diff --git a/backtrace-powerpc.patch b/backtrace-powerpc.patch deleted file mode 100644 index 391f213..0000000 --- a/backtrace-powerpc.patch +++ /dev/null @@ -1,66 +0,0 @@ -From d93769405996dfc11d216ddbe415946617b5a494 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Mon, 20 Jan 2020 17:01:50 +0100 -Subject: [PATCH] Fix array overflow in backtrace on PowerPC (bug 25423) - -When unwinding through a signal frame the backtrace function on PowerPC -didn't check array bounds when storing the frame address. Fixes commit -d400dcac5e ("PowerPC: fix backtrace to handle signal trampolines"). ---- - debug/tst-backtrace5.c | 12 ++++++++++++ - sysdeps/powerpc/powerpc32/backtrace.c | 2 ++ - sysdeps/powerpc/powerpc64/backtrace.c | 2 ++ - 3 files changed, 16 insertions(+) - -diff --git a/debug/tst-backtrace5.c b/debug/tst-backtrace5.c -index e7ce410845..b2f46160e7 100644 ---- a/debug/tst-backtrace5.c -+++ b/debug/tst-backtrace5.c -@@ -89,6 +89,18 @@ handle_signal (int signum) - } - /* Symbol names are not available for static functions, so we do not - check do_test. */ -+ -+ /* Check that backtrace does not return more than what fits in the array -+ (bug 25423). */ -+ for (int j = 0; j < NUM_FUNCTIONS; j++) -+ { -+ n = backtrace (addresses, j); -+ if (n > j) -+ { -+ FAIL (); -+ return; -+ } -+ } - } - - NO_INLINE int -diff --git a/sysdeps/powerpc/powerpc32/backtrace.c b/sysdeps/powerpc/powerpc32/backtrace.c -index 7c2d4726f8..d1456c8ae4 100644 ---- a/sysdeps/powerpc/powerpc32/backtrace.c -+++ b/sysdeps/powerpc/powerpc32/backtrace.c -@@ -114,6 +114,8 @@ __backtrace (void **array, int size) - } - if (gregset) - { -+ if (count + 1 == size) -+ break; - array[++count] = (void*)((*gregset)[PT_NIP]); - current = (void*)((*gregset)[PT_R1]); - } -diff --git a/sysdeps/powerpc/powerpc64/backtrace.c b/sysdeps/powerpc/powerpc64/backtrace.c -index 65c260ab76..8a53a1088f 100644 ---- a/sysdeps/powerpc/powerpc64/backtrace.c -+++ b/sysdeps/powerpc/powerpc64/backtrace.c -@@ -87,6 +87,8 @@ __backtrace (void **array, int size) - if (is_sigtramp_address (current->return_address)) - { - struct signal_frame_64 *sigframe = (struct signal_frame_64*) current; -+ if (count + 1 == size) -+ break; - array[++count] = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_NIP]; - current = (void*) sigframe->uc.uc_mcontext.gp_regs[PT_R1]; - } --- -2.25.0 - diff --git a/glibc-2.30.tar.xz b/glibc-2.30.tar.xz deleted file mode 100644 index e66e591..0000000 --- a/glibc-2.30.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2c4114e569afbe7edbc29131a43be833850ab9a459d81beb2588016d2bbb8af -size 16576920 diff --git a/glibc-2.30.tar.xz.sig b/glibc-2.30.tar.xz.sig deleted file mode 100644 index 5830e2d..0000000 --- a/glibc-2.30.tar.xz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAl1DRIYACgkQFnkrTqJT -QPjGfBAAhds1wnuzs5K1NDOCurXDu/WLe+isQB3zEQEQy15Wy2ZHNN801k9Wt9j7 -vd4mG5whsMdjzXE6QmEY9x/kREQ5XQV4vlGBO8r9ZO42retlWWYBtuoLo6weS2WK -FstZ8k5hcS83ZBs/fbea4OFv5L6kopVkqYbqHQMudxLZIjTGVXjjwWBZqlAbW9UE -iIynJ/f5SwLisIQfRKT//B4lANaH2hvxfZlfngbWRaSnsj28BK3Ut+HwgZpVU+N0 -O/Yi5hp38IKBNvso4h1//LYCYIOiZVbvdWFXUXhvpOySrKpU+/akSk3B3okgsAnO -WjcCqJNtdjJqRhhLhn8IxJtBOxojqfY5Yjchjj6VkXm9AYDjWxxiwQuNOkyK6nRC -KBLkwAkOAI45yAd5p9oBiVDAeyQFww1bwdojBjHgPKySM2JJI6fooQ1c8wd8ZCiO -QsHpd7JnBhWaLr6Xm50U2aED4s6lf3auEr49mQDbuizl6DUHLHzFGx7kN6vXGQaC -FPNuskYdKzM+eEbdpbP49niska1DBjSYjDddO/AMGRHlzjcPUn5mQht3XquUQNby -EP6S9DrS6J3rM88Wz4Rl/8tsWQ9W+u/fImtHjobC7oZ+0eFGpZ0ZT50pbZxzsQkb -7yWU92RXuN7ySg9MUzLG7Z60iVTWgkFU8gaZGBTOXcskm04K5og= -=i6A/ ------END PGP SIGNATURE----- diff --git a/glibc-2.31.tar.xz b/glibc-2.31.tar.xz new file mode 100644 index 0000000..dcee34e --- /dev/null +++ b/glibc-2.31.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9246fe44f68feeec8c666bb87973d590ce0137cca145df014c72ec95be9ffd17 +size 16676764 diff --git a/glibc-2.31.tar.xz.sig b/glibc-2.31.tar.xz.sig new file mode 100644 index 0000000..f0e3c50 --- /dev/null +++ b/glibc-2.31.tar.xz.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEvHxzcmN+wQxX16plecQ9+/HPIYcFAl41bZQACgkQecQ9+/HP +IYfUQgf/d5dAUK871suOXNfFcw67sHEPsnLami/WPXyyw/pXDjuLZYLNTGOmpQol +VdV38p1BxaJs0A5EBSVm32xhgMR2Jum6qKu/mpEnfy5ac1lGiTxO1pVMDDXjdPaK +S8+nJXTf3MVYUCmu4W426DdRkdsBmP0KlKo8ZFBlhAJoPXeikJMGOf/uUR5VimNE +VY2EPDHEaqrBco/lm3LqZ6RWu7+B7K5GXR2EMLBDLIKirYd17nIqzjhFjv0pcS/e +UE2K0vxA5ip59ep4xxRmDu8bOshlZlfhHGuAiD+B2iwxwWFv6D75IyrtqB5KHWtD +/crvu7njsCsgWJKNA83pkt19nj9mxQ== +=TAIE +-----END PGP SIGNATURE----- diff --git a/glibc-version.diff b/glibc-version.diff index f9e92ec..939f0ff 100644 --- a/glibc-version.diff +++ b/glibc-version.diff @@ -8,7 +8,7 @@ Index: glibc-2.27/csu/version.c static const char banner[] = -"GNU C Library "PKGVERSION RELEASE" release version "VERSION".\n\ +"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID").\n\ - Copyright (C) 2019 Free Software Foundation, Inc.\n\ + Copyright (C) 2020 Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\ PARTICULAR PURPOSE.\n\ diff --git a/glibc.changes b/glibc.changes index e6871fc..61d672c 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Mon Feb 3 08:13:02 UTC 2020 - Andreas Schwab + +- Update to glibc 2.31 + * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to + enable features from the draft ISO C2X standard + * The functions that round their results to a narrower type now + have corresponding type-generic macros in + * The function pthread_clockjoin_np has been added, enabling join with a + terminated thread with a specific clock + * New locale added: mnw_MM (Mon language spoken in Myanmar). + * The DNS stub resolver will optionally send the AD (authenticated data) bit + in queries if the trust-ad option is set via the options directive in + /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options) + * The totalorder and totalordermag functions, and the corresponding + functions for other floating-point types, now take pointer arguments to + avoid signaling NaNs possibly being converted to quiet NaNs in argument + passing + * The obsolete function stime is no longer available to newly linked + binaries, and its declaration has been removed from + * The gettimeofday function no longer reports information about a + system-wide time zone + * If a lazy binding failure happens during dlopen, during the execution of + an ELF constructor, the process is now terminated +- malloc-info-whitespace.patch, riscv-vfork.patch, + prefer-map-32bit-exec.patch, backtrace-powerpc.patch, + ldconfig-dynstr.patch: Removed. + ------------------------------------------------------------------- Tue Jan 21 15:08:13 UTC 2020 - Andreas Schwab diff --git a/glibc.spec b/glibc.spec index ee8b659..d26648a 100644 --- a/glibc.spec +++ b/glibc.spec @@ -148,7 +148,7 @@ BuildArch: i686 %define enablekernel 4.15 %endif -Version: 2.30 +Version: 2.31 Release: 0 %if !%{build_snapshot} %define git_id 0a8262a1b2 @@ -257,14 +257,6 @@ Patch306: glibc-fix-double-loopback.diff ### # Patches from upstream ### -# PATCH-FIX-UPSTREAM malloc: Remove unwanted leading whitespace in malloc_info (BZ #24867) -Patch1000: malloc-info-whitespace.patch -# PATCH-FIX-UPSTREAM Fix RISC-V vfork build with Linux 5.3 kernel headers -Patch1001: riscv-vfork.patch -# PATCH-FIX-UPSTREAM rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126, BZ #25204) -Patch1002: prefer-map-32bit-exec.patch -# PATCH-FIX-UPSTREAM Fix array overflow in backtrace on PowerPC (BZ #25423) -Patch1003: backtrace-powerpc.patch ### # Patches awaiting upstream approval @@ -273,10 +265,8 @@ Patch1003: backtrace-powerpc.patch Patch2000: fix-locking-in-_IO_cleanup.patch # PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973) Patch2001: ldconfig-concurrency.patch -# PATCH-FIX-UPSTREAM ldconfig: handle .dynstr located in separate segment (BZ #25087) -Patch2002: ldconfig-dynstr.patch # PATCH-FIX-UPSTREAM Fix buffer overrun in EUC-KR conversion module (BZ #24973) -Patch2003: euc-kr-overrun.patch +Patch2002: euc-kr-overrun.patch # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -474,15 +464,9 @@ makedb: A program to create a database for nss %patch304 -p1 %patch306 -p1 -%patch1000 -p1 -%patch1001 -p1 -%patch1002 -p1 -%patch1003 -p1 - %patch2000 -p1 %patch2001 -p1 %patch2002 -p1 -%patch2003 -p1 %patch3000 @@ -1261,9 +1245,6 @@ exit 0 %{_libdir}/libnldbl_nonshared.a %endif %{_libdir}/libmcheck.a -%ifarch x86_64 -%{_libdir}/libmvec_nonshared.a -%endif %files devel-static %defattr(-,root,root) diff --git a/ldconfig-dynstr.patch b/ldconfig-dynstr.patch deleted file mode 100644 index 654d044..0000000 --- a/ldconfig-dynstr.patch +++ /dev/null @@ -1,86 +0,0 @@ -ldconfig: handle .dynstr located in separate segment (bug 25087) - -To determine the load offset of the DT_STRTAB section search for the -segment containing it, instead of using the load offset of the first -segment. - - [BZ #25087] - * elf/readelflib.c (process_elf_file): Use containing segment for - DT_STRTAB load offset. ---- - elf/readelflib.c | 34 +++++++++++++++++++++------------- - 1 file changed, 21 insertions(+), 13 deletions(-) - -Index: glibc-2.30/elf/readelflib.c -=================================================================== ---- glibc-2.30.orig/elf/readelflib.c -+++ glibc-2.30/elf/readelflib.c -@@ -45,7 +45,6 @@ process_elf_file (const char *file_name, - { - int i; - unsigned int j; -- ElfW(Addr) loadaddr; - unsigned int dynamic_addr; - size_t dynamic_size; - char *program_interpreter; -@@ -87,7 +86,6 @@ process_elf_file (const char *file_name, - libc5/libc6. */ - *flag = FLAG_ELF; - -- loadaddr = -1; - dynamic_addr = 0; - dynamic_size = 0; - program_interpreter = NULL; -@@ -98,11 +96,6 @@ process_elf_file (const char *file_name, - - switch (segment->p_type) - { -- case PT_LOAD: -- if (loadaddr == (ElfW(Addr)) -1) -- loadaddr = segment->p_vaddr - segment->p_offset; -- break; -- - case PT_DYNAMIC: - if (dynamic_addr) - error (0, 0, _("more than one dynamic segment\n")); -@@ -176,11 +169,6 @@ process_elf_file (const char *file_name, - } - - } -- if (loadaddr == (ElfW(Addr)) -1) -- { -- /* Very strange. */ -- loadaddr = 0; -- } - - /* Now we can read the dynamic sections. */ - if (dynamic_size == 0) -@@ -197,7 +185,27 @@ process_elf_file (const char *file_name, - check_ptr (dyn_entry); - if (dyn_entry->d_tag == DT_STRTAB) - { -- dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadaddr); -+ /* Find the file offset of the segment containing the dynamic -+ string table. */ -+ ElfW(Off) loadoff = -1; -+ for (i = 0, segment = elf_pheader; -+ i < elf_header->e_phnum; i++, segment++) -+ { -+ if (segment->p_type == PT_LOAD -+ && dyn_entry->d_un.d_val >= segment->p_vaddr -+ && dyn_entry->d_un.d_val < segment->p_vaddr + segment->p_filesz) -+ { -+ loadoff = segment->p_vaddr - segment->p_offset; -+ break; -+ } -+ } -+ if (loadoff == (ElfW(Off)) -1) -+ { -+ /* Very strange. */ -+ loadoff = 0; -+ } -+ -+ dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadoff); - check_ptr (dynamic_strings); - break; - } diff --git a/malloc-info-whitespace.patch b/malloc-info-whitespace.patch deleted file mode 100644 index 8dfeb02..0000000 --- a/malloc-info-whitespace.patch +++ /dev/null @@ -1,22 +0,0 @@ -2019-08-01 Florian Weimer - - [BZ #24867] - * malloc/malloc.c (__malloc_info): Remove unwanted leading - whitespace. - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 00ce48cf58..343d89f489 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -5491,7 +5491,7 @@ __malloc_info (int options, FILE *fp) - - for (size_t i = 0; i < nsizes; ++i) - if (sizes[i].count != 0 && i != NFASTBINS) -- fprintf (fp, " \ -+ fprintf (fp, "\ - \n", - sizes[i].from, sizes[i].to, sizes[i].total, sizes[i].count); - --- -2.22.0 - diff --git a/nsswitch.conf b/nsswitch.conf index aa18347..18905ea 100644 --- a/nsswitch.conf +++ b/nsswitch.conf @@ -4,39 +4,71 @@ # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # -# The entry '[NOTFOUND=return]' means that the search for an -# entry should stop if the search in the previous entry turned -# up nothing. Note that if the search failed due to some other reason -# (like no NIS server responding) then the search continues with the -# next entry. +# Valid databases are: aliases, ethers, group, gshadow, hosts, +# initgroups, netgroup, networks, passwd, protocols, publickey, +# rpc, services, and shadow. # -# Legal entries are: +# Valid service provider entries include (in alphabetical order): # -# compat Use compatibility setup -# nisplus Use NIS+ (NIS version 3) -# nis Use NIS (NIS version 2), also called YP -# dns Use DNS (Domain Name Service) -# files Use the local files -# [NOTFOUND=return] Stop searching if not found so far +# compat Use /etc files plus *_compat pseudo-db +# db Use the pre-processed /var/db files +# dns Use DNS (Domain Name Service) +# files Use the local files in /etc +# hesiod Use Hesiod (DNS) for user lookups +# nis Use NIS (NIS version 2), also called YP +# nisplus Use NIS+ (NIS version 3) # -# For more information, please read the nsswitch.conf.5 manual page. +# See `info libc 'NSS Basics'` for more information. # +# Commonly used alternative service providers (may need installation): +# +# ldap Use LDAP directory server +# myhostname Use systemd host names +# mymachines Use systemd machine names +# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD +# resolve Use systemd resolved resolver +# sss Use System Security Services Daemon (sssd) +# systemd Use systemd for dynamic user option +# winbind Use Samba winbind support +# wins Use Samba wins support +# wrapper Use wrapper module for testing +# +# Notes: +# +# 'sssd' performs its own 'files'-based caching, so it should generally +# come before 'files'. +# +# WARNING: Running nscd with a secondary caching service like sssd may +# lead to unexpected behaviour, especially with how long +# entries are cached. +# +# Installation instructions: +# +# To use 'db', install the appropriate package(s) (provide 'makedb' and +# libnss_db.so.*), and place the 'db' in front of 'files' for entries +# you want to be looked up first in the databases, like this: +# +# passwd: db files +# shadow: db files +# group: db files -passwd: compat -group: compat -shadow: compat +passwd: compat +group: compat +shadow: compat hosts: files dns networks: files dns -services: files usrfiles -protocols: files usrfiles -rpc: files usrfiles -ethers: files usrfiles -netmasks: files -netgroup: files nis -publickey: files - -bootparams: files -automount: files nis aliases: files usrfiles +ethers: files usrfiles +gshadow: files usrfiles +initgroups: files +netgroup: files nis +protocols: files usrfiles +publickey: files +rpc: files usrfiles +services: files usrfiles + +automount: files nis +bootparams: files +netmasks: files diff --git a/prefer-map-32bit-exec.patch b/prefer-map-32bit-exec.patch deleted file mode 100644 index 1f85cd3..0000000 --- a/prefer-map-32bit-exec.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d5dfad4326fc683c813df1e37bbf5cf920591c8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marcin=20Ko=C5=9Bcielnicki?= -Date: Thu, 21 Nov 2019 00:20:15 +0100 -Subject: [PATCH] rtld: Check __libc_enable_secure before honoring - LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] - -The problem was introduced in glibc 2.23, in commit -b9eb92ab05204df772eb4929eccd018637c9f3e9 -("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). ---- - NEWS | 6 +++++- - sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++- - 2 files changed, 7 insertions(+), 2 deletions(-) - -Index: glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -=================================================================== ---- glibc-2.30.orig/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -+++ glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -@@ -31,7 +31,8 @@ - environment variable, LD_PREFER_MAP_32BIT_EXEC. */ - #define EXTRA_LD_ENVVARS \ - case 21: \ -- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ -+ if (!__libc_enable_secure \ -+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ - GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ - |= bit_arch_Prefer_MAP_32BIT_EXEC; \ - break; diff --git a/riscv-vfork.patch b/riscv-vfork.patch deleted file mode 100644 index 50275cb..0000000 --- a/riscv-vfork.patch +++ /dev/null @@ -1,25 +0,0 @@ -2019-09-18 Joseph Myers - - * sysdeps/unix/sysv/linux/riscv/vfork.S: Do not include - . - (CLONE_VM): New macro. - (CLONE_VFORK): Likewise. - -Index: glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S -=================================================================== ---- glibc-2.30.orig/sysdeps/unix/sysv/linux/riscv/vfork.S -+++ glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S -@@ -21,9 +21,12 @@ - #include - #include - #define __ASSEMBLY__ --#include - #include - -+#define CLONE_VM 0x00000100 /* Set if VM shared between processes. */ -+#define CLONE_VFORK 0x00004000 /* Set if the parent wants the child to -+ wake it up on mm_release. */ -+ - .text - LEAF (__libc_vfork) -