From: Aurelien Jarno <aurelien@aurel32.net>
To: Rafal Luzynski <digitalfreak@lingonborough.com>
Cc: libc-stable@sourceware.org, Paul Eggert <eggert@cs.ucla.edu>
Subject: Re: [2.29 COMMITTED] regex: fix read overrun [BZ #24114]
Date: Tue, 01 Jan 2019 00:00:00 -0000 [thread overview]
Message-ID: <20190319120322.GA28833@aurel32.net> (raw)
In-Reply-To: <1004103621.41197.1552951132012@poczta.nazwa.pl>
[-- Attachment #1: Type: text/plain, Size: 1737 bytes --]
On 2019-03-19 00:18, Rafal Luzynski wrote:
> 16.03.2019 23:31 Aurelien Jarno <aurelien@aurel32.net> wrote:
> > [...]
> > diff --git a/ChangeLog b/ChangeLog
> > index 90558e434ce..fb88626efe1 100644
> > --- a/ChangeLog
> > +++ b/ChangeLog
> > @@ -1,3 +1,11 @@
> > +2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
> > +
> > + regex: fix read overrun [BZ #24114]
> > + Problem found by AddressSanitizer, reported by Hongxu Chen in:
> > + https://debbugs.gnu.org/34140
> > + * posix/regexec.c (proceed_next_node):
> > + Do not read past end of input buffer.
> > +
>
> As far as I know the date in the ChangeLog should be the date
> when the change was pushed to the git repository, not when the
> patch was authored. In case of the stable branches it should be
> the date when it was pushed to the stable branch, not when it was
> pushed to master. Shall we change this?
Thanks for pointing that out. It appears we do not have a clear process
about that, at least [1] doesn't say the date should be updated after a
cherry-pick, and it doesn't say the contrary either.
In practice looking at the glibc 2.28 branch (the 2.29 has very few
commit, and most of them backported immediately after being committed to
the master branch), it appears that both practices are common. I have
attached a patch fixing the commit dates to give an example of the
impact.
I think we should just decide a rule, fix the wrong entries if needed,
and apply it to new commits. On my side I am undecided what is the best
option.
Regards,
Aurelien
[1] https://sourceware.org/glibc/wiki/GlibcGit?Cherry_Pick_Changes_From_Another_Branch
--
Aurelien Jarno GPG: 4096R/1DDD8C9B
aurelien@aurel32.net http://www.aurel32.net
[-- Attachment #2: glibc-2.28-changelog-fix-date.patch --]
[-- Type: text/x-diff, Size: 13554 bytes --]
diff --git a/ChangeLog b/ChangeLog
index 5667d9262b..4b52e4754e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,4 @@
-2019-01-31 Paul Eggert <eggert@cs.ucla.edu>
+2019-03-16 Paul Eggert <eggert@cs.ucla.edu>
CVE-2019-9169
regex: fix read overrun [BZ #24114]
@@ -7,14 +7,14 @@
* posix/regexec.c (proceed_next_node):
Do not read past end of input buffer.
-2018-11-07 Andreas Schwab <schwab@suse.de>
+2019-03-14 Andreas Schwab <schwab@suse.de>
[BZ #23864]
* sysdeps/unix/sysv/linux/riscv/kernel-features.h
(__ASSUME_SET_ROBUST_LIST) [__LINUX_KERNEL_VERSION < 0x041400]:
Undef.
-2018-09-21 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+2019-02-27 Adhemerval Zanella <adhemerval.zanella@linaro.org>
* NEWS: Add note about new TLE support on powerpc64le.
* sysdeps/powerpc/nptl/tcb-offsets.sym (TM_CAPABLE): Remove.
@@ -34,7 +34,7 @@
usage.
* sysdeps/unix/sysv/linux/powerpc/not-errno.h: Remove file.
-2019-01-13 Jim Wilson <jimw@sifive.com>
+2019-02-19 Jim Wilson <jimw@sifive.com>
[BZ #24040]
* elf/Makefile (CFLAGS-tst-unwind-main.c): Add -DUSE_PTHREADS=0.
@@ -48,7 +48,7 @@
* sysdeps/unix/sysv/linux/riscv/clone.S (__thread_start): Mark ra
as undefined.
-2019-01-31 Carlos O'Donell <carlos@redhat.com>
+2019-02-17 Carlos O'Donell <carlos@redhat.com>
Torvald Riegel <triegel@redhat.com>
Rik Prohaska <prohaska7@gmail.com>
@@ -91,7 +91,7 @@
* nscd/gai.c: Include <arpa/inet.h> and change visibility of
__inet_aton_exact.
-2019-01-21 Florian Weimer <fweimer@redhat.com>
+2019-02-04 Florian Weimer <fweimer@redhat.com>
[BZ #20018]
CVE-2016-10739
@@ -124,7 +124,7 @@
* resolv/tst-resolv-nondecimal.c: Likewise.
* sysdeps/posix/getaddrinfo.c (gaih_inet): Call __inet_aton_exact.
-2019-01-18 Florian Weimer <fweimer@redhat.com>
+2019-02-04 Florian Weimer <fweimer@redhat.com>
[BZ #24112]
resolv: Do not send queries for non-host-names in nss_dns.
@@ -133,7 +133,7 @@
(_nss_dns_gethostbyname_r): Likewise.
(_nss_dns_gethostbyname4_r): Likewise.
-2019-01-21 Florian Weimer <fweimer@redhat.com>
+2019-02-04 Florian Weimer <fweimer@redhat.com>
* resolv/inet_addr.c: Reformat to GNU style.
(__inet_addr, __inet_aton): Update comment.
@@ -250,7 +250,7 @@
* math/libm-test-fma.inc (fma_test_data): Set
XFAIL_ROUNDING_IBM128_LIBGCC to more tests.
-2019-01-07 Aurelien Jarno <aurelien@aurel32.net>
+2019-01-08 Aurelien Jarno <aurelien@aurel32.net>
[BZ #24024]
* Makeconfig: Build libm with -fno-math-errno but build the remaining
@@ -266,14 +266,14 @@
DIAG_PUSH_NEEDS_COMMENT, DIAG_IGNORE_NEEDS_COMMENT and
DIAG_POP_NEEDS_COMMENT to disable -Wmaybe-uninitialized.
-2019-01-02 Aurelien Jarno <aurelien@aurel32.net>
+2019-01-03 Aurelien Jarno <aurelien@aurel32.net>
[BZ #24034]
* sysdeps/unix/sysv/linux/arm/atomic-machine.h
(__arm_assisted_compare_and_exchange_val_32_acq): Use uint32_t rather
than __typeof (...) for the a_ptr variable.
-2018-12-31 H.J. Lu <hongjiu.lu@intel.com>
+2019-01-03 H.J. Lu <hongjiu.lu@intel.com>
[BZ #24022]
* sysdeps/unix/sysv/linux/riscv/flush-icache.c: Check if
@@ -285,7 +285,7 @@
* intl/dcigettext.c (DCIGETTEXT): Do not return NULL on asprintf
failure.
-2018-12-31 Florian Weimer <fw@deneb.enyo.de>
+2019-01-01 Florian Weimer <fw@deneb.enyo.de>
[BZ #24027]
* malloc/malloc.c (_int_realloc): Always call memcpy for the
@@ -296,7 +296,7 @@
* sysdeps/alpha/fpu/libm-test-ulps: Regenerated.
-2018-12-18 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+2018-12-19 Adhemerval Zanella <adhemerval.zanella@linaro.org>
James Clarke <jrtc27@jrtc27.com>
[BZ #23967]
@@ -318,7 +318,7 @@
* sysdeps/unix/sysv/linux/s390/kernel_sigaction.h: Likewise.
* sysdeps/unix/sysv/linux/x86_64/sigaction.c: Likewise.
-2018-10-30 Andreas Schwab <schwab@suse.de>
+2018-12-15 Andreas Schwab <schwab@suse.de>
[BZ #23125]
* sysdeps/riscv/start.S (ENTRY_POINT): Mark ra as undefined.
@@ -342,7 +342,7 @@
* nptl/tst-rwlock-pwn.c: New file.
* nptl/Makefile (tests): Add tst-rwlock-pwn.
-2018-12-12 Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
+2018-12-13 Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
[BZ #23614]
* sysdeps/powerpc/powerpc64/addmul_1.S (FUNC): Add CFI offset for
@@ -350,20 +350,20 @@
* sysdeps/powerpc/powerpc64/lshift.S (__mpn_lshift): Likewise.
* sysdeps/powerpc/powerpc64/mul_1.S (__mpn_mul_1): Likewise.
-2018-12-07 DJ Delorie <dj@redhat.com>
+2018-12-12 DJ Delorie <dj@redhat.com>
[BZ #23907]
* malloc/tst-tcfree3.c: New.
* malloc/Makefile: Add it.
-2018-12-07 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
[BZ #23927]
CVE-2018-19591
* inet/tst-if_index-long.c: New file.
* inet/Makefile (tests): Add tst-if_index-long.
-2018-12-07 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
* support/check.h (support_record_failure_is_failed): Declare.
* support/descriptors.h: New file.
@@ -374,18 +374,18 @@
* support/Makefile (libsupport-routines): Add support_descriptors.
(tests): Add tst-support_descriptors.
-2018-12-01 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
* support/support_capture_subprocess.c
(support_capture_subprocess): Check that pipe descriptors have
expected values. Close original pipe descriptors in subprocess.
-2018-11-28 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
* support/support.h (support_quote_string): Do not use str
parameter name.
-2018-11-27 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
* support/support.h (support_quote_string): Declare.
* support/support_quote_string.c: New file.
@@ -404,7 +404,7 @@
* sysdeps/unix/sysv/linux/tst-readdir64-compat.c (do_test): Check
that d_off is never zero.
-2018-11-30 Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
+2018-12-07 Tulio Magno Quites Machado Filho <tuliom@linux.ibm.com>
[BZ #23690]
* elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory
@@ -419,7 +419,7 @@
* nptl/tst-audit-threads.c: Likewise.
* nptl/tst-audit-threads.h: Likewise.
-2018-11-26 Florian Weimer <fweimer@redhat.com>
+2018-11-28 Florian Weimer <fweimer@redhat.com>
[BZ #23907]
* malloc/malloc.c (_int_free): Validate tc_idx before checking for
@@ -439,7 +439,7 @@
* dlfcn/dlerror.c (check_free): Prevent double frees.
-2018-11-27 Florian Weimer <fweimer@redhat.com>
+2018-12-12 Florian Weimer <fweimer@redhat.com>
[BZ #23927]
CVE-2018-19591
@@ -453,23 +453,23 @@
(signal_handler): Use it to print the termination time and the
time of the last write to standard output.
-2018-10-09 Szabolcs Nagy <szabolcs.nagy@arm.com>
+2018-11-19 Szabolcs Nagy <szabolcs.nagy@arm.com>
* libio/tst-readline.c (TIMEOUT): Define.
-2018-10-22 Joseph Myers <joseph@codesourcery.com>
+2018-11-09 Joseph Myers <joseph@codesourcery.com>
* sysdeps/unix/sysv/linux/syscall-names.list: Update kernel
version to 4.19.
-2018-09-18 Paul Eggert <eggert@cs.ucla.edu>
+2018-11-09 Paul Eggert <eggert@cs.ucla.edu>
Fix tzfile low-memory assertion failure
[BZ #21716]
* time/tzfile.c (__tzfile_read): Check for memory exhaustion
when registering time zone abbreviations.
-2018-08-31 Paul Pluzhnikov <ppluzhnikov@google.com>
+2018-11-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #20271]
* include/stdio.h (__libc_fatal): Mention newline in comment.
@@ -491,7 +491,7 @@
* sysdeps/unix/sysv/linux/netlink_assert_response.c
(__netlink_assert_response): Likewise.
-2018-08-28 Florian Weimer <fweimer@redhat.com>
+2018-11-09 Florian Weimer <fweimer@redhat.com>
[BZ #23520]
nscd: Fix use-after-free in addgetnetgrentX and its callers.
@@ -503,23 +503,23 @@
(addgetnetgrent): Call it.
(readdgetnetgrent): Likewise.
-2018-08-16 DJ Delorie <dj@delorie.com>
+2018-11-09 DJ Delorie <dj@delorie.com>
* malloc/malloc.c (_int_free): Check for corrupt prev_size vs size.
(malloc_consolidate): Likewise.
-2018-08-16 Pochang Chen <johnchen902@gmail.com>
+2018-11-09 Pochang Chen <johnchen902@gmail.com>
* malloc/malloc.c (_int_malloc.c): Verify size of top chunk.
-2018-08-13 Joseph Myers <joseph@codesourcery.com>
+2018-11-09 Joseph Myers <joseph@codesourcery.com>
* sysdeps/unix/sysv/linux/syscall-names.list: Update kernel
version to 4.18.
(io_pgetevents): New syscall.
(rseq): Likewise.
-2018-11-08 Alexandra Hájková <ahajkova@redhat.com>
+2018-11-09 Alexandra Hájková <ahajkova@redhat.com>
[BZ #17630]
* resolv/tst-resolv-network.c: Add test for getnetbyname.
@@ -534,33 +534,33 @@
* sysdeps/x86/link_map.h (l_cet): Expand to 3 bits, Add
lc_unknown.
-2018-11-05 Andreas Schwab <schwab@suse.de>
+2018-11-06 Andreas Schwab <schwab@suse.de>
[BZ #22927]
* resolv/gai_misc.c (__gai_enqueue_request): Don't crash if
creating the first helper thread failed.
-2018-10-23 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+2018-11-02 Adhemerval Zanella <adhemerval.zanella@linaro.org>
[BZ #23709]
* sysdeps/x86/cpu-features.c (init_cpu_features): Set TSX bits
independently of other flags.
-2018-10-30 Florian Weimer <fweimer@redhat.com>
+2018-11-02 Florian Weimer <fweimer@redhat.com>
* stdlib/tst-strtod-overflow.c (do_test): Switch to
support_blob_repeat.
-2018-10-30 Florian Weimer <fweimer@redhat.com>
+2018-11-02 Florian Weimer <fweimer@redhat.com>
* support/blob_repeat.c (allocate_big): Call mkstemp directly.
-2018-10-30 Florian Weimer <fweimer@redhat.com>
+2018-11-02 Florian Weimer <fweimer@redhat.com>
* stdlib/test-bz22786.c (do_test): Additional free calls to avoid
memory leaks.
-2018-10-30 Florian Weimer <fweimer@redhat.com>
+2018-11-02 Florian Weimer <fweimer@redhat.com>
Avoid spurious test failures in stdlib/test-bz22786.
* support/Makefile (libsupport-routines): Add blob_repeat.
@@ -571,12 +571,12 @@
* stdlib/test-bz22786.c (do_test): Replace malloc and memset with
support_blob_repeat_allocate.
-2018-08-30 Stefan Liebler <stli@linux.ibm.com>
+2018-11-02 Stefan Liebler <stli@linux.ibm.com>
* stdlib/test-bz22786.c (do_test): Return EXIT_UNSUPPORTED
if malloc fails.
-2018-08-24 Paul Pluzhnikov <ppluzhnikov@google.com>
+2018-11-02 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #23400]
* stdlib/test-bz22786.c (do_test): Fix undefined behavior, don't
@@ -589,7 +589,7 @@
* sysdeps/ia64/fpu/e_log2f.S (log2f): Likewise.
* sysdeps/ia64/fpu/e_exp2f.S (powf): Likewise.
-2018-10-25 Florian Weimer <fweimer@redhat.com>
+2018-10-26 Florian Weimer <fweimer@redhat.com>
[BZ #23562]
[BZ #23821]
@@ -602,13 +602,13 @@
sparc64.
* conform/data/sys/wait.h-data (siginfo_t): Likewise.
-2018-10-19 Ilya Yu. Malakhov <malakhov@mcst.ru>
+2018-10-22 Ilya Yu. Malakhov <malakhov@mcst.ru>
[BZ #23562]
* sysdeps/unix/sysv/linux/bits/types/siginfo_t.h
(struct siginfo_t): Use correct type for si_band.
-2018-10-17 Stefan Liebler <stli@linux.ibm.com>
+2018-10-18 Stefan Liebler <stli@linux.ibm.com>
[BZ #23275]
* nptl/tst-mutex10.c: New File.
@@ -685,7 +685,7 @@
(_start): Use ENTRY/END to insert ENDBR32 at entry when CET is
enabled. Add cfi_undefined (eip).
-2018-09-19 Wilco Dijkstra <wdijkstr@arm.com>
+2018-09-21 Wilco Dijkstra <wdijkstr@arm.com>
[BZ #23637]
* string/test-strstr.c (pr23637): New function.
@@ -693,7 +693,7 @@
* string/strcasestr.c (AVAILABLE): Fix readahead distance.
* string/strstr.c (AVAILABLE): Likewise.
-2018-09-19 Carlos O'Donell <carlos@redhat.com>
+2018-09-20 Carlos O'Donell <carlos@redhat.com>
* stdlib/tst-setcontext9.c (f1): Rename to...
(f1a): ... this.
@@ -710,7 +710,7 @@
* sysdeps/unix/sysv/linux/gethostid.c (gethostid): Check for NULL
value from gethostbyname_r.
-2018-09-06 Stefan Liebler <stli@linux.ibm.com>
+2018-09-10 Stefan Liebler <stli@linux.ibm.com>
* sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute):
Increment size of new_argv by one.
@@ -722,7 +722,7 @@
* posix/Makefile (tests): Add it.
(tst-regcomp-truncated.out): Depend on generated locales.
-2018-08-25 Paul Eggert <eggert@cs.ucla.edu>
+2018-08-28 Paul Eggert <eggert@cs.ucla.edu>
[BZ #23578]
regex: fix uninitialized memory access
@@ -745,7 +745,7 @@
Update r to include the set wake-request flag if waiters are
remaining after spinning.
-2018-08-03 DJ Delorie <dj@redhat.com>
+2018-08-22 DJ Delorie <dj@redhat.com>
* sysdeps/riscv/rvf/math_private.h (libc_feholdexcept_setround_riscv):
Move libc_fesetround_riscv after libc_feholdexcept_riscv.
@@ -770,7 +770,7 @@
* nscd/nscd_conf.c (nscd_parse_file): Deallocate old storage for
server_user, stat_user.
-2018-08-13 Florian Weimer <fweimer@redhat.com>
+2018-08-14 Florian Weimer <fweimer@redhat.com>
* misc/error.c (error): Add missing va_end call.
(error_at_line): Likewise.
next prev parent reply other threads:[~2019-03-19 12:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-01 0:00 Aurelien Jarno
2019-01-01 0:00 ` [2.29 COMMITTED] Record CVE-2019-9169 in NEWS and ChangeLog " Aurelien Jarno
2019-01-01 0:00 ` [2.29 COMMITTED] regex: fix read overrun " Rafal Luzynski
2019-01-01 0:00 ` Paul Eggert
2019-01-01 0:00 ` Aurelien Jarno [this message]
2019-01-01 0:00 ` Rafal Luzynski
2019-01-01 0:00 ` Florian Weimer
2019-01-01 0:00 ` Rafal Luzynski
2019-01-01 0:00 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190319120322.GA28833@aurel32.net \
--to=aurelien@aurel32.net \
--cc=digitalfreak@lingonborough.com \
--cc=eggert@cs.ucla.edu \
--cc=libc-stable@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).