[gnome-continuous-yocto/gnomeostree-3.28-rocko: 80/218] glibc: Security fix CVE-2017-15671

[Emmanuele Bassi <ebassi src gnome org>]

commit 0aaf7b828dc60aca5cdcafdbb0d43e433773756a
Author: Armin Kuster <akuster808 gmail com>
Date:   Sat Jan 20 15:56:58 2018 -0800

    glibc: Security fix CVE-2017-15671
    
    affects glibc < 2.27
    only glibc in current master hash: 77f921dac17c5fa99bd9e926d926c327982895f7
    
    (From OE-Core rev: b12c8f02bbd637ef05ad1518494d666c55eaf544)
    
    Signed-off-by: Armin Kuster <akuster808 gmail com>
    Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>

 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch |   66 ++++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.26.bb              |    1 +
 2 files changed, 67 insertions(+), 0 deletions(-)
---
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch 
b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
new file mode 100644
index 0000000..3569282
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch
@@ -0,0 +1,66 @@
+From f1cf98b583787cfb6278baea46e286a0ee7567fd Mon Sep 17 00:00:00 2001
+From: Paul Eggert <eggert cs ucla edu>
+Date: Sun, 22 Oct 2017 10:00:57 +0200
+Subject: [PATCH] glob: Fix buffer overflow during GLOB_TILDE unescaping [BZ
+ #22332]
+
+(cherry picked from commit a159b53fa059947cc2548e3b0d5bdcf7b9630ba8)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15671
+Signed-off-by: Armin Kuster <akuster mvista com>
+
+---
+ ChangeLog    | 6 ++++++
+ NEWS         | 4 ++++
+ posix/glob.c | 4 ++--
+ 3 files changed, 12 insertions(+), 2 deletions(-)
+
+Index: git/NEWS
+===================================================================
+--- git.orig/NEWS
++++ git/NEWS
+@@ -211,6 +211,10 @@ Security related changes:
+   on the stack or the heap, depending on the length of the user name).
+   Reported by Tim Rühsen.
+ 
++  The glob function, when invoked with GLOB_TILDE and without
++  GLOB_NOESCAPE, could write past the end of a buffer while
++  unescaping user names.  Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+ 
+   [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===================================================================
+--- git.orig/posix/glob.c
++++ git/posix/glob.c
+@@ -823,11 +823,11 @@ glob (const char *pattern, int flags, in
+                 char *p = mempcpy (newp, dirname + 1,
+                                    unescape - dirname - 1);
+                 char *q = unescape;
+-                while (*q != '\0')
++                while (q != end_name)
+                   {
+                     if (*q == '\\')
+                       {
+-                        if (q[1] == '\0')
++                        if (q + 1 == end_name)
+                           {
+                             /* "~fo\\o\\" unescape to user_name "foo\\",
+                                but "~fo\\o\\/" unescape to user_name
+Index: git/ChangeLog
+===================================================================
+--- git.orig/ChangeLog
++++ git/ChangeLog
+@@ -1,5 +1,10 @@
++
+ 2017-10-20  Paul Eggert <eggert cs ucla edu>
+ 
++       [BZ #22332]
++       * posix/glob.c (__glob): Fix buffer overflow during GLOB_TILDE
++       unescaping.
++
+        [BZ #22320]
+        CVE-2017-15670
+        * posix/glob.c (__glob): Fix one-byte overflow.
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb b/meta/recipes-core/glibc/glibc_2.26.bb
index ed4ea4f..e4ba28f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -44,6 +44,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
            file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
            file://CVE-2017-15670.patch \
+           file://CVE-2017-15671.patch \
 "
 
 NATIVESDKFIXES ?= ""