Hello community,
here is the log from the commit of package glibc for openSUSE:Factory checked
in at 2019-03-06 19:01:26
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/glibc (Old)
and /work/SRC/openSUSE:Factory/.glibc.new.28833 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc"
Wed Mar 6 19:01:26 2019 rev:227 rq:681703 version:2.29
Changes:
--------
--- /work/SRC/openSUSE:Factory/glibc/glibc.changes 2019-02-24
16:55:44.184899034 +0100
+++ /work/SRC/openSUSE:Factory/.glibc.new.28833/glibc.changes 2019-03-06
19:01:26.765106180 +0100
@@ -1,0 +2,8 @@
+Tue Mar 5 10:38:30 UTC 2019 - Andreas Schwab <sch...@suse.de>
+
+- regex-read-overrun.patch: fix read overrun (CVE-2019-9169, bsc#1127308,
+ BZ #24114)
+- ldconfig-concurrency.patch: Avoid concurrency problem in ldconfig
+ (bsc#1117993, BZ #23973)
+
+-------------------------------------------------------------------
@@ -59,0 +68 @@
+- CVE-2016-10739
@@ -172,0 +182 @@
+- CVE-2009-5155, CVE-2015-8985
New:
----
ldconfig-concurrency.patch
regex-read-overrun.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glibc.spec ++++++
--- /var/tmp/diff_new_pack.SpW4C2/_old 2019-03-06 19:01:29.081105557 +0100
+++ /var/tmp/diff_new_pack.SpW4C2/_new 2019-03-06 19:01:29.085105555 +0100
@@ -71,8 +71,7 @@
BuildRequires: gcc-c++
BuildRequires: gdb
BuildRequires: glibc-devel-static
-# BZ #24113
-#BuildRequires: libidn2-0
+BuildRequires: libidn2-0
BuildRequires: libstdc++-devel
BuildRequires: python3-pexpect
%endif
@@ -284,6 +283,8 @@
Patch1005: riscv-clone-unwind.patch
# PATCH-FIX-UPSTREAM Add new Fortran vector math header file.
Patch1006: add-new-Fortran-vector-math-header-file.patch
+# PATCH-FIX-UPSTREAM regex: fix read overrun (CVE-2019-9169, BZ #24114)
+Patch1007: regex-read-overrun.patch
###
# Patches awaiting upstream approval
@@ -296,6 +297,8 @@
Patch2005: nss-files-long-lines-2.patch
# PATCH-FIX-UPSTREAM Fix iconv buffer handling with IGNORE error handler (BZ
#18830)
Patch2006: iconv-reset-input-buffer.patch
+# PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973)
+Patch2007: ldconfig-concurrency.patch
# Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
@@ -500,11 +503,13 @@
%patch1004 -p1
%patch1005 -p1
%patch1006 -p1
+%patch1007 -p1
%patch2000 -p1
%patch2004 -p1
%patch2005 -p1
%patch2006 -p1
+%patch2007 -p1
%patch3000
++++++ ldconfig-concurrency.patch ++++++
* elf/cache.c (save_cache): Use unique temporary name.
(save_aux_cache): Likewise.
Index: glibc-2.29/elf/cache.c
===================================================================
--- glibc-2.29.orig/elf/cache.c
+++ glibc-2.29/elf/cache.c
@@ -427,12 +427,12 @@ save_cache (const char *cache_name)
/* Write out the cache. */
/* Write cache first to a temporary file and rename it later. */
- char *temp_name = xmalloc (strlen (cache_name) + 2);
- sprintf (temp_name, "%s~", cache_name);
+ char *temp_name;
+ if (asprintf (&temp_name, "%s.XXXXXX", cache_name) < 0)
+ error (EXIT_FAILURE, errno, _("Can't allocate temporary name for cache
file"));
/* Create file. */
- int fd = open (temp_name, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW,
- S_IRUSR|S_IWUSR);
+ int fd = mkostemp (temp_name, 0);
if (fd < 0)
error (EXIT_FAILURE, errno, _("Can't create temporary cache file %s"),
temp_name);
@@ -481,6 +481,7 @@ save_cache (const char *cache_name)
free (file_entries_new);
free (file_entries);
free (strings);
+ free (temp_name);
while (entries)
{
@@ -804,8 +805,9 @@ save_aux_cache (const char *aux_cache_na
/* Write out auxiliary cache file. */
/* Write auxiliary cache first to a temporary file and rename it later. */
- char *temp_name = xmalloc (strlen (aux_cache_name) + 2);
- sprintf (temp_name, "%s~", aux_cache_name);
+ char *temp_name;
+ if (asprintf (&temp_name, "%s.XXXXXX", aux_cache_name) < 0)
+ goto out_fail2;
/* Check that directory exists and create if needed. */
char *dir = strdupa (aux_cache_name);
@@ -819,8 +821,7 @@ save_aux_cache (const char *aux_cache_na
}
/* Create file. */
- int fd = open (temp_name, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW,
- S_IRUSR|S_IWUSR);
+ int fd = mkostemp (temp_name, 0);
if (fd < 0)
goto out_fail;
@@ -840,5 +841,6 @@ save_aux_cache (const char *aux_cache_na
out_fail:
/* Free allocated memory. */
free (temp_name);
+out_fail2:
free (file_entries);
}
++++++ regex-read-overrun.patch ++++++
2019-01-31 Paul Eggert <egg...@cs.ucla.edu>
regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
* posix/regexec.c (proceed_next_node):
Do not read past end of input buffer.
Index: glibc-2.29/posix/regexec.c
===================================================================
--- glibc-2.29.orig/posix/regexec.c
+++ glibc-2.29/posix/regexec.c
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_contex
else if (naccepted)
{
char *buf = (char *) re_string_get_buffer (&mctx->input);
- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
- naccepted) != 0)
+ if (mctx->input.valid_len - *pidx < naccepted
+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+ naccepted)
+ != 0))
return -1;
}
}
