From 13c9b7363d5a1ac7e6a6c64cb696d97f5e9869bd76b2f779a4c17c0874b75b96 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Wed, 16 Mar 2016 12:04:18 +0000 Subject: [PATCH] Accepting request 373692 from home:Andreas_Schwab:Factory OBS-URL: https://build.opensuse.org/request/show/373692 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=428 --- glibc-testsuite.changes | 23 +++++++++++++++++------ glibc-utils.changes | 23 +++++++++++++++++------ glibc.changes | 23 +++++++++++++++++------ ldd-system-interp.patch | 16 +++------------- 4 files changed, 54 insertions(+), 31 deletions(-) diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes index 85eaf7e..3f10aa7 100644 --- a/glibc-testsuite.changes +++ b/glibc-testsuite.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de + +- ldd-system-interp.patch: Restore warning about execution permission, it + is still needed for noexec mounts (bsc#915985) + ------------------------------------------------------------------- Tue Mar 8 15:28:16 UTC 2016 - idonmez@suse.com @@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock - on fork (BZ #19282) + on fork (bsc#958315, BZ #19282) ------------------------------------------------------------------- Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de -- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257) +- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257) - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set DST rules only (BZ #19253) @@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de ------------------------------------------------------------------- Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de -- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ - #18928) +- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777, + bsc#950944, BZ #18928) ------------------------------------------------------------------- Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de @@ -180,7 +186,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de - Update to glibc 2.22 release. * Cache information can be queried via sysconf() function on s390 * A buffer overflow in gethostbyname_r and related functions performing DNS - requests has been fixed. + requests has been fixed. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors @@ -191,6 +197,8 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de compliance. * The header is deprecated, and will be removed in a future release. + * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 + bsc#940195 bsc#940332 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ #17967) - nss-separate-state-getXXent.patch: Separate internal state between - getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007) + getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621, BZ #17628) @@ -295,6 +303,8 @@ Mon Feb 9 09:26:01 UTC 2015 - schwab@suse.de * i386 memcpy functions optimized with SSE2 unaligned load/store * New locales: tu_IN, bh_IN, raj_IN, ce_RU * The obsolete sigvec function has been removed + * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402 + CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222 - Patches from upstream removed * ifunc-x86-slow-sse4.patch * pthread-mutex-trylock-elision.patch @@ -334,6 +344,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions + * CVE-2013-7423 bsc#915526 bsc#934084 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch diff --git a/glibc-utils.changes b/glibc-utils.changes index 85eaf7e..3f10aa7 100644 --- a/glibc-utils.changes +++ b/glibc-utils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de + +- ldd-system-interp.patch: Restore warning about execution permission, it + is still needed for noexec mounts (bsc#915985) + ------------------------------------------------------------------- Tue Mar 8 15:28:16 UTC 2016 - idonmez@suse.com @@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock - on fork (BZ #19282) + on fork (bsc#958315, BZ #19282) ------------------------------------------------------------------- Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de -- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257) +- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257) - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set DST rules only (BZ #19253) @@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de ------------------------------------------------------------------- Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de -- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ - #18928) +- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777, + bsc#950944, BZ #18928) ------------------------------------------------------------------- Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de @@ -180,7 +186,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de - Update to glibc 2.22 release. * Cache information can be queried via sysconf() function on s390 * A buffer overflow in gethostbyname_r and related functions performing DNS - requests has been fixed. + requests has been fixed. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors @@ -191,6 +197,8 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de compliance. * The header is deprecated, and will be removed in a future release. + * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 + bsc#940195 bsc#940332 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ #17967) - nss-separate-state-getXXent.patch: Separate internal state between - getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007) + getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621, BZ #17628) @@ -295,6 +303,8 @@ Mon Feb 9 09:26:01 UTC 2015 - schwab@suse.de * i386 memcpy functions optimized with SSE2 unaligned load/store * New locales: tu_IN, bh_IN, raj_IN, ce_RU * The obsolete sigvec function has been removed + * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402 + CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222 - Patches from upstream removed * ifunc-x86-slow-sse4.patch * pthread-mutex-trylock-elision.patch @@ -334,6 +344,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions + * CVE-2013-7423 bsc#915526 bsc#934084 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch diff --git a/glibc.changes b/glibc.changes index 85eaf7e..3f10aa7 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Mar 15 10:44:46 UTC 2016 - schwab@suse.de + +- ldd-system-interp.patch: Restore warning about execution permission, it + is still needed for noexec mounts (bsc#915985) + ------------------------------------------------------------------- Tue Mar 8 15:28:16 UTC 2016 - idonmez@suse.com @@ -104,12 +110,12 @@ Mon Feb 15 15:43:02 UTC 2016 - schwab@suse.de Thu Nov 26 14:46:21 UTC 2015 - schwab@suse.de - reinitialize-dl_load_write_lock.patch: Reinitialize dl_load_write_lock - on fork (BZ #19282) + on fork (bsc#958315, BZ #19282) ------------------------------------------------------------------- Wed Nov 18 15:09:30 UTC 2015 - schwab@suse.de -- resolv-mem-leak.patch: Fix resource leak in resolver (BZ #19257) +- resolv-mem-leak.patch: Fix resource leak in resolver (bsc#955647, BZ #19257) - tzset-tzname.patch: Force rereading TZDEFRULES after it was used to set DST rules only (BZ #19253) @@ -121,8 +127,8 @@ Mon Oct 26 15:22:53 UTC 2015 - schwab@suse.de ------------------------------------------------------------------- Mon Oct 19 12:28:58 UTC 2015 - schwab@suse.de -- ld-pointer-guard.patch: Always enable pointer guard (bsc#950944, BZ - #18928) +- ld-pointer-guard.patch: Always enable pointer guard (CVE-2015-8777, + bsc#950944, BZ #18928) ------------------------------------------------------------------- Mon Oct 12 08:12:10 UTC 2015 - schwab@suse.de @@ -180,7 +186,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de - Update to glibc 2.22 release. * Cache information can be queried via sysconf() function on s390 * A buffer overflow in gethostbyname_r and related functions performing DNS - requests has been fixed. + requests has been fixed. (CVE-2015-1781) * The time zone file parser has been made more robust against crafted time zone files * A powerpc and powerpc64 optimization for TLS, similar to TLS descriptors @@ -191,6 +197,8 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de compliance. * The header is deprecated, and will be removed in a future release. + * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 + bsc#940195 bsc#940332 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -254,7 +262,7 @@ Mon Mar 30 09:04:49 UTC 2015 - schwab@suse.de - powerpc-software-sqrt.patch: Fix powerpc software sqrt (BZ #17964, BZ #17967) - nss-separate-state-getXXent.patch: Separate internal state between - getXXent and getXXbyYY NSS calls (bsc#918187, BZ #18007) + getXXent and getXXbyYY NSS calls (CVE-2014-8121, bsc#918187, BZ #18007) - static-tls-dtv-limit.patch: Fix DTV race, assert, DTV_SURPLUS Static TLS limit, and nptl_db garbage (bsc#919678, BZ #17090, BZ #17620, BZ #17621, BZ #17628) @@ -295,6 +303,8 @@ Mon Feb 9 09:26:01 UTC 2015 - schwab@suse.de * i386 memcpy functions optimized with SSE2 unaligned load/store * New locales: tu_IN, bh_IN, raj_IN, ce_RU * The obsolete sigvec function has been removed + * CVE-2015-1472 CVE-2015-1473 CVE-2104-7817 CVE-2012-3406 CVE-2014-9402 + CVE-2014-7817 bsc#864081 bsc#906371 bsc#909053 bsc#910599 bsc#916222 - Patches from upstream removed * ifunc-x86-slow-sse4.patch * pthread-mutex-trylock-elision.patch @@ -334,6 +344,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions + * CVE-2013-7423 bsc#915526 bsc#934084 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch diff --git a/ldd-system-interp.patch b/ldd-system-interp.patch index 518aa2c..55d84ce 100644 --- a/ldd-system-interp.patch +++ b/ldd-system-interp.patch @@ -5,23 +5,13 @@ they are invoked with __libc_enable_secure, and run them through the known good dynamic linker. * elf/ldd.bash.in: Always run through the dynamic linker, even if - the file has its own interpreter. Remove unneeded executable - check. + the file has its own interpreter. Index: glibc-2.19/elf/ldd.bash.in =================================================================== --- glibc-2.19.orig/elf/ldd.bash.in +++ glibc-2.19/elf/ldd.bash.in -@@ -150,8 +150,6 @@ for file do - echo "ldd: ${file}:" $"not regular file" >&2 - result=1 - elif test -r "$file"; then -- test -x "$file" || echo 'ldd:' $"\ --warning: you do not have execution permission for" "\`$file'" >&2 - RTLD= - ret=1 - for rtld in ${RTLDLIST}; do -@@ -164,18 +162,6 @@ warning: you do not have execution permi +@@ -164,18 +164,6 @@ warning: you do not have execution permi fi done case $ret in @@ -40,7 +30,7 @@ Index: glibc-2.19/elf/ldd.bash.in 1) # This can be a non-ELF binary or no binary at all. nonelf "$file" || { -@@ -183,7 +169,7 @@ warning: you do not have execution permi +@@ -183,7 +171,7 @@ warning: you do not have execution permi result=1 } ;;