[glibc] 01/01: debian/patches/git-updates.diff: update from upstream stable branch:
This is an automated email from the git hooks/post-receive script.
aurel32 pushed a commit to branch sid
in repository glibc.
commit b07991b329a1352457ca14d94fde9ff81c6e5e12
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun Aug 13 19:58:44 2017 +0200
debian/patches/git-updates.diff: update from upstream stable branch:
* debian/patches/git-updates.diff: update from upstream stable branch:
- Avoid use-after-free read access in clntudp_call (CVE-2017-12133).
Closes: #870648.
---
debian/changelog | 3 +
debian/patches/git-updates.diff | 133 ++++++++++++++++++++++++++++++++++++++--
2 files changed, 130 insertions(+), 6 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 206c453..f11bd24 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
glibc (2.24-15) UNRELEASED; urgency=medium
[ Aurelien Jarno ]
+ * debian/patches/git-updates.diff: update from upstream stable branch:
+ - Avoid use-after-free read access in clntudp_call (CVE-2017-12133).
+ Closes: #870648.
* debian/control.in/*: Change back gcc-multilib to a Recommends for
biarch packages. It provides the /usr/include/linux/asm symlink.
* debian/control.in/x32: Add a gcc-multilib Recommends for libc6-dev-x32.
diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff
index 51f448e..8174cab 100644
--- a/debian/patches/git-updates.diff
+++ b/debian/patches/git-updates.diff
@@ -1,10 +1,24 @@
GIT update of git://sourceware.org/git/glibc.git/release/2.24/master from glibc-2.24
diff --git a/ChangeLog b/ChangeLog
-index c44c926094..e2d55512c4 100644
+index c44c926094..ecc0da0b02 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,608 @@
+@@ -1,3 +1,622 @@
++2017-08-06 H.J. Lu <hongjiu.lu@intel.com>
++
++ [BZ #21871]
++ * sysdeps/x86/cpu-features.c (init_cpu_features): Set
++ bit_arch_Use_dl_runtime_resolve_opt only with AVX512F.
++
++2017-02-27 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #21115]
++ * sunrpc/clnt_udp.c (clntudp_call): Free ancillary data later.
++ * sunrpc/Makefile (tests): Add tst-udp-error.
++ (tst-udp-error): Link against libc.so explicitly.
++ * sunrpc/tst-udp-error: New file.
++
+2017-01-24 James Clarke <jrtc27@jrtc27.com>
+
+ * sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym: Use new REG_R*
@@ -3513,6 +3527,110 @@ index 0000000000..2ece7ce575
+}
+
+command_$command
+diff --git a/sunrpc/Makefile b/sunrpc/Makefile
+index 789ef423e5..4373fffdec 100644
+--- a/sunrpc/Makefile
++++ b/sunrpc/Makefile
+@@ -96,7 +96,7 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \
+ extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
+ others += rpcgen
+
+-tests = tst-xdrmem tst-xdrmem2 test-rpcent
++tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error
+ xtests := tst-getmyaddr
+
+ ifeq ($(have-thread-library),yes)
+@@ -153,6 +153,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
+ $(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
++$(objpfx)tst-udp-error: $(common-objpfx)linkobj/libc.so
+
+ $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
+
+diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
+index 4d9acb1e6a..1de25cb771 100644
+--- a/sunrpc/clnt_udp.c
++++ b/sunrpc/clnt_udp.c
+@@ -421,9 +421,9 @@ send_again:
+ cmsg = CMSG_NXTHDR (&msg, cmsg))
+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
+ {
+- free (cbuf);
+ e = (struct sock_extended_err *) CMSG_DATA(cmsg);
+ cu->cu_error.re_errno = e->ee_errno;
++ free (cbuf);
+ return (cu->cu_error.re_status = RPC_CANTRECV);
+ }
+ free (cbuf);
+diff --git a/sunrpc/tst-udp-error.c b/sunrpc/tst-udp-error.c
+new file mode 100644
+index 0000000000..1efc02f5c6
+--- /dev/null
++++ b/sunrpc/tst-udp-error.c
+@@ -0,0 +1,62 @@
++/* Check for use-after-free in clntudp_call (bug 21115).
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <netinet/in.h>
++#include <rpc/clnt.h>
++#include <rpc/svc.h>
++#include <support/check.h>
++#include <support/namespace.h>
++#include <support/xsocket.h>
++#include <unistd.h>
++
++static int
++do_test (void)
++{
++ support_become_root ();
++ support_enter_network_namespace ();
++
++ /* Obtain a likely-unused port number. */
++ struct sockaddr_in sin =
++ {
++ .sin_family = AF_INET,
++ .sin_addr.s_addr = htonl (INADDR_LOOPBACK),
++ };
++ {
++ int fd = xsocket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
++ xbind (fd, (struct sockaddr *) &sin, sizeof (sin));
++ socklen_t sinlen = sizeof (sin);
++ xgetsockname (fd, (struct sockaddr *) &sin, &sinlen);
++ /* Close the socket, so that we will receive an error below. */
++ close (fd);
++ }
++
++ int sock = RPC_ANYSOCK;
++ CLIENT *clnt = clntudp_create
++ (&sin, 1, 2, (struct timeval) { 1, 0 }, &sock);
++ TEST_VERIFY_EXIT (clnt != NULL);
++ TEST_VERIFY (clnt_call (clnt, 3,
++ (xdrproc_t) xdr_void, NULL,
++ (xdrproc_t) xdr_void, NULL,
++ ((struct timeval) { 3, 0 }))
++ == RPC_CANTRECV);
++ clnt_destroy (clnt);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/support/Makefile b/support/Makefile
new file mode 100644
index 0000000000..20b0343ade
@@ -15125,7 +15243,7 @@ index 8332ade9fb..cdd2dea32a 100644
jae SYSCALL_ERROR_LABEL /* Branch forward if it failed. */
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
-index 9ce4b495a5..d1ee922290 100644
+index 9ce4b495a5..508ad2ae7b 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -133,8 +133,6 @@ init_cpu_features (struct cpu_features *cpu_features)
@@ -15137,7 +15255,7 @@ index 9ce4b495a5..d1ee922290 100644
case 0x5c:
case 0x5f:
-@@ -205,6 +203,30 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -205,6 +203,33 @@ init_cpu_features (struct cpu_features *cpu_features)
if (CPU_FEATURES_ARCH_P (cpu_features, AVX2_Usable))
cpu_features->feature[index_arch_AVX_Fast_Unaligned_Load]
|= bit_arch_AVX_Fast_Unaligned_Load;
@@ -15153,10 +15271,13 @@ index 9ce4b495a5..d1ee922290 100644
+ |= bit_arch_Prefer_No_AVX512;
+
+ /* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
-+ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
++ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt.
++ Use _dl_runtime_resolve_opt only with AVX512F since it is
++ slower than _dl_runtime_resolve_slow with AVX. */
+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
+ |= bit_arch_Use_dl_runtime_resolve_slow;
-+ if (cpu_features->max_cpuid >= 0xd)
++ if (CPU_FEATURES_ARCH_P (cpu_features, AVX512F_Usable)
++ && cpu_features->max_cpuid >= 0xd)
+ {
+ unsigned int eax;
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-glibc/glibc.git
Reply to: