[arch-commits] Commit in lib32-glibc/trunk (PKGBUILD glibc-2.21-roundup.patch)

Jan Steffens heftig at archlinux.org
Thu Apr 23 13:47:00 UTC 2015 

    Date: Thursday, April 23, 2015 @ 15:46:59
  Author: heftig
Revision: 132051

2.21-4

Modified:
  lib32-glibc/trunk/PKGBUILD
  lib32-glibc/trunk/glibc-2.21-roundup.patch

--------------------------+
 PKGBUILD                 |    6 +++---
 glibc-2.21-roundup.patch |   41 ++++++++++++++++++++++++++++++++++-------
 2 files changed, 37 insertions(+), 10 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2015-04-23 13:43:23 UTC (rev 132050)
+++ PKGBUILD	2015-04-23 13:46:59 UTC (rev 132051)
@@ -8,7 +8,7 @@
 _pkgbasename=glibc
 pkgname=lib32-$_pkgbasename
 pkgver=2.21
-pkgrel=2
+pkgrel=4
 pkgdesc="GNU C Library (32-bit)"
 arch=('x86_64')
 url="http://www.gnu.org/software/libc"
@@ -26,7 +26,7 @@
         lib32-glibc.conf)
 md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
          'SKIP'
-         'bf9d96b11c76b113606aae102da63d9d'
+         'feb826d5f4965e9892ee6e851fec43a9'
          '6e052f1cb693d5d3203f50f9d4e8c33b')
 validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF')  # Carlos O'Donell
 
@@ -33,7 +33,7 @@
 prepare() {
   cd ${srcdir}/glibc-${pkgver}
 
-  # glibc-2.21..75adf430
+  # glibc-2.21..01b07c70
   patch -p1 -i $srcdir/glibc-2.21-roundup.patch
 
   mkdir ${srcdir}/glibc-build

Modified: glibc-2.21-roundup.patch
===================================================================
--- glibc-2.21-roundup.patch	2015-04-23 13:43:23 UTC (rev 132050)
+++ glibc-2.21-roundup.patch	2015-04-23 13:46:59 UTC (rev 132051)
@@ -1,8 +1,14 @@
 diff --git a/ChangeLog b/ChangeLog
-index dc1ed1b..45579de 100644
+index dc1ed1b..26feb07 100644
 --- a/ChangeLog
 +++ b/ChangeLog
-@@ -1,3 +1,9 @@
+@@ -1,3 +1,15 @@
++2015-04-21  Arjun Shankar  <arjun.is at lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
 +2015-02-10  Evangelos Foutras  <evangelos at foutrelis.com>
 +
 +	[BZ #17949]
@@ -12,7 +18,7 @@
  2015-02-06  Carlos O'Donell  <carlos at systemhalted.org>
  
  	* version.h (RELEASE): Set to "stable".
-@@ -7,6 +13,7 @@
+@@ -7,6 +19,7 @@
  	* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
  
  2015-02-05  Paul Pluzhnikov  <ppluzhnikov at google.com>
@@ -21,10 +27,10 @@
  	[BZ #16618]
  	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
 diff --git a/NEWS b/NEWS
-index 617cdbb..ff79f0d 100644
+index 617cdbb..c9f6b58 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -5,6 +5,12 @@ See the end for copying conditions.
+@@ -5,6 +5,19 @@ See the end for copying conditions.
  Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
  using `glibc' in the "product" field.
  

@@ -32,12 +38,19 @@
 +
 +* The following bugs are resolved with this release:
 +
-+  17949.
++  17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
 +

  Version 2.21
  
  * The following bugs are resolved with this release:
-@@ -21,10 +27,11 @@ Version 2.21
+@@ -21,10 +34,11 @@ Version 2.21
    17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
    17892.
  
@@ -53,6 +66,20 @@
  
  * A new semaphore algorithm has been implemented in generic C code for all
    machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+     {
+       /* The buffer is too small.  */
+     too_small:
 diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
 index 207b648..b6fa202 100644
 --- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S

More information about the arch-commits mailing list