Fix CVE-2015-7547.
https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
This is the source code which built
aa618ea402531675e3933e85defae8186ce13c63
Change-Id: I5f195b29e597c2ae5bb9d98366c66200d0ce8b49
diff --git a/Build.Info/0001-hermetic-static-build.patch b/Build.Info/0001-hermetic-static-build.patch
new file mode 100644
index 0000000..6a9427c
--- /dev/null
+++ b/Build.Info/0001-hermetic-static-build.patch
@@ -0,0 +1,25 @@
+From 39c92fa91756747fa8eaf1fc898214658d1f8451 Mon Sep 17 00:00:00 2001
+From: John Newlin <jnewlin@google.com>
+Date: Fri, 3 Oct 2014 21:58:51 -0700
+Subject: [PATCH] Build libraries statically to make hermetic builds work.
+
+---
+ package/pkg-autotools.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/package/pkg-autotools.mk b/package/pkg-autotools.mk
+index 4404f15..e4e4df9 100644
+--- a/package/pkg-autotools.mk
++++ b/package/pkg-autotools.mk
+@@ -165,7 +165,7 @@ define $(2)_CONFIGURE_CMDS
+ ./configure \
+ --prefix="$$(HOST_DIR)/usr" \
+ --sysconfdir="$$(HOST_DIR)/etc" \
+- --enable-shared --disable-static \
++ --disable-shared --enable-static \
+ --disable-gtk-doc \
+ --disable-doc \
+ --disable-docs \
+--
+2.1.0.rc2.206.gedb03e5
+
diff --git a/Build.Info/0002-getaddrinfo-fault.patch b/Build.Info/0002-getaddrinfo-fault.patch
new file mode 100644
index 0000000..31b7c72
--- /dev/null
+++ b/Build.Info/0002-getaddrinfo-fault.patch
@@ -0,0 +1,102 @@
+From 218e952a2caf6e1e4103e322780922800884b712 Mon Sep 17 00:00:00 2001
+From: Denton Gentry <dgentry@google.com>
+Date: Sat, 19 Dec 2015 15:53:09 -0800
+Subject: [PATCH] Fix fault in getaddrinfo.
+
+---
+ resolv/res_send.c | 28 ++++++++++++++++------------
+ 1 file changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/resolv/res_send.c b/resolv/res_send.c
+index 7f2e85f..d178dca 100644
+--- a/resolv/res_send.c
++++ b/resolv/res_send.c
+@@ -782,26 +782,26 @@ send_vc(res_state statp,
+ assert (anscp != NULL || ansp2 == NULL);
+ thisresplenp = &resplen;
+ } else {
+- if (*anssizp != MAXPACKET) {
++ if (*anssizp == orig_anssizp) {
+ /* No buffer allocated for the first
+ reply. We can try to use the rest
+ of the user-provided buffer. */
+ #ifdef _STRING_ARCH_unaligned
+ *anssizp2 = orig_anssizp - resplen;
+- *ansp2 = *ansp + resplen;
++ *ansp2 = ans + resplen;
+ #else
+ int aligned_resplen
+ = ((resplen + __alignof__ (HEADER) - 1)
+ & ~(__alignof__ (HEADER) - 1));
+ *anssizp2 = orig_anssizp - aligned_resplen;
+- *ansp2 = *ansp + aligned_resplen;
++ *ansp2 = ans + aligned_resplen;
+ #endif
+- } else {
++ } else if (*ansp2 >= ans && *ansp2 < ans + orig_anssizp) {
+ /* The first reply did not fit into the
+ user-provided buffer. Maybe the second
+ answer will. */
+ *anssizp2 = orig_anssizp;
+- *ansp2 = *ansp;
++ *ansp2 = ans;
+ }
+
+ thisanssizp = anssizp2;
+@@ -823,6 +823,8 @@ send_vc(res_state statp,
+ }
+ *thisanssizp = MAXPACKET;
+ *thisansp = newp;
++ if (thisansp == anscp)
++ *ansp = *thisansp;
+ anhp = (HEADER *) newp;
+ len = rlen;
+ } else {
+@@ -1198,26 +1200,26 @@ send_dg(res_state statp,
+ assert (anscp != NULL || ansp2 == NULL);
+ thisresplenp = &resplen;
+ } else {
+- if (*anssizp != MAXPACKET) {
++ if (*anssizp == orig_anssizp) {
+ /* No buffer allocated for the first
+ reply. We can try to use the rest
+ of the user-provided buffer. */
+ #ifdef _STRING_ARCH_unaligned
+ *anssizp2 = orig_anssizp - resplen;
+- *ansp2 = *ansp + resplen;
++ *ansp2 = ans + resplen;
+ #else
+ int aligned_resplen
+ = ((resplen + __alignof__ (HEADER) - 1)
+ & ~(__alignof__ (HEADER) - 1));
+ *anssizp2 = orig_anssizp - aligned_resplen;
+- *ansp2 = *ansp + aligned_resplen;
++ *ansp2 = ans + aligned_resplen;
+ #endif
+- } else {
++ } else if (*ansp2 >= ans && *ansp2 < ans + orig_anssizp) {
+ /* The first reply did not fit into the
+ user-provided buffer. Maybe the second
+ answer will. */
+ *anssizp2 = orig_anssizp;
+- *ansp2 = *ansp;
++ *ansp2 = ans;
+ }
+
+ thisanssizp = anssizp2;
+@@ -1236,8 +1238,10 @@ send_dg(res_state statp,
+ ) {
+ u_char *newp = malloc (MAXPACKET);
+ if (newp != NULL) {
+- *anssizp = MAXPACKET;
+- *thisansp = ans = newp;
++ *thisanssizp = MAXPACKET;
++ *thisansp = newp;
++ if (thisansp == anscp)
++ *ansp = *thisansp;
+ }
+ }
+ HEADER *anhp = (HEADER *) *thisansp;
+--
+2.6.0.rc2.230.g3dd15c0
+
diff --git a/Build.Info/Readme.txt b/Build.Info/Readme.txt
new file mode 100644
index 0000000..d9108a1
--- /dev/null
+++ b/Build.Info/Readme.txt
@@ -0,0 +1,14 @@
+To rebuild to the toolchain:
+
+git clone git://git.buildroot.net/buildroot
+cd buildroot
+git checkout b354417dcef5805adb33cb2e3249d7c7be64cac7
+
+patch -p1 -i <path-to-this-folder>/0001-hermetic-static-build.patch
+[... do for all patches in the folder...]
+
+cp <path-to-this-folder>/bruno/Build.Info/defconfig .config
+
+make
+(this will bring up menuconfig, just exit and save)
+make -j12
diff --git a/Build.Info/defconfig b/Build.Info/defconfig
new file mode 100644
index 0000000..a050562
--- /dev/null
+++ b/Build.Info/defconfig
@@ -0,0 +1,12 @@
+BR2_arm=y
+BR2_cortex_a9=y
+BR2_ARM_ENABLE_NEON=y
+BR2_ARM_FPU_VFPV3=y
+BR2_KERNEL_HEADERS_3_2=y
+BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
+BR2_GCC_VERSION_4_9_X=y
+BR2_TOOLCHAIN_BUILDROOT_CXX=y
+# BR2_TARGET_GENERIC_GETTY is not set
+# BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set
+BR2_PACKAGE_MAKE=y
+# BR2_TARGET_ROOTFS_TAR is not set
diff --git a/README.build b/README.build
deleted file mode 100644
index 251a290..0000000
--- a/README.build
+++ /dev/null
@@ -1,63 +0,0 @@
-To rebuild to the toolchain:
-
-Clone the buildroot depot:
- git://git.buildroot.net/buildroot
-
-Run make menuconfig and disable everything except building the toolchain, or
-just use this as your .config in the buildroot directory
-
----------------------- .config ---------------------
-BR2_arm=y
-BR2_cortex_a9=y
-BR2_ARM_ENABLE_NEON=y
-BR2_ARM_FPU_VFPV3=y
-BR2_KERNEL_HEADERS_3_2=y
-BR2_TOOLCHAIN_BUILDROOT_GLIBC=y
-BR2_GCC_VERSION_4_9_X=y
-BR2_TOOLCHAIN_BUILDROOT_CXX=y
-# BR2_TARGET_GENERIC_GETTY is not set
-# BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW is not set
-BR2_PACKAGE_MAKE=y
-# BR2_TARGET_ROOTFS_TAR is not set
-----------------------------------------------------
-
-
--- Next apply this patch to make all of the host build statically
- to remove dependence on locally generated shared libs.
-
-----------------------------------------------------------------------
-From 39c92fa91756747fa8eaf1fc898214658d1f8451 Mon Sep 17 00:00:00 2001
-From: John Newlin <jnewlin@google.com>
-Date: Fri, 3 Oct 2014 21:58:51 -0700
-Subject: [PATCH] Build libraries statically to make hermetic builds work.
-
----
- package/pkg-autotools.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/package/pkg-autotools.mk b/package/pkg-autotools.mk
-index 4404f15..e4e4df9 100644
---- a/package/pkg-autotools.mk
-+++ b/package/pkg-autotools.mk
-@@ -165,7 +165,7 @@ define $(2)_CONFIGURE_CMDS
- ./configure \
- --prefix="$$(HOST_DIR)/usr" \
- --sysconfdir="$$(HOST_DIR)/etc" \
-- --enable-shared --disable-static \
-+ --disable-shared --enable-static \
- --disable-gtk-doc \
- --disable-doc \
- --disable-docs \
---
-2.1.0.rc2.206.gedb03e5
-----------------------------------------------------------------------
-
-Run 'make' (go grab some coffee this will take awhile)
-
-
---
-rm -rf *
-cp -prf <path to output>
-git add -A
-git commit
-