diff --git a/SOURCES/glibc-rh1685400.patch b/SOURCES/glibc-rh1685400.patch new file mode 100644 index 0000000..688a60c --- /dev/null +++ b/SOURCES/glibc-rh1685400.patch @@ -0,0 +1,28 @@ +commit 583dd860d5b833037175247230a328f0050dbfe9 +Author: Paul Eggert +Date: Mon Jan 21 11:08:13 2019 -0800 + + regex: fix read overrun [BZ #24114] + + Problem found by AddressSanitizer, reported by Hongxu Chen in: + https://debbugs.gnu.org/34140 + * posix/regexec.c (proceed_next_node): + Do not read past end of input buffer. + +diff --git a/posix/regexec.c b/posix/regexec.c +index 73644c2341336e66..06b8487c3e3eab0e 100644 +--- a/posix/regexec.c ++++ b/posix/regexec.c +@@ -1289,8 +1289,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs, + else if (naccepted) + { + char *buf = (char *) re_string_get_buffer (&mctx->input); +- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, +- naccepted) != 0) ++ if (mctx->input.valid_len - *pidx < naccepted ++ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx, ++ naccepted) ++ != 0)) + return -1; + } + } diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index 7e6187f..b592f17 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -1,6 +1,6 @@ %define glibcsrcdir glibc-2.28 %define glibcversion 2.28 -%define glibcrelease 149%{?dist} +%define glibcrelease 151%{?dist} # Pre-release tarballs are pulled in from git using a command that is # effectively: # @@ -681,6 +681,7 @@ Patch544: glibc-rh1912544.patch Patch545: glibc-rh1918115.patch Patch546: glibc-rh1924919.patch Patch547: glibc-rh1927040.patch +Patch548: glibc-rh1685400.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2592,6 +2593,12 @@ fi %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %changelog +* Fri Mar 5 2021 Siddhesh Poyarekar - 2.28-151 +- CVE-2019-9169: Fix buffer overread in regexec.c (#1685400). + +* Fri Mar 05 2021 Carlos O'Donell - 2.28-150 +- Rebuild glibc to update security markup metadata (#1931305) + * Wed Feb 24 2021 Carlos O'Donell - 2.28-149 - Fix NSS files and compat service upgrade defect (#1927040).