From 4376706138b4c1a9f67393ed1feacdb410f1f40c Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Thu, 23 Apr 2015 12:13:34 +0000
Subject: [PATCH] core/glibc to 2.21-3

---
 core/glibc/PKGBUILD                 |  8 +++---
 core/glibc/glibc-2.21-roundup.patch | 41 ++++++++++++++++++++++++-----
 2 files changed, 38 insertions(+), 11 deletions(-)

diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD
index 1da12249d..d68042c6b 100644
--- a/core/glibc/PKGBUILD
+++ b/core/glibc/PKGBUILD
@@ -16,13 +16,13 @@ noautobuild=1
 
 pkgname=glibc
 pkgver=2.21
-pkgrel=2
+pkgrel=3
 pkgdesc="GNU C Library"
 arch=('i686' 'x86_64')
 url="http://www.gnu.org/software/libc"
 license=('GPL' 'LGPL')
 groups=('base')
-depends=('linux-api-headers>=3.16' 'tzdata' 'filesystem>=2013.01')
+depends=('linux-api-headers>=3.18' 'tzdata' 'filesystem')
 makedepends=('gcc>=4.9')
 backup=(etc/gai.conf
         etc/locale.gen
@@ -36,7 +36,7 @@ source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
         locale-gen)
 md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
          'SKIP'
-         'bf9d96b11c76b113606aae102da63d9d'
+         'feb826d5f4965e9892ee6e851fec43a9'
          '905370139382428ef2b97b247c0970bf'
          '07ac979b6ab5eeb778d55f041529d623'
          '476e9113489f93b348b21e144b6a8fcf')
@@ -45,7 +45,7 @@ validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF')  # Carlos O'Donell
 prepare() {
   cd ${srcdir}/${pkgname}-${pkgver}
 
-  # glibc-2.21..75adf430
+  # glibc-2.21..01b07c70
   patch -p1 -i $srcdir/glibc-2.21-roundup.patch
 
   # ALARM: patch for hard-float ld-linux soname
diff --git a/core/glibc/glibc-2.21-roundup.patch b/core/glibc/glibc-2.21-roundup.patch
index 66d3454ee..4b1531a6a 100644
--- a/core/glibc/glibc-2.21-roundup.patch
+++ b/core/glibc/glibc-2.21-roundup.patch
@@ -1,8 +1,14 @@
 diff --git a/ChangeLog b/ChangeLog
-index dc1ed1b..45579de 100644
+index dc1ed1b..26feb07 100644
 --- a/ChangeLog
 +++ b/ChangeLog
-@@ -1,3 +1,9 @@
+@@ -1,3 +1,15 @@
++2015-04-21  Arjun Shankar  <arjun.is@lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
 +2015-02-10  Evangelos Foutras  <evangelos@foutrelis.com>
 +
 +	[BZ #17949]
@@ -12,7 +18,7 @@ index dc1ed1b..45579de 100644
  2015-02-06  Carlos O'Donell  <carlos@systemhalted.org>
  
  	* version.h (RELEASE): Set to "stable".
-@@ -7,6 +13,7 @@
+@@ -7,6 +19,7 @@
  	* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
  
  2015-02-05  Paul Pluzhnikov  <ppluzhnikov@google.com>
@@ -21,10 +27,10 @@ index dc1ed1b..45579de 100644
  	[BZ #16618]
  	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
 diff --git a/NEWS b/NEWS
-index 617cdbb..ff79f0d 100644
+index 617cdbb..c9f6b58 100644
 --- a/NEWS
 +++ b/NEWS
-@@ -5,6 +5,12 @@ See the end for copying conditions.
+@@ -5,6 +5,19 @@ See the end for copying conditions.
  Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
  using `glibc' in the "product" field.
  
@@ -32,12 +38,19 @@ index 617cdbb..ff79f0d 100644
 +
 +* The following bugs are resolved with this release:
 +
-+  17949.
++  17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
 +
  Version 2.21
  
  * The following bugs are resolved with this release:
-@@ -21,10 +27,11 @@ Version 2.21
+@@ -21,10 +34,11 @@ Version 2.21
    17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
    17892.
  
@@ -53,6 +66,20 @@ index 617cdbb..ff79f0d 100644
  
  * A new semaphore algorithm has been implemented in generic C code for all
    machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+     {
+       /* The buffer is too small.  */
+     too_small:
 diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
 index 207b648..b6fa202 100644
 --- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S