Hello community,
here is the log from the commit of package glibc for openSUSE:Factory checked in at 2018-05-28 08:06:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/glibc (Old)
and /work/SRC/openSUSE:Factory/.glibc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc"
Mon May 28 08:06:11 2018 rev:223 rq:611653 version:2.27
Changes:
--------
--- /work/SRC/openSUSE:Factory/glibc/glibc.changes 2018-04-04 11:02:08.575163157 +0200
+++ /work/SRC/openSUSE:Factory/.glibc.new/glibc.changes 2018-05-28 08:06:13.621683797 +0200
@@ -1,0 +2,14 @@
+Wed May 23 08:18:00 UTC 2018 - schwab@suse.de
+
+- mempcpy-avx512.patch: Don't write beyond destination in
+ __mempcpy_avx512_no_vzeroupper (CVE-2018-11237, bsc#1094154)
+- realpath-ssize-max-overflow.patch: Fix overflow in path length
+ computation (CVE-2018-11236, bsc#1094161, BZ #22786)
+- Use %license also for COPYING, COPYING.LIB
+
+-------------------------------------------------------------------
+Thu Apr 12 08:12:30 UTC 2018 - schwab@suse.de
+
+- Readd nis to netgroup and automount nss config (bsc#1088860)
+
+-------------------------------------------------------------------
@@ -5 +19 @@
- 2GB boundary (BZ #22644)
+ 2GB boundary (CVE-2017-18269, bnc#1094150, BZ #22644)
New:
----
mempcpy-avx512.patch
realpath-ssize-max-overflow.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glibc.spec ++++++
--- /var/tmp/diff_new_pack.oYTe3c/_old 2018-05-28 08:06:20.665424163 +0200
+++ /var/tmp/diff_new_pack.oYTe3c/_new 2018-05-28 08:06:20.665424163 +0200
@@ -302,8 +302,12 @@
Patch1009: riscv-fmax-fmin-nan.patch
# PATCH-FIX-UPSTREAM Fix crash in resolver on memory allocation failure (BZ #23005)
Patch1010: res-send-enomem.patch
-# PATCH-FIX-UPSTREAM memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (BZ #22644)
+# PATCH-FIX-UPSTREAM memmove-sse2-unaligned on 32bit x86 produces garbage when crossing 2GB threshold (CVE-2017-18269, BZ #22644)
Patch1011: i386-memmove-sse2-unaligned.patch
+# PATCH-FIX-UPSTREAM __mempcpy_avx512_no_vzeroupper mishandles large copies (CVE-2018-11237, BZ #23196)
+Patch1012: mempcpy-avx512.patch
+# PATCH-FIX-UPSTREAM realpath-ssize-max-overflow.patch: Fix overflow in path length computation (CVE-2018-11236, BZ #22786)
+Patch1013: realpath-ssize-max-overflow.patch
###
# Patches awaiting upstream approval
@@ -525,6 +529,8 @@
%patch1009 -p1
%patch1010 -p1
%patch1011 -p1
+%patch1012 -p1
+%patch1013 -p1
%patch2000 -p1
%patch2004 -p1
@@ -1252,7 +1258,8 @@
%files devel
%defattr(-,root,root)
-%doc COPYING COPYING.LIB NEWS README
+%license COPYING COPYING.LIB
+%doc NEWS README
%doc %{_mandir}/man1/catchsegv.1.gz
%doc %{_mandir}/man3/*
%{_bindir}/catchsegv
++++++ mempcpy-avx512.patch ++++++
[BZ #23196]
CVE-2018-11237
* sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
(L(preloop_large)): Save initial destination pointer in %r11 and
use it instead of %rax after the loop.
* string/test-mempcpy.c (MIN_PAGE_SIZE): Define.
Index: glibc-2.27/string/test-mempcpy.c
===================================================================
--- glibc-2.27.orig/string/test-mempcpy.c
+++ glibc-2.27/string/test-mempcpy.c
@@ -18,6 +18,7 @@
http://www.gnu.org/licenses/. */
#define MEMCPY_RESULT(dst, len) (dst) + (len)
+#define MIN_PAGE_SIZE 131072
#define TEST_MAIN
#define TEST_NAME "mempcpy"
#include "test-string.h"
Index: glibc-2.27/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
===================================================================
--- glibc-2.27.orig/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
+++ glibc-2.27/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
@@ -336,6 +336,7 @@ L(preloop_large):
vmovups (%rsi), %zmm4
vmovups 0x40(%rsi), %zmm5
+ mov %rdi, %r11
/* Align destination for access with non-temporal stores in the loop. */
mov %rdi, %r8
and $-0x80, %rdi
@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop):
cmp $256, %rdx
ja L(gobble_256bytes_nt_loop)
sfence
- vmovups %zmm4, (%rax)
- vmovups %zmm5, 0x40(%rax)
+ vmovups %zmm4, (%r11)
+ vmovups %zmm5, 0x40(%r11)
jmp L(check)
L(preloop_large_bkw):
++++++ nsswitch.conf ++++++
--- /var/tmp/diff_new_pack.oYTe3c/_old 2018-05-28 08:06:20.905415317 +0200
+++ /var/tmp/diff_new_pack.oYTe3c/_new 2018-05-28 08:06:20.905415317 +0200
@@ -34,9 +34,9 @@
rpc: files
ethers: files
netmasks: files
-netgroup: files
+netgroup: files nis
publickey: files
bootparams: files
-automount: files
+automount: files nis
aliases: files
++++++ realpath-ssize-max-overflow.patch ++++++
2018-05-09 Paul Pluzhnikov
participants (1)
-
root@hilbert.suse.de