From 01a894b1b0ac6ebd112f1767af45ee2fea1c769f Mon Sep 17 00:00:00 2001
From: Jesse Gilles <jgilles@multitech.com>
Date: Wed, 28 Jan 2015 15:58:13 -0600
Subject: eglibc-2.12: add eglibc-CVE-2015-0235.patch to fix GHOST
 vulnerability

---
 .../eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch  | 253 +++++++++++++++++++++
 .../recipes/eglibc/eglibc-initial_2.12.bbappend    |   6 +
 multitech/recipes/eglibc/eglibc_2.12.bbappend      |   6 +
 3 files changed, 265 insertions(+)
 create mode 100644 multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch
 create mode 100644 multitech/recipes/eglibc/eglibc-initial_2.12.bbappend
 create mode 100644 multitech/recipes/eglibc/eglibc_2.12.bbappend

diff --git a/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch b/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch
new file mode 100644
index 0000000..2d9954f
--- /dev/null
+++ b/multitech/recipes/eglibc/eglibc-2.12/eglibc-CVE-2015-0235.patch
@@ -0,0 +1,253 @@
+The following was taken from Ubuntu 12.04 eglibc-2.15 source and the Makefile patch was
+slightly modified to work against eglibc 2.12.
+
+From: Andreas Schwab <schwab@suse.de>
+Date: Mon, 21 Jan 2013 16:41:28 +0000 (+0100)
+Subject: Fix parsing of numeric hosts in gethostbyname_r
+X-Git-Tag: glibc-2.18~221
+X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd
+
+Fix parsing of numeric hosts in gethostbyname_r
+
+2013-05-21  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #15014]
+	* nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME))
+	[HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was
+	successful.
+	* nss/digits_dots.c (__nss_hostname_digits_dots): Remove
+	redundant variable declarations and reallocation of buffer when
+	parsing as IPv6 address.  Always set NSS status when called from
+	reentrant functions.  Use NETDB_INTERNAL instead of TRY_AGAIN when
+	buffer too small.  Correct computation of needed size.
+	* nss/Makefile (tests): Add test-digits-dots.
+	* nss/test-digits-dots.c: New test.
+
+CVE-2015-0235
+
+(Ubuntu note: patch differs from upstream commit in that it drops
+the changelog and NEWS entries as well as the whitespace only change to
+nss/getXXbyYY_r.c to reduce patch conflicts. --sbeattie)
+
+---
+ nss/Makefile           |    2 -
+ nss/digits_dots.c      |   73 +++++++++++++------------------------------------
+ nss/getXXbyYY_r.c      |    3 ++
+ nss/test-digits-dots.c |   38 +++++++++++++++++++++++++
+ 4 files changed, 62 insertions(+), 54 deletions(-)
+
+Index: libc/nss/digits_dots.c
+===================================================================
+--- libc.orig/nss/digits_dots.c	2010-11-16 12:47:37.000000000 -0600
++++ libc/nss/digits_dots.c	2015-01-28 14:09:33.942597967 -0600
+@@ -47,7 +47,10 @@
+     {
+       if (h_errnop)
+ 	*h_errnop = NETDB_INTERNAL;
+-      *result = NULL;
++      if (buffer_size == NULL)
++	*status = NSS_STATUS_TRYAGAIN;
++      else
++	*result = NULL;
+       return -1;
+     }
+ 
+@@ -84,14 +87,16 @@
+ 	}
+ 
+       size_needed = (sizeof (*host_addr)
+-		     + sizeof (*h_addr_ptrs) + strlen (name) + 1);
++		     + sizeof (*h_addr_ptrs)
++		     + sizeof (*h_alias_ptr) + strlen (name) + 1);
+ 
+       if (buffer_size == NULL)
+         {
+ 	  if (buflen < size_needed)
+ 	    {
++	      *status = NSS_STATUS_TRYAGAIN;
+ 	      if (h_errnop != NULL)
+-		*h_errnop = TRY_AGAIN;
++		*h_errnop = NETDB_INTERNAL;
+ 	      __set_errno (ERANGE);
+ 	      goto done;
+ 	    }
+@@ -110,7 +115,7 @@
+ 	      *buffer_size = 0;
+ 	      __set_errno (save);
+ 	      if (h_errnop != NULL)
+-		*h_errnop = TRY_AGAIN;
++		*h_errnop = NETDB_INTERNAL;
+ 	      *result = NULL;
+ 	      goto done;
+ 	    }
+@@ -150,7 +155,9 @@
+ 		  if (! ok)
+ 		    {
+ 		      *h_errnop = HOST_NOT_FOUND;
+-		      if (buffer_size)
++		      if (buffer_size == NULL)
++			*status = NSS_STATUS_NOTFOUND;
++		      else
+ 			*result = NULL;
+ 		      goto done;
+ 		    }
+@@ -191,7 +198,7 @@
+ 		  if (buffer_size == NULL)
+ 		    *status = NSS_STATUS_SUCCESS;
+ 		  else
+-		   *result = resbuf;
++		    *result = resbuf;
+ 		  goto done;
+ 		}
+ 
+@@ -202,15 +209,6 @@
+ 
+       if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':')
+ 	{
+-	  const char *cp;
+-	  char *hostname;
+-	  typedef unsigned char host_addr_t[16];
+-	  host_addr_t *host_addr;
+-	  typedef char *host_addr_list_t[2];
+-	  host_addr_list_t *h_addr_ptrs;
+-	  size_t size_needed;
+-	  int addr_size;
+-
+ 	  switch (af)
+ 	    {
+ 	    default:
+@@ -226,7 +224,10 @@
+ 	      /* This is not possible.  We cannot represent an IPv6 address
+ 		 in an `struct in_addr' variable.  */
+ 	      *h_errnop = HOST_NOT_FOUND;
+-	      *result = NULL;
++	      if (buffer_size == NULL)
++		*status = NSS_STATUS_NOTFOUND;
++	      else
++		*result = NULL;
+ 	      goto done;
+ 
+ 	    case AF_INET6:
+@@ -234,42 +235,6 @@
+ 	      break;
+ 	    }
+ 
+-	  size_needed = (sizeof (*host_addr)
+-			 + sizeof (*h_addr_ptrs) + strlen (name) + 1);
+-
+-	  if (buffer_size == NULL && buflen < size_needed)
+-	    {
+-	      if (h_errnop != NULL)
+-		*h_errnop = TRY_AGAIN;
+-	      __set_errno (ERANGE);
+-	      goto done;
+-	    }
+-	  else if (buffer_size != NULL && *buffer_size < size_needed)
+-	    {
+-	      char *new_buf;
+-	      *buffer_size = size_needed;
+-	      new_buf = realloc (*buffer, *buffer_size);
+-
+-	      if (new_buf == NULL)
+-		{
+-		  save = errno;
+-		  free (*buffer);
+-		  __set_errno (save);
+-		  *buffer = NULL;
+-		  *buffer_size = 0;
+-		  *result = NULL;
+-		  goto done;
+-		}
+-	      *buffer = new_buf;
+-	    }
+-
+-	  memset (*buffer, '\0', size_needed);
+-
+-	  host_addr = (host_addr_t *) *buffer;
+-	  h_addr_ptrs = (host_addr_list_t *)
+-	    ((char *) host_addr + sizeof (*host_addr));
+-	  hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs);
+-
+ 	  for (cp = name;; ++cp)
+ 	    {
+ 	      if (!*cp)
+@@ -282,7 +247,9 @@
+ 		  if (inet_pton (AF_INET6, name, host_addr) <= 0)
+ 		    {
+ 		      *h_errnop = HOST_NOT_FOUND;
+-		      if (buffer_size)
++		      if (buffer_size == NULL)
++			*status = NSS_STATUS_NOTFOUND;
++		      else
+ 			*result = NULL;
+ 		      goto done;
+ 		    }
+Index: libc/nss/getXXbyYY_r.c
+===================================================================
+--- libc.orig/nss/getXXbyYY_r.c	2010-11-16 12:47:37.000000000 -0600
++++ libc/nss/getXXbyYY_r.c	2015-01-28 14:09:33.942597967 -0600
+@@ -178,6 +178,9 @@
+     case -1:
+       return errno;
+     case 1:
++#ifdef NEED_H_ERRNO
++      any_service = true;
++#endif
+       goto done;
+     }
+ #endif
+Index: libc/nss/test-digits-dots.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ libc/nss/test-digits-dots.c	2015-01-28 14:09:33.978597382 -0600
+@@ -0,0 +1,38 @@
++/* Copyright (C) 2013 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <http://www.gnu.org/licenses/>.  */
++
++/* Testcase for BZ #15014 */
++
++#include <stdlib.h>
++#include <netdb.h>
++#include <errno.h>
++
++static int
++do_test (void)
++{
++  char buf[32];
++  struct hostent *result = NULL;
++  struct hostent ret;
++  int h_err = 0;
++  int err;
++
++  err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err);
++  return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../test-skeleton.c"
+Index: libc/nss/Makefile
+===================================================================
+--- libc.orig/nss/Makefile	2015-01-28 14:09:26.000000000 -0600
++++ libc/nss/Makefile	2015-01-28 14:10:37.181572603 -0600
+@@ -46,6 +46,7 @@
+ others                  := getent
+ install-bin             := getent
+ 
++tests			= test-digits-dots
+ tests-$(OPTION_EGLIBC_INET) += test-netdb
+ xtests-$(OPTION_EGLIBC_INET) += bug-erange
+ 
diff --git a/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend b/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend
new file mode 100644
index 0000000..4e65e80
--- /dev/null
+++ b/multitech/recipes/eglibc/eglibc-initial_2.12.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRA := "${THISDIR}"
+FILESPATHBASE =. "${FILESEXTRA}:"
+
+# patch for eglibc GHOST vulnerability
+SRC_URI += "file://eglibc-CVE-2015-0235.patch"
+PR .= ".corecdp1"
diff --git a/multitech/recipes/eglibc/eglibc_2.12.bbappend b/multitech/recipes/eglibc/eglibc_2.12.bbappend
new file mode 100644
index 0000000..4e65e80
--- /dev/null
+++ b/multitech/recipes/eglibc/eglibc_2.12.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRA := "${THISDIR}"
+FILESPATHBASE =. "${FILESEXTRA}:"
+
+# patch for eglibc GHOST vulnerability
+SRC_URI += "file://eglibc-CVE-2015-0235.patch"
+PR .= ".corecdp1"
-- 
cgit v1.2.3