[arch-commits] Commit in glibc/trunk (glibc-2.21-roundup.patch)

Jan Steffens heftig at archlinux.org
Fri Aug 7 12:54:10 UTC 2015 

    Date: Friday, August 7, 2015 @ 14:54:10
  Author: heftig
Revision: 243110

Remove old patch

Deleted:
  glibc/trunk/glibc-2.21-roundup.patch

--------------------------+
 glibc-2.21-roundup.patch |   97 ---------------------------------------------
 1 file changed, 97 deletions(-)

Deleted: glibc-2.21-roundup.patch
===================================================================
--- glibc-2.21-roundup.patch	2015-08-07 12:39:10 UTC (rev 243109)
+++ glibc-2.21-roundup.patch	2015-08-07 12:54:10 UTC (rev 243110)
@@ -1,97 +0,0 @@
-diff --git a/ChangeLog b/ChangeLog
-index dc1ed1b..26feb07 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,15 @@
-+2015-04-21  Arjun Shankar  <arjun.is at lostca.se>
-+
-+	[BZ #18287]
-+	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
-+	based on padding.  (CVE-2015-1781)
-+
-+2015-02-10  Evangelos Foutras  <evangelos at foutrelis.com>
-+
-+	[BZ #17949]
-+	* sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
-+	jump label.
-+
- 2015-02-06  Carlos O'Donell  <carlos at systemhalted.org>
- 
- 	* version.h (RELEASE): Set to "stable".
-@@ -7,6 +19,7 @@
- 	* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
- 
- 2015-02-05  Paul Pluzhnikov  <ppluzhnikov at google.com>
-+	    Paul Eggert  <eggert at cs.ucla.edu>
- 
- 	[BZ #16618]
- 	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
-diff --git a/NEWS b/NEWS
-index 617cdbb..c9f6b58 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,6 +5,19 @@ See the end for copying conditions.
- Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
- using `glibc' in the "product" field.
- 

-+Version 2.21.1
-+
-+* The following bugs are resolved with this release:
-+
-+  17949, 18287.
-+
-+* A buffer overflow in gethostbyname_r and related functions performing DNS
-+  requests has been fixed.  If the NSS functions were called with a
-+  misaligned buffer, the buffer length change due to pointer alignment was
-+  not taken into account.  This could result in application crashes or,
-+  potentially arbitrary code execution, using crafted, but syntactically
-+  valid DNS responses.  (CVE-2015-1781)
-+

- Version 2.21
- 
- * The following bugs are resolved with this release:
-@@ -21,10 +34,11 @@ Version 2.21
-   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
-   17892.
- 
--* CVE-2015-1472 Under certain conditions wscanf can allocate too little
--  memory for the to-be-scanned arguments and overflow the allocated
--  buffer.  The implementation now correctly computes the required buffer
--  size when using malloc.
-+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
-+  too little memory for the to-be-scanned arguments and overflow the
-+  allocated buffer.  The implementation now correctly computes the required
-+  buffer size when using malloc, and switches to malloc from alloca as
-+  intended.
- 
- * A new semaphore algorithm has been implemented in generic C code for all
-   machines. Previous custom assembly implementations of semaphore were
-diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index f715ab0..40069a7 100644
---- a/resolv/nss_dns/dns-host.c
-+++ b/resolv/nss_dns/dns-host.c
-@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
-   int have_to_map = 0;
-   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
-   buffer += pad;
--  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
-+  buflen = buflen > pad ? buflen - pad : 0;
-+  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
-     {
-       /* The buffer is too small.  */
-     too_small:
-diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
-index 207b648..b6fa202 100644
---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
-+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
-@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
- 	cmpl	$0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
- 	jne	1f
- 	call	__init_cpu_features
--	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
--1:	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
-+1:	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
-+	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
- 	jz	2f
- 	leal	__mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
- 	testl	$bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)

More information about the arch-commits mailing list