[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#797246: marked as done (jessie-pu: package glibc/2.19-18+deb8u1)

Your message dated Sat, 05 Sep 2015 14:31:07 +0100
with message-id <1441459867.2151.32.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for 8.2
has caused the Debian Bug report #797246,
regarding jessie-pu: package glibc/2.19-18+deb8u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
797246: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797246
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

I would like to update the glibc in jessie using the upstream stable
branch. It only contains 3 small commits, fixing important bugs and
one security issue:

- Fix pthread_mutex_trylock with lock elision.  Closes: #759197,
  #788999.
- Fix gprof entry point on ppc64el.  Closes: #794222.
- Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
  Closes: #796105.

You'll fine the debdiff compared to the jessie version attached.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Index: changelog
===================================================================
--- changelog
+++ changelog
@@ -1,3 +1,15 @@
+glibc (2.19-18+deb8u1) stable; urgency=medium
+
+  [ Aurelien Jarno ]
+  * Update from upstream stable branch:
+    - Fix pthread_mutex_trylock with lock elision.  Closes: #759197,
+      #788999.
+    - Fix gprof entry point on ppc64el.  Closes: #794222.
+    - Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781)
+      Closes: #796105.
+
+ -- Aurelien Jarno <aurel32@debian.org>  Fri, 28 Aug 2015 23:25:37 +0200
+
 glibc (2.19-18) unstable; urgency=medium
 
   [ Aurelien Jarno ]
Index: patches/git-updates.diff
===================================================================
--- patches/git-updates.diff
+++ patches/git-updates.diff
@@ -1,10 +1,30 @@
 GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from glibc-2.19
 
 diff --git a/ChangeLog b/ChangeLog
-index 81c393a..cecd6ec 100644
+index 81c393a..0eb6c3f 100644
 --- a/ChangeLog
 +++ b/ChangeLog
-@@ -1,3 +1,321 @@
+@@ -1,3 +1,341 @@
++2015-04-21  Arjun Shankar  <arjun.is@lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
++2014-12-11  Andreas Schwab  <schwab@suse.de>
++
++	[BZ #16657]
++	* nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock): Use
++	FORCE_ELISION instead of DO_ELISION.
++	* nptl/sysdeps/unix/sysv/linux/x86/force-elision.h (DO_ELISION):
++	Remove.
++
++2013-07-29  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
++
++	[BZ #17213]
++	* sysdeps/powerpc/powerpc64/entry.h: Fix TEXT_START definition for
++	powerpc64le.
++
 +2014-11-11  Renlin Li  <Renlin.Li@arm.com>
 +
 +	[BZ #17555]
@@ -327,10 +347,10 @@
  
  	[BZ #16529]
 diff --git a/NEWS b/NEWS
-index 98b479e..d74f4a6 100644
+index 98b479e..7f9388f 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -5,6 +5,51 @@ See the end for copying conditions.
+@@ -5,6 +5,59 @@ See the end for copying conditions.
  Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
  using `glibc' in the "product" field.
  
@@ -338,9 +358,17 @@
 +
 +* The following bugs are resolved with this release:
 +
-+  15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932,
-+  16943, 16958, 17048, 17069, 17137, 17263, 17325, 17555.
++  15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916,
++  16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555,
++  18287.
 +
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
++
 +* Reverted change of ABI data structures for s390 and s390x:
 +  On s390 and s390x the size of struct ucontext and jmp_buf was increased in
 +  2.19. This change is reverted in 2.19.1 and 2.20. The introduced 2.19 symbol
@@ -1354,6 +1382,40 @@
  	tst-cond1 tst-cond2 tst-cond3 tst-cond4 tst-cond5 tst-cond6 tst-cond7 \
  	tst-cond8 tst-cond9 tst-cond10 tst-cond11 tst-cond12 tst-cond13 \
  	tst-cond14 tst-cond15 tst-cond16 tst-cond17 tst-cond18 tst-cond19 \
+diff --git a/nptl/pthread_mutex_trylock.c b/nptl/pthread_mutex_trylock.c
+index 4d5f75d..1157320 100644
+--- a/nptl/pthread_mutex_trylock.c
++++ b/nptl/pthread_mutex_trylock.c
+@@ -26,8 +26,8 @@
+ #define lll_trylock_elision(a,t) lll_trylock(a)
+ #endif
+ 
+-#ifndef DO_ELISION
+-#define DO_ELISION(m) 0
++#ifndef FORCE_ELISION
++#define FORCE_ELISION(m, s)
+ #endif
+ 
+ /* We don't force elision in trylock, because this can lead to inconsistent
+@@ -69,7 +69,7 @@ __pthread_mutex_trylock (mutex)
+       break;
+ 
+     case PTHREAD_MUTEX_TIMED_ELISION_NP:
+-    elision:
++    elision: __attribute__((unused))
+       if (lll_trylock_elision (mutex->__data.__lock,
+ 			       mutex->__data.__elision) != 0)
+         break;
+@@ -77,8 +77,7 @@ __pthread_mutex_trylock (mutex)
+       return 0;
+ 
+     case PTHREAD_MUTEX_TIMED_NP:
+-      if (DO_ELISION (mutex))
+-	goto elision;
++      FORCE_ELISION (mutex, goto elision);
+       /*FALL THROUGH*/
+     case PTHREAD_MUTEX_ADAPTIVE_NP:
+     case PTHREAD_MUTEX_ERRORCHECK_NP:
 diff --git a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S b/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
 index ea863d7..3accc69 100644
 --- a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S
@@ -1474,6 +1536,22 @@
 +versioned_symbol (libpthread, __v1siglongjmp, siglongjmp, GLIBC_2_0);
 +compat_symbol (libpthread, __v2siglongjmp, siglongjmp, GLIBC_2_19);
 +#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20))  */
+diff --git a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+index 945f886..a767cf1 100644
+--- a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
++++ b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h
+@@ -16,11 +16,6 @@
+    License along with the GNU C Library; if not, see
+    <http://www.gnu.org/licenses/>.  */
+ 
+-/* Check for elision on this lock without upgrading.  */
+-#define DO_ELISION(m)							\
+-  (__pthread_force_elision						\
+-   && (m->__data.__kind & PTHREAD_MUTEX_NO_ELISION_NP) == 0)		\
+-
+ /* Automatically enable elision for existing user lock kinds.  */
+ #define FORCE_ELISION(m, s)						\
+   if (__pthread_force_elision						\
 diff --git a/nptl/tst-spin4.c b/nptl/tst-spin4.c
 new file mode 100644
 index 0000000..5b23a17
@@ -2138,7 +2216,7 @@
  	{
  	  /* We need to decode the response.  Just one question record.
 diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
-index f8f192e..f0b4b17 100644
+index f8f192e..f36d28b 100644
 --- a/resolv/nss_dns/dns-host.c
 +++ b/resolv/nss_dns/dns-host.c
 @@ -190,7 +190,7 @@ _nss_dns_gethostbyname3_r (const char *name, int af, struct hostent *result,
@@ -2228,6 +2306,16 @@
      }
    if (n < 0)
      {
+@@ -613,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__builtin_expect (buflen < sizeof (struct host_data), 0))
+     {
+       /* The buffer is too small.  */
+     too_small:
 diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
 index 8e80a60..13ad38c 100644
 --- a/resolv/nss_dns/dns-network.c
@@ -2613,6 +2701,23 @@
  	      res = do_sin (u, y, db, &cor);
  	      cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps;
  	      retval = ((res == res + cor) ? ((m) ? res : -res)
+diff --git a/sysdeps/powerpc/powerpc64/entry.h b/sysdeps/powerpc/powerpc64/entry.h
+index 76ead1d..30553c1 100644
+--- a/sysdeps/powerpc/powerpc64/entry.h
++++ b/sysdeps/powerpc/powerpc64/entry.h
+@@ -23,6 +23,7 @@ extern void _start (void);
+ 
+ #define ENTRY_POINT _start
+ 
++#if _CALL_ELF != 2
+ /* We have to provide a special declaration.  */
+ #define ENTRY_POINT_DECL(class) class void _start (void);
+ 
+@@ -33,3 +34,4 @@ extern void _start (void);
+ #define TEXT_START \
+   ({ extern unsigned long int _start_as_data[] asm ("_start");  \
+      _start_as_data[0]; })
++#endif
 diff --git a/sysdeps/s390/Makefile b/sysdeps/s390/Makefile
 deleted file mode 100644
 index 42978dc..0000000

--- End Message ---
--- Begin Message --- 
Version: 8.2

Hi,

These bugs correspond to updates which were included in the 8.2 point
release.

Regards,

Adam

--- End Message ---
Reply to: