diff --git a/glibc.changes b/glibc.changes index 4886152..e9ab338 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,8 +1,33 @@ +------------------------------------------------------------------- +Thu Jul 18 08:31:37 UTC 2024 - Andreas Schwab + +- s390x-wcsncmp.patch: s390x: Fix segfault in wcsncmp (bsc#1228041, BZ + #31934) + +------------------------------------------------------------------- +Wed May 29 10:41:20 UTC 2024 - Andreas Schwab + +- Fix typo in last change + +------------------------------------------------------------------- +Thu May 23 11:31:34 UTC 2024 - Andreas Schwab + +- Also include stat64 in the 32-bit libc_nonshared.a workaround + (bsc#1221482) + +------------------------------------------------------------------- +Wed May 8 14:06:39 UTC 2024 - Giuliano Belinassi + +- ulp-prologue-into-asm-functions.patch: Avoid creating ULP prologue + for _start routine (bsc#1221940) + ------------------------------------------------------------------- Tue May 7 10:32:54 UTC 2024 - Andreas Schwab - nscd-netgroup-cache-timeout.patch: Use time_t for return type of addgetnetgrentX (CVE-2024-33602, bsc#1223425) +- Also add libc_nonshared.a workaround to 32-bit x86 compat package + (bsc#1221482) ------------------------------------------------------------------- Wed May 1 23:50:51 UTC 2024 - Giuliano Belinassi @@ -26,6 +51,12 @@ Thu Apr 18 08:22:48 UTC 2024 - Andreas Schwab - iconv-iso-2022-cn-ext.patch: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) +------------------------------------------------------------------- +Wed Apr 3 15:54:02 UTC 2024 - Andreas Schwab + +- Add workaround for invalid use of libc_nonshared.a with non-SUSE libc + (bsc#1221482) + ------------------------------------------------------------------- Thu Mar 21 13:22:51 UTC 2024 - Andreas Schwab diff --git a/glibc.spec b/glibc.spec index 1b05ed6..ef14c5c 100644 --- a/glibc.spec +++ b/glibc.spec @@ -359,6 +359,8 @@ Patch1030: glibc-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch Patch1031: glibc-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two.patch # PATCH-FIX-UPSTREAM nscd: Use time_t for return type of addgetnetgrentX (CVE-2024-33602) Patch1032: nscd-netgroup-cache-timeout.patch +# PATCH-FIX-UPSTREAM s390x: Fix segfault in wcsncmp (BZ #31934) +Patch1033: s390x-wcsncmp.patch ### # Patches awaiting upstream approval @@ -767,40 +769,31 @@ echo 'CFLAGS-.os += -fdump-ipa-clones' \ make %{?_smp_mflags} %{?make_output_sync} -%ifarch x86_64 %if %{build_main} && 0%{?sle_version} +%ifarch x86_64 i686 # Horrible workaround for bsc#1221482 -gcc -O2 -xc - -c -o stat.oS <<\EOF -#define _STAT_VER 1 -int __xstat (int, const char *, void *); +xstatbuild () +{ + gcc -O2 -I ../sysdeps/unix/sysv/linux/x86 -xc - -c -o $1stat$2.oS < +int __$1xstat$2 (int, $3, void *); int -stat (const char *file, void *buf) +$1stat$2 ($3 file, void *buf) { - return __xstat (_STAT_VER, file, buf); + return __$1xstat$2 (_STAT_VER, file, buf); } EOF -gcc -O2 -xc - -c -o fstat.oS <<\EOF -#define _STAT_VER 1 -int __fxstat (int, int, void *); - -int -fstat (int fd, void *buf) -{ - return __fxstat (_STAT_VER, fd, buf); + ar r libc_nonshared.a $1stat$2.oS } -EOF -gcc -O2 -xc - -c -o lstat.oS <<\EOF -#define _STAT_VER 1 -int __lxstat (int, const char *, void *); - -int -lstat (const char *file, void *buf) -{ - return __lxstat (_STAT_VER, file, buf); -} -EOF -ar r libc_nonshared.a stat.oS fstat.oS lstat.oS +xstatbuild "" "" "const char *" +xstatbuild f "" int +xstatbuild l "" "const char *" +%ifarch i686 +xstatbuild "" 64 "const char *" +xstatbuild f 64 int +xstatbuild l 64 "const char *" +%endif %endif %endif diff --git a/s390x-wcsncmp.patch b/s390x-wcsncmp.patch new file mode 100644 index 0000000..21806e1 --- /dev/null +++ b/s390x-wcsncmp.patch @@ -0,0 +1,58 @@ +From 712453634c8efd71a9b3ff0122145a9e90e9955c Mon Sep 17 00:00:00 2001 +From: Stefan Liebler +Date: Thu, 11 Jul 2024 11:28:53 +0200 +Subject: [PATCH] s390x: Fix segfault in wcsncmp [BZ #31934] + +The z13/vector-optimized wcsncmp implementation segfaults if n=1 +and there is only one character (equal on both strings) before +the page end. Then it loads and compares one character and misses +to check n again. The following load fails. + +This patch removes the extra load and compare of the first character +and just start with the loop which uses vector-load-to-block-boundary. +This code-path also checks n. + +With this patch both tests are passing: +- the simplified one mentioned in the bugzilla 31934 +- the full one in Florian Weimer's patch: +"manual: Document a GNU extension for strncmp/wcsncmp" +(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/): +On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934. +Reviewed-by: Carlos O'Donell + +(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7) +--- + sysdeps/s390/wcsncmp-vx.S | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/sysdeps/s390/wcsncmp-vx.S b/sysdeps/s390/wcsncmp-vx.S +index 1bf769b870..4028d1e624 100644 +--- a/sysdeps/s390/wcsncmp-vx.S ++++ b/sysdeps/s390/wcsncmp-vx.S +@@ -59,14 +59,7 @@ ENTRY(WCSNCMP_Z13) + sllg %r4,%r4,2 /* Convert character-count to byte-count. */ + locgrne %r4,%r1 /* Use max byte-count, if bit 0/1 was one. */ + +- /* Check first character without vector load. */ +- lghi %r5,4 /* current_len = 4 bytes. */ +- /* Check s1/2[0]. */ +- lt %r0,0(%r2) +- l %r1,0(%r3) +- je .Lend_cmp_one_char +- crjne %r0,%r1,.Lend_cmp_one_char +- ++ lghi %r5,0 /* current_len = 0 bytes. */ + .Lloop: + vlbb %v17,0(%r5,%r3),6 /* Load s2 to block boundary. */ + vlbb %v16,0(%r5,%r2),6 /* Load s1 to block boundary. */ +@@ -167,7 +160,6 @@ ENTRY(WCSNCMP_Z13) + srl %r4,2 /* And convert it to character-index. */ + vlgvf %r0,%v16,0(%r4) /* Load character-values. */ + vlgvf %r1,%v17,0(%r4) +-.Lend_cmp_one_char: + cr %r0,%r1 + je .Lend_equal + lghi %r2,1 +-- +2.45.2 + diff --git a/ulp-prologue-into-asm-functions.patch b/ulp-prologue-into-asm-functions.patch index 10f1ae3..a0579bf 100644 --- a/ulp-prologue-into-asm-functions.patch +++ b/ulp-prologue-into-asm-functions.patch @@ -153,19 +153,19 @@ index 0b3483a77a..329c16306e 100644 +/* For 32-bit glibc then define those macros as empty. */ +#ifndef ULP_PRE_PROLOGUE -+# define ULP_PRE_PROLOGUE ++# define ULP_PRE_PROLOGUE(name) +#endif +#ifndef ULP_POST_PROLOGUE -+# define ULP_POST_PROLOGUE ++# define ULP_POST_PROLOGUE(name) +#endif + +/* Define the first instructions of a function. */ +#define FUNCTION_START(name) \ -+ ULP_PRE_PROLOGUE; \ ++ ULP_PRE_PROLOGUE(name); \ + C_LABEL(name); \ + cfi_startproc; \ + _CET_ENDBR; \ -+ ULP_POST_PROLOGUE; \ ++ ULP_POST_PROLOGUE(name); \ + CALL_MCOUNT; + /* Define an entry point visible from C. */ @@ -230,10 +230,10 @@ index cbb22884eb..327377daa6 100644 /* * This implementation uses SSE to compare up to 16 bytes at a time. diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h -index 6ca169573d..c18f0ef914 100644 +index c8ad778fee..59c278eb58 100644 --- a/sysdeps/x86_64/sysdep.h +++ b/sysdeps/x86_64/sysdep.h -@@ -24,6 +24,19 @@ +@@ -23,6 +23,46 @@ #ifdef __ASSEMBLER__ @@ -242,12 +242,39 @@ index 6ca169573d..c18f0ef914 100644 + written in ASM, the way we do this is by adding this prologue manually. */ + +#if ENABLE_USERSPACE_LIVEPATCH -+# undef ULP_PRE_PROLOGUE -+# undef ULP_POST_PROLOGUE -+# define ULP_PRE_PROLOGUE \ -+ .rept 14; nop; .endr -+# define ULP_POST_PROLOGUE \ -+ xchg %ax, %ax ++ ++/* Instructions to be inserted before the function label. */ ++# define ULP_NOPS_PRE_PROLOGUE .rept 14; nop; .endr ++ ++/* Instruction to be inserted after the function label. */ ++# define ULP_NOPS_POST_PROLOGUE .rept 2; nop; .endr ++ ++ ++/* this macro expands according to the following condition: ++ * if name = _start, then the prologue is not inserted. ++ * if name = _dl_relocate_static_pie, then the prologue is not inserted. ++ * if name = anything else, then the prologue is inserted. ++ **/ ++# define __ULP_POST_PROLOGUE_dl_relocate_static_pie , ++# define __ULP_PRE_PROLOGUE_start , ++# define __ULP_PRE_PROLOGUE(x, y,...) y ++# define _ULP_PRE_PROLOGUE(x, ...) __ULP_PRE_PROLOGUE(x, __VA_ARGS__) ++# define ULP_PRE_PROLOGUE(name) _ULP_PRE_PROLOGUE(__ULP_PRE_PROLOGUE##name, ULP_NOPS_PRE_PROLOGUE,) ++ ++/* this macro expands according to the following condition: ++ * if name = _start, then the postlogue is not inserted. ++ * if name = _dl_relocate_static_pie, then the postlogue is not inserted. ++ * if name = anything else, then the postlogue is inserted. ++ **/ ++# define __ULP_POST_PROLOGUE_dl_relocate_static_pie , ++# define __ULP_POST_PROLOGUE_start , ++# define __ULP_POST_PROLOGUE(x, y,...) y ++# define _ULP_POST_PROLOGUE(x, ...) __ULP_POST_PROLOGUE(x, __VA_ARGS__) ++# define ULP_POST_PROLOGUE(name) _ULP_POST_PROLOGUE(__ULP_POST_PROLOGUE##name, ULP_NOPS_POST_PROLOGUE,) ++ ++#else ++# define ULP_PRE_PROLOGUE(name) ++# define ULP_POST_PROLOGUE(name) +#endif + /* Syntactic details of assembler. */