From b21e067fb2fdfe4e931a3566f08ec62db7e04bb4 Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Mon, 18 Mar 2013 13:26:35 -0400 Subject: [PATCH] 2.16-30.fc18 - Fix ownership of /usr/lib[64]/audit (#894307). - Rename release engineering directory to `releng' (#903754). - Fix multibyte character processing crash in regexp (#905874, #905877, CVE-2013-0242) --- glibc-rh688948.patch | 6 +- glibc-rh770869.patch | 6 +- glibc-rh787201.patch | 6 +- glibc-rh905877.patch | 176 +++++++++++++++++++++++++++++++++++++++++++ glibc.spec | 32 +++++--- 5 files changed, 205 insertions(+), 21 deletions(-) create mode 100644 glibc-rh905877.patch diff --git a/glibc-rh688948.patch b/glibc-rh688948.patch index f067a80..8751e19 100644 --- a/glibc-rh688948.patch +++ b/glibc-rh688948.patch @@ -1,6 +1,6 @@ -diff -rNup a/fedora/glibc_post_upgrade.c b/fedora/glibc_post_upgrade.c ---- a/fedora/glibc_post_upgrade.c 2011-10-19 05:04:41.000000000 -0600 -+++ b/fedora/glibc_post_upgrade.c 2012-02-06 11:02:03.236713830 -0700 +diff -rNup a/releng/glibc_post_upgrade.c b/releng/glibc_post_upgrade.c +--- a/releng/glibc_post_upgrade.c 2011-10-19 05:04:41.000000000 -0600 ++++ b/releng/glibc_post_upgrade.c 2012-02-06 11:02:03.236713830 -0700 @@ -60,6 +60,7 @@ is_ia64 (void) int main (void) diff --git a/glibc-rh770869.patch b/glibc-rh770869.patch index 8757641..391e718 100644 --- a/glibc-rh770869.patch +++ b/glibc-rh770869.patch @@ -1,6 +1,6 @@ -diff -rup a/fedora/nscd.service b/fedora/nscd.service ---- a/fedora/nscd.service 2011-10-19 05:04:41.000000000 -0600 -+++ b/fedora/nscd.service 2012-02-03 13:40:37.070063851 -0700 +diff -rup a/releng/nscd.service b/releng/nscd.service +--- a/releng/nscd.service 2011-10-19 05:04:41.000000000 -0600 ++++ b/releng/nscd.service 2012-02-03 13:40:37.070063851 -0700 @@ -3,16 +3,15 @@ Description=Name Service Cache Daemon After=syslog.target diff --git a/glibc-rh787201.patch b/glibc-rh787201.patch index cd7cfe1..898895d 100644 --- a/glibc-rh787201.patch +++ b/glibc-rh787201.patch @@ -1,6 +1,6 @@ -diff -rup a/fedora/glibc.spec.in b/fedora/glibc.spec.in ---- a/fedora/glibc.spec.in 2011-10-19 05:04:41.000000000 -0600 -+++ b/fedora/glibc.spec.in 2012-02-03 09:26:36.669828253 -0700 +diff -rup a/releng/glibc.spec.in b/releng/glibc.spec.in +--- a/releng/glibc.spec.in 2011-10-19 05:04:41.000000000 -0600 ++++ b/releng/glibc.spec.in 2012-02-03 09:26:36.669828253 -0700 @@ -316,7 +316,7 @@ GCC="gcc -m64" GXX="g++ -m64" %endif diff --git a/glibc-rh905877.patch b/glibc-rh905877.patch new file mode 100644 index 0000000..f3a2440 --- /dev/null +++ b/glibc-rh905877.patch @@ -0,0 +1,176 @@ +# +# Backported from upstream. +# +# - Add en_US.UTF-8 as pre-requisite for regression test: +# +# commit 62c4a69dc2aea24776cbf0e951d41709a7408cc6 +# Author: Joseph Myers +# Date: Thu Nov 1 00:22:04 2012 +0000 +# +# Build en_US.UTF-8 locale for testing. +# +# - Fix buffer overrun: +# +# commit a445af0bc722d620afed7683cd320c0e4c7c6059 +# Author: Andreas Schwab +# Date: Tue Jan 29 14:45:15 2013 +0100 +# +# Fix buffer overrun in regexp matcher +# +# ChangeLog/ +# 2013-02-12 Andreas Schwab +# +# [BZ #15078] +# * posix/regexec.c (extend_buffers): Add parameter min_len. +# (check_matching): Pass minimum needed length. +# (clean_state_log_if_needed): Likewise. +# (get_subexp): Likewise. +# * posix/Makefile (tests): Add bug-regex34. +# (bug-regex34-ENV): Define. +# * posix/bug-regex34.c: New file. +# + +--- glibc-2.17-c758a686/posix/Makefile 2012-12-24 22:02:13.000000000 -0500 ++++ glibc-2.17-c758a686/posix/Makefile 2013-03-17 15:30:13.121068666 -0400 +@@ -86,7 +86,7 @@ + tst-rfc3484-3 \ + tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \ + bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ +- bug-getopt5 tst-getopt_long1 ++ bug-getopt5 tst-getopt_long1 bug-regex34 + xtests := bug-ga2 + ifeq (yes,$(build-shared)) + test-srcs := globtest +@@ -195,6 +195,7 @@ + bug-regex30-ENV = LOCPATH=$(common-objpfx)localedata + bug-regex32-ENV = LOCPATH=$(common-objpfx)localedata + bug-regex33-ENV = LOCPATH=$(common-objpfx)localedata ++bug-regex34-ENV = LOCPATH=$(common-objpfx)localedata + tst-rxspencer-ARGS = --utf8 rxspencer/tests + tst-rxspencer-ENV = LOCPATH=$(common-objpfx)localedata + tst-pcre-ARGS = PCRE.tests +diff --git a/posix/bug-regex34.c b/posix/bug-regex34.c +new file mode 100644 +index 0000000..bb3b613 +--- /dev/null ++++ b/posix/bug-regex34.c +@@ -0,0 +1,46 @@ ++/* Test re_search with multi-byte characters in UTF-8. ++ Copyright (C) 2013 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#define _GNU_SOURCE 1 ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ struct re_pattern_buffer r; ++ /* ကျွန်ုပ်x */ ++ const char *s = "\xe1\x80\x80\xe1\x80\xbb\xe1\x80\xbd\xe1\x80\x94\xe1\x80\xba\xe1\x80\xaf\xe1\x80\x95\xe1\x80\xbax"; ++ ++ if (setlocale (LC_ALL, "en_US.UTF-8") == NULL) ++ { ++ puts ("setlocale failed"); ++ return 1; ++ } ++ memset (&r, 0, sizeof (r)); ++ ++ re_compile_pattern ("[^x]x", 5, &r); ++ /* This was triggering a buffer overflow. */ ++ re_search (&r, s, strlen (s), 0, strlen (s), 0); ++ return 0; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" +diff --git a/posix/regexec.c b/posix/regexec.c +index 7f2de85..5ca2bf6 100644 +--- a/posix/regexec.c ++++ b/posix/regexec.c +@@ -197,7 +197,7 @@ static int group_nodes_into_DFAstates (const re_dfa_t *dfa, + static int check_node_accept (const re_match_context_t *mctx, + const re_token_t *node, int idx) + internal_function; +-static reg_errcode_t extend_buffers (re_match_context_t *mctx) ++static reg_errcode_t extend_buffers (re_match_context_t *mctx, int min_len) + internal_function; + + /* Entry point for POSIX code. */ +@@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match, + || (BE (next_char_idx >= mctx->input.valid_len, 0) + && mctx->input.valid_len < mctx->input.len)) + { +- err = extend_buffers (mctx); ++ err = extend_buffers (mctx, next_char_idx + 1); + if (BE (err != REG_NOERROR, 0)) + { + assert (err == REG_ESPACE); +@@ -1738,7 +1738,7 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx) + && mctx->input.valid_len < mctx->input.len)) + { + reg_errcode_t err; +- err = extend_buffers (mctx); ++ err = extend_buffers (mctx, next_state_log_idx + 1); + if (BE (err != REG_NOERROR, 0)) + return err; + } +@@ -2792,7 +2792,7 @@ get_subexp (re_match_context_t *mctx, int bkref_node, int bkref_str_idx) + if (bkref_str_off >= mctx->input.len) + break; + +- err = extend_buffers (mctx); ++ err = extend_buffers (mctx, bkref_str_off + 1); + if (BE (err != REG_NOERROR, 0)) + return err; + +@@ -4102,7 +4102,7 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node, + + static reg_errcode_t + internal_function __attribute_warn_unused_result__ +-extend_buffers (re_match_context_t *mctx) ++extend_buffers (re_match_context_t *mctx, int min_len) + { + reg_errcode_t ret; + re_string_t *pstr = &mctx->input; +@@ -4111,8 +4111,10 @@ extend_buffers (re_match_context_t *mctx) + if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0)) + return REG_ESPACE; + +- /* Double the lengthes of the buffers. */ +- ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2)); ++ /* Double the lengthes of the buffers, but allocate at least MIN_LEN. */ ++ ret = re_string_realloc_buffers (pstr, ++ MAX (min_len, ++ MIN (pstr->len, pstr->bufs_len * 2))); + if (BE (ret != REG_NOERROR, 0)) + return ret; + +--- glibc-2.16-75f0d304.orig/localedata/Makefile 2012-06-30 15:12:34.000000000 -0400 ++++ glibc-2.16-75f0d304/localedata/Makefile 2013-03-17 23:39:30.230977934 -0400 +@@ -117,7 +117,7 @@ + ifeq (no,$(cross-compiling)) + # We have to generate locales + LOCALES := de_DE.ISO-8859-1 de_DE.UTF-8 en_US.ANSI_X3.4-1968 \ +- en_US.ISO-8859-1 ja_JP.EUC-JP da_DK.ISO-8859-1 \ ++ en_US.ISO-8859-1 en_US.UTF-8 ja_JP.EUC-JP da_DK.ISO-8859-1 \ + hr_HR.ISO-8859-2 sv_SE.ISO-8859-1 ja_JP.SJIS fr_FR.ISO-8859-1 \ + nb_NO.ISO-8859-1 nn_NO.ISO-8859-1 tr_TR.UTF-8 cs_CZ.UTF-8 \ + zh_TW.EUC-TW fa_IR.UTF-8 fr_FR.UTF-8 ja_JP.UTF-8 si_LK.UTF-8 \ diff --git a/glibc.spec b/glibc.spec index 4b5a7ee..fa24a44 100644 --- a/glibc.spec +++ b/glibc.spec @@ -22,13 +22,13 @@ %define debuginfocommonarches %{biarcharches} alpha alphaev6 %define multiarcharches ppc %{power64} %{ix86} x86_64 %{sparc} %define systemtaparches %{ix86} x86_64 -# Remove -s to get verbose output. -%define silentrules PARALLELMFLAGS=-s +# Add -s for a less verbose build output. +%define silentrules PARALLELMFLAGS= Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 29%{?dist} +Release: 30%{?dist} # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # Things that are linked directly into dynamically linked programs # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional @@ -39,7 +39,7 @@ Group: System Environment/Libraries URL: http://www.gnu.org/software/glibc/ Source0: %{?glibc_release_url}%{glibcsrcdir}.tar.gz Source1: %{?glibc_release_url}%{glibcportsdir}.tar.gz -Source2: %{glibcsrcdir}-1-fedora.tar.gz +Source2: %{glibcsrcdir}-1-releng.tar.gz # 0000-0999 for patches which are unlikely to ever go upstream or which # have not been analyzed to see if they ought to go upstream yet. @@ -126,6 +126,7 @@ Patch1049: %{name}-rh859428.patch Patch1050: %{name}-rh811753.patch Patch1051: %{name}-rh811753-2.patch Patch1052: %{name}-rh890035.patch +Patch1053: %{name}-rh905877.patch # # Patches submitted, but not yet approved upstream. @@ -481,6 +482,7 @@ rm -rf %{glibcportsdir} %patch1051 -p1 %patch2043 -p1 %patch1052 -p1 +%patch1053 -p1 # On powerpc32, hp timing is only available in power4/power6 # libs, not in base, so pre-power4 dynamic linker is incompatible @@ -598,7 +600,7 @@ build nosegneg -mno-tls-direct-seg-refs platform=`LD_SHOW_AUXV=1 /bin/true | sed -n 's/^AT_PLATFORM:[[:blank:]]*//p'` if [ "$platform" != power6 ]; then mkdir -p power6emul/{lib,lib64} - $GCC -shared -O2 -fpic -o power6emul/%{_lib}/power6emul.so fedora/power6emul.c -Wl,-z,initfirst + $GCC -shared -O2 -fpic -o power6emul/%{_lib}/power6emul.so releng/power6emul.c -Wl,-z,initfirst %ifarch ppc gcc -shared -nostdlib -O2 -fpic -m64 -o power6emul/lib64/power6emul.so -xc - needs sanitizing as well. -cp -a fedora/libc-lock.h $RPM_BUILD_ROOT%{_prefix}/include/bits/libc-lock.h +cp -a releng/libc-lock.h $RPM_BUILD_ROOT%{_prefix}/include/bits/libc-lock.h if [ -d $RPM_BUILD_ROOT%{_prefix}/info -a "%{_infodir}" != "%{_prefix}/info" ]; then mkdir -p $RPM_BUILD_ROOT%{_infodir} @@ -731,7 +733,7 @@ gzip -9nvf $RPM_BUILD_ROOT%{_infodir}/libc* ln -sf libbsd-compat.a $RPM_BUILD_ROOT%{_prefix}/%{_lib}/libbsd.a -install -p -m 644 fedora/nsswitch.conf $RPM_BUILD_ROOT/etc/nsswitch.conf +install -p -m 644 releng/nsswitch.conf $RPM_BUILD_ROOT/etc/nsswitch.conf %ifnarch %{auxarches} mkdir -p $RPM_BUILD_ROOT/etc/default @@ -740,9 +742,9 @@ install -p -m 644 nis/nss $RPM_BUILD_ROOT/etc/default/nss # This is for ncsd - in glibc 2.2 install -m 644 nscd/nscd.conf $RPM_BUILD_ROOT/etc mkdir -p $RPM_BUILD_ROOT/usr/lib/tmpfiles.d/ -install -m 644 fedora/nscd.conf %{buildroot}/usr/lib/tmpfiles.d/ +install -m 644 releng/nscd.conf %{buildroot}/usr/lib/tmpfiles.d/ mkdir -p $RPM_BUILD_ROOT/lib/systemd/system -install -m 644 fedora/nscd.service fedora/nscd.socket $RPM_BUILD_ROOT/lib/systemd/system +install -m 644 releng/nscd.service releng/nscd.socket $RPM_BUILD_ROOT/lib/systemd/system %endif # Include ld.so.conf @@ -903,14 +905,14 @@ EOF rm -rf $RPM_BUILD_ROOT%{_prefix}/share/zoneinfo # Make sure %config files have the same timestamp -touch -r fedora/glibc.spec.in $RPM_BUILD_ROOT/etc/ld.so.conf +touch -r releng/glibc.spec.in $RPM_BUILD_ROOT/etc/ld.so.conf touch -r sunrpc/etc.rpc $RPM_BUILD_ROOT/etc/rpc # We allow undefined symbols in shared libraries because the libraries # referenced at link time here, particularly ld.so, may be different than # the one used at runtime. This is really only needed during the ARM # transition from ld-linux.so.3 to ld-linux-armhf.so.3. -cd fedora +cd releng $GCC -Os -g -o build-locale-archive build-locale-archive.c \ ../build-%{target}/locale/locarchive.o \ ../build-%{target}/locale/md5.o \ @@ -1181,6 +1183,7 @@ rm -f *.filelist* %files -f rpm.filelist %defattr(-,root,root) +%dir /usr/%{_lib}/audit %ifarch %{rtkaioarches} %dir /%{_lib}/rtkaio %endif @@ -1287,6 +1290,11 @@ rm -f *.filelist* %endif %changelog +* Sun Mar 17 2013 Carlos O'Donell - 2.16-30 + - Fix ownership of /usr/lib[64]/audit (#894307). + - Rename release engineering directory to `releng' (#903754). + - Fix multibyte character processing crash in regexp (#905874, #905877, CVE-2013-0242) + * Wed Dec 26 2012 Siddhesh Poyarekar - 2.16-29 Fix sparc build with older compilers. (#890035)