CVE-2013-0242 in glibc's regex() can cause a DoS in any daemon that runs a regex search on user input while in a multibyte locale. I'm not sure how hard it would be to trigger such a setup for libvirtd, but rather than risk things, we can avoid the issue: gnulib has worked around the problem, and by updating to the latest gnulib, we can avoid the bug even on platforms where glibc has yet to be patched. * .gnulib: Update to latest, for various fixes, including regex. * bootstrap: Resync from upstream. --- * .gnulib 61c7b1e...a0b25da (45): .gnulib | 2 +- bootstrap | 44 ++++++++++++++++++++++---------------------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/.gnulib b/.gnulib index 61c7b1e..a0b25da 160000 --- a/.gnulib +++ b/.gnulib @@ -1 +1 @@ -Subproject commit 61c7b1e32e11e9e40b4d59ab888a807620befcd3 +Subproject commit a0b25daf001cb1a0352f329e2b5e1640acc88541 diff --git a/bootstrap b/bootstrap index 012907a..bee7765 100755 --- a/bootstrap +++ b/bootstrap @@ -1,6 +1,6 @@ #! /bin/sh # Print a version string. -scriptversion=2012-12-28.10; # UTC +scriptversion=2013-01-20.16; # UTC # Bootstrap this package from checked-out sources. @@ -306,34 +306,34 @@ if test -n "$checkout_only_file" && test ! -r "$checkout_only_file"; then die "Bootstrapping from a non-checked-out distribution is risky." fi -# Ensure that lines starting with ! sort last, per gitignore conventions -# for whitelisting exceptions after a more generic blacklist pattern. -sort_patterns() { - sort -u "$@" | sed '/^!/ { - H - d - } - $ { - P - x - s/^\n// - }' | sed '/^$/d' +# Strip blank and comment lines to leave significant entries. +gitignore_entries() { + sed '/^#/d; /^$/d' "$@" } -# If $STR is not already on a line by itself in $FILE, insert it, -# sorting the new contents of the file and replacing $FILE with the result. -insert_sorted_if_absent() { +# If $STR is not already on a line by itself in $FILE, insert it at the start. +# Entries are inserted at the start of the ignore list to ensure existing +# entries starting with ! are not overridden. Such entries support +# whitelisting exceptions after a more generic blacklist pattern. +insert_if_absent() { file=$1 str=$2 test -f $file || touch $file - echo "$str" | sort_patterns - $file | cmp -s - $file > /dev/null \ - || { echo "$str" | sort_patterns - $file > $file.bak \ - && mv $file.bak $file; } \ - || die "insert_sorted_if_absent $file $str: failed" + test -r $file || die "Error: failed to read ignore file: $file" + duplicate_entries=$(gitignore_entries $file | sort | uniq -d) + if [ "$duplicate_entries" ] ; then + die "Error: Duplicate entries in $file: " $duplicate_entries + fi + linesold=$(gitignore_entries $file | wc -l) + linesnew=$(echo "$str" | gitignore_entries - $file | sort -u | wc -l) + if [ $linesold != $linesnew ] ; then + { echo "$str" | cat - $file > $file.bak && mv $file.bak $file; } \ + || die "insert_if_absent $file $str: failed" + fi } # Adjust $PATTERN for $VC_IGNORE_FILE and insert it with -# insert_sorted_if_absent. +# insert_if_absent. insert_vc_ignore() { vc_ignore_file="$1" pattern="$2" @@ -344,7 +344,7 @@ insert_vc_ignore() { # .gitignore entry. pattern=$(echo "$pattern" | sed s,^,/,);; esac - insert_sorted_if_absent "$vc_ignore_file" "$pattern" + insert_if_absent "$vc_ignore_file" "$pattern" } # Die if there is no AC_CONFIG_AUX_DIR($build_aux) line in configure.ac. -- 1.8.1