mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2025-01-17 23:34:07 +00:00
97 lines
3.7 KiB
Diff
97 lines
3.7 KiB
Diff
diff --git a/ChangeLog b/ChangeLog
|
||
index dc1ed1b..26feb07 100644
|
||
--- a/ChangeLog
|
||
+++ b/ChangeLog
|
||
@@ -1,3 +1,15 @@
|
||
+2015-04-21 Arjun Shankar <arjun.is@lostca.se>
|
||
+
|
||
+ [BZ #18287]
|
||
+ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
|
||
+ based on padding. (CVE-2015-1781)
|
||
+
|
||
+2015-02-10 Evangelos Foutras <evangelos@foutrelis.com>
|
||
+
|
||
+ [BZ #17949]
|
||
+ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
|
||
+ jump label.
|
||
+
|
||
2015-02-06 Carlos O'Donell <carlos@systemhalted.org>
|
||
|
||
* version.h (RELEASE): Set to "stable".
|
||
@@ -7,6 +19,7 @@
|
||
* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
|
||
|
||
2015-02-05 Paul Pluzhnikov <ppluzhnikov@google.com>
|
||
+ Paul Eggert <eggert@cs.ucla.edu>
|
||
|
||
[BZ #16618]
|
||
* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
|
||
diff --git a/NEWS b/NEWS
|
||
index 617cdbb..c9f6b58 100644
|
||
--- a/NEWS
|
||
+++ b/NEWS
|
||
@@ -5,6 +5,19 @@ See the end for copying conditions.
|
||
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
|
||
using `glibc' in the "product" field.
|
||
|
||
+Version 2.21.1
|
||
+
|
||
+* The following bugs are resolved with this release:
|
||
+
|
||
+ 17949, 18287.
|
||
+
|
||
+* A buffer overflow in gethostbyname_r and related functions performing DNS
|
||
+ requests has been fixed. If the NSS functions were called with a
|
||
+ misaligned buffer, the buffer length change due to pointer alignment was
|
||
+ not taken into account. This could result in application crashes or,
|
||
+ potentially arbitrary code execution, using crafted, but syntactically
|
||
+ valid DNS responses. (CVE-2015-1781)
|
||
+
|
||
Version 2.21
|
||
|
||
* The following bugs are resolved with this release:
|
||
@@ -21,10 +34,11 @@ Version 2.21
|
||
17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
|
||
17892.
|
||
|
||
-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
|
||
- memory for the to-be-scanned arguments and overflow the allocated
|
||
- buffer. The implementation now correctly computes the required buffer
|
||
- size when using malloc.
|
||
+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
|
||
+ too little memory for the to-be-scanned arguments and overflow the
|
||
+ allocated buffer. The implementation now correctly computes the required
|
||
+ buffer size when using malloc, and switches to malloc from alloca as
|
||
+ intended.
|
||
|
||
* A new semaphore algorithm has been implemented in generic C code for all
|
||
machines. Previous custom assembly implementations of semaphore were
|
||
diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
|
||
index f715ab0..40069a7 100644
|
||
--- a/resolv/nss_dns/dns-host.c
|
||
+++ b/resolv/nss_dns/dns-host.c
|
||
@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
|
||
int have_to_map = 0;
|
||
uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
|
||
buffer += pad;
|
||
- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
|
||
+ buflen = buflen > pad ? buflen - pad : 0;
|
||
+ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
|
||
{
|
||
/* The buffer is too small. */
|
||
too_small:
|
||
diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
|
||
index 207b648..b6fa202 100644
|
||
--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
|
||
+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
|
||
@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
|
||
cmpl $0, KIND_OFFSET+__cpu_features@GOTOFF(%ebx)
|
||
jne 1f
|
||
call __init_cpu_features
|
||
- leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax
|
||
-1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx)
|
||
+1: leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax
|
||
+ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx)
|
||
jz 2f
|
||
leal __mempcpy_chk_sse2_unaligned@GOTOFF(%ebx), %eax
|
||
testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features@GOTOFF(%ebx)
|