Hello community,
here is the log from the commit of package valgrind
checked in at Thu Nov 20 16:29:36 CET 2008.
--------
--- valgrind/valgrind.changes 2008-11-05 13:59:01.000000000 +0100
+++ /mounts/work_src_done/STABLE/valgrind/valgrind.changes 2008-11-20 00:34:08.000000000 +0100
@@ -1,0 +2,6 @@
+Thu Nov 20 00:32:49 CET 2008 - dmueller@suse.de
+
+- fix .valgrindrc reading vulnerability (CVE-2008-4865, bnc#445013)
+- add support for glibc 2.9
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
cve-2008-4865.diff
glibc-2.9-support.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ valgrind.spec ++++++
--- /var/tmp/diff_new_pack.O26773/_old 2008-11-20 16:28:31.000000000 +0100
+++ /var/tmp/diff_new_pack.O26773/_new 2008-11-20 16:28:31.000000000 +0100
@@ -28,7 +28,7 @@
Summary: Valgrind Suite of Tools for Debugging and Profiling
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Version: 3.3.1
-Release: 31
+Release: 32
Source0: %{name}-%{version}.tar.bz2
# svn di svn://svn.valgrind.org/valgrind/tags/VALGRIND_3_2_1 svn://svn.valgrind.org/valgrind/branches/VALGRIND_3_2_BRANCH > 3_2_BRANCH.diff
# svn di svn://svn.valgrind.org/vex/tags/VEX_3_2_1 svn://svn.valgrind.org/vex/branches/VEX_3_2_BRANCH > VEX_3_2_BRANCH.diff
@@ -38,6 +38,8 @@
Patch12: xcb-update.diff
Patch13: fadvice64.diff
Patch14: r8730.diff
+Patch15: cve-2008-4865.diff
+Patch16: glibc-2.9-support.diff
Provides: callgrind = %version
Obsoletes: callgrind < %version
ExclusiveArch: %ix86 x86_64 ppc ppc64
@@ -126,6 +128,8 @@
%patch12
%patch13
%patch14
+%patch15
+%patch16
%build
export CFLAGS="$RPM_OPT_FLAGS"
@@ -155,6 +159,9 @@
%_libdir/valgrind/*/*.a
%changelog
+* Thu Nov 20 2008 dmueller@suse.de
+- fix .valgrindrc reading vulnerability (CVE-2008-4865, bnc#445013)
+- add support for glibc 2.9
* Wed Nov 05 2008 dmueller@suse.de
- add syscall wrappers for pipe2
* Tue Jun 24 2008 schwab@suse.de
++++++ cve-2008-4865.diff ++++++
--- docs/xml/manual-core.xml
+++ docs/xml/manual-core.xml
@@ -1255,7 +1255,9 @@ processed earlier; for example, options
precedence over those in
<computeroutput>~/.valgrindrc</computeroutput>. The first two
are particularly useful for setting the default tool to
-use.</para>
+use. Please note that the .valgrindrc file is ignored if
+it is world writeable or not owned by the current user.
+</para>
<para>Any tool-specific options put in
<computeroutput>$VALGRIND_OPTS</computeroutput> or the
--- coregrind/m_commandline.c
+++ coregrind/m_commandline.c
@@ -57,21 +57,24 @@ static HChar* read_dot_valgrindrc ( HCha
{
Int n;
SysRes fd;
- Int size;
+ struct vki_stat stat_buf;
HChar* f_clo = NULL;
HChar filename[VKI_PATH_MAX];
VG_(snprintf)(filename, VKI_PATH_MAX, "%s/.valgrindrc",
( NULL == dir ? "" : dir ) );
fd = VG_(open)(filename, 0, VKI_S_IRUSR);
+
if ( !fd.isError ) {
- size = VG_(fsize)(fd.res);
- if (size > 0) {
- f_clo = VG_(malloc)(size+1);
+ Int res = VG_(fstat)( fd.res, &stat_buf );
+ // Ignore if not owned by current user or world writeable (CVE-2008-4865)
+ if (!res && stat_buf.st_size > 0 && stat_buf.st_uid == VG_(geteuid)()
+ && (!stat_buf.st_mode & (VKI_S_IWOTH))) {
+ f_clo = VG_(malloc)(stat_buf.st_size+1);
vg_assert(f_clo);
- n = VG_(read)(fd.res, f_clo, size);
+ n = VG_(read)(fd.res, f_clo, stat_buf.st_size);
if (n == -1) n = 0;
- vg_assert(n >= 0 && n <= size+1);
+ vg_assert(n >= 0 && n <= stat_buf.st_size+1);
f_clo[n] = '\0';
}
VG_(close)(fd.res);
++++++ glibc-2.9-support.diff ++++++
--- configure.in
+++ configure.in
@@ -479,6 +479,16 @@ AC_EGREP_CPP([GLIBC_28], [
],
libc="2.8")
+AC_EGREP_CPP([GLIBC_29], [
+#include
participants (1)
-
root@Hilbert.suse.de