From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14035 invoked by alias); 28 Aug 2014 10:26:19 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 13055 invoked by uid 55); 28 Aug 2014 10:26:09 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug network/15946] getaddrinfo() writes DNS queries to random file descriptors under high load Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: network X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: critical X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.20 X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00125.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=3D15946 --- Comment #9 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26044-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:18 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13883 invoked by alias); 28 Aug 2014 10:26:18 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 13092 invoked by uid 55); 28 Aug 2014 10:26:10 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug regex/17069] leak in regcomp Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: regex X-Bugzilla-Version: 2.20 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: 2.20 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00127.txt.bz2 Content-length: 9639 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17069 --- Comment #10 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26042-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:17 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13706 invoked by alias); 28 Aug 2014 10:26:17 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 13010 invoked by uid 55); 28 Aug 2014 10:26:09 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug localedata/17137] Directory traversal in locale environment handling (CVE-2014-0475) Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: localedata X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00129.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17137 --- Comment #4 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26041-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:17 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13563 invoked by alias); 28 Aug 2014 10:26:16 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 12959 invoked by uid 55); 28 Aug 2014 10:26:08 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug localedata/17187] Out-of-bounds NUL write in iconv_open (CVE-2014-5119) Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: localedata X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00126.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17187 --- Comment #4 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26040-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:16 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13498 invoked by alias); 28 Aug 2014 10:26:16 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 12995 invoked by uid 55); 28 Aug 2014 10:26:09 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug nscd/16878] nscd enters busy loop on long netgroup entry via nss_ldap of nslcd Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nscd X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: siddhesh at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00123.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D16878 --- Comment #5 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26045-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:19 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13905 invoked by alias); 28 Aug 2014 10:26:18 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 13084 invoked by uid 55); 28 Aug 2014 10:26:10 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug libc/17048] posix_spawn_file_actions_addopen fails to copy the path argument (CVE-2014-4043) Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00130.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D17048 --- Comment #6 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26043-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:18 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 13779 invoked by alias); 28 Aug 2014 10:26:18 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 13077 invoked by uid 55); 28 Aug 2014 10:26:10 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug nscd/16695] nscd aborts with "*** glibc detected *** /usr/sbin/nscd: realloc(): invalid next size" Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: nscd X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: siddhesh at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00124.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D16695 --- Comment #4 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26047-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 10:26:20 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 14051 invoked by alias); 28 Aug 2014 10:26:19 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 13125 invoked by uid 55); 28 Aug 2014 10:26:10 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug dynamic-link/16046] dl_iterate_phdr should not expose internal stub Date: Thu, 28 Aug 2014 10:26:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: dynamic-link X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00128.txt.bz2 Content-length: 9638 https://sourceware.org/bugzilla/show_bug.cgi?id=3D16046 --- Comment #6 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been created at e3050a640f18eec4bc4e3f7b7f22c5b99c47028b (commit) - Log ----------------------------------------------------------------- https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De3050a640f18eec4bc4= e3f7b7f22c5b99c47028b commit e3050a640f18eec4bc4e3f7b7f22c5b99c47028b Author: Florian Weimer Date: Tue Aug 26 19:38:59 2014 +0200 __gconv_translit_find: Disable function [BZ #17187] This functionality has never worked correctly, and the implementation contained a security vulnerability (CVE-2014-5119). (cherry picked from commit a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8) (cherry picked from commit f9df71e895d3552d557e783fdb9d133328195645) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D394efd467f466be377b= e1066bb07d331390a5658 commit 394efd467f466be377be1066bb07d331390a5658 Author: Stefan Liebler Date: Fri Aug 1 09:48:17 2014 +0200 NEWS: Explain the s390 jmp_buf / ucontext_t ABI change reversal. (cherry picked from commit 95ee7fb13ba99ba265b49531c57e1cb8db629bc6) Typo fix as in commit 45ef66289acbab17278a73512f9b2a9d8a7ca79d and NEW enty adjusted to reflect revert occuring in 2.19.1 and 2.20. Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D3942f5e5f7282161d31= a60f84020eec1aa86bb82 commit 3942f5e5f7282161d31a60f84020eec1aa86bb82 Author: Stefan Liebler Date: Thu Aug 28 16:53:13 2014 +1000 S/390: Revert the jmp_buf/ucontext_t ABI change Backport of commit 2f438e20ab591641760e97458d5d1569942eced5 https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Da5dd31f514e3ab41bfe= 60cdeacd75d875006d9cc commit a5dd31f514e3ab41bfe60cdeacd75d875006d9cc Author: Florian Weimer Date: Wed May 28 14:05:03 2014 +0200 manual: Update the locale documentation (cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4) Conflicts: manual/locale.texi https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dd475d58097efe764e25= 67fca0ea194d5d80150ce commit d475d58097efe764e2567fca0ea194d5d80150ce Author: Florian Weimer Date: Mon May 12 15:24:12 2014 +0200 _nl_find_locale: Improve handling of crafted locale names [BZ #17137] Prevent directory traversal in locale-related environment variables (CVE-2014-0475). (cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3) Conflicts: NEWS localedata/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D1298cdbed6596663785= 254f63cb92af265aee8e0 commit 1298cdbed6596663785254f63cb92af265aee8e0 Author: Florian Weimer Date: Wed May 28 14:41:52 2014 +0200 setlocale: Use the heap for the copy of the locale argument This avoids alloca calls with potentially large arguments. (cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5754d77ab9899688380= da1a52b02f62815b3d34b commit 5754d77ab9899688380da1a52b02f62815b3d34b Author: Siddhesh Poyarekar Date: Mon May 26 11:40:08 2014 +0530 Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (BZ #16878) The netgroups nss modules in the glibc tree use NSS_STATUS_UNAVAIL (with errno as ERANGE) when the supplied buffer does not have sufficient space for the result. This is wrong, because the canonical way to indicate insufficient buffer is to set the errno to ERANGE and the status to NSS_STATUS_TRYAGAIN, as is used by all other modules. This fixes nscd behaviour when the nss_ldap module returns NSS_STATUS_TRYAGAIN to indicate that a netgroup entry is too long to fit into the supplied buffer. (cherry picked from commit c3ec475c5dd16499aa040908e11d382c3ded9692) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Db5a823c6c62a05a793a= a2d6ff208d1261b46f281 commit b5a823c6c62a05a793aa2d6ff208d1261b46f281 Author: Siddhesh Poyarekar Date: Wed Mar 12 17:27:22 2014 +0530 Provide correct buffer length to netgroup queries in nscd (BZ #16695) The buffer to query netgroup entries is allocated sufficient space for the netgroup entries and the key to be appended at the end, but it sends in an incorrect available length to the NSS netgroup query functions, resulting in overflow of the buffer in some special cases. The fix here is to factor in the key length when sending the available buffer and buffer length to the query functions. (cherry picked from commit c44496df2f090a56d3bf75df930592dac6bba46f) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D9c4b0856b5627d443ed= c924ae972a27078c53112 commit 9c4b0856b5627d443edc924ae972a27078c53112 Author: Maciej W. Rozycki Date: Fri Jun 20 21:52:53 2014 +0100 [BZ #16046] dl_iterate_phdr static executable test (cherry picked from commit 257ce7127e2f64a6a959b146786cd43de0e42b5f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D5ec38d177c9089db1bc= 62546bfaf411c0cabeb6d commit 5ec38d177c9089db1bc62546bfaf411c0cabeb6d Author: Andreas Schwab Date: Fri Jun 20 12:41:27 2014 +0200 Fix another memory leak in regexp compiler (BZ #17069) (cherry picked from commit aa6ec754f3b4b1df81d186480c534b6486a1e6ee) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4498c0516d9f16feeca= 46820ba8ca2e62f916f82 commit 4498c0516d9f16feeca46820ba8ca2e62f916f82 Author: Andreas Schwab Date: Thu Jun 19 15:38:03 2014 +0200 Fix memory leak in regexp compiler (BZ #17069) (cherry picked from commit 4d43ef1e7434d7d419afbcd754931cb0c794763c) Conflicts: posix/Makefile https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D7b17d60f13089585c2b= 63d46cbc660c4b85d169d commit 7b17d60f13089585c2b63d46cbc660c4b85d169d Author: Andreas Schwab Date: Mon May 26 18:01:31 2014 +0200 Fix invalid file descriptor reuse while sending DNS query (BZ #15946) (cherry picked from commit f9d2d03254a58d92635a311a42253eeed5a40a47) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D76aebfbb87ecc33e59d= 29a8adda76dfcdbc9213d commit 76aebfbb87ecc33e59d29a8adda76dfcdbc9213d Author: Andreas Schwab Date: Tue Feb 18 10:57:25 2014 +0100 Properly fix memory leak in _nss_dns_gethostbyname4_r with big DNS answ= er Instead of trying to guess whether the second buffer needs to be freed set a flag at the place it is allocated (cherry picked from commit ab09bf616ad527b249aca5f2a4956fd526f0712f) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3Dc6ce0dadcfd14973ba8= 80f4e043058a9367f00ce commit c6ce0dadcfd14973ba880f4e043058a9367f00ce Author: Ond=C5=99ej B=C3=ADlka Date: Sun Feb 16 12:59:23 2014 +0100 Deduplicate resolv/nss_dns/dns-host.c In resolv/nss_dns/dns-host.c one of code path duplicated code after that. We merge these paths. (cherry picked from commit ab7ac0f2cf8731fe4c3f3aea6088a7c0127b5725) https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D4ad0ab7bdb6c4afb3fc= 561c6497759eb939d2a73 commit 4ad0ab7bdb6c4afb3fc561c6497759eb939d2a73 Author: Andreas Schwab Date: Thu Feb 13 11:01:57 2014 +0100 Fix memory leak in _nss_dns_gethostbyname4_r with big DNS answer (cherry picked from commit d668061994a7486a3ba9c7d5e7882d85a2883707) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D00a84253c5bc7dffb7a= 0a666cea21ea5e0288771 commit 00a84253c5bc7dffb7a0a666cea21ea5e0288771 Author: Andreas Schwab Date: Thu May 8 16:53:01 2014 +0200 Fix unbound stack use in NIS NSS module (cherry picked from commit 315eb1d86aea489cd6325fd1c2521dcfb4fc0e1c) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3D30026b69015db3f8240= 7df83dc1118518ee1fa5c commit 30026b69015db3f82407df83dc1118518ee1fa5c Author: Allan McRae Date: Sat Jun 21 17:23:55 2014 +1000 Mention CVE-2014-4043 in NEWS (cherry picked from commit d03efb2f979defd473955a455d66b949961d26b2) Conflicts: NEWS https://sourceware.org/git/gitweb.cgi?p=3Dglibc.git;h=3De698ea2c03ddfdfa874= 59c1a0e53e2a4289de0fa commit e698ea2c03ddfdfa87459c1a0e53e2a4289de0fa Author: Florian Weimer Date: Wed Jun 11 23:12:52 2014 +0200 posix_spawn_file_actions_addopen needs to copy the path argument (BZ 17= 048) POSIX requires that we make a copy, so we allocate a new string and free it in posix_spawn_file_actions_destroy. Reported by David Reid, Alex Gaynor, and Glyph Lefkowitz. This bug may have security implications. (cherry picked from commit 89e435f3559c53084498e9baad22172b64429362) Conflicts: NEWS ----------------------------------------------------------------------- --=20 You are receiving this mail because: You are on the CC list for the bug. >>From glibc-bugs-return-26048-listarch-glibc-bugs=sources.redhat.com@sourceware.org Thu Aug 28 11:22:26 2014 Return-Path: Delivered-To: listarch-glibc-bugs@sources.redhat.com Received: (qmail 23077 invoked by alias); 28 Aug 2014 11:22:26 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Delivered-To: mailing list glibc-bugs@sourceware.org Received: (qmail 23020 invoked by uid 55); 28 Aug 2014 11:22:19 -0000 From: "cvs-commit at gcc dot gnu.org" To: glibc-bugs@sourceware.org Subject: [Bug localedata/17187] Out-of-bounds NUL write in iconv_open (CVE-2014-5119) Date: Thu, 28 Aug 2014 11:22:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: localedata X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: cvs-commit at gcc dot gnu.org X-Bugzilla-Status: RESOLVED X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: fweimer at redhat dot com X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security+ X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2014-08/txt/msg00131.txt.bz2 Content-length: 750 https://sourceware.org/bugzilla/show_bug.cgi?id=17187 --- Comment #5 from cvs-commit at gcc dot gnu.org --- This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU C Library master sources". The branch, allan/2.19/backport has been deleted was e3050a640f18eec4bc4e3f7b7f22c5b99c47028b - Log ----------------------------------------------------------------- e3050a640f18eec4bc4e3f7b7f22c5b99c47028b __gconv_translit_find: Disable function [BZ #17187] ----------------------------------------------------------------------- -- You are receiving this mail because: You are on the CC list for the bug.