diff options
author | Vlad Glagolev | 2015-01-29 15:19:01 +0300 |
---|---|---|
committer | Vlad Glagolev | 2015-01-29 15:19:01 +0300 |
commit | 0d3f6b858cf4d9fd092a3747393cf8255aef970a (patch) | |
tree | 9b386712c92de285cf777c750d768fd17dd45507 | |
parent | 51378795bfa5ffcff77a43aa0bc31090df80d315 (diff) |
glibc: critical security update (CVE-2015-0235)
-rwxr-xr-x | libs/glibc/DETAILS | 3 | ||||
-rw-r--r-- | libs/glibc/HISTORY | 7 | ||||
-rwxr-xr-x | libs/glibc/PRE_BUILD | 6 | ||||
-rw-r--r-- | libs/glibc/ghost-236.patch | 231 | ||||
-rw-r--r-- | libs/glibc/ghost.patch | 231 | ||||
-rw-r--r-- | libs/glibc/glibc-2.3-20050725.tar.bz2.sig | bin | 65 -> 0 bytes |
6 files changed, 477 insertions, 1 deletions
diff --git a/libs/glibc/DETAILS b/libs/glibc/DETAILS index 82206a1e04..6bb01c6874 100755 --- a/libs/glibc/DETAILS +++ b/libs/glibc/DETAILS @@ -18,6 +18,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE3_GPG=gnu.gpg:$SOURCE3.sig:UPSTREAM_KEY SOURCE4_IGNORE=signature SOURCE5_HASH=sha512:c1931495915c8461de97e4156c9d0edd7b44e4b48cbce2d4c3a52b83d331a9ce48f3c7abb7dd787ed897f1e7d0e81c5cdb4eb3986bc24a5e2788708427e2dcb1 + SECURITY_PATCH=1 PATCHLEVEL=1 else if [[ "${GLIBC_BRANCH/-*}" == "scm" ]]; then @@ -40,7 +41,7 @@ SOURCE_DIRECTORY=$BUILD_DIRECTORY/$SPELL-$VERSION SOURCE2_URL[0]=${SOURCE_URL[0]}.sig SOURCE_GPG=glibc.gpg:$SOURCE.sig:UPSTREAM_KEY SOURCE2_IGNORE=signature - SECURITY_PATCH=1 + SECURITY_PATCH=2 PATCHLEVEL=1 fi if [[ $GLIBC_SANITIZE_HEADERS == n ]]; then diff --git a/libs/glibc/HISTORY b/libs/glibc/HISTORY index 2983434b7f..9062ae41ac 100644 --- a/libs/glibc/HISTORY +++ b/libs/glibc/HISTORY @@ -1,3 +1,10 @@ +2015-01-28 Vlad Glagolev <stealth@sourcemage.org> + * DETAILS: SECURITY_PATCH++ (CVE-2015-0235) + * PRE_BUILD: apply patches + * ghost.patch, ghost-236.patch: added, to fix GHOST vulnerability + (transformed from official patch) + * glibc-2.3-20050725.tar.bz2.sig: removed, obsolete signature + 2014-11-21 Vlad Glagolev <stealth@sourcemage.org> * DETAILS: PATCHLEVEL=1 * BUILD: allow drop of strip option if a user desires so diff --git a/libs/glibc/PRE_BUILD b/libs/glibc/PRE_BUILD index 55bde861db..abd8bafc5b 100755 --- a/libs/glibc/PRE_BUILD +++ b/libs/glibc/PRE_BUILD @@ -95,6 +95,12 @@ patch -p0 < $SCRIPT_DIRECTORY/Makefile.patch && patch -p1 < $SCRIPT_DIRECTORY/as-test-x.patch && patch -p1 < $SPELL_DIRECTORY/gcc45.patch && +if [[ "$GLIBC_NPTL" == y ]]; then + patch -p0 < "$SPELL_DIRECTORY/ghost.patch" +else + patch -p0 < "$SPELL_DIRECTORY/ghost-236.patch" +fi && + # disabled libgd detection/building memusagestat for now until a better # fix has been found, bug #8277 sedit 's/LIBGD=yes/LIBGD=no/' $SOURCE_DIRECTORY/configure && diff --git a/libs/glibc/ghost-236.patch b/libs/glibc/ghost-236.patch new file mode 100644 index 0000000000..387a7c987e --- /dev/null +++ b/libs/glibc/ghost-236.patch @@ -0,0 +1,231 @@ +# Rearranged official patch from: https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd +# for our glibc-2.3.6 in stable grimoire to fix GHOST vulnerability (CVE-2015-0235) + +--- ChangeLog.orig 2015-01-28 23:55:55.000000000 +0300 ++++ ChangeLog 2015-01-28 23:57:40.000000000 +0300 +@@ -1,3 +1,17 @@ ++2013-05-21 Andreas Schwab <schwab@suse.de> ++ ++ [BZ #15014] ++ * nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME)) ++ [HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was ++ successful. ++ * nss/digits_dots.c (__nss_hostname_digits_dots): Remove ++ redundant variable declarations and reallocation of buffer when ++ parsing as IPv6 address. Always set NSS status when called from ++ reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when ++ buffer too small. Correct computation of needed size. ++ * nss/Makefile (tests): Add test-digits-dots. ++ * nss/test-digits-dots.c: New test. ++ + 2005-11-03 Roland McGrath <roland@redhat.com> + + * NEWS, version.h (VERSION): 2.3.6. +--- nss/Makefile.orig 2015-01-28 23:55:55.000000000 +0300 ++++ nss/Makefile 2015-01-28 23:59:10.000000000 +0300 +@@ -39,7 +39,7 @@ + others := getent + install-bin := getent + +-tests = test-netdb ++tests = test-netdb test-digits-dots + xtests = bug-erange + + include ../Makeconfig +--- nss/digits_dots.c.orig ++++ nss/digits_dots.c +@@ -46,7 +46,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + { + if (h_errnop) + *h_errnop = NETDB_INTERNAL; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_TRYAGAIN; ++ else ++ *result = NULL; + return -1; + } + +@@ -83,14 +86,16 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + } + + size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); ++ + sizeof (*h_addr_ptrs) ++ + sizeof (*h_alias_ptr) + strlen (name) + 1); + + if (buffer_size == NULL) + { + if (buflen < size_needed) + { ++ *status = NSS_STATUS_TRYAGAIN; + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + __set_errno (ERANGE); + goto done; + } +@@ -109,7 +114,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + *buffer_size = 0; + __set_errno (save); + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + *result = NULL; + goto done; + } +@@ -149,7 +154,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (! ok) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +@@ -190,7 +197,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (buffer_size == NULL) + *status = NSS_STATUS_SUCCESS; + else +- *result = resbuf; ++ *result = resbuf; + goto done; + } + +@@ -201,15 +208,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + + if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':') + { +- const char *cp; +- char *hostname; +- typedef unsigned char host_addr_t[16]; +- host_addr_t *host_addr; +- typedef char *host_addr_list_t[2]; +- host_addr_list_t *h_addr_ptrs; +- size_t size_needed; +- int addr_size; +- + switch (af) + { + default: +@@ -225,7 +223,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + /* This is not possible. We cannot represent an IPv6 address + in an `struct in_addr' variable. */ + *h_errnop = HOST_NOT_FOUND; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else ++ *result = NULL; + goto done; + + case AF_INET6: +@@ -233,42 +234,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + break; + } + +- size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); +- +- if (buffer_size == NULL && buflen < size_needed) +- { +- if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; +- __set_errno (ERANGE); +- goto done; +- } +- else if (buffer_size != NULL && *buffer_size < size_needed) +- { +- char *new_buf; +- *buffer_size = size_needed; +- new_buf = realloc (*buffer, *buffer_size); +- +- if (new_buf == NULL) +- { +- save = errno; +- free (*buffer); +- __set_errno (save); +- *buffer = NULL; +- *buffer_size = 0; +- *result = NULL; +- goto done; +- } +- *buffer = new_buf; +- } +- +- memset (*buffer, '\0', size_needed); +- +- host_addr = (host_addr_t *) *buffer; +- h_addr_ptrs = (host_addr_list_t *) +- ((char *) host_addr + sizeof (*host_addr)); +- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs); +- + for (cp = name;; ++cp) + { + if (!*cp) +@@ -281,7 +246,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (inet_pton (AF_INET6, name, host_addr) <= 0) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +--- nss/getXXbyYY_r.c.orig ++++ nss/getXXbyYY_r.c +@@ -179,6 +179,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer, + case -1: + return errno; + case 1: ++#ifdef NEED_H_ERRNO ++ any_service = true; ++#endif + goto done; + } + #endif +--- /dev/null ++++ nss/test-digits-dots.c +@@ -0,0 +1,38 @@ ++/* Copyright (C) 2013 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* Testcase for BZ #15014 */ ++ ++#include <stdlib.h> ++#include <netdb.h> ++#include <errno.h> ++ ++static int ++do_test (void) ++{ ++ char buf[32]; ++ struct hostent *result = NULL; ++ struct hostent ret; ++ int h_err = 0; ++ int err; ++ ++ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err); ++ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" diff --git a/libs/glibc/ghost.patch b/libs/glibc/ghost.patch new file mode 100644 index 0000000000..55691f9414 --- /dev/null +++ b/libs/glibc/ghost.patch @@ -0,0 +1,231 @@ +# Rearranged official patch from: https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd +# for our glibc-2.13 in stable grimoire to fix GHOST vulnerability (CVE-2015-0235) + +--- ChangeLog.orig 2015-01-28 18:25:55.536487254 +0300 ++++ ChangeLog 2015-01-28 18:35:46.505997423 +0300 +@@ -1,3 +1,17 @@ ++2013-05-21 Andreas Schwab <schwab@suse.de> ++ ++ [BZ #15014] ++ * nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME)) ++ [HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was ++ successful. ++ * nss/digits_dots.c (__nss_hostname_digits_dots): Remove ++ redundant variable declarations and reallocation of buffer when ++ parsing as IPv6 address. Always set NSS status when called from ++ reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when ++ buffer too small. Correct computation of needed size. ++ * nss/Makefile (tests): Add test-digits-dots. ++ * nss/test-digits-dots.c: New test. ++ + 2011-01-17 Ulrich Drepper <drepper@gmail.com> + + * version.h (RELEASE): Bump for 2.13 release. +--- nss/Makefile.orig ++++ nss/Makefile +@@ -37,7 +37,7 @@ install-bin := getent makedb + makedb-modules = xmalloc hash-string + extra-objs += $(makedb-modules:=.o) + +-tests = test-netdb tst-nss-test1 ++tests = test-netdb tst-nss-test1 test-digits-dots + xtests = bug-erange + + include ../Makeconfig +--- nss/digits_dots.c.orig ++++ nss/digits_dots.c +@@ -46,7 +46,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + { + if (h_errnop) + *h_errnop = NETDB_INTERNAL; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_TRYAGAIN; ++ else ++ *result = NULL; + return -1; + } + +@@ -83,14 +86,16 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + } + + size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); ++ + sizeof (*h_addr_ptrs) ++ + sizeof (*h_alias_ptr) + strlen (name) + 1); + + if (buffer_size == NULL) + { + if (buflen < size_needed) + { ++ *status = NSS_STATUS_TRYAGAIN; + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + __set_errno (ERANGE); + goto done; + } +@@ -109,7 +114,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + *buffer_size = 0; + __set_errno (save); + if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; ++ *h_errnop = NETDB_INTERNAL; + *result = NULL; + goto done; + } +@@ -149,7 +154,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (! ok) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +@@ -190,7 +197,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (buffer_size == NULL) + *status = NSS_STATUS_SUCCESS; + else +- *result = resbuf; ++ *result = resbuf; + goto done; + } + +@@ -201,15 +208,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + + if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':') + { +- const char *cp; +- char *hostname; +- typedef unsigned char host_addr_t[16]; +- host_addr_t *host_addr; +- typedef char *host_addr_list_t[2]; +- host_addr_list_t *h_addr_ptrs; +- size_t size_needed; +- int addr_size; +- + switch (af) + { + default: +@@ -225,7 +223,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + /* This is not possible. We cannot represent an IPv6 address + in an `struct in_addr' variable. */ + *h_errnop = HOST_NOT_FOUND; +- *result = NULL; ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else ++ *result = NULL; + goto done; + + case AF_INET6: +@@ -233,42 +234,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + break; + } + +- size_needed = (sizeof (*host_addr) +- + sizeof (*h_addr_ptrs) + strlen (name) + 1); +- +- if (buffer_size == NULL && buflen < size_needed) +- { +- if (h_errnop != NULL) +- *h_errnop = TRY_AGAIN; +- __set_errno (ERANGE); +- goto done; +- } +- else if (buffer_size != NULL && *buffer_size < size_needed) +- { +- char *new_buf; +- *buffer_size = size_needed; +- new_buf = realloc (*buffer, *buffer_size); +- +- if (new_buf == NULL) +- { +- save = errno; +- free (*buffer); +- __set_errno (save); +- *buffer = NULL; +- *buffer_size = 0; +- *result = NULL; +- goto done; +- } +- *buffer = new_buf; +- } +- +- memset (*buffer, '\0', size_needed); +- +- host_addr = (host_addr_t *) *buffer; +- h_addr_ptrs = (host_addr_list_t *) +- ((char *) host_addr + sizeof (*host_addr)); +- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs); +- + for (cp = name;; ++cp) + { + if (!*cp) +@@ -281,7 +246,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, + if (inet_pton (AF_INET6, name, host_addr) <= 0) + { + *h_errnop = HOST_NOT_FOUND; +- if (buffer_size) ++ if (buffer_size == NULL) ++ *status = NSS_STATUS_NOTFOUND; ++ else + *result = NULL; + goto done; + } +--- nss/getXXbyYY_r.c.orig ++++ nss/getXXbyYY_r.c +@@ -179,6 +179,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer, + case -1: + return errno; + case 1: ++#ifdef NEED_H_ERRNO ++ any_service = true; ++#endif + goto done; + } + #endif +--- /dev/null ++++ nss/test-digits-dots.c +@@ -0,0 +1,38 @@ ++/* Copyright (C) 2013 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <http://www.gnu.org/licenses/>. */ ++ ++/* Testcase for BZ #15014 */ ++ ++#include <stdlib.h> ++#include <netdb.h> ++#include <errno.h> ++ ++static int ++do_test (void) ++{ ++ char buf[32]; ++ struct hostent *result = NULL; ++ struct hostent ret; ++ int h_err = 0; ++ int err; ++ ++ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err); ++ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" diff --git a/libs/glibc/glibc-2.3-20050725.tar.bz2.sig b/libs/glibc/glibc-2.3-20050725.tar.bz2.sig Binary files differdeleted file mode 100644 index 93072c5ca6..0000000000 --- a/libs/glibc/glibc-2.3-20050725.tar.bz2.sig +++ /dev/null |