From fdc6f8a4dbb7a222737a0e13ec67257b99bdb031335e8d1153e417725969b31f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Thu, 12 Jan 2017 12:18:57 +0000 Subject: [PATCH] Accepting request 449309 from home:marxin:branches:Base:System Removed unneeded patch. OBS-URL: https://build.opensuse.org/request/show/449309 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=449 --- ...us-build-with-mainline-GCC-bug-20978.patch | 68 ++++++++++++ ...-Fix-rpcgen-buffer-overrun-bug-20790.patch | 102 ++++++++++++++++++ gcc7-fix-warnings.patch | 40 +++++++ glibc-testsuite.spec | 2 +- glibc-utils.spec | 2 +- glibc.changes | 11 ++ glibc.spec | 11 +- 7 files changed, 233 insertions(+), 3 deletions(-) create mode 100644 gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch create mode 100644 gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch create mode 100644 gcc7-fix-warnings.patch diff --git a/gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch b/gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch new file mode 100644 index 0000000..e3a3b20 --- /dev/null +++ b/gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch @@ -0,0 +1,68 @@ +From f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 Mon Sep 17 00:00:00 2001 +From: Joseph Myers +Date: Wed, 21 Dec 2016 23:44:01 +0000 +Subject: [PATCH] Fix nss_nisplus build with mainline GCC (bug 20978). + +glibc build with current mainline GCC fails because +nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + +producing an error about strlen being called on a pointer that is +always NULL (and a subsequent use of that pointer with a %s format in +snprintf). + +As Andreas noted, the bogus conditional comes from a 1997 change: + +- if (name == NULL || strlen(name) > 8) +- return NSS_STATUS_NOTFOUND; +- else ++ if (name != NULL || strlen(name) <= 8) + +So the intention is clearly to return an error for NULL name. + +This patch duly inverts the sense of the conditional. It fixes the +build with GCC mainline, and passes usual glibc testsuite testing for +x86_64. However, I have not tried any actual substantive nisplus +testing, do not have an environment for such testing, and do not know +whether it is possible that strlen (name) or tablename_len might be +large so that the VLA for buf is actually a security issue. However, +if it is a security issue, there are plenty of other similar instances +in the nisplus code (that haven't been hidden by a bogus comparison +with NULL) - and nis_table.c:__create_ib_request uses strdupa on the +string passed to nis_list, so a local fix in the caller wouldn't +suffice anyway (see bug 20987). (Calls to strdupa and other such +macros that use alloca must be considered equally questionable +regarding stack overflow issues as direct calls to alloca and VLA +declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. +--- + ChangeLog | 4 ++++ + nis/nss_nisplus/nisplus-alias.c | 2 +- + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; +-- +2.11.0 + diff --git a/gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch b/gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch new file mode 100644 index 0000000..2cd84e1 --- /dev/null +++ b/gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch @@ -0,0 +1,102 @@ +From 5874510faaf3cbd0bb112aaacab9f225002beed1 Mon Sep 17 00:00:00 2001 +From: Joseph Myers +Date: Tue, 8 Nov 2016 23:44:51 +0000 +Subject: [PATCH] Fix rpcgen buffer overrun (bug 20790). + +Building with GCC 7 produces an error building rpcgen: + +rpc_parse.c: In function 'get_prog_declaration': +rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ +rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +That buffer overrun is for the case where the .x file declares a +program with a million arguments. The strcpy two lines above can +generate a buffer overrun much more simply for a long argument name. + +The limit on length of line read by rpcgen (MAXLINESIZE == 1024) +provides a bound on the buffer size needed, so this patch just changes +the buffer size to MAXLINESIZE to avoid both possible buffer +overruns. A testcase is added that rpcgen does not crash with a +500-character argument name, where it previously crashed. + +It would not at all surprise me if there are many other ways of +crashing rpcgen with either valid or invalid input; fuzz testing would +likely find various such bugs, though I don't think they are that +important to fix (rpcgen is not that likely to be used with untrusted +.x files as input). (As well as fuzz-findable bugs there are probably +also issues when various int variables get overflowed on very large +input.) The test infrastructure for rpcgen-not-crashing tests would +need extending if tests are to be added for cases where rpcgen should +produce an error, as opposed to cases where it should succeed. + +Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. +--- + ChangeLog | 9 +++++++++ + sunrpc/Makefile | 11 +++++++++++ + sunrpc/bug20790.x | 1 + + sunrpc/rpc_parse.c | 2 +- + 4 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 sunrpc/bug20790.x + +diff --git a/sunrpc/Makefile b/sunrpc/Makefile +index 789ef423e5..99e5c3ccf8 100644 +--- a/sunrpc/Makefile ++++ b/sunrpc/Makefile +@@ -103,6 +103,11 @@ ifeq ($(have-thread-library),yes) + xtests += thrsvc + endif + ++ifeq ($(run-built-tests),yes) ++rpcgen-tests := $(objpfx)bug20790.out ++tests-special += $(rpcgen-tests) ++endif ++ + headers += $(rpcsvc:%.x=rpcsvc/%.h) + extra-libs := librpcsvc + extra-libs-others := librpcsvc # Make it in `others' pass, not `lib' pass. +@@ -225,3 +230,9 @@ endif + endif + + $(objpfx)thrsvc: $(common-objpfx)linkobj/libc.so $(shared-thread-library) ++ ++ifeq ($(run-built-tests),yes) ++$(rpcgen-tests): $(objpfx)%.out: %.x $(objpfx)rpcgen ++ $(built-program-cmd) -c $< -o $@; \ ++ $(evaluate-test) ++endif +diff --git a/sunrpc/bug20790.x b/sunrpc/bug20790.x +new file mode 100644 +index 0000000000..a00c9b3830 +--- /dev/null ++++ b/sunrpc/bug20790.x +@@ -0,0 +1 @@ ++program TPROG { version TVERS { int FUNC(int aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa) = 1; } = 1; } = 1; +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { +-- +2.11.0 + diff --git a/gcc7-fix-warnings.patch b/gcc7-fix-warnings.patch new file mode 100644 index 0000000..f3d5045 --- /dev/null +++ b/gcc7-fix-warnings.patch @@ -0,0 +1,40 @@ +From e223d1fe72e820d96f43831412ab267a1ace04d0 Mon Sep 17 00:00:00 2001 +From: steve ellcey-CA Eng-Software + +Date: Fri, 14 Oct 2016 12:53:27 -0700 +Subject: [PATCH] Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. +--- + ChangeLog | 5 +++++ + sysdeps/ieee754/dbl-64/e_pow.c | 8 ++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa39..bd758b5 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } +-- +2.10.2 + diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec index d61bc08..31b00e0 100644 --- a/glibc-testsuite.spec +++ b/glibc-testsuite.spec @@ -1,7 +1,7 @@ # # spec file for package glibc-testsuite # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/glibc-utils.spec b/glibc-utils.spec index 6fddc0d..2fb8632 100644 --- a/glibc-utils.spec +++ b/glibc-utils.spec @@ -1,7 +1,7 @@ # # spec file for package glibc-utils # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/glibc.changes b/glibc.changes index 12c7b52..5eb21ce 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Fri Dec 23 08:57:59 UTC 2016 - mliska@suse.cz + +- Add gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch and + gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch patches. + +------------------------------------------------------------------- +Mon Nov 28 13:55:27 UTC 2016 - mliska@suse.cz + +- Add gcc7-fix-warnings.patch patch to handle new GCC 7 warning. + ------------------------------------------------------------------- Thu Oct 13 08:24:22 UTC 2016 - schwab@suse.de diff --git a/glibc.spec b/glibc.spec index e04ab78..08310b4 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,7 +1,7 @@ # # spec file for package glibc # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -220,6 +220,12 @@ Patch18: glibc-cpusetsize.diff Patch19: nscd-server-user.patch # PATCH-FEATURE-SLE powerpc: enable TLE only if GLIBC_ELISION_ENABLE=yes is defined Patch21: powerpc-elision-enable-envvar.patch +# PATCH-FIX-OPENSUSE -- Fix GCC7 warnings +Patch22: gcc7-fix-warnings.patch +# PATCH-FIX-OPENSUSE -- Fix bug 20790 +Patch23: gcc7-Fix-rpcgen-buffer-overrun-bug-20790.patch +# PATCH-FIX-OPENSUSE -- Fix bug 20978 +Patch24: gcc7-Fix-nss_nisplus-build-with-mainline-GCC-bug-20978.patch ### Locale related patches # PATCH-FIX-OPENSUSE Add additional locales @@ -460,6 +466,9 @@ rm nscd/s-stamp %patch18 -p1 %patch19 -p1 %patch21 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 -p1 %patch100 -p1 %patch102 -p1