Accepting request 1136424 from Base:System

- sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is
  expected to exist (BZ #30789)
- ldconfig-process-elf-file.patch: elf: Fix wrong break removal from
  8ee878592c
- tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment
  (BZ #29039)
- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
  EAI_MEMORY (bsc#1217589, BZ #31163)
- libio-wdo-write.patch: libio: Check remaining buffer size in
  _IO_wdo_write (BZ #31183) (forwarded request 1136423 from Andreas_Schwab)

OBS-URL: https://build.opensuse.org/request/show/1136424
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=284

getaddrinfo-eai-memory.patch

@@ -0,0 +1,36 @@
+From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Wed, 6 Dec 2023 14:48:22 +0100
+Subject: [PATCH] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163)
+
+When __resolv_context_get returns NULL due to out of memory, translate it
+to a return value of EAI_MEMORY.
+
+(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f)
+---
+ sysdeps/posix/getaddrinfo.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
+index 13082305d3..da573bea24 100644
+--- a/sysdeps/posix/getaddrinfo.c
++++ b/sysdeps/posix/getaddrinfo.c
+@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req,
+      function variant.  */
+   res_ctx = __resolv_context_get ();
+   if (res_ctx == NULL)
+-    no_more = 1;
++    {
++      if (errno == ENOMEM)
++	{
++	  result = -EAI_MEMORY;
++	  goto out;
++	}
++      no_more = 1;
++    }
+ 
+   while (!no_more)
+     {
+-- 
+2.43.0
+

glibc.changes

@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Tue Jan  2 11:30:46 UTC 2024 - Andreas Schwab <schwab@suse.de>
+
+- sem-open-o-creat.patch: sem_open: Clear O_CREAT when semaphore file is
+  expected to exist (BZ #30789)
+- ldconfig-process-elf-file.patch: elf: Fix wrong break removal from
+  8ee878592c
+- tls-modid-reuse.patch: elf: Fix TLS modid reuse generation assignment
+  (BZ #29039)
+- getaddrinfo-eai-memory.patch: getaddrinfo: translate ENOMEM to
+  EAI_MEMORY (bsc#1217589, BZ #31163)
+- libio-wdo-write.patch: libio: Check remaining buffer size in
+  _IO_wdo_write (BZ #31183)
+
 -------------------------------------------------------------------
 Tue Dec  5 11:52:03 UTC 2023 - Andreas Schwab <schwab@suse.de>
 

glibc.spec

@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -333,6 +333,16 @@ Patch1013:      tunables-string-parsing.patch
 Patch1014:      gb18030-2022.patch
 # PATCH-FIX-UPSTREAM aarch64: correct CFI in rawmemchr (BZ #31113)
 Patch1015:      aarch64-rawmemchr-unwind.patch
+# PATCH-FIX-UPSTREAM sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist (BZ #30789)
+Patch1016:      sem-open-o-creat.patch
+# PATCH-FIX-UPSTREAM elf: Fix wrong break removal from 8ee878592c
+Patch1017:      ldconfig-process-elf-file.patch
+# PATCH-FIX-UPSTREAM elf: Fix TLS modid reuse generation assignment (BZ #29039)
+Patch1018:      tls-modid-reuse.patch
+# PATCH-FIX-UPSTREAM getaddrinfo: translate ENOMEM to EAI_MEMORY (BZ #31163)
+Patch1019:      getaddrinfo-eai-memory.patch
+# PATCH-FIX-UPSTREAM libio: Check remaining buffer size in _IO_wdo_write (BZ #31183)
+Patch1020:      libio-wdo-write.patch
 
 ###
 # Patches awaiting upstream approval
@@ -571,6 +581,11 @@ library in a cross compilation setting.
 %patch1013 -p1
 %patch1014 -p1
 %patch1015 -p1
+%patch1016 -p1
+%patch1017 -p1
+%patch1018 -p1
+%patch1019 -p1
+%patch1020 -p1
 %endif
 
 %patch2000 -p1

ldconfig-process-elf-file.patch

@@ -0,0 +1,26 @@
+From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001
+From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date: Thu, 7 Dec 2023 11:17:35 -0300
+Subject: [PATCH] elf: Fix wrong break removal from 8ee878592c
+
+Reported-by: Alexander Monakov <amonakov@ispras.ru>
+(cherry picked from commit 546a1ba664626603660b595662249d524e429013)
+---
+ elf/readelflib.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/elf/readelflib.c b/elf/readelflib.c
+index f5b8c80e38..64f1d662a9 100644
+--- a/elf/readelflib.c
++++ b/elf/readelflib.c
+@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag,
+ 	case PT_INTERP:
+ 	  program_interpreter = (char *) (file_contents + segment->p_offset);
+ 	  check_ptr (program_interpreter);
++	  break;
+ 
+ 	case PT_GNU_PROPERTY:
+ 	  /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes
+-- 
+2.43.0
+

libio-wdo-write.patch

@@ -0,0 +1,36 @@
+From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Tue, 2 Jan 2024 14:36:17 +0100
+Subject: [PATCH] libio: Check remaining buffer size in _IO_wdo_write (bug
+ 31183)
+
+The multibyte character needs to fit into the remaining buffer space,
+not the already-written buffer space.  Without the fix, we were never
+moving the write pointer from the start of the buffer, always using
+the single-character fallback buffer.
+
+Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing
+a multibyte character to an unbuffered stream (bug 17522)").
+
+(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60)
+---
+ NEWS             | 1 +
+ libio/wfileops.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libio/wfileops.c b/libio/wfileops.c
+index f16f6db1c3..9ab8f2e7f3 100644
+--- a/libio/wfileops.c
++++ b/libio/wfileops.c
+@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do)
+ 	  char mb_buf[MB_LEN_MAX];
+ 	  char *write_base, *write_ptr, *buf_end;
+ 
+-	  if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
++	  if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf))
+ 	    {
+ 	      /* Make sure we have room for at least one multibyte
+ 		 character.  */
+-- 
+2.43.0
+

sem-open-o-creat.patch

@@ -0,0 +1,92 @@
+From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001
+From: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Date: Wed, 1 Nov 2023 18:15:23 -0400
+Subject: [PATCH] sysdeps: sem_open: Clear O_CREAT when semaphore file is
+ expected to exist [BZ #30789]
+
+When invoking sem_open with O_CREAT as one of its flags, we'll end up
+in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag
+& O_EXCL) == 0)", which means that we don't expect the semaphore file
+to exist.
+
+In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL
+| O_CLOEXEC" and there's an attempt to open(2) the file, which will
+likely fail because it won't exist.  After that first (expected)
+failure, some cleanup is done and we go back to the label "try_again",
+which lives in the first part of the aforementioned "if".
+
+The problem is that, in that part of the code, we expect the semaphore
+file to exist, and as such O_CREAT (this time the flag we pass to
+open(2)) needs to be cleaned from open_flags, otherwise we'll see
+another failure (this time unexpected) when trying to open the file,
+which will lead the call to sem_open to fail as well.
+
+This can cause very strange bugs, especially with OpenMPI, which makes
+extensive use of semaphores.
+
+Fix the bug by simplifying the logic when choosing open(2) flags and
+making sure O_CREAT is not set when the semaphore file is expected to
+exist.
+
+A regression test for this issue would require a complex and cpu time
+consuming logic, since to trigger the wrong code path is not
+straightforward due the racy condition.  There is a somewhat reliable
+reproducer in the bug, but it requires using OpenMPI.
+
+This resolves BZ #30789.
+
+See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912
+
+Signed-off-by: Sergio Durigan Junior <sergiodj@sergiodj.net>
+Co-Authored-By: Simon Chopin <simon.chopin@canonical.com>
+Co-Authored-By: Adhemerval Zanella Netto <adhemerval.zanella@linaro.org>
+Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)")
+(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147)
+---
+ NEWS                       |  2 ++
+ sysdeps/pthread/sem_open.c | 10 ++++------
+ 2 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c
+index e5db929d20..0e331a7445 100644
+--- a/sysdeps/pthread/sem_open.c
++++ b/sysdeps/pthread/sem_open.c
+@@ -32,11 +32,12 @@
+ # define __unlink unlink
+ #endif
+ 
++#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC)
++
+ sem_t *
+ __sem_open (const char *name, int oflag, ...)
+ {
+   int fd;
+-  int open_flags;
+   sem_t *result;
+ 
+   /* Check that shared futexes are supported.  */
+@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...)
+   /* If the semaphore object has to exist simply open it.  */
+   if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0)
+     {
+-      open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC;
+-      open_flags |= (oflag & ~(O_CREAT|O_ACCMODE));
+     try_again:
+-      fd = __open (dirname.name, open_flags);
++      fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS);
+ 
+       if (fd == -1)
+ 	{
+@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...)
+ 	    }
+ 
+ 	  /* Open the file.  Make sure we do not overwrite anything.  */
+-	  open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC;
+-	  fd = __open (tmpfname, open_flags, mode);
++	  fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode);
+ 	  if (fd == -1)
+ 	    {
+ 	      if (errno == EEXIST)
+-- 
+2.43.0
+

tls-modid-reuse.patch

@@ -0,0 +1,53 @@
+From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001
+From: Hector Martin <marcan@marcan.st>
+Date: Tue, 28 Nov 2023 15:23:07 +0900
+Subject: [PATCH] elf: Fix TLS modid reuse generation assignment (BZ 29039)
+
+_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but
+does *not* do anything to the generation counter. The first time this
+happens, the generation is zero and map_generation() returns the current
+generation to be used during relocation processing. However, if
+a slotinfo entry is later reused, it will already have a generation
+assigned. If this generation has fallen behind the current global max
+generation, then this causes an obsolete generation to be assigned
+during relocation processing, as map_generation() returns this
+generation if nonzero. _dl_add_to_slotinfo() eventually resets the
+generation, but by then it is too late. This causes DTV updates to be
+skipped, leading to NULL or broken TLS slot pointers and segfaults.
+
+Fix this by resetting the generation to zero in _dl_assign_tls_modid(),
+so it behaves the same as the first time a slot is assigned.
+_dl_add_to_slotinfo() will still assign the correct static generation
+later during module load, but relocation processing will no longer use
+an obsolete generation.
+
+Note that slotinfo entry (aka modid) reuse typically happens after a
+dlclose and only TLS access via dynamic tlsdesc is affected. Because
+tlsdesc is optimized to use the optional part of static TLS, dynamic
+tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls
+tunable to a large enough value, or by LD_PRELOAD-ing the affected
+modules.
+
+Fixes bug 29039.
+
+Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
+(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59)
+---
+ elf/dl-tls.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/elf/dl-tls.c b/elf/dl-tls.c
+index 99b83ca696..1f6f820819 100644
+--- a/elf/dl-tls.c
++++ b/elf/dl-tls.c
+@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l)
+ 	      {
+ 		/* Mark the entry as used, so any dependency see it.  */
+ 		atomic_store_relaxed (&runp->slotinfo[result - disp].map, l);
++		atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0);
+ 		break;
+ 	      }
+ 
+-- 
+2.43.0
+