Thu Oct 31 01:09:50 PDT 2013

author: root <root@rshg054.dnsready.net> 2013-10-31 01:12:24 -0700
committer: root <root@rshg054.dnsready.net> 2013-10-31 01:12:24 -0700
commit: b2a6f1b28b7fa31088cab9a90b0f5ab97948534d (patch)
tree: afa7b467e44b704b69c66862852a8c3118b8e308 /core/glibc
parent: 7c151ac5589d3dbef5972f69a62b847ecf565bfa (diff)
3 files changed, 93 insertions, 6 deletions
diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD
index a5cbade42..0cda50b39 100644
--- a/core/glibc/PKGBUILD
+++ b/core/glibc/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id: PKGBUILD 197285 2013-10-25 01:09:19Z allan $
+# $Id: PKGBUILD 197798 2013-10-30 10:37:54Z allan $
 # Maintainer: Allan McRae <allan@archlinux.org>
 
 # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
@@ -8,7 +8,7 @@
 
 pkgname=glibc
 pkgver=2.18
-pkgrel=8
+pkgrel=9
 pkgdesc="GNU C Library"
 arch=('i686' 'x86_64')
 url="http://www.gnu.org/software/libc"
@@ -27,6 +27,8 @@ source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
         glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
         glibc-2.18-strcoll-CVE-2012-4412+4424.patch
         glibc-2.18-ptr-mangle-CVE-2013-4788.patch
+        glibc-2.18-getaddrinfo-CVE-2013-4458.patch
+        glibc-2.18-getaddrinfo-assertion.patch
         glibc-2.18-strstr-hackfix.patch
         nscd.service
         nscd.tmpfiles
@@ -39,6 +41,8 @@ md5sums=('88fbbceafee809e82efd52efa1e3c58f'
          'b79561ab9dce900e9bbeaf0d49927c2b'
          'c7264b99d0f7e51922a4d3126182c40a'
          '9749ba386b08a8fe53e7ecede9bf2dfb'
+         '71329fccb8eb583fb0d67b55f1e8df68'
+         'd4d86add33f22125777e0ecff06bc9bb'
          '4441f6dfe7d75ced1fa75e54dd21d36e'
          'd5fab2cd3abea65aa5ae696ea4a47d6b'
          'da662ca76e7c8d7efbc7986ab7acea2d'
@@ -58,13 +62,17 @@ prepare() {
   patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
 
   # upstream commits 1326ba1a, 141f3a77 and 303e567a
-  # https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html
-  # https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html
   patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch
 
   # upstream commits c61b4d41 and 0b1f8e35
   patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch
 
+  # upstream commit 7cbcdb36
+  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
+
+  # upstream commit 894f3f10
+  patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch
+
   # hack fix for strstr issues on x86
   patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch
 
@@ -148,9 +156,8 @@ package() {
     ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
 
   # remove the static libraries that have a shared counterpart
-  cd $pkgdir/usr/lib
   # note: keep libc, libdl, libm, libpthread for binutils testsuite
-  rm lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a
+  rm $pkgdir/usr/lib/lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a
 
   # Do not strip the following files for improved debugging support
   # ("improved" as in not breaking gdb and valgrind...):
diff --git a/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
new file mode 100644
index 000000000..a7bc67c6f
--- /dev/null
+++ b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch
@@ -0,0 +1,41 @@
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index e6ce4cf..8ff74b4 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 				&rc, &herrno, NULL, &localcanon));	      \
+     if (rc != ERANGE || herrno != NETDB_INTERNAL)			      \
+       break;								      \
+-    tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen);		      \
++    if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen))    \
++      tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen,	      \
++				      alloca_used);			      \
++    else								      \
++      {									      \
++	char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL,		      \
++			      2 * tmpbuflen);				      \
++	if (newp == NULL)						      \
++	  {								      \
++	    result = -EAI_MEMORY;					      \
++	    goto free_and_return;					      \
++	  }								      \
++	tmpbuf = newp;							      \
++	malloc_tmpbuf = true;						      \
++	tmpbuflen = 2 * tmpbuflen;					      \
++      }									      \
+   }									      \
+   if (status == NSS_STATUS_SUCCESS && rc == 0)				      \
+     h = &th;								      \
+@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
+ 	{								      \
+ 	  __set_h_errno (herrno);					      \
+ 	  _res.options |= old_res_options & RES_USE_INET6;		      \
+-	  return -EAI_SYSTEM;						      \
++	  result = -EAI_SYSTEM;						      \
++	  goto free_and_return;						      \
+ 	}								      \
+       if (herrno == TRY_AGAIN)						      \
+ 	no_data = EAI_AGAIN;						      \
+-- 
+1.8.4.1
+
diff --git a/core/glibc/glibc-2.18-getaddrinfo-assertion.patch b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch
new file mode 100644
index 000000000..2f1f7c694
--- /dev/null
+++ b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch
@@ -0,0 +1,39 @@
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 0f4b885..e6ce4cf 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -1666,13 +1666,13 @@ rfc3484_sort (const void *p1, const void *p2, void *arg)
+ 
+ 	      /* Fill in the results in all the records.  */
+ 	      for (int i = 0; i < src->nresults; ++i)
+-		if (src->results[i].index == a1_index)
++		if (a1_index != -1 && src->results[i].index == a1_index)
+ 		  {
+ 		    assert (src->results[i].native == -1
+ 			    || src->results[i].native == a1_native);
+ 		    src->results[i].native = a1_native;
+ 		  }
+-		else if (src->results[i].index == a2_index)
++		else if (a2_index != -1 && src->results[i].index == a2_index)
+ 		  {
+ 		    assert (src->results[i].native == -1
+ 			    || src->results[i].native == a2_native);
+@@ -2532,7 +2532,14 @@ getaddrinfo (const char *name, const char *service,
+ 			  tmp.addr[0] = 0;
+ 			  tmp.addr[1] = 0;
+ 			  tmp.addr[2] = htonl (0xffff);
+-			  tmp.addr[3] = sinp->sin_addr.s_addr;
++			  /* Special case for lo interface, the source address
++			     being possibly different than the interface
++			     address. */
++			  if ((ntohl(sinp->sin_addr.s_addr) & 0xff000000)
++			      == 0x7f000000)
++			    tmp.addr[3] = htonl(0x7f000001);
++			  else
++			    tmp.addr[3] = sinp->sin_addr.s_addr;
+ 			}
+ 		      else
+ 			{
+-- 
+1.8.4.1
+
author	root <root@rshg054.dnsready.net>	2013-10-31 01:12:24 -0700
committer	root <root@rshg054.dnsready.net>	2013-10-31 01:12:24 -0700
commit	b2a6f1b28b7fa31088cab9a90b0f5ab97948534d (patch)
tree	afa7b467e44b704b69c66862852a8c3118b8e308 /core/glibc
parent	7c151ac5589d3dbef5972f69a62b847ecf565bfa (diff)