Merge commit staging+systemd into closure-size

Many non-conflict problems weren't (fully) resolved in this commit yet.

1 files changed, 39 insertions, 0 deletions

diff --git a/pkgs/development/libraries/glibc/security-bdf1ff05.patch b/pkgs/development/libraries/glibc/security-bdf1ff05.patch
new file mode 100644
index 00000000000..b4175694f91
--- /dev/null
+++ b/pkgs/development/libraries/glibc/security-bdf1ff05.patch
@@ -0,0 +1,39 @@
+From bdf1ff052a8e23d637f2c838fa5642d78fcedc33 Mon Sep 17 00:00:00 2001
+From: Paul Pluzhnikov <ppluzhnikov@google.com>
+Date: Sun, 22 Feb 2015 12:01:47 -0800
+Subject: [PATCH] Fix BZ #17269 -- _IO_wstr_overflow integer overflow
+
+---
+ ChangeLog       | 6 ++++++
+ NEWS            | 6 +++---
+ libio/wstrops.c | 8 +++++++-
+ 3 files changed, 16 insertions(+), 4 deletions(-)
+
+diff --git a/libio/wstrops.c b/libio/wstrops.c
+index 43d847d..3993579 100644
+--- a/libio/wstrops.c
++++ b/libio/wstrops.c
+@@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c)
+ 	  wchar_t *old_buf = fp->_wide_data->_IO_buf_base;
+ 	  size_t old_wblen = _IO_wblen (fp);
+ 	  _IO_size_t new_size = 2 * old_wblen + 100;
+-	  if (new_size < old_wblen)
++
++	  if (__glibc_unlikely (new_size < old_wblen)
++	      || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t)))
+ 	    return EOF;
++
+ 	  new_buf
+ 	    = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size
+ 									* sizeof (wchar_t));
+@@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64_t offset, int reading)
+     return 1;
+ 
+   _IO_size_t newsize = offset + 100;
++  if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t)))
++    return 1;
++
+   wchar_t *oldbuf = wd->_IO_buf_base;
+   wchar_t *newbuf
+     = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize
+