Bug#797246: jessie-pu: package glibc/2.19-18+deb8u1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
I would like to update the glibc in jessie using the upstream stable
branch. It only contains 3 small commits, fixing important bugs and
one security issue:
- Fix pthread_mutex_trylock with lock elision. Closes: #759197,
#788999.
- Fix gprof entry point on ppc64el. Closes: #794222.
- Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
Closes: #796105.
You'll fine the debdiff compared to the jessie version attached.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Index: changelog
===================================================================
--- changelog
+++ changelog
@@ -1,3 +1,15 @@
+glibc (2.19-18+deb8u1) stable; urgency=medium
+
+ [ Aurelien Jarno ]
+ * Update from upstream stable branch:
+ - Fix pthread_mutex_trylock with lock elision. Closes: #759197,
+ #788999.
+ - Fix gprof entry point on ppc64el. Closes: #794222.
+ - Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
+ Closes: #796105.
+
+ -- Aurelien Jarno <aurel32@debian.org> Fri, 28 Aug 2015 23:25:37 +0200
+
glibc (2.19-18) unstable; urgency=medium
[ Aurelien Jarno ]
Index: patches/git-updates.diff
===================================================================
--- patches/git-updates.diff
+++ patches/git-updates.diff
@@ -1,10 +1,30 @@
GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from glibc-2.19
diff --git a/ChangeLog b/ChangeLog
-index 81c393a..cecd6ec 100644
+index 81c393a..0eb6c3f 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,321 @@
+@@ -1,3 +1,341 @@
++2015-04-21 Arjun Shankar <arjun.is@lostca.se>
++
++ [BZ #18287]
++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++ based on padding. (CVE-2015-1781)
++
++2014-12-11 Andreas Schwab <schwab@suse.de>
++
++ [BZ #16657]
++ * nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock): Use
++ FORCE_ELISION instead of DO_ELISION.
++ * nptl/sysdeps/unix/sysv/linux/x86/force-elision.h (DO_ELISION):
++ Remove.
++
++2013-07-29 Adhemerval Zanella <azanella@linux.vnet.ibm.com>
++
++ [BZ #17213]
++ * sysdeps/powerpc/powerpc64/entry.h: Fix TEXT_START definition for
++ powerpc64le.
++
+2014-11-11 Renlin Li <Renlin.Li@arm.com>
+
+ [BZ #17555]
@@ -327,10 +347,10 @@
[BZ #16529]
diff --git a/NEWS b/NEWS
-index 98b479e..d74f4a6 100644
+index 98b479e..7f9388f 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,51 @@ See the end for copying conditions.
+@@ -5,6 +5,59 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -338,9 +358,17 @@
+
+* The following bugs are resolved with this release:
+
-+ 15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932,
-+ 16943, 16958, 17048, 17069, 17137, 17263, 17325, 17555.
++ 15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916,
++ 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555,
++ 18287.
+
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++ requests has been fixed. If the NSS functions were called with a
++ misaligned buffer, the buffer length change due to pointer alignment was
++ not taken into account. This could result in application crashes or,
++ potentially arbitrary code execution, using crafted, but syntactically
++ valid DNS responses. (CVE-2015-1781)
++
+* Reverted change of ABI data structures for s390 and s390x:
+ On s390 and s390x the size of struct ucontext and jmp_buf was increased in
+ 2.19. This change is reverted in 2.19.1 and 2.20. The introduced 2.19 symbol
@@ -1354,6 +1382,40 @@
tst-cond1 tst-cond2 tst-cond3 tst-cond4 tst-cond5 tst-cond6 tst-cond7 \
tst-cond8 tst-cond9 tst-cond10 tst-cond11 tst-cond12 tst-cond13 \
tst-cond14 tst-cond15 tst-cond16 tst-cond17 tst-cond18 tst-cond19 \
+diff --git a/nptl/pthread_mutex_trylock.c b/nptl/pthread_mutex_trylock.c
+index 4d5f75d..1157320 100644
+--- a/nptl/pthread_mutex_trylock.c
++++ b/nptl/pthread_mutex_trylock.c
+@@ -26,8 +26,8 @@
+ #define lll_trylock_elision(a,t) lll_trylock(a)
+ #endif
+
+-#ifndef DO_ELISION
+-#define DO_ELISION(m) 0
++#ifndef FORCE_ELISION
++#define FORCE_ELISION(m, s)
+ #endif
+
+ /* We don't force elision in trylock, because this can lead to inconsistent
+@@ -69,7 +69,7 @@ __pthread_mutex_trylock (mutex)
+ break;
+
+ case PTHREAD_MUTEX_TIMED_ELISION_NP:
+- elision:
++ elision: __attribute__((unused))
+ if (lll_trylock_elision (mutex->__data.__lock,
+ mutex->__data.__elision) != 0)
+ break;
+@@ -77,8 +77,7 @@ __pthread_mutex_trylock (mutex)
+ return 0;
+
+ case PTHREAD_MUTEX_TIMED_NP:
+- if (DO_ELISION (mutex))
+- goto elision;
++ FORCE_ELISION (mutex, goto elision);
+ /*FALL THROUGH*/
+ case PTHREAD_MUTEX_ADAPTIVE_NP:
+ case PTHREAD_MUTEX_ERRORCHECK_NP:
diff --git a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S b/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
index ea863d7..3accc69 100644
--- a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
@@ -1474,6 +1536,22 @@
+versioned_symbol (libpthread, __v1siglongjmp, siglongjmp, GLIBC_2_0);
+compat_symbol (libpthread, __v2siglongjmp, siglongjmp, GLIBC_2_19);
+#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20)) */
+diff --git a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+index 945f886..a767cf1 100644
+--- a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
++++ b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+@@ -16,11 +16,6 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+-/* Check for elision on this lock without upgrading. */
+-#define DO_ELISION(m) \
+- (__pthread_force_elision \
+- && (m->__data.__kind & PTHREAD_MUTEX_NO_ELISION_NP) == 0) \
+-
+ /* Automatically enable elision for existing user lock kinds. */
+ #define FORCE_ELISION(m, s) \
+ if (__pthread_force_elision \
diff --git a/nptl/tst-spin4.c b/nptl/tst-spin4.c
new file mode 100644
index 0000000..5b23a17
@@ -2138,7 +2216,7 @@
{
/* We need to decode the response. Just one question record.
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index f8f192e..f0b4b17 100644
+index f8f192e..f36d28b 100644
--- a/resolv/nss_dns/dns-host.c
+++ b/resolv/nss_dns/dns-host.c
@@ -190,7 +190,7 @@ _nss_dns_gethostbyname3_r (const char *name, int af, struct hostent *result,
@@ -2228,6 +2306,16 @@
}
if (n < 0)
{
+@@ -613,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+ int have_to_map = 0;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++ buflen = buflen > pad ? buflen - pad : 0;
++ if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+ {
+ /* The buffer is too small. */
+ too_small:
diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
index 8e80a60..13ad38c 100644
--- a/resolv/nss_dns/dns-network.c
@@ -2613,6 +2701,23 @@
res = do_sin (u, y, db, &cor);
cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps;
retval = ((res == res + cor) ? ((m) ? res : -res)
+diff --git a/sysdeps/powerpc/powerpc64/entry.h b/sysdeps/powerpc/powerpc64/entry.h
+index 76ead1d..30553c1 100644
+--- a/sysdeps/powerpc/powerpc64/entry.h
++++ b/sysdeps/powerpc/powerpc64/entry.h
+@@ -23,6 +23,7 @@ extern void _start (void);
+
+ #define ENTRY_POINT _start
+
++#if _CALL_ELF != 2
+ /* We have to provide a special declaration. */
+ #define ENTRY_POINT_DECL(class) class void _start (void);
+
+@@ -33,3 +34,4 @@ extern void _start (void);
+ #define TEXT_START \
+ ({ extern unsigned long int _start_as_data[] asm ("_start"); \
+ _start_as_data[0]; })
++#endif
diff --git a/sysdeps/s390/Makefile b/sysdeps/s390/Makefile
deleted file mode 100644
index 42978dc..0000000
Reply to: