < num_isstd, 0))
++ goto lose;
++ tzspec_len -= num_isstd;
++ if (__builtin_expect (tzspec == 0 || tzspec_len - 1 < num_isgmt, 0))
++ goto lose;
++ tzspec_len -= num_isgmt + 1;
++ if (__builtin_expect (SIZE_MAX - total_size < tzspec_len, 0))
++ goto lose;
++ }
++ if (__builtin_expect (SIZE_MAX - total_size - tzspec_len < extra, 0))
++ goto lose;
+
+ /* Allocate enough memory including the extra block requested by the
+ caller. */
More information about the arch-commits
mailing list