r6648 - in glibc-package/branches/glibc-branch-jessie/debian: . patches
Author: aurel32
Date: 2015-10-18 21:08:35 +0000 (Sun, 18 Oct 2015)
New Revision: 6648
Modified:
glibc-package/branches/glibc-branch-jessie/debian/changelog
glibc-package/branches/glibc-branch-jessie/debian/patches/git-updates.diff
Log:
Fix data corruption while reading the NSS files database
(CVE-2015-5277). Closes: #799966.
Modified: glibc-package/branches/glibc-branch-jessie/debian/changelog
===================================================================
--- glibc-package/branches/glibc-branch-jessie/debian/changelog 2015-10-18 20:36:25 UTC (rev 6647)
+++ glibc-package/branches/glibc-branch-jessie/debian/changelog 2015-10-18 21:08:35 UTC (rev 6648)
@@ -4,6 +4,8 @@
* Update from upstream stable branch:
- Fix getaddrinfo sometimes returning uninitialized data with nscd.
Closes: #798515.
+ - Fix data corruption while reading the NSS files database
+ (CVE-2015-5277). Closes: #799966.
[ Henrique de Moraes Holschuh ]
* Replace patches/amd64/local-blacklist-on-TSX-Haswell.diff by
Modified: glibc-package/branches/glibc-branch-jessie/debian/patches/git-updates.diff
===================================================================
--- glibc-package/branches/glibc-branch-jessie/debian/patches/git-updates.diff 2015-10-18 20:36:25 UTC (rev 6647)
+++ glibc-package/branches/glibc-branch-jessie/debian/patches/git-updates.diff 2015-10-18 21:08:35 UTC (rev 6648)
@@ -1,10 +1,16 @@
GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from glibc-2.19
diff --git a/ChangeLog b/ChangeLog
-index 81c393a..6aff2a2 100644
+index 81c393a..815acf0 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,358 @@
+@@ -1,3 +1,364 @@
++2014-06-23 Andreas Schwab <schwab@suse.de>
++
++ [BZ #17079]
++ * nss/nss_files/files-XXX.c (get_contents): Store overflow marker
++ before reading the next line.
++
+2015-10-02 Andreas Schwab <schwab@suse.de>
+
+ * sysdeps/posix/getaddrinfo.c (gaih_inet): Advance address pointer
@@ -364,7 +370,7 @@
[BZ #16529]
diff --git a/NEWS b/NEWS
-index 98b479e..fb0fa3c 100644
+index 98b479e..ed33f47 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,59 @@ See the end for copying conditions.
@@ -376,8 +382,8 @@
+* The following bugs are resolved with this release:
+
+ 15946, 16545, 16574, 16623, 16657, 16695, 16743, 16878, 16882, 16885,
-+ 16916, 16932, 16943, 16958, 17048, 17069, 17137, 17153, 17213, 17263,
-+ 17325, 17555, 18287.
++ 16916, 16932, 16943, 16958, 17048, 17069, 17079, 17137, 17153, 17213,
++ 17263, 17325, 17555, 18287.
+
+* A buffer overflow in gethostbyname_r and related functions performing DNS
+ requests has been fixed. If the NSS functions were called with a
@@ -1735,6 +1741,24 @@
}
enum nss_status (*endfct) (struct __netgrent *);
+diff --git a/nss/nss_files/files-XXX.c b/nss/nss_files/files-XXX.c
+index 36242f9..d4cd95e 100644
+--- a/nss/nss_files/files-XXX.c
++++ b/nss/nss_files/files-XXX.c
+@@ -198,10 +198,12 @@ get_contents (char *linebuf, size_t len, FILE *stream)
+ {
+ int curlen = ((remaining_len > (size_t) INT_MAX) ? INT_MAX
+ : remaining_len);
+- char *p = fgets_unlocked (curbuf, curlen, stream);
+
++ /* Terminate the line so that we can test for overflow. */
+ ((unsigned char *) curbuf)[curlen - 1] = 0xff;
+
++ char *p = fgets_unlocked (curbuf, curlen, stream);
++
+ /* EOF or read error. */
+ if (p == NULL)
+ return gcr_error;
diff --git a/nss/nss_files/files-netgrp.c b/nss/nss_files/files-netgrp.c
index 34eae4c..bc0b367 100644
--- a/nss/nss_files/files-netgrp.c
Reply to: