From 4661cd4f70272c1e6e34dc99e8f20aede3cf87b4 Mon Sep 17 00:00:00 2001
From: slava86 <s.matveev@rosalinux.ru>
Date: Fri, 6 Aug 2021 15:46:09 +0300
Subject: [PATCH] closed CVE-2021-35942

---
 CVE-2021-35942.patch | 39 +++++++++++++++++++++++++++++++++++++++
 glibc.spec           |  5 +++--
 2 files changed, 42 insertions(+), 2 deletions(-)
 create mode 100644 CVE-2021-35942.patch

diff --git a/CVE-2021-35942.patch b/CVE-2021-35942.patch
new file mode 100644
index 0000000..47b0b28
--- /dev/null
+++ b/CVE-2021-35942.patch
@@ -0,0 +1,39 @@
+From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 25 Jun 2021 15:02:47 +0200
+Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug
+ 28011)
+
+Use strtoul instead of atoi so that overflow can be detected.
+---
+ posix/wordexp-test.c | 1 +
+ posix/wordexp.c      | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
+index f93a546d7e..9df02dbbb3 100644
+--- a/posix/wordexp-test.c
++++ b/posix/wordexp-test.c
+@@ -183,6 +183,7 @@ struct test_case_struct
+     { 0, NULL, "$var", 0, 0, { NULL, }, IFS },
+     { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS },
+     { 0, NULL, "", 0, 0, { NULL, }, IFS },
++    { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS },
+ 
+     /* Flags not already covered (testit() has special handling for these) */
+     { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS },
+diff --git a/posix/wordexp.c b/posix/wordexp.c
+index bcbe96e48d..1f3b09f721 100644
+--- a/posix/wordexp.c
++++ b/posix/wordexp.c
+@@ -1399,7 +1399,7 @@ envsubst:
+   /* Is it a numeric parameter? */
+   else if (isdigit (env[0]))
+     {
+-      int n = atoi (env);
++      unsigned long n = strtoul (env, NULL, 10);
+ 
+       if (n >= __libc_argc)
+ 	/* Substitute NULL. */
+-- 
+2.27.0
diff --git a/glibc.spec b/glibc.spec
index 83b9058..d14fdef 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -46,7 +46,7 @@
 %define _disable_ld_no_undefined 1
 
 # (tpg) optimize it a bit
-%global optflags %{optflags} -O3
+%global optflags %{optflags} -O3 -fno-strict-aliasing
 
 %global platform %{_target_vendor}-%{_target_os}%{?_gnu}
 %global target_cpu %{_target_cpu}
@@ -132,7 +132,7 @@ Source0:	http://ftp.gnu.org/gnu/glibc/%{oname}-%{ver}.tar.xz
 #Source1:	http://ftp.gnu.org/gnu/glibc/%{oname}-%{ver}.tar.xz.sig
 #endif
 %endif
-Release:	10
+Release:	11
 License:	LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
 Group:		System/Libraries
 Url:		http://www.gnu.org/software/libc/
@@ -255,6 +255,7 @@ Patch1044:      Fix-buffer-overrun-in-EUC-KR-conversion-module-bz-24.patch
 Patch1045:      gconv-Fix-assertion-failure-in-ISO-2022-JP-3-module-.patch
 Patch1046:      CVE-2020-27618.patch
 Patch1047:      CVE-2021-27645.patch
+Patch1048:	CVE-2021-35942.patch
 # These generatiors are exeperimentally disabled while
 # bootstrapping aarch64 to try to get rid of them
 %ifnarch aarch64