[libvirt] [PATCH] maint: update to latest gnulib

Eric Blake eblake at redhat.com
Thu Jan 31 23:34:24 UTC 2013 

CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon
that runs a regex search on user input while in a multibyte locale.
I'm not sure how hard it would be to trigger such a setup for
libvirtd, but rather than risk things, we can avoid the issue:
gnulib has worked around the problem, and by updating to the latest
gnulib, we can avoid the bug even on platforms where glibc has yet
to be patched.

* .gnulib: Update to latest, for various fixes, including regex.
* bootstrap: Resync from upstream.
---

* .gnulib 61c7b1e...a0b25da (45):
  > regex: avoid infinite configure test
  > openpty: fix bug where HAVE_OPENPTY wasn't defined
  > sys_time: port to Solaris 2.6
  > regex: test for buffer overrun
  > regex: fix buffer overrun in regexp matcher
  > mountlist: don't consider "devtmpfs" as dummy
  > futimens-tests, utimens-tests: Depend on gettext.
  > test-getpeername: fix typo
  > bootstrap: remove the need for a sorted .gitignore
  > readlinkat: don't depend on gl_FUNC_OPENAT
  > statat: new module, split out from fstatat
  > autoupdate
  > Fix typo in previous change, by including <unistd.h>.
  > tests: don't assume fd 99 is closed
  > Fix ChangeLog typo.
  > stpncpy: port to OS X 10.8
  > In intro, say only latest mingw is tested.
  > unistd: port to recent mingw
  > Fix typo in comment.
  > largefile: port better to Mac OS X 10.5
  > doc: clarify -Werror
  > stdint: fix build with Android's Bionic fox x86
  > net_if-tests: port to Solaris 7 + GCC 3.4.6
  > net_if-tests: port to older Solaris
  > system-quote-tests: port to older Solaris
  > c-xvasprintf etc.: fix link errors on older Solaris
  > locale: port to Solaris 2.6 and 7 + GNU gettext
  > autoupdate
  > stdlib: port to Solaris 2.6
  > Fix misspellings of "occurred".
  > autoupdate
  > autoupdate
  > doc: update main copyright year
  > doc: improve ISO 8601 discussion
  > doc: avoid small caps
  > regex: conform to strict C
  > gnulib-tool: fix incompatibility with autopoint 0.18.2
  > autoupdate
  > fprintftime: bring back and reword fwrite comment
  > autoupdate
  > stdio: remove now-unnecessary stdio.c
  > unicodeio: depend on stdio, not ignore-value
  > fprintftime: depend on stdio, not ignore-value
  > stdint-tests: Fix expanded-before-required-warning. * modules/stdint-tests (Depends-on): Use AC_REQUIRE.
  > fwrite: silence __wur only for older glibc versions

 .gnulib   |  2 +-
 bootstrap | 44 ++++++++++++++++++++++----------------------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/.gnulib b/.gnulib
index 61c7b1e..a0b25da 160000
--- a/.gnulib
+++ b/.gnulib
@@ -1 +1 @@
-Subproject commit 61c7b1e32e11e9e40b4d59ab888a807620befcd3
+Subproject commit a0b25daf001cb1a0352f329e2b5e1640acc88541
diff --git a/bootstrap b/bootstrap
index 012907a..bee7765 100755
--- a/bootstrap
+++ b/bootstrap
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Print a version string.
-scriptversion=2012-12-28.10; # UTC
+scriptversion=2013-01-20.16; # UTC

 # Bootstrap this package from checked-out sources.

@@ -306,34 +306,34 @@ if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then
   die "Bootstrapping from a non-checked-out distribution is risky."
 fi

-# Ensure that lines starting with ! sort last, per gitignore conventions
-# for whitelisting exceptions after a more generic blacklist pattern.
-sort_patterns() {
-  sort -u "$@" | sed '/^!/ {
-    H
-    d
-  }
-  $ {
-    P
-    x
-    s/^\n//
-  }' | sed '/^$/d'
+# Strip blank and comment lines to leave significant entries.
+gitignore_entries() {
+  sed '/^#/d; /^$/d' "$@"
 }

-# If $STR is not already on a line by itself in $FILE, insert it,
-# sorting the new contents of the file and replacing $FILE with the result.
-insert_sorted_if_absent() {
+# If $STR is not already on a line by itself in $FILE, insert it at the start.
+# Entries are inserted at the start of the ignore list to ensure existing
+# entries starting with ! are not overridden.  Such entries support
+# whitelisting exceptions after a more generic blacklist pattern.
+insert_if_absent() {
   file=$1
   str=$2
   test -f $file || touch $file
-  echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \
-    || { echo "$str" | sort_patterns - $file > $file.bak \
-      && mv $file.bak $file; } \
-    || die "insert_sorted_if_absent $file $str: failed"
+  test -r $file || die "Error: failed to read ignore file: $file"
+  duplicate_entries=$(gitignore_entries $file | sort | uniq -d)
+  if [ "$duplicate_entries" ] ; then
+    die "Error: Duplicate entries in $file: " $duplicate_entries
+  fi
+  linesold=$(gitignore_entries $file | wc -l)
+  linesnew=$(echo "$str" | gitignore_entries - $file | sort -u | wc -l)
+  if [ $linesold != $linesnew ] ; then
+    { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \
+      || die "insert_if_absent $file $str: failed"
+  fi
 }

 # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with
-# insert_sorted_if_absent.
+# insert_if_absent.
 insert_vc_ignore() {
   vc_ignore_file="$1"
   pattern="$2"
@@ -344,7 +344,7 @@ insert_vc_ignore() {
     # .gitignore entry.
     pattern=$(echo "$pattern" | sed s,^,/,);;
   esac
-  insert_sorted_if_absent "$vc_ignore_file" "$pattern"
+  insert_if_absent "$vc_ignore_file" "$pattern"
 }

 # Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac.
-- 
1.8.1

More information about the libvir-list mailing list