pool/glibc
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 878144 from home:Andreas_Schwab:Factory

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/878144
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=586
This commit is contained in:
Andreas Schwab 2021-03-10 10:18:01 +00:00 committed by Git OBS Bridge
parent 47a70fb50a
commit 33836751f9
2 changed files with 59 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glibc.spec
View File

@ -253,6 +253,8 @@ Patch1001: nss-load-chroot.patch
Patch1002: x86-isa-level.patch
# PATCH-FIX-UPSTREAM nscd: Fix double free in netgroupcache (CVE-2021-27645, BZ #27462)
Patch1003: nscd-netgroupcache.patch
# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
Patch1004: nss-database-lookup.patch
###
# Patches awaiting upstream approval
@ -261,8 +263,6 @@ Patch1003: nscd-netgroupcache.patch
Patch2000: fix-locking-in-_IO_cleanup.patch
# PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973)
Patch2001: ldconfig-concurrency.patch
# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
Patch2002: nss-database-lookup.patch
# Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
@ -476,10 +476,10 @@ Internal usrmerge bootstrap helper
%patch1001 -p1
%patch1002 -p1
%patch1003 -p1
%patch1004 -p1
%patch2000 -p1
%patch2001 -p1
%patch2002 -p1
%patch3000

97
nss-database-lookup.patch
View File

@ -1,7 +1,8 @@
From: DJ Delorie via Libc-alpha <libc-alpha@sourceware.org>
Subject: [PATCH v4] nss: fix nss_database_lookup2's alternate handling [BZ
From 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@redhat.com>
Date: Mon, 15 Feb 2021 21:34:23 -0500
Subject: [PATCH] nss: fix nss_database_lookup2's alternate handling [BZ
#27416]
Date: Fri, 05 Mar 2021 20:29:31 -0500
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
@ -36,13 +37,13 @@ default configuration works (group). Tested on x86-64.
nss/nss_compat/compat-initgroups.c | 2 +-
nss/nss_compat/compat-pwd.c | 2 +-
nss/nss_compat/compat-spwd.c | 3 +-
nss/nss_database.c | 35 ++++++-
nss/nss_database.c | 38 +++++++-
nss/nss_database.h | 5 +-
nss/nss_module.c | 20 ++--
nss/nss_test.h | 7 ++
nss/nss_test1.c | 93 +++++++++++++++++++
nss/nsswitch.c | 25 +----
nss/nsswitch.h | 7 +-
nss/nsswitch.c | 40 --------
nss/nsswitch.h | 9 --
nss/pwd-lookup.c | 1 -
nss/sgrp-lookup.c | 2 -
nss/spwd-lookup.c | 2 -
@ -53,7 +54,7 @@ default configuration works (group). Tested on x86-64.
nss/tst-nss-compat1.root/etc/shadow | 2 +
.../tst-nss-compat1.script | 1 +
sysdeps/posix/getaddrinfo.c | 4 +-
32 files changed, 256 insertions(+), 81 deletions(-)
32 files changed, 252 insertions(+), 105 deletions(-)
create mode 100644 nss/tst-nss-compat1.c
create mode 100644 nss/tst-nss-compat1.root/etc/group
create mode 100644 nss/tst-nss-compat1.root/etc/nsswitch.conf
@ -72,7 +73,7 @@ Index: glibc-2.33/nscd/aicache.c
- no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files",
- &nip);
+ no_more = (__nss_database_get (nss_database_hosts, &nip) == false);
+ no_more = !__nss_database_get (nss_database_hosts, &nip);
/* Initialize configurations. */
struct resolv_context *ctx = __resolv_context_get ();
@ -86,7 +87,7 @@ Index: glibc-2.33/nscd/initgrcache.c
if (group_database == NULL)
- no_more = __nss_database_lookup2 ("group", NULL, "files",
- &group_database);
+ no_more = (__nss_database_get (nss_database_group, &group_database) == false);
+ no_more = !__nss_database_get (nss_database_group, &group_database);
else
no_more = 0;
nip = group_database;
@ -124,7 +125,7 @@ Index: glibc-2.33/nss/Versions
__nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2;
__nss_services_lookup2; __nss_next2; __nss_lookup;
- __nss_hash; __nss_database_lookup2;
+ __nss_hash; __nss_database_lookup2; __nss_database_get;
+ __nss_hash; __nss_database_get;
__nss_files_fopen; __nss_readline; __nss_parse_line_result;
}
}
@ -324,7 +325,7 @@ Index: glibc-2.33/nss/nss_database.c
#define DEFINE_DATABASE(name) \
_Static_assert (sizeof (#name) <= sizeof (database_name), #name);
#include "databases.def"
@@ -325,14 +327,40 @@ nss_database_reload (struct nss_database
@@ -325,14 +327,43 @@ nss_database_reload (struct nss_database
/* No other threads have access to fp. */
__fsetlocking (fp, FSETLOCKING_BYCALLER);
@ -345,17 +346,20 @@ Index: glibc-2.33/nss/nss_database.c
+ /* These three default to other services if the user listed the
+ other service. */
+
+ /* was lookup2() in nss/nss_compat/compat-spwd.c */
+ /* "shadow_compat" defaults to "passwd_compat" if only the
+ latter is given. */
+ if (staging->services[nss_database_shadow_compat] == NULL)
+ staging->services[nss_database_shadow_compat] =
+ staging->services[nss_database_passwd_compat];
+
+ /* was ALTERNATE_NAME in nss/spwd_lookup.c */
+ /* "shadow" defaults to "passwd" if only the latter is
+ given. */
+ if (staging->services[nss_database_shadow] == NULL)
+ staging->services[nss_database_shadow] =
+ staging->services[nss_database_passwd];
+
+ /* was ALTERNATE_NAME in nss/sgrp_lookup.c */
+ /* "gshadow" defaults to "group" if only the latter is
+ given. */
+ if (staging->services[nss_database_gshadow] == NULL)
+ staging->services[nss_database_gshadow] =
+ staging->services[nss_database_group];
@ -365,7 +369,7 @@ Index: glibc-2.33/nss/nss_database.c
for (int i = 0; i < NSS_DATABASE_COUNT; ++i)
if (staging->services[i] == NULL)
{
@@ -442,6 +470,7 @@ __nss_database_get (enum nss_database db
@@ -442,6 +473,7 @@ __nss_database_get (enum nss_database db
struct nss_database_state *local = nss_database_state_get ();
return nss_database_check_reload_and_get (local, actions, db);
}
@ -603,31 +607,40 @@ Index: glibc-2.33/nss/nsswitch.c
===================================================================
--- glibc-2.33.orig/nss/nsswitch.c
+++ glibc-2.33/nss/nsswitch.c
@@ -63,37 +63,22 @@ static const char * database_names[] = {
@@ -51,53 +51,13 @@
#undef DEFINE_DATABASE
-#undef DEFINE_DATABASE
-#define DEFINE_DATABASE(name) #name,
-static const char * database_names[] = {
-#include "databases.def"
- NULL
-};
-
#ifdef USE_NSCD
/* Flags whether custom rules for database is set. */
bool __nss_database_custom[NSS_DBSIDX_max];
#endif
-
/*__libc_lock_define_initialized (static, lock)*/
/* -1 == database not found
0 == database entry pointer stored */
int
-/* -1 == database not found
- 0 == database entry pointer stored */
-int
-__nss_database_lookup2 (const char *database, const char *alternate_name,
- const char *defconfig, nss_action_list *ni)
+__nss_database_lookup2 (const char *database, nss_action_list *ni)
{
int database_id;
for (database_id = 0; database_names[database_id]; database_id++)
if (strcmp (database_names[database_id], database) == 0)
-{
- int database_id;
-
- for (database_id = 0; database_names[database_id]; database_id++)
- if (strcmp (database_names[database_id], database) == 0)
- break;
-
- if (database_names[database_id] == NULL)
- return -1;
+ if (__nss_database_get (database_id, ni))
+ return 0;
-
- /* If *NI is NULL, the database was not mentioned in nsswitch.conf.
- If *NI is not NULL, but *NI->module is NULL, the database was in
- nsswitch.conf but listed no actions. We test for the former. */
@ -641,31 +654,33 @@ Index: glibc-2.33/nss/nsswitch.c
- /* Failure. */
- return -1;
- }
+ /* Failure. */
+ return -1;
}
libc_hidden_def (__nss_database_lookup2)
-}
-libc_hidden_def (__nss_database_lookup2)
-
-
/* -1 == not found
0 == function found
1 == finished */
Index: glibc-2.33/nss/nsswitch.h
===================================================================
--- glibc-2.33.orig/nss/nsswitch.h
+++ glibc-2.33/nss/nsswitch.h
@@ -88,13 +88,10 @@ extern bool __nss_database_custom[NSS_DB
@@ -88,15 +88,6 @@ extern bool __nss_database_custom[NSS_DB
/* Interface functions for NSS. */
-/* Get the data structure representing the specified database.
- If there is no configuration for this database in the file,
- parse a service list from DEFCONFIG and use that. More
+/* Get the data structure representing the specified database. More
than one function can use the database. */
extern int __nss_database_lookup2 (const char *database,
- than one function can use the database. */
-extern int __nss_database_lookup2 (const char *database,
- const char *alternative_name,
- const char *defconfig, struct nss_action **ni);
+ struct nss_action **ni);
libc_hidden_proto (__nss_database_lookup2)
-libc_hidden_proto (__nss_database_lookup2)
-
/* Put first function with name FCT_NAME for SERVICE in FCTP. The
position is remembered in NI. The function returns a value < 0 if
an error occurred or no such function exists. */
Index: glibc-2.33/nss/pwd-lookup.c
===================================================================
--- glibc-2.33.orig/nss/pwd-lookup.c
@ -833,7 +848,7 @@ Index: glibc-2.33/sysdeps/posix/getaddrinfo.c
- no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files",
- &nip);
+ no_more = (__nss_database_get (nss_database_hosts, &nip) == false);
+ no_more = !__nss_database_get (nss_database_hosts, &nip);
/* If we are looking for both IPv4 and IPv6 address we don't
want the lookup functions to automatically promote IPv4