[notify] glibc-32: updated to 2.24-9. Syncs with upstream.

Fixes:
CVE-2017-15670
CVE-2017-1000366
CVE-2015-5180
This commit is contained in:
Fredrik Rinnestam 2017-10-22 16:38:18 +02:00
parent c1f9872e22
commit e62008a86e
5 changed files with 2377 additions and 24 deletions

View File

@ -1,4 +1,5 @@
052018e4621ea8e3d7d8f1b711fcdaa3 glibc-2.24-updates.patch
bcfb2cb7f1cb0b4ecce27fcd5d5d2b21 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
cb9c54c9d22b3ab597a69d05420b5e80 glibc-2.24.8.patch
97dc5517f92016f3d70d83e3162ad318 glibc-2.24.tar.xz
ac19b5dac0b160aa59a2e265998c3e91 kernel-headers-4.9.5.tar.xz
a8f4549c716cd37244fbf1ed059497f8 lib32.conf

View File

@ -1,8 +1,9 @@
untrusted comment: verify with /etc/ports/core.pub
RWRJc1FUaeVeqgHIVZCdS2I9jSvM+uPwpamx0V9TvLkWLquTugBPkS5Fhy+AuARhAk2tuHHyo1P8446Ui+0G5BLJ/LqNyLC5QA0=
SHA256 (Pkgfile) = 62d282b0fe37b75aaf5ba15e589eb11f499de60bc9b265a8891e4f77711cec63
RWRJc1FUaeVeqjeyptGRCBcjcyr/ot+fF8dm4Kc50exfkG6Dh1ByVtDUMJHkKHGfkRAeiq/6S6qY0oYbewnOS8I7fQ3Vjzj3xw0=
SHA256 (Pkgfile) = e3f3c583e8e6da48eb296cab0aee6bae04c9def714432f8b81fe749c1b08adec
SHA256 (.footprint) = 0af47db3e8a5ea832d1f971ca56f7718a59167c0214375307a508ff46b327119
SHA256 (glibc-2.24.tar.xz) = 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3
SHA256 (kernel-headers-4.9.5.tar.xz) = 5783ad8f668ee71561fae370fbcdc477aaa6df249bd85635b87a8c204aeb4aa9
SHA256 (glibc-2.24-updates.patch) = 11839138c7d82544894df8fb6b505aa7afa1a07e79965a64b2a0dac7a1b0aa64
SHA256 (glibc-2.24.8.patch) = 314fe8ec41042a85991e830a002abf2ff0b98dc4467afa238d8bb369d3be7cca
SHA256 (0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch) = 3f634bf301eb8bab57e5ea552de3f694fb063ab45af3cc91990e1bc24f280ddd
SHA256 (lib32.conf) = 2f174d2bcefe1c29327690514f34d6970fffdd54398320ca23a11b5f1e3c9b2d

View File

@ -0,0 +1,765 @@
From b9911eb529e51ebe7c5daa3b4f17e2caf7ddb9a4 Mon Sep 17 00:00:00 2001
From: Fredrik Rinnestam <fredrik@crux.nu>
Date: Sun, 22 Oct 2017 16:18:40 +0200
Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
---
ChangeLog | 10 +
NEWS | 701 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
posix/glob.c | 2 +-
3 files changed, 712 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 84189ec762..1fb38cb7ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+<<<<<<< HEAD
2017-10-19 H.J. Lu <hongjiu.lu@intel.com>
* sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
@@ -20,6 +21,15 @@
* sysdeps/x86_64/tst-avxmod.c: Likewise.
* sysdeps/x86_64/tst-sse.c: Likewise.
* sysdeps/x86_64/tst-ssemod.c: Likewise.
+=======
+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
+
+ [BZ #22320]
+ CVE-2017-15670
+ * posix/glob.c (__glob): Fix one-byte overflow.
+
+2017-10-20 Wilco Dijkstra <wdijkstr@arm.com>
+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
2017-10-19 H.J. Lu <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 4831542023..90cae42eee 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,708 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+<<<<<<< HEAD
Version 2.24.1
+=======
+Version 2.27
+
+Major new features:
+
+* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin and tan
+ with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel.
+
+* Optimized x86-64 trunc and truncf for processors with SSE4.1.
+
+* Optimized generic expf, exp2f, logf, log2f and powf.
+
+* In order to support faster and safer process termination the malloc API
+ family of functions will no longer print a failure address and stack
+ backtrace after detecting heap corruption. The goal is to minimize the
+ amount of work done after corruption is detected and to avoid potential
+ security issues in continued process execution. Reducing shutdown time
+ leads to lower overall process restart latency, so there is benefit both
+ from a security and performance perspective.
+
+* The abort function terminates the process immediately, without flushing
+ stdio streams. Previous glibc versions used to flush streams, resulting
+ in deadlocks and further data corruption. This change also affects
+ process aborts as the result of assertion failures.
+
+* On platforms where long double has the IEEE binary128 format (aarch64,
+ alpha, mips64, s390 and sparc), the math library now implements _Float128
+ interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These
+ are the same interfaces added in version 2.26 for some platforms where
+ this format is supported but is not the format of long double.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
+ defined by <sys/ptrace.h>.
+
+* libm no longer supports SVID error handling (calling a user-provided
+ matherr function on error) or the _LIB_VERSION variable to control error
+ handling. (SVID error handling and the _LIB_VERSION variable still work
+ for binaries linked against older versions of the GNU C Library.) The
+ libieee.a library is no longer provided. math.h no longer defines struct
+ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
+ TLOSS, PLOSS and HUGE.
+
+* The libm functions pow10, pow10f and pow10l are no longer supported for
+ new programs. Programs should use the standard names exp10, exp10f and
+ exp10l for these functions instead.
+
+* The mcontext_t type is no longer the same as struct sigcontext. On
+ platforms where it was previously the same, this changes the C++ name
+ mangling for interfaces involving this type.
+
+* The add-ons mechanism for building additional packages at the same time as
+ glibc has been removed. The --enable-add-ons configure option is now
+ ignored.
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
+
+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
+ from a one-byte overflow during ~ operator processing (either on the stack
+ or the heap, depending on the length of the user name).
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+
+
+Version 2.26
+
+Major new features:
+
+* A per-thread cache has been added to malloc. Access to the cache requires
+ no locks and therefore significantly accelerates the fast path to allocate
+ and free small amounts of memory. Refilling an empty cache requires locking
+ the underlying arena. Performance measurements show significant gains in a
+ wide variety of user workloads. Workloads were captured using a special
+ instrumented malloc and analyzed with a malloc simulator. Contributed by
+ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
+
+* Unicode 10.0.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 10.0.0, using
+ generator scripts contributed by Mike FABIAN (Red Hat).
+ These updates cause user visible changes, especially the changes in
+ wcwidth for many emoji characters cause problems when emoji sequences
+ are rendered with pango, see for example:
+ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
+
+* Collation of Hungarian has been overhauled and is now consistent with "The
+ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
+ Egmont Koblinger.
+
+* Improvements to the DNS stub resolver, contributed by Florian Weimer:
+
+ - The GNU C Library will now detect when /etc/resolv.conf has been
+ modified and reload the changed configuration. The new resolver option
+ “no-reload” (RES_NORELOAD) disables this behavior.
+
+ - The GNU C Library now supports an arbitrary number of search domains
+ (configured using the “search” directive in /etc/resolv.conf);
+ previously, there was a hard limit of six domains. For backward
+ compatibility, applications that directly modify the _res global
+ object are still limited to six search domains.
+
+ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
+ Library will now randomly pick a name server from the configuration as a
+ starting point. (Previously, the second name server was always used.)
+
+* The tunables feature is now enabled by default. This allows users to tweak
+ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
+
+* New function reallocarray, which resizes an allocated block (like realloc)
+ to the product of two sizes, with a guaranteed clean failure upon integer
+ overflow in the multiplication. Originally from OpenBSD, contributed by
+ Dennis Wölfing and Rüdiger Sonderfeld.
+
+* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
+ These are extended versions of preadv and pwritev, respectively, taking an
+ additional flags argument. The set of supported flags depends on the
+ running kernel; full support currently requires kernel 4.7 or later.
+
+* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
+ create a new session ID for the spawned process. This feature is
+ scheduled to be added to the next major revision of POSIX; for the time
+ being, it is available under _GNU_SOURCE.
+
+* errno.h is now safe to use from C-preprocessed assembly language on all
+ supported operating systems. In this context, it will only define the
+ Exxxx constants, as preprocessor macros expanding to integer literals.
+
+* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
+ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
+ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
+ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
+
+ To compile programs that use this feature, the compiler must support
+ 128-bit floating point with the type name _Float128 (as defined by TS
+ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
+ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
+ must be defined to make the new interfaces visible.
+
+ The new functions and macros correspond to those present for other
+ floating-point types (except for a few obsolescent interfaces not
+ supported for the new type), with F128 or f128 suffixes; for example,
+ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
+ printf or scanf formats for the new type; the strfromf128 and strtof128
+ interfaces should be used instead.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The synchronization that pthread_spin_unlock performs has been changed to
+ now be equivalent to a C11 atomic store with release memory order to the
+ spin lock's memory location. Previously, several (but not all)
+ architectures used stronger synchronization (e.g., containing what is
+ often called a full barrier). This change can improve performance, but
+ may affect odd fringe uses of spin locks that depend on the previous
+ behavior (e.g., using spin locks as atomic variables to try to implement
+ Dekker's mutual exclusion algorithm).
+
+* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
+ removed.
+
+* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
+ will only be built and installed when the GNU C Library is configured with
+ --enable-obsolete-rpc. This allows alternative RPC implementations, such
+ as TIRPC or rpcsvc-proto, to be used.
+
+* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
+ libnss_compat, are deprecated, and will not be built or installed by
+ default.
+
+ The NIS(+) support library, libnsl, is also deprecated. By default, a
+ compatibility shared library will be built and installed, but not headers
+ or development libraries. Only a few NIS-related programs require this
+ library. (In particular, the GNU C Library has never required programs
+ that use 'gethostbyname' to be linked with libnsl.)
+
+ Replacement implementations based on TIRPC, which additionally support
+ IPv6, are available from <https://github.com/thkukuk/>. The configure
+ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
+ name service modules, to be built and installed.
+
+* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
+ support is enabled, the configured recursive resolver must support EDNS.
+ (Responding to EDNS-enabled queries with responses which are not
+ EDNS-enabled is fine, but FORMERR responses are not.)
+
+* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
+ servers have not supported this opcode for a long time.
+
+* The _res_opcodes variable has been removed from libresolv. It had been
+ exported by accident.
+
+* <string.h> no longer includes inline versions of any string functions,
+ as this kind of optimization is better done by the compiler. The macros
+ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
+
+* The nonstandard header <xlocale.h> has been removed. Most programs should
+ use <locale.h> instead. If you have a specific need for the definition of
+ locale_t with no other declarations, please contact
+ libc-alpha@sourceware.org and explain.
+
+* The obsolete header <sys/ultrasound.h> has been removed.
+
+* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
+
+* The obsolete function cfree has been removed. Applications should use
+ free instead.
+
+* The stack_t type no longer has the name struct sigaltstack. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* The ucontext_t type no longer has the name struct ucontext. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
+ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
+ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
+ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
+ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
+ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
+ fpregset_t type no longer has the name struct fpu. This changes the C++
+ name mangling for interfaces involving those types.
+
+* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
+ synced with the kernel:
+
+ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
+ are not supported on this architecture and have been removed.
+
+ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
+ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
+ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
+
+ Programs that assume the GET/SETREGS ptrace requests are universally
+ available will now fail to build, instead of malfunctioning at runtime.
+
+Changes to build and runtime requirements:
+
+* Linux kernel 3.2 or later is required at runtime, on all architectures
+ supported by that kernel. (This is a change from version 2.25 only for
+ x86-32 and x86-64.)
+
+* GNU Binutils 2.25 or later is now required to build the GNU C Library.
+
+* On most architectures, GCC 4.9 or later is required to build the GNU C
+ Library. On powerpc64le, GCC 6.2 or later is required.
+
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library. (We do not know exactly
+ how old, and some GNU extensions to C may be _de facto_ required. If you
+ are interested in helping us make this statement less vague, please
+ contact libc-alpha@sourceware.org.)
+
+Security related changes:
+
+* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
+
+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
+
+* Avoid printing a backtrace from the __stack_chk_fail function since it is
+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
+ (CVE-2010-3192).
+
+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+ fixed (CVE-2017-12133).
+
+The following bugs are resolved with this release:
+
+ [984] network: Respond to changed resolv.conf in gethostbyname
+ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
+ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
+ fields
+ [12189] libc: __stack_chk_fail should not attempt a backtrace
+ (CVE-2010-3192)
+ [14096] time: Race condition on timezone/tst-timezone.out
+ [14172] localedata: az_IR: new locale
+ [14995] build: glibc fails to build if gold is the default linker, even if
+ ld.bfd is available
+ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
+ [16637] network: inet_pton function is accepting IPv6 with bad format
+ [16640] string: string/strtok.c: undefined behaviour inconsistent between
+ x86 and other generic code
+ [16875] localedata: ko_KR: fix lang_name
+ [17225] localedata: ar_SY: localized month names for May and June are
+ incorrect
+ [17297] localedata: da_DK: wrong date_fmt string
+ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
+ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
+ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
+ [19066] localedata: ar_SA abbreviated day and month names are in English
+ [19569] network: resolv: Support an arbitrary number of search domains
+ [19570] network: Implement random DNS server selection in the stub
+ resolver
+ [19838] locale: localedef fails on PA-RISC
+ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
+ order of 0D36 and 0D37
+ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
+ chillu characters
+ [20098] libc: FAIL: debug/backtrace-tst on hppa
+ [20257] network: sunrpc: clntudp_call does not enforce timeout when
+ receiving data
+ [20275] localedata: locale day/abday/mon/abmon should not have trailing
+ whitespace
+ [20313] localedata: Update locale data to Unicode 9.0
+ [20424] manual: Document how to provide a malloc replacement
+ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
+ for Peru
+ [20686] locale: Add el_GR@euro to SUPPORTED.
+ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
+ failures consistently
+ [21015] dynamic-link: Document and fix --enable-bind-now
+ [21016] nptl: pthread_cond support is broken on hppa
+ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
+ frame-pointer on i386
+ [21049] libc: segfault in longjmp_chk() due to clobbered processor
+ register
+ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
+ [21088] libc: Build fails with --enable-static-nss
+ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
+ generic c code is used
+ [21109] libc: Tunables broken on big-endian
+ [21112] math: powf has large ulp errors with base close to 1 and exponent
+ around 4000
+ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
+ (CVE-2017-12133)
+ [21120] malloc: glibc malloc is incompatible with GCC 7
+ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
+ with -lieee
+ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
+ (-0.0) when linking with -lieee
+ [21171] math: log10, log2 and lgamma return incorrect results
+ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
+ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
+ [21207] localedata: ce_RU: update weekdays from CLDR
+ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
+ [21217] localedata: Update months from CLDR-31
+ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
+ [21243] libc: support_delete_temp_file should issue warning for failed
+ remove()
+ [21244] libc: support resolv_test_start() socket fd close should be
+ checked for errors.
+ [21253] libc: localedef randomly segfaults when using -fstack-check due to
+ new posix_spawn implementation
+ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
+ leads to lower CPU frequency
+ [21259] libc: [alpha] termios.h missing IXANY for POSIX
+ [21261] libc: [sparc64] bits/setjmp.h namespace
+ [21267] network: [mips] bits/socket.h IOC* namespace
+ [21268] libc: [alpha] termios.h NL2, NL3 namespace
+ [21270] libc: mmap64 silently truncates large offset values
+ [21275] libc: posix_spawn always crashes on ia64 now
+ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
+ [21280] math: [powerpc] logbl for POWER7 return incorrect results
+ [21289] libc: Incorrect declaration for 32-bit platforms with
+ _FILE_OFFSET_BITS=64 causes build error
+ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
+ not support gethostbyname4_r
+ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
+ switching
+ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
+ arenas
+ [21340] libc: Support POSIX_SPAWN_SETSID
+ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
+ [21359] network: ns_name_pack needs additional byte in destination buffer
+ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
+ against fragmentation attacks (CVE-2017-12132)
+ [21369] network: resolv: Remove EDNS fallback
+ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
+ and _POSIX_C_SOURCE
+ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
+ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
+ [21393] stdio: Missing dup3 error check in freopen, freopen64
+ [21396] libc: Use AVX2 memcpy/memset on Skylake server
+ [21399] localedata: Bad description for U00EC in
+ localedata/charmaps/CP1254
+ [21411] malloc: realloc documentation error
+ [21426] network: sys/socket.h uio.h namespace
+ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
+ [21445] libc: signal.h bsd_signal namespace
+ [21455] network: Network headers stdint.h namespace
+ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
+ retry value
+ [21475] network: resolv: Overlong search path is truncated mid-label
+ [21511] libc: sigstack namespace
+ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
+ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
+ bits/syscall.h: No such file or directory
+ [21517] libc: struct sigaltstack namespace
+ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
+ [21533] localedata: Update locale data to Unicode 10.0
+ [21537] libc:
+ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
+ junk at end of line, first unrecognized character is `@'
+ [21538] libc: SIG_HOLD missing for XPG4
+ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
+ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
+ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
+ [21543] libc: sigevent namespace
+ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
+ size for general purpose registers in mcontext_t structure
+ [21550] libc: sigwait namespace
+ [21552] libc: XPG4 bsd_signal namespace
+ [21554] libc: sigpause namespace
+ [21560] libc: sys/wait.h signal.h namespace
+ [21561] libc: waitid namespace
+ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
+ '/usr/include/stdlib.h': Permission denied
+ [21575] libc: sys/wait.h missing struct rusage definition
+ [21584] libc: sigaltstack etc namespace
+ [21597] libc: siginterrupt namespace
+ [21607] math: hppa: FAIL: math/test-tgmath
+ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
+ issue on x86-64
+ [21622] libc: [tile] missing SA_* for POSIX.1:2008
+ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
+ stack and heap (CVE-2017-1000366)
+ [21625] libc: wait3 namespace
+ [21654] nss: Incorrect pointer alignment in NSS group merge result
+ construction
+ [21657] network: Parse interface zone id for node-local multicast
+ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
+ between_2_3
+ [21666] libc: .symver is used on common symbol
+ [21668] network: resolv: res_init cross-thread broadcast introduces race
+ conditions
+ [21687] math: tgmath.h totalorder, totalordermag return type
+ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
+ Hindi Locale
+ [21696] libc: Incorrect assumption of of __cpu_mask in
+ posix/sched_cpucount.c
+ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
+ locale
+ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
+ leading to relocation crash
+ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
+ `resolv_conf_matches (resp, conf)' failed.
+ [21710] localedata: Added Samoan language locale for Samoa
+ [21711] localedata: Pashto yesstr/nostr locale are missing
+ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
+ __have_pthread_attr_t can cause redefinition of typedef pthread_attr_t
+ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
+ [21723] localedata: yesstr/nostr missing for Chinese language locale
+ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
+ locale
+ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
+ locale
+ [21728] localedata: New Locale for Tongan language
+ [21729] localedata: incorrect LC_NAME fields for hi_IN
+ [21733] localedata: yesstr and nostr are missing for zh_HK
+ [21734] localedata: Missing yesstr and nostr are for kw_GB
+ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
+ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
+ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
+ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
+ strings
+ [21744] libc: Tests failing on --enable-tunables --enable-stack-
+ protector=all
+ [21749] localedata: Wrong abbreviated day name (“abday”) for
+ ar_JO/ar_LB/ar_SY
+ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
+ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
+ [21759] localedata: missing yesstr and nostr for Tigrinya
+ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
+ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
+ [21767] localedata: Missing Bislama locales
+ [21768] localedata: Missing yesstr and nostr for aa_ET
+ [21770] localedata: Missing Field in li_NL
+ [21778] nptl: Robust mutex may deadlock
+ [21779] libc: MicroBlaze segfaults when loading libpthread
+ [21783] localedata: Fix int_select international_call_prefixes
+ [21784] localedata: Inconsistency in country_isbn
+ [21788] localedata: Missing Country Postal Abbreviations
+ [21794] localedata: Added-country_isbn-for-Italy
+ [21795] localedata: Add/Fix country_isbn for France
+ [21796] localedata: Added country_isbn for Republic of Korea
+ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
+ [21799] localedata: Added int_select international_call_prefixes
+ [21801] localedata: Added int_select international_call_prefixes
+ [21804] nptl: Double semicolon in thread-shared-types.h
+ [21807] localedata: LC_ADDRESS fix for pap_CW
+ [21808] localedata: Fix LC_ADDRESS for pap_AW
+ [21821] localedata: Added country_name in mai_IN
+ [21822] localedata: Fix LC_TIME for mai_IN
+ [21823] localedata: missing yesstr, nostr for sa_IN
+ [21825] localedata: Fix name_mrs for mag_IN
+ [21828] localedata: 2.26 changelog should mention user visible changes
+ with unicode 9.0
+ [21835] localedata: Added Maithili language locale for Nepal
+ [21838] localedata: Removed redundant data for the_NP
+ [21839] localedata: Fix LC_MONETARY for ta_LK
+ [21844] localedata: Fix Latin characters and Months Sequence.
+ [21848] localedata: Fix mai_NP Title Name
+
+
+Version 2.25
+
+* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
+ 24731-2:2010, is supported to enable declarations of functions from that
+ TR. Note that not all functions from that TR are supported by the GNU C
+ Library.
+
+* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
+ 18661-1:2014, is supported to enable declarations of functions and macros
+ from that TS. Note that not all features from that TS are supported by
+ the GNU C Library.
+
+* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
+ 18661-4:2015, is supported to enable declarations of functions and macros
+ from that TS. Note that most features from that TS are not supported by
+ the GNU C Library.
+
+* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
+ now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
+ Since the GNU C Library defaults to a much newer revision of POSIX, this
+ will only affect programs that specifically request an old conformance
+ mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
+ see a change in the visible declarations, but a program compiled with
+ just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
+ will not.
+
+ Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
+ defined by all multithreaded code, but glibc has not required this for
+ many years.
+
+* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
+ means that in a future release, the macros “major”, “minor”, and “makedev”
+ will only be available from <sys/sysmacros.h>.
+
+ These macros are not part of POSIX nor XSI, and their names frequently
+ collide with user code; see for instance glibc bug 19239 and Red Hat bug
+ 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
+ presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
+ problem.
+
+* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
+ fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
+ femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
+
+* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
+ CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
+ UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
+ <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
+ INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
+ UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
+ INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
+ UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
+ UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
+ UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
+ UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
+ WINT_WIDTH.
+
+* New <math.h> features are added from TS 18661-1:2014:
+
+ - Signaling NaN macros: SNANF, SNAN, SNANL.
+
+ - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
+ fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
+ fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
+
+ - llogb functions: the llogb, llogbf and llogbl functions, and the
+ FP_LLOGB0 and FP_LLOGBNAN macros.
+
+ - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
+ fminmagf, fminmagl.
+
+ - Comparison macros: iseqsig.
+
+ - Classification macros: iscanonical, issubnormal, iszero.
+
+ - Total order functions: totalorder, totalorderf, totalorderl,
+ totalordermag, totalordermagf, totalordermagl.
+
+ - Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
+
+ - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
+ setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
+
+* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
+ are added to libc. They convert a floating-point number into string.
+
+* Most of glibc can now be built with the stack smashing protector enabled.
+ It is recommended to build glibc with --enable-stack-protector=strong.
+ Implemented by Nick Alcock (Oracle).
+
+* The function explicit_bzero, from OpenBSD, has been added to libc. It is
+ intended to be used instead of memset() to erase sensitive data after use;
+ the compiler will not optimize out calls to explicit_bzero even if they
+ are "unnecessary" (in the sense that no _correct_ program can observe the
+ effects of the memory clear).
+
+* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
+ to float instead of double. This does not affect the ABI of any libraries
+ that are part of the GNU C Library, but may affect the ABI of other
+ libraries that use this type in their interfaces.
+
+* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
+ float_t and double_t types are now defined to long double instead of float
+ and double. These options are not the default, and this does not affect
+ the ABI of any libraries that are part of the GNU C Library, but it may
+ affect the ABI of other libraries that use this type in their interfaces,
+ if they are compiled or used with those options.
+
+* The getentropy and getrandom functions, and the <sys/random.h> header file
+ have been added.
+
+* The buffer size for byte-oriented stdio streams is now limited to 8192
+ bytes by default. Previously, on Linux, the default buffer size on most
+ file systems was 4096 bytes (and thus remains unchanged), except on
+ network file systems, where the buffer size was unpredictable and could be
+ as large as several megabytes.
+
+* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
+ for the Linux quota interface which predates kernel version 2.4.22 has
+ been removed.
+
+* The malloc_get_state and malloc_set_state functions have been removed.
+ Already-existing binaries that dynamically link to these functions will
+ get a hidden implementation in which malloc_get_state is a stub. As far
+ as we know, these functions are used only by GNU Emacs and this change
+ will not adversely affect already-built Emacs executables. Any undumped
+ Emacs executables, which normally exist only during an Emacs build, should
+ be rebuilt by re-running “./configure; make” in the Emacs build tree.
+
+* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
+ corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
+ “no-ip6-dotint” had already been the default, and support for the
+ “ip6-dotint” option was removed from the Internet in 2006.
+
+* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
+ flag from <resolv.h> have been removed. The option relied on a
+ backwards-incompatible DNS extension which was never deployed on the
+ Internet.
+
+* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
+ RES_BLAST defined in the <resolv.h> header file have been deprecated.
+ They were already unimplemented.
+
+* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
+ _res.flags are deprecated. The flag was standardized in RFC 2133, but
+ removed again from the IETF name lookup interface specification in RFC
+ 2553. Applications should use getaddrinfo instead.
+
+* DNSSEC-related declarations and definitions have been removed from the
+ <arpa/nameser.h> header file, and libresolv will no longer attempt to
+ decode the data part of DNSSEC record types. Previous versions of glibc
+ only implemented minimal support for the previous version of DNSSEC, which
+ is incompatible with the currently deployed version.
+
+* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
+ ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
+ <arpa/nameser.h> header file because the distinction between RR types and
+ meta-RR types is not officially standardized, subject to revision, and
+ thus not suitable for encoding in a macro.
+
+* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
+ and rhook members of the res_state type in <resolv.h> have been removed.
+ The glibc stub resolver did not support these hooks, but the header file
+ did not reflect that.
+
+* For multi-arch support it is recommended to use a GCC which has
+ been built with support for GNU indirect functions. This ensures
+ that correct debugging information is generated for functions
+ selected by IFUNC resolvers. This support can either be enabled by
+ configuring GCC with '--enable-gnu-indirect-function', or by
+ enabling it by default by setting 'default_gnu_indirect_function'
+ variable for a particular architecture in the GCC source file
+ 'gcc/config.gcc'.
+
+* GDB pretty printers have been added for mutex and condition variable
+ structures in POSIX Threads. When installed and loaded in gdb these pretty
+ printers show various pthread variables in human-readable form when read
+ using the 'print' or 'display' commands in gdb.
+
+* Tunables feature added to allow tweaking of the runtime for an application
+ program. This feature can be enabled with the '--enable-tunables' configure
+ flag. The GNU C Library manual has details on usage and README.tunables has
+ instructions on adding new tunables to the library.
+
+* A new version of condition variables functions have been implemented in
+ the NPTL implementation of POSIX Threads to provide stronger ordering
+ guarantees.
+
+* A new version of pthread_rwlock functions have been implemented to use a more
+ scalable algorithm primarily through not using a critical section anymore to
+ make state changes.
+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Security related changes:
diff --git a/posix/glob.c b/posix/glob.c
index ea4b0b61eb..08f240a1ff 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -856,7 +856,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
*p = '\0';
}
else
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
= '\0';
user_name = newp;
}
--
2.14.2

View File

@ -4,10 +4,11 @@
name=glibc-32
version=2.24
release=7
release=8
source=(http://ftpmirror.gnu.org/gnu/glibc/glibc-2.24.tar.xz \
http://crux.nu/files/distfiles/kernel-headers-4.9.5.tar.xz \
glibc-2.24-updates.patch lib32.conf)
glibc-2.24.8.patch 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch \
lib32.conf)
build() {
mkdir build
@ -17,8 +18,9 @@ build() {
export CC="${CC:-gcc} -m32"
export CFLAGS="$CFLAGS -Wno-error=parentheses"
patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/glibc-2.24-updates.patch
patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/glibc-2.24.8.patch
patch -p1 -d $SRC/glibc-${version:0:4} -i $SRC/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
../glibc-${version:0:4}/configure --prefix=/usr \
--libdir=/usr/lib32 \
--libexecdir=/usr/lib32 \