2 files changed, 66 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
new file mode 100644
index 0000000000..ba1da67b76
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
@@ -0,0 +1,65 @@
+CVE-2014-9402 endless loop in getaddr_r
+https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d
+Upstream-Status: Backport
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 15 Dec 2014 17:41:13 +0100
+Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
+---
+ ChangeLog                    | 6 ++++++
+ NEWS                         | 7 +++++--
+ resolv/nss_dns/dns-network.c | 4 ++--
+ 3 files changed, 13 insertions(+), 4 deletions(-)
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
+++ git/NEWS
+@@ -24,7 +24,10 @@ Version 2.20
+   17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
+   17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
+   17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
+-  17625.
+  17625, 17630.
+
+* The nss_dns implementation of getnetbyname could run into an infinite loop
+  if the DNS response contained a PTR record of an unexpected format.
+ 
+ * CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
+   under certain input conditions resulting in the execution of a shell for
+Index: git/resolv/nss_dns/dns-network.c
+===================================================================
+--- git.orig/resolv/nss_dns/dns-network.c
+++ git/resolv/nss_dns/dns-network.c
+@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
+ 
+        case BYNAME:
+          {
+-           char **ap = result->n_aliases++;
+-           while (*ap != NULL)
+           char **ap;
+           for (ap = result->n_aliases; *ap != NULL; ++ap)
+              {
+                /* Check each alias name for being of the forms:
+                   4.3.2.1.in-addr.arpa         = net 1.2.3.4
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
+++ git/ChangeLog
+@@ -1,3 +1,9 @@
+2014-12-16  Florian Weimer  <fweimer@redhat.com>
+
+       [BZ #17630]
+       * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
+       names.
+
+ 2014-12-15  Jeff Law  <law@redhat.com>
+ 
+    [BZ #16617]
diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb
index f67fbfdf0d..8a8b296def 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -44,6 +44,7 @@ EGLIBCPATCHES = "\
 CVEPATCHES = "\
        file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
        file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
+        file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
    "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
      file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \

diff --git a/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch new file mode 100644 index 0000000000..ba1da67b76 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2014-9402_endless-loop-in-getaddr_r.patch
@@ -0,0 +1,65 @@
		1	CVE-2014-9402 endless loop in getaddr_r
		2
		3
		4	https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=11e3417af6e354f1942c68a271ae51e892b2814d
		5
		6	Upstream-Status: Backport
		7
		8	Signed-off-by: Armin Kuster <akuster@mvista.com>
		9
		10	From 11e3417af6e354f1942c68a271ae51e892b2814d Mon Sep 17 00:00:00 2001
		11	From: Florian Weimer <fweimer@redhat.com>
		12	Date: Mon, 15 Dec 2014 17:41:13 +0100
		13	Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
		14
		15	---
		16	ChangeLog \| 6 ++++++
		17	NEWS \| 7 +++++--
		18	resolv/nss_dns/dns-network.c \| 4 ++--
		19	3 files changed, 13 insertions(+), 4 deletions(-)
		20
		21	Index: git/NEWS
		22	===================================================================
		23	--- git.orig/NEWS
		24	+++ git/NEWS
		25	@@ -24,7 +24,10 @@ Version 2.20
		26	17031, 17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078,
		27	17079, 17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150,
		28	17153, 17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354,
		29	- 17625.
		30	+ 17625, 17630.
		31	+
		32	+* The nss_dns implementation of getnetbyname could run into an infinite loop
		33	+ if the DNS response contained a PTR record of an unexpected format.
		34
		35	* CVE-2104-7817 The wordexp function could ignore the WRDE_NOCMD flag
		36	under certain input conditions resulting in the execution of a shell for
		37	Index: git/resolv/nss_dns/dns-network.c
		38	===================================================================
		39	--- git.orig/resolv/nss_dns/dns-network.c
		40	+++ git/resolv/nss_dns/dns-network.c
		41	@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int
		42
		43	case BYNAME:
		44	{
		45	- char **ap = result->n_aliases++;
		46	- while (*ap != NULL)
		47	+ char **ap;
		48	+ for (ap = result->n_aliases; *ap != NULL; ++ap)
		49	{
		50	/* Check each alias name for being of the forms:
		51	4.3.2.1.in-addr.arpa = net 1.2.3.4
		52	Index: git/ChangeLog
		53	===================================================================
		54	--- git.orig/ChangeLog
		55	+++ git/ChangeLog
		56	@@ -1,3 +1,9 @@
		57	+2014-12-16 Florian Weimer <fweimer@redhat.com>
		58	+
		59	+ [BZ #17630]
		60	+ * resolv/nss_dns/dns-network.c (getanswer_r): Iterate over alias
		61	+ names.
		62	+
		63	2014-12-15 Jeff Law <law@redhat.com>
		64
		65	[BZ #16617]


diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb index f67fbfdf0d..8a8b296def 100644 --- a/meta/recipes-core/glibc/glibc_2.20.bb +++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -44,6 +44,7 @@ EGLIBCPATCHES = "\
44	CVEPATCHES = "\	44	CVEPATCHES = "\
45	file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \	45	file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
46	file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \	46	file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
		47	file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
47	"	48	"
48	LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \	49	LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
49	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \	50	file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \