Bug#928143: unblock: glibc/2.28-9
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Dear release team,
The glibc package in version 2.28-9 currently in sid mostly updates the
git-updates.diff patch to the latest upstream stable branch:
- Fix security issue CVE-2019-9169.
- Support for the new Reiwa era to the ja_JP which seems to be something
quite important for Japanese people.
- Support for vector instructions related hwcap on s390x to allow one to
provide shared libraries (not) tuned for the corresponding platforms.
- Fix for a riscv specific issue in a file which is not used on other
architectures, so with no risk for them.
- Fix for memusagestat's Makefile related code, which has no impact on
the generated code.
In addition to that it includes a fix for a bug in dlopen introduced by
an arm patch, but affecting all architectures.
I believe that all the above changes are suitable for buster. If you
agree, could you please unblock package glibc:
unblock glibc/2.28-9
Thanks,
Aurelien
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
diff --git a/debian/changelog b/debian/changelog
index 24a46054..711bb67a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+glibc (2.28-9) unstable; urgency=medium
+
+ [ Aurelien Jarno ]
+ * debian/patches/git-updates.diff: update from upstream stable branch:
+ - Fix heap-based buffer over-read in regular-expression matching
+ (CVE-2019-9169). Closes: #924612.
+ - Add entry for the new Japanese era to the ja_JP locale. Closes:
+ #927914.
+
+ [ Adam Conrad ]
+ * debian/patches/arm/unsubmitted-ldso-abi-check.diff: Fix rtld segv in
+ dl_open() introduced via merge with upstream at 2.28 (LP: #1821677)
+
+ -- Aurelien Jarno <aurel32@debian.org> Thu, 25 Apr 2019 21:12:03 +0200
+
glibc (2.28-8) unstable; urgency=medium
[ Aurelien Jarno ]
diff --git a/debian/patches/arm/unsubmitted-ldso-abi-check.diff b/debian/patches/arm/unsubmitted-ldso-abi-check.diff
index 6c78c674..8a7cab12 100644
--- a/debian/patches/arm/unsubmitted-ldso-abi-check.diff
+++ b/debian/patches/arm/unsubmitted-ldso-abi-check.diff
@@ -222,10 +222,10 @@
if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
{
ElfW(Addr) size = ph->p_filesz;
-@@ -1751,6 +1955,21 @@
+@@ -1751,6 +1955,20 @@
+
+ break;
}
- free (abi_note_malloced);
- }
+ if (-1 != fd)
+ {
+ int error = arch_specific_checks(fd, name, ehdr);
@@ -239,8 +239,7 @@
+ goto call_lose;
+ }
+ }
-+
-+ }
++ }
+ free (abi_note_malloced);
+ }
- return fd;
- }
diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff
index 50d4962c..a6722cc9 100644
--- a/debian/patches/git-updates.diff
+++ b/debian/patches/git-updates.diff
@@ -1,10 +1,44 @@
GIT update of https://sourceware.org/git/glibc.git/release/2.28/master from glibc-2.28
diff --git a/ChangeLog b/ChangeLog
-index 08b42bd2f5..42fe0aeb1e 100644
+index 08b42bd2f5..609d5c1b19 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,784 @@
+@@ -1,3 +1,818 @@
++2019-04-24 Mike Frysinger <vapier@gentoo.org>
++
++ [BZ #18465]
++ * malloc/Makefile (others): Add memusagestat.
++ ($(objpfx)memusagestat): Delete rule.
++ (LDLIBS-memusagestat): New variable.
++
++2019-04-03 TAMUKI Shoichi <tamuki@linet.gr.jp>
++
++ [BZ #22964]
++ * localedata/locales/ja_JP (LC_TIME): Add entry for the new Japanese
++ era.
++
++2019-03-21 Stefan Liebler <stli@linux.ibm.com>
++
++ * sysdeps/s390/dl-procinfo.h (HWCAP_IMPORTANT):
++ Add HWCAP_S390_VX and HWCAP_S390_VXE.
++
++2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
++
++ CVE-2019-9169
++ regex: fix read overrun [BZ #24114]
++ Problem found by AddressSanitizer, reported by Hongxu Chen in:
++ https://debbugs.gnu.org/34140
++ * posix/regexec.c (proceed_next_node):
++ Do not read past end of input buffer.
++
++2018-11-07 Andreas Schwab <schwab@suse.de>
++
++ [BZ #23864]
++ * sysdeps/unix/sysv/linux/riscv/kernel-features.h
++ (__ASSUME_SET_ROBUST_LIST) [__LINUX_KERNEL_VERSION < 0x041400]:
++ Undef.
++
+2018-09-21 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ * NEWS: Add note about new TLE support on powerpc64le.
@@ -807,15 +841,19 @@ index 608ffe648c..f5e81bdf5d 100644
# We might want to compile with some stack-protection flag.
ifneq ($(stack-protector),)
diff --git a/NEWS b/NEWS
-index 154ab22d7c..60b15116d6 100644
+index 154ab22d7c..e8030d499a 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,77 @@ See the end for copying conditions.
+@@ -5,6 +5,87 @@ See the end for copying conditions.
Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+Version 2.28.1
+
++Major new features:
++
++* The entry for the new Japanese era has been added for ja_JP locale.
++
+Deprecated and removed features, and other changes affecting compatibility:
+
+* For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
@@ -829,6 +867,7 @@ index 154ab22d7c..60b15116d6 100644
+
+The following bugs are resolved with this release:
+
++ [18465] memusagestat: use local glibc when linking
+ [19444] build failures with -O1 due to -Wmaybe-uninitialized
+ [20018] getaddrinfo should reject IP addresses with trailing characters
+ [20209] localedata: Spelling mistake for Sunday in Greenlandic kl_GL
@@ -848,6 +887,7 @@ index 154ab22d7c..60b15116d6 100644
+ [23717] Fix stack overflow in stdlib/tst-setcontext9
+ [23821] si_band in siginfo_t has wrong type long int on sparc64
+ [23822] ia64 static libm.a is missing exp2f, log2f and powf symbols
++ [23864] libc: [riscv] missing kernel-features.h undefines
+ [23844] pthread_rwlock_trywrlock results in hang
+ [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591)
+ [23972] __old_getdents64 uses wrong d_off value on overflow
@@ -884,11 +924,15 @@ index 154ab22d7c..60b15116d6 100644
+ CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
+ addresses with arbitrary trailing characters, potentially leading to data
+ or command injection issues in applications.
++
++ CVE-2019-9169: Attempted case-insensitive regular-expression match
++ via proceed_next_node in posix/regexec.c leads to heap-based buffer
++ over-read. Reported by Hongxu Chen.
+
Version 2.28
Major new features:
-@@ -422,6 +493,8 @@ The following bugs are resolved with this release:
+@@ -422,6 +503,8 @@ The following bugs are resolved with this release:
[23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
processors
[23467] dynamic-link: x86/CET: A property note parser bug
@@ -1282,6 +1326,21 @@ index 9322ef68da..63f5227760 100644
+#define TIMEOUT 100
#define PREPARE prepare
#include <support/test-driver.c>
+diff --git a/localedata/locales/ja_JP b/localedata/locales/ja_JP
+index 1fd2fee44b..30190b6248 100644
+--- a/localedata/locales/ja_JP
++++ b/localedata/locales/ja_JP
+@@ -14946,7 +14946,9 @@ am_pm "<U5348><U524D>";"<U5348><U5F8C>"
+
+ t_fmt_ampm "%p%I<U6642>%M<U5206>%S<U79D2>"
+
+-era "+:2:1990//01//01:+*:<U5E73><U6210>:%EC%Ey<U5E74>";/
++era "+:2:2020//01//01:+*:<U4EE4><U548C>:%EC%Ey<U5E74>";/
++ "+:1:2019//05//01:2019//12//31:<U4EE4><U548C>:%EC<U5143><U5E74>";/
++ "+:2:1990//01//01:2019//04//30:<U5E73><U6210>:%EC%Ey<U5E74>";/
+ "+:1:1989//01//08:1989//12//31:<U5E73><U6210>:%EC<U5143><U5E74>";/
+ "+:2:1927//01//01:1989//01//07:<U662D><U548C>:%EC%Ey<U5E74>";/
+ "+:1:1926//12//25:1926//12//31:<U662D><U548C>:%EC<U5143><U5E74>";/
diff --git a/localedata/locales/kl_GL b/localedata/locales/kl_GL
index 5ab14a31aa..5723ce7dcf 100644
--- a/localedata/locales/kl_GL
@@ -1301,7 +1360,7 @@ index 5ab14a31aa..5723ce7dcf 100644
"marlunngorneq";/
"pingasunngorneq";/
diff --git a/malloc/Makefile b/malloc/Makefile
-index 7d54bad866..388cf7e9ee 100644
+index 7d54bad866..228a1279a5 100644
--- a/malloc/Makefile
+++ b/malloc/Makefile
@@ -38,6 +38,7 @@ tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
@@ -1312,6 +1371,24 @@ index 7d54bad866..388cf7e9ee 100644
tests-static := \
tst-interpose-static-nothread \
+@@ -130,6 +131,7 @@ ifneq ($(cross-compiling),yes)
+ # If the gd library is available we build the `memusagestat' program.
+ ifneq ($(LIBGD),no)
+ others: $(objpfx)memusage
++others += memusagestat
+ install-bin = memusagestat
+ install-bin-script += memusage
+ generated += memusagestat memusage
+@@ -153,8 +155,7 @@ cpp-srcs-left := $(memusagestat-modules)
+ lib := memusagestat
+ include $(patsubst %,$(..)libof-iterator.mk,$(cpp-srcs-left))
+
+-$(objpfx)memusagestat: $(memusagestat-modules:%=$(objpfx)%.o)
+- $(LINK.o) -o $@ $^ $(libgd-LDFLAGS) -lgd -lpng -lz -lm
++LDLIBS-memusagestat = $(libgd-LDFLAGS) -lgd -lpng -lz -lm
+
+ ifeq ($(run-built-tests),yes)
+ ifeq (yes,$(build-shared))
diff --git a/malloc/malloc.c b/malloc/malloc.c
index e247c77b7d..27cf6137c2 100644
--- a/malloc/malloc.c
@@ -4299,6 +4376,23 @@ index 7f0083b918..b10588f1cc 100644
{
wchar_t wcu = __towupper (wc);
if (wcu != wc)
+diff --git a/posix/regexec.c b/posix/regexec.c
+index 73644c2341..06b8487c3e 100644
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
+ else if (naccepted)
+ {
+ char *buf = (char *) re_string_get_buffer (&mctx->input);
+- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+- naccepted) != 0)
++ if (mctx->input.valid_len - *pidx < naccepted
++ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++ naccepted)
++ != 0))
+ return -1;
+ }
+ }
diff --git a/posix/tst-regcomp-truncated.c b/posix/tst-regcomp-truncated.c
new file mode 100644
index 0000000000..a4a1581bbc
@@ -7940,6 +8034,20 @@ index d8ba7ba427..ecb24f0a9b 100644
}
#endif /* dl-irel.h */
+diff --git a/sysdeps/s390/dl-procinfo.h b/sysdeps/s390/dl-procinfo.h
+index b0383bfb4c..f71d64c3ab 100644
+--- a/sysdeps/s390/dl-procinfo.h
++++ b/sysdeps/s390/dl-procinfo.h
+@@ -57,7 +57,8 @@ enum
+ };
+
+ #define HWCAP_IMPORTANT (HWCAP_S390_ZARCH | HWCAP_S390_LDISP \
+- | HWCAP_S390_EIMM | HWCAP_S390_DFP)
++ | HWCAP_S390_EIMM | HWCAP_S390_DFP \
++ | HWCAP_S390_VX | HWCAP_S390_VXE)
+
+ /* We cannot provide a general printing function. */
+ #define _dl_procinfo(type, word) -1
diff --git a/sysdeps/sparc/sparc32/dl-irel.h b/sysdeps/sparc/sparc32/dl-irel.h
index ffca36864f..cf47cda834 100644
--- a/sysdeps/sparc/sparc32/dl-irel.h
@@ -8561,6 +8669,19 @@ index d612ef4c6c..0b2042620b 100644
typedef int (*func_type) (void *, void *, unsigned long int);
+diff --git a/sysdeps/unix/sysv/linux/riscv/kernel-features.h b/sysdeps/unix/sysv/linux/riscv/kernel-features.h
+index 37f4d99a92..d21c824624 100644
+--- a/sysdeps/unix/sysv/linux/riscv/kernel-features.h
++++ b/sysdeps/unix/sysv/linux/riscv/kernel-features.h
+@@ -21,3 +21,8 @@
+
+ #undef __ASSUME_CLONE_DEFAULT
+ #define __ASSUME_CLONE_BACKWARDS 1
++
++/* No support for PI mutexes or robust futexes before 4.20. */
++#if __LINUX_KERNEL_VERSION < 0x041400
++# undef __ASSUME_SET_ROBUST_LIST
++#endif
diff --git a/sysdeps/unix/sysv/linux/s390/force-elision.h b/sysdeps/unix/sysv/linux/s390/force-elision.h
index d8a1b9972f..71f32367dd 100644
--- a/sysdeps/unix/sysv/linux/s390/force-elision.h
Reply to: