mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
667b86aaab
a/aaa_glibc-solibs-2.33-x86_64-3.txz: Rebuilt.
a/usbutils-014-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.4-x86_64-1.txz: Upgraded.
ap/nvme-cli-1.15-x86_64-1.txz: Upgraded.
l/glibc-2.33-x86_64-3.txz: Rebuilt.
Since glibc-2.34 makes a potentially risky change of moving all functions
into the main library, and another inconvenient (for us) change of renaming
the library files, we'll stick with glibc-2.33 for Slackware 15.0 and test
the newer glibc in the next release cycle. But we'll backport the security
fixes from glibc-2.34 with this update:
The nameserver caching daemon (nscd), when processing a request for netgroup
lookup, may crash due to a double-free, potentially resulting in degraded
service or Denial of Service on the local system. Reported by Chris Schanzle.
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The wordexp function may overflow the positional parameter number when
processing the expansion resulting in a crash. Reported by Philippe Antoine.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35942
(* Security fix *)
l/glibc-i18n-2.33-x86_64-3.txz: Rebuilt.
l/glibc-profile-2.33-x86_64-3.txz: Rebuilt.
l/liburing-2.0-x86_64-1.txz: Added.
This is needed by mariadb, and provides increased performance on high speed
devices such as NVMe.
n/dovecot-2.3.16-x86_64-1.txz: Upgraded.
xap/blueman-2.2.2-x86_64-1.txz: Upgraded.
41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schwab <schwab@linux-m68k.org>
|
|
Date: Fri, 25 Jun 2021 15:02:47 +0200
|
|
Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
|
|
28011)
|
|
|
|
Use strtoul instead of atoi so that overflow can be detected.
|
|
---
|
|
posix/wordexp-test.c | 1 +
|
|
posix/wordexp.c | 2 +-
|
|
2 files changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
|
|
index f93a546d7e..9df02dbbb3 100644
|
|
--- a/posix/wordexp-test.c
|
|
+++ b/posix/wordexp-test.c
|
|
@@ -183,6 +183,7 @@ struct test_case_struct
|
|
{ 0, NULL, "$var", 0, 0, { NULL, }, IFS },
|
|
{ 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
|
|
{ 0, NULL, "", 0, 0, { NULL, }, IFS },
|
|
+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
|
|
|
|
/* Flags not already covered (testit() has special handling for these) */
|
|
{ 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
|
|
diff --git a/posix/wordexp.c b/posix/wordexp.c
|
|
index bcbe96e48d..1f3b09f721 100644
|
|
--- a/posix/wordexp.c
|
|
+++ b/posix/wordexp.c
|
|
@@ -1399,7 +1399,7 @@ envsubst:
|
|
/* Is it a numeric parameter? */
|
|
else if (isdigit (env[0]))
|
|
{
|
|
- int n = atoi (env);
|
|
+ unsigned long n = strtoul (env, NULL, 10);
|
|
|
|
if (n >= __libc_argc)
|
|
/* Substitute NULL. */
|
|
--
|
|
2.27.0
|
|
|
|
|