[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#928143: marked as done (unblock: glibc/2.28-9)

Your message dated Mon, 29 Apr 2019 23:52:56 +0200
with message-id <20190429215256.GA3827@aurel32.net>
and subject line Re: Bug#928143: unblock: glibc/2.28-9
has caused the Debian Bug report #928143,
regarding unblock: glibc/2.28-9
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
928143: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928143
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Dear release team,

The glibc package in version 2.28-9 currently in sid mostly updates the
git-updates.diff patch to the latest upstream stable branch:
- Fix security issue CVE-2019-9169.
- Support for the new Reiwa era to the ja_JP which seems to be something
  quite important for Japanese people. 
- Support for vector instructions related hwcap on s390x to allow one to
  provide shared libraries (not) tuned for the corresponding platforms.
- Fix for a riscv specific issue in a file which is not used on other
  architectures, so with no risk for them.
- Fix for memusagestat's Makefile related code, which has no impact on
  the generated code.

In addition to that it includes a fix for a bug in dlopen introduced by
an arm patch, but affecting all architectures.

I believe that all the above changes are suitable for buster. If you
agree, could you please unblock package glibc:

unblock glibc/2.28-9

Thanks,
Aurelien

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE=fr (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff --git a/debian/changelog b/debian/changelog
index 24a46054..711bb67a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+glibc (2.28-9) unstable; urgency=medium
+
+  [ Aurelien Jarno ]
+  * debian/patches/git-updates.diff: update from upstream stable branch:
+    - Fix heap-based buffer over-read in regular-expression matching
+      (CVE-2019-9169).  Closes: #924612.
+    - Add entry for the new Japanese era to the ja_JP locale.  Closes:
+      #927914.
+
+  [ Adam Conrad ]
+  * debian/patches/arm/unsubmitted-ldso-abi-check.diff: Fix rtld segv in
+    dl_open() introduced via merge with upstream at 2.28 (LP: #1821677)
+
+ -- Aurelien Jarno <aurel32@debian.org>  Thu, 25 Apr 2019 21:12:03 +0200
+
 glibc (2.28-8) unstable; urgency=medium
 
   [ Aurelien Jarno ]
diff --git a/debian/patches/arm/unsubmitted-ldso-abi-check.diff b/debian/patches/arm/unsubmitted-ldso-abi-check.diff
index 6c78c674..8a7cab12 100644
--- a/debian/patches/arm/unsubmitted-ldso-abi-check.diff
+++ b/debian/patches/arm/unsubmitted-ldso-abi-check.diff
@@ -222,10 +222,10 @@
  	if (ph->p_type == PT_NOTE && ph->p_filesz >= 32 && ph->p_align >= 4)
  	  {
  	    ElfW(Addr) size = ph->p_filesz;
-@@ -1751,6 +1955,21 @@
+@@ -1751,6 +1955,20 @@
+ 
+ 	    break;
  	  }
-       free (abi_note_malloced);
-     }
 +      if (-1 != fd)
 +	{
 +	  int error = arch_specific_checks(fd, name, ehdr);
@@ -239,8 +239,7 @@
 +	      goto call_lose;
 +	    }
 +	}
-+
-+    }
++      }
+       free (abi_note_malloced);
+     }
  
-   return fd;
- }
diff --git a/debian/patches/git-updates.diff b/debian/patches/git-updates.diff
index 50d4962c..a6722cc9 100644
--- a/debian/patches/git-updates.diff
+++ b/debian/patches/git-updates.diff
@@ -1,10 +1,44 @@
 GIT update of https://sourceware.org/git/glibc.git/release/2.28/master from glibc-2.28
 
 diff --git a/ChangeLog b/ChangeLog
-index 08b42bd2f5..42fe0aeb1e 100644
+index 08b42bd2f5..609d5c1b19 100644
 --- a/ChangeLog
 +++ b/ChangeLog
-@@ -1,3 +1,784 @@
+@@ -1,3 +1,818 @@
++2019-04-24  Mike Frysinger  <vapier@gentoo.org>
++
++	[BZ #18465]
++	* malloc/Makefile (others): Add memusagestat.
++	($(objpfx)memusagestat): Delete rule.
++	(LDLIBS-memusagestat): New variable.
++
++2019-04-03  TAMUKI Shoichi  <tamuki@linet.gr.jp>
++
++	[BZ #22964]
++	* localedata/locales/ja_JP (LC_TIME): Add entry for the new Japanese
++	era.
++
++2019-03-21  Stefan Liebler  <stli@linux.ibm.com>
++
++	* sysdeps/s390/dl-procinfo.h (HWCAP_IMPORTANT):
++	Add HWCAP_S390_VX and HWCAP_S390_VXE.
++
++2019-01-31  Paul Eggert  <eggert@cs.ucla.edu>
++
++	CVE-2019-9169
++	regex: fix read overrun [BZ #24114]
++	Problem found by AddressSanitizer, reported by Hongxu Chen in:
++	https://debbugs.gnu.org/34140
++	* posix/regexec.c (proceed_next_node):
++	Do not read past end of input buffer.
++
++2018-11-07  Andreas Schwab  <schwab@suse.de>
++
++	[BZ #23864]
++	* sysdeps/unix/sysv/linux/riscv/kernel-features.h
++	(__ASSUME_SET_ROBUST_LIST) [__LINUX_KERNEL_VERSION < 0x041400]:
++	Undef.
++
 +2018-09-21  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 +
 +	* NEWS: Add note about new TLE support on powerpc64le.
@@ -807,15 +841,19 @@ index 608ffe648c..f5e81bdf5d 100644
  # We might want to compile with some stack-protection flag.
  ifneq ($(stack-protector),)
 diff --git a/NEWS b/NEWS
-index 154ab22d7c..60b15116d6 100644
+index 154ab22d7c..e8030d499a 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -5,6 +5,77 @@ See the end for copying conditions.
+@@ -5,6 +5,87 @@ See the end for copying conditions.
  Please send GNU C library bug reports via <https://sourceware.org/bugzilla/>
  using `glibc' in the "product" field.
  
 +Version 2.28.1
 +
++Major new features:
++
++* The entry for the new Japanese era has been added for ja_JP locale.
++
 +Deprecated and removed features, and other changes affecting compatibility:
 +
 +* For powercp64le ABI, Transactional Lock Elision is now enabled iff kernel
@@ -829,6 +867,7 @@ index 154ab22d7c..60b15116d6 100644
 +
 +The following bugs are resolved with this release:
 +
++  [18465] memusagestat: use local glibc when linking
 +  [19444] build failures with -O1 due to -Wmaybe-uninitialized
 +  [20018] getaddrinfo should reject IP addresses with trailing characters
 +  [20209] localedata: Spelling mistake for Sunday in Greenlandic kl_GL
@@ -848,6 +887,7 @@ index 154ab22d7c..60b15116d6 100644
 +  [23717] Fix stack overflow in stdlib/tst-setcontext9
 +  [23821] si_band in siginfo_t has wrong type long int on sparc64
 +  [23822] ia64 static libm.a is missing exp2f, log2f and powf symbols
++  [23864] libc: [riscv] missing kernel-features.h undefines
 +  [23844] pthread_rwlock_trywrlock results in hang
 +  [23927] Linux if_nametoindex() does not close descriptor (CVE-2018-19591)
 +  [23972] __old_getdents64 uses wrong d_off value on overflow
@@ -884,11 +924,15 @@ index 154ab22d7c..60b15116d6 100644
 +  CVE-2016-10739: The getaddrinfo function could successfully parse IPv4
 +  addresses with arbitrary trailing characters, potentially leading to data
 +  or command injection issues in applications.
++
++  CVE-2019-9169: Attempted case-insensitive regular-expression match
++  via proceed_next_node in posix/regexec.c leads to heap-based buffer
++  over-read.  Reported by Hongxu Chen.
 +
  Version 2.28
  
  Major new features:
-@@ -422,6 +493,8 @@ The following bugs are resolved with this release:
+@@ -422,6 +503,8 @@ The following bugs are resolved with this release:
    [23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
      processors
    [23467] dynamic-link: x86/CET: A property note parser bug
@@ -1282,6 +1326,21 @@ index 9322ef68da..63f5227760 100644
 +#define TIMEOUT 100
  #define PREPARE prepare
  #include <support/test-driver.c>
+diff --git a/localedata/locales/ja_JP b/localedata/locales/ja_JP
+index 1fd2fee44b..30190b6248 100644
+--- a/localedata/locales/ja_JP
++++ b/localedata/locales/ja_JP
+@@ -14946,7 +14946,9 @@ am_pm	"<U5348><U524D>";"<U5348><U5F8C>"
+ 
+ t_fmt_ampm "%p%I<U6642>%M<U5206>%S<U79D2>"
+ 
+-era	"+:2:1990//01//01:+*:<U5E73><U6210>:%EC%Ey<U5E74>";/
++era	"+:2:2020//01//01:+*:<U4EE4><U548C>:%EC%Ey<U5E74>";/
++	"+:1:2019//05//01:2019//12//31:<U4EE4><U548C>:%EC<U5143><U5E74>";/
++	"+:2:1990//01//01:2019//04//30:<U5E73><U6210>:%EC%Ey<U5E74>";/
+ 	"+:1:1989//01//08:1989//12//31:<U5E73><U6210>:%EC<U5143><U5E74>";/
+ 	"+:2:1927//01//01:1989//01//07:<U662D><U548C>:%EC%Ey<U5E74>";/
+ 	"+:1:1926//12//25:1926//12//31:<U662D><U548C>:%EC<U5143><U5E74>";/
 diff --git a/localedata/locales/kl_GL b/localedata/locales/kl_GL
 index 5ab14a31aa..5723ce7dcf 100644
 --- a/localedata/locales/kl_GL
@@ -1301,7 +1360,7 @@ index 5ab14a31aa..5723ce7dcf 100644
           "marlunngorneq";/
           "pingasunngorneq";/
 diff --git a/malloc/Makefile b/malloc/Makefile
-index 7d54bad866..388cf7e9ee 100644
+index 7d54bad866..228a1279a5 100644
 --- a/malloc/Makefile
 +++ b/malloc/Makefile
 @@ -38,6 +38,7 @@ tests := mallocbug tst-malloc tst-valloc tst-calloc tst-obstack \
@@ -1312,6 +1371,24 @@ index 7d54bad866..388cf7e9ee 100644
  
  tests-static := \
  	 tst-interpose-static-nothread \
+@@ -130,6 +131,7 @@ ifneq ($(cross-compiling),yes)
+ # If the gd library is available we build the `memusagestat' program.
+ ifneq ($(LIBGD),no)
+ others: $(objpfx)memusage
++others += memusagestat
+ install-bin = memusagestat
+ install-bin-script += memusage
+ generated += memusagestat memusage
+@@ -153,8 +155,7 @@ cpp-srcs-left := $(memusagestat-modules)
+ lib := memusagestat
+ include $(patsubst %,$(..)libof-iterator.mk,$(cpp-srcs-left))
+ 
+-$(objpfx)memusagestat: $(memusagestat-modules:%=$(objpfx)%.o)
+-	$(LINK.o) -o $@ $^ $(libgd-LDFLAGS) -lgd -lpng -lz -lm
++LDLIBS-memusagestat = $(libgd-LDFLAGS) -lgd -lpng -lz -lm
+ 
+ ifeq ($(run-built-tests),yes)
+ ifeq (yes,$(build-shared))
 diff --git a/malloc/malloc.c b/malloc/malloc.c
 index e247c77b7d..27cf6137c2 100644
 --- a/malloc/malloc.c
@@ -4299,6 +4376,23 @@ index 7f0083b918..b10588f1cc 100644
  	  {
  	    wchar_t wcu = __towupper (wc);
  	    if (wcu != wc)
+diff --git a/posix/regexec.c b/posix/regexec.c
+index 73644c2341..06b8487c3e 100644
+--- a/posix/regexec.c
++++ b/posix/regexec.c
+@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
+ 	      else if (naccepted)
+ 		{
+ 		  char *buf = (char *) re_string_get_buffer (&mctx->input);
+-		  if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+-			      naccepted) != 0)
++		  if (mctx->input.valid_len - *pidx < naccepted
++		      || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
++				  naccepted)
++			  != 0))
+ 		    return -1;
+ 		}
+ 	    }
 diff --git a/posix/tst-regcomp-truncated.c b/posix/tst-regcomp-truncated.c
 new file mode 100644
 index 0000000000..a4a1581bbc
@@ -7940,6 +8034,20 @@ index d8ba7ba427..ecb24f0a9b 100644
  }
  
  #endif /* dl-irel.h */
+diff --git a/sysdeps/s390/dl-procinfo.h b/sysdeps/s390/dl-procinfo.h
+index b0383bfb4c..f71d64c3ab 100644
+--- a/sysdeps/s390/dl-procinfo.h
++++ b/sysdeps/s390/dl-procinfo.h
+@@ -57,7 +57,8 @@ enum
+ };
+ 
+ #define HWCAP_IMPORTANT (HWCAP_S390_ZARCH | HWCAP_S390_LDISP \
+-			  | HWCAP_S390_EIMM | HWCAP_S390_DFP)
++			 | HWCAP_S390_EIMM | HWCAP_S390_DFP  \
++			 | HWCAP_S390_VX | HWCAP_S390_VXE)
+ 
+ /* We cannot provide a general printing function.  */
+ #define _dl_procinfo(type, word) -1
 diff --git a/sysdeps/sparc/sparc32/dl-irel.h b/sysdeps/sparc/sparc32/dl-irel.h
 index ffca36864f..cf47cda834 100644
 --- a/sysdeps/sparc/sparc32/dl-irel.h
@@ -8561,6 +8669,19 @@ index d612ef4c6c..0b2042620b 100644
  
  typedef int (*func_type) (void *, void *, unsigned long int);
  
+diff --git a/sysdeps/unix/sysv/linux/riscv/kernel-features.h b/sysdeps/unix/sysv/linux/riscv/kernel-features.h
+index 37f4d99a92..d21c824624 100644
+--- a/sysdeps/unix/sysv/linux/riscv/kernel-features.h
++++ b/sysdeps/unix/sysv/linux/riscv/kernel-features.h
+@@ -21,3 +21,8 @@
+ 
+ #undef __ASSUME_CLONE_DEFAULT
+ #define __ASSUME_CLONE_BACKWARDS 1
++
++/* No support for PI mutexes or robust futexes before 4.20.  */
++#if __LINUX_KERNEL_VERSION < 0x041400
++# undef __ASSUME_SET_ROBUST_LIST
++#endif
 diff --git a/sysdeps/unix/sysv/linux/s390/force-elision.h b/sysdeps/unix/sysv/linux/s390/force-elision.h
 index d8a1b9972f..71f32367dd 100644
 --- a/sysdeps/unix/sysv/linux/s390/force-elision.h

--- End Message ---
--- Begin Message --- 
On 2019-04-29 11:30, Florian Weimer wrote:
> * Aurelien Jarno:
> 
> > - Fix for memusagestat's Makefile related code, which has no impact on
> >   the generated code.
> 
> Sorry, I screwed that one up and had to revert it upstream for the 2.28
> branch.  I don't think the bug introduced by this commit matters for
> Debian at present, but it will cause problems if libpthread ever changes
> internal ABI in buster because with the memusagestat Makefile change,
> the installed libpthread is used instead of the newly built in-tree
> libpthread.  Previously, the wrong headers were used, and while equally
> invalid, this created no practical problems.

Thanks for the notice. I am therefore closing this bug, I'll prepare a
new upload and fill another unblock when it's ready.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

--- End Message ---
Reply to: