glibc/glibc-resolv-reload.diff

122 lines
4.4 KiB
Diff
Raw Normal View History

From libc-alpha-return-22754-pasky=ucw.cz@sourceware.org Tue Mar 16 00:47:00 2010
Return-Path: <libc-alpha-return-22754-pasky=ucw.cz@sourceware.org>
X-Original-To: pasky@pasky.or.cz
Delivered-To: pasky@pasky.or.cz
Received: from nikam.ms.mff.cuni.cz (nikam-dmz.ms.mff.cuni.cz [195.113.20.16])
by machine.or.cz (Postfix) with ESMTPS id C1B8586202A
for <pasky@pasky.or.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
Received: by nikam.ms.mff.cuni.cz (Postfix)
id 9CDEC9AC7A4; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
Delivered-To: pasky@kam.mff.cuni.cz
Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [89.250.246.4])
by nikam.ms.mff.cuni.cz (Postfix) with ESMTP id 99F0E9AC77B
for <pasky@kam.mff.cuni.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
by jabberwock.ucw.cz (Postfix) with SMTP id 14E1ACF040
for <pasky@ucw.cz>; Tue, 16 Mar 2010 00:46:59 +0100 (CET)
Received: (qmail 18956 invoked by alias); 15 Mar 2010 23:46:58 -0000
Delivered-To: moderator for libc-alpha@sourceware.org
Received: (qmail 15843 invoked by uid 22791); 15 Mar 2010 17:23:15 -0000
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0
tests=BAYES_00
X-Spam-Check-By: sourceware.org
Message-ID: <4B9E6CFA.7020002@riot.org>
Date: Mon, 15 Mar 2010 18:23:06 +0100
From: Sebastian Kienzl <seb@riot.org>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: libc-alpha@sourceware.org
Subject: Reloading of /etc/resolv.conf
Content-Type: multipart/mixed;
boundary="------------060407080409020101000002"
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-pasky=ucw.cz@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
This is a multi-part message in MIME format.
--------------060407080409020101000002
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Hello!
There's a patch in the wild against the resolver which makes it reload
/etc/resolv.conf on change, see
http://sources.redhat.com/ml/libc-alpha/2004-09/msg00130.html
However, this patch actually doesn't work properly for multi-threaded
programs, as only one thread will notice the change and refresh its
resolver state. I've attached a proper patch. It's for 2.5 but it should
work with current versions, too.
Even though the patch may not be interesting for upstream, I decided to
let you know about this problem, since the mentioned patch seems to be
used by at least Debian and Ubuntu.
Regards,
Seb.
--------------060407080409020101000002
Content-Type: text/plain;
name="glibc-2.5-resolvconf.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="glibc-2.5-resolvconf.patch"
Accepting request 186119 from home:Andreas_Schwab:glibc - Update to glibc 2.17.90 85891acadf1b: * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal has been fixed by disabling the use of pt_chown (Bugzilla #15755). Distributions can re-enable building and using pt_chown via the new configure option `--enable-pt_chown'. Enabling the use of pt_chown carries with it considerable security risks and should only be used if the distribution understands and accepts the risks. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). * CVE-2013-1914 Stack overflow in getaddrinfo with many results has been fixed (Bugzilla #15330). * Add support for calling C++11 thread_local object destructors on thread and program exit. This needs compiler support for offloading C++11 destructor calls to glibc. * Improved worst case performance of libm functions with double inputs and output. * Support for priority inherited mutexes in pthread condition variables on non-x86 architectures. * Optimized string functions for AArch64. Implemented by Marcus Shawcroft. * Optimized string functions for ARM. Implemented by Will Newton and Richard Henderson. * Added a benchmark framework to track performance of functions in glibc. * New <math.h> macro named issignaling to check for a signaling NaN (sNaN). It is based on draft TS 18661 and currently enabled as a GNU extension. * On Linux, the clock function now uses the clock_gettime system call for improved precision, rather than old times system call. * Added new API functions pthread_getattr_default_np and pthread_setattr_default_np to get and set the default pthread attributes of a process. * Added support for TSX lock elision for pthread mutexes on i386 and x86-64. OBS-URL: https://build.opensuse.org/request/show/186119 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=304
2013-08-06 16:52:55 +02:00
Index: glibc-2.17.90/resolv/res_libc.c
===================================================================
Accepting request 186119 from home:Andreas_Schwab:glibc - Update to glibc 2.17.90 85891acadf1b: * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal has been fixed by disabling the use of pt_chown (Bugzilla #15755). Distributions can re-enable building and using pt_chown via the new configure option `--enable-pt_chown'. Enabling the use of pt_chown carries with it considerable security risks and should only be used if the distribution understands and accepts the risks. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). * CVE-2013-1914 Stack overflow in getaddrinfo with many results has been fixed (Bugzilla #15330). * Add support for calling C++11 thread_local object destructors on thread and program exit. This needs compiler support for offloading C++11 destructor calls to glibc. * Improved worst case performance of libm functions with double inputs and output. * Support for priority inherited mutexes in pthread condition variables on non-x86 architectures. * Optimized string functions for AArch64. Implemented by Marcus Shawcroft. * Optimized string functions for ARM. Implemented by Will Newton and Richard Henderson. * Added a benchmark framework to track performance of functions in glibc. * New <math.h> macro named issignaling to check for a signaling NaN (sNaN). It is based on draft TS 18661 and currently enabled as a GNU extension. * On Linux, the clock function now uses the clock_gettime system call for improved precision, rather than old times system call. * Added new API functions pthread_getattr_default_np and pthread_setattr_default_np to get and set the default pthread attributes of a process. * Added support for TSX lock elision for pthread mutexes on i386 and x86-64. OBS-URL: https://build.opensuse.org/request/show/186119 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=304
2013-08-06 16:52:55 +02:00
--- glibc-2.17.90.orig/resolv/res_libc.c
+++ glibc-2.17.90/resolv/res_libc.c
Accepting request 417841 from home:Andreas_Schwab:Factory - Update to glibc 2.24 * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2 * The pap_AN locale has been deleted * The readdir_r and readdir64_r functions have been deprecated * The type `union wait' has been removed * A new NSS action is added to facilitate large distributed system administration * The deprecated __malloc_initialize_hook variable has been removed from the API * The long unused localedef --old-style option has been removed * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits (CVE-2016-5417) - setcontext-unwind-info.patch: Add EABI unwind info for setcontext on arm - Removed patches: * 0001-Updated-translations-for-2.23.patch OBS-URL: https://build.opensuse.org/request/show/417841 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=444
2016-08-08 14:56:22 +02:00
@@ -22,6 +22,7 @@
#include <arpa/nameser.h>
#include <resolv.h>
2016-02-24 12:39:39 +01:00
#include <libc-lock.h>
+#include <sys/stat.h>
Accepting request 417841 from home:Andreas_Schwab:Factory - Update to glibc 2.24 * The minimum Linux kernel version that this version of the GNU C Library can be used with is 3.2 * The pap_AN locale has been deleted * The readdir_r and readdir64_r functions have been deprecated * The type `union wait' has been removed * A new NSS action is added to facilitate large distributed system administration * The deprecated __malloc_initialize_hook variable has been removed from the API * The long unused localedef --old-style option has been removed * nextupl, nextup, nextupf, nextdownl, nextdown and nextdownf are added to libm * An unnecessary stack copy in _nss_dns_getnetbyname_r was removed (CVE-2016-3075) * Previously, getaddrinfo copied large amounts of address data to the stack, even after the fix for CVE-2013-4458 has been applied, potentially resulting in a stack overflow. getaddrinfo now uses a heap allocation instead (CVE-2016-3706) * The glob function suffered from a stack-based buffer overflow when it was called with the GLOB_ALTDIRFUNC flag and encountered a long file name (CVE-2016-1234) * The Sun RPC UDP client could exhaust all available stack space when flooded with crafted ICMP and UDP messages (CVE-2016-4429) * The IPv6 name server management code in libresolv could result in a memory leak for each thread which is created, performs a failing naming lookup, and exits (CVE-2016-5417) - setcontext-unwind-info.patch: Add EABI unwind info for setcontext on arm - Removed patches: * 0001-Updated-translations-for-2.23.patch OBS-URL: https://build.opensuse.org/request/show/417841 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=444
2016-08-08 14:56:22 +02:00
extern unsigned long long int __res_initstamp attribute_hidden;
/* We have atomic increment operations on 64-bit platforms. */
@@ -89,12 +89,34 @@ res_init(void) {
return (__res_vinit(&_res, 1));
}
+static time_t resconf_mtime;
+__libc_lock_define_initialized (static, resconf_mtime_lock);
+
+/* Check if the modification time of resolv.conf has changed.
+ If so, have all threads re-initialize their resolver states */
+static void
+__res_check_resconf (void)
+{
+ struct stat statbuf;
+ if (stat (_PATH_RESCONF, &statbuf) == 0) {
+ __libc_lock_lock (resconf_mtime_lock);
+ if (statbuf.st_mtime != resconf_mtime) {
+ resconf_mtime = statbuf.st_mtime;
+ atomicinclock (lock);
+ atomicinc (__res_initstamp);
+ atomicincunlock (lock);
+ }
+ __libc_lock_unlock (resconf_mtime_lock);
+ }
+}
+
/* Initialize resp if RES_INIT is not yet set or if res_init in some other
thread requested re-initializing. */
int
__res_maybe_init (res_state resp, int preinit)
{
if (resp->options & RES_INIT) {
+ __res_check_resconf ();
if (__res_initstamp != resp->_u._ext.initstamp) {
if (resp->nscount > 0)
__res_iclose (resp, true);