A security flaw was found in the way pt_chown, a helper function for grantpt(3) to change ownership and permissions of pseudoterminal, of glibc, the collection of GNU libc libraries, performed pseudotty ownership and permission changes when granting access to the slave pseudoterminal. A local attacker could use this flaw to obtain unauthorized read / write access at the pseudoterminal of their choose by using a specially-crafted (by attacker supplied) file system. Acknowledgements: Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
The fix is to disable building and installing pt_chown by default. http://sourceware.org/ml/libc-alpha/2013-07/msg00359.html
commit e4608715e6e1dd2adc91982fd151d5ba4f761d69 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk.
*** Bug 260998 has been marked as a duplicate of this bug. *** Seen from the domain http://volichat.com Page where seen: http://volichat.com/adult-chat-rooms Marked for reference. Resolved as fixed @bugzilla.
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at dfc25d72984eb5a3354e104612d0ca0129af3f98 (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at ec36394743c15fedca294219f2254b180c4e327c (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c commit ec36394743c15fedca294219f2254b180c4e327c Author: Andreas Schwab <schwab@suse.de> Date: Mon Jan 21 17:41:28 2013 +0100 Fix parsing of numeric hosts in gethostbyname_r Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263 commit 20ac5d44837b82c064dfabd3646ec1f4f6826263 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Nov 19 13:01:43 2012 +0530 Return EAI_SYSTEM if we're out of file descriptors Resolves BZ #14719. Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.16/master has been created at 627eabb20f2b70faa3698e2c0124094c6d51af8e (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=627eabb20f2b70faa3698e2c0124094c6d51af8e commit 627eabb20f2b70faa3698e2c0124094c6d51af8e Author: Paul Pluzhnikov <ppluzhnikov@google.com> Date: Fri Feb 6 00:30:42 2015 -0500 CVE-2015-1472: wscanf allocates too little memory BZ #16618 Under certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The implementation now correctly computes the required buffer size when using malloc. A regression test was added to tst-sscanf. Conflicts: ChangeLog NEWS stdio-common/tst-sscanf.c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ec36394743c15fedca294219f2254b180c4e327c commit ec36394743c15fedca294219f2254b180c4e327c Author: Andreas Schwab <schwab@suse.de> Date: Mon Jan 21 17:41:28 2013 +0100 Fix parsing of numeric hosts in gethostbyname_r Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=20ac5d44837b82c064dfabd3646ec1f4f6826263 commit 20ac5d44837b82c064dfabd3646ec1f4f6826263 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Nov 19 13:01:43 2012 +0530 Return EAI_SYSTEM if we're out of file descriptors Resolves BZ #14719. Conflicts: ChangeLog NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dfc25d72984eb5a3354e104612d0ca0129af3f98 commit dfc25d72984eb5a3354e104612d0ca0129af3f98 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1442655ba419867ce1a045a97cdd7904ac1ad516 commit 1442655ba419867ce1a045a97cdd7904ac1ad516 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Jan 20 12:29:51 2014 -0600 PowerPC: Fix gettimeofday ifunc selection The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where __vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal version used within GLIBC) to use the system call version instead of the vDSO one. This patch changes the check if vDSO is available to get its value directly instead of rely on __vdso_gettimeofday. This patch changes it by getting the vDSO value directly. It fixes BZ#16431. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1bdb6daceb10307543599df3b118afd2109d2ec8 commit 1bdb6daceb10307543599df3b118afd2109d2ec8 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Jan 16 06:53:18 2014 -0600 PowerPC: Fix ftime gettimeofday internal call returning bogus data This patches fixes BZ#16430 by setting a different symbol for internal GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol is defined as hidden (which is the case for gettimeofday and time) the compiler will create local branches (symbol@local) and linker will not create PLT calls (required for IFUNC). This will leads to internal symbol calling the IFUNC resolver instead of the resolved symbol. For PPC64 this behavior does not occur because a call to a function in another translation unit might use a different toc pointer thus requiring a PLT call. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e3008132765936162552b15a77fe348c01074310 commit e3008132765936162552b15a77fe348c01074310 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6ff69e1eb81719ee907642f615cef889d5bf8b2c commit 6ff69e1eb81719ee907642f615cef889d5bf8b2c Author: Carlos O'Donell <carlos@redhat.com> Date: Wed Nov 19 11:44:12 2014 -0500 CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. The function wordexp() fails to properly handle the WRDE_NOCMD flag when processing arithmetic inputs in the form of "$((... ``))" where "..." can be anything valid. The backticks in the arithmetic epxression are evaluated by in a shell even if WRDE_NOCMD forbade command substitution. This allows an attacker to attempt to pass dangerous commands via constructs of the above form, and bypass the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD in exec_comm(), the only place that can execute a shell. All other checks for WRDE_NOCMD are superfluous and removed. We expand the testsuite and add 3 new regression tests of roughly the same form but with a couple of nested levels. On top of the 3 new tests we add fork validation to the WRDE_NOCMD testing. If any forks are detected during the execution of a wordexp() call with WRDE_NOCMD, the test is marked as failed. This is slightly heuristic since vfork might be used in the future, but it provides a higher level of assurance that no shells were executed as part of command substitution with WRDE_NOCMD in effect. In addition it doesn't require libpthread or libdl, instead we use the public implementation namespace function __register_atfork (already part of the public ABI for libpthread). Tested on x86_64 with no regressions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3ded3d365f0237e92e8af90c878b233f265d7b4a commit 3ded3d365f0237e92e8af90c878b233f265d7b4a Author: Allan McRae <allan@archlinux.org> Date: Thu Dec 18 11:01:43 2014 +1000 Label CVE-2014-9402 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7093fd0fedd8a0b4ed5b01347e3798219ba22ec commit c7093fd0fedd8a0b4ed5b01347e3798219ba22ec Author: Florian Weimer <fweimer@redhat.com> Date: Mon Dec 15 17:41:13 2014 +0100 Avoid infinite loop in nss_dns getnetbyname [BZ #17630] https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c9b43ec3890d5c750a5127a543a55cd94aa73c94 commit c9b43ec3890d5c750a5127a543a55cd94aa73c94 Author: Jeff Law <law@redhat.com> Date: Mon Dec 15 10:09:32 2014 +0100 CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] A larger number of format specifiers coudld cause a stack overflow, potentially allowing to bypass _FORTIFY_SOURCE format string protection. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b6ac4b1093333f364698ca3bb812c80b11c2f77 commit 3b6ac4b1093333f364698ca3bb812c80b11c2f77 Author: Allan McRae <allan@archlinux.org> Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f7865ec21e8ad32929509796497fa3b44c3ef826 commit f7865ec21e8ad32929509796497fa3b44c3ef826 Author: Florian Weimer <fweimer@redhat.com> Date: Thu Jan 15 15:16:54 2015 -0500 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c7a91d241b095855e06e0bd00287968df2f6d87e commit c7a91d241b095855e06e0bd00287968df2f6d87e Author: Florian Weimer <fweimer@redhat.com> Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=588b214bc7fa3e54d6b679ed4b755e6d1310e61d commit 588b214bc7fa3e54d6b679ed4b755e6d1310e61d Author: Florian Weimer <fweimer@redhat.com> Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bd51e93f9305e37aa17e08dbdb86a2e146c09eff commit bd51e93f9305e37aa17e08dbdb86a2e146c09eff Author: Florian Weimer <fweimer@redhat.com> Date: Wed Sep 3 19:45:43 2014 +0200 CVE-2014-6040: Crashes on invalid input in IBM gconv modules [BZ #17325] These changes are based on the fix for BZ #14134 in commit 6e230d11837f3ae7b375ea69d7905f0d18eb79e5. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=97ef0b2223e10fe3053494defd8a008d7dd9d6d8 commit 97ef0b2223e10fe3053494defd8a008d7dd9d6d8 Author: Will Newton <will.newton@linaro.org> Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 commit ccb8f6bab96cfcc7aedf5cd0d1946f26b028d733 Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f1292792799a507711ce24b497e40f8fea8f9c9c commit f1292792799a507711ce24b497e40f8fea8f9c9c Author: Will Newton <will.newton@linaro.org> Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b1e934aed5170eb8948e0f3c6618c9431d6810ad commit b1e934aed5170eb8948e0f3c6618c9431d6810ad Author: Will Newton <will.newton@linaro.org> Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bcd619797e785f90cc9fd67208267c26c8e4b40d commit bcd619797e785f90cc9fd67208267c26c8e4b40d Author: Florian Weimer <fweimer@redhat.com> Date: Fri Aug 16 09:38:52 2013 +0200 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6fd8e941423354e6c7a951d37a60d2f1424d568e commit 6fd8e941423354e6c7a951d37a60d2f1424d568e Author: Carlos O'Donell <carlos@redhat.com> Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a243b1a0797180e142d525d1325a173c758c3714 commit a243b1a0797180e142d525d1325a173c758c3714 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c1132021659d22753104762a074d6339ae6cbd01 commit c1132021659d22753104762a074d6339ae6cbd01 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2dc811b78adc97b5f5d951716df30053a24da1a1 commit 2dc811b78adc97b5f5d951716df30053a24da1a1 Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9b951f59aa3c2f2d58d398aab146951216f9ff8d commit 9b951f59aa3c2f2d58d398aab146951216f9ff8d Author: Siddhesh Poyarekar <siddhesh@redhat.com> Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=302c61e2d3536a6ff99d518499771afd6a951b0c commit 302c61e2d3536a6ff99d518499771afd6a951b0c Author: Andreas Schwab <schwab@suse.de> Date: Tue Jan 29 14:45:15 2013 +0100 Fix buffer overrun in regexp matcher https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b7e0492e183efc24e5658c860ca5711e00524dd7 commit b7e0492e183efc24e5658c860ca5711e00524dd7 Author: Carlos O'Donell <carlos@redhat.com> Date: Fri Jul 19 02:42:03 2013 -0400 CVE-2013-2207, BZ #15755: Disable pt_chown. The helper binary pt_chown tricked into granting access to another user's pseudo-terminal. Pre-conditions for the attack: * Attacker with local user account * Kernel with FUSE support * "user_allow_other" in /etc/fuse.conf * Victim with allocated slave in /dev/pts Using the setuid installed pt_chown and a weak check on whether a file descriptor is a tty, an attacker could fake a pty check using FUSE and trick pt_chown to grant ownership of a pty descriptor that the current user does not own. It cannot access /dev/pts/ptmx however. In most modern distributions pt_chown is not needed because devpts is enabled by default. The fix for this CVE is to disable building and using pt_chown by default. We still provide a configure option to enable hte use of pt_chown but distributions do so at their own risk. Cherry-pick of e4608715e6e1dd2adc91982fd151d5ba4f761d69. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=02a002fe9c0b65532643a88b01253e95ba8ba8c6 commit 02a002fe9c0b65532643a88b01253e95ba8ba8c6 Author: Jeff Law <law@redhat.com> Date: Wed Nov 28 14:12:28 2012 -0700 [BZ #14889] * sunrpc/rpc/svc.h (__svc_accept_failed): New prototype. * sunrpc/svc.c: Include time.h. (__svc_accept_failed): New function. * sunrpc/svc_tcp.c (rendezvous_request): If the accept fails for any reason other than EINTR, call __svc_accept_failed. * sunrpc/svc_udp.c (svcudp_recv): Similarly. * sunrpc/svc_unix.c (rendezvous_request): Similarly. Cherry-pick of 14bc93a967e62abf8cf2704725b6f76619399f83 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3b498440aac70e994f32f45a31102964313af690 commit 3b498440aac70e994f32f45a31102964313af690 Author: Andreas Schwab <schwab@suse.de> Date: Wed Nov 28 10:24:06 2012 +0100 Properly handle indirect functions in ABI check on powerpc64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8282b7f2aa6380e8a91515f748d4693d8151fc4f commit 8282b7f2aa6380e8a91515f748d4693d8151fc4f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Fri Apr 26 13:00:56 2013 -0500 PowerPC: modf optimization fix This patch fix the 3c0265394d9ffedff2b0de508602dc52e077ce5c commits by correctly setting minimum architecture for modf PPC optimization to power5+ instead of power5 (since only on power5+ round/ceil will be inline to inline assembly). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f commit 17e599d2613c2a2e4cb6d5c3f9d5f626879aa63f Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 25 16:10:06 2013 -0500 PowerPC: modf optimization This patch implements modf/modff optimization for POWER by focus on FP operations instead of relying in integer ones. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=60dc6d12c5c61b05013cb15f63349dd3d343f26d commit 60dc6d12c5c61b05013cb15f63349dd3d343f26d Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Wed Mar 13 10:46:08 2013 -0300 PowerPC: Change sched_getcpu to use vDSO getcpu instead of syscall. Backport of d5e0b9bd6e296f3ec5263fa296d39f3fed9b8fa2. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cc328ae264f5b97d2811a95d84112bb1c6c7cae3 commit cc328ae264f5b97d2811a95d84112bb1c6c7cae3 Author: Adhemerval Zanella <azanella@linux.vnet.ibm.com> Date: Mon Mar 4 22:02:41 2013 -0300 PowerPC: gettimeofday optimization by using IFUNC https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=36016f626e72f5d1cb6107deeab29768d82ff7e3 commit 36016f626e72f5d1cb6107deeab29768d82ff7e3 Merge: 4e1f97c 043c748 Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Mar 1 16:20:18 2013 -0600 Merge remote branch 'remotes/origin/release/2.16/master' into local_ibm_2.16 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4e1f97ccdcc257eba262667f7a3179a7d530330d commit 4e1f97ccdcc257eba262667f7a3179a7d530330d Author: Mike Frysinger <vapier@gentoo.org> Date: Wed Nov 28 23:04:32 2012 -0500 byteswap.h: fix gcc ver test for __builtin_bswap{32,64} The __builtin_bswap* functions were introduced in gcc-4.3, not gcc-4.2. Fix the __GNUC_PREREQ tests to reflect this. Otherwise trying to compile code with gcc-4.2 falls down: In file included from /usr/include/endian.h:60, from /usr/include/ctype.h:40, /usr/include/bits/byteswap.h: In function 'unsigned int __bswap_32(unsigned int)': /usr/include/bits/byteswap.h:46: error: '__builtin_bswap32' was not declared in this scope /usr/include/bits/byteswap.h: In function 'long long unsigned int __bswap_64(long long unsigned int)': /usr/include/bits/byteswap.h:110: error: '__builtin_bswap64' was not declared in this scope Signed-off-by: Mike Frysinger <vapier@gentoo.org> (cherry picked from commit c9d6789ebe028a260d3e5be0c26b7d02fdfe99fe) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=025b233a88a30f5f0474ff2c6051313eb33e5689 commit 025b233a88a30f5f0474ff2c6051313eb33e5689 Author: Joseph Myers <joseph@codesourcery.com> Date: Tue Nov 20 00:04:45 2012 +0000 Fix __bswap_64 return type in generic bits/byteswap.h. (cherry picked from commit ecd4caf9783c99fb068a100c35899a0c3a3c6d98) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2c739e2cffb65d80787cfa861f9f6c62de327ad6 commit 2c739e2cffb65d80787cfa861f9f6c62de327ad6 Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Oct 12 09:21:47 2012 -0700 Use __uint64_t in x86 __bswap_64 (cherry picked from commit d394eb742a3565d7fe7a4b02710a60b5f219ee64) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a24f8ac8e65b451efc81839dd653d0a0e95a23ab commit a24f8ac8e65b451efc81839dd653d0a0e95a23ab Author: Andreas Schwab <schwab@linux-m68k.org> Date: Tue May 1 17:10:10 2012 +0200 Fix missing _mcount@GLIBC_2.0 on powerpc32 (cherry picked from commit 261f485936b283f4327fc1f2fc8fd1705d805c12) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=94464655b576985fdd5f66f7f6126ee1f92a41cc commit 94464655b576985fdd5f66f7f6126ee1f92a41cc Author: Peter Bergner <bergner@vnet.ibm.com> Date: Fri Jul 6 13:24:49 2012 -0500 Add AT_PLATFORM env variable to ld.so to override auxv AT_PLATFORM. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d846920271a0f4dc54c0dbbd56998228e75e776c commit d846920271a0f4dc54c0dbbd56998228e75e776c Author: Ryan S. Arnold <rsa@linux.vnet.ibm.com> Date: Fri Jul 6 13:03:09 2012 -0500 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. -----------------------------------------------------------------------