import glibc-2.28-162.el8
This commit is contained in:
CentOS Sources
parent
72d9d7e423
commit
1f5d0e2ca3
33
SOURCES/glibc-rh1979127.patch
Normal file
33
SOURCES/glibc-rh1979127.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit 5adda61f62b77384718b4c0d8336ade8f2b4b35c
|
||||
Author: Andreas Schwab <schwab@linux-m68k.org>
|
||||
Date: Fri Jun 25 15:02:47 2021 +0200
|
||||
|
||||
wordexp: handle overflow in positional parameter number (bug 28011)
|
||||
|
||||
Use strtoul instead of atoi so that overflow can be detected.
|
||||
|
||||
diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
|
||||
index cc29840355e047cc..30c1dd65efcc0b49 100644
|
||||
--- a/posix/wordexp-test.c
|
||||
+++ b/posix/wordexp-test.c
|
||||
@@ -200,6 +200,7 @@ struct test_case_struct
|
||||
{ 0, NULL, "$var", 0, 0, { NULL, }, IFS },
|
||||
{ 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
|
||||
{ 0, NULL, "", 0, 0, { NULL, }, IFS },
|
||||
+ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
|
||||
|
||||
/* Flags not already covered (testit() has special handling for these) */
|
||||
{ 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
|
||||
diff --git a/posix/wordexp.c b/posix/wordexp.c
|
||||
index 048a8068544c81fa..4061969c720f1f34 100644
|
||||
--- a/posix/wordexp.c
|
||||
+++ b/posix/wordexp.c
|
||||
@@ -1420,7 +1420,7 @@ envsubst:
|
||||
/* Is it a numeric parameter? */
|
||||
else if (isdigit (env[0]))
|
||||
{
|
||||
- int n = atoi (env);
|
||||
+ unsigned long n = strtoul (env, NULL, 10);
|
||||
|
||||
if (n >= __libc_argc)
|
||||
/* Substitute NULL. */
|
||||
@ -1,6 +1,6 @@
|
||||
%define glibcsrcdir glibc-2.28
|
||||
%define glibcversion 2.28
|
||||
%define glibcrelease 161%{?dist}
|
||||
%define glibcrelease 162%{?dist}
|
||||
# Pre-release tarballs are pulled in from git using a command that is
|
||||
# effectively:
|
||||
#
|
||||
@ -714,6 +714,7 @@ Patch577: glibc-rh1956357-5.patch
|
||||
Patch578: glibc-rh1956357-6.patch
|
||||
Patch579: glibc-rh1956357-7.patch
|
||||
Patch580: glibc-rh1956357-8.patch
|
||||
Patch581: glibc-rh1979127.patch
|
||||
|
||||
##############################################################################
|
||||
# Continued list of core "glibc" package information:
|
||||
@ -2626,6 +2627,10 @@ fi
|
||||
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
|
||||
|
||||
%changelog
|
||||
* Thu Jul 8 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-162
|
||||
- CVE-2021-35942: wordexp: handle overflow in positional parameter number
|
||||
(#1979127)
|
||||
|
||||
* Fri Jun 18 2021 Carlos O'Donell <carlos@redhat.com> - 2.28-161
|
||||
- Improve POWER10 performance with POWER9 fallbacks (#1956357)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user