mirror of
git://slackware.nl/current.git
synced 2025-01-03 23:03:22 +01:00
667b86aaab
a/aaa_glibc-solibs-2.33-x86_64-3.txz: Rebuilt.
a/usbutils-014-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.4-x86_64-1.txz: Upgraded.
ap/nvme-cli-1.15-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-3.txz: Rebuilt.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle. But we'll backport the security
fixes from glibc-2.34 with this update:
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system. Reported by Chris Schanzle.
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The wordexp function may overflow the positional parameter number when
processing the expansion resulting in a crash. Reported by Philippe Antoine.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
(* Security fix *)
l/glibc-i18n-2.33-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-3.txz: Rebuilt.
l/liburing-2.0-x86_64-1.txz: Added.
This is needed by mariadb, and provides increased performance on high speed
devices such as NVMe.
n/dovecot-2.3.16-x86_64-1.txz: Upgraded.
xap/blueman-2.2.2-x86_64-1.txz: Upgraded.
53 lines
1.7 KiB
Diff
53 lines
1.7 KiB
Diff
From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001
|
|
From: Florian Weimer <fweimer@redhat.com>
|
|
Date: Tue, 1 Jun 2021 17:51:41 +0200
|
|
Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896)
|
|
|
|
__pthread_attr_copy can fail and does not initialize the attribute
|
|
structure in that case.
|
|
|
|
If __pthread_attr_copy is never called and there is no allocated
|
|
attribute, pthread_attr_destroy should not be called, otherwise
|
|
there is a null pointer dereference in rt/tst-mqueue6.
|
|
|
|
Fixes commit 42d359350510506b87101cf77202fefcbfc790cb
|
|
("Use __pthread_attr_copy in mq_notify (bug 27896)").
|
|
|
|
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
|
|
---
|
|
sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++--
|
|
1 file changed, 9 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
|
|
index f7ddfe5a6c..6f46d29d1d 100644
|
|
--- a/sysdeps/unix/sysv/linux/mq_notify.c
|
|
+++ b/sysdeps/unix/sysv/linux/mq_notify.c
|
|
@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
|
|
if (data.attr == NULL)
|
|
return -1;
|
|
|
|
- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
|
|
+ int ret = __pthread_attr_copy (data.attr,
|
|
+ notification->sigev_notify_attributes);
|
|
+ if (ret != 0)
|
|
+ {
|
|
+ free (data.attr);
|
|
+ __set_errno (ret);
|
|
+ return -1;
|
|
+ }
|
|
}
|
|
|
|
/* Construct the new request. */
|
|
@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
|
|
int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se);
|
|
|
|
/* If it failed, free the allocated memory. */
|
|
- if (__glibc_unlikely (retval != 0))
|
|
+ if (retval != 0 && data.attr != NULL)
|
|
{
|
|
pthread_attr_destroy (data.attr);
|
|
free (data.attr);
|
|
--
|
|
2.27.0
|
|
|
|
|