ports/core
4
3
Fork 0
Code Issues Pull Requests Activity
a7660225a4
core/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
Fredrik Rinnestam c1f9872e22 [notify] glibc: updated to 2.24-9. Syncs with upstream. 
Fixes:
CVE-2017-15670
CVE-2017-1000366
CVE-2015-5180
2017-10-22 16:26:05 +02:00

766 lines
37 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From b9911eb529e51ebe7c5daa3b4f17e2caf7ddb9a4 Mon Sep 17 00:00:00 2001
From: Fredrik Rinnestam <fredrik@crux.nu>
Date: Sun, 22 Oct 2017 16:18:40 +0200
Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
---
ChangeLog | 10 +
NEWS | 701 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
posix/glob.c | 2 +-
3 files changed, 712 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 84189ec762..1fb38cb7ee 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,4 @@
+<<<<<<< HEAD
2017-10-19 H.J. Lu <hongjiu.lu@intel.com>
* sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
@@ -20,6 +21,15 @@
* sysdeps/x86_64/tst-avxmod.c: Likewise.
* sysdeps/x86_64/tst-sse.c: Likewise.
* sysdeps/x86_64/tst-ssemod.c: Likewise.
+=======
+2017-10-20 Paul Eggert <eggert@cs.ucla.edu>
+
+ [BZ #22320]
+ CVE-2017-15670
+ * posix/glob.c (__glob): Fix one-byte overflow.
+
+2017-10-20 Wilco Dijkstra <wdijkstr@arm.com>
+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
2017-10-19 H.J. Lu <hongjiu.lu@intel.com>
diff --git a/NEWS b/NEWS
index 4831542023..90cae42eee 100644
--- a/NEWS
+++ b/NEWS
@@ -5,7 +5,708 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+<<<<<<< HEAD
Version 2.24.1
+=======
+Version 2.27
+
+Major new features:
+
+* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin and tan
+ with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel.
+
+* Optimized x86-64 trunc and truncf for processors with SSE4.1.
+
+* Optimized generic expf, exp2f, logf, log2f and powf.
+
+* In order to support faster and safer process termination the malloc API
+ family of functions will no longer print a failure address and stack
+ backtrace after detecting heap corruption. The goal is to minimize the
+ amount of work done after corruption is detected and to avoid potential
+ security issues in continued process execution. Reducing shutdown time
+ leads to lower overall process restart latency, so there is benefit both
+ from a security and performance perspective.
+
+* The abort function terminates the process immediately, without flushing
+ stdio streams. Previous glibc versions used to flush streams, resulting
+ in deadlocks and further data corruption. This change also affects
+ process aborts as the result of assertion failures.
+
+* On platforms where long double has the IEEE binary128 format (aarch64,
+ alpha, mips64, s390 and sparc), the math library now implements _Float128
+ interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These
+ are the same interfaces added in version 2.26 for some platforms where
+ this format is supported but is not the format of long double.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
+ defined by <sys/ptrace.h>.
+
+* libm no longer supports SVID error handling (calling a user-provided
+ matherr function on error) or the _LIB_VERSION variable to control error
+ handling. (SVID error handling and the _LIB_VERSION variable still work
+ for binaries linked against older versions of the GNU C Library.) The
+ libieee.a library is no longer provided. math.h no longer defines struct
+ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
+ TLOSS, PLOSS and HUGE.
+
+* The libm functions pow10, pow10f and pow10l are no longer supported for
+ new programs. Programs should use the standard names exp10, exp10f and
+ exp10l for these functions instead.
+
+* The mcontext_t type is no longer the same as struct sigcontext. On
+ platforms where it was previously the same, this changes the C++ name
+ mangling for interfaces involving this type.
+
+* The add-ons mechanism for building additional packages at the same time as
+ glibc has been removed. The --enable-add-ons configure option is now
+ ignored.
+
+Changes to build and runtime requirements:
+
+ [Add changes to build and runtime requirements here]
+
+Security related changes:
+
+ CVE-2009-5064: The ldd script would sometimes run the program under
+ examination directly, without preventing code execution through the
+ dynamic linker. (The glibc project disputes that this is a security
+ vulnerability; only trusted binaries must be examined using the ldd
+ script.)
+
+ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
+ from a one-byte overflow during ~ operator processing (either on the stack
+ or the heap, depending on the length of the user name).
+
+The following bugs are resolved with this release:
+
+ [The release manager will add the list generated by
+ scripts/list-fixed-bugs.py just before the release.]
+
+
+Version 2.26
+
+Major new features:
+
+* A per-thread cache has been added to malloc. Access to the cache requires
+ no locks and therefore significantly accelerates the fast path to allocate
+ and free small amounts of memory. Refilling an empty cache requires locking
+ the underlying arena. Performance measurements show significant gains in a
+ wide variety of user workloads. Workloads were captured using a special
+ instrumented malloc and analyzed with a malloc simulator. Contributed by
+ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
+
+* Unicode 10.0.0 Support: Character encoding, character type info, and
+ transliteration tables are all updated to Unicode 10.0.0, using
+ generator scripts contributed by Mike FABIAN (Red Hat).
+ These updates cause user visible changes, especially the changes in
+ wcwidth for many emoji characters cause problems when emoji sequences
+ are rendered with pango, see for example:
+ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
+
+* Collation of Hungarian has been overhauled and is now consistent with "The
+ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
+ Egmont Koblinger.
+
+* Improvements to the DNS stub resolver, contributed by Florian Weimer:
+
+ - The GNU C Library will now detect when /etc/resolv.conf has been
+ modified and reload the changed configuration. The new resolver option
+ “no-reload” (RES_NORELOAD) disables this behavior.
+
+ - The GNU C Library now supports an arbitrary number of search domains
+ (configured using the “search” directive in /etc/resolv.conf);
+ previously, there was a hard limit of six domains. For backward
+ compatibility, applications that directly modify the _res global
+ object are still limited to six search domains.
+
+ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
+ Library will now randomly pick a name server from the configuration as a
+ starting point. (Previously, the second name server was always used.)
+
+* The tunables feature is now enabled by default. This allows users to tweak
+ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
+
+* New function reallocarray, which resizes an allocated block (like realloc)
+ to the product of two sizes, with a guaranteed clean failure upon integer
+ overflow in the multiplication. Originally from OpenBSD, contributed by
+ Dennis Wölfing and Rüdiger Sonderfeld.
+
+* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
+ These are extended versions of preadv and pwritev, respectively, taking an
+ additional flags argument. The set of supported flags depends on the
+ running kernel; full support currently requires kernel 4.7 or later.
+
+* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
+ create a new session ID for the spawned process. This feature is
+ scheduled to be added to the next major revision of POSIX; for the time
+ being, it is available under _GNU_SOURCE.
+
+* errno.h is now safe to use from C-preprocessed assembly language on all
+ supported operating systems. In this context, it will only define the
+ Exxxx constants, as preprocessor macros expanding to integer literals.
+
+* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
+ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
+ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
+ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
+
+ To compile programs that use this feature, the compiler must support
+ 128-bit floating point with the type name _Float128 (as defined by TS
+ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
+ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
+ must be defined to make the new interfaces visible.
+
+ The new functions and macros correspond to those present for other
+ floating-point types (except for a few obsolescent interfaces not
+ supported for the new type), with F128 or f128 suffixes; for example,
+ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
+ printf or scanf formats for the new type; the strfromf128 and strtof128
+ interfaces should be used instead.
+
+Deprecated and removed features, and other changes affecting compatibility:
+
+* The synchronization that pthread_spin_unlock performs has been changed to
+ now be equivalent to a C11 atomic store with release memory order to the
+ spin lock's memory location. Previously, several (but not all)
+ architectures used stronger synchronization (e.g., containing what is
+ often called a full barrier). This change can improve performance, but
+ may affect odd fringe uses of spin locks that depend on the previous
+ behavior (e.g., using spin locks as atomic variables to try to implement
+ Dekker's mutual exclusion algorithm).
+
+* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
+ removed.
+
+* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
+ will only be built and installed when the GNU C Library is configured with
+ --enable-obsolete-rpc. This allows alternative RPC implementations, such
+ as TIRPC or rpcsvc-proto, to be used.
+
+* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
+ libnss_compat, are deprecated, and will not be built or installed by
+ default.
+
+ The NIS(+) support library, libnsl, is also deprecated. By default, a
+ compatibility shared library will be built and installed, but not headers
+ or development libraries. Only a few NIS-related programs require this
+ library. (In particular, the GNU C Library has never required programs
+ that use 'gethostbyname' to be linked with libnsl.)
+
+ Replacement implementations based on TIRPC, which additionally support
+ IPv6, are available from <https://github.com/thkukuk/>. The configure
+ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
+ name service modules, to be built and installed.
+
+* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
+ support is enabled, the configured recursive resolver must support EDNS.
+ (Responding to EDNS-enabled queries with responses which are not
+ EDNS-enabled is fine, but FORMERR responses are not.)
+
+* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
+ servers have not supported this opcode for a long time.
+
+* The _res_opcodes variable has been removed from libresolv. It had been
+ exported by accident.
+
+* <string.h> no longer includes inline versions of any string functions,
+ as this kind of optimization is better done by the compiler. The macros
+ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
+
+* The nonstandard header <xlocale.h> has been removed. Most programs should
+ use <locale.h> instead. If you have a specific need for the definition of
+ locale_t with no other declarations, please contact
+ libc-alpha@sourceware.org and explain.
+
+* The obsolete header <sys/ultrasound.h> has been removed.
+
+* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
+
+* The obsolete function cfree has been removed. Applications should use
+ free instead.
+
+* The stack_t type no longer has the name struct sigaltstack. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* The ucontext_t type no longer has the name struct ucontext. This changes
+ the C++ name mangling for interfaces involving this type.
+
+* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
+ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
+ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
+ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
+ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
+ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
+ fpregset_t type no longer has the name struct fpu. This changes the C++
+ name mangling for interfaces involving those types.
+
+* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
+ synced with the kernel:
+
+ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
+ are not supported on this architecture and have been removed.
+
+ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
+ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
+ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
+
+ Programs that assume the GET/SETREGS ptrace requests are universally
+ available will now fail to build, instead of malfunctioning at runtime.
+
+Changes to build and runtime requirements:
+
+* Linux kernel 3.2 or later is required at runtime, on all architectures
+ supported by that kernel. (This is a change from version 2.25 only for
+ x86-32 and x86-64.)
+
+* GNU Binutils 2.25 or later is now required to build the GNU C Library.
+
+* On most architectures, GCC 4.9 or later is required to build the GNU C
+ Library. On powerpc64le, GCC 6.2 or later is required.
+
+ Older GCC versions and non-GNU compilers are still supported when
+ compiling programs that use the GNU C Library. (We do not know exactly
+ how old, and some GNU extensions to C may be _de facto_ required. If you
+ are interested in helping us make this statement less vague, please
+ contact libc-alpha@sourceware.org.)
+
+Security related changes:
+
+* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
+ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
+
+* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
+ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
+
+* Avoid printing a backtrace from the __stack_chk_fail function since it is
+ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
+ (CVE-2010-3192).
+
+* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
+ fixed (CVE-2017-12133).
+
+The following bugs are resolved with this release:
+
+ [984] network: Respond to changed resolv.conf in gethostbyname
+ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
+ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
+ fields
+ [12189] libc: __stack_chk_fail should not attempt a backtrace
+ (CVE-2010-3192)
+ [14096] time: Race condition on timezone/tst-timezone.out
+ [14172] localedata: az_IR: new locale
+ [14995] build: glibc fails to build if gold is the default linker, even if
+ ld.bfd is available
+ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
+ [16637] network: inet_pton function is accepting IPv6 with bad format
+ [16640] string: string/strtok.c: undefined behaviour inconsistent between
+ x86 and other generic code
+ [16875] localedata: ko_KR: fix lang_name
+ [17225] localedata: ar_SY: localized month names for May and June are
+ incorrect
+ [17297] localedata: da_DK: wrong date_fmt string
+ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
+ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
+ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
+ [19066] localedata: ar_SA abbreviated day and month names are in English
+ [19569] network: resolv: Support an arbitrary number of search domains
+ [19570] network: Implement random DNS server selection in the stub
+ resolver
+ [19838] locale: localedef fails on PA-RISC
+ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
+ order of 0D36 and 0D37
+ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
+ chillu characters
+ [20098] libc: FAIL: debug/backtrace-tst on hppa
+ [20257] network: sunrpc: clntudp_call does not enforce timeout when
+ receiving data
+ [20275] localedata: locale day/abday/mon/abmon should not have trailing
+ whitespace
+ [20313] localedata: Update locale data to Unicode 9.0
+ [20424] manual: Document how to provide a malloc replacement
+ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
+ for Peru
+ [20686] locale: Add el_GR@euro to SUPPORTED.
+ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
+ failures consistently
+ [21015] dynamic-link: Document and fix --enable-bind-now
+ [21016] nptl: pthread_cond support is broken on hppa
+ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
+ frame-pointer on i386
+ [21049] libc: segfault in longjmp_chk() due to clobbered processor
+ register
+ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
+ [21088] libc: Build fails with --enable-static-nss
+ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
+ generic c code is used
+ [21109] libc: Tunables broken on big-endian
+ [21112] math: powf has large ulp errors with base close to 1 and exponent
+ around 4000
+ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
+ (CVE-2017-12133)
+ [21120] malloc: glibc malloc is incompatible with GCC 7
+ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
+ with -lieee
+ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
+ (-0.0) when linking with -lieee
+ [21171] math: log10, log2 and lgamma return incorrect results
+ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
+ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
+ [21207] localedata: ce_RU: update weekdays from CLDR
+ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
+ [21217] localedata: Update months from CLDR-31
+ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
+ [21243] libc: support_delete_temp_file should issue warning for failed
+ remove()
+ [21244] libc: support resolv_test_start() socket fd close should be
+ checked for errors.
+ [21253] libc: localedef randomly segfaults when using -fstack-check due to
+ new posix_spawn implementation
+ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
+ leads to lower CPU frequency
+ [21259] libc: [alpha] termios.h missing IXANY for POSIX
+ [21261] libc: [sparc64] bits/setjmp.h namespace
+ [21267] network: [mips] bits/socket.h IOC* namespace
+ [21268] libc: [alpha] termios.h NL2, NL3 namespace
+ [21270] libc: mmap64 silently truncates large offset values
+ [21275] libc: posix_spawn always crashes on ia64 now
+ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
+ [21280] math: [powerpc] logbl for POWER7 return incorrect results
+ [21289] libc: Incorrect declaration for 32-bit platforms with
+ _FILE_OFFSET_BITS=64 causes build error
+ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
+ not support gethostbyname4_r
+ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
+ switching
+ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
+ arenas
+ [21340] libc: Support POSIX_SPAWN_SETSID
+ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
+ [21359] network: ns_name_pack needs additional byte in destination buffer
+ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
+ against fragmentation attacks (CVE-2017-12132)
+ [21369] network: resolv: Remove EDNS fallback
+ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
+ and _POSIX_C_SOURCE
+ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
+ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
+ [21393] stdio: Missing dup3 error check in freopen, freopen64
+ [21396] libc: Use AVX2 memcpy/memset on Skylake server
+ [21399] localedata: Bad description for U00EC in
+ localedata/charmaps/CP1254
+ [21411] malloc: realloc documentation error
+ [21426] network: sys/socket.h uio.h namespace
+ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
+ [21445] libc: signal.h bsd_signal namespace
+ [21455] network: Network headers stdint.h namespace
+ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
+ retry value
+ [21475] network: resolv: Overlong search path is truncated mid-label
+ [21511] libc: sigstack namespace
+ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
+ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
+ bits/syscall.h: No such file or directory
+ [21517] libc: struct sigaltstack namespace
+ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
+ [21533] localedata: Update locale data to Unicode 10.0
+ [21537] libc:
+ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
+ junk at end of line, first unrecognized character is `@'
+ [21538] libc: SIG_HOLD missing for XPG4
+ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
+ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
+ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
+ [21543] libc: sigevent namespace
+ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
+ size for general purpose registers in mcontext_t structure
+ [21550] libc: sigwait namespace
+ [21552] libc: XPG4 bsd_signal namespace
+ [21554] libc: sigpause namespace
+ [21560] libc: sys/wait.h signal.h namespace
+ [21561] libc: waitid namespace
+ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
+ '/usr/include/stdlib.h': Permission denied
+ [21575] libc: sys/wait.h missing struct rusage definition
+ [21584] libc: sigaltstack etc namespace
+ [21597] libc: siginterrupt namespace
+ [21607] math: hppa: FAIL: math/test-tgmath
+ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
+ issue on x86-64
+ [21622] libc: [tile] missing SA_* for POSIX.1:2008
+ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
+ stack and heap (CVE-2017-1000366)
+ [21625] libc: wait3 namespace
+ [21654] nss: Incorrect pointer alignment in NSS group merge result
+ construction
+ [21657] network: Parse interface zone id for node-local multicast
+ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
+ between_2_3
+ [21666] libc: .symver is used on common symbol
+ [21668] network: resolv: res_init cross-thread broadcast introduces race
+ conditions
+ [21687] math: tgmath.h totalorder, totalordermag return type
+ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
+ Hindi Locale
+ [21696] libc: Incorrect assumption of of __cpu_mask in
+ posix/sched_cpucount.c
+ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
+ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
+ locale
+ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
+ leading to relocation crash
+ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
+ `resolv_conf_matches (resp, conf)' failed.
+ [21710] localedata: Added Samoan language locale for Samoa
+ [21711] localedata: Pashto yesstr/nostr locale are missing
+ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
+ __have_pthread_attr_t can cause redefinition of typedef pthread_attr_t
+ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
+ [21723] localedata: yesstr/nostr missing for Chinese language locale
+ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
+ locale
+ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
+ locale
+ [21728] localedata: New Locale for Tongan language
+ [21729] localedata: incorrect LC_NAME fields for hi_IN
+ [21733] localedata: yesstr and nostr are missing for zh_HK
+ [21734] localedata: Missing yesstr and nostr are for kw_GB
+ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
+ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
+ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
+ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
+ strings
+ [21744] libc: Tests failing on --enable-tunables --enable-stack-
+ protector=all
+ [21749] localedata: Wrong abbreviated day name (“abday”) for
+ ar_JO/ar_LB/ar_SY
+ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
+ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
+ [21759] localedata: missing yesstr and nostr for Tigrinya
+ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
+ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
+ [21767] localedata: Missing Bislama locales
+ [21768] localedata: Missing yesstr and nostr for aa_ET
+ [21770] localedata: Missing Field in li_NL
+ [21778] nptl: Robust mutex may deadlock
+ [21779] libc: MicroBlaze segfaults when loading libpthread
+ [21783] localedata: Fix int_select international_call_prefixes
+ [21784] localedata: Inconsistency in country_isbn
+ [21788] localedata: Missing Country Postal Abbreviations
+ [21794] localedata: Added-country_isbn-for-Italy
+ [21795] localedata: Add/Fix country_isbn for France
+ [21796] localedata: Added country_isbn for Republic of Korea
+ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
+ [21799] localedata: Added int_select international_call_prefixes
+ [21801] localedata: Added int_select international_call_prefixes
+ [21804] nptl: Double semicolon in thread-shared-types.h
+ [21807] localedata: LC_ADDRESS fix for pap_CW
+ [21808] localedata: Fix LC_ADDRESS for pap_AW
+ [21821] localedata: Added country_name in mai_IN
+ [21822] localedata: Fix LC_TIME for mai_IN
+ [21823] localedata: missing yesstr, nostr for sa_IN
+ [21825] localedata: Fix name_mrs for mag_IN
+ [21828] localedata: 2.26 changelog should mention user visible changes
+ with unicode 9.0
+ [21835] localedata: Added Maithili language locale for Nepal
+ [21838] localedata: Removed redundant data for the_NP
+ [21839] localedata: Fix LC_MONETARY for ta_LK
+ [21844] localedata: Fix Latin characters and Months Sequence.
+ [21848] localedata: Fix mai_NP Title Name
+
+
+Version 2.25
+
+* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
+ 24731-2:2010, is supported to enable declarations of functions from that
+ TR. Note that not all functions from that TR are supported by the GNU C
+ Library.
+
+* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
+ 18661-1:2014, is supported to enable declarations of functions and macros
+ from that TS. Note that not all features from that TS are supported by
+ the GNU C Library.
+
+* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
+ 18661-4:2015, is supported to enable declarations of functions and macros
+ from that TS. Note that most features from that TS are not supported by
+ the GNU C Library.
+
+* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
+ now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
+ Since the GNU C Library defaults to a much newer revision of POSIX, this
+ will only affect programs that specifically request an old conformance
+ mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
+ see a change in the visible declarations, but a program compiled with
+ just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
+ will not.
+
+ Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
+ defined by all multithreaded code, but glibc has not required this for
+ many years.
+
+* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
+ means that in a future release, the macros “major”, “minor”, and “makedev”
+ will only be available from <sys/sysmacros.h>.
+
+ These macros are not part of POSIX nor XSI, and their names frequently
+ collide with user code; see for instance glibc bug 19239 and Red Hat bug
+ 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
+ presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
+ problem.
+
+* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
+ fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
+ femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
+
+* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
+ CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
+ UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
+ <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
+ INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
+ UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
+ INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
+ UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
+ UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
+ UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
+ UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
+ WINT_WIDTH.
+
+* New <math.h> features are added from TS 18661-1:2014:
+
+ - Signaling NaN macros: SNANF, SNAN, SNANL.
+
+ - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
+ fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
+ fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
+
+ - llogb functions: the llogb, llogbf and llogbl functions, and the
+ FP_LLOGB0 and FP_LLOGBNAN macros.
+
+ - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
+ fminmagf, fminmagl.
+
+ - Comparison macros: iseqsig.
+
+ - Classification macros: iscanonical, issubnormal, iszero.
+
+ - Total order functions: totalorder, totalorderf, totalorderl,
+ totalordermag, totalordermagf, totalordermagl.
+
+ - Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
+
+ - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
+ setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
+
+* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
+ are added to libc. They convert a floating-point number into string.
+
+* Most of glibc can now be built with the stack smashing protector enabled.
+ It is recommended to build glibc with --enable-stack-protector=strong.
+ Implemented by Nick Alcock (Oracle).
+
+* The function explicit_bzero, from OpenBSD, has been added to libc. It is
+ intended to be used instead of memset() to erase sensitive data after use;
+ the compiler will not optimize out calls to explicit_bzero even if they
+ are "unnecessary" (in the sense that no _correct_ program can observe the
+ effects of the memory clear).
+
+* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
+ to float instead of double. This does not affect the ABI of any libraries
+ that are part of the GNU C Library, but may affect the ABI of other
+ libraries that use this type in their interfaces.
+
+* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
+ float_t and double_t types are now defined to long double instead of float
+ and double. These options are not the default, and this does not affect
+ the ABI of any libraries that are part of the GNU C Library, but it may
+ affect the ABI of other libraries that use this type in their interfaces,
+ if they are compiled or used with those options.
+
+* The getentropy and getrandom functions, and the <sys/random.h> header file
+ have been added.
+
+* The buffer size for byte-oriented stdio streams is now limited to 8192
+ bytes by default. Previously, on Linux, the default buffer size on most
+ file systems was 4096 bytes (and thus remains unchanged), except on
+ network file systems, where the buffer size was unpredictable and could be
+ as large as several megabytes.
+
+* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
+ for the Linux quota interface which predates kernel version 2.4.22 has
+ been removed.
+
+* The malloc_get_state and malloc_set_state functions have been removed.
+ Already-existing binaries that dynamically link to these functions will
+ get a hidden implementation in which malloc_get_state is a stub. As far
+ as we know, these functions are used only by GNU Emacs and this change
+ will not adversely affect already-built Emacs executables. Any undumped
+ Emacs executables, which normally exist only during an Emacs build, should
+ be rebuilt by re-running “./configure; make” in the Emacs build tree.
+
+* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
+ corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
+ “no-ip6-dotint” had already been the default, and support for the
+ “ip6-dotint” option was removed from the Internet in 2006.
+
+* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
+ flag from <resolv.h> have been removed. The option relied on a
+ backwards-incompatible DNS extension which was never deployed on the
+ Internet.
+
+* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
+ RES_BLAST defined in the <resolv.h> header file have been deprecated.
+ They were already unimplemented.
+
+* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
+ _res.flags are deprecated. The flag was standardized in RFC 2133, but
+ removed again from the IETF name lookup interface specification in RFC
+ 2553. Applications should use getaddrinfo instead.
+
+* DNSSEC-related declarations and definitions have been removed from the
+ <arpa/nameser.h> header file, and libresolv will no longer attempt to
+ decode the data part of DNSSEC record types. Previous versions of glibc
+ only implemented minimal support for the previous version of DNSSEC, which
+ is incompatible with the currently deployed version.
+
+* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
+ ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
+ <arpa/nameser.h> header file because the distinction between RR types and
+ meta-RR types is not officially standardized, subject to revision, and
+ thus not suitable for encoding in a macro.
+
+* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
+ and rhook members of the res_state type in <resolv.h> have been removed.
+ The glibc stub resolver did not support these hooks, but the header file
+ did not reflect that.
+
+* For multi-arch support it is recommended to use a GCC which has
+ been built with support for GNU indirect functions. This ensures
+ that correct debugging information is generated for functions
+ selected by IFUNC resolvers. This support can either be enabled by
+ configuring GCC with '--enable-gnu-indirect-function', or by
+ enabling it by default by setting 'default_gnu_indirect_function'
+ variable for a particular architecture in the GCC source file
+ 'gcc/config.gcc'.
+
+* GDB pretty printers have been added for mutex and condition variable
+ structures in POSIX Threads. When installed and loaded in gdb these pretty
+ printers show various pthread variables in human-readable form when read
+ using the 'print' or 'display' commands in gdb.
+
+* Tunables feature added to allow tweaking of the runtime for an application
+ program. This feature can be enabled with the '--enable-tunables' configure
+ flag. The GNU C Library manual has details on usage and README.tunables has
+ instructions on adding new tunables to the library.
+
+* A new version of condition variables functions have been implemented in
+ the NPTL implementation of POSIX Threads to provide stronger ordering
+ guarantees.
+
+* A new version of pthread_rwlock functions have been implemented to use a more
+ scalable algorithm primarily through not using a critical section anymore to
+ make state changes.
+>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Security related changes:
diff --git a/posix/glob.c b/posix/glob.c
index ea4b0b61eb..08f240a1ff 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -856,7 +856,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
*p = '\0';
}
else
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
= '\0';
user_name = newp;
}
--
2.14.2
Reference in New Issue View Git Blame Copy Permalink