Bug#797246: jessie-pu: package glibc/2.19-18+deb8u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#797246: jessie-pu: package glibc/2.19-18+deb8u1
From: Aurelien Jarno <aurel32@debian.org>
Date: Fri, 28 Aug 2015 23:29:42 +0200
Message-id: <[🔎] 20150828212942.22648.60252.reportbug@weber.rr44.fr>
Reply-to: Aurelien Jarno <aurel32@debian.org>, 797246@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

I would like to update the glibc in jessie using the upstream stable
branch. It only contains 3 small commits, fixing important bugs and
one security issue:

- Fix pthread_mutex_trylock with lock elision.  Closes: #759197,
  #788999.
- Fix gprof entry point on ppc64el.  Closes: #794222.
- Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
  Closes: #796105.

You'll fine the debdiff compared to the jessie version attached.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Index: changelog
===================================================================
--- changelog
+++ changelog
@@ -1,3 +1,15 @@
+glibc (2.19-18+deb8u1) stable; urgency=medium
+
+  [ Aurelien Jarno ]
+  * Update from upstream stable branch:
+    - Fix pthread_mutex_trylock with lock elision.  Closes: #759197,
+      #788999.
+    - Fix gprof entry point on ppc64el.  Closes: #794222.
+    - Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
+      Closes: #796105.
+
+ -- Aurelien Jarno <aurel32@debian.org>  Fri, 28 Aug 2015 23:25:37 +0200
+
 glibc (2.19-18) unstable; urgency=medium
 
   [ Aurelien Jarno ]
Index: patches/git-updates.diff
===================================================================
--- patches/git-updates.diff
+++ patches/git-updates.diff
@@ -1,10 +1,30 @@
 GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from glibc-2.19
 
 diff --git a/ChangeLog b/ChangeLog
-index 81c393a..cecd6ec 100644
+index 81c393a..0eb6c3f 100644
 --- a/ChangeLog
 +++ b/ChangeLog
-@@ -1,3 +1,321 @@
+@@ -1,3 +1,341 @@
++2015-04-21  Arjun Shankar  <arjun.is@lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
++2014-12-11  Andreas Schwab  <schwab@suse.de>
++
++	[BZ #16657]
++	* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock): Use
++	FORCE_ELISION instead of DO_ELISION.
++	* nptl/sysdeps/unix/sysv/linux/x86/force-elision.h (DO_ELISION):
++	Remove.
++
++2013-07-29  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
++
++	[BZ #17213]
++	* sysdeps/powerpc/powerpc64/entry.h: Fix TEXT_START definition for
++	powerpc64le.
++
 +2014-11-11  Renlin Li  <Renlin.Li@arm.com>
 +
 +	[BZ #17555]
@@ -327,10 +347,10 @@
  
  	[BZ #16529]
 diff --git a/NEWS b/NEWS
-index 98b479e..d74f4a6 100644
+index 98b479e..7f9388f 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -5,6 +5,51 @@ See the end for copying conditions.
+@@ -5,6 +5,59 @@ See the end for copying conditions.
  Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
  using `glibc' in the "product" field.
  
@@ -338,9 +358,17 @@
 +
 +* The following bugs are resolved with this release:
 +
-+  15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932,
-+  16943, 16958, 17048, 17069, 17137, 17263, 17325, 17555.
++  15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916,
++  16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555,
++  18287.
 +
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
++
 +* Reverted change of ABI data structures for s390 and s390x:
 +  On s390 and s390x the size of struct ucontext and jmp_buf was increased in
 +  2.19. This change is reverted in 2.19.1 and 2.20. The introduced 2.19 symbol
@@ -1354,6 +1382,40 @@
  	tst-cond1 tst-cond2 tst-cond3 tst-cond4 tst-cond5 tst-cond6 tst-cond7 \
  	tst-cond8 tst-cond9 tst-cond10 tst-cond11 tst-cond12 tst-cond13 \
  	tst-cond14 tst-cond15 tst-cond16 tst-cond17 tst-cond18 tst-cond19 \
+diff --git a/nptl/pthread_mutex_trylock.c b/nptl/pthread_mutex_trylock.c
+index 4d5f75d..1157320 100644
+--- a/nptl/pthread_mutex_trylock.c
++++ b/nptl/pthread_mutex_trylock.c
+@@ -26,8 +26,8 @@
+ #define lll_trylock_elision(a,t) lll_trylock(a)
+ #endif
+ 
+-#ifndef DO_ELISION
+-#define DO_ELISION(m) 0
++#ifndef FORCE_ELISION
++#define FORCE_ELISION(m, s)
+ #endif
+ 
+ /* We don't force elision in trylock, because this can lead to inconsistent
+@@ -69,7 +69,7 @@ __pthread_mutex_trylock (mutex)
+       break;
+ 
+     case PTHREAD_MUTEX_TIMED_ELISION_NP:
+-    elision:
++    elision: __attribute__((unused))
+       if (lll_trylock_elision (mutex->__data.__lock,
+ 			       mutex->__data.__elision) != 0)
+         break;
+@@ -77,8 +77,7 @@ __pthread_mutex_trylock (mutex)
+       return 0;
+ 
+     case PTHREAD_MUTEX_TIMED_NP:
+-      if (DO_ELISION (mutex))
+-	goto elision;
++      FORCE_ELISION (mutex, goto elision);
+       /*FALL THROUGH*/
+     case PTHREAD_MUTEX_ADAPTIVE_NP:
+     case PTHREAD_MUTEX_ERRORCHECK_NP:
 diff --git a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S b/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
 index ea863d7..3accc69 100644
 --- a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
@@ -1474,6 +1536,22 @@
 +versioned_symbol (libpthread, __v1siglongjmp, siglongjmp, GLIBC_2_0);
 +compat_symbol (libpthread, __v2siglongjmp, siglongjmp, GLIBC_2_19);
 +#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20))  */
+diff --git a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+index 945f886..a767cf1 100644
+--- a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
++++ b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+@@ -16,11 +16,6 @@
+    License along with the GNU C Library; if not, see
+    <http://www.gnu.org/licenses/>.  */
+ 
+-/* Check for elision on this lock without upgrading.  */
+-#define DO_ELISION(m)							\
+-  (__pthread_force_elision						\
+-   && (m->__data.__kind & PTHREAD_MUTEX_NO_ELISION_NP) == 0)		\
+-
+ /* Automatically enable elision for existing user lock kinds.  */
+ #define FORCE_ELISION(m, s)						\
+   if (__pthread_force_elision						\
 diff --git a/nptl/tst-spin4.c b/nptl/tst-spin4.c
 new file mode 100644
 index 0000000..5b23a17
@@ -2138,7 +2216,7 @@
  	{
  	  /* We need to decode the response.  Just one question record.
 diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index f8f192e..f0b4b17 100644
+index f8f192e..f36d28b 100644
 --- a/resolv/nss_dns/dns-host.c
 +++ b/resolv/nss_dns/dns-host.c
 @@ -190,7 +190,7 @@ _nss_dns_gethostbyname3_r (const char *name, int af, struct hostent *result,
@@ -2228,6 +2306,16 @@
      }
    if (n < 0)
      {
+@@ -613,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+     {
+       /* The buffer is too small.  */
+     too_small:
 diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
 index 8e80a60..13ad38c 100644
 --- a/resolv/nss_dns/dns-network.c
@@ -2613,6 +2701,23 @@
  	      res = do_sin (u, y, db, &cor);
  	      cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps;
  	      retval = ((res == res + cor) ? ((m) ? res : -res)
+diff --git a/sysdeps/powerpc/powerpc64/entry.h b/sysdeps/powerpc/powerpc64/entry.h
+index 76ead1d..30553c1 100644
+--- a/sysdeps/powerpc/powerpc64/entry.h
++++ b/sysdeps/powerpc/powerpc64/entry.h
+@@ -23,6 +23,7 @@ extern void _start (void);
+ 
+ #define ENTRY_POINT _start
+ 
++#if _CALL_ELF != 2
+ /* We have to provide a special declaration.  */
+ #define ENTRY_POINT_DECL(class) class void _start (void);
+ 
+@@ -33,3 +34,4 @@ extern void _start (void);
+ #define TEXT_START \
+   ({ extern unsigned long int _start_as_data[] asm ("_start");  \
+      _start_as_data[0]; })
++#endif
 diff --git a/sysdeps/s390/Makefile b/sysdeps/s390/Makefile
 deleted file mode 100644
 index 42978dc..0000000

Reply to:

Prev by Date: r6492 - glibc-package/branches/glibc-branch-jessie/debian
Next by Date: r6493 - glibc-package/branches/glibc-branch-jessie/debian/patches
Previous by thread: r6492 - glibc-package/branches/glibc-branch-jessie/debian
Next by thread: r6493 - glibc-package/branches/glibc-branch-jessie/debian/patches
Index(es):
- Date
- Thread