From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 19793 invoked by alias); 21 Nov 2013 17:14:18 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 19191 invoked by uid 55); 21 Nov 2013 17:14:08 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug libc/15754] CVE-2013-4788: PTR_MANGLE does not initialize to a random value for the pointer guard when compiling static executables Date: Thu, 21 Nov 2013 17:14:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: carlos at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-11/txt/msg00222.txt.bz2 http://sourceware.org/bugzilla/show_bug.cgi?id=15754 --- Comment #6 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, ibm/2.18/master has been updated via 8209beac4644af4c2875f52f82c53c0d4be589ca (commit) via 38bf8b39f1b9dc7acf3af57b9545ed425e9d5417 (commit) via dc3a1f98dc4c86cb454474f4912ae325573655cb (commit) via e20644b3a6f96eb053ab4c2c900f7bef7f472916 (commit) via c51d675c459aefef8d84d5a0b114010f916ea278 (commit) via 6a6a386a3040726053a5fb8582ff26dc85d84741 (commit) via 7e0e64ead52591b968df582b0ddc247ba5c4eab4 (commit) via c779e9df75256f19c7be8d12b2d163e2016a63f4 (commit) via c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24 (commit) via b8053c6138c8835fb27d30c7e034e240e92bce0f (commit) via 37d4728976aea69db23a061830828787a2fd05ed (commit) via 1034d41c8fe7b31ba8ba304d1fff93cecb183520 (commit) via 3874aa022b6f0f9aca9ad1ef703a77be1bc97b36 (commit) via 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3 (commit) via 4a3abd22ecbda2d7b718b133fae2d2abfdfab614 (commit) via d1aac9a6ff01c226c42bb934c170dd1c00ba8071 (commit) via 860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b (commit) via 3f71830d35d7bf4ac11664f0c48c3c68d250618b (commit) via 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0 (commit) via b51679672648410c6627a4bd169e076c5b36f47b (commit) via a4faadaff25e19abf295556a23b7b889b4bf6df4 (commit) via b502a3756d6979439130f1e46c2c27b62f493acd (commit) via b3c7503940022f70ec8272c2c0d0a0e4489ae992 (commit) via e53103749c19199b0ec23e8a5b330dd2e288f5ac (commit) via 85ce5db8d835281c8beff6e750c02c799dee3f6f (commit) via c3a4bddd656561cfffba2605e148e65d4ff07e21 (commit) via 1778fd0a17a74422a58d8eada3fa08b80f0a0c27 (commit) via 8df86a8394d0ea121f2066efe618f2b1cc799be3 (commit) via f8a004f1fa412e3aae77faa30b4dfb654d721510 (commit) via f166b9c6e90d631115c59b4357357bc168d8e51a (commit) via 760b348db29b446efc760b4bc3627379cc61b0d8 (commit) via 84dd3946e0e0aee66635ba4373943d113fd25ca1 (commit) via 733a36d81544dad38726489b43523cc0ac95095d (commit) via 2d16bebbeabd3ab312998c969e21d092ff348485 (commit) via 975208ca8a02f332572edde22d3e4da6c100bdbc (commit) from 40e9bbdd3d2ea22c2455949959ced90e054f6023 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8209beac4644af4c2875f52f82c53c0d4be589ca commit 8209beac4644af4c2875f52f82c53c0d4be589ca Merge: 40e9bbd 38bf8b3 Author: Tulio Magno Quites Machado Filho Date: Thu Nov 21 15:02:35 2013 -0200 Merge the changes to add little endian support on PowerPC Discard all the previous changes from ibm/2.18/master in order to keep a clean branch. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=38bf8b39f1b9dc7acf3af57b9545ed425e9d5417 commit 38bf8b39f1b9dc7acf3af57b9545ed425e9d5417 Author: Adhemerval Zanella Date: Thu Nov 7 05:34:22 2013 -0600 PowerPC: Fix vDSO missing ODP entries This patch fixes the vDSO symbol used directed in IFUNC resolver where they do not have an associated ODP entry leading to undefined behavior in some cases. It adds an artificial OPD static entry to such cases and set its TOC to non 0 to avoid triggering lazy resolutions. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dc3a1f98dc4c86cb454474f4912ae325573655cb commit dc3a1f98dc4c86cb454474f4912ae325573655cb Author: Adhemerval Zanella Date: Wed Sep 25 13:43:04 2013 -0500 PowerPC: Fix POINTER_CHK_GUARD thread register for PPC64 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e20644b3a6f96eb053ab4c2c900f7bef7f472916 commit e20644b3a6f96eb053ab4c2c900f7bef7f472916 Author: Will Newton Date: Fri Sep 13 09:26:02 2013 +0100 Add CVE-2013-4332 to NEWS. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c51d675c459aefef8d84d5a0b114010f916ea278 commit c51d675c459aefef8d84d5a0b114010f916ea278 Author: Will Newton Date: Fri Aug 16 12:54:29 2013 +0100 malloc: Check for integer overflow in memalign. A large bytes parameter to memalign could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6a6a386a3040726053a5fb8582ff26dc85d84741 commit 6a6a386a3040726053a5fb8582ff26dc85d84741 Author: Will Newton Date: Fri Aug 16 11:59:37 2013 +0100 malloc: Check for integer overflow in valloc. A large bytes parameter to valloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7e0e64ead52591b968df582b0ddc247ba5c4eab4 commit 7e0e64ead52591b968df582b0ddc247ba5c4eab4 Author: Will Newton Date: Mon Aug 12 15:08:02 2013 +0100 malloc: Check for integer overflow in pvalloc. A large bytes parameter to pvalloc could cause an integer overflow and corrupt allocator internals. Check the overflow does not occur before continuing with the allocation. ChangeLog: 2013-09-11 Will Newton [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c779e9df75256f19c7be8d12b2d163e2016a63f4 commit c779e9df75256f19c7be8d12b2d163e2016a63f4 Author: Carlos O'Donell Date: Mon Sep 23 00:52:09 2013 -0400 BZ #15754: CVE-2013-4788 The pointer guard used for pointer mangling was not initialized for static applications resulting in the security feature being disabled. The pointer guard is now correctly initialized to a random value for static applications. Existing static applications need to be recompiled to take advantage of the fix. The test tst-ptrguard1-static and tst-ptrguard1 add regression coverage to ensure the pointer guards are sufficiently random and initialized to a default value. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24 commit c4733da3f8e4c54e30f048c9e8d2b2fe2f53fd24 Author: Siddhesh Poyarekar Date: Mon Sep 23 11:24:30 2013 +0530 Check for integer overflow in cache size computation in strcoll strcoll is implemented using a cache for indices and weights of collation sequences in the strings so that subsequent passes do not have to search through collation data again. For very large string inputs, the cache size computation could overflow. In such a case, use the fallback function that does not cache indices and weights of collation sequences. Fixes CVE-2012-4412. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b8053c6138c8835fb27d30c7e034e240e92bce0f commit b8053c6138c8835fb27d30c7e034e240e92bce0f Author: Siddhesh Poyarekar Date: Mon Sep 23 11:20:02 2013 +0530 Fall back to non-cached sequence traversal and comparison on malloc fail strcoll currently falls back to alloca if malloc fails, resulting in a possible stack overflow. This patch implements sequence traversal and comparison without caching indices and rules. Fixes CVE-2012-4424. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=37d4728976aea69db23a061830828787a2fd05ed commit 37d4728976aea69db23a061830828787a2fd05ed Author: Siddhesh Poyarekar Date: Tue Aug 20 08:40:05 2013 +0530 Simplify strcoll implementation Break up strcoll into simpler functions so that the logic is easier to follow and maintain. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1034d41c8fe7b31ba8ba304d1fff93cecb183520 commit 1034d41c8fe7b31ba8ba304d1fff93cecb183520 Author: Andreas Schwab Date: Thu Oct 31 12:51:03 2013 +0100 Fix parsing of 0e+0 as float https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3874aa022b6f0f9aca9ad1ef703a77be1bc97b36 commit 3874aa022b6f0f9aca9ad1ef703a77be1bc97b36 Author: Adhemerval Zanella Date: Thu Sep 26 09:29:19 2013 -0500 PowerPC: strcpy/stpcpy optimization for PPC64/POWER7 This patch intends to unify both strcpy and stpcpy implementationsi for PPC64 and PPC64/POWER7. The idead default powerpc64 implementation is to provide both doubleword and word aligned memory access. For PPC64/POWER7 is also provide doubleword and word memory access, remove the branch hints, use the cmpb instruction for compare doubleword/words, and add an optimization for inputs of same alignment. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=6f95434fd488e9b72117f9b93ec2e2dbf397a4d3 commit 6f95434fd488e9b72117f9b93ec2e2dbf397a4d3 Author: Siddhesh Poyarekar Date: Fri Oct 25 10:22:12 2013 +0530 Fix stack overflow due to large AF_INET6 requests Resolves #16072 (CVE-2013-4458). This patch fixes another stack overflow in getaddrinfo when it is called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, but the AF_INET6 case went undetected back then. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a3abd22ecbda2d7b718b133fae2d2abfdfab614 commit 4a3abd22ecbda2d7b718b133fae2d2abfdfab614 Author: Joseph Myers Date: Thu Oct 10 19:11:30 2013 +0000 Avoid ordered comparisons of NaNs in ldbl-128ibm acosl and asinl. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d1aac9a6ff01c226c42bb934c170dd1c00ba8071 commit d1aac9a6ff01c226c42bb934c170dd1c00ba8071 Author: Anton Blanchard Date: Sat Aug 17 18:34:40 2013 +0930 PowerPC LE setjmp/longjmp http://sourceware.org/ml/libc-alpha/2013-08/msg00089.html Little-endian fixes for setjmp/longjmp. When writing these I noticed the setjmp code corrupts the non volatile VMX registers when using an unaligned buffer. Anton fixed this, and also simplified it quite a bit. The current code uses boilerplate for the case where we want to store 16 bytes to an unaligned address. For that we have to do a read/modify/write of two aligned 16 byte quantities. In our case we are storing a bunch of back to back data (consective VMX registers), and only the start and end of the region need the read/modify/write. [BZ #15723] * sysdeps/powerpc/jmpbuf-offsets.h: Comment fix. * sysdeps/powerpc/powerpc32/fpu/__longjmp-common.S: Correct _dl_hwcap access for little-endian. * sysdeps/powerpc/powerpc32/fpu/setjmp-common.S: Likewise. Don't destroy vmx regs when saving unaligned. * sysdeps/powerpc/powerpc64/__longjmp-common.S: Correct CR load. * sysdeps/powerpc/powerpc64/setjmp-common.S: Likewise CR save. Don't destroy vmx regs when saving unaligned. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b commit 860ec8e62a01a9c9e5087aa4cfd3b5e03fc7649b Author: Siddhesh Poyarekar Date: Tue Oct 1 20:35:28 2013 +0530 Fix PI mutex check in pthread_cond_broadcast and pthread_cond_signal Fixes BZ #15988. The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead of PTHREAD_MUTEX_ROBUST_NORMAL_NP. It has now been replaced by the already existing convenience macro USE_REQUEUE_PI. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3f71830d35d7bf4ac11664f0c48c3c68d250618b commit 3f71830d35d7bf4ac11664f0c48c3c68d250618b Author: Allan McRae Date: Mon Sep 9 22:52:58 2013 +1000 Fix memory leak in stdlib/isomac.c https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e395175c4786ad9679851e3ed3c0c54a6f4e1f0 commit 8e395175c4786ad9679851e3ed3c0c54a6f4e1f0 Author: Allan McRae Date: Mon Sep 9 22:50:41 2013 +1000 Fix memory leaks in libio on allocation failure https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b51679672648410c6627a4bd169e076c5b36f47b commit b51679672648410c6627a4bd169e076c5b36f47b Author: Adhemerval Zanella Date: Thu Sep 5 09:32:56 2013 -0500 PowerPC: fix POWER7 memrchr for some large inputs https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a4faadaff25e19abf295556a23b7b889b4bf6df4 commit a4faadaff25e19abf295556a23b7b889b4bf6df4 Author: Adhemerval Zanella Date: Thu Aug 29 15:28:00 2013 -0300 Add memrchr testcase https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b502a3756d6979439130f1e46c2c27b62f493acd commit b502a3756d6979439130f1e46c2c27b62f493acd Author: Joseph Myers Date: Tue Sep 3 15:32:54 2013 +0000 Fix lgammaf spurious underflow (bug 15427). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=b3c7503940022f70ec8272c2c0d0a0e4489ae992 commit b3c7503940022f70ec8272c2c0d0a0e4489ae992 Author: Joseph Myers Date: Mon Sep 2 14:51:24 2013 +0000 Fix spurious jnf underflows (bug 14155). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e53103749c19199b0ec23e8a5b330dd2e288f5ac commit e53103749c19199b0ec23e8a5b330dd2e288f5ac Author: Thomas Schwinge Date: Thu May 23 18:00:10 2013 +0200 [BZ #15522] strtod ("nan(N)") returning a sNaN in some cases https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=85ce5db8d835281c8beff6e750c02c799dee3f6f commit 85ce5db8d835281c8beff6e750c02c799dee3f6f Author: Joseph Myers Date: Fri Aug 23 19:45:38 2013 +0000 Fix cexp (NaN + i0) (bug 15532). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c3a4bddd656561cfffba2605e148e65d4ff07e21 commit c3a4bddd656561cfffba2605e148e65d4ff07e21 Author: Joseph Myers Date: Wed Aug 21 19:56:48 2013 +0000 Fix fdim handling of infinities (bug 15797). https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1778fd0a17a74422a58d8eada3fa08b80f0a0c27 commit 1778fd0a17a74422a58d8eada3fa08b80f0a0c27 Author: Adhemerval Zanella Date: Tue Aug 20 15:01:59 2013 -0500 PowerPC: fix backtrace to handle signal trampolines This patch fixes backtrace for PPC32 and PPC64 to correctly handle signal trampolines. The 'debug/tst-backtrace6.c' also check for SA_SIGINFO handling, where is triggers another vDSO symbols for PPC32. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8df86a8394d0ea121f2066efe618f2b1cc799be3 commit 8df86a8394d0ea121f2066efe618f2b1cc799be3 Author: Joseph Myers Date: Tue Aug 20 19:41:15 2013 +0000 Fix cproj handling of (finite, NaN) arguments (bug 15531). backport of c980f2f4fe0f5d301f706017a1f7e4e942193ec0 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f8a004f1fa412e3aae77faa30b4dfb654d721510 commit f8a004f1fa412e3aae77faa30b4dfb654d721510 Author: Andreas Arnez Date: Thu Oct 31 09:57:33 2013 -0500 * elf/setup-vdso.h (setup_vdso): Fix missing string termination. backport of f315524e034cfc644157cb4af5ecc99f645dd067 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f166b9c6e90d631115c59b4357357bc168d8e51a commit f166b9c6e90d631115c59b4357357bc168d8e51a Author: Florian Weimer Date: Thu Oct 31 09:55:52 2013 -0500 CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. backport of 91ce40854d0b7f865cf5024ef95a8026b76096f3 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=760b348db29b446efc760b4bc3627379cc61b0d8 commit 760b348db29b446efc760b4bc3627379cc61b0d8 Merge: 84dd394 eefa3be Author: Tulio Magno Quites Machado Filho Date: Tue Aug 20 15:26:27 2013 -0300 Merge branch 'release/2.18/master' into ibm/2.18/master https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=84dd3946e0e0aee66635ba4373943d113fd25ca1 commit 84dd3946e0e0aee66635ba4373943d113fd25ca1 Author: Adhemerval Zanella Date: Thu Jul 25 10:53:11 2013 -0300 PowerPC: use libgcc _Unwind functions to get backtrace This patch changes the way backtraces are obtained on PowerPC by relaying on libgcc _Unwind function instead of just backchain parse. It fixes debug/tst-backtrace5 for PPC32 and PPC64. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=733a36d81544dad38726489b43523cc0ac95095d commit 733a36d81544dad38726489b43523cc0ac95095d Merge: 2d16beb 85891ac Author: Tulio Magno Quites Machado Filho Date: Tue Aug 6 14:13:45 2013 -0300 Merge branch 'master' into ibm/2.18/master https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2d16bebbeabd3ab312998c969e21d092ff348485 commit 2d16bebbeabd3ab312998c969e21d092ff348485 Author: Ryan S. Arnold Date: Thu Aug 1 13:11:18 2013 -0300 Remove assert() if DT_RUNPATH and DT_RPATH flags are found in ld.so. https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=975208ca8a02f332572edde22d3e4da6c100bdbc commit 975208ca8a02f332572edde22d3e4da6c100bdbc Author: Tulio Magno Quites Machado Filho Date: Thu Aug 1 12:54:00 2013 -0300 Partially revert commit 2663b74f8103a2a8a46b4896439b7a452480fc7c This change is necessary in order to avoid the issue documented at http://sourceware.org/ml/libc-alpha/2013-05/msg00350.html. ----------------------------------------------------------------------- Summary of changes: -- You are receiving this mail because: You are on the CC list for the bug.