From ba646d627b34d24aa4b5495d307f4a2ada3b103a25fc83fba0f6cc0108a9cd37 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Mon, 13 Jun 2016 07:05:23 +0000 Subject: [PATCH] Accepting request 401556 from home:Andreas_Schwab:Factory - nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ #19755) OBS-URL: https://build.opensuse.org/request/show/401556 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=440 --- glibc-testsuite.changes | 11 +++++-- glibc-testsuite.spec | 5 +++ glibc-utils.changes | 11 +++++-- glibc-utils.spec | 5 +++ glibc.changes | 11 +++++-- glibc.spec | 5 +++ nscd-gc-crash.patch | 73 +++++++++++++++++++++++++++++++++++++++++ 7 files changed, 115 insertions(+), 6 deletions(-) create mode 100644 nscd-gc-crash.patch diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes index 99e1209..8fad9b6 100644 --- a/glibc-testsuite.changes +++ b/glibc-testsuite.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 9 09:17:10 UTC 2016 - schwab@suse.de + +- nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ + #19755) + ------------------------------------------------------------------- Mon May 30 08:23:03 UTC 2016 - schwab@suse.de @@ -295,7 +301,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de * The header is deprecated, and will be removed in a future release. * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 - bsc#940195 bsc#940332 + bsc#940195 bsc#940332 bsc#944494 bsc#968787 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -441,7 +447,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions - * CVE-2013-7423 bsc#915526 bsc#934084 + * CVE-2013-7423 bsc#915526 bsc#934084 bsc#973010 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch @@ -466,6 +472,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de * resolv-dont-ignore-second-answer.patch * iconv-ibm-sentinel-check.patch - Remove sprof.1, and mtrace.1, now included in the man-pages package + (bsc#967190) ------------------------------------------------------------------- Tue Sep 2 07:52:36 UTC 2014 - schwab@suse.de diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec index f81a47f..b491508 100644 --- a/glibc-testsuite.spec +++ b/glibc-testsuite.spec @@ -308,6 +308,8 @@ Patch1054: 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch Patch1055: 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch # PATCH-FIX-UPSTREAM sunrpc: Do not use alloca in clntudp_call (CVE-2016-4429, BZ #20112) Patch1056: clntudp-call-alloca.patch +# PATCH-FIX-UPSTREAM Fix nscd assertion failure in gc (BZ #19755) +Patch1057: nscd-gc-crash.patch ### # Patches awaiting upstream approval @@ -587,6 +589,7 @@ rm nscd/s-stamp %patch1054 -p1 %patch1055 -p1 %patch1056 -p1 +%patch1057 -p1 %patch2000 -p1 %patch2001 -p1 @@ -872,6 +875,8 @@ make -C cc-base -k check || { done < $sum done set -$o + # Fail build if there where compilation errors during testsuite run + test -f tests.sum } %else # This has to pass on all platforms! diff --git a/glibc-utils.changes b/glibc-utils.changes index 99e1209..8fad9b6 100644 --- a/glibc-utils.changes +++ b/glibc-utils.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 9 09:17:10 UTC 2016 - schwab@suse.de + +- nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ + #19755) + ------------------------------------------------------------------- Mon May 30 08:23:03 UTC 2016 - schwab@suse.de @@ -295,7 +301,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de * The header is deprecated, and will be removed in a future release. * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 - bsc#940195 bsc#940332 + bsc#940195 bsc#940332 bsc#944494 bsc#968787 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -441,7 +447,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions - * CVE-2013-7423 bsc#915526 bsc#934084 + * CVE-2013-7423 bsc#915526 bsc#934084 bsc#973010 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch @@ -466,6 +472,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de * resolv-dont-ignore-second-answer.patch * iconv-ibm-sentinel-check.patch - Remove sprof.1, and mtrace.1, now included in the man-pages package + (bsc#967190) ------------------------------------------------------------------- Tue Sep 2 07:52:36 UTC 2014 - schwab@suse.de diff --git a/glibc-utils.spec b/glibc-utils.spec index 1b7ad53..bdfd810 100644 --- a/glibc-utils.spec +++ b/glibc-utils.spec @@ -307,6 +307,8 @@ Patch1054: 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch Patch1055: 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch # PATCH-FIX-UPSTREAM sunrpc: Do not use alloca in clntudp_call (CVE-2016-4429, BZ #20112) Patch1056: clntudp-call-alloca.patch +# PATCH-FIX-UPSTREAM Fix nscd assertion failure in gc (BZ #19755) +Patch1057: nscd-gc-crash.patch ### # Patches awaiting upstream approval @@ -587,6 +589,7 @@ rm nscd/s-stamp %patch1054 -p1 %patch1055 -p1 %patch1056 -p1 +%patch1057 -p1 %patch2000 -p1 %patch2001 -p1 @@ -872,6 +875,8 @@ make -C cc-base -k check || { done < $sum done set -$o + # Fail build if there where compilation errors during testsuite run + test -f tests.sum } %else # This has to pass on all platforms! diff --git a/glibc.changes b/glibc.changes index 99e1209..8fad9b6 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Thu Jun 9 09:17:10 UTC 2016 - schwab@suse.de + +- nscd-gc-crash.patch: Fix nscd assertion failure in gc (bsc#965699, BZ + #19755) + ------------------------------------------------------------------- Mon May 30 08:23:03 UTC 2016 - schwab@suse.de @@ -295,7 +301,7 @@ Wed Aug 5 09:35:41 UTC 2015 - schwab@suse.de * The header is deprecated, and will be removed in a future release. * bsc#905313 bsc#920338 bsc#927080 bsc#928723 bsc#931480 bsc#939211 - bsc#940195 bsc#940332 + bsc#940195 bsc#940332 bsc#944494 bsc#968787 - Patches from upstream removed * htm-tabort.patch * o-tmpfile.patch @@ -441,7 +447,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de and the LC_* variables), are more tightly checked for proper syntax * On x86-64, the dynamic linker's lazy-binding support is now compatible with application code using Intel MPX instructions - * CVE-2013-7423 bsc#915526 bsc#934084 + * CVE-2013-7423 bsc#915526 bsc#934084 bsc#973010 - Patches from upstream removed * nss-dns-memleak.patch * sin-sign.patch @@ -466,6 +472,7 @@ Mon Sep 8 09:48:26 UTC 2014 - schwab@suse.de * resolv-dont-ignore-second-answer.patch * iconv-ibm-sentinel-check.patch - Remove sprof.1, and mtrace.1, now included in the man-pages package + (bsc#967190) ------------------------------------------------------------------- Tue Sep 2 07:52:36 UTC 2014 - schwab@suse.de diff --git a/glibc.spec b/glibc.spec index 3187cfc..f1e5cf0 100644 --- a/glibc.spec +++ b/glibc.spec @@ -308,6 +308,8 @@ Patch1054: 0055-CVE-2016-3706-getaddrinfo-stack-overflow-in-hostent-.patch Patch1055: 0056-Fix-strfmon_l-Use-specified-locale-for-number-format.patch # PATCH-FIX-UPSTREAM sunrpc: Do not use alloca in clntudp_call (CVE-2016-4429, BZ #20112) Patch1056: clntudp-call-alloca.patch +# PATCH-FIX-UPSTREAM Fix nscd assertion failure in gc (BZ #19755) +Patch1057: nscd-gc-crash.patch ### # Patches awaiting upstream approval @@ -587,6 +589,7 @@ rm nscd/s-stamp %patch1054 -p1 %patch1055 -p1 %patch1056 -p1 +%patch1057 -p1 %patch2000 -p1 %patch2001 -p1 @@ -872,6 +875,8 @@ make -C cc-base -k check || { done < $sum done set -$o + # Fail build if there where compilation errors during testsuite run + test -f tests.sum } %else # This has to pass on all platforms! diff --git a/nscd-gc-crash.patch b/nscd-gc-crash.patch new file mode 100644 index 0000000..cc842bc --- /dev/null +++ b/nscd-gc-crash.patch @@ -0,0 +1,73 @@ + [BZ #19755] + * nscd/pwdcache.c (cache_addpw): Lock prune_run_lock while adding + new entries in auto-propagate mode. + * nscd/grpcache.c (cache_addgr): Likewise. + +Index: glibc-2.23/nscd/grpcache.c +=================================================================== +--- glibc-2.23.orig/nscd/grpcache.c ++++ glibc-2.23/nscd/grpcache.c +@@ -205,10 +205,19 @@ cache_addgr (struct database_dyn *db, in + dataset = NULL; + + if (he == NULL) +- dataset = (struct dataset *) mempool_alloc (db, total + n, 1); ++ { ++ /* Prevent an INVALIDATE request from pruning the data between ++ the two calls to cache_add. */ ++ if (db->propagate) ++ pthread_mutex_lock (&db->prune_run_lock); ++ dataset = (struct dataset *) mempool_alloc (db, total + n, 1); ++ } + + if (dataset == NULL) + { ++ if (he == NULL && db->propagate) ++ pthread_mutex_unlock (&db->prune_run_lock); ++ + /* We cannot permanently add the result in the moment. But + we can provide the result as is. Store the data in some + temporary memory. */ +@@ -396,6 +405,8 @@ cache_addgr (struct database_dyn *db, in + + out: + pthread_rwlock_unlock (&db->lock); ++ if (he == NULL && db->propagate) ++ pthread_mutex_unlock (&db->prune_run_lock); + } + } + +Index: glibc-2.23/nscd/pwdcache.c +=================================================================== +--- glibc-2.23.orig/nscd/pwdcache.c ++++ glibc-2.23/nscd/pwdcache.c +@@ -198,10 +198,19 @@ cache_addpw (struct database_dyn *db, in + dataset = NULL; + + if (he == NULL) +- dataset = (struct dataset *) mempool_alloc (db, total + n, 1); ++ { ++ /* Prevent an INVALIDATE request from pruning the data between ++ the two calls to cache_add. */ ++ if (db->propagate) ++ pthread_mutex_lock (&db->prune_run_lock); ++ dataset = (struct dataset *) mempool_alloc (db, total + n, 1); ++ } + + if (dataset == NULL) + { ++ if (he == NULL && db->propagate) ++ pthread_mutex_unlock (&db->prune_run_lock); ++ + /* We cannot permanently add the result in the moment. But + we can provide the result as is. Store the data in some + temporary memory. */ +@@ -374,6 +383,8 @@ cache_addpw (struct database_dyn *db, in + + out: + pthread_rwlock_unlock (&db->lock); ++ if (he == NULL && db->propagate) ++ pthread_mutex_unlock (&db->prune_run_lock); + } + } +