diff --git a/fix-locking-in-_IO_cleanup.patch b/fix-locking-in-_IO_cleanup.patch index 4e27d58..5e2c956 100644 --- a/fix-locking-in-_IO_cleanup.patch +++ b/fix-locking-in-_IO_cleanup.patch @@ -1,70 +1,34 @@ -Always do locking when accessing streams (bug 15142) +Always do locking when accessing streams (bug 15142, bug 14697) -During exit, skip files that are currently locked to avoid deadlock. +Now that abort no longer calls fflush there is no reason to avoid locking +the stdio streams anywhere. This fixes a conformance issue and potential +heap corruption during exit. The test nptl/tst-stdio1 is removed as that +was expecting the problematic behaviour. - [BZ #15142] - * libio/libio.h (_IO_ftrylockfile) [_IO_MTSAVE_IO]: Define. - * libio/genops.c (_IO_flush_all_lockp): Make static. Rename - argument to skip_locked, callers changed. Skip files that are - locked if skip_locked. - (_IO_unbuffer_all): Lock files before access, but skip locked - files. - * libio/libioP.h (_IO_flush_all_lockp): Don't declare. - -Index: glibc-2.27/libio/libio.h +Index: glibc-2.31/libio/genops.c =================================================================== ---- glibc-2.27.orig/libio/libio.h -+++ glibc-2.27/libio/libio.h -@@ -33,11 +33,15 @@ libc_hidden_proto (_IO_vfscanf) - if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_lock_lock (*(_fp)->_lock) - # define _IO_funlockfile(_fp) \ - if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_lock_unlock (*(_fp)->_lock) -+# define _IO_ftrylockfile(_fp) \ -+ (((_fp)->_flags & _IO_USER_LOCK) == 0 ? _IO_lock_trylock (*(_fp)->_lock) : 0) - # else - # define _IO_flockfile(_fp) \ - if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_flockfile (_fp) - # define _IO_funlockfile(_fp) \ - if (((_fp)->_flags & _IO_USER_LOCK) == 0) _IO_funlockfile (_fp) -+# define _IO_ftrylockfile(_fp) \ -+ (((_fp)->_flags & _IO_USER_LOCK) == 0 ? _IO_ftrylockfile (_fp) : 0) - # endif - #endif /* _IO_MTSAFE_IO */ - -Index: glibc-2.27/libio/genops.c -=================================================================== ---- glibc-2.27.orig/libio/genops.c -+++ glibc-2.27/libio/genops.c -@@ -744,8 +744,8 @@ _IO_adjust_column (unsigned start, const - } +--- glibc-2.31.orig/libio/genops.c ++++ glibc-2.31/libio/genops.c +@@ -682,7 +682,7 @@ _IO_adjust_column (unsigned start, const libc_hidden_def (_IO_adjust_column) --int + int -_IO_flush_all_lockp (int do_lock) -+static int -+_IO_flush_all_lockp (bool skip_locked) ++_IO_flush_all (void) { int result = 0; FILE *fp; -@@ -758,7 +758,16 @@ _IO_flush_all_lockp (int do_lock) +@@ -695,8 +695,7 @@ _IO_flush_all_lockp (int do_lock) for (fp = (FILE *) _IO_list_all; fp != NULL; fp = fp->_chain) { run_fp = fp; - if (do_lock) -+ if (skip_locked) -+ { -+ /* Skip files that are currently locked. */ -+ if (_IO_ftrylockfile (fp)) -+ { -+ run_fp = NULL; -+ continue; -+ } -+ } -+ else - _IO_flockfile (fp); +- _IO_flockfile (fp); ++ _IO_flockfile (fp); if (((fp->_mode <= 0 && fp->_IO_write_ptr > fp->_IO_write_base) -@@ -769,8 +778,7 @@ _IO_flush_all_lockp (int do_lock) + || (_IO_vtable_offset (fp) == 0 +@@ -706,8 +705,7 @@ _IO_flush_all_lockp (int do_lock) && _IO_OVERFLOW (fp, EOF) == EOF) result = EOF; @@ -74,31 +38,32 @@ Index: glibc-2.27/libio/genops.c run_fp = NULL; } -@@ -787,7 +795,7 @@ int - _IO_flush_all (void) - { - /* We want locking. */ -- return _IO_flush_all_lockp (1); -+ return _IO_flush_all_lockp (false); +@@ -718,14 +716,6 @@ _IO_flush_all_lockp (int do_lock) + + return result; } +- +- +-int +-_IO_flush_all (void) +-{ +- /* We want locking. */ +- return _IO_flush_all_lockp (1); +-} libc_hidden_def (_IO_flush_all) -@@ -852,6 +860,14 @@ _IO_unbuffer_all (void) - - for (fp = (FILE *) _IO_list_all; fp; fp = fp->_chain) + void +@@ -791,6 +781,9 @@ _IO_unbuffer_all (void) { -+ run_fp = fp; -+ /* Skip files that are currently locked. */ -+ if (_IO_ftrylockfile (fp)) -+ { -+ run_fp = NULL; -+ continue; -+ } -+ int legacy = 0; ++ run_fp = fp; ++ _IO_flockfile (fp); ++ #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_1) -@@ -863,18 +879,6 @@ _IO_unbuffer_all (void) + if (__glibc_unlikely (_IO_vtable_offset (fp) != 0)) + legacy = 1; +@@ -800,18 +793,6 @@ _IO_unbuffer_all (void) /* Iff stream is un-orientated, it wasn't used. */ && (legacy || fp->_mode != 0)) { @@ -117,7 +82,7 @@ Index: glibc-2.27/libio/genops.c if (! legacy && ! dealloc_buffers && !(fp->_flags & _IO_USER_BUF)) { fp->_flags |= _IO_USER_BUF; -@@ -881,17 +885,15 @@ _IO_unbuffer_all (void) +@@ -825,17 +806,15 @@ _IO_unbuffer_all (void) if (! legacy && fp->_mode > 0) _IO_wsetb (fp, NULL, NULL, 0); @@ -138,24 +103,22 @@ Index: glibc-2.27/libio/genops.c } #ifdef _IO_MTSAFE_IO -@@ -916,9 +918,9 @@ libc_freeres_fn (buffer_free) +@@ -861,9 +840,7 @@ libc_freeres_fn (buffer_free) int _IO_cleanup (void) { - /* We do *not* want locking. Some threads might use streams but - that is their problem, we flush them underneath them. */ - int result = _IO_flush_all_lockp (0); -+ /* We want to skip locked streams. Some threads might use streams but -+ that is their problem, we don't flush those. */ -+ int result = _IO_flush_all_lockp (true); ++ int result = _IO_flush_all (); /* We currently don't have a reliable mechanism for making sure that C++ static destructors are executed in the correct order. -Index: glibc-2.27/libio/libioP.h +Index: glibc-2.31/libio/libioP.h =================================================================== ---- glibc-2.27.orig/libio/libioP.h -+++ glibc-2.27/libio/libioP.h -@@ -486,7 +486,6 @@ extern int _IO_new_do_write (FILE *, con +--- glibc-2.31.orig/libio/libioP.h ++++ glibc-2.31/libio/libioP.h +@@ -487,7 +487,6 @@ extern int _IO_new_do_write (FILE *, con extern int _IO_old_do_write (FILE *, const char *, size_t); extern int _IO_wdo_write (FILE *, const wchar_t *, size_t); libc_hidden_proto (_IO_wdo_write) @@ -163,3 +126,77 @@ Index: glibc-2.27/libio/libioP.h extern int _IO_flush_all (void); libc_hidden_proto (_IO_flush_all) extern int _IO_cleanup (void); +Index: glibc-2.31/nptl/Makefile +=================================================================== +--- glibc-2.31.orig/nptl/Makefile ++++ glibc-2.31/nptl/Makefile +@@ -295,7 +295,7 @@ tests = tst-attr1 tst-attr2 tst-attr3 ts + tst-signal6 \ + tst-exec1 tst-exec2 tst-exec3 tst-exec4 tst-exec5 \ + tst-exit1 tst-exit2 tst-exit3 \ +- tst-stdio1 tst-stdio2 \ ++ tst-stdio2 \ + tst-stack1 tst-stack2 tst-stack3 tst-stack4 tst-pthread-getattr \ + tst-pthread-attr-affinity tst-pthread-mutexattr \ + tst-unload \ +Index: glibc-2.31/nptl/tst-stdio1.c +=================================================================== +--- glibc-2.31.orig/nptl/tst-stdio1.c ++++ /dev/null +@@ -1,56 +0,0 @@ +-/* Copyright (C) 2002-2020 Free Software Foundation, Inc. +- This file is part of the GNU C Library. +- Contributed by Ulrich Drepper , 2002. +- +- The GNU C Library is free software; you can redistribute it and/or +- modify it under the terms of the GNU Lesser General Public +- License as published by the Free Software Foundation; either +- version 2.1 of the License, or (at your option) any later version. +- +- The GNU C Library is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +- Lesser General Public License for more details. +- +- You should have received a copy of the GNU Lesser General Public +- License along with the GNU C Library; if not, see +- . */ +- +-#include +-#include +-#include +-#include +- +-static int do_test (void); +- +-#define TEST_FUNCTION do_test () +-#include "../test-skeleton.c" +- +-static void *tf (void *a) +-{ +- flockfile (stdout); +- /* This call should never return. */ +- return a; +-} +- +- +-int +-do_test (void) +-{ +- pthread_t th; +- +- flockfile (stdout); +- +- if (pthread_create (&th, NULL, tf, NULL) != 0) +- { +- write_message ("create failed\n"); +- _exit (1); +- } +- +- delayed_exit (1); +- xpthread_join (th); +- +- puts ("join returned"); +- +- return 1; +-} diff --git a/glibc-2.30.tar.xz b/glibc-2.30.tar.xz deleted file mode 100644 index e66e591..0000000 --- a/glibc-2.30.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e2c4114e569afbe7edbc29131a43be833850ab9a459d81beb2588016d2bbb8af -size 16576920 diff --git a/glibc-2.30.tar.xz.sig b/glibc-2.30.tar.xz.sig deleted file mode 100644 index 5830e2d..0000000 --- a/glibc-2.30.tar.xz.sig +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAl1DRIYACgkQFnkrTqJT -QPjGfBAAhds1wnuzs5K1NDOCurXDu/WLe+isQB3zEQEQy15Wy2ZHNN801k9Wt9j7 -vd4mG5whsMdjzXE6QmEY9x/kREQ5XQV4vlGBO8r9ZO42retlWWYBtuoLo6weS2WK -FstZ8k5hcS83ZBs/fbea4OFv5L6kopVkqYbqHQMudxLZIjTGVXjjwWBZqlAbW9UE -iIynJ/f5SwLisIQfRKT//B4lANaH2hvxfZlfngbWRaSnsj28BK3Ut+HwgZpVU+N0 -O/Yi5hp38IKBNvso4h1//LYCYIOiZVbvdWFXUXhvpOySrKpU+/akSk3B3okgsAnO -WjcCqJNtdjJqRhhLhn8IxJtBOxojqfY5Yjchjj6VkXm9AYDjWxxiwQuNOkyK6nRC -KBLkwAkOAI45yAd5p9oBiVDAeyQFww1bwdojBjHgPKySM2JJI6fooQ1c8wd8ZCiO -QsHpd7JnBhWaLr6Xm50U2aED4s6lf3auEr49mQDbuizl6DUHLHzFGx7kN6vXGQaC -FPNuskYdKzM+eEbdpbP49niska1DBjSYjDddO/AMGRHlzjcPUn5mQht3XquUQNby -EP6S9DrS6J3rM88Wz4Rl/8tsWQ9W+u/fImtHjobC7oZ+0eFGpZ0ZT50pbZxzsQkb -7yWU92RXuN7ySg9MUzLG7Z60iVTWgkFU8gaZGBTOXcskm04K5og= -=i6A/ ------END PGP SIGNATURE----- diff --git a/glibc-2.31.tar.xz b/glibc-2.31.tar.xz new file mode 100644 index 0000000..dcee34e --- /dev/null +++ b/glibc-2.31.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9246fe44f68feeec8c666bb87973d590ce0137cca145df014c72ec95be9ffd17 +size 16676764 diff --git a/glibc-2.31.tar.xz.sig b/glibc-2.31.tar.xz.sig new file mode 100644 index 0000000..f0e3c50 --- /dev/null +++ b/glibc-2.31.tar.xz.sig @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCAAdFiEEvHxzcmN+wQxX16plecQ9+/HPIYcFAl41bZQACgkQecQ9+/HP +IYfUQgf/d5dAUK871suOXNfFcw67sHEPsnLami/WPXyyw/pXDjuLZYLNTGOmpQol +VdV38p1BxaJs0A5EBSVm32xhgMR2Jum6qKu/mpEnfy5ac1lGiTxO1pVMDDXjdPaK +S8+nJXTf3MVYUCmu4W426DdRkdsBmP0KlKo8ZFBlhAJoPXeikJMGOf/uUR5VimNE +VY2EPDHEaqrBco/lm3LqZ6RWu7+B7K5GXR2EMLBDLIKirYd17nIqzjhFjv0pcS/e +UE2K0vxA5ip59ep4xxRmDu8bOshlZlfhHGuAiD+B2iwxwWFv6D75IyrtqB5KHWtD +/crvu7njsCsgWJKNA83pkt19nj9mxQ== +=TAIE +-----END PGP SIGNATURE----- diff --git a/glibc-version.diff b/glibc-version.diff index f9e92ec..939f0ff 100644 --- a/glibc-version.diff +++ b/glibc-version.diff @@ -8,7 +8,7 @@ Index: glibc-2.27/csu/version.c static const char banner[] = -"GNU C Library "PKGVERSION RELEASE" release version "VERSION".\n\ +"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID").\n\ - Copyright (C) 2019 Free Software Foundation, Inc.\n\ + Copyright (C) 2020 Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\ PARTICULAR PURPOSE.\n\ diff --git a/glibc.changes b/glibc.changes index 2e59174..7b19bd2 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,43 @@ +------------------------------------------------------------------- +Thu Feb 13 14:16:05 UTC 2020 - Andreas Schwab + +- fix-locking-in-_IO_cleanup.patch: update to latest version + +------------------------------------------------------------------- +Mon Feb 3 08:13:02 UTC 2020 - Andreas Schwab + +- Update to glibc 2.31 + * The GNU C Library now supports a feature test macro _ISOC2X_SOURCE to + enable features from the draft ISO C2X standard + * The functions that round their results to a narrower type now + have corresponding type-generic macros in + * The function pthread_clockjoin_np has been added, enabling join with a + terminated thread with a specific clock + * New locale added: mnw_MM (Mon language spoken in Myanmar). + * The DNS stub resolver will optionally send the AD (authenticated data) bit + in queries if the trust-ad option is set via the options directive in + /etc/resolv.conf (or if RES_TRUSTAD is set in _res.options) + * The totalorder and totalordermag functions, and the corresponding + functions for other floating-point types, now take pointer arguments to + avoid signaling NaNs possibly being converted to quiet NaNs in argument + passing + * The obsolete function stime is no longer available to newly linked + binaries, and its declaration has been removed from + * The gettimeofday function no longer reports information about a + system-wide time zone + * If a lazy binding failure happens during dlopen, during the execution of + an ELF constructor, the process is now terminated +- malloc-info-whitespace.patch, riscv-vfork.patch, + prefer-map-32bit-exec.patch, backtrace-powerpc.patch, + ldconfig-dynstr.patch: Removed. + +------------------------------------------------------------------- +Tue Jan 21 15:08:13 UTC 2020 - Andreas Schwab + +- backtrace-powerpc.patch: Fix array overflow in backtrace on PowerPC + (bsc#1158996, BZ #25423) +- Drop support for pluggable gconv modules (bsc#1159851) + ------------------------------------------------------------------- Mon Dec 9 13:21:34 UTC 2019 - Andreas Schwab diff --git a/glibc.spec b/glibc.spec index fa10f98..d26648a 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,7 +1,7 @@ # # spec file for package glibc # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -148,7 +148,7 @@ BuildArch: i686 %define enablekernel 4.15 %endif -Version: 2.30 +Version: 2.31 Release: 0 %if !%{build_snapshot} %define git_id 0a8262a1b2 @@ -257,12 +257,6 @@ Patch306: glibc-fix-double-loopback.diff ### # Patches from upstream ### -# PATCH-FIX-UPSTREAM malloc: Remove unwanted leading whitespace in malloc_info (BZ #24867) -Patch1000: malloc-info-whitespace.patch -# PATCH-FIX-UPSTREAM Fix RISC-V vfork build with Linux 5.3 kernel headers -Patch1001: riscv-vfork.patch -# PATCH-FIX-UPSTREAM rtld: Check __libc_enable_secure before honoring LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126, BZ #25204) -Patch1002: prefer-map-32bit-exec.patch ### # Patches awaiting upstream approval @@ -271,10 +265,8 @@ Patch1002: prefer-map-32bit-exec.patch Patch2000: fix-locking-in-_IO_cleanup.patch # PATCH-FIX-UPSTREAM Avoid concurrency problem in ldconfig (BZ #23973) Patch2001: ldconfig-concurrency.patch -# PATCH-FIX-UPSTREAM ldconfig: handle .dynstr located in separate segment (BZ #25087) -Patch2002: ldconfig-dynstr.patch # PATCH-FIX-UPSTREAM Fix buffer overrun in EUC-KR conversion module (BZ #24973) -Patch2003: euc-kr-overrun.patch +Patch2002: euc-kr-overrun.patch # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -472,14 +464,9 @@ makedb: A program to create a database for nss %patch304 -p1 %patch306 -p1 -%patch1000 -p1 -%patch1001 -p1 -%patch1002 -p1 - %patch2000 -p1 %patch2001 -p1 %patch2002 -p1 -%patch2003 -p1 %patch3000 @@ -1044,11 +1031,6 @@ end %postun -p /sbin/ldconfig %post locale-base -for l in /usr/share/locale/locale.alias %{_libdir}/gconv/gconv-modules; do - [ -d "$l.d" ] || continue - echo "###X# The following is autogenerated from extra files in the .d directory:" >>"$l" - cat "$l.d"/* >>"$l" -done /usr/sbin/iconvconfig %post info @@ -1263,9 +1245,6 @@ exit 0 %{_libdir}/libnldbl_nonshared.a %endif %{_libdir}/libmcheck.a -%ifarch x86_64 -%{_libdir}/libmvec_nonshared.a -%endif %files devel-static %defattr(-,root,root) diff --git a/ldconfig-dynstr.patch b/ldconfig-dynstr.patch deleted file mode 100644 index 654d044..0000000 --- a/ldconfig-dynstr.patch +++ /dev/null @@ -1,86 +0,0 @@ -ldconfig: handle .dynstr located in separate segment (bug 25087) - -To determine the load offset of the DT_STRTAB section search for the -segment containing it, instead of using the load offset of the first -segment. - - [BZ #25087] - * elf/readelflib.c (process_elf_file): Use containing segment for - DT_STRTAB load offset. ---- - elf/readelflib.c | 34 +++++++++++++++++++++------------- - 1 file changed, 21 insertions(+), 13 deletions(-) - -Index: glibc-2.30/elf/readelflib.c -=================================================================== ---- glibc-2.30.orig/elf/readelflib.c -+++ glibc-2.30/elf/readelflib.c -@@ -45,7 +45,6 @@ process_elf_file (const char *file_name, - { - int i; - unsigned int j; -- ElfW(Addr) loadaddr; - unsigned int dynamic_addr; - size_t dynamic_size; - char *program_interpreter; -@@ -87,7 +86,6 @@ process_elf_file (const char *file_name, - libc5/libc6. */ - *flag = FLAG_ELF; - -- loadaddr = -1; - dynamic_addr = 0; - dynamic_size = 0; - program_interpreter = NULL; -@@ -98,11 +96,6 @@ process_elf_file (const char *file_name, - - switch (segment->p_type) - { -- case PT_LOAD: -- if (loadaddr == (ElfW(Addr)) -1) -- loadaddr = segment->p_vaddr - segment->p_offset; -- break; -- - case PT_DYNAMIC: - if (dynamic_addr) - error (0, 0, _("more than one dynamic segment\n")); -@@ -176,11 +169,6 @@ process_elf_file (const char *file_name, - } - - } -- if (loadaddr == (ElfW(Addr)) -1) -- { -- /* Very strange. */ -- loadaddr = 0; -- } - - /* Now we can read the dynamic sections. */ - if (dynamic_size == 0) -@@ -197,7 +185,27 @@ process_elf_file (const char *file_name, - check_ptr (dyn_entry); - if (dyn_entry->d_tag == DT_STRTAB) - { -- dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadaddr); -+ /* Find the file offset of the segment containing the dynamic -+ string table. */ -+ ElfW(Off) loadoff = -1; -+ for (i = 0, segment = elf_pheader; -+ i < elf_header->e_phnum; i++, segment++) -+ { -+ if (segment->p_type == PT_LOAD -+ && dyn_entry->d_un.d_val >= segment->p_vaddr -+ && dyn_entry->d_un.d_val < segment->p_vaddr + segment->p_filesz) -+ { -+ loadoff = segment->p_vaddr - segment->p_offset; -+ break; -+ } -+ } -+ if (loadoff == (ElfW(Off)) -1) -+ { -+ /* Very strange. */ -+ loadoff = 0; -+ } -+ -+ dynamic_strings = (char *) (file_contents + dyn_entry->d_un.d_val - loadoff); - check_ptr (dynamic_strings); - break; - } diff --git a/malloc-info-whitespace.patch b/malloc-info-whitespace.patch deleted file mode 100644 index 8dfeb02..0000000 --- a/malloc-info-whitespace.patch +++ /dev/null @@ -1,22 +0,0 @@ -2019-08-01 Florian Weimer - - [BZ #24867] - * malloc/malloc.c (__malloc_info): Remove unwanted leading - whitespace. - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 00ce48cf58..343d89f489 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -5491,7 +5491,7 @@ __malloc_info (int options, FILE *fp) - - for (size_t i = 0; i < nsizes; ++i) - if (sizes[i].count != 0 && i != NFASTBINS) -- fprintf (fp, " \ -+ fprintf (fp, "\ - \n", - sizes[i].from, sizes[i].to, sizes[i].total, sizes[i].count); - --- -2.22.0 - diff --git a/nsswitch.conf b/nsswitch.conf index aa18347..18905ea 100644 --- a/nsswitch.conf +++ b/nsswitch.conf @@ -4,39 +4,71 @@ # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # -# The entry '[NOTFOUND=return]' means that the search for an -# entry should stop if the search in the previous entry turned -# up nothing. Note that if the search failed due to some other reason -# (like no NIS server responding) then the search continues with the -# next entry. +# Valid databases are: aliases, ethers, group, gshadow, hosts, +# initgroups, netgroup, networks, passwd, protocols, publickey, +# rpc, services, and shadow. # -# Legal entries are: +# Valid service provider entries include (in alphabetical order): # -# compat Use compatibility setup -# nisplus Use NIS+ (NIS version 3) -# nis Use NIS (NIS version 2), also called YP -# dns Use DNS (Domain Name Service) -# files Use the local files -# [NOTFOUND=return] Stop searching if not found so far +# compat Use /etc files plus *_compat pseudo-db +# db Use the pre-processed /var/db files +# dns Use DNS (Domain Name Service) +# files Use the local files in /etc +# hesiod Use Hesiod (DNS) for user lookups +# nis Use NIS (NIS version 2), also called YP +# nisplus Use NIS+ (NIS version 3) # -# For more information, please read the nsswitch.conf.5 manual page. +# See `info libc 'NSS Basics'` for more information. # +# Commonly used alternative service providers (may need installation): +# +# ldap Use LDAP directory server +# myhostname Use systemd host names +# mymachines Use systemd machine names +# mdns*, mdns*_minimal Use Avahi mDNS/DNS-SD +# resolve Use systemd resolved resolver +# sss Use System Security Services Daemon (sssd) +# systemd Use systemd for dynamic user option +# winbind Use Samba winbind support +# wins Use Samba wins support +# wrapper Use wrapper module for testing +# +# Notes: +# +# 'sssd' performs its own 'files'-based caching, so it should generally +# come before 'files'. +# +# WARNING: Running nscd with a secondary caching service like sssd may +# lead to unexpected behaviour, especially with how long +# entries are cached. +# +# Installation instructions: +# +# To use 'db', install the appropriate package(s) (provide 'makedb' and +# libnss_db.so.*), and place the 'db' in front of 'files' for entries +# you want to be looked up first in the databases, like this: +# +# passwd: db files +# shadow: db files +# group: db files -passwd: compat -group: compat -shadow: compat +passwd: compat +group: compat +shadow: compat hosts: files dns networks: files dns -services: files usrfiles -protocols: files usrfiles -rpc: files usrfiles -ethers: files usrfiles -netmasks: files -netgroup: files nis -publickey: files - -bootparams: files -automount: files nis aliases: files usrfiles +ethers: files usrfiles +gshadow: files usrfiles +initgroups: files +netgroup: files nis +protocols: files usrfiles +publickey: files +rpc: files usrfiles +services: files usrfiles + +automount: files nis +bootparams: files +netmasks: files diff --git a/prefer-map-32bit-exec.patch b/prefer-map-32bit-exec.patch deleted file mode 100644 index 1f85cd3..0000000 --- a/prefer-map-32bit-exec.patch +++ /dev/null @@ -1,28 +0,0 @@ -From d5dfad4326fc683c813df1e37bbf5cf920591c8e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marcin=20Ko=C5=9Bcielnicki?= -Date: Thu, 21 Nov 2019 00:20:15 +0100 -Subject: [PATCH] rtld: Check __libc_enable_secure before honoring - LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204] - -The problem was introduced in glibc 2.23, in commit -b9eb92ab05204df772eb4929eccd018637c9f3e9 -("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT"). ---- - NEWS | 6 +++++- - sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++- - 2 files changed, 7 insertions(+), 2 deletions(-) - -Index: glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -=================================================================== ---- glibc-2.30.orig/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -+++ glibc-2.30/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -@@ -31,7 +31,8 @@ - environment variable, LD_PREFER_MAP_32BIT_EXEC. */ - #define EXTRA_LD_ENVVARS \ - case 21: \ -- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ -+ if (!__libc_enable_secure \ -+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ - GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ - |= bit_arch_Prefer_MAP_32BIT_EXEC; \ - break; diff --git a/riscv-vfork.patch b/riscv-vfork.patch deleted file mode 100644 index 50275cb..0000000 --- a/riscv-vfork.patch +++ /dev/null @@ -1,25 +0,0 @@ -2019-09-18 Joseph Myers - - * sysdeps/unix/sysv/linux/riscv/vfork.S: Do not include - . - (CLONE_VM): New macro. - (CLONE_VFORK): Likewise. - -Index: glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S -=================================================================== ---- glibc-2.30.orig/sysdeps/unix/sysv/linux/riscv/vfork.S -+++ glibc-2.30/sysdeps/unix/sysv/linux/riscv/vfork.S -@@ -21,9 +21,12 @@ - #include - #include - #define __ASSEMBLY__ --#include - #include - -+#define CLONE_VM 0x00000100 /* Set if VM shared between processes. */ -+#define CLONE_VFORK 0x00004000 /* Set if the parent wants the child to -+ wake it up on mm_release. */ -+ - .text - LEAF (__libc_vfork) -