1 files changed, 65 insertions, 0 deletions
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000000..9a08784106
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,65 @@
+From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert@cs.ucla.edu>
+Date: Sun, 22 Oct 2017 10:00:57 +0200
+Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
+ #22332]
+(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
+Upstream-Status: Backport
+CVE: CVE-2017-15671
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ ChangeLog    | 6 ++++++
+ NEWS         | 4 ++++
+ posix/glob.c | 4 ++--
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
+++ git/NEWS
+@@ -20,6 +20,10 @@ Security related changes:
+   on the stack or the heap, depending on the length of the user name).
+   Reported by Tim Rühsen.
+ 
+  The glob function, when invoked with GLOB_TILDE and without
+  GLOB_NOESCAPE, could write past the end of a buffer while
+  unescaping user names.  Reported by Tim Rühsen.
+
+ The following bugs are resolved with this release:
+ 
+   [16750] ldd: Never run file directly.
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
+++ git/posix/glob.c
+@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in
+                  char *p = mempcpy (newp, dirname + 1,
+                                     unescape - dirname - 1);
+                  char *q = unescape;
+-                 while (*q != '\0')
+                 while (q != end_name)
+                    {
+                      if (*q == '\\')
+                        {
+-                         if (q[1] == '\0')
+                         if (q + 1 == end_name)
+                            {
+                              /* "~fo\\o\\" unescape to user_name "foo\\",
+                                 but "~fo\\o\\/" unescape to user_name
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
+++ git/ChangeLog
+@@ -1,3 +1,9 @@
+2017-10-22  Paul Eggert <eggert@cs.ucla.edu>
+
+       [BZ #22332]
+       * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
+       unescaping.
+
+ 2017-10-13  James Clarke  <jrtc27@jrtc27.com>
+ 
+        * sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela):

diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch new file mode 100644 index 0000000000..9a08784106 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,65 @@
	1	From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
	2	From: Paul Eggert <eggert@cs.ucla.edu>
	3	Date: Sun, 22 Oct 2017 10:00:57 +0200
	4	Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
	5	#22332]
	6
	7	(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
	8
	9	Upstream-Status: Backport
	10	CVE: CVE-2017-15671
	11	Signed-off-by: Armin Kuster <akuster@mvista.com>
	12
	13	---
	14	ChangeLog \| 6 ++++++
	15	NEWS \| 4 ++++
	16	posix/glob.c \| 4 ++--
	17	3 files changed, 12 insertions(+), 2 deletions(-)
	18
	19	Index: git/NEWS
	20	===================================================================
	21	--- git.orig/NEWS
	22	+++ git/NEWS
	23	@@ -20,6 +20,10 @@ Security related changes:
	24	on the stack or the heap, depending on the length of the user name).
	25	Reported by Tim Rühsen.
	26
	27	+ The glob function, when invoked with GLOB_TILDE and without
	28	+ GLOB_NOESCAPE, could write past the end of a buffer while
	29	+ unescaping user names. Reported by Tim Rühsen.
	30	+
	31	The following bugs are resolved with this release:
	32
	33	[16750] ldd: Never run file directly.
	34	Index: git/posix/glob.c
	35	===================================================================
	36	--- git.orig/posix/glob.c
	37	+++ git/posix/glob.c
	38	@@ -850,11 +850,11 @@ glob (const char *pattern, int flags, in
	39	char *p = mempcpy (newp, dirname + 1,
	40	unescape - dirname - 1);
	41	char *q = unescape;
	42	- while (*q != '\0')
	43	+ while (q != end_name)
	44	{
	45	if (*q == '\\')
	46	{
	47	- if (q[1] == '\0')
	48	+ if (q + 1 == end_name)
	49	{
	50	/* "~fo\\o\\" unescape to user_name "foo\\",
	51	but "~fo\\o\\/" unescape to user_name
	52	Index: git/ChangeLog
	53	===================================================================
	54	--- git.orig/ChangeLog
	55	+++ git/ChangeLog
	56	@@ -1,3 +1,9 @@
	57	+2017-10-22 Paul Eggert <eggert@cs.ucla.edu>
	58	+
	59	+ [BZ #22332]
	60	+ * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
	61	+ unescaping.
	62	+
	63	2017-10-13 James Clarke <jrtc27@jrtc27.com>
	64
	65	* sysdeps/powerpc/powerpc32/dl-machine.h (elf_machine_rela):