[glibc] 01/01: debian/patches/git-updates.diff: update from upstream stable branch.
This is an automated email from the git hooks/post-receive script.
aurel32 pushed a commit to branch glibc-2.26
in repository glibc.
commit 807ce52ae4106c3dc2a6a98a88b4558a7f31d381
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat Dec 16 19:20:07 2017 +0100
debian/patches/git-updates.diff: update from upstream stable branch.
---
debian/patches/git-updates.diff | 200 +++++++++++++++++++++++++++++++++++++++-
1 file changed, 196 insertions(+), 4 deletions(-)
diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff
index 61dbf17..e112efc 100644
--- a/debian/patches/git-updates.diff
+++ b/debian/patches/git-updates.diff
@@ -1,10 +1,35 @@
GIT update of git://sourceware.org/git/glibc.git/release/2.26/master from glibc-2.26
diff --git a/ChangeLog b/ChangeLog
-index 8dbfc7eaff..b90e7eb827 100644
+index 8dbfc7eaff..55a17414ab 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,1032 @@
+@@ -1,3 +1,1057 @@
++2017-12-14 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #22607]
++ CVE-2017-1000409
++ * elf/dl-load.c (_dl_init_paths): Compute number of components in
++ the expanded path string.
++
++2017-12-14 Florian Weimer <fweimer@redhat.com>
++
++ [BZ #22606]
++ CVE-2017-1000408
++ * elf/dl-load.c (system_dirs): Update comment.
++ (nsystem_dirs_len): Use array_length.
++ (_dl_init_paths): Use nsystem_dirs_len to compute the array size.
++
++2017-11-02 Florian Weimer <fweimer@redhat.com>
++
++ Add array_length and array_end macros.
++ * include/array_length.h: New file.
++
++2017-10-27 H.J. Lu <hongjiu.lu@intel.com>
++
++ * sysdeps/i386/fpu/libm-test-ulps: Regenerated for GCC 7 with
++ "-O2 -march=i586".
++
+2017-12-13 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ * sysdeps/ia64/fpu/libm-test-ulps: Update.
@@ -1061,10 +1086,10 @@ index 9bb707c168..828a445f24 100644
# Don't try to use -lc when making libc.so itself.
# Also omits crti.o and crtn.o, which we do not want
diff --git a/NEWS b/NEWS
-index 8295f20c0a..8810b57cd9 100644
+index 8295f20c0a..2c49212cb5 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,81 @@ See the end for copying conditions.
+@@ -5,6 +5,92 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -1107,6 +1132,17 @@ index 8295f20c0a..8810b57cd9 100644
+ instead of NULL. This was a regression introduced with the new malloc
+ thread cache in glibc 2.26. Reported by Iain Buclaw.
+
++ CVE-2017-1000408: Incorrect array size computation in _dl_init_paths leads
++ to the allocation of too much memory. (This is not a security bug per se,
++ it is mentioned here only because of the CVE assignment.) Reported by
++ Qualys.
++
++ CVE-2017-1000409: Buffer overflow in _dl_init_paths due to miscomputation
++ of the number of search path components. (This is not a security
++ vulnerability per se because no trust boundary is crossed if the fix for
++ CVE-2017-1000366 has been applied, but it is mentioned here only because
++ of the CVE assignment.) Reported by Qualys.
++
+The following bugs are resolved with this release:
+
+ [16750] ldd: Never run file directly.
@@ -1377,6 +1413,79 @@ index 0280fba8a7..8bbbf2a121 100644
LDLIBS-crypt.so = -lfreebl3
else
libcrypt-routines += md5 sha256 sha512
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index c1b6d4ba0f..621403c05f 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -37,6 +37,7 @@
+ #include <sysdep.h>
+ #include <stap-probe.h>
+ #include <libc-pointer-arith.h>
++#include <array_length.h>
+
+ #include <dl-dst.h>
+ #include <dl-load.h>
+@@ -103,7 +104,9 @@ static size_t ncapstr attribute_relro;
+ static size_t max_capstrlen attribute_relro;
+
+
+-/* Get the generated information about the trusted directories. */
++/* Get the generated information about the trusted directories. Use
++ an array of concatenated strings to avoid relocations. See
++ gen-trusted-dirs.awk. */
+ #include "trusted-dirs.h"
+
+ static const char system_dirs[] = SYSTEM_DIRS;
+@@ -111,9 +114,7 @@ static const size_t system_dirs_len[] =
+ {
+ SYSTEM_DIRS_LEN
+ };
+-#define nsystem_dirs_len \
+- (sizeof (system_dirs_len) / sizeof (system_dirs_len[0]))
+-
++#define nsystem_dirs_len array_length (system_dirs_len)
+
+ static bool
+ is_trusted_path (const char *path, size_t len)
+@@ -688,9 +689,8 @@ _dl_init_paths (const char *llp)
+ + ncapstr * sizeof (enum r_dir_status))
+ / sizeof (struct r_search_path_elem));
+
+- rtld_search_dirs.dirs[0] = (struct r_search_path_elem *)
+- malloc ((sizeof (system_dirs) / sizeof (system_dirs[0]))
+- * round_size * sizeof (struct r_search_path_elem));
++ rtld_search_dirs.dirs[0] = malloc (nsystem_dirs_len * round_size
++ * sizeof (*rtld_search_dirs.dirs[0]));
+ if (rtld_search_dirs.dirs[0] == NULL)
+ {
+ errstring = N_("cannot create cache for search path");
+@@ -776,8 +776,6 @@ _dl_init_paths (const char *llp)
+
+ if (llp != NULL && *llp != '\0')
+ {
+- size_t nllp;
+- const char *cp = llp;
+ char *llp_tmp;
+
+ #ifdef SHARED
+@@ -800,13 +798,10 @@ _dl_init_paths (const char *llp)
+
+ /* Decompose the LD_LIBRARY_PATH contents. First determine how many
+ elements it has. */
+- nllp = 1;
+- while (*cp)
+- {
+- if (*cp == ':' || *cp == ';')
+- ++nllp;
+- ++cp;
+- }
++ size_t nllp = 1;
++ for (const char *cp = llp_tmp; *cp != '\0'; ++cp)
++ if (*cp == ':' || *cp == ';')
++ ++nllp;
+
+ env_path_list.dirs = (struct r_search_path_elem **)
+ malloc ((nllp + 1) * sizeof (struct r_search_path_elem *));
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index 231fb8ca93..d9975ef2d0 100644
--- a/elf/dl-tunables.c
@@ -1454,6 +1563,48 @@ index 7dd1fccf24..686785e235 100644
try_trace "$RTLD" "$file" || result=1
;;
*)
+diff --git a/include/array_length.h b/include/array_length.h
+new file mode 100644
+index 0000000000..cb4a8b2a56
+--- /dev/null
++++ b/include/array_length.h
+@@ -0,0 +1,36 @@
++/* The array_length and array_end macros.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _ARRAY_LENGTH_H
++#define _ARRAY_LENGTH_H
++
++/* array_length (VAR) is the number of elements in the array VAR. VAR
++ must evaluate to an array, not a pointer. */
++#define array_length(var) \
++ __extension__ ({ \
++ _Static_assert (!__builtin_types_compatible_p \
++ (__typeof (var), __typeof (&(var)[0])), \
++ "argument must be an array"); \
++ sizeof (var) / sizeof ((var)[0]); \
++ })
++
++/* array_end (VAR) is a pointer one past the end of the array VAR.
++ VAR must evaluate to an array, not a pointer. */
++#define array_end(var) (&(var)[array_length (var)])
++
++#endif /* _ARRAY_LENGTH_H */
diff --git a/include/libc-symbols.h b/include/libc-symbols.h
index 3310e3a678..5bf57703a9 100644
--- a/include/libc-symbols.h
@@ -11550,6 +11701,47 @@ index 0000000000..8ae01b9d95
+#define __PTHREAD_MUTEX_SPINS_OFFSET 36
+#define __PTHREAD_MUTEX_ELISION_OFFSET 22
+#define __PTHREAD_MUTEX_LIST_OFFSET 36
+diff --git a/sysdeps/i386/fpu/libm-test-ulps b/sysdeps/i386/fpu/libm-test-ulps
+index ed685de35d..a269c7c343 100644
+--- a/sysdeps/i386/fpu/libm-test-ulps
++++ b/sysdeps/i386/fpu/libm-test-ulps
+@@ -2693,30 +2693,30 @@ ldouble: 2
+
+ Function: "y1_downward":
+ double: 2
+-float: 2
++float: 3
+ float128: 4
+ idouble: 2
+-ifloat: 2
++ifloat: 3
+ ifloat128: 4
+ ildouble: 7
+ ldouble: 7
+
+ Function: "y1_towardzero":
+ double: 2
+-float: 2
++float: 3
+ float128: 2
+ idouble: 2
+-ifloat: 2
++ifloat: 3
+ ifloat128: 2
+ ildouble: 5
+ ldouble: 5
+
+ Function: "y1_upward":
+ double: 1
+-float: 2
++float: 3
+ float128: 5
+ idouble: 1
+-ifloat: 2
++ifloat: 3
+ ifloat128: 5
+ ildouble: 7
+ ldouble: 7
diff --git a/sysdeps/i386/i686/fpu/multiarch/libm-test-ulps b/sysdeps/i386/i686/fpu/multiarch/libm-test-ulps
index 81dd1a09ea..053f5ec972 100644
--- a/sysdeps/i386/i686/fpu/multiarch/libm-test-ulps
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-glibc/glibc.git
Reply to: