diff --git a/glibc-rh816647.patch b/glibc-rh816647.patch new file mode 100644 index 0000000..1880121 --- /dev/null +++ b/glibc-rh816647.patch @@ -0,0 +1,25 @@ +2012-06-21 Jeff Law + + * intl/dcigettext.c (_nl_find_msg): Do not dereference memory + that may have just been free'd. + +diff --git a/intl/dcigettext.c b/intl/dcigettext.c +index f6b7573..9c673d4 100644 +--- a/intl/dcigettext.c ++++ b/intl/dcigettext.c +@@ -1149,13 +1149,14 @@ _nl_find_msg (domain_file, domainbinding, msgid, convert, lengthp) + /* We must allocate a new buffer or resize the old one. */ + if (malloc_count > 0) + { ++ struct transmem_list *next = transmem_list->next; + ++malloc_count; + freemem_size = malloc_count * INITIAL_BLOCK_SIZE; + newmem = (transmem_block_t *) realloc (transmem_list, + freemem_size); + # ifdef _LIBC + if (newmem != NULL) +- transmem_list = transmem_list->next; ++ transmem_list = next; + else + { + struct transmem_list *old = transmem_list; diff --git a/glibc.spec b/glibc.spec index 2f06be3..af26340 100644 --- a/glibc.spec +++ b/glibc.spec @@ -28,7 +28,7 @@ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 14%{?dist} +Release: 15%{?dist} # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # Things that are linked directly into dynamically linked programs # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional @@ -174,6 +174,9 @@ Patch2034: %{name}-rh767693-2.patch # Upstream BZ 14247 Patch2036: %{name}-rh827510.patch +# Upstream BZ 14277 +Patch2037: %{name}-rh816647.patch + Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Obsoletes: glibc-profile < 2.4 Obsoletes: nss_db @@ -432,6 +435,7 @@ rm -rf %{glibcportsdir} %patch2034 -p1 %patch0035 -p1 %patch2036 -p1 +%patch2037 -p1 # On powerpc32, hp timing is only available in power4/power6 # libs, not in base, so pre-power4 dynamic linker is incompatible @@ -1314,6 +1318,9 @@ rm -f *.filelist* %endif %changelog +* Thu Jun 21 2012 Jeff Law - 2.15.90-15 + - Fix use-after-free in dcigettext.c (#816647). + * Fri Jun 15 2012 Jeff Law - 2.15.90-14 - Resync with master.