Accepting request 512670 from home:Andreas_Schwab:Factory
- Update to glibc-2.25.90.20170720.gc771b59a24c0 * A per-thread cache has been added to malloc * Unicode 10.0.0 Support * Improvements to the DNS stub resolver * New function reallocarray, which resizes an allocated block (like realloc) to the product of two sizes, with a guaranteed clean failure upon integer overflow in the multiplication * New wrappers for the Linux-specific system calls preadv2 and pwritev2 * posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to create a new session ID for the spawned process * errno.h is now safe to use from C-preprocessed assembly language on all supported operating systems * On ia64, powerpc64le, x86-32, and x86-64, the math library now implements 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE 754-2008) and ISO/IEC TS 18661-3:2015 * The synchronization that pthread_spin_unlock performs has been changed to now be equivalent to a C11 atomic store with release memory order to the spin lock's memory location * The DNS stub resolver no longer performs EDNS fallback * res_mkquery and res_nmkquery no longer support the IQUERY opcode * The _res_opcodes variable has been removed from libresolv * <string.h> no longer includes inline versions of any string functions, as this kind of optimization is better done by the compiler * The nonstandard header <xlocale.h> has been removed * The obsolete header <sys/ultrasound.h> has been removed * The obsolete signal constant SIGUNUSED is no longer defined by <signal.h> * The obsolete function cfree has been removed * The stack_t type no longer has the name struct sigaltstack * The ucontext_t type no longer has the name struct ucontext * On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been OBS-URL: https://build.opensuse.org/request/show/512670 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=467
This commit is contained in:
parent
bb22c43d13
commit
7864f220da
@ -18,7 +18,7 @@ Index: glibc-2.19/stdlib/abort.c
|
||||
struct abort_msg_s *__abort_msg __attribute__ ((nocommon));
|
||||
libc_hidden_def (__abort_msg)
|
||||
@@ -66,16 +63,8 @@ abort (void)
|
||||
__sigprocmask (SIG_UNBLOCK, &sigs, (sigset_t *) NULL);
|
||||
__sigprocmask (SIG_UNBLOCK, &sigs, 0);
|
||||
}
|
||||
|
||||
- /* Flush all streams. We cannot close them now because the user
|
||||
|
@ -19,9 +19,9 @@ Index: glibc-2.22/posix/Makefile
|
||||
tst-pathconf tst-getaddrinfo4 tst-rxspencer-no-utf8 \
|
||||
tst-fnmatch3 bug-regex36 tst-getaddrinfo5 \
|
||||
+ tst-fnmatch4 tst-fnmatch5 \
|
||||
tst-posix_spawn-fd \
|
||||
tst-posix_fadvise tst-posix_fadvise64
|
||||
xtests := bug-ga2
|
||||
tst-posix_spawn-fd tst-posix_spawn-setsid \
|
||||
tst-posix_fadvise tst-posix_fadvise64 \
|
||||
tst-sysconf-empty-chroot
|
||||
Index: glibc-2.22/posix/fnmatch.c
|
||||
===================================================================
|
||||
--- glibc-2.22.orig/posix/fnmatch.c
|
||||
|
@ -1,18 +0,0 @@
|
||||
2017-03-31 Slava Barinov <v.barinov@samsung.com>
|
||||
|
||||
[BZ #21289]
|
||||
* io/fts.h (fts_set): Replace __REDIRECT with __REDIRECT_NTH.
|
||||
|
||||
Index: glibc-2.25/io/fts.h
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/io/fts.h
|
||||
+++ glibc-2.25/io/fts.h
|
||||
@@ -193,7 +193,7 @@ FTS *__REDIRECT (fts_open, (char * const
|
||||
int (*)(const FTSENT **, const FTSENT **)),
|
||||
fts64_open);
|
||||
FTSENT *__REDIRECT (fts_read, (FTS *), fts64_read);
|
||||
-int __REDIRECT (fts_set, (FTS *, FTSENT *, int), fts64_set) __THROW;
|
||||
+int __REDIRECT_NTH (fts_set, (FTS *, FTSENT *, int), fts64_set);
|
||||
# else
|
||||
# define fts_children fts64_children
|
||||
# define fts_close fts64_close
|
@ -1,82 +0,0 @@
|
||||
For details see:
|
||||
http://sourceware.org/bugzilla/show_bug.cgi?id=5379
|
||||
|
||||
|
||||
Index: glibc-2.20/sunrpc/clnt_udp.c
|
||||
===================================================================
|
||||
--- glibc-2.20.orig/sunrpc/clnt_udp.c
|
||||
+++ glibc-2.20/sunrpc/clnt_udp.c
|
||||
@@ -308,6 +308,7 @@ clntudp_call (cl, proc, xargs, argsp, xr
|
||||
XDR *xdrs;
|
||||
int outlen = 0;
|
||||
int inlen;
|
||||
+ int pollresult;
|
||||
socklen_t fromlen;
|
||||
struct pollfd fd;
|
||||
int milliseconds = (cu->cu_wait.tv_sec * 1000) +
|
||||
@@ -378,37 +379,39 @@ send_again:
|
||||
anyup = 0;
|
||||
for (;;)
|
||||
{
|
||||
- switch (__poll (&fd, 1, milliseconds))
|
||||
+ switch (pollresult = __poll (&fd, 1, milliseconds))
|
||||
{
|
||||
-
|
||||
case 0:
|
||||
- if (anyup == 0)
|
||||
+ case -1:
|
||||
+ if (pollresult == 0 || errno == EINTR)
|
||||
{
|
||||
- anyup = is_network_up (cu->cu_sock);
|
||||
- if (!anyup)
|
||||
- return (cu->cu_error.re_status = RPC_CANTRECV);
|
||||
+ if (anyup == 0)
|
||||
+ {
|
||||
+ anyup = is_network_up (cu->cu_sock);
|
||||
+ if (!anyup)
|
||||
+ return (cu->cu_error.re_status = RPC_CANTRECV);
|
||||
+ }
|
||||
+
|
||||
+ time_waited.tv_sec += cu->cu_wait.tv_sec;
|
||||
+ time_waited.tv_usec += cu->cu_wait.tv_usec;
|
||||
+ while (time_waited.tv_usec >= 1000000)
|
||||
+ {
|
||||
+ time_waited.tv_sec++;
|
||||
+ time_waited.tv_usec -= 1000000;
|
||||
+ }
|
||||
+ if ((time_waited.tv_sec < timeout.tv_sec) ||
|
||||
+ ((time_waited.tv_sec == timeout.tv_sec) &&
|
||||
+ (time_waited.tv_usec < timeout.tv_usec)))
|
||||
+ {
|
||||
+ if (pollresult == 0)
|
||||
+ goto send_again;
|
||||
+ else
|
||||
+ continue;
|
||||
+ }
|
||||
+ return (cu->cu_error.re_status = RPC_TIMEDOUT);
|
||||
}
|
||||
|
||||
- time_waited.tv_sec += cu->cu_wait.tv_sec;
|
||||
- time_waited.tv_usec += cu->cu_wait.tv_usec;
|
||||
- while (time_waited.tv_usec >= 1000000)
|
||||
- {
|
||||
- time_waited.tv_sec++;
|
||||
- time_waited.tv_usec -= 1000000;
|
||||
- }
|
||||
- if ((time_waited.tv_sec < timeout.tv_sec) ||
|
||||
- ((time_waited.tv_sec == timeout.tv_sec) &&
|
||||
- (time_waited.tv_usec < timeout.tv_usec)))
|
||||
- goto send_again;
|
||||
- return (cu->cu_error.re_status = RPC_TIMEDOUT);
|
||||
-
|
||||
- /*
|
||||
- * buggy in other cases because time_waited is not being
|
||||
- * updated.
|
||||
- */
|
||||
- case -1:
|
||||
- if (errno == EINTR)
|
||||
- continue;
|
||||
+ /* errno != EINTR */
|
||||
cu->cu_error.re_errno = errno;
|
||||
return (cu->cu_error.re_status = RPC_CANTRECV);
|
||||
}
|
3
glibc-2.25.90.20170720.gc771b59a24c0.tar.xz
Normal file
3
glibc-2.25.90.20170720.gc771b59a24c0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:47b52b2267230b78e1718d700db2541e7cddc8a5367e49c8d00f132cb36063b6
|
||||
size 15648656
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0
|
||||
size 13873900
|
@ -1,10 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEcBAABAgAGBQJYl08CAAoJEHnEPfvxzyGHhWcH/2eIspxugXwMnM0YZm3fkzji
|
||||
yJpu19zpYvfap+tTXJGiY/P6UrJSqHUCSssxWyWJQAbOov40IT/ySSg3DyWhyxra
|
||||
6HTTOwjIGz/9KQwVdzm79LA+YhsOauowvdiYCS6XnTQbPMc7zBDsOIEAzp+vXNdl
|
||||
KIzIe7XzUJnK9kl6oqBzXuzdA4jjjzZ2jqyMOwRypipkAXu7OgXO7TiEdN149eSs
|
||||
2Owodmw9epP1omEK1KLo0N9QsG/+ioaHNfldtWzWNvxuRigAnwaaJTy5zVG7xJ45
|
||||
xVfsXaZQKFt4KPep1GF5jaZ30TWTvt5gyjOBiZa/+UfvEOXOt0ox/BB8ydlV/eg=
|
||||
=HMRX
|
||||
-----END PGP SIGNATURE-----
|
@ -1,121 +0,0 @@
|
||||
From libc-alpha-return-22754-pasky=ucw.cz@sourceware.org Tue Mar 16 00:47:00 2010
|
||||
Return-Path: <libc-alpha-return-22754-pasky=ucw.cz@sourceware.org>
|
||||
X-Original-To: pasky@pasky.or.cz
|
||||
Delivered-To: pasky@pasky.or.cz
|
||||
Received: from nikam.ms.mff.cuni.cz (nikam-dmz.ms.mff.cuni.cz [195.113.20.16])
|
||||
by machine.or.cz (Postfix) with ESMTPS id C1B8586202A
|
||||
for <pasky@pasky.or.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
|
||||
Received: by nikam.ms.mff.cuni.cz (Postfix)
|
||||
id 9CDEC9AC7A4; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
|
||||
Delivered-To: pasky@kam.mff.cuni.cz
|
||||
Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [89.250.246.4])
|
||||
by nikam.ms.mff.cuni.cz (Postfix) with ESMTP id 99F0E9AC77B
|
||||
for <pasky@kam.mff.cuni.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET)
|
||||
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
|
||||
by jabberwock.ucw.cz (Postfix) with SMTP id 14E1ACF040
|
||||
for <pasky@ucw.cz>; Tue, 16 Mar 2010 00:46:59 +0100 (CET)
|
||||
Received: (qmail 18956 invoked by alias); 15 Mar 2010 23:46:58 -0000
|
||||
Delivered-To: moderator for libc-alpha@sourceware.org
|
||||
Received: (qmail 15843 invoked by uid 22791); 15 Mar 2010 17:23:15 -0000
|
||||
X-SWARE-Spam-Status: No, hits=-2.6 required=5.0
|
||||
tests=BAYES_00
|
||||
X-Spam-Check-By: sourceware.org
|
||||
Message-ID: <4B9E6CFA.7020002@riot.org>
|
||||
Date: Mon, 15 Mar 2010 18:23:06 +0100
|
||||
From: Sebastian Kienzl <seb@riot.org>
|
||||
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
|
||||
MIME-Version: 1.0
|
||||
To: libc-alpha@sourceware.org
|
||||
Subject: Reloading of /etc/resolv.conf
|
||||
Content-Type: multipart/mixed;
|
||||
boundary="------------060407080409020101000002"
|
||||
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
|
||||
Precedence: bulk
|
||||
List-Id: <libc-alpha.sourceware.org>
|
||||
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-pasky=ucw.cz@sourceware.org>
|
||||
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
|
||||
List-Archive: <http://sourceware.org/ml/libc-alpha/>
|
||||
List-Post: <mailto:libc-alpha@sourceware.org>
|
||||
List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
|
||||
Sender: libc-alpha-owner@sourceware.org
|
||||
Delivered-To: mailing list libc-alpha@sourceware.org
|
||||
|
||||
This is a multi-part message in MIME format.
|
||||
--------------060407080409020101000002
|
||||
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
|
||||
Content-Transfer-Encoding: 7bit
|
||||
|
||||
Hello!
|
||||
|
||||
There's a patch in the wild against the resolver which makes it reload
|
||||
/etc/resolv.conf on change, see
|
||||
http://sources.redhat.com/ml/libc-alpha/2004-09/msg00130.html
|
||||
|
||||
However, this patch actually doesn't work properly for multi-threaded
|
||||
programs, as only one thread will notice the change and refresh its
|
||||
resolver state. I've attached a proper patch. It's for 2.5 but it should
|
||||
work with current versions, too.
|
||||
|
||||
Even though the patch may not be interesting for upstream, I decided to
|
||||
let you know about this problem, since the mentioned patch seems to be
|
||||
used by at least Debian and Ubuntu.
|
||||
|
||||
Regards,
|
||||
Seb.
|
||||
|
||||
|
||||
|
||||
--------------060407080409020101000002
|
||||
Content-Type: text/plain;
|
||||
name="glibc-2.5-resolvconf.patch"
|
||||
Content-Transfer-Encoding: 7bit
|
||||
Content-Disposition: inline;
|
||||
filename="glibc-2.5-resolvconf.patch"
|
||||
|
||||
Index: glibc-2.17.90/resolv/res_libc.c
|
||||
===================================================================
|
||||
--- glibc-2.17.90.orig/resolv/res_libc.c
|
||||
+++ glibc-2.17.90/resolv/res_libc.c
|
||||
@@ -22,6 +22,7 @@
|
||||
#include <arpa/nameser.h>
|
||||
#include <resolv.h>
|
||||
#include <libc-lock.h>
|
||||
+#include <sys/stat.h>
|
||||
|
||||
extern unsigned long long int __res_initstamp attribute_hidden;
|
||||
/* We have atomic increment operations on 64-bit platforms. */
|
||||
@@ -89,12 +89,34 @@ res_init(void) {
|
||||
return (__res_vinit(&_res, 1));
|
||||
}
|
||||
|
||||
+static time_t resconf_mtime;
|
||||
+__libc_lock_define_initialized (static, resconf_mtime_lock);
|
||||
+
|
||||
+/* Check if the modification time of resolv.conf has changed.
|
||||
+ If so, have all threads re-initialize their resolver states */
|
||||
+static void
|
||||
+__res_check_resconf (void)
|
||||
+{
|
||||
+ struct stat statbuf;
|
||||
+ if (stat (_PATH_RESCONF, &statbuf) == 0) {
|
||||
+ __libc_lock_lock (resconf_mtime_lock);
|
||||
+ if (statbuf.st_mtime != resconf_mtime) {
|
||||
+ resconf_mtime = statbuf.st_mtime;
|
||||
+ atomicinclock (lock);
|
||||
+ atomicinc (__res_initstamp);
|
||||
+ atomicincunlock (lock);
|
||||
+ }
|
||||
+ __libc_lock_unlock (resconf_mtime_lock);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/* Initialize resp if RES_INIT is not yet set or if res_init in some other
|
||||
thread requested re-initializing. */
|
||||
int
|
||||
__res_maybe_init (res_state resp, int preinit)
|
||||
{
|
||||
if (resp->options & RES_INIT) {
|
||||
+ __res_check_resconf ();
|
||||
if (__res_initstamp != resp->_u._ext.initstamp) {
|
||||
if (resp->nscount > 0)
|
||||
__res_iclose (resp, true);
|
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
|
||||
|
||||
- Update to glibc-2.25.90.20170720.gc771b59a24c0
|
||||
* A per-thread cache has been added to malloc
|
||||
* Unicode 10.0.0 Support
|
||||
* Improvements to the DNS stub resolver
|
||||
* New function reallocarray, which resizes an allocated block (like
|
||||
realloc) to the product of two sizes, with a guaranteed clean failure
|
||||
upon integer overflow in the multiplication
|
||||
* New wrappers for the Linux-specific system calls preadv2 and pwritev2
|
||||
* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
|
||||
create a new session ID for the spawned process
|
||||
* errno.h is now safe to use from C-preprocessed assembly language on all
|
||||
supported operating systems
|
||||
* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
|
||||
128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
|
||||
754-2008) and ISO/IEC TS 18661-3:2015
|
||||
* The synchronization that pthread_spin_unlock performs has been changed to
|
||||
now be equivalent to a C11 atomic store with release memory order to the
|
||||
spin lock's memory location
|
||||
* The DNS stub resolver no longer performs EDNS fallback
|
||||
* res_mkquery and res_nmkquery no longer support the IQUERY opcode
|
||||
* The _res_opcodes variable has been removed from libresolv
|
||||
* <string.h> no longer includes inline versions of any string functions,
|
||||
as this kind of optimization is better done by the compiler
|
||||
* The nonstandard header <xlocale.h> has been removed
|
||||
* The obsolete header <sys/ultrasound.h> has been removed
|
||||
* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>
|
||||
* The obsolete function cfree has been removed
|
||||
* The stack_t type no longer has the name struct sigaltstack
|
||||
* The ucontext_t type no longer has the name struct ucontext
|
||||
* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
|
||||
synced with the kernel
|
||||
* Linux kernel 3.2 or later is required at runtime, on all architectures
|
||||
supported by that kernel
|
||||
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
|
||||
to avoid fragmentation-based spoofing attacks
|
||||
* fate#322258, fate#321513, fate#322453
|
||||
- fts-symbol-redirect.patch, glibc-resolv-reload.diff, i686-memchr-sse.patch,
|
||||
ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,
|
||||
sunrpc-use-after-free.patch, test-math-vector-sincos-aliasing.patch,
|
||||
tunables-bigendian.patch: Removed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 25 07:32:25 UTC 2017 - schwab@suse.de
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
%bcond_with fast_build
|
||||
|
||||
%define crypt_bf_version 1.3
|
||||
%define build_snapshot 0
|
||||
%define build_snapshot 1
|
||||
|
||||
%define flavor testsuite
|
||||
|
||||
@ -116,11 +116,20 @@ BuildArch: i686
|
||||
%define powerpc_optimize_cpu_power7 0
|
||||
%define powerpc_optimize_cpu_cell 0
|
||||
%endif # ppc, ppc64
|
||||
# 3.0 is the SLES 11 SP3 kernel
|
||||
# 3.1 is the openSUSE 12.1 kernel
|
||||
%define enablekernel 3.0
|
||||
# glibc requires at least kernel 3.2
|
||||
%define enablekernel 3.2
|
||||
# some architectures need a newer kernel
|
||||
%ifarch ppc64le
|
||||
%define enablekernel 3.10
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
%define enablekernel 3.7
|
||||
%endif
|
||||
%ifarch ia64
|
||||
%define enablekernel 3.2.18
|
||||
%endif
|
||||
|
||||
Version: 2.25
|
||||
Version: 2.25.90.20170720.gc771b59a24c0
|
||||
Release: 0
|
||||
%if !%{build_snapshot}
|
||||
%define git_id db0242e30234
|
||||
@ -245,10 +254,6 @@ Patch105: glibc-disable-gettext-for-c-utf8.patch
|
||||
### Broken patches in glibc that we revert for now:
|
||||
|
||||
### Network related patches
|
||||
# PATCH-FIX-OPENSUSE reload /etc/resolv.conf on change
|
||||
Patch300: glibc-resolv-reload.diff
|
||||
# PATCH-FIX-OPENSUSE Fix hangs in UDP RPC calls bso#5379 bnc#257745 aj@suse.de
|
||||
Patch301: glibc-2.2-sunrpc.diff
|
||||
# PATCH-FIX-OPENSUSE Warn about usage of mdns in resolv.conv
|
||||
Patch304: glibc-resolv-mdnshint.diff
|
||||
# PATCH-FIX-OPENSUSE disable rewriting ::1 to 127.0.0.1 for /etc/hosts bnc#684534, bnc#706719
|
||||
@ -257,20 +262,6 @@ Patch306: glibc-fix-double-loopback.diff
|
||||
###
|
||||
# Patches from upstream
|
||||
###
|
||||
# PATCH-FIX-UPSTREAM Fix getting tunable values on big-endian (BZ #21109)
|
||||
Patch1000: tunables-bigendian.patch
|
||||
# PATCH-FIX-UPSTREAM Fix i686 memchr overflow calculation (BZ #21182)
|
||||
Patch1001: i686-memchr-sse.patch
|
||||
# PATCH-FIX-UPSTREAM Avoid use-after-free read access in clntudp_call (BZ #21115)
|
||||
Patch1002: sunrpc-use-after-free.patch
|
||||
# PATCH-FIX-UPSTREAM Fix test-math-vector-sincos.h aliasing
|
||||
Patch1003: test-math-vector-sincos-aliasing.patch
|
||||
# PATCH-FIX-UPSTREAM Fix symbol redirect for fts_set (BZ #21289)
|
||||
Patch1004: fts-symbol-redirect.patch
|
||||
# PATCH-FIX-UPSTREAM Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (BZ #21209)
|
||||
Patch1005: ld-hwcap-mask-suid.patch
|
||||
# PATCH-FIX-UPSTREAM rtld: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1 programs (CVE-2017-1000366, BZ #21624)
|
||||
Patch1006: ld-library-path-suid.patch
|
||||
|
||||
###
|
||||
# Patches awaiting upstream approval
|
||||
@ -497,19 +488,9 @@ rm nscd/s-stamp
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
|
||||
%patch300 -p1
|
||||
%patch301 -p1
|
||||
%patch304 -p1
|
||||
%patch306 -p1
|
||||
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
%patch1004 -p1
|
||||
%patch1005 -p1
|
||||
%patch1006 -p1
|
||||
|
||||
%patch2000 -p1
|
||||
%patch2001 -p1
|
||||
%patch2002 -p1
|
||||
@ -681,7 +662,8 @@ configure_and_build_glibc() {
|
||||
--enable-tunables \
|
||||
--enable-kernel=%{enablekernel} \
|
||||
--with-bugurl=http://bugs.opensuse.org \
|
||||
--enable-bind-now --enable-obsolete-rpc \
|
||||
--enable-bind-now \
|
||||
--enable-obsolete-rpc --enable-obsolete-nsl \
|
||||
--disable-timezone-tools
|
||||
# Should we enable --enable-systemtap?
|
||||
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
|
||||
|
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
|
||||
|
||||
- Update to glibc-2.25.90.20170720.gc771b59a24c0
|
||||
* A per-thread cache has been added to malloc
|
||||
* Unicode 10.0.0 Support
|
||||
* Improvements to the DNS stub resolver
|
||||
* New function reallocarray, which resizes an allocated block (like
|
||||
realloc) to the product of two sizes, with a guaranteed clean failure
|
||||
upon integer overflow in the multiplication
|
||||
* New wrappers for the Linux-specific system calls preadv2 and pwritev2
|
||||
* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
|
||||
create a new session ID for the spawned process
|
||||
* errno.h is now safe to use from C-preprocessed assembly language on all
|
||||
supported operating systems
|
||||
* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
|
||||
128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
|
||||
754-2008) and ISO/IEC TS 18661-3:2015
|
||||
* The synchronization that pthread_spin_unlock performs has been changed to
|
||||
now be equivalent to a C11 atomic store with release memory order to the
|
||||
spin lock's memory location
|
||||
* The DNS stub resolver no longer performs EDNS fallback
|
||||
* res_mkquery and res_nmkquery no longer support the IQUERY opcode
|
||||
* The _res_opcodes variable has been removed from libresolv
|
||||
* <string.h> no longer includes inline versions of any string functions,
|
||||
as this kind of optimization is better done by the compiler
|
||||
* The nonstandard header <xlocale.h> has been removed
|
||||
* The obsolete header <sys/ultrasound.h> has been removed
|
||||
* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>
|
||||
* The obsolete function cfree has been removed
|
||||
* The stack_t type no longer has the name struct sigaltstack
|
||||
* The ucontext_t type no longer has the name struct ucontext
|
||||
* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
|
||||
synced with the kernel
|
||||
* Linux kernel 3.2 or later is required at runtime, on all architectures
|
||||
supported by that kernel
|
||||
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
|
||||
to avoid fragmentation-based spoofing attacks
|
||||
* fate#322258, fate#321513, fate#322453
|
||||
- fts-symbol-redirect.patch, glibc-resolv-reload.diff, i686-memchr-sse.patch,
|
||||
ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,
|
||||
sunrpc-use-after-free.patch, test-math-vector-sincos-aliasing.patch,
|
||||
tunables-bigendian.patch: Removed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 25 07:32:25 UTC 2017 - schwab@suse.de
|
||||
|
||||
|
@ -21,7 +21,7 @@
|
||||
%bcond_with fast_build
|
||||
|
||||
%define crypt_bf_version 1.3
|
||||
%define build_snapshot 0
|
||||
%define build_snapshot 1
|
||||
|
||||
%define flavor utils
|
||||
|
||||
@ -117,11 +117,20 @@ BuildArch: i686
|
||||
%define powerpc_optimize_cpu_power7 0
|
||||
%define powerpc_optimize_cpu_cell 0
|
||||
%endif # ppc, ppc64
|
||||
# 3.0 is the SLES 11 SP3 kernel
|
||||
# 3.1 is the openSUSE 12.1 kernel
|
||||
%define enablekernel 3.0
|
||||
# glibc requires at least kernel 3.2
|
||||
%define enablekernel 3.2
|
||||
# some architectures need a newer kernel
|
||||
%ifarch ppc64le
|
||||
%define enablekernel 3.10
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
%define enablekernel 3.7
|
||||
%endif
|
||||
%ifarch ia64
|
||||
%define enablekernel 3.2.18
|
||||
%endif
|
||||
|
||||
Version: 2.25
|
||||
Version: 2.25.90.20170720.gc771b59a24c0
|
||||
Release: 0
|
||||
%if !%{build_snapshot}
|
||||
%define git_id db0242e30234
|
||||
@ -246,10 +255,6 @@ Patch105: glibc-disable-gettext-for-c-utf8.patch
|
||||
### Broken patches in glibc that we revert for now:
|
||||
|
||||
### Network related patches
|
||||
# PATCH-FIX-OPENSUSE reload /etc/resolv.conf on change
|
||||
Patch300: glibc-resolv-reload.diff
|
||||
# PATCH-FIX-OPENSUSE Fix hangs in UDP RPC calls bso#5379 bnc#257745 aj@suse.de
|
||||
Patch301: glibc-2.2-sunrpc.diff
|
||||
# PATCH-FIX-OPENSUSE Warn about usage of mdns in resolv.conv
|
||||
Patch304: glibc-resolv-mdnshint.diff
|
||||
# PATCH-FIX-OPENSUSE disable rewriting ::1 to 127.0.0.1 for /etc/hosts bnc#684534, bnc#706719
|
||||
@ -258,20 +263,6 @@ Patch306: glibc-fix-double-loopback.diff
|
||||
###
|
||||
# Patches from upstream
|
||||
###
|
||||
# PATCH-FIX-UPSTREAM Fix getting tunable values on big-endian (BZ #21109)
|
||||
Patch1000: tunables-bigendian.patch
|
||||
# PATCH-FIX-UPSTREAM Fix i686 memchr overflow calculation (BZ #21182)
|
||||
Patch1001: i686-memchr-sse.patch
|
||||
# PATCH-FIX-UPSTREAM Avoid use-after-free read access in clntudp_call (BZ #21115)
|
||||
Patch1002: sunrpc-use-after-free.patch
|
||||
# PATCH-FIX-UPSTREAM Fix test-math-vector-sincos.h aliasing
|
||||
Patch1003: test-math-vector-sincos-aliasing.patch
|
||||
# PATCH-FIX-UPSTREAM Fix symbol redirect for fts_set (BZ #21289)
|
||||
Patch1004: fts-symbol-redirect.patch
|
||||
# PATCH-FIX-UPSTREAM Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (BZ #21209)
|
||||
Patch1005: ld-hwcap-mask-suid.patch
|
||||
# PATCH-FIX-UPSTREAM rtld: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1 programs (CVE-2017-1000366, BZ #21624)
|
||||
Patch1006: ld-library-path-suid.patch
|
||||
|
||||
###
|
||||
# Patches awaiting upstream approval
|
||||
@ -498,19 +489,9 @@ rm nscd/s-stamp
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
|
||||
%patch300 -p1
|
||||
%patch301 -p1
|
||||
%patch304 -p1
|
||||
%patch306 -p1
|
||||
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
%patch1004 -p1
|
||||
%patch1005 -p1
|
||||
%patch1006 -p1
|
||||
|
||||
%patch2000 -p1
|
||||
%patch2001 -p1
|
||||
%patch2002 -p1
|
||||
@ -682,7 +663,8 @@ configure_and_build_glibc() {
|
||||
--enable-tunables \
|
||||
--enable-kernel=%{enablekernel} \
|
||||
--with-bugurl=http://bugs.opensuse.org \
|
||||
--enable-bind-now --enable-obsolete-rpc \
|
||||
--enable-bind-now \
|
||||
--enable-obsolete-rpc --enable-obsolete-nsl \
|
||||
--disable-timezone-tools
|
||||
# Should we enable --enable-systemtap?
|
||||
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
|
||||
|
@ -1,3 +1,47 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 26 09:54:26 UTC 2017 - schwab@suse.de
|
||||
|
||||
- Update to glibc-2.25.90.20170720.gc771b59a24c0
|
||||
* A per-thread cache has been added to malloc
|
||||
* Unicode 10.0.0 Support
|
||||
* Improvements to the DNS stub resolver
|
||||
* New function reallocarray, which resizes an allocated block (like
|
||||
realloc) to the product of two sizes, with a guaranteed clean failure
|
||||
upon integer overflow in the multiplication
|
||||
* New wrappers for the Linux-specific system calls preadv2 and pwritev2
|
||||
* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
|
||||
create a new session ID for the spawned process
|
||||
* errno.h is now safe to use from C-preprocessed assembly language on all
|
||||
supported operating systems
|
||||
* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
|
||||
128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
|
||||
754-2008) and ISO/IEC TS 18661-3:2015
|
||||
* The synchronization that pthread_spin_unlock performs has been changed to
|
||||
now be equivalent to a C11 atomic store with release memory order to the
|
||||
spin lock's memory location
|
||||
* The DNS stub resolver no longer performs EDNS fallback
|
||||
* res_mkquery and res_nmkquery no longer support the IQUERY opcode
|
||||
* The _res_opcodes variable has been removed from libresolv
|
||||
* <string.h> no longer includes inline versions of any string functions,
|
||||
as this kind of optimization is better done by the compiler
|
||||
* The nonstandard header <xlocale.h> has been removed
|
||||
* The obsolete header <sys/ultrasound.h> has been removed
|
||||
* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>
|
||||
* The obsolete function cfree has been removed
|
||||
* The stack_t type no longer has the name struct sigaltstack
|
||||
* The ucontext_t type no longer has the name struct ucontext
|
||||
* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
|
||||
synced with the kernel
|
||||
* Linux kernel 3.2 or later is required at runtime, on all architectures
|
||||
supported by that kernel
|
||||
* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
|
||||
to avoid fragmentation-based spoofing attacks
|
||||
* fate#322258, fate#321513, fate#322453
|
||||
- fts-symbol-redirect.patch, glibc-resolv-reload.diff, i686-memchr-sse.patch,
|
||||
ld-hwcap-mask-suid.patch, ld-library-path-suid.patch,
|
||||
sunrpc-use-after-free.patch, test-math-vector-sincos-aliasing.patch,
|
||||
tunables-bigendian.patch: Removed
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 25 07:32:25 UTC 2017 - schwab@suse.de
|
||||
|
||||
|
50
glibc.spec
50
glibc.spec
@ -21,7 +21,7 @@
|
||||
%bcond_with fast_build
|
||||
|
||||
%define crypt_bf_version 1.3
|
||||
%define build_snapshot 0
|
||||
%define build_snapshot 1
|
||||
|
||||
# INCLUDE glibc$flavor.spec.in
|
||||
%ifarch i686
|
||||
@ -122,11 +122,20 @@ BuildArch: i686
|
||||
%define powerpc_optimize_cpu_power7 0
|
||||
%define powerpc_optimize_cpu_cell 0
|
||||
%endif # ppc, ppc64
|
||||
# 3.0 is the SLES 11 SP3 kernel
|
||||
# 3.1 is the openSUSE 12.1 kernel
|
||||
%define enablekernel 3.0
|
||||
# glibc requires at least kernel 3.2
|
||||
%define enablekernel 3.2
|
||||
# some architectures need a newer kernel
|
||||
%ifarch ppc64le
|
||||
%define enablekernel 3.10
|
||||
%endif
|
||||
%ifarch aarch64
|
||||
%define enablekernel 3.7
|
||||
%endif
|
||||
%ifarch ia64
|
||||
%define enablekernel 3.2.18
|
||||
%endif
|
||||
|
||||
Version: 2.25
|
||||
Version: 2.25.90.20170720.gc771b59a24c0
|
||||
Release: 0
|
||||
%if !%{build_snapshot}
|
||||
%define git_id db0242e30234
|
||||
@ -251,10 +260,6 @@ Patch105: glibc-disable-gettext-for-c-utf8.patch
|
||||
### Broken patches in glibc that we revert for now:
|
||||
|
||||
### Network related patches
|
||||
# PATCH-FIX-OPENSUSE reload /etc/resolv.conf on change
|
||||
Patch300: glibc-resolv-reload.diff
|
||||
# PATCH-FIX-OPENSUSE Fix hangs in UDP RPC calls bso#5379 bnc#257745 aj@suse.de
|
||||
Patch301: glibc-2.2-sunrpc.diff
|
||||
# PATCH-FIX-OPENSUSE Warn about usage of mdns in resolv.conv
|
||||
Patch304: glibc-resolv-mdnshint.diff
|
||||
# PATCH-FIX-OPENSUSE disable rewriting ::1 to 127.0.0.1 for /etc/hosts bnc#684534, bnc#706719
|
||||
@ -263,20 +268,6 @@ Patch306: glibc-fix-double-loopback.diff
|
||||
###
|
||||
# Patches from upstream
|
||||
###
|
||||
# PATCH-FIX-UPSTREAM Fix getting tunable values on big-endian (BZ #21109)
|
||||
Patch1000: tunables-bigendian.patch
|
||||
# PATCH-FIX-UPSTREAM Fix i686 memchr overflow calculation (BZ #21182)
|
||||
Patch1001: i686-memchr-sse.patch
|
||||
# PATCH-FIX-UPSTREAM Avoid use-after-free read access in clntudp_call (BZ #21115)
|
||||
Patch1002: sunrpc-use-after-free.patch
|
||||
# PATCH-FIX-UPSTREAM Fix test-math-vector-sincos.h aliasing
|
||||
Patch1003: test-math-vector-sincos-aliasing.patch
|
||||
# PATCH-FIX-UPSTREAM Fix symbol redirect for fts_set (BZ #21289)
|
||||
Patch1004: fts-symbol-redirect.patch
|
||||
# PATCH-FIX-UPSTREAM Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (BZ #21209)
|
||||
Patch1005: ld-hwcap-mask-suid.patch
|
||||
# PATCH-FIX-UPSTREAM rtld: Completely ignore LD_LIBRARY_PATH for AT_SECURE=1 programs (CVE-2017-1000366, BZ #21624)
|
||||
Patch1006: ld-library-path-suid.patch
|
||||
|
||||
###
|
||||
# Patches awaiting upstream approval
|
||||
@ -503,19 +494,9 @@ rm nscd/s-stamp
|
||||
%patch104 -p1
|
||||
%patch105 -p1
|
||||
|
||||
%patch300 -p1
|
||||
%patch301 -p1
|
||||
%patch304 -p1
|
||||
%patch306 -p1
|
||||
|
||||
%patch1000 -p1
|
||||
%patch1001 -p1
|
||||
%patch1002 -p1
|
||||
%patch1003 -p1
|
||||
%patch1004 -p1
|
||||
%patch1005 -p1
|
||||
%patch1006 -p1
|
||||
|
||||
%patch2000 -p1
|
||||
%patch2001 -p1
|
||||
%patch2002 -p1
|
||||
@ -687,7 +668,8 @@ configure_and_build_glibc() {
|
||||
--enable-tunables \
|
||||
--enable-kernel=%{enablekernel} \
|
||||
--with-bugurl=http://bugs.opensuse.org \
|
||||
--enable-bind-now --enable-obsolete-rpc \
|
||||
--enable-bind-now \
|
||||
--enable-obsolete-rpc --enable-obsolete-nsl \
|
||||
--disable-timezone-tools
|
||||
# Should we enable --enable-systemtap?
|
||||
# Should we enable --enable-nss-crypt to build use freebl3 hash functions?
|
||||
|
@ -1,45 +0,0 @@
|
||||
2017-03-29 Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
|
||||
[BZ# 21182]
|
||||
* string/test-memchr.c (do_test): Add BZ#21182 checks for address
|
||||
near end of a page.
|
||||
* sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
|
||||
overflow calculation.
|
||||
|
||||
Index: glibc-2.25/string/test-memchr.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/string/test-memchr.c
|
||||
+++ glibc-2.25/string/test-memchr.c
|
||||
@@ -208,6 +208,12 @@ test_main (void)
|
||||
do_test (0, i, i + 1, i + 1, 0);
|
||||
}
|
||||
|
||||
+ /* BZ#21182 - wrong overflow calculation for i686 implementation
|
||||
+ with address near end of the page. */
|
||||
+ for (i = 2; i < 16; ++i)
|
||||
+ /* page_size is in fact getpagesize() * 2. */
|
||||
+ do_test (page_size / 2 - i, i, i, 1, 0x9B);
|
||||
+
|
||||
do_random_tests ();
|
||||
return ret;
|
||||
}
|
||||
Index: glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
||||
+++ glibc-2.25/sysdeps/i386/i686/multiarch/memchr-sse2.S
|
||||
@@ -117,7 +117,6 @@ L(crosscache):
|
||||
|
||||
# ifndef USE_AS_RAWMEMCHR
|
||||
jnz L(match_case2_prolog1)
|
||||
- lea -16(%edx), %edx
|
||||
/* Calculate the last acceptable address and check for possible
|
||||
addition overflow by using satured math:
|
||||
edx = ecx + edx
|
||||
@@ -125,6 +124,7 @@ L(crosscache):
|
||||
add %ecx, %edx
|
||||
sbb %eax, %eax
|
||||
or %eax, %edx
|
||||
+ sub $16, %edx
|
||||
jbe L(return_null)
|
||||
lea 16(%edi), %edi
|
||||
# else
|
@ -1,33 +0,0 @@
|
||||
2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
|
||||
[BZ #21209]
|
||||
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
|
||||
AT_SECURE processes.
|
||||
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
|
||||
|
||||
Index: glibc-2.25/elf/rtld.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/elf/rtld.c
|
||||
+++ glibc-2.25/elf/rtld.c
|
||||
@@ -2450,7 +2450,8 @@ process_envvars (enum mode *modep)
|
||||
|
||||
case 10:
|
||||
/* Mask for the important hardware capabilities. */
|
||||
- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
|
||||
+ if (!__libc_enable_secure
|
||||
+ && memcmp (envline, "HWCAP_MASK", 10) == 0)
|
||||
GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
|
||||
0, 0);
|
||||
break;
|
||||
Index: glibc-2.25/sysdeps/generic/unsecvars.h
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sysdeps/generic/unsecvars.h
|
||||
+++ glibc-2.25/sysdeps/generic/unsecvars.h
|
||||
@@ -16,6 +16,7 @@
|
||||
"LD_DEBUG\0" \
|
||||
"LD_DEBUG_OUTPUT\0" \
|
||||
"LD_DYNAMIC_WEAK\0" \
|
||||
+ "LD_HWCAP_MASK\0" \
|
||||
"LD_LIBRARY_PATH\0" \
|
||||
"LD_ORIGIN_PATH\0" \
|
||||
"LD_PRELOAD\0" \
|
@ -1,158 +0,0 @@
|
||||
Index: glibc-2.25/elf/rtld.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/elf/rtld.c
|
||||
+++ glibc-2.25/elf/rtld.c
|
||||
@@ -716,6 +716,57 @@ static const char *preloadlist attribute
|
||||
/* Nonzero if information about versions has to be printed. */
|
||||
static int version_info attribute_relro;
|
||||
|
||||
+/* Check that AT_SECURE=0, or that the passed name does not contain
|
||||
+ directories and is not overly long. */
|
||||
+static bool
|
||||
+dso_name_valid_for_suid (const char *p)
|
||||
+{
|
||||
+ if (__builtin_expect (__libc_enable_secure, 0))
|
||||
+ {
|
||||
+ /* Ignore pathnames with directories for AT_SECURE=1
|
||||
+ programs, and also skip overlong names. */
|
||||
+ size_t len = strlen (p);
|
||||
+ if (len >= NAME_MAX || memchr (p, '/', len) != NULL)
|
||||
+ return false;
|
||||
+ }
|
||||
+ return true;
|
||||
+}
|
||||
+
|
||||
+/* The LD_PRELOAD environment variable gives list of libraries
|
||||
+ separated by white space or colons that are loaded before the
|
||||
+ executable's dependencies and prepended to the global scope list.
|
||||
+ (If the binary is running setuid all elements containing a '/' are
|
||||
+ ignored since it is insecure.) Return the number of preloads
|
||||
+ performed. */
|
||||
+static unsigned int
|
||||
+handle_ld_preload (const char *preloadlist, struct link_map *main_map)
|
||||
+{
|
||||
+ unsigned int npreloads = 0;
|
||||
+ const char *p = preloadlist;
|
||||
+ char fname[PATH_MAX];
|
||||
+
|
||||
+ while (*p != '\0')
|
||||
+ {
|
||||
+ /* Split preload list at space/colon. */
|
||||
+ size_t len = strcspn (p, " :");
|
||||
+ if (len > 0 && len < PATH_MAX)
|
||||
+ {
|
||||
+ memcpy (fname, p, len);
|
||||
+ fname[len] = '\0';
|
||||
+ if (dso_name_valid_for_suid (fname))
|
||||
+ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
|
||||
+ }
|
||||
+
|
||||
+ /* Skip over the substring and the following delimiter. */
|
||||
+ p += len;
|
||||
+ if (*p != '\0')
|
||||
+ ++p;
|
||||
+ }
|
||||
+ return npreloads;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+
|
||||
static void
|
||||
dl_main (const ElfW(Phdr) *phdr,
|
||||
ElfW(Word) phnum,
|
||||
@@ -1462,23 +1513,8 @@ ERROR: ld.so: object '%s' cannot be load
|
||||
|
||||
if (__glibc_unlikely (preloadlist != NULL))
|
||||
{
|
||||
- /* The LD_PRELOAD environment variable gives list of libraries
|
||||
- separated by white space or colons that are loaded before the
|
||||
- executable's dependencies and prepended to the global scope
|
||||
- list. If the binary is running setuid all elements
|
||||
- containing a '/' are ignored since it is insecure. */
|
||||
- char *list = strdupa (preloadlist);
|
||||
- char *p;
|
||||
-
|
||||
HP_TIMING_NOW (start);
|
||||
-
|
||||
- /* Prevent optimizing strsep. Speed is not important here. */
|
||||
- while ((p = (strsep) (&list, " :")) != NULL)
|
||||
- if (p[0] != '\0'
|
||||
- && (__builtin_expect (! __libc_enable_secure, 1)
|
||||
- || strchr (p, '/') == NULL))
|
||||
- npreloads += do_preload (p, main_map, "LD_PRELOAD");
|
||||
-
|
||||
+ npreloads += handle_ld_preload (preloadlist, main_map);
|
||||
HP_TIMING_NOW (stop);
|
||||
HP_TIMING_DIFF (diff, start, stop);
|
||||
HP_TIMING_ACCUM_NT (load_time, diff);
|
||||
@@ -2340,9 +2376,7 @@ process_dl_audit (char *str)
|
||||
char *p;
|
||||
|
||||
while ((p = (strsep) (&str, ":")) != NULL)
|
||||
- if (p[0] != '\0'
|
||||
- && (__builtin_expect (! __libc_enable_secure, 1)
|
||||
- || strchr (p, '/') == NULL))
|
||||
+ if (p[0] != '\0' && dso_name_valid_for_suid (p))
|
||||
{
|
||||
/* This is using the local malloc, not the system malloc. The
|
||||
memory can never be freed. */
|
||||
@@ -2372,6 +2406,7 @@ process_envvars (enum mode *modep)
|
||||
char *envline;
|
||||
enum mode mode = normal;
|
||||
char *debug_output = NULL;
|
||||
+ char *ld_audit = NULL;
|
||||
|
||||
/* This is the default place for profiling data file. */
|
||||
GLRO(dl_profile_output)
|
||||
@@ -2406,7 +2441,7 @@ process_envvars (enum mode *modep)
|
||||
break;
|
||||
}
|
||||
if (memcmp (envline, "AUDIT", 5) == 0)
|
||||
- process_dl_audit (&envline[6]);
|
||||
+ ld_audit = &envline[6];
|
||||
break;
|
||||
|
||||
case 7:
|
||||
@@ -2465,7 +2500,8 @@ process_envvars (enum mode *modep)
|
||||
|
||||
case 12:
|
||||
/* The library search path. */
|
||||
- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
||||
+ if (!__libc_enable_secure
|
||||
+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
|
||||
{
|
||||
library_path = &envline[13];
|
||||
break;
|
||||
@@ -2532,6 +2568,12 @@ process_envvars (enum mode *modep)
|
||||
}
|
||||
}
|
||||
|
||||
+ /* Even if LD_AUDIT occurs multiple times in the environment
|
||||
+ process_dl_audit should only be called once to avoid polluting the
|
||||
+ heap with unused copies of the value. */
|
||||
+ if (ld_audit != NULL)
|
||||
+ process_dl_audit (ld_audit);
|
||||
+
|
||||
/* The caller wants this information. */
|
||||
*modep = mode;
|
||||
|
||||
Index: glibc-2.25/sysdeps/i386/i686/multiarch/strcspn-c.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sysdeps/i386/i686/multiarch/strcspn-c.c
|
||||
+++ glibc-2.25/sysdeps/i386/i686/multiarch/strcspn-c.c
|
||||
@@ -1,2 +1,4 @@
|
||||
-#define __strcspn_sse2 __strcspn_ia32
|
||||
-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
|
||||
+#if IS_IN (libc)
|
||||
+# define __strcspn_sse2 __strcspn_ia32
|
||||
+# include <sysdeps/x86_64/multiarch/strcspn-c.c>
|
||||
+#endif
|
||||
Index: glibc-2.25/sysdeps/i386/i686/multiarch/varshift.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sysdeps/i386/i686/multiarch/varshift.c
|
||||
+++ glibc-2.25/sysdeps/i386/i686/multiarch/varshift.c
|
||||
@@ -1 +1,3 @@
|
||||
-#include <sysdeps/x86_64/multiarch/varshift.c>
|
||||
+#if IS_IN (libc)
|
||||
+# include <sysdeps/x86_64/multiarch/varshift.c>
|
||||
+#endif
|
@ -1,111 +0,0 @@
|
||||
2017-02-27 Florian Weimer <fweimer@redhat.com>
|
||||
|
||||
[BZ #21115]
|
||||
* sunrpc/clnt_udp.c (clntudp_call): Free ancillary data later.
|
||||
* sunrpc/Makefile (tests): Add tst-udp-error.
|
||||
(tst-udp-error): Link against libc.so explicitly.
|
||||
* sunrpc/tst-udp-error: New file.
|
||||
|
||||
Index: glibc-2.25/sunrpc/Makefile
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sunrpc/Makefile
|
||||
+++ glibc-2.25/sunrpc/Makefile
|
||||
@@ -93,7 +93,7 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_
|
||||
extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
|
||||
others += rpcgen
|
||||
|
||||
-tests = tst-xdrmem tst-xdrmem2 test-rpcent
|
||||
+tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error
|
||||
xtests := tst-getmyaddr
|
||||
|
||||
ifeq ($(have-thread-library),yes)
|
||||
@@ -155,6 +155,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
|
||||
$(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
|
||||
$(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
|
||||
$(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
|
||||
+$(objpfx)tst-udp-error: $(common-objpfx)linkobj/libc.so
|
||||
|
||||
$(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
|
||||
|
||||
Index: glibc-2.25/sunrpc/clnt_udp.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sunrpc/clnt_udp.c
|
||||
+++ glibc-2.25/sunrpc/clnt_udp.c
|
||||
@@ -424,9 +424,9 @@ send_again:
|
||||
cmsg = CMSG_NXTHDR (&msg, cmsg))
|
||||
if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
|
||||
{
|
||||
- free (cbuf);
|
||||
e = (struct sock_extended_err *) CMSG_DATA(cmsg);
|
||||
cu->cu_error.re_errno = e->ee_errno;
|
||||
+ free (cbuf);
|
||||
return (cu->cu_error.re_status = RPC_CANTRECV);
|
||||
}
|
||||
free (cbuf);
|
||||
Index: glibc-2.25/sunrpc/tst-udp-error.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ glibc-2.25/sunrpc/tst-udp-error.c
|
||||
@@ -0,0 +1,62 @@
|
||||
+/* Check for use-after-free in clntudp_call (bug 21115).
|
||||
+ Copyright (C) 2017 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <netinet/in.h>
|
||||
+#include <rpc/clnt.h>
|
||||
+#include <rpc/svc.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/namespace.h>
|
||||
+#include <support/xsocket.h>
|
||||
+#include <unistd.h>
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ support_become_root ();
|
||||
+ support_enter_network_namespace ();
|
||||
+
|
||||
+ /* Obtain a likely-unused port number. */
|
||||
+ struct sockaddr_in sin =
|
||||
+ {
|
||||
+ .sin_family = AF_INET,
|
||||
+ .sin_addr.s_addr = htonl (INADDR_LOOPBACK),
|
||||
+ };
|
||||
+ {
|
||||
+ int fd = xsocket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
+ xbind (fd, (struct sockaddr *) &sin, sizeof (sin));
|
||||
+ socklen_t sinlen = sizeof (sin);
|
||||
+ xgetsockname (fd, (struct sockaddr *) &sin, &sinlen);
|
||||
+ /* Close the socket, so that we will receive an error below. */
|
||||
+ close (fd);
|
||||
+ }
|
||||
+
|
||||
+ int sock = RPC_ANYSOCK;
|
||||
+ CLIENT *clnt = clntudp_create
|
||||
+ (&sin, 1, 2, (struct timeval) { 1, 0 }, &sock);
|
||||
+ TEST_VERIFY_EXIT (clnt != NULL);
|
||||
+ TEST_VERIFY (clnt_call (clnt, 3,
|
||||
+ (xdrproc_t) xdr_void, NULL,
|
||||
+ (xdrproc_t) xdr_void, NULL,
|
||||
+ ((struct timeval) { 3, 0 }))
|
||||
+ == RPC_CANTRECV);
|
||||
+ clnt_destroy (clnt);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
@ -1,69 +0,0 @@
|
||||
2017-03-15 Joseph Myers <joseph@codesourcery.com>
|
||||
|
||||
* sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
|
||||
Use a union when storing pointers.
|
||||
(VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and
|
||||
cast result when passing to INIT_VEC_PTRS_LOOP.
|
||||
(VECTOR_WRAPPER_fFF_3): Likewise.
|
||||
(VECTOR_WRAPPER_fFF_4): Likewise.
|
||||
|
||||
Index: glibc-2.25/sysdeps/x86/fpu/test-math-vector-sincos.h
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/sysdeps/x86/fpu/test-math-vector-sincos.h
|
||||
+++ glibc-2.25/sysdeps/x86/fpu/test-math-vector-sincos.h
|
||||
@@ -17,14 +17,14 @@
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
-#define INIT_VEC_PTRS_LOOP(vec, val, len) \
|
||||
- do \
|
||||
- { \
|
||||
- for (i = 0; i < len; i++) \
|
||||
- { \
|
||||
- vec[i] = &val[i]; \
|
||||
- } \
|
||||
- } \
|
||||
+#define INIT_VEC_PTRS_LOOP(vec, val, len) \
|
||||
+ do \
|
||||
+ { \
|
||||
+ union { VEC_INT_TYPE v; __typeof__ ((val)[0]) *a[(len)]; } u; \
|
||||
+ for (i = 0; i < len; i++) \
|
||||
+ u.a[i] = &(val)[i]; \
|
||||
+ (vec) = u.v; \
|
||||
+ } \
|
||||
while (0)
|
||||
|
||||
/* Wrapper for vector sincos/sincosf compatible with x86_64 and x32 variants
|
||||
@@ -40,8 +40,8 @@ void scalar_func (FLOAT x, FLOAT * r, FL
|
||||
VEC_TYPE mx; \
|
||||
VEC_INT_TYPE mr, mr1; \
|
||||
INIT_VEC_LOOP (mx, x, VEC_LEN); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN); \
|
||||
vector_func (mx, mr, mr1); \
|
||||
TEST_VEC_LOOP (r_loc, VEC_LEN); \
|
||||
TEST_VEC_LOOP (r1_loc, VEC_LEN); \
|
||||
@@ -63,8 +63,8 @@ void scalar_func (FLOAT x, FLOAT * r, FL
|
||||
VEC_TYPE mx; \
|
||||
VEC_INT_TYPE mr, mr1; \
|
||||
INIT_VEC_LOOP (mx, x, VEC_LEN); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/2); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/2); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/2); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/2); \
|
||||
vector_func (mx, mr, mr, mr1, mr1); \
|
||||
TEST_VEC_LOOP (r_loc, VEC_LEN/2); \
|
||||
TEST_VEC_LOOP (r1_loc, VEC_LEN/2); \
|
||||
@@ -87,8 +87,8 @@ void scalar_func (FLOAT x, FLOAT * r, FL
|
||||
VEC_TYPE mx; \
|
||||
VEC_INT_TYPE mr, mr1; \
|
||||
INIT_VEC_LOOP (mx, x, VEC_LEN); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/4); \
|
||||
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/4); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/4); \
|
||||
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/4); \
|
||||
vector_func (mx, mr, mr, mr, mr, mr1, mr1, mr1, mr1); \
|
||||
TEST_VEC_LOOP (r_loc, VEC_LEN/4); \
|
||||
TEST_VEC_LOOP (r1_loc, VEC_LEN/4); \
|
@ -1,73 +0,0 @@
|
||||
2017-02-08 Siddhesh Poyarekar <siddhesh@sourceware.org>
|
||||
|
||||
[BZ #21109]
|
||||
* elf/dl-tunable-types.h (tunable_callback_t): Accept
|
||||
tunable_val_t as argument.
|
||||
* elf/dl-tunables.c (__tunable_set_val): Add comment.
|
||||
* malloc/arena.c (set_mallopt_check): Take tunable_val_t as
|
||||
argument.
|
||||
(DL_TUNABLE_CALLBACK_FNDECL): Likewise.
|
||||
|
||||
Index: glibc-2.25/elf/dl-tunable-types.h
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/elf/dl-tunable-types.h
|
||||
+++ glibc-2.25/elf/dl-tunable-types.h
|
||||
@@ -21,8 +21,6 @@
|
||||
# define _TUNABLE_TYPES_H_
|
||||
#include <stddef.h>
|
||||
|
||||
-typedef void (*tunable_callback_t) (void *);
|
||||
-
|
||||
typedef enum
|
||||
{
|
||||
TUNABLE_TYPE_INT_32,
|
||||
@@ -43,6 +41,8 @@ typedef union
|
||||
const char *strval;
|
||||
} tunable_val_t;
|
||||
|
||||
+typedef void (*tunable_callback_t) (tunable_val_t *);
|
||||
+
|
||||
/* Security level for tunables. This decides what to do with individual
|
||||
tunables for AT_SECURE binaries. */
|
||||
typedef enum
|
||||
Index: glibc-2.25/elf/dl-tunables.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/elf/dl-tunables.c
|
||||
+++ glibc-2.25/elf/dl-tunables.c
|
||||
@@ -455,6 +455,8 @@ __tunable_set_val (tunable_id_t id, void
|
||||
if (cur->strval == NULL)
|
||||
return;
|
||||
|
||||
+ /* Caller does not need the value, just call the callback with our tunable
|
||||
+ value. */
|
||||
if (valp == NULL)
|
||||
goto cb;
|
||||
|
||||
Index: glibc-2.25/malloc/arena.c
|
||||
===================================================================
|
||||
--- glibc-2.25.orig/malloc/arena.c
|
||||
+++ glibc-2.25/malloc/arena.c
|
||||
@@ -212,9 +212,9 @@ __malloc_fork_unlock_child (void)
|
||||
#if HAVE_TUNABLES
|
||||
static inline int do_set_mallopt_check (int32_t value);
|
||||
void
|
||||
-DL_TUNABLE_CALLBACK (set_mallopt_check) (void *valp)
|
||||
+DL_TUNABLE_CALLBACK (set_mallopt_check) (tunable_val_t *valp)
|
||||
{
|
||||
- int32_t value = *(int32_t *) valp;
|
||||
+ int32_t value = (int32_t) valp->numval;
|
||||
do_set_mallopt_check (value);
|
||||
if (check_action != 0)
|
||||
__malloc_check_init ();
|
||||
@@ -223,9 +223,9 @@ DL_TUNABLE_CALLBACK (set_mallopt_check)
|
||||
# define DL_TUNABLE_CALLBACK_FNDECL(__name, __type) \
|
||||
static inline int do_ ## __name (__type value); \
|
||||
void \
|
||||
-DL_TUNABLE_CALLBACK (__name) (void *valp) \
|
||||
+DL_TUNABLE_CALLBACK (__name) (tunable_val_t *valp) \
|
||||
{ \
|
||||
- __type value = *(__type *) valp; \
|
||||
+ __type value = (__type) (valp)->numval; \
|
||||
do_ ## __name (value); \
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user