Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
These issues has been classified as minor by Debian:
https://security-tracker.debian.org/tracker/CVE-2017-15670
https://security-tracker.debian.org/tracker/CVE-2017-15671
In addition, the patch only fixes one of the two CVEs it claims to fix. We
don't backport most CVEs, especially non-critical ones, so no need to carry
this (which is in 2.26). See discussion at <https://bugs.gnu.org/29490>.
This reverts commit 60e29339d8
.
This commit is contained in:
parent
4adde2a919
commit
0c86790bfd
|
@ -682,7 +682,6 @@ dist_patch_DATA = \
|
||||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
|
%D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
|
||||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
|
%D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
|
||||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
|
%D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
|
||||||
%D%/packages/patches/glibc-CVE-2017-15670-15671.patch \
|
|
||||||
%D%/packages/patches/glibc-bootstrap-system.patch \
|
%D%/packages/patches/glibc-bootstrap-system.patch \
|
||||||
%D%/packages/patches/glibc-ldd-x86_64.patch \
|
%D%/packages/patches/glibc-ldd-x86_64.patch \
|
||||||
%D%/packages/patches/glibc-locales.patch \
|
%D%/packages/patches/glibc-locales.patch \
|
||||||
|
|
|
@ -852,7 +852,6 @@ GLIBC/HURD for a Hurd host"
|
||||||
"glibc-o-largefile.patch"
|
"glibc-o-largefile.patch"
|
||||||
"glibc-vectorized-strcspn-guards.patch"
|
"glibc-vectorized-strcspn-guards.patch"
|
||||||
"glibc-CVE-2015-5180.patch"
|
"glibc-CVE-2015-5180.patch"
|
||||||
"glibc-CVE-2017-15670-15671.patch"
|
|
||||||
"glibc-CVE-2017-1000366-pt1.patch"
|
"glibc-CVE-2017-1000366-pt1.patch"
|
||||||
"glibc-CVE-2017-1000366-pt2.patch"
|
"glibc-CVE-2017-1000366-pt2.patch"
|
||||||
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
||||||
|
@ -873,7 +872,6 @@ GLIBC/HURD for a Hurd host"
|
||||||
"glibc-o-largefile.patch"
|
"glibc-o-largefile.patch"
|
||||||
"glibc-vectorized-strcspn-guards.patch"
|
"glibc-vectorized-strcspn-guards.patch"
|
||||||
"glibc-CVE-2015-5180.patch"
|
"glibc-CVE-2015-5180.patch"
|
||||||
"glibc-CVE-2017-15670-15671.patch"
|
|
||||||
"glibc-CVE-2017-1000366-pt1.patch"
|
"glibc-CVE-2017-1000366-pt1.patch"
|
||||||
"glibc-CVE-2017-1000366-pt2.patch"
|
"glibc-CVE-2017-1000366-pt2.patch"
|
||||||
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
||||||
|
@ -897,7 +895,6 @@ GLIBC/HURD for a Hurd host"
|
||||||
"glibc-CVE-2016-3075.patch"
|
"glibc-CVE-2016-3075.patch"
|
||||||
"glibc-CVE-2016-3706.patch"
|
"glibc-CVE-2016-3706.patch"
|
||||||
"glibc-CVE-2016-4429.patch"
|
"glibc-CVE-2016-4429.patch"
|
||||||
"glibc-CVE-2017-15670-15671.patch"
|
|
||||||
"glibc-CVE-2017-1000366-pt1.patch"
|
"glibc-CVE-2017-1000366-pt1.patch"
|
||||||
"glibc-CVE-2017-1000366-pt2.patch"
|
"glibc-CVE-2017-1000366-pt2.patch"
|
||||||
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
||||||
|
@ -920,7 +917,6 @@ GLIBC/HURD for a Hurd host"
|
||||||
"glibc-CVE-2016-3075.patch"
|
"glibc-CVE-2016-3075.patch"
|
||||||
"glibc-CVE-2016-3706.patch"
|
"glibc-CVE-2016-3706.patch"
|
||||||
"glibc-CVE-2016-4429.patch"
|
"glibc-CVE-2016-4429.patch"
|
||||||
"glibc-CVE-2017-15670-15671.patch"
|
|
||||||
"glibc-CVE-2017-1000366-pt1.patch"
|
"glibc-CVE-2017-1000366-pt1.patch"
|
||||||
"glibc-CVE-2017-1000366-pt2.patch"
|
"glibc-CVE-2017-1000366-pt2.patch"
|
||||||
"glibc-CVE-2017-1000366-pt3.patch"))))
|
"glibc-CVE-2017-1000366-pt3.patch"))))
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
Fix CVE-2017-15670:
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
|
|
||||||
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=1504804
|
|
||||||
|
|
||||||
And CVE-2017-15671:
|
|
||||||
|
|
||||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
|
|
||||||
https://sourceware.org/bugzilla/show_bug.cgi?id=22325
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
|
|
||||||
|
|
||||||
Copied from upstream:
|
|
||||||
<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
|
|
||||||
|
|
||||||
diff --git a/posix/glob.c b/posix/glob.c
|
|
||||||
--- a/posix/glob.c
|
|
||||||
+++ b/posix/glob.c
|
|
||||||
@@ -843,7 +843,7 @@
|
|
||||||
*p = '\0';
|
|
||||||
}
|
|
||||||
else
|
|
||||||
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
|
|
||||||
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
|
|
||||||
= '\0';
|
|
||||||
user_name = newp;
|
|
||||||
}
|
|
Loading…
Reference in New Issue