pool/glibc
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 774215 from Base:System

Browse Source 
- fix-locking-in-_IO_cleanup.patch: update to latest version (forwarded request 774214 from Andreas_Schwab)

OBS-URL: https://build.opensuse.org/request/show/774215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=234
This commit is contained in:
Dominique Leuenberger 2020-02-15 21:21:56 +00:00 committed by Git OBS Bridge
commit 88e1e115c9
13 changed files with 232 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

195
fix-locking-in-_IO_cleanup.patch
View File

@ -1,70 +1,34 @@
Always do locking when accessing streams (bug 15142)
Always do locking when accessing streams (bug 15142, bug 14697)
During exit, skip files that are currently locked to avoid deadlock.
Now that abort no longer calls fflush there is no reason to avoid locking
the stdio streams anywhere. This fixes a conformance issue and potential
heap corruption during exit. The test nptl/tst-stdio1 is removed as that
was expecting the problematic behaviour.
[BZ #15142]
* libio/libio.h (_IO_ftrylockfile) [_IO_MTSAVE_IO]: Define.
* libio/genops.c (_IO_flush_all_lockp): Make static. Rename
argument to skip_locked, callers changed. Skip files that are
locked if skip_locked.
(_IO_unbuffer_all): Lock files before access, but skip locked
files.
* libio/libioP.h (_IO_flush_all_lockp): Don't declare.
Index: glibc-2.27/libio/libio.h
Index: glibc-2.31/libio/genops.c
===================================================================
--- glibc-2.27.orig/libio/libio.h
+++ glibc-2.27/libio/libio.h
@@ -33,11 +33,15 @@ libc_hidden_proto (_IO_vfscanf)
if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*(_fp)->_lock)
# define _IO_funlockfile(_fp) \
if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_lock_unlock (*(_fp)->_lock)
+# define _IO_ftrylockfile(_fp) \
+ (((_fp)->_flags & _IO_USER_LOCK) == 0 ? _IO_lock_trylock (*(_fp)->_lock) : 0)
# else
# define _IO_flockfile(_fp) \
if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_flockfile (_fp)
# define _IO_funlockfile(_fp) \
if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_funlockfile (_fp)
+# define _IO_ftrylockfile(_fp) \
+ (((_fp)->_flags & _IO_USER_LOCK) == 0 ? _IO_ftrylockfile (_fp) : 0)
# endif
#endif /* _IO_MTSAFE_IO */
Index: glibc-2.27/libio/genops.c
===================================================================
--- glibc-2.27.orig/libio/genops.c
+++ glibc-2.27/libio/genops.c
@@ -744,8 +744,8 @@ _IO_adjust_column (unsigned start, const
}
--- glibc-2.31.orig/libio/genops.c
+++ glibc-2.31/libio/genops.c
@@ -682,7 +682,7 @@ _IO_adjust_column (unsigned start, const
libc_hidden_def (_IO_adjust_column)
-int
int
-_IO_flush_all_lockp (int do_lock)
+static int
+_IO_flush_all_lockp (bool skip_locked)
+_IO_flush_all (void)
{
int result = 0;
FILE *fp;
@@ -758,7 +758,16 @@ _IO_flush_all_lockp (int do_lock)
@@ -695,8 +695,7 @@ _IO_flush_all_lockp (int do_lock)
for (fp = (FILE *) _IO_list_all; fp != NULL; fp = fp->_chain)
{
run_fp = fp;
- if (do_lock)
+ if (skip_locked)
+ {
+ /* Skip files that are currently locked. */
+ if (_IO_ftrylockfile (fp))
+ {
+ run_fp = NULL;
+ continue;
+ }
+ }
+ else
_IO_flockfile (fp);
- _IO_flockfile (fp);
+ _IO_flockfile (fp);
if (((fp->_mode <= 0 && fp->_IO_write_ptr > fp->_IO_write_base)
@@ -769,8 +778,7 @@ _IO_flush_all_lockp (int do_lock)
|| (_IO_vtable_offset (fp) == 0
@@ -706,8 +705,7 @@ _IO_flush_all_lockp (int do_lock)
&& _IO_OVERFLOW (fp, EOF) == EOF)
result = EOF;
@ -74,31 +38,32 @@ Index: glibc-2.27/libio/genops.c
run_fp = NULL;
}
@@ -787,7 +795,7 @@ int
_IO_flush_all (void)
{
/* We want locking. */
- return _IO_flush_all_lockp (1);
+ return _IO_flush_all_lockp (false);
@@ -718,14 +716,6 @@ _IO_flush_all_lockp (int do_lock)
return result;
}
-
-
-int
-_IO_flush_all (void)
-{
- /* We want locking. */
- return _IO_flush_all_lockp (1);
-}
libc_hidden_def (_IO_flush_all)
@@ -852,6 +860,14 @@ _IO_unbuffer_all (void)
for (fp = (FILE *) _IO_list_all; fp; fp = fp->_chain)
void
@@ -791,6 +781,9 @@ _IO_unbuffer_all (void)
{
+ run_fp = fp;
+ /* Skip files that are currently locked. */
+ if (_IO_ftrylockfile (fp))
+ {
+ run_fp = NULL;
+ continue;
+ }
+
int legacy = 0;
+ run_fp = fp;
+ _IO_flockfile (fp);
+
#if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1)
@@ -863,18 +879,6 @@ _IO_unbuffer_all (void)
if (__glibc_unlikely (_IO_vtable_offset (fp) != 0))
legacy = 1;
@@ -800,18 +793,6 @@ _IO_unbuffer_all (void)
/* Iff stream is un-orientated, it wasn't used. */
&& (legacy || fp->_mode != 0))
{
@ -117,7 +82,7 @@ Index: glibc-2.27/libio/genops.c
if (! legacy && ! dealloc_buffers && !(fp->_flags & _IO_USER_BUF))
{
fp->_flags |= _IO_USER_BUF;
@@ -881,17 +885,15 @@ _IO_unbuffer_all (void)
@@ -825,17 +806,15 @@ _IO_unbuffer_all (void)
if (! legacy && fp->_mode > 0)
_IO_wsetb (fp, NULL, NULL, 0);
@ -138,24 +103,22 @@ Index: glibc-2.27/libio/genops.c
}
#ifdef _IO_MTSAFE_IO
@@ -916,9 +918,9 @@ libc_freeres_fn (buffer_free)
@@ -861,9 +840,7 @@ libc_freeres_fn (buffer_free)
int
_IO_cleanup (void)
{
- /* We do *not* want locking. Some threads might use streams but
- that is their problem, we flush them underneath them. */
- int result = _IO_flush_all_lockp (0);
+ /* We want to skip locked streams. Some threads might use streams but
+ that is their problem, we don't flush those. */
+ int result = _IO_flush_all_lockp (true);
+ int result = _IO_flush_all ();
/* We currently don't have a reliable mechanism for making sure that
C++ static destructors are executed in the correct order.
Index: glibc-2.27/libio/libioP.h
Index: glibc-2.31/libio/libioP.h
===================================================================
--- glibc-2.27.orig/libio/libioP.h
+++ glibc-2.27/libio/libioP.h
@@ -486,7 +486,6 @@ extern int _IO_new_do_write (FILE *, con
--- glibc-2.31.orig/libio/libioP.h
+++ glibc-2.31/libio/libioP.h
@@ -487,7 +487,6 @@ extern int _IO_new_do_write (FILE *, con
extern int _IO_old_do_write (FILE *, const char *, size_t);
extern int _IO_wdo_write (FILE *, const wchar_t *, size_t);
libc_hidden_proto (_IO_wdo_write)
@ -163,3 +126,77 @@ Index: glibc-2.27/libio/libioP.h
extern int _IO_flush_all (void);
libc_hidden_proto (_IO_flush_all)
extern int _IO_cleanup (void);
Index: glibc-2.31/nptl/Makefile
===================================================================
--- glibc-2.31.orig/nptl/Makefile
+++ glibc-2.31/nptl/Makefile
@@ -295,7 +295,7 @@ tests = tst-attr1 tst-attr2 tst-attr3 ts
tst-signal6 \
tst-exec1 tst-exec2 tst-exec3 tst-exec4 tst-exec5 \
tst-exit1 tst-exit2 tst-exit3 \
- tst-stdio1 tst-stdio2 \
+ tst-stdio2 \
tst-stack1 tst-stack2 tst-stack3 tst-stack4 tst-pthread-getattr \
tst-pthread-attr-affinity tst-pthread-mutexattr \
tst-unload \
Index: glibc-2.31/nptl/tst-stdio1.c
===================================================================
--- glibc-2.31.orig/nptl/tst-stdio1.c
+++ /dev/null
@@ -1,56 +0,0 @@
-/* Copyright (C) 2002-2020 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
- Contributed by Ulrich Drepper <drepper@redhat.com>, 2002.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, see
- <https://www.gnu.org/licenses/>. */
-
-#include <pthread.h>
-#include <signal.h>
-#include <stdio.h>
-#include <unistd.h>
-
-static int do_test (void);
-
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
-
-static void *tf (void *a)
-{
- flockfile (stdout);
- /* This call should never return. */
- return a;
-}
-
-
-int
-do_test (void)
-{
- pthread_t th;
-
- flockfile (stdout);
-
- if (pthread_create (&th, NULL, tf, NULL) != 0)
- {
- write_message ("create failed\n");
- _exit (1);
- }
-
- delayed_exit (1);
- xpthread_join (th);
-
- puts ("join returned");
-
- return 1;
-}

3
glibc-2.30.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e2c4114e569afbe7edbc29131a43be833850ab9a459d81beb2588016d2bbb8af
size 16576920

16
glibc-2.30.tar.xz.sig
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAl1DRIYACgkQFnkrTqJT
QPjGfBAAhds1wnuzs5K1NDOCurXDu/WLe+isQB3zEQEQy15Wy2ZHNN801k9Wt9j7
vd4mG5whsMdjzXE6QmEY9x/kREQ5XQV4vlGBO8r9ZO42retlWWYBtuoLo6weS2WK
FstZ8k5hcS83ZBs/fbea4OFv5L6kopVkqYbqHQMudxLZIjTGVXjjwWBZqlAbW9UE
iIynJ/f5SwLisIQfRKT//B4lANaH2hvxfZlfngbWRaSnsj28BK3Ut+HwgZpVU+N0
O/Yi5hp38IKBNvso4h1//LYCYIOiZVbvdWFXUXhvpOySrKpU+/akSk3B3okgsAnO
WjcCqJNtdjJqRhhLhn8IxJtBOxojqfY5Yjchjj6VkXm9AYDjWxxiwQuNOkyK6nRC
KBLkwAkOAI45yAd5p9oBiVDAeyQFww1bwdojBjHgPKySM2JJI6fooQ1c8wd8ZCiO
QsHpd7JnBhWaLr6Xm50U2aED4s6lf3auEr49mQDbuizl6DUHLHzFGx7kN6vXGQaC
FPNuskYdKzM+eEbdpbP49niska1DBjSYjDddO/AMGRHlzjcPUn5mQht3XquUQNby
EP6S9DrS6J3rM88Wz4Rl/8tsWQ9W+u/fImtHjobC7oZ+0eFGpZ0ZT50pbZxzsQkb
7yWU92RXuN7ySg9MUzLG7Z60iVTWgkFU8gaZGBTOXcskm04K5og=
=i6A/
-----END PGP SIGNATURE-----

3
glibc-2.31.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9246fe44f68feeec8c666bb87973d590ce0137cca145df014c72ec95be9ffd17
size 16676764

11
glibc-2.31.tar.xz.sig Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEvHxzcmN+wQxX16plecQ9+/HPIYcFAl41bZQACgkQecQ9+/HP
IYfUQgf/d5dAUK871suOXNfFcw67sHEPsnLami/WPXyyw/pXDjuLZYLNTGOmpQol
VdV38p1BxaJs0A5EBSVm32xhgMR2Jum6qKu/mpEnfy5ac1lGiTxO1pVMDDXjdPaK
S8+nJXTf3MVYUCmu4W426DdRkdsBmP0KlKo8ZFBlhAJoPXeikJMGOf/uUR5VimNE
VY2EPDHEaqrBco/lm3LqZ6RWu7+B7K5GXR2EMLBDLIKirYd17nIqzjhFjv0pcS/e
UE2K0vxA5ip59ep4xxRmDu8bOshlZlfhHGuAiD+B2iwxwWFv6D75IyrtqB5KHWtD
/crvu7njsCsgWJKNA83pkt19nj9mxQ==
=TAIE
-----END PGP SIGNATURE-----

2
glibc-version.diff
View File

@ -8,7 +8,7 @@ Index: glibc-2.27/csu/version.c
static const char banner[] =
-"GNU C Library "PKGVERSION RELEASE" release version "VERSION".\n\
+"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID").\n\
Copyright (C) 2019 Free Software Foundation, Inc.\n\
Copyright (C) 2020 Free Software Foundation, Inc.\n\
This is free software; see the source for copying conditions.\n\
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\
PARTICULAR PURPOSE.\n\

40
glibc.changes
View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Thu Feb 13 14:16:05 UTC 2020 - Andreas Schwab <schwab@suse.de>
- fix-locking-in-_IO_cleanup.patch: update to latest version
-------------------------------------------------------------------
Mon Feb 3 08:13:02 UTC 2020 - Andreas Schwab <schwab@suse.de>
- Update to glibc 2.31
* The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to
enable features from the draft ISO C2X standard
* The <math.h> functions that round their results to a narrower type now
have corresponding type-generic macros in <tgmath.h>
* The function pthread_clockjoin_np has been added, enabling join with a
terminated thread with a specific clock
* New locale added: mnw_MM (Mon language spoken in Myanmar).
* The DNS stub resolver will optionally send the AD (authenticated data) bit
in queries if the trust-ad option is set via the options directive in
/etc/resolv.conf (or if RES_TRUSTAD is set in _res.options)
* The totalorder and totalordermag functions, and the corresponding
functions for other floating-point types, now take pointer arguments to
avoid signaling NaNs possibly being converted to quiet NaNs in argument
passing
* The obsolete function stime is no longer available to newly linked
binaries, and its declaration has been removed from <time.h>
* The gettimeofday function no longer reports information about a
system-wide time zone
* If a lazy binding failure happens during dlopen, during the execution of
an ELF constructor, the process is now terminated
- malloc-info-whitespace.patch, riscv-vfork.patch,
prefer-map-32bit-exec.patch, backtrace-powerpc.patch,
ldconfig-dynstr.patch: Removed.
-------------------------------------------------------------------
Tue Jan 21 15:08:13 UTC 2020 - Andreas Schwab <schwab@suse.de>
- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC
(bsc#1158996, BZ #25423)
- Drop support for pluggable gconv modules (bsc#1159851)
-------------------------------------------------------------------
Mon Dec 9 13:21:34 UTC 2019 - Andreas Schwab <schwab@suse.de>

27
glibc.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package glibc
#
# Copyright (c) 2019 SUSE LLC
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -148,7 +148,7 @@ BuildArch: i686
%define enablekernel 4.15
%endif
Version: 2.30
Version: 2.31
Release: 0
%if !%{build_snapshot}
%define git_id 0a8262a1b2
@ -257,12 +257,6 @@ Patch306: glibc-fix-double-loopback.diff
###
# Patches from upstream
###
# PATCH-FIX-UPSTREAM malloc: Remove unwanted leading whitespace in malloc_info (BZ #24867)
Patch1000: malloc-info-whitespace.patch
# PATCH-FIX-UPSTREAM Fix RISC-V vfork build with Linux 5.3 kernel headers
Patch1001: riscv-vfork.patch
# PATCH-FIX-UPSTREAM rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126, BZ #25204)
Patch1002: prefer-map-32bit-exec.patch
###
# Patches awaiting upstream approval
@ -271,10 +265,8 @@ Patch1002: prefer-map-32bit-exec.patch
Patch2000: fix-locking-in-_IO_cleanup.patch
# PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973)
Patch2001: ldconfig-concurrency.patch
# PATCH-FIX-UPSTREAM ldconfig: handle .dynstr located in separate segment (BZ #25087)
Patch2002: ldconfig-dynstr.patch
# PATCH-FIX-UPSTREAM Fix buffer overrun in EUC-KR conversion module (BZ #24973)
Patch2003: euc-kr-overrun.patch
Patch2002: euc-kr-overrun.patch
# Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
@ -472,14 +464,9 @@ makedb: A program to create a database for nss
%patch304 -p1
%patch306 -p1
%patch1000 -p1
%patch1001 -p1
%patch1002 -p1
%patch2000 -p1
%patch2001 -p1
%patch2002 -p1
%patch2003 -p1
%patch3000
@ -1044,11 +1031,6 @@ end
%postun -p /sbin/ldconfig
%post locale-base
for l in /usr/share/locale/locale.alias %{_libdir}/gconv/gconv-modules; do
[ -d "$l.d" ] || continue
echo "###X# The following is autogenerated from extra files in the .d directory:" >>"$l"
cat "$l.d"/* >>"$l"
done
/usr/sbin/iconvconfig
%post info
@ -1263,9 +1245,6 @@ exit 0
%{_libdir}/libnldbl_nonshared.a
%endif
%{_libdir}/libmcheck.a
%ifarch x86_64
%{_libdir}/libmvec_nonshared.a
%endif
%files devel-static
%defattr(-,root,root)

86
ldconfig-dynstr.patch
View File

@ -1,86 +0,0 @@
ldconfig: handle .dynstr located in separate segment (bug 25087)
To determine the load offset of the DT_STRTAB section search for the
segment containing it, instead of using the load offset of the first
segment.
[BZ #25087]
* elf/readelflib.c (process_elf_file): Use containing segment for
DT_STRTAB load offset.
---
elf/readelflib.c | 34 +++++++++++++++++++++-------------
1 file changed, 21 insertions(+), 13 deletions(-)
Index: glibc-2.30/elf/readelflib.c
===================================================================
--- glibc-2.30.orig/elf/readelflib.c
+++ glibc-2.30/elf/readelflib.c
@@ -45,7 +45,6 @@ process_elf_file (const char *file_name,
{
int i;
unsigned int j;
- ElfW(Addr) loadaddr;
unsigned int dynamic_addr;
size_t dynamic_size;
char *program_interpreter;
@@ -87,7 +86,6 @@ process_elf_file (const char *file_name,
libc5/libc6. */
*flag = FLAG_ELF;
- loadaddr = -1;
dynamic_addr = 0;
dynamic_size = 0;
program_interpreter = NULL;
@@ -98,11 +96,6 @@ process_elf_file (const char *file_name,
switch (segment->p_type)
{
- case PT_LOAD:
- if (loadaddr == (ElfW(Addr)) -1)
- loadaddr = segment->p_vaddr - segment->p_offset;
- break;
-
case PT_DYNAMIC:
if (dynamic_addr)
error (0, 0, _("more than one dynamic segment\n"));
@@ -176,11 +169,6 @@ process_elf_file (const char *file_name,
}
}
- if (loadaddr == (ElfW(Addr)) -1)
- {
- /* Very strange. */
- loadaddr = 0;
- }
/* Now we can read the dynamic sections. */
if (dynamic_size == 0)
@@ -197,7 +185,27 @@ process_elf_file (const char *file_name,
check_ptr (dyn_entry);
if (dyn_entry->d_tag == DT_STRTAB)
{
- dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadaddr);
+ /* Find the file offset of the segment containing the dynamic
+ string table. */
+ ElfW(Off) loadoff = -1;
+ for (i = 0, segment = elf_pheader;
+ i < elf_header->e_phnum; i++, segment++)
+ {
+ if (segment->p_type == PT_LOAD
+ && dyn_entry->d_un.d_val >= segment->p_vaddr
+ && dyn_entry->d_un.d_val < segment->p_vaddr + segment->p_filesz)
+ {
+ loadoff = segment->p_vaddr - segment->p_offset;
+ break;
+ }
+ }
+ if (loadoff == (ElfW(Off)) -1)
+ {
+ /* Very strange. */
+ loadoff = 0;
+ }
+
+ dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadoff);
check_ptr (dynamic_strings);
break;
}

22
malloc-info-whitespace.patch
View File

@ -1,22 +0,0 @@
2019-08-01 Florian Weimer <fweimer@redhat.com>
[BZ #24867]
* malloc/malloc.c (__malloc_info): Remove unwanted leading
whitespace.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 00ce48cf58..343d89f489 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -5491,7 +5491,7 @@ __malloc_info (int options, FILE *fp)
for (size_t i = 0; i < nsizes; ++i)
if (sizes[i].count != 0 && i != NFASTBINS)
- fprintf (fp, " \
+ fprintf (fp, "\
<size from=\"%zu\" to=\"%zu\" total=\"%zu\" count=\"%zu\"/>\n",
sizes[i].from, sizes[i].to, sizes[i].total, sizes[i].count);
--
2.22.0

84
nsswitch.conf
View File

@ -4,39 +4,71 @@
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Valid databases are: aliases, ethers, group, gshadow, hosts,
# initgroups, netgroup, networks, passwd, protocols, publickey,
# rpc, services, and shadow.
#
# Legal entries are:
# Valid service provider entries include (in alphabetical order):
#
# compat Use compatibility setup
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found so far
# compat Use /etc files plus *_compat pseudo-db
# db Use the pre-processed /var/db files
# dns Use DNS (Domain Name Service)
# files Use the local files in /etc
# hesiod Use Hesiod (DNS) for user lookups
# nis Use NIS (NIS version 2), also called YP
# nisplus Use NIS+ (NIS version 3)
#
# For more information, please read the nsswitch.conf.5 manual page.
# See `info libc 'NSS Basics'` for more information.
#
# Commonly used alternative service providers (may need installation):
#
# ldap Use LDAP directory server
# myhostname Use systemd host names
# mymachines Use systemd machine names
# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD
# resolve Use systemd resolved resolver
# sss Use System Security Services Daemon (sssd)
# systemd Use systemd for dynamic user option
# winbind Use Samba winbind support
# wins Use Samba wins support
# wrapper Use wrapper module for testing
#
# Notes:
#
# 'sssd' performs its own 'files'-based caching, so it should generally
# come before 'files'.
#
# WARNING: Running nscd with a secondary caching service like sssd may
# lead to unexpected behaviour, especially with how long
# entries are cached.
#
# Installation instructions:
#
# To use 'db', install the appropriate package(s) (provide 'makedb' and
# libnss_db.so.*), and place the 'db' in front of 'files' for entries
# you want to be looked up first in the databases, like this:
#
# passwd: db files
# shadow: db files
# group: db files
passwd: compat
group: compat
shadow: compat
passwd: compat
group: compat
shadow: compat
hosts: files dns
networks: files dns
services: files usrfiles
protocols: files usrfiles
rpc: files usrfiles
ethers: files usrfiles
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
automount: files nis
aliases: files usrfiles
ethers: files usrfiles
gshadow: files usrfiles
initgroups: files
netgroup: files nis
protocols: files usrfiles
publickey: files
rpc: files usrfiles
services: files usrfiles
automount: files nis
bootparams: files
netmasks: files

28
prefer-map-32bit-exec.patch
View File

@ -1,28 +0,0 @@
From d5dfad4326fc683c813df1e37bbf5cf920591c8e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
Date: Thu, 21 Nov 2019 00:20:15 +0100
Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
---
NEWS | 6 +++++-
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++-
2 files changed, 7 insertions(+), 2 deletions(-)
Index: glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
===================================================================
--- glibc-2.30.orig/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -31,7 +31,8 @@
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
#define EXTRA_LD_ENVVARS \
case 21: \
- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
+ if (!__libc_enable_secure \
+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
break;

25
riscv-vfork.patch
View File

@ -1,25 +0,0 @@
2019-09-18 Joseph Myers <joseph@codesourcery.com>
* sysdeps/unix/sysv/linux/riscv/vfork.S: Do not include
<linux/sched.h>.
(CLONE_VM): New macro.
(CLONE_VFORK): Likewise.
Index: glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S
===================================================================
--- glibc-2.30.orig/sysdeps/unix/sysv/linux/riscv/vfork.S
+++ glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S
@@ -21,9 +21,12 @@
#include <sys/asm.h>
#include <sysdep.h>
#define __ASSEMBLY__
-#include <linux/sched.h>
#include <asm/signal.h>
+#define CLONE_VM 0x00000100 /* Set if VM shared between processes. */
+#define CLONE_VFORK 0x00004000 /* Set if the parent wants the child to
+ wake it up on mm_release. */
+
.text
LEAF (__libc_vfork)