> There are 2 files in the patch sent and the first > patch(0024-CVE-2023-5156-1.patch) is the duplicate of > https://lists.openembedded.org/g/openembedded-core/message/188490 > (CVE-2023-4806) which was sent to the mailing list. > Will I have to drop the (0024-CVE-2023-5156-1.patch) and send the second > patch as a V2 ??
Actually I'd prefer that you do an update to the latest head of release/2.37/master since it includes the fixes for CVE-2023-4806, CVE-2023-5156, and the newly announced CVE-2023-4911) Is this something you can do quickly? I'd like to fast track that fix. Steve On Tue, Oct 3, 2023 at 8:08 AM Steve Sakoman via lists.openembedded.org <steve=sakoman....@lists.openembedded.org> wrote: > > Unfortunately this patch doesn't apply (even after I edited for the > previous addition of glibc: fix CVE-2023-4806 > > ERROR: glibc-2.37-r1 do_patch: Applying patch > '0024-CVE-2023-5156-1.patch' on target directory > '/home/steve/builds/poky-contrib-mickledore/build/tmp/work/core2-64-poky-linux/glibc/2.37-r1/git' > CmdError('quilt --quiltrc > /home/steve/builds/poky-contrib-mickledore/build/tmp/work/core2-64-poky-linux/glibc/2.37-r1/recipe-sysroot-native/etc/quiltrc > push', 0, 'stdout: Applying patch 0024-CVE-2023-5156-1.patch > patching file nss/Makefile > Hunk #1 FAILED at 82. > Hunk #2 FAILED at 145. > Hunk #3 FAILED at 180. > Hunk #4 FAILED at 195. > Hunk #5 FAILED at 215. > 5 out of 5 hunks FAILED -- rejects in file nss/Makefile > The next patch would create the file nss/nss_test_gai_hv2_canonname.c, > which already exists! Applying it anyway. > patching file nss/nss_test_gai_hv2_canonname.c > Hunk #1 FAILED at 1. > 1 out of 1 hunk FAILED -- rejects in file nss/nss_test_gai_hv2_canonname.c > The next patch would create the file nss/tst-nss-gai-hv2-canonname.c, > which already exists! Applying it anyway. > patching file nss/tst-nss-gai-hv2-canonname.c > Hunk #1 FAILED at 1. > 1 out of 1 hunk FAILED -- rejects in file nss/tst-nss-gai-hv2-canonname.c > The next patch would create the file nss/tst-nss-gai-hv2-canonname.h, > which already exists! Applying it anyway. > patching file nss/tst-nss-gai-hv2-canonname.h > Hunk #1 FAILED at 1. > 1 out of 1 hunk FAILED -- rejects in file nss/tst-nss-gai-hv2-canonname.h > The next patch would empty out the file > nss/tst-nss-gai-hv2-canonname.root/postclean.req, > which is already empty! Applying it anyway. > patching file nss/tst-nss-gai-hv2-canonname.root/postclean.req > The next patch would create the file > nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script, > which already exists! Applying it anyway. > patching file > nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script > Hunk #1 FAILED at 1. > 1 out of 1 hunk FAILED -- rejects in file > nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script > patching file sysdeps/posix/getaddrinfo.c > Hunk #1 FAILED at 120. > Hunk #2 FAILED at 165. > Hunk #3 FAILED at 203. > Hunk #4 succeeded at 248 with fuzz 2 (offset 10 lines). > Hunk #5 FAILED at 271. > Hunk #6 FAILED at 333. > Hunk #7 FAILED at 780. > 6 out of 7 hunks FAILED -- rejects in file sysdeps/posix/getaddrinfo.c > Patch 0024-CVE-2023-5156-1.patch can be reverse-applied > > Steve > > On Tue, Oct 3, 2023 at 1:30 AM <deepthi.hem...@windriver.com> wrote: > > > > From: Deepthi Hemraj <deepthi.hem...@windriver.com> > > > > Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com> > > --- > > .../glibc/glibc/0024-CVE-2023-5156-1.patch | 329 ++++++++++++++++++ > > .../glibc/glibc/0024-CVE-2023-5156-2.patch | 93 +++++ > > meta/recipes-core/glibc/glibc_2.37.bb | 2 + > > 3 files changed, 424 insertions(+) > > create mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch > > create mode 100644 meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch > > > > diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch > > b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch > > new file mode 100644 > > index 0000000000..65afaa446a > > --- /dev/null > > +++ b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-1.patch > > @@ -0,0 +1,329 @@ > > +From: Siddhesh Poyarekar <siddh...@sourceware.org> > > +Date: Fri, 15 Sep 2023 17:51:12 +0000 (-0400) > > +Subject: getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > > +X-Git-Url: > > https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=973fe93a5675c42798b2161c6f29c01b0e243994 > > + > > +getaddrinfo: Fix use after free in getcanonname (CVE-2023-4806) > > + > > +When an NSS plugin only implements the _gethostbyname2_r and > > +_getcanonname_r callbacks, getaddrinfo could use memory that was freed > > +during tmpbuf resizing, through h_name in a previous query response. > > + > > +The backing store for res->at->name when doing a query with > > +gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in > > +gethosts during the query. For AF_INET6 lookup with AI_ALL | > > +AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second > > +for a v4 lookup. In this case, if the first call reallocates tmpbuf > > +enough number of times, resulting in a malloc, th->h_name (that > > +res->at->name refers to) ends up on a heap allocated storage in tmpbuf. > > +Now if the second call to gethosts also causes the plugin callback to > > +return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF > > +reference in res->at->name. This then gets dereferenced in the > > +getcanonname_r plugin call, resulting in the use after free. > > + > > +Fix this by copying h_name over and freeing it at the end. This > > +resolves BZ #30843, which is assigned CVE-2023-4806. > > + > > +Signed-off-by: Siddhesh Poyarekar <siddh...@sourceware.org> > > + > > +Upstream-Status: Backport > > [https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=973fe93a5675c42798b2161c6f29c01b0e243994] > > + > > +CVE: CVE-2023-5156 > > + > > +Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com> > > + > > +--- > > + > > +diff --git a/nss/Makefile b/nss/Makefile > > +index 06fcdc450f..8a5126ecf3 100644 > > +--- a/nss/Makefile > > ++++ b/nss/Makefile > > +@@ -82,6 +82,7 @@ tests-container := \ > > + tst-nss-test3 \ > > + tst-reload1 \ > > + tst-reload2 \ > > ++ tst-nss-gai-hv2-canonname \ > > + # tests-container > > + > > + # Tests which need libdl > > +@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out > > .os,$(object-suffixes)) > > + ifeq ($(build-static-nss),yes) > > + tests-static += tst-nss-static > > + endif > > +-extra-test-objs += nss_test1.os nss_test2.os > > nss_test_errno.os > > ++extra-test-objs += nss_test1.os nss_test2.os > > nss_test_errno.os \ > > ++ nss_test_gai_hv2_canonname.os > > + > > + include ../Rules > > + > > +@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver > > + libof-nss_test1 = extramodules > > + libof-nss_test2 = extramodules > > + libof-nss_test_errno = extramodules > > ++libof-nss_test_gai_hv2_canonname = extramodules > > + $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) > > + $(build-module) > > + $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) > > + $(build-module) > > + $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os > > $(link-libc-deps) > > + $(build-module) > > ++$(objpfx)/libnss_test_gai_hv2_canonname.so: \ > > ++ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) > > ++ $(build-module) > > + $(objpfx)nss_test2.os : nss_test1.c > > + # Use the nss_files suffix for these objects as well. > > + $(objpfx)/libnss_test1.so$(libnss_files.so-version): > > $(objpfx)/libnss_test1.so > > +@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): > > $(objpfx)/libnss_test2.so > > + $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ > > + $(objpfx)/libnss_test_errno.so > > + $(make-link) > > ++$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ > > ++ $(objpfx)/libnss_test_gai_hv2_canonname.so > > ++ $(make-link) > > + $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ > > + $(objpfx)/libnss_test1.so$(libnss_files.so-version) \ > > + $(objpfx)/libnss_test2.so$(libnss_files.so-version) \ > > +- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) > > ++ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ > > ++ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) > > + > > + ifeq (yes,$(have-thread-library)) > > + $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) > > +@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags > > + LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags > > + LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags > > + LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags > > ++LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags > > +diff --git a/nss/nss_test_gai_hv2_canonname.c > > b/nss/nss_test_gai_hv2_canonname.c > > +new file mode 100644 > > +index 0000000000..4439c83c9f > > +--- /dev/null > > ++++ b/nss/nss_test_gai_hv2_canonname.c > > +@@ -0,0 +1,56 @@ > > ++/* NSS service provider that only provides gethostbyname2_r. > > ++ Copyright The GNU Toolchain Authors. > > ++ This file is part of the GNU C Library. > > ++ > > ++ The GNU C Library is free software; you can redistribute it and/or > > ++ modify it under the terms of the GNU Lesser General Public > > ++ License as published by the Free Software Foundation; either > > ++ version 2.1 of the License, or (at your option) any later version. > > ++ > > ++ The GNU C Library is distributed in the hope that it will be useful, > > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > ++ Lesser General Public License for more details. > > ++ > > ++ You should have received a copy of the GNU Lesser General Public > > ++ License along with the GNU C Library; if not, see > > ++ <https://www.gnu.org/licenses/>. */ > > ++ > > ++#include <nss.h> > > ++#include <stdlib.h> > > ++#include <string.h> > > ++#include "nss/tst-nss-gai-hv2-canonname.h" > > ++ > > ++/* Catch misnamed and functions. */ > > ++#pragma GCC diagnostic error "-Wmissing-prototypes" > > ++NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname) > > ++ > > ++extern enum nss_status _nss_files_gethostbyname2_r (const char *, int, > > ++ struct hostent *, char > > *, > > ++ size_t, int *, int *); > > ++ > > ++enum nss_status > > ++_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af, > > ++ struct hostent *result, > > ++ char *buffer, size_t buflen, > > ++ int *errnop, int *herrnop) > > ++{ > > ++ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, > > errnop, > > ++ herrnop); > > ++} > > ++ > > ++enum nss_status > > ++_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char > > *buffer, > > ++ size_t buflen, char **result, > > ++ int *errnop, int *h_errnop) > > ++{ > > ++ /* We expect QUERYNAME, which is a small enough string that it > > shouldn't fail > > ++ the test. */ > > ++ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME)) > > ++ || buflen < sizeof (QUERYNAME)) > > ++ abort (); > > ++ > > ++ strncpy (buffer, name, buflen); > > ++ *result = buffer; > > ++ return NSS_STATUS_SUCCESS; > > ++} > > +diff --git a/nss/tst-nss-gai-hv2-canonname.c > > b/nss/tst-nss-gai-hv2-canonname.c > > +new file mode 100644 > > +index 0000000000..d5f10c07d6 > > +--- /dev/null > > ++++ b/nss/tst-nss-gai-hv2-canonname.c > > +@@ -0,0 +1,63 @@ > > ++/* Test NSS query path for plugins that only implement gethostbyname2 > > ++ (#30843). > > ++ Copyright The GNU Toolchain Authors. > > ++ This file is part of the GNU C Library. > > ++ > > ++ The GNU C Library is free software; you can redistribute it and/or > > ++ modify it under the terms of the GNU Lesser General Public > > ++ License as published by the Free Software Foundation; either > > ++ version 2.1 of the License, or (at your option) any later version. > > ++ > > ++ The GNU C Library is distributed in the hope that it will be useful, > > ++ but WITHOUT ANY WARRANTY; without even the implied warranty of > > ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > > ++ Lesser General Public License for more details. > > ++ > > ++ You should have received a copy of the GNU Lesser General Public > > ++ License along with the GNU C Library; if not, see > > ++ <https://www.gnu.org/licenses/>. */ > > ++ > > ++#include <nss.h> > > ++#include <netdb.h> > > ++#include <stdlib.h> > > ++#include <string.h> > > ++#include <support/check.h> > > ++#include <support/xstdio.h> > > ++#include "nss/tst-nss-gai-hv2-canonname.h" > > ++ > > ++#define PREPARE do_prepare > > ++ > > ++static void do_prepare (int a, char **av) > > ++{ > > ++ FILE *hosts = xfopen ("/etc/hosts", "w"); > > ++ for (unsigned i = 2; i < 255; i++) > > ++ { > > ++ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i); > > ++ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i); > > ++ } > > ++ xfclose (hosts); > > ++} > > ++ > > ++static int > > ++do_test (void) > > ++{ > > ++ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); > > ++ > > ++ struct addrinfo hints = {}; > > ++ struct addrinfo *result = NULL; > > ++ > > ++ hints.ai_family = AF_INET6; > > ++ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; > > ++ > > ++ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result); > > ++ > > ++ if (ret != 0) > > ++ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret)); > > ++ > > ++ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME); > > ++ > > ++ freeaddrinfo(result); > > ++ return 0; > > ++} > > ++ > > ++#include <support/test-driver.c> > > +diff --git a/nss/tst-nss-gai-hv2-canonname.h > > b/nss/tst-nss-gai-hv2-canonname.h > > +new file mode 100644 > > +index 0000000000..14f2a9cb08 > > +--- /dev/null > > ++++ b/nss/tst-nss-gai-hv2-canonname.h > > +@@ -0,0 +1 @@ > > ++#define QUERYNAME "test.example.com" > > +diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req > > b/nss/tst-nss-gai-hv2-canonname.root/postclean.req > > +new file mode 100644 > > +index 0000000000..e69de29bb2 > > +diff --git > > a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script > > b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script > > +new file mode 100644 > > +index 0000000000..31848b4a28 > > +--- /dev/null > > ++++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script > > +@@ -0,0 +1,2 @@ > > ++cp $B/nss/libnss_test_gai_hv2_canonname.so > > $L/libnss_test_gai_hv2_canonname.so.2 > > ++su > > +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c > > +index 6ae6744fe4..47f421fddf 100644 > > +--- a/sysdeps/posix/getaddrinfo.c > > ++++ b/sysdeps/posix/getaddrinfo.c > > +@@ -120,6 +120,7 @@ struct gaih_result > > + { > > + struct gaih_addrtuple *at; > > + char *canon; > > ++ char *h_name; > > + bool free_at; > > + bool got_ipv6; > > + }; > > +@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) > > + if (res->free_at) > > + free (res->at); > > + free (res->canon); > > ++ free (res->h_name); > > + memset (res, 0, sizeof (*res)); > > + } > > + > > +@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct > > gaih_typeproto *tp, > > + return 0; > > + } > > + > > +-/* Convert struct hostent to a list of struct gaih_addrtuple objects. > > h_name > > +- is not copied, and the struct hostent object must not be deallocated > > +- prematurely. The new addresses are appended to the tuple array in > > RES. */ > > ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. > > The new > > ++ addresses are appended to the tuple array in RES. */ > > + static bool > > + convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, > > + struct hostent *h, struct gaih_result > > *res) > > +@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct > > addrinfo *req, int family, > > + res->at = array; > > + res->free_at = true; > > + > > ++ /* Duplicate h_name because it may get reclaimed when the underlying > > storage > > ++ is freed. */ > > ++ if (res->h_name == NULL) > > ++ { > > ++ res->h_name = __strdup (h->h_name); > > ++ if (res->h_name == NULL) > > ++ return false; > > ++ } > > ++ > > + /* Update the next pointers on reallocation. */ > > + for (size_t i = 0; i < old; i++) > > + array[i].next = array + i + 1; > > +@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct > > addrinfo *req, int family, > > + } > > + array[i].next = array + i + 1; > > + } > > +- array[0].name = h->h_name; > > + array[count - 1].next = NULL; > > + > > + return true; > > +@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, > > const char *name, > > + memory allocation failure. The returned string is allocated on the > > + heap; the caller has to free it. */ > > + static char * > > +-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char > > *name) > > ++getcanonname (nss_action_list nip, const char *hname, const char *name) > > + { > > + nss_getcanonname_r *cfct = __nss_lookup_function (nip, > > "getcanonname_r"); > > + char *s = (char *) name; > > + if (cfct != NULL) > > + { > > + char buf[256]; > > +- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), > > +- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) > > ++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, > > &errno, > > ++ &h_errno)) != NSS_STATUS_SUCCESS) > > + /* If the canonical name cannot be determined, use the passed > > + string. */ > > + s = (char *) name; > > +@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct > > addrinfo *req, > > + if ((req->ai_flags & AI_CANONNAME) != 0 > > + && res->canon == NULL) > > + { > > +- char *canonbuf = getcanonname (nip, res->at, name); > > ++ char *canonbuf = getcanonname (nip, res->h_name, > > name); > > + if (canonbuf == NULL) > > + { > > + __resolv_context_put (res_ctx); > > diff --git a/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch > > b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch > > new file mode 100644 > > index 0000000000..507db5e13b > > --- /dev/null > > +++ b/meta/recipes-core/glibc/glibc/0024-CVE-2023-5156-2.patch > > @@ -0,0 +1,93 @@ > > +From: Romain Geissler <romain.geiss...@amadeus.com> > > +Date: Mon, 25 Sep 2023 00:21:51 +0000 (+0100) > > +Subject: Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 > > [BZ #30843] > > +X-Git-Url: > > https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=ec6b95c3303c700eb89eebeda2d7264cc184a796 > > + > > +Fix leak in getaddrinfo introduced by the fix for CVE-2023-4806 [BZ #30843] > > + > > +This patch fixes a very recently added leak in getaddrinfo. > > + > > +Reviewed-by: Siddhesh Poyarekar <siddh...@sourceware.org> > > + > > +Upstream-Status: Backport > > [https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=ec6b95c3303c700eb89eebeda2d7264cc184a796] > > + > > +CVE: CVE-2023-5156 > > + > > +Signed-off-by: Deepthi Hemraj <deepthi.hem...@windriver.com> > > + > > +--- > > + > > +diff --git a/nss/Makefile b/nss/Makefile > > +index 8a5126ecf3..668ba34b18 100644 > > +--- a/nss/Makefile > > ++++ b/nss/Makefile > > +@@ -149,6 +149,15 @@ endif > > + extra-test-objs += nss_test1.os nss_test2.os > > nss_test_errno.os \ > > + nss_test_gai_hv2_canonname.os > > + > > ++ifeq ($(run-built-tests),yes) > > ++ifneq (no,$(PERL)) > > ++tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out > > ++endif > > ++endif > > ++ > > ++generated += mtrace-tst-nss-gai-hv2-canonname.out \ > > ++ tst-nss-gai-hv2-canonname.mtrace > > ++ > > + include ../Rules > > + > > + ifeq (yes,$(have-selinux)) > > +@@ -217,6 +226,17 @@ endif > > + $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so > > + $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so > > + > > ++tst-nss-gai-hv2-canonname-ENV = \ > > ++ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ > > ++ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so > > ++$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \ > > ++ $(objpfx)tst-nss-gai-hv2-canonname.out > > ++ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \ > > ++ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit > > 77; ) \ > > ++ && $(common-objpfx)malloc/mtrace \ > > ++ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \ > > ++ $(evaluate-test) > > ++ > > + # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS > > + # functions can load testing NSS modules via DT_RPATH. > > + LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags > > +diff --git a/nss/tst-nss-gai-hv2-canonname.c > > b/nss/tst-nss-gai-hv2-canonname.c > > +index d5f10c07d6..7db53cf09d 100644 > > +--- a/nss/tst-nss-gai-hv2-canonname.c > > ++++ b/nss/tst-nss-gai-hv2-canonname.c > > +@@ -21,6 +21,7 @@ > > + #include <netdb.h> > > + #include <stdlib.h> > > + #include <string.h> > > ++#include <mcheck.h> > > + #include <support/check.h> > > + #include <support/xstdio.h> > > + #include "nss/tst-nss-gai-hv2-canonname.h" > > +@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av) > > + static int > > + do_test (void) > > + { > > ++ mtrace (); > > ++ > > + __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); > > + > > + struct addrinfo hints = {}; > > +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c > > +index 47f421fddf..531124958d 100644 > > +--- a/sysdeps/posix/getaddrinfo.c > > ++++ b/sysdeps/posix/getaddrinfo.c > > +@@ -1196,9 +1196,7 @@ free_and_return: > > + if (malloc_name) > > + free ((char *) name); > > + free (addrmem); > > +- if (res.free_at) > > +- free (res.at); > > +- free (res.canon); > > ++ gaih_result_reset (&res); > > + > > + return result; > > + } > > diff --git a/meta/recipes-core/glibc/glibc_2.37.bb > > b/meta/recipes-core/glibc/glibc_2.37.bb > > index caf454f368..b88bc5fc4f 100644 > > --- a/meta/recipes-core/glibc/glibc_2.37.bb > > +++ b/meta/recipes-core/glibc/glibc_2.37.bb > > @@ -50,6 +50,8 @@ SRC_URI = > > "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \ > > > > file://0021-fix-create-thread-failed-in-unprivileged-process-BZ-.patch \ > > > > file://0022-Avoid-hardcoded-build-time-paths-in-the-output-binar.patch \ > > file://0023-CVE-2023-4527.patch \ > > + file://0024-CVE-2023-5156-1.patch \ > > + file://0024-CVE-2023-5156-2.patch \ > > " > > S = "${WORKDIR}/git" > > B = "${WORKDIR}/build-${TARGET_SYS}" > > -- > > 2.39.0 > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188687): https://lists.openembedded.org/g/openembedded-core/message/188687 Mute This Topic: https://lists.openembedded.org/mt/101731788/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-