From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 40544 invoked by alias); 19 Mar 2019 12:03:35 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 40531 invoked by uid 89); 19 Mar 2019 12:03:35 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-24.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,UNSUBSCRIBE_BODY autolearn=ham version=3.3.1 spammy=D*enyo.de, D*deneb.enyo.de, fwdenebenyode, sk:fwdene X-Spam-Status: No, score=-24.9 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,UNSUBSCRIBE_BODY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org X-Spam-Level: X-HELO: hall.aurel32.net Received: from hall.aurel32.net (HELO hall.aurel32.net) (163.172.24.10) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 19 Mar 2019 12:03:31 +0000 Received: from [2a01:e35:2e4c:a861:655e:aef3:f589:b897] (helo=ohm.rr44.fr) by hall.aurel32.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1h6DSp-0005Le-Q9; Tue, 19 Mar 2019 13:03:28 +0100 Received: from aurel32 by ohm.rr44.fr with local (Exim 4.92) (envelope-from ) id 1h6DSk-0003Ak-Q7; Tue, 19 Mar 2019 13:03:22 +0100 Date: Tue, 01 Jan 2019 00:00:00 -0000 From: Aurelien Jarno To: Rafal Luzynski Cc: libc-stable@sourceware.org, Paul Eggert Subject: Re: [2.29 COMMITTED] regex: fix read overrun [BZ #24114] Message-ID: <20190319120322.GA28833@aurel32.net> References: <20190316223151.29219-1-aurelien@aurel32.net> <1004103621.41197.1552951132012@poczta.nazwa.pl> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="fUYQa+Pmc3FrFX/N" Content-Disposition: inline In-Reply-To: <1004103621.41197.1552951132012@poczta.nazwa.pl> User-Agent: Mutt/1.10.1 (2018-07-13) X-IsSubscribed: yes X-SW-Source: 2019-03/txt/msg00008.txt.bz2 --fUYQa+Pmc3FrFX/N Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 1737 On 2019-03-19 00:18, Rafal Luzynski wrote: > 16.03.2019 23:31 Aurelien Jarno wrote: > > [...] > > diff --git a/ChangeLog b/ChangeLog > > index 90558e434ce..fb88626efe1 100644 > > --- a/ChangeLog > > +++ b/ChangeLog > > @@ -1,3 +1,11 @@ > > +2019-01-31 Paul Eggert > > + > > + regex: fix read overrun [BZ #24114] > > + Problem found by AddressSanitizer, reported by Hongxu Chen in: > > + https://debbugs.gnu.org/34140 > > + * posix/regexec.c (proceed_next_node): > > + Do not read past end of input buffer. > > + > > As far as I know the date in the ChangeLog should be the date > when the change was pushed to the git repository, not when the > patch was authored. In case of the stable branches it should be > the date when it was pushed to the stable branch, not when it was > pushed to master. Shall we change this? Thanks for pointing that out. It appears we do not have a clear process about that, at least [1] doesn't say the date should be updated after a cherry-pick, and it doesn't say the contrary either. In practice looking at the glibc 2.28 branch (the 2.29 has very few commit, and most of them backported immediately after being committed to the master branch), it appears that both practices are common. I have attached a patch fixing the commit dates to give an example of the impact. I think we should just decide a rule, fix the wrong entries if needed, and apply it to new commits. On my side I am undecided what is the best option. Regards, Aurelien [1] https://sourceware.org/glibc/wiki/GlibcGit?Cherry_Pick_Changes_From_Another_Branch -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurelien@aurel32.net http://www.aurel32.net --fUYQa+Pmc3FrFX/N Content-Type: text/x-diff; charset=iso-8859-15 Content-Disposition: attachment; filename="glibc-2.28-changelog-fix-date.patch" Content-Transfer-Encoding: quoted-printable Content-length: 13360 diff --git a/ChangeLog b/ChangeLog index 5667d9262b..4b52e4754e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,4 @@ -2019-01-31 Paul Eggert +2019-03-16 Paul Eggert =20 CVE-2019-9169 regex: fix read overrun [BZ #24114] @@ -7,14 +7,14 @@ * posix/regexec.c (proceed_next_node): Do not read past end of input buffer. =20 -2018-11-07 Andreas Schwab +2019-03-14 Andreas Schwab =20 [BZ #23864] * sysdeps/unix/sysv/linux/riscv/kernel-features.h (__ASSUME_SET_ROBUST_LIST) [__LINUX_KERNEL_VERSION < 0x041400]: Undef. =20 -2018-09-21 Adhemerval Zanella +2019-02-27 Adhemerval Zanella =20 * NEWS: Add note about new TLE support on powerpc64le. * sysdeps/powerpc/nptl/tcb-offsets.sym (TM_CAPABLE): Remove. @@ -34,7 +34,7 @@ usage. * sysdeps/unix/sysv/linux/powerpc/not-errno.h: Remove file. =20 -2019-01-13 Jim Wilson +2019-02-19 Jim Wilson =20 [BZ #24040] * elf/Makefile (CFLAGS-tst-unwind-main.c): Add -DUSE_PTHREADS=3D0. @@ -48,7 +48,7 @@ * sysdeps/unix/sysv/linux/riscv/clone.S (__thread_start): Mark ra as undefined. =20 -2019-01-31 Carlos O'Donell +2019-02-17 Carlos O'Donell Torvald Riegel Rik Prohaska =20 @@ -91,7 +91,7 @@ * nscd/gai.c: Include and change visibility of __inet_aton_exact. =20 -2019-01-21 Florian Weimer +2019-02-04 Florian Weimer =20 [BZ #20018] CVE-2016-10739 @@ -124,7 +124,7 @@ * resolv/tst-resolv-nondecimal.c: Likewise. * sysdeps/posix/getaddrinfo.c (gaih_inet): Call __inet_aton_exact. =20 -2019-01-18 Florian Weimer +2019-02-04 Florian Weimer =20 [BZ #24112] resolv: Do not send queries for non-host-names in nss_dns. @@ -133,7 +133,7 @@ (_nss_dns_gethostbyname_r): Likewise. (_nss_dns_gethostbyname4_r): Likewise. =20 -2019-01-21 Florian Weimer +2019-02-04 Florian Weimer =20 * resolv/inet_addr.c: Reformat to GNU style. (__inet_addr, __inet_aton): Update comment. @@ -250,7 +250,7 @@ * math/libm-test-fma.inc (fma_test_data): Set XFAIL_ROUNDING_IBM128_LIBGCC to more tests. =20 -2019-01-07 Aurelien Jarno +2019-01-08 Aurelien Jarno =20 [BZ #24024] * Makeconfig: Build libm with -fno-math-errno but build the remaining @@ -266,14 +266,14 @@ DIAG_PUSH_NEEDS_COMMENT, DIAG_IGNORE_NEEDS_COMMENT and DIAG_POP_NEEDS_COMMENT to disable -Wmaybe-uninitialized. =20 -2019-01-02 Aurelien Jarno +2019-01-03 Aurelien Jarno =20 [BZ #24034] * sysdeps/unix/sysv/linux/arm/atomic-machine.h (__arm_assisted_compare_and_exchange_val_32_acq): Use uint32_t rather than __typeof (...) for the a_ptr variable. =20 -2018-12-31 H.J. Lu +2019-01-03 H.J. Lu =20 [BZ #24022] * sysdeps/unix/sysv/linux/riscv/flush-icache.c: Check if @@ -285,7 +285,7 @@ * intl/dcigettext.c (DCIGETTEXT): Do not return NULL on asprintf failure. =20 -2018-12-31 Florian Weimer +2019-01-01 Florian Weimer =20 [BZ #24027] * malloc/malloc.c (_int_realloc): Always call memcpy for the @@ -296,7 +296,7 @@ =20 * sysdeps/alpha/fpu/libm-test-ulps: Regenerated. =20 -2018-12-18 Adhemerval Zanella +2018-12-19 Adhemerval Zanella James Clarke =20 [BZ #23967] @@ -318,7 +318,7 @@ * sysdeps/unix/sysv/linux/s390/kernel_sigaction.h: Likewise. * sysdeps/unix/sysv/linux/x86_64/sigaction.c: Likewise. =20 -2018-10-30 Andreas Schwab +2018-12-15 Andreas Schwab =20 [BZ #23125] * sysdeps/riscv/start.S (ENTRY_POINT): Mark ra as undefined. @@ -342,7 +342,7 @@ * nptl/tst-rwlock-pwn.c: New file. * nptl/Makefile (tests): Add tst-rwlock-pwn. =20 -2018-12-12 Tulio Magno Quites Machado Filho +2018-12-13 Tulio Magno Quites Machado Filho =20 [BZ #23614] * sysdeps/powerpc/powerpc64/addmul_1.S (FUNC): Add CFI offset for @@ -350,20 +350,20 @@ * sysdeps/powerpc/powerpc64/lshift.S (__mpn_lshift): Likewise. * sysdeps/powerpc/powerpc64/mul_1.S (__mpn_mul_1): Likewise. =20 -2018-12-07 DJ Delorie +2018-12-12 DJ Delorie =20 [BZ #23907] * malloc/tst-tcfree3.c: New. * malloc/Makefile: Add it. =20 -2018-12-07 Florian Weimer +2018-12-12 Florian Weimer =20 [BZ #23927] CVE-2018-19591 * inet/tst-if_index-long.c: New file. * inet/Makefile (tests): Add tst-if_index-long. =20 -2018-12-07 Florian Weimer +2018-12-12 Florian Weimer =20 * support/check.h (support_record_failure_is_failed): Declare. * support/descriptors.h: New file. @@ -374,18 +374,18 @@ * support/Makefile (libsupport-routines): Add support_descriptors. (tests): Add tst-support_descriptors. =20 -2018-12-01 Florian Weimer +2018-12-12 Florian Weimer =20 * support/support_capture_subprocess.c (support_capture_subprocess): Check that pipe descriptors have expected values. Close original pipe descriptors in subprocess. =20 -2018-11-28 Florian Weimer +2018-12-12 Florian Weimer =20 * support/support.h (support_quote_string): Do not use str parameter name. =20 -2018-11-27 Florian Weimer +2018-12-12 Florian Weimer =20 * support/support.h (support_quote_string): Declare. * support/support_quote_string.c: New file. @@ -404,7 +404,7 @@ * sysdeps/unix/sysv/linux/tst-readdir64-compat.c (do_test): Check that d_off is never zero. =20 -2018-11-30 Tulio Magno Quites Machado Filho +2018-12-07 Tulio Magno Quites Machado Filho =20 [BZ #23690] * elf/dl-runtime.c (_dl_profile_fixup): Guarantee memory @@ -419,7 +419,7 @@ * nptl/tst-audit-threads.c: Likewise. * nptl/tst-audit-threads.h: Likewise. =20 -2018-11-26 Florian Weimer +2018-11-28 Florian Weimer =20 [BZ #23907] * malloc/malloc.c (_int_free): Validate tc_idx before checking for @@ -439,7 +439,7 @@ =20 * dlfcn/dlerror.c (check_free): Prevent double frees. =20 -2018-11-27 Florian Weimer +2018-12-12 Florian Weimer =20 [BZ #23927] CVE-2018-19591 @@ -453,23 +453,23 @@ (signal_handler): Use it to print the termination time and the time of the last write to standard output. =20 -2018-10-09 Szabolcs Nagy +2018-11-19 Szabolcs Nagy =20 * libio/tst-readline.c (TIMEOUT): Define. =20 -2018-10-22 Joseph Myers +2018-11-09 Joseph Myers =20 * sysdeps/unix/sysv/linux/syscall-names.list: Update kernel version to 4.19. =20 -2018-09-18 Paul Eggert +2018-11-09 Paul Eggert =20 Fix tzfile low-memory assertion failure [BZ #21716] * time/tzfile.c (__tzfile_read): Check for memory exhaustion when registering time zone abbreviations. =20 -2018-08-31 Paul Pluzhnikov +2018-11-09 Paul Pluzhnikov =20 [BZ #20271] * include/stdio.h (__libc_fatal): Mention newline in comment. @@ -491,7 +491,7 @@ * sysdeps/unix/sysv/linux/netlink_assert_response.c (__netlink_assert_response): Likewise. =20 -2018-08-28 Florian Weimer +2018-11-09 Florian Weimer =20 [BZ #23520] nscd: Fix use-after-free in addgetnetgrentX and its callers. @@ -503,23 +503,23 @@ (addgetnetgrent): Call it. (readdgetnetgrent): Likewise. =20 -2018-08-16 DJ Delorie +2018-11-09 DJ Delorie =20 * malloc/malloc.c (_int_free): Check for corrupt prev_size vs size. (malloc_consolidate): Likewise. =20 -2018-08-16 Pochang Chen +2018-11-09 Pochang Chen =20 * malloc/malloc.c (_int_malloc.c): Verify size of top chunk. =20 -2018-08-13 Joseph Myers +2018-11-09 Joseph Myers =20 * sysdeps/unix/sysv/linux/syscall-names.list: Update kernel version to 4.18. (io_pgetevents): New syscall. (rseq): Likewise. =20 -2018-11-08 Alexandra H=E1jkov=E1 +2018-11-09 Alexandra H=E1jkov=E1 =20 [BZ #17630] * resolv/tst-resolv-network.c: Add test for getnetbyname. @@ -534,33 +534,33 @@ * sysdeps/x86/link_map.h (l_cet): Expand to 3 bits, Add lc_unknown. =20 -2018-11-05 Andreas Schwab +2018-11-06 Andreas Schwab =20 [BZ #22927] * resolv/gai_misc.c (__gai_enqueue_request): Don't crash if creating the first helper thread failed. =20 -2018-10-23 Adhemerval Zanella +2018-11-02 Adhemerval Zanella =20 [BZ #23709] * sysdeps/x86/cpu-features.c (init_cpu_features): Set TSX bits independently of other flags. =20 -2018-10-30 Florian Weimer +2018-11-02 Florian Weimer =20 * stdlib/tst-strtod-overflow.c (do_test): Switch to support_blob_repeat. =20 -2018-10-30 Florian Weimer +2018-11-02 Florian Weimer =20 * support/blob_repeat.c (allocate_big): Call mkstemp directly. =20 -2018-10-30 Florian Weimer +2018-11-02 Florian Weimer =20 * stdlib/test-bz22786.c (do_test): Additional free calls to avoid memory leaks. =20 -2018-10-30 Florian Weimer +2018-11-02 Florian Weimer =20 Avoid spurious test failures in stdlib/test-bz22786. * support/Makefile (libsupport-routines): Add blob_repeat. @@ -571,12 +571,12 @@ * stdlib/test-bz22786.c (do_test): Replace malloc and memset with support_blob_repeat_allocate. =20 -2018-08-30 Stefan Liebler +2018-11-02 Stefan Liebler =20 * stdlib/test-bz22786.c (do_test): Return EXIT_UNSUPPORTED if malloc fails. =20 -2018-08-24 Paul Pluzhnikov +2018-11-02 Paul Pluzhnikov =20 [BZ #23400] * stdlib/test-bz22786.c (do_test): Fix undefined behavior, don't @@ -589,7 +589,7 @@ * sysdeps/ia64/fpu/e_log2f.S (log2f): Likewise. * sysdeps/ia64/fpu/e_exp2f.S (powf): Likewise. =20 -2018-10-25 Florian Weimer +2018-10-26 Florian Weimer =20 [BZ #23562] [BZ #23821] @@ -602,13 +602,13 @@ sparc64. * conform/data/sys/wait.h-data (siginfo_t): Likewise. =20 -2018-10-19 Ilya Yu. Malakhov +2018-10-22 Ilya Yu. Malakhov =20 [BZ #23562] * sysdeps/unix/sysv/linux/bits/types/siginfo_t.h (struct siginfo_t): Use correct type for si_band. =20 -2018-10-17 Stefan Liebler +2018-10-18 Stefan Liebler =20 [BZ #23275] * nptl/tst-mutex10.c: New File. @@ -685,7 +685,7 @@ (_start): Use ENTRY/END to insert ENDBR32 at entry when CET is enabled. Add cfi_undefined (eip). =20 -2018-09-19 Wilco Dijkstra +2018-09-21 Wilco Dijkstra =20 [BZ #23637] * string/test-strstr.c (pr23637): New function. @@ -693,7 +693,7 @@ * string/strcasestr.c (AVAILABLE): Fix readahead distance. * string/strstr.c (AVAILABLE): Likewise. =20 -2018-09-19 Carlos O'Donell +2018-09-20 Carlos O'Donell =20 * stdlib/tst-setcontext9.c (f1): Rename to... (f1a): ... this. @@ -710,7 +710,7 @@ * sysdeps/unix/sysv/linux/gethostid.c (gethostid): Check for NULL value from gethostbyname_r. =20 -2018-09-06 Stefan Liebler +2018-09-10 Stefan Liebler =20 * sysdeps/unix/sysv/linux/spawni.c (maybe_script_execute): Increment size of new_argv by one. @@ -722,7 +722,7 @@ * posix/Makefile (tests): Add it. (tst-regcomp-truncated.out): Depend on generated locales. =20 -2018-08-25 Paul Eggert +2018-08-28 Paul Eggert =20 [BZ #23578] regex: fix uninitialized memory access @@ -745,7 +745,7 @@ Update r to include the set wake-request flag if waiters are remaining after spinning. =20 -2018-08-03 DJ Delorie +2018-08-22 DJ Delorie =20 * sysdeps/riscv/rvf/math_private.h (libc_feholdexcept_setround_riscv): Move libc_fesetround_riscv after libc_feholdexcept_riscv. @@ -770,7 +770,7 @@ * nscd/nscd_conf.c (nscd_parse_file): Deallocate old storage for server_user, stat_user. =20 -2018-08-13 Florian Weimer +2018-08-14 Florian Weimer =20 * misc/error.c (error): Add missing va_end call. (error_at_line): Likewise. --fUYQa+Pmc3FrFX/N--