From b2a6f1b28b7fa31088cab9a90b0f5ab97948534d Mon Sep 17 00:00:00 2001 From: root Date: Thu, 31 Oct 2013 01:12:24 -0700 Subject: Thu Oct 31 01:09:50 PDT 2013 --- core/glibc/PKGBUILD | 19 ++++++---- .../glibc-2.18-getaddrinfo-CVE-2013-4458.patch | 41 ++++++++++++++++++++++ core/glibc/glibc-2.18-getaddrinfo-assertion.patch | 39 ++++++++++++++++++++ 3 files changed, 93 insertions(+), 6 deletions(-) create mode 100644 core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch create mode 100644 core/glibc/glibc-2.18-getaddrinfo-assertion.patch (limited to 'core/glibc') diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD index a5cbade42..0cda50b39 100644 --- a/core/glibc/PKGBUILD +++ b/core/glibc/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 197285 2013-10-25 01:09:19Z allan $ +# $Id: PKGBUILD 197798 2013-10-30 10:37:54Z allan $ # Maintainer: Allan McRae # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc @@ -8,7 +8,7 @@ pkgname=glibc pkgver=2.18 -pkgrel=8 +pkgrel=9 pkgdesc="GNU C Library" arch=('i686' 'x86_64') url="http://www.gnu.org/software/libc" @@ -27,6 +27,8 @@ source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig} glibc-2.18-malloc-corrupt-CVE-2013-4332.patch glibc-2.18-strcoll-CVE-2012-4412+4424.patch glibc-2.18-ptr-mangle-CVE-2013-4788.patch + glibc-2.18-getaddrinfo-CVE-2013-4458.patch + glibc-2.18-getaddrinfo-assertion.patch glibc-2.18-strstr-hackfix.patch nscd.service nscd.tmpfiles @@ -39,6 +41,8 @@ md5sums=('88fbbceafee809e82efd52efa1e3c58f' 'b79561ab9dce900e9bbeaf0d49927c2b' 'c7264b99d0f7e51922a4d3126182c40a' '9749ba386b08a8fe53e7ecede9bf2dfb' + '71329fccb8eb583fb0d67b55f1e8df68' + 'd4d86add33f22125777e0ecff06bc9bb' '4441f6dfe7d75ced1fa75e54dd21d36e' 'd5fab2cd3abea65aa5ae696ea4a47d6b' 'da662ca76e7c8d7efbc7986ab7acea2d' @@ -58,13 +62,17 @@ prepare() { patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch # upstream commits 1326ba1a, 141f3a77 and 303e567a - # https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html - # https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch # upstream commits c61b4d41 and 0b1f8e35 patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch + # upstream commit 7cbcdb36 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch + + # upstream commit 894f3f10 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch + # hack fix for strstr issues on x86 patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch @@ -148,9 +156,8 @@ package() { ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen # remove the static libraries that have a shared counterpart - cd $pkgdir/usr/lib # note: keep libc, libdl, libm, libpthread for binutils testsuite - rm lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a + rm $pkgdir/usr/lib/lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a # Do not strip the following files for improved debugging support # ("improved" as in not breaking gdb and valgrind...): diff --git a/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch new file mode 100644 index 000000000..a7bc67c6f --- /dev/null +++ b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch @@ -0,0 +1,41 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index e6ce4cf..8ff74b4 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + &rc, &herrno, NULL, &localcanon)); \ + if (rc != ERANGE || herrno != NETDB_INTERNAL) \ + break; \ +- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ ++ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ ++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ ++ alloca_used); \ ++ else \ ++ { \ ++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ ++ 2 * tmpbuflen); \ ++ if (newp == NULL) \ ++ { \ ++ result = -EAI_MEMORY; \ ++ goto free_and_return; \ ++ } \ ++ tmpbuf = newp; \ ++ malloc_tmpbuf = true; \ ++ tmpbuflen = 2 * tmpbuflen; \ ++ } \ + } \ + if (status == NSS_STATUS_SUCCESS && rc == 0) \ + h = &th; \ +@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + { \ + __set_h_errno (herrno); \ + _res.options |= old_res_options & RES_USE_INET6; \ +- return -EAI_SYSTEM; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ + if (herrno == TRY_AGAIN) \ + no_data = EAI_AGAIN; \ +-- +1.8.4.1 + diff --git a/core/glibc/glibc-2.18-getaddrinfo-assertion.patch b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch new file mode 100644 index 000000000..2f1f7c694 --- /dev/null +++ b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch @@ -0,0 +1,39 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 0f4b885..e6ce4cf 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -1666,13 +1666,13 @@ rfc3484_sort (const void *p1, const void *p2, void *arg) + + /* Fill in the results in all the records. */ + for (int i = 0; i < src->nresults; ++i) +- if (src->results[i].index == a1_index) ++ if (a1_index != -1 && src->results[i].index == a1_index) + { + assert (src->results[i].native == -1 + || src->results[i].native == a1_native); + src->results[i].native = a1_native; + } +- else if (src->results[i].index == a2_index) ++ else if (a2_index != -1 && src->results[i].index == a2_index) + { + assert (src->results[i].native == -1 + || src->results[i].native == a2_native); +@@ -2532,7 +2532,14 @@ getaddrinfo (const char *name, const char *service, + tmp.addr[0] = 0; + tmp.addr[1] = 0; + tmp.addr[2] = htonl (0xffff); +- tmp.addr[3] = sinp->sin_addr.s_addr; ++ /* Special case for lo interface, the source address ++ being possibly different than the interface ++ address. */ ++ if ((ntohl(sinp->sin_addr.s_addr) & 0xff000000) ++ == 0x7f000000) ++ tmp.addr[3] = htonl(0x7f000001); ++ else ++ tmp.addr[3] = sinp->sin_addr.s_addr; + } + else + { +-- +1.8.4.1 + -- cgit v1.2.3-54-g00ecf