rpm/glibc
SHA256
1
0
Fork 0
forked from pool/glibc
Code Pull Requests Activity

Accepting request 878144 from home:Andreas_Schwab:Factory

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/878144
OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=586
This commit is contained in:
Andreas Schwab 2021-03-10 10:18:01 +00:00 committed by Git OBS Bridge
parent 47a70fb50a
commit 33836751f9
2 changed files with 59 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
glibc.spec
View File

@ -253,6 +253,8 @@ Patch1001: nss-load-chroot.patch
Patch1002: x86-isa-level.patch Patch1002: x86-isa-level.patch
# PATCH-FIX-UPSTREAM nscd: Fix double free in netgroupcache (CVE-2021-27645, BZ #27462) # PATCH-FIX-UPSTREAM nscd: Fix double free in netgroupcache (CVE-2021-27645, BZ #27462)
Patch1003: nscd-netgroupcache.patch Patch1003: nscd-netgroupcache.patch
# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
Patch1004: nss-database-lookup.patch
### ###
# Patches awaiting upstream approval # Patches awaiting upstream approval
@ -261,8 +263,6 @@ Patch1003: nscd-netgroupcache.patch
Patch2000: fix-locking-in-_IO_cleanup.patch Patch2000: fix-locking-in-_IO_cleanup.patch
# PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973) # PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973)
Patch2001: ldconfig-concurrency.patch Patch2001: ldconfig-concurrency.patch
# PATCH-FIX-UPSTREAM nss: fix nss_database_lookup2's alternate handling (BZ #27416)
Patch2002: nss-database-lookup.patch
# Non-glibc patches # Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages # PATCH-FIX-OPENSUSE Remove debianisms from manpages
@ -476,10 +476,10 @@ Internal usrmerge bootstrap helper
%patch1001 -p1 %patch1001 -p1
%patch1002 -p1 %patch1002 -p1
%patch1003 -p1 %patch1003 -p1
%patch1004 -p1
%patch2000 -p1 %patch2000 -p1
%patch2001 -p1 %patch2001 -p1
%patch2002 -p1
%patch3000 %patch3000

97
nss-database-lookup.patch
View File

@ -1,7 +1,8 @@
From: DJ Delorie via Libc-alpha <libc-alpha@sourceware.org> From 9b456c5da968ee832ea4b2b73a18a5bf6d2118a6 Mon Sep 17 00:00:00 2001
Subject: [PATCH v4] nss: fix nss_database_lookup2's alternate handling [BZ From: DJ Delorie <dj@redhat.com>
Date: Mon, 15 Feb 2021 21:34:23 -0500
Subject: [PATCH] nss: fix nss_database_lookup2's alternate handling [BZ
#27416] #27416]
Date: Fri, 05 Mar 2021 20:29:31 -0500
__nss_database_lookup2's extra arguments were left unused in the __nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config nsswitch reloading patch set; this broke compat (default config
@ -36,13 +37,13 @@ default configuration works (group). Tested on x86-64.
nss/nss_compat/compat-initgroups.c | 2 +- nss/nss_compat/compat-initgroups.c | 2 +-
nss/nss_compat/compat-pwd.c | 2 +- nss/nss_compat/compat-pwd.c | 2 +-
nss/nss_compat/compat-spwd.c | 3 +- nss/nss_compat/compat-spwd.c | 3 +-
nss/nss_database.c | 35 ++++++- nss/nss_database.c | 38 +++++++-
nss/nss_database.h | 5 +- nss/nss_database.h | 5 +-
nss/nss_module.c | 20 ++-- nss/nss_module.c | 20 ++--
nss/nss_test.h | 7 ++ nss/nss_test.h | 7 ++
nss/nss_test1.c | 93 +++++++++++++++++++ nss/nss_test1.c | 93 +++++++++++++++++++
nss/nsswitch.c | 25 +---- nss/nsswitch.c | 40 --------
nss/nsswitch.h | 7 +- nss/nsswitch.h | 9 --
nss/pwd-lookup.c | 1 - nss/pwd-lookup.c | 1 -
nss/sgrp-lookup.c | 2 - nss/sgrp-lookup.c | 2 -
nss/spwd-lookup.c | 2 - nss/spwd-lookup.c | 2 -
@ -53,7 +54,7 @@ default configuration works (group). Tested on x86-64.
nss/tst-nss-compat1.root/etc/shadow | 2 + nss/tst-nss-compat1.root/etc/shadow | 2 +
.../tst-nss-compat1.script | 1 + .../tst-nss-compat1.script | 1 +
sysdeps/posix/getaddrinfo.c | 4 +- sysdeps/posix/getaddrinfo.c | 4 +-
32 files changed, 256 insertions(+), 81 deletions(-) 32 files changed, 252 insertions(+), 105 deletions(-)
create mode 100644 nss/tst-nss-compat1.c create mode 100644 nss/tst-nss-compat1.c
create mode 100644 nss/tst-nss-compat1.root/etc/group create mode 100644 nss/tst-nss-compat1.root/etc/group
create mode 100644 nss/tst-nss-compat1.root/etc/nsswitch.conf create mode 100644 nss/tst-nss-compat1.root/etc/nsswitch.conf
@ -72,7 +73,7 @@ Index: glibc-2.33/nscd/aicache.c
- no_more = __nss_database_lookup2 ("hosts", NULL, - no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files", - "dns [!UNAVAIL=return] files",
- &nip); - &nip);
+ no_more = (__nss_database_get (nss_database_hosts, &nip) == false); + no_more = !__nss_database_get (nss_database_hosts, &nip);
/* Initialize configurations. */ /* Initialize configurations. */
struct resolv_context *ctx = __resolv_context_get (); struct resolv_context *ctx = __resolv_context_get ();
@ -86,7 +87,7 @@ Index: glibc-2.33/nscd/initgrcache.c
if (group_database == NULL) if (group_database == NULL)
- no_more = __nss_database_lookup2 ("group", NULL, "files", - no_more = __nss_database_lookup2 ("group", NULL, "files",
- &group_database); - &group_database);
+ no_more = (__nss_database_get (nss_database_group, &group_database) == false); + no_more = !__nss_database_get (nss_database_group, &group_database);
else else
no_more = 0; no_more = 0;
nip = group_database; nip = group_database;
@ -124,7 +125,7 @@ Index: glibc-2.33/nss/Versions
__nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2; __nss_passwd_lookup2; __nss_group_lookup2; __nss_hosts_lookup2;
__nss_services_lookup2; __nss_next2; __nss_lookup; __nss_services_lookup2; __nss_next2; __nss_lookup;
- __nss_hash; __nss_database_lookup2; - __nss_hash; __nss_database_lookup2;
+ __nss_hash; __nss_database_lookup2; __nss_database_get; + __nss_hash; __nss_database_get;
__nss_files_fopen; __nss_readline; __nss_parse_line_result; __nss_files_fopen; __nss_readline; __nss_parse_line_result;
} }
} }
@ -324,7 +325,7 @@ Index: glibc-2.33/nss/nss_database.c
#define DEFINE_DATABASE(name) \ #define DEFINE_DATABASE(name) \
_Static_assert (sizeof (#name) <= sizeof (database_name), #name); _Static_assert (sizeof (#name) <= sizeof (database_name), #name);
#include "databases.def" #include "databases.def"
@@ -325,14 +327,40 @@ nss_database_reload (struct nss_database @@ -325,14 +327,43 @@ nss_database_reload (struct nss_database
/* No other threads have access to fp. */ /* No other threads have access to fp. */
__fsetlocking (fp, FSETLOCKING_BYCALLER); __fsetlocking (fp, FSETLOCKING_BYCALLER);
@ -345,17 +346,20 @@ Index: glibc-2.33/nss/nss_database.c
+ /* These three default to other services if the user listed the + /* These three default to other services if the user listed the
+ other service. */ + other service. */
+ +
+ /* was lookup2() in nss/nss_compat/compat-spwd.c */ + /* "shadow_compat" defaults to "passwd_compat" if only the
+ latter is given. */
+ if (staging->services[nss_database_shadow_compat] == NULL) + if (staging->services[nss_database_shadow_compat] == NULL)
+ staging->services[nss_database_shadow_compat] = + staging->services[nss_database_shadow_compat] =
+ staging->services[nss_database_passwd_compat]; + staging->services[nss_database_passwd_compat];
+ +
+ /* was ALTERNATE_NAME in nss/spwd_lookup.c */ + /* "shadow" defaults to "passwd" if only the latter is
+ given. */
+ if (staging->services[nss_database_shadow] == NULL) + if (staging->services[nss_database_shadow] == NULL)
+ staging->services[nss_database_shadow] = + staging->services[nss_database_shadow] =
+ staging->services[nss_database_passwd]; + staging->services[nss_database_passwd];
+ +
+ /* was ALTERNATE_NAME in nss/sgrp_lookup.c */ + /* "gshadow" defaults to "group" if only the latter is
+ given. */
+ if (staging->services[nss_database_gshadow] == NULL) + if (staging->services[nss_database_gshadow] == NULL)
+ staging->services[nss_database_gshadow] = + staging->services[nss_database_gshadow] =
+ staging->services[nss_database_group]; + staging->services[nss_database_group];
@ -365,7 +369,7 @@ Index: glibc-2.33/nss/nss_database.c
for (int i = 0; i < NSS_DATABASE_COUNT; ++i) for (int i = 0; i < NSS_DATABASE_COUNT; ++i)
if (staging->services[i] == NULL) if (staging->services[i] == NULL)
{ {
@@ -442,6 +470,7 @@ __nss_database_get (enum nss_database db @@ -442,6 +473,7 @@ __nss_database_get (enum nss_database db
struct nss_database_state *local = nss_database_state_get (); struct nss_database_state *local = nss_database_state_get ();
return nss_database_check_reload_and_get (local, actions, db); return nss_database_check_reload_and_get (local, actions, db);
} }
@ -603,31 +607,40 @@ Index: glibc-2.33/nss/nsswitch.c
=================================================================== ===================================================================
--- glibc-2.33.orig/nss/nsswitch.c --- glibc-2.33.orig/nss/nsswitch.c
+++ glibc-2.33/nss/nsswitch.c +++ glibc-2.33/nss/nsswitch.c
@@ -63,37 +63,22 @@ static const char * database_names[] = { @@ -51,53 +51,13 @@
#undef DEFINE_DATABASE
-#undef DEFINE_DATABASE
-#define DEFINE_DATABASE(name) #name,
-static const char * database_names[] = {
-#include "databases.def"
- NULL
-};
-
#ifdef USE_NSCD
/* Flags whether custom rules for database is set. */
bool __nss_database_custom[NSS_DBSIDX_max]; bool __nss_database_custom[NSS_DBSIDX_max];
#endif #endif
- -
/*__libc_lock_define_initialized (static, lock)*/ /*__libc_lock_define_initialized (static, lock)*/
/* -1 == database not found -/* -1 == database not found
0 == database entry pointer stored */ - 0 == database entry pointer stored */
int -int
-__nss_database_lookup2 (const char *database, const char *alternate_name, -__nss_database_lookup2 (const char *database, const char *alternate_name,
- const char *defconfig, nss_action_list *ni) - const char *defconfig, nss_action_list *ni)
+__nss_database_lookup2 (const char *database, nss_action_list *ni) -{
{ - int database_id;
int database_id; -
- for (database_id = 0; database_names[database_id]; database_id++)
for (database_id = 0; database_names[database_id]; database_id++) - if (strcmp (database_names[database_id], database) == 0)
if (strcmp (database_names[database_id], database) == 0)
- break; - break;
- -
- if (database_names[database_id] == NULL) - if (database_names[database_id] == NULL)
- return -1; - return -1;
+ if (__nss_database_get (database_id, ni)) -
+ return 0;
- /* If *NI is NULL, the database was not mentioned in nsswitch.conf. - /* If *NI is NULL, the database was not mentioned in nsswitch.conf.
- If *NI is not NULL, but *NI->module is NULL, the database was in - If *NI is not NULL, but *NI->module is NULL, the database was in
- nsswitch.conf but listed no actions. We test for the former. */ - nsswitch.conf but listed no actions. We test for the former. */
@ -641,31 +654,33 @@ Index: glibc-2.33/nss/nsswitch.c
- /* Failure. */ - /* Failure. */
- return -1; - return -1;
- } - }
+ /* Failure. */ -}
+ return -1; -libc_hidden_def (__nss_database_lookup2)
} -
libc_hidden_def (__nss_database_lookup2) -
/* -1 == not found
0 == function found
1 == finished */
Index: glibc-2.33/nss/nsswitch.h Index: glibc-2.33/nss/nsswitch.h
=================================================================== ===================================================================
--- glibc-2.33.orig/nss/nsswitch.h --- glibc-2.33.orig/nss/nsswitch.h
+++ glibc-2.33/nss/nsswitch.h +++ glibc-2.33/nss/nsswitch.h
@@ -88,13 +88,10 @@ extern bool __nss_database_custom[NSS_DB @@ -88,15 +88,6 @@ extern bool __nss_database_custom[NSS_DB
/* Interface functions for NSS. */ /* Interface functions for NSS. */
-/* Get the data structure representing the specified database. -/* Get the data structure representing the specified database.
- If there is no configuration for this database in the file, - If there is no configuration for this database in the file,
- parse a service list from DEFCONFIG and use that. More - parse a service list from DEFCONFIG and use that. More
+/* Get the data structure representing the specified database. More - than one function can use the database. */
than one function can use the database. */ -extern int __nss_database_lookup2 (const char *database,
extern int __nss_database_lookup2 (const char *database,
- const char *alternative_name, - const char *alternative_name,
- const char *defconfig, struct nss_action **ni); - const char *defconfig, struct nss_action **ni);
+ struct nss_action **ni); -libc_hidden_proto (__nss_database_lookup2)
libc_hidden_proto (__nss_database_lookup2) -
/* Put first function with name FCT_NAME for SERVICE in FCTP. The /* Put first function with name FCT_NAME for SERVICE in FCTP. The
position is remembered in NI. The function returns a value < 0 if
an error occurred or no such function exists. */
Index: glibc-2.33/nss/pwd-lookup.c Index: glibc-2.33/nss/pwd-lookup.c
=================================================================== ===================================================================
--- glibc-2.33.orig/nss/pwd-lookup.c --- glibc-2.33.orig/nss/pwd-lookup.c
@ -833,7 +848,7 @@ Index: glibc-2.33/sysdeps/posix/getaddrinfo.c
- no_more = __nss_database_lookup2 ("hosts", NULL, - no_more = __nss_database_lookup2 ("hosts", NULL,
- "dns [!UNAVAIL=return] files", - "dns [!UNAVAIL=return] files",
- &nip); - &nip);
+ no_more = (__nss_database_get (nss_database_hosts, &nip) == false); + no_more = !__nss_database_get (nss_database_hosts, &nip);
/* If we are looking for both IPv4 and IPv6 address we don't /* If we are looking for both IPv4 and IPv6 address we don't
want the lookup functions to automatically promote IPv4 want the lookup functions to automatically promote IPv4