[dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[mac]

From: Mike Crowe <mac@mcrowe.com>

Take the patch from the source for Debian's glibc 2.31-13+deb11u7
package, the changelog for which starts with:

 glibc (2.31-13+deb11u7) bullseye-security; urgency=medium

   * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
     dynamic loader's processing of the GLIBC_TUNABLES environment variable
     (CVE-2023-4911).

This addresses the "Looney Tunables" vulnerability described at
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
 .../glibc/glibc/CVE-2023-4911.patch           | 63 +++++++++++++++++++
 meta/recipes-core/glibc/glibc_2.31.bb         |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-4911.patch

diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
new file mode 100644
index 0000000000..4d3146509a
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
@@ -0,0 +1,63 @@
+From d2b77337f734fcacdfc8e0ddec14cf31a746c7be Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@redhat.com>
+Date: Mon, 11 Sep 2023 18:53:15 -0400
+Subject: [PATCH v2] tunables: Terminate immediately if end of input is reached
+
+The string parsing routine may end up writing beyond bounds of tunestr
+if the input tunable string is malformed, of the form name=name=val.
+This gets processed twice, first as name=name=val and next as name=val,
+resulting in tunestr being name=name=val:name=val, thus overflowing
+tunestr.
+
+Terminate the parsing loop at the first instance itself so that tunestr
+does not overflow.
+---
+Changes from v1:
+
+- Also null-terminate tunestr before exiting.
+
+ elf/dl-tunables.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
+
+Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
+CVE: CVE-2023-4911
+
+diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
+index 8e7ee9df10..76cf8b9da3 100644
+--- a/elf/dl-tunables.c
++++ b/elf/dl-tunables.c
+@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring)
+       /* If we reach the end of the string before getting a valid name-value
+        pair, bail out.  */
+       if (p[len] == '\0')
+-      {
+-        if (__libc_enable_secure)
+-          tunestr[off] = '\0';
+-        return;
+-      }
++      break;
+
+       /* We did not find a valid name-value pair before encountering the
+        colon.  */
+@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *valstring)
+           }
+       }
+
+-      if (p[len] != '\0')
+-      p += len + 1;
++      /* We reached the end while processing the tunable string.  */
++      if (p[len] == '\0')
++      break;
++
++      p += len + 1;
+     }
++
++  /* Terminate tunestr before we leave.  */
++  if (__libc_enable_secure)
++    tunestr[off] = '\0';
+ }
+ #endif
+
+--
+2.41.0
+
diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
index 8d216f6ed1..1862586749 100644
--- a/meta/recipes-core/glibc/glibc_2.31.bb
+++ b/meta/recipes-core/glibc/glibc_2.31.bb
@@ -80,6 +80,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
            file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
            file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
            file://CVE-2023-0687.patch \
+           file://CVE-2023-4911.patch \
            "
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build-${TARGET_SYS}"
--
2.39.2

BrightSign considers your privacy to be very important. The emails you send to us will be protected and secured. Furthermore, we will only use your email and contact information for the reasons you sent them to us and for tracking how effectively we respond to your requests.

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Steve Sakoman]

Hmmm ... does this build for you?

I'm getting:

ERROR: glibc-2.31+gitAUTOINC+2d4f26e5cf-r0 do_patch: Applying patch
'CVE-2023-4911.patch' on target directory
'/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/git'
Command Error: 'quilt --quiltrc
/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/recipe-sysroot-native/etc/quiltrc
push' exited with 0  Output:
Applying patch CVE-2023-4911.patch
patching file elf/dl-tunables.c
Hunk #1 FAILED at 187.
Hunk #2 FAILED at 251.
2 out of 2 hunks FAILED -- rejects in file elf/dl-tunables.c
Patch CVE-2023-4911.patch does not apply (enforce with -f)

Steve

On Wed, Oct 4, 2023 at 10:54 PM Mike Crowe via lists.openembedded.org
<mac=mcrowe.com@lists.openembedded.org> wrote:
>
> From: Mike Crowe <mac@mcrowe.com>
>
> Take the patch from the source for Debian's glibc 2.31-13+deb11u7
> package, the changelog for which starts with:
>
>  glibc (2.31-13+deb11u7) bullseye-security; urgency=medium
>
>    * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
>      dynamic loader's processing of the GLIBC_TUNABLES environment variable
>      (CVE-2023-4911).
>
> This addresses the "Looney Tunables" vulnerability described at
> https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
>
> Signed-off-by: Mike Crowe <mac@mcrowe.com>
> ---
>  .../glibc/glibc/CVE-2023-4911.patch           | 63 +++++++++++++++++++
>  meta/recipes-core/glibc/glibc_2.31.bb         |  1 +
>  2 files changed, 64 insertions(+)
>  create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
>
> diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
> new file mode 100644
> index 0000000000..4d3146509a
> --- /dev/null
> +++ b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
> @@ -0,0 +1,63 @@
> +From d2b77337f734fcacdfc8e0ddec14cf31a746c7be Mon Sep 17 00:00:00 2001
> +From: Siddhesh Poyarekar <siddhesh@redhat.com>
> +Date: Mon, 11 Sep 2023 18:53:15 -0400
> +Subject: [PATCH v2] tunables: Terminate immediately if end of input is reached
> +
> +The string parsing routine may end up writing beyond bounds of tunestr
> +if the input tunable string is malformed, of the form name=name=val.
> +This gets processed twice, first as name=name=val and next as name=val,
> +resulting in tunestr being name=name=val:name=val, thus overflowing
> +tunestr.
> +
> +Terminate the parsing loop at the first instance itself so that tunestr
> +does not overflow.
> +---
> +Changes from v1:
> +
> +- Also null-terminate tunestr before exiting.
> +
> + elf/dl-tunables.c | 17 ++++++++++-------
> + 1 file changed, 10 insertions(+), 7 deletions(-)
> +
> +Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
> +CVE: CVE-2023-4911
> +
> +diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
> +index 8e7ee9df10..76cf8b9da3 100644
> +--- a/elf/dl-tunables.c
> ++++ b/elf/dl-tunables.c
> +@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring)
> +       /* If we reach the end of the string before getting a valid name-value
> +        pair, bail out.  */
> +       if (p[len] == '\0')
> +-      {
> +-        if (__libc_enable_secure)
> +-          tunestr[off] = '\0';
> +-        return;
> +-      }
> ++      break;
> +
> +       /* We did not find a valid name-value pair before encountering the
> +        colon.  */
> +@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *valstring)
> +           }
> +       }
> +
> +-      if (p[len] != '\0')
> +-      p += len + 1;
> ++      /* We reached the end while processing the tunable string.  */
> ++      if (p[len] == '\0')
> ++      break;
> ++
> ++      p += len + 1;
> +     }
> ++
> ++  /* Terminate tunestr before we leave.  */
> ++  if (__libc_enable_secure)
> ++    tunestr[off] = '\0';
> + }
> + #endif
> +
> +--
> +2.41.0
> +
> diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
> index 8d216f6ed1..1862586749 100644
> --- a/meta/recipes-core/glibc/glibc_2.31.bb
> +++ b/meta/recipes-core/glibc/glibc_2.31.bb
> @@ -80,6 +80,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
>             file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
>             file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
>             file://CVE-2023-0687.patch \
> +           file://CVE-2023-4911.patch \
>             "
>  S = "${WORKDIR}/git"
>  B = "${WORKDIR}/build-${TARGET_SYS}"
> --
> 2.39.2
>
> BrightSign considers your privacy to be very important. The emails you send to us will be protected and secured. Furthermore, we will only use your email and contact information for the reasons you sent them to us and for tracking how effectively we respond to your requests.
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#188708): https://lists.openembedded.org/g/openembedded-core/message/188708
> Mute This Topic: https://lists.openembedded.org/mt/101773057/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Scott Murray]

[-- Attachment #1: Type: text/plain, Size: 5489 bytes --]

On Thu, 5 Oct 2023, Steve Sakoman wrote:

> Hmmm ... does this build for you?
>
> I'm getting:
>
> ERROR: glibc-2.31+gitAUTOINC+2d4f26e5cf-r0 do_patch: Applying patch
> 'CVE-2023-4911.patch' on target directory
> '/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/git'
> Command Error: 'quilt --quiltrc
> /home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/recipe-sysroot-native/etc/quiltrc
> push' exited with 0  Output:
> Applying patch CVE-2023-4911.patch
> patching file elf/dl-tunables.c
> Hunk #1 FAILED at 187.
> Hunk #2 FAILED at 251.
> 2 out of 2 hunks FAILED -- rejects in file elf/dl-tunables.c
> Patch CVE-2023-4911.patch does not apply (enforce with -f)
>
> Steve

Debian's page at https://security-tracker.debian.org/tracker/CVE-2023-4911
indicates at the bottom that they're only vulnerable on their 2.31 based
versions because they backported the change that introduced the
vulnerability, which I don't believe has been done in oe-core...

Scott

> On Wed, Oct 4, 2023 at 10:54 PM Mike Crowe via lists.openembedded.org
> <mac=mcrowe.com@lists.openembedded.org> wrote:
> >
> > From: Mike Crowe <mac@mcrowe.com>
> >
> > Take the patch from the source for Debian's glibc 2.31-13+deb11u7
> > package, the changelog for which starts with:
> >
> >  glibc (2.31-13+deb11u7) bullseye-security; urgency=medium
> >
> >    * debian/patches/any/local-CVE-2023-4911.patch: Fix a buffer overflow in the
> >      dynamic loader's processing of the GLIBC_TUNABLES environment variable
> >      (CVE-2023-4911).
> >
> > This addresses the "Looney Tunables" vulnerability described at
> > https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
> >
> > Signed-off-by: Mike Crowe <mac@mcrowe.com>
> > ---
> >  .../glibc/glibc/CVE-2023-4911.patch           | 63 +++++++++++++++++++
> >  meta/recipes-core/glibc/glibc_2.31.bb         |  1 +
> >  2 files changed, 64 insertions(+)
> >  create mode 100644 meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
> >
> > diff --git a/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
> > new file mode 100644
> > index 0000000000..4d3146509a
> > --- /dev/null
> > +++ b/meta/recipes-core/glibc/glibc/CVE-2023-4911.patch
> > @@ -0,0 +1,63 @@
> > +From d2b77337f734fcacdfc8e0ddec14cf31a746c7be Mon Sep 17 00:00:00 2001
> > +From: Siddhesh Poyarekar <siddhesh@redhat.com>
> > +Date: Mon, 11 Sep 2023 18:53:15 -0400
> > +Subject: [PATCH v2] tunables: Terminate immediately if end of input is reached
> > +
> > +The string parsing routine may end up writing beyond bounds of tunestr
> > +if the input tunable string is malformed, of the form name=name=val.
> > +This gets processed twice, first as name=name=val and next as name=val,
> > +resulting in tunestr being name=name=val:name=val, thus overflowing
> > +tunestr.
> > +
> > +Terminate the parsing loop at the first instance itself so that tunestr
> > +does not overflow.
> > +---
> > +Changes from v1:
> > +
> > +- Also null-terminate tunestr before exiting.
> > +
> > + elf/dl-tunables.c | 17 ++++++++++-------
> > + 1 file changed, 10 insertions(+), 7 deletions(-)
> > +
> > +Upstream-Status: Backport [git://sourceware.org/git/glibc.git]
> > +CVE: CVE-2023-4911
> > +
> > +diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
> > +index 8e7ee9df10..76cf8b9da3 100644
> > +--- a/elf/dl-tunables.c
> > ++++ b/elf/dl-tunables.c
> > +@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring)
> > +       /* If we reach the end of the string before getting a valid name-value
> > +        pair, bail out.  */
> > +       if (p[len] == '\0')
> > +-      {
> > +-        if (__libc_enable_secure)
> > +-          tunestr[off] = '\0';
> > +-        return;
> > +-      }
> > ++      break;
> > +
> > +       /* We did not find a valid name-value pair before encountering the
> > +        colon.  */
> > +@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *valstring)
> > +           }
> > +       }
> > +
> > +-      if (p[len] != '\0')
> > +-      p += len + 1;
> > ++      /* We reached the end while processing the tunable string.  */
> > ++      if (p[len] == '\0')
> > ++      break;
> > ++
> > ++      p += len + 1;
> > +     }
> > ++
> > ++  /* Terminate tunestr before we leave.  */
> > ++  if (__libc_enable_secure)
> > ++    tunestr[off] = '\0';
> > + }
> > + #endif
> > +
> > +--
> > +2.41.0
> > +
> > diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb
> > index 8d216f6ed1..1862586749 100644
> > --- a/meta/recipes-core/glibc/glibc_2.31.bb
> > +++ b/meta/recipes-core/glibc/glibc_2.31.bb
> > @@ -80,6 +80,7 @@ SRC_URI =  "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
> >             file://0036-i386-Avoid-lazy-relocation-of-tlsdesc-BZ-27137.patch \
> >             file://0037-Avoid-deadlock-between-pthread_create-and-ctors.patch \
> >             file://CVE-2023-0687.patch \
> > +           file://CVE-2023-4911.patch \
> >             "
> >  S = "${WORKDIR}/git"
> >  B = "${WORKDIR}/build-${TARGET_SYS}"
> > --
> > 2.39.2
> >
> > BrightSign considers your privacy to be very important. The emails you send to us will be protected and secured. Furthermore, we will only use your email and contact information for the reasons you sent them to us and for tracking how effectively we respond to your requests.
> >
> >
> >
>

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Mike Crowe]

On Thursday 05 October 2023 at 04:17:08 -1000, Steve Sakoman wrote:
> Hmmm ... does this build for you?

Yes, on top of 0111b5b152c1bcff0ab26cf8632ca9002237f070 (current HEAD of
openembedded-core dunfell branch.)

> I'm getting:
> 
> ERROR: glibc-2.31+gitAUTOINC+2d4f26e5cf-r0 do_patch: Applying patch
> 'CVE-2023-4911.patch' on target directory
> '/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/git'
> Command Error: 'quilt --quiltrc
> /home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/recipe-sysroot-native/etc/quiltrc
> push' exited with 0  Output:
> Applying patch CVE-2023-4911.patch
> patching file elf/dl-tunables.c
> Hunk #1 FAILED at 187.
> Hunk #2 FAILED at 251.
> 2 out of 2 hunks FAILED -- rejects in file elf/dl-tunables.c
> Patch CVE-2023-4911.patch does not apply (enforce with -f)

Well that's strange. I can see from your work directory name that you're
using the same glibc commit as me:
2d4f26e5cfda682f9ce61444b81533b83f6381af, and I can apply the
CVE-2023-4911.patch to that commit without conflicts.

Do you have any other changes beyond
0111b5b152c1bcff0ab26cf8632ca9002237f070 in your tree that might be
applying other patches?

Mike.

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Mike Crowe]

On Thursday 05 October 2023 at 11:16:29 -0400, Scott Murray wrote:
> Debian's page at https://security-tracker.debian.org/tracker/CVE-2023-4911
> indicates at the bottom that they're only vulnerable on their 2.31 based
> versions because they backported the change that introduced the
> vulnerability, which I don't believe has been done in oe-core...

It has.

The openembedded-core dunfell branch is using glibc
2d4f26e5cfda682f9ce61444b81533b83f6381af. This commit is a successor of
8e88c0d8885f68d22f47b22969c273004c6e719f, which is the backport of
2ed18c5b534d9e92fc006202a5af0df6b72e7aca (as mentioned in the Qualsys
advisory) that introduced the vulnerability.

Mike.

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Scott Murray]

On Thu, 5 Oct 2023, Mike Crowe wrote:

> On Thursday 05 October 2023 at 11:16:29 -0400, Scott Murray wrote:
> > Debian's page at https://security-tracker.debian.org/tracker/CVE-2023-4911
> > indicates at the bottom that they're only vulnerable on their 2.31 based
> > versions because they backported the change that introduced the
> > vulnerability, which I don't believe has been done in oe-core...
>
> It has.
>
> The openembedded-core dunfell branch is using glibc
> 2d4f26e5cfda682f9ce61444b81533b83f6381af. This commit is a successor of
> 8e88c0d8885f68d22f47b22969c273004c6e719f, which is the backport of
> 2ed18c5b534d9e92fc006202a5af0df6b72e7aca (as mentioned in the Qualsys
> advisory) that introduced the vulnerability.

Hrm, yes, I had not realized that glibc had backported it on the 2.31
branch itself versus distros picking it themselves, my apologies.  There
sadly does not seem to be any public declaration yet if it is actually
exploitable on pre-2.35 or not.

Scott

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Steve Sakoman]

On Thu, Oct 5, 2023 at 8:44 AM Mike Crowe <mac@mcrowe.com> wrote:
>
> On Thursday 05 October 2023 at 04:17:08 -1000, Steve Sakoman wrote:
> > Hmmm ... does this build for you?
>
> Yes, on top of 0111b5b152c1bcff0ab26cf8632ca9002237f070 (current HEAD of
> openembedded-core dunfell branch.)
>
> > I'm getting:
> >
> > ERROR: glibc-2.31+gitAUTOINC+2d4f26e5cf-r0 do_patch: Applying patch
> > 'CVE-2023-4911.patch' on target directory
> > '/home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/git'
> > Command Error: 'quilt --quiltrc
> > /home/steve/builds/poky-contrib/build/tmp/work/core2-64-poky-linux/glibc/2.31+gitAUTOINC+2d4f26e5cf-r0/recipe-sysroot-native/etc/quiltrc
> > push' exited with 0  Output:
> > Applying patch CVE-2023-4911.patch
> > patching file elf/dl-tunables.c
> > Hunk #1 FAILED at 187.
> > Hunk #2 FAILED at 251.
> > 2 out of 2 hunks FAILED -- rejects in file elf/dl-tunables.c
> > Patch CVE-2023-4911.patch does not apply (enforce with -f)
>
> Well that's strange. I can see from your work directory name that you're
> using the same glibc commit as me:
> 2d4f26e5cfda682f9ce61444b81533b83f6381af, and I can apply the
> CVE-2023-4911.patch to that commit without conflicts.
>
> Do you have any other changes beyond
> 0111b5b152c1bcff0ab26cf8632ca9002237f070 in your tree that might be
> applying other patches?

Strange!  Nothing that should affect glibc.  I'm applying to the head
of stable/dunfell-nut:

https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Steve

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Mike Crowe]

On Thursday 05 October 2023 at 09:25:44 -1000, Steve Sakoman wrote:
> Strange!  Nothing that should affect glibc.  I'm applying to the head
> of stable/dunfell-nut:
> 
> https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

All my fault.

I managed to lose my mail-sending wrapper in some recent configuration
setting cleanups and the patch went out via Microsoft's mail server which
seems to have corrupted the whitespace in the patch. I'll post v2 shortly
via a less broken mail server.

Sorry for the confusion.

Mike.

Re: [OE-core] [dunfell][PATCH] glibc: Fix CVE-2023-4911 "Looney Tunables"

[Steve Sakoman]

On Thu, Oct 5, 2023 at 10:37 AM Mike Crowe <mac@mcrowe.com> wrote:
>
> On Thursday 05 October 2023 at 09:25:44 -1000, Steve Sakoman wrote:
> > Strange!  Nothing that should affect glibc.  I'm applying to the head
> > of stable/dunfell-nut:
> >
> > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
>
> All my fault.
>
> I managed to lose my mail-sending wrapper in some recent configuration
> setting cleanups and the patch went out via Microsoft's mail server which
> seems to have corrupted the whitespace in the patch. I'll post v2 shortly
> via a less broken mail server.
>
> Sorry for the confusion.

Ah, that makes sense! I'll watch for it.

Steve