| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves #16072 (CVE-2013-4458).
This patch fixes another stack overflow in getaddrinfo when it is
called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
but the AF_INET6 case went undetected back then.
(cherry picked from commit 7cbcdb3699584db8913ca90f705d6337633ee10f)
Conflicts:
NEWS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[BZ #9954]
With the following /etc/hosts:
127.0.0.1 www.my-domain.es
127.0.1.1 www.my-domain.es
192.168.0.1 www.my-domain.es
Using getaddrinfo() on www.my-domain.es, trigger the following assertion:
../sysdeps/posix/getaddrinfo.c:1473: rfc3484_sort: Assertion
`src->results[i].native == -1 || src->results[i].native == a1_native' failed.
This is due to two different bugs:
- In rfc3484_sort() rule 7, src->results[i].native is assigned even if
src->results[i].index is -1, meaning that no interface is associated.
- In getaddrinfo() the source IP address used with the lo interface needs a
special case, as it can be any IP within 127.X.Y.Z.
(cherry picked from commit 894f3f1049135dcbeaab8f18690973663ef3147c)
|
|
|
|
|
|
|
| |
Statically built binaries use __pointer_chk_guard_local,
while dynamically built binaries use __pointer_chk_guard.
Provide the right definition depending on the test case
we are building.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pointer guard used for pointer mangling was not initialized for
static applications resulting in the security feature being disabled.
The pointer guard is now correctly initialized to a random value for
static applications. Existing static applications need to be
recompiled to take advantage of the fix.
The test tst-ptrguard1-static and tst-ptrguard1 add regression
coverage to ensure the pointer guards are sufficiently random
and initialized to a default value.
Conflicts:
NEWS
ports/ChangeLog.ia64
ports/ChangeLog.tile
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
strcoll is implemented using a cache for indices and weights of
collation sequences in the strings so that subsequent passes do not
have to search through collation data again. For very large string
inputs, the cache size computation could overflow. In such a case,
use the fallback function that does not cache indices and weights of
collation sequences.
Fixes CVE-2012-4412.
(cherry picked from commit 303e567a8062200dc06acde7c76fc34679f08d8f)
Conflicts:
NEWS
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
strcoll currently falls back to alloca if malloc fails, resulting in a
possible stack overflow. This patch implements sequence traversal and
comparison without caching indices and rules.
Fixes CVE-2012-4424.
(cherry picked from commit 141f3a77fe4f1b59b0afa9bf6909cd2000448883)
Conflicts:
NEWS
|
|
|
|
|
|
|
| |
Break up strcoll into simpler functions so that the logic is easier to
follow and maintain.
(cherry picked from commit 1326ba1af22068db9488c2328bdaf852b8a93dcf)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A large bytes parameter to memalign could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15857]
* malloc/malloc.c (__libc_memalign): Check the value of bytes
does not overflow.
(cherry picked from commit b73ed247781d533628b681f57257dc85882645d3)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A large bytes parameter to valloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15856]
* malloc/malloc.c (__libc_valloc): Check the value of bytes
does not overflow.
(cherry picked from commit 55e17aadc1ef17a1df9626fb0e9fba290ece3331)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A large bytes parameter to pvalloc could cause an integer overflow
and corrupt allocator internals. Check the overflow does not occur
before continuing with the allocation.
ChangeLog:
2013-09-11 Will Newton <will.newton@linaro.org>
[BZ #15855]
* malloc/malloc.c (__libc_pvalloc): Check the value of bytes
does not overflow.
(cherry picked from commit 1159a193696ad48ec86e5895f6dee3e539619c0e)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
member.
* sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
member.
* sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
* sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
conditional.
* sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
GETDENTS_64BIT_ALIGNED.
* sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
* manual/filesys.texi (Reading/Closing Directory): Document
ENAMETOOLONG return value of readdir_r. Recommend readdir more
strongly.
* manual/conf.texi (Limits for Files): Add portability note to
NAME_MAX, PATH_MAX.
(Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
(cherry picked from commit 91ce40854d0b7f865cf5024ef95a8026b76096f3)
Conflicts:
NEWS
|
|
|
|
|
|
|
|
|
|
| |
After f1d70dad, glibc build for i686-pc-linux-gnu with -O2 experiences
sefaults in __strstr_sse42.
https://bugs.archlinux.org/task/36556
http://sourceware.org/bugzilla/show_bug.cgi?id=15845
Readding the inline "fixes" the issue until a correct solution is found.
|
| |
|
| |
|
|
|
|
| |
* po/ko.po: Update Korean translation from translation project.
|
|
|
|
|
|
| |
* manual/contrib.texi: Update entry for Siddhesh Poyarekar. Add
entries for Will Newton, Andi Kleen, David Holsgrove, and Ondrej
Bilka.
|
|
|
|
| |
* po/fr.po: Update French translation from translation project.
|
|
|
|
| |
* po/cs.po: Update Czech translation from translation project.
|
|
|
|
| |
* po/sv.po: Update Swedish translation from translation project.
|
|
|
|
| |
* po/eo.po: Update Esperanto translation from translation project.
|
|
|
|
| |
* po/vi.po: Update Vietnamese translation from translation project.
|
|
|
|
| |
* po/de.po: Update German translation from translation project.
|
|
|
|
| |
* po/bg.po: Update Bulgarian translation from translation project.
|
|
|
|
|
|
| |
* po/nl.po: Update Dutch translation from translation project.
* po/pl.po: Update Polish translation from translation project.
* po/ru.po: Update Russian translation from translation project.
|
| |
|
|
|
|
| |
* po/libc.pot: Update.
|
| |
|
| |
|
|
|
|
| |
* tst-cancel4.c (WRITE_BUFFER_SIZE): Adjust comment.
|
|
|
|
|
|
| |
This patch fixes dlfcn/tststatic5 for PowerPC where pagesize
variable was not properly initialized in certain cases. This patch
is based on other architecture code.
|
|
|
|
| |
* tst-cancel4.c (WRITE_BUFFER_SIZE): Increase to 16384.
|
|
|
|
|
|
| |
We returned without calling __munmap if not in the simulator.
Now we call a separate sim_dlclose() function to make the
control flow work correctly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The helper binary pt_chown tricked into granting access to another
user's pseudo-terminal.
Pre-conditions for the attack:
* Attacker with local user account
* Kernel with FUSE support
* "user_allow_other" in /etc/fuse.conf
* Victim with allocated slave in /dev/pts
Using the setuid installed pt_chown and a weak check on whether a file
descriptor is a tty, an attacker could fake a pty check using FUSE and
trick pt_chown to grant ownership of a pty descriptor that the current
user does not own. It cannot access /dev/pts/ptmx however.
In most modern distributions pt_chown is not needed because devpts
is enabled by default. The fix for this CVE is to disable building
and using pt_chown by default. We still provide a configure option
to enable hte use of pt_chown but distributions do so at their own
risk.
|
|
|
|
|
| |
* sysdeps/sparc/fpu/libm-test-ulps: Update ULPs to handle minor
difference between 32-bit and 64-bit.
|
| |
|
|
|
|
|
|
| |
Change 521c6785e1fc94d added the enum but missed the semicolon.
Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
|
|
|
|
| |
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Signed-off-by: Carlos O'Donell <carlos@redhat.com>
---
nptl/
2013-07-19 Dominik Vogt <vogt@de.ibm.com>
* sysdeps/unix/sysv/linux/x86/elision-conf.c:
Remove __rwlock_rtm_enabled and __rwlock_rtm_read_retries.
(elision_init): Don't set __rwlock_rtm_enabled.
* sysdeps/unix/sysv/linux/x86/elision-conf.h:
Remove __rwlock_rtm_enabled.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The generated header is compiled with `-ffreestanding' to avoid any
circular dependencies against the installed implementation headers.
Such a dependency would require the implementation header to be
installed before the generated header could be built (See bug 15711).
In current practice the generated header dependencies do not include
any of the implementation headers removed by the use of `-ffreestanding'.
---
2013-07-15 Carlos O'Donell <carlos@redhat.com>
[BZ #15711]
* sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h):
Avoid system header dependency with -ffreestanding.
($(objpfx)bits/syscall%d): Likewise.
|
|
|
|
|
|
| |
* math/libm-test.inc (casin_test_data): Annotate more cases of missing
underflows from atanl/atan2l due to bug 15319.
(casinh_test_data): Likewise.
|
| |
|
| |
|
|
|
|
| |
* sysdeps/sparc/fpu/libm-test-ulps: Regenerate from scratch.
|
|
|
|
|
|
| |
A recently-added test (dlfcn/tststatic5) pointed out that tile was not
properly initializing the variable pagesize in certain cases. This
change just copies the existing code from MIPS.
|
| |
|
|
|
|
|
|
| |
The sfp-machine.h is based on the gcc version, but extended with
required new macros by comparison with other architectures and by
investigating the hardware support for FP on tile.
|
| |
|
| |
|
| |
|