Hello community, here is the log from the commit of package glibc.2020 for openSUSE:12.3:Update checked in at 2013-09-30 17:43:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/glibc.2020 (Old) and /work/SRC/openSUSE:12.3:Update/.glibc.2020.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "glibc.2020" Changes: -------- New Changes file: --- /dev/null 2013-09-21 22:50:09.852032506 +0200 +++ /work/SRC/openSUSE:12.3:Update/.glibc.2020.new/glibc-testsuite.changes 2013-09-30 17:43:39.000000000 +0200 @@ -0,0 +1,6637 @@ +------------------------------------------------------------------- +Mon Sep 16 14:10:12 UTC 2013 - schwab@suse.de + +- arm-ld-so-cache.patch: Support loading unmarked objects from cache +- strcoll-overflow.patch: Fix buffer overflow in strcoll (CVE-2012-4412, + bnc#779320) +- regexp-overrun.patch: Fix buffer overrun in regexp matcher + (CVE-2013-0242, bnc#801246) +- manpages.patch: Remove debianisms from manpages (bnc#805054) +- getaddrinfo-overflow.patch: Fix stack overflow in getaddrinfo with many + results (CVE-2013-1914, bnc#813121) +- printf-overrun.patch: Revert problematic fixes for [BZ #11741] + (bnc#813306) +- pldd-wait-ptrace-stop.patch: fix pldd not to leave process stopped after + detaching (bnc#819383) +- nscd-netgroup.patch: Fix handling of netgroup cache in nscd (bnc#819524) +- glibc-2.3.90-bindresvport.blacklist.diff: Fix resource leaks + (bnc#824046) +- disable-pt-chown.patch: Disable use of pt_chown (CVE-2013-2207, + bnc#830257) +- readdir_r-overflow.patch: Buffer overflow in readdir_r (CVE-2013-4237, + bnc#834594) +- malloc-overflow.patch: Fix integer overflows in malloc (CVE-2013-4332, + bnc#839870) +- When testsuite run fails make all test output available + +------------------------------------------------------------------- +Thu Jan 31 15:42:07 UTC 2013 - schwab@suse.de + +- Obsolete unscd to migrate back to nscd. + +------------------------------------------------------------------- +Thu Jan 31 09:09:06 UTC 2013 - coolo@suse.com + +- looks like testsuite runs only on kvm, so add _constraint + (actually it does not build on xen, but I can't constraint that) + +------------------------------------------------------------------- +Thu Jan 24 16:33:04 UTC 2013 - schwab@suse.de + +- Don't run testsuite in parallel +- Fail if testsuite fails +- Disable crypt/badsalttest test + +------------------------------------------------------------------- +Tue Jan 8 09:53:38 UTC 2013 - coolo@suse.com + +- add _constraints file to make sure glibc-testsuite only builds on big + hosts. Otherwise it's running out of memory and stalls + +------------------------------------------------------------------- +Thu Dec 27 12:31:13 UTC 2012 - aj@suse.de + +- Set bugurl to bugs.opensuse.org + +------------------------------------------------------------------- +Tue Dec 25 16:50:52 UTC 2012 - aj@suse.de + +- Update to glibc 2.17 release (git id c758a6861537): + * bump version number + * update translations + +------------------------------------------------------------------- +Tue Dec 18 10:28:01 UTC 2012 - schwab@suse.de + +- Move glibc-utils subpackage to own specfile and enable programs that + require libgd +- Filter GLIBC_PRIVATE symbols +- Don't stop at first error in testsuite run + +------------------------------------------------------------------- +Mon Dec 17 11:16:49 UTC 2012 - schwab@suse.de + +- Split off glibc-testsuite package + +------------------------------------------------------------------- +Fri Dec 14 19:31:45 UTC 2012 - aj@suse.de + +- Build profile and locale packages for i686 as well. + +------------------------------------------------------------------- +Wed Dec 12 08:32:53 UTC 2012 - aj@suse.de + +- Update to 4641d57e1e00: + * Updated translations + * bug fixes + +------------------------------------------------------------------- +Mon Dec 10 13:08:01 UTC 2012 - schwab@suse.de + +- pthread-cond-timedwait-i486.patch: + Extend i486 pthread_cond_timedwait to use futex syscall with absolute + timeout +- nscd-short-write.patch: + Properly check for short writes when sending the response in nscd + +------------------------------------------------------------------- +Sat Dec 8 18:55:53 UTC 2012 - aj@suse.de + +- Update to 56e7d3ad5c2f: + * Bugfixes + * Fix warnings building glibc +- Remove upstreamed patch glibc-revert-fseek-on-fclose.diff + +------------------------------------------------------------------- +Mon Dec 3 15:45:08 UTC 2012 - aj@suse.de + +- Remove nosegneg i686 library, it's only used for a 32-bit Xen + hypervisor (not for a 32-bit guest running under 64-bit hypervisor), + and since the 32-bit Xen hypervisor is not part of openSUSE anymore, + it is unneeded (bnc#789607). + +------------------------------------------------------------------- +Mon Dec 3 14:47:22 UTC 2012 - schwab@suse.de + +- Suppress error message from systemctl in %post -n nscd (bnc#792333) + +------------------------------------------------------------------- +Sat Dec 1 08:55:05 UTC 2012 - aj@suse.de + +- Update to f638872ab422: + Fix regression introduced with last update in sunrpc code + Fix assertion failure in resolver + Bug fixes +- Remove upstreamed patch glibc-resolv-assert.diff + +------------------------------------------------------------------- +Fri Nov 30 09:15:15 UTC 2012 - aj@suse.de + +- Update to c93ec1f091ec: + Warn about unsupported DT_FLAGS_1 flags + Add Interlingua locale + Bug fixes + +------------------------------------------------------------------- +Thu Nov 29 14:30:11 UTC 2012 - schwab@suse.de + +- Remove obsolete patches: + glibc-strict-aliasing.diff + nscd-avoid-gcc-warning.diff + +------------------------------------------------------------------- +Wed Nov 28 15:48:32 UTC 2012 - aj@suse.de + +- Update to e3c6aa3a5848: + * Fix powerpc64 make abi check failure + * bugfixes +- Install nscd.socket to new /usr location + +------------------------------------------------------------------- +Wed Nov 28 09:31:11 UTC 2012 - schwab@suse.de + +- Reenable multi-arch on ppc ppc64 + +------------------------------------------------------------------- +Tue Nov 27 21:34:15 UTC 2012 - aj@suse.de + +- Update to de2fd463b1c0: + Various bugfixes including: + * Fix fwrite bug causing grep etc testsuite failure + * sotruss: fix argument parsing + * Check supported DF_1_XXX bits + Add new locales niu_NU and niu_NZ +- Refresh patch glibc-revert-fseek-on-fclose.diff + +------------------------------------------------------------------- +Sat Nov 24 13:48:40 UTC 2012 - aj@suse.de + +- Remove nscd init script, use systemd files. + +------------------------------------------------------------------- +Fri Nov 23 14:33:37 UTC 2012 - matz@suse.com + +- Fix getaddrinfo-ipv6-sanity.diff to apply again. + +------------------------------------------------------------------- +Tue Nov 20 08:06:49 UTC 2012 - aj@suse.de + +- Update to f59cba71d848: + * Various bug fixes + * Add new locales szl_PL, ayc_PE, nhn_MX, doi_IN, mni_IN, sat_IN. + * Remove patch glibc-compiled-binaries.diff since getconf can not be + cross-compiled + * Refresh patch glibc-2.3.90-bindresvport.blacklist.diff + +------------------------------------------------------------------- +Sun Nov 11 09:54:43 UTC 2012 - aj@suse.de + +- Update to current glibc 2.17 development snapshot (git 7e2bd01fcf3c): + * Upstream changes: + + ports is now part of main tarball + + Add port to ARM AArch64 + + New function secure_getenv + + Systemtap static probes + + The `clock_*' suite of functions (declared in <time.h>) is now + available directly in the main C library. + + The `crypt' function now fails if passed salt bytes that violate the ++++ 6440 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.glibc.2020.new/glibc-testsuite.changes New Changes file: glibc-utils.changes: same change New Changes file: glibc.changes: same change New: ---- _constraints arm-ld-so-cache.patch baselibs.conf bindresvport.blacklist check-build.sh crypt_blowfish-1.2-hack_around_arm.diff crypt_blowfish-1.2-sha.diff crypt_blowfish-1.2-versioning.diff crypt_blowfish-1.2.tar.gz crypt_blowfish-1.2.tar.gz.sign disable-pt-chown.patch getaddrinfo-ipv6-sanity.diff getaddrinfo-overflow.patch glibc-2.14-crypt-versioning.diff glibc-2.14-crypt.diff glibc-2.17-c758a6861537.tar.xz glibc-2.2-sunrpc.diff glibc-2.3.2.no_archive.diff glibc-2.3.3-nscd-db-path.diff glibc-2.3.90-bindresvport.blacklist.diff glibc-2.3.90-langpackdir.diff glibc-2.3.90-noversion.diff glibc-2.3.locales.diff.bz2 glibc-2.4-china.diff glibc-2.4.90-no_NO.diff glibc-2.4.90-revert-only-euro.diff glibc-armhf-compat.patch glibc-cpusetsize.diff glibc-crypt-badsalttest.patch glibc-fix-check-abi.patch glibc-fix-double-loopback.diff glibc-ld-profile.patch glibc-nodate.patch glibc-nscd-hconf.diff glibc-nscd.conf.patch glibc-resolv-mdnshint.diff glibc-resolv-reload.diff glibc-testsuite.changes glibc-testsuite.patch glibc-testsuite.spec glibc-utils.changes glibc-utils.spec glibc-version.diff glibc.changes glibc.rpmlintrc glibc.spec glibc_post_upgrade.c malloc-overflow.patch manpages.patch manpages.tar.bz2 noversion.tar.bz2 nscd-netgroup.patch nscd-short-write.patch nscd.conf nscd.service nss-db-path.patch nsswitch.conf pldd-wait-ptrace-stop.patch pre_checkin.sh printf-overrun.patch pthread-cond-timedwait-i486.patch readdir_r-overflow.patch regexp-overrun.patch strcoll-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc-testsuite.spec ++++++ ++++ 1300 lines (skipped) glibc-utils.spec: same change glibc.spec: same change ++++++ arm-ld-so-cache.patch ++++++ From b39949d21179bd0b08a083e4f7e35d0c98e11294 Mon Sep 17 00:00:00 2001 From: Carlos O'Donell <carlos@redhat.com> Date: Fri, 8 Feb 2013 12:26:12 -0500 Subject: [PATCH] ARM: Support loading unmarked objects from cache. ARM now supports loading unmarked objects from the dynamic loader cache. Unmarked objects can be used with the hard-float or soft-float ABI. We must support loading unmarked objects during the transition period from a binutils that does not mark objects to one that does mark them with the correct ELF flags. Signed-off-by: Carlos O'Donell <carlos@redhat.com> --- ChangeLog | 5 +++++ elf/cache.c | 4 ++++ ports/ChangeLog.arm | 8 ++++++++ ports/sysdeps/unix/sysv/linux/arm/dl-cache.h | 9 +++++++-- ports/sysdeps/unix/sysv/linux/arm/readelflib.c | 6 ++++++ sysdeps/generic/ldconfig.h | 1 + 6 files changed, 31 insertions(+), 2 deletions(-) diff --git a/elf/cache.c b/elf/cache.c index 9901952..699550b 100644 --- a/elf/cache.c +++ b/elf/cache.c @@ -100,6 +100,10 @@ print_entry (const char *lib, int flag, unsigned int osversion, case FLAG_AARCH64_LIB64: fputs (",AArch64", stdout); break; + /* Uses the ARM soft-float ABI. */ + case FLAG_ARM_LIBSF: + fputs (",soft-float", stdout); + break; case 0: break; default: diff --git a/ports/sysdeps/unix/sysv/linux/arm/dl-cache.h b/ports/sysdeps/unix/sysv/linux/arm/dl-cache.h index acc4f28..504feca 100644 --- a/ports/sysdeps/unix/sysv/linux/arm/dl-cache.h +++ b/ports/sysdeps/unix/sysv/linux/arm/dl-cache.h @@ -18,12 +18,17 @@ #include <ldconfig.h> +/* In order to support the transition from unmarked objects + to marked objects we must treat unmarked objects as + compatible with either FLAG_ARM_LIBHF or FLAG_ARM_LIBSF. */ #ifdef __ARM_PCS_VFP # define _dl_cache_check_flags(flags) \ - ((flags) == (FLAG_ARM_LIBHF | FLAG_ELF_LIBC6)) + ((flags) == (FLAG_ARM_LIBHF | FLAG_ELF_LIBC6) \ + || (flags) == FLAG_ELF_LIBC6) #else # define _dl_cache_check_flags(flags) \ - ((flags) == FLAG_ELF_LIBC6) + ((flags) == (FLAG_ARM_LIBSF | FLAG_ELF_LIBC6) \ + || (flags) == FLAG_ELF_LIBC6) #endif #include_next <dl-cache.h> diff --git a/ports/sysdeps/unix/sysv/linux/arm/readelflib.c b/ports/sysdeps/unix/sysv/linux/arm/readelflib.c index 81e5ccb..3efb613 100644 --- a/ports/sysdeps/unix/sysv/linux/arm/readelflib.c +++ b/ports/sysdeps/unix/sysv/linux/arm/readelflib.c @@ -46,6 +46,12 @@ process_elf_file (const char *file_name, const char *lib, int *flag, if (elf32_header->e_flags & EF_ARM_ABI_FLOAT_HARD) *flag = FLAG_ARM_LIBHF|FLAG_ELF_LIBC6; else if (elf32_header->e_flags & EF_ARM_ABI_FLOAT_SOFT) + *flag = FLAG_ARM_LIBSF|FLAG_ELF_LIBC6; + else + /* We must assume the unmarked objects are compatible + with all ABI variants. Such objects may have been + generated in a transitional period when the ABI + tags were not added to all objects. */ *flag = FLAG_ELF_LIBC6; } } diff --git a/sysdeps/generic/ldconfig.h b/sysdeps/generic/ldconfig.h index 57a9a46..91190aa 100644 --- a/sysdeps/generic/ldconfig.h +++ b/sysdeps/generic/ldconfig.h @@ -36,6 +36,7 @@ #define FLAG_X8664_LIBX32 0x0800 #define FLAG_ARM_LIBHF 0x0900 #define FLAG_AARCH64_LIB64 0x0a00 +#define FLAG_ARM_LIBSF 0x0b00 /* Name of auxiliary cache. */ #define _PATH_LDCONFIG_AUX_CACHE "/var/cache/ldconfig/aux-cache" -- 1.8.2.3 ++++++ baselibs.conf ++++++ glibc arch i586 block! targettype x86 +/etc/ld.so.conf targettype x86 "/lib/ld-linux.so.2 -> <prefix>/lib/ld-linux.so.2" targettype x86 obsoletes "baselibs-x86" targettype ia32 +/etc/ld.so.conf targettype ia32 "/lib/ld-linux.so.2 -> <prefix>/lib/ld-linux.so.2" prereq -glibc-x86 +/usr/lib/getconf/[^g] glibc-locale arch i586 block! +/usr/lib(64)?/gconv/gconv-modules targettype x86 -/usr/lib(64)?/gconv/gconv-modules glibc-devel requires "glibc-<targettype> = %version" arch i586 block! +^/usr/include/gnu/stubs-.*\.h$ glibc-devel-static arch i586 block! glibc-profile arch i586 block! glibc-utils ++++++ bindresvport.blacklist ++++++ # # This file contains a list of port numbers between 600 and 1024, # which should not be used by bindresvport. bindresvport is mostly # called by RPC services. This mostly solves the problem, that a # RPC service uses a well known port of another service. # 623 # ASF, used by IPMI on some cards 631 # cups 636 # ldaps 664 # Secure ASF, used by IPMI on some cards 774 # rpasswd 921 # lwresd 993 # imaps 995 # pops ++++++ check-build.sh ++++++ #!/bin/bash # Copyright (c) 2003, 2004, 2011,2012 SUSE Linux Products GmbH, Germany. All rights reserved. # # Authors: Thorsten Kukuk <kukuk@suse.de> # if [ `nice` -gt '9' ] ; then echo "Don't modify nice for building glibc!" exit 1 fi # get kernel version OFS="$IFS" ; IFS=".-" ; version=(`uname -r`) ; IFS="$OIFS" ARCH=(`uname -m`) if test ${version[0]} -gt 2 ; then : # okay elif test ${version[0]} -lt 2 -o ${version[1]} -lt 6 -o ${version[2]} -lt 16 ; then echo "FATAL: kernel too old, need kernel >= 2.6.16 for this package" 1>&2 exit 1 elif $ARCH -eq 'x86_64' ; then if test ${version[0]} -lt 2 -o ${version[1]} -lt 6 -o ${version[2]} -lt 32 ; then echo "FATAL: kernel too old, need kernel >= 2.6.32 for this package" 1>&2 exit 1 fi fi exit 0 ++++++ crypt_blowfish-1.2-hack_around_arm.diff ++++++ --- x86.S +++ x86.S @@ -199,5 +199,5 @@ #endif #if defined(__ELF__) && defined(__linux__) -.section .note.GNU-stack,"",@progbits +.section .note.GNU-stack,"",%progbits #endif ++++++ crypt_blowfish-1.2-sha.diff ++++++ From 1c581a8364ab18a6938f3153d7bea793d06a4652 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nussel@suse.de> Date: Thu, 25 Aug 2011 14:00:38 +0200 Subject: [PATCH crypt_blowfish] support for sha256 and sha512 --- crypt.3 | 14 +++++++++++++ crypt_gensalt.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ wrapper.c | 23 +++++++++++++++++++++ 3 files changed, 95 insertions(+), 0 deletions(-) diff --git a/crypt.3 b/crypt.3 index e2f25bd..40a3538 100644 --- a/crypt.3 +++ b/crypt.3 @@ -399,6 +399,20 @@ too low for the currently available hardware. .hash "$1$" "\e$1\e$[^$]{1,8}\e$[./0-9A-Za-z]{22}" unlimited 8 "" 128 "6 to 48" 1000 .PP .ti -2 +.B SHA256 based +.br +This is Ulrich Drepper's SHA256-based password hashing method originally +developed for Linux. +.hash "$5$" "\e$5\e$(rounds=[0-9]{1,9}\e$)?([./0-9A-Za-z]{1,16})?\e$[./0-9A-Za-z]{43}" unlimited 8 "" 256 "0 to 96" "1000 to 999999999 (default 5000)" +.PP +.ti -2 +.B SHA512 based +.br +This is Ulrich Drepper's SHA512-based password hashing method originally +developed for Linux. +.hash "$6$" "\e$6\e$(rounds=[0-9]{1,9}\e$)?([./0-9A-Za-z]{1,16})?\e$[./0-9A-Za-z]{86}" unlimited 8 "" 512 "0 to 96" "1000 to 999999999 (default 5000)" +.PP +.ti -2 .BR "OpenBSD-style Blowfish-based" " (" bcrypt ) .br .B bcrypt diff --git a/crypt_gensalt.c b/crypt_gensalt.c index 73c15a1..5cf9812 100644 --- a/crypt_gensalt.c +++ b/crypt_gensalt.c @@ -19,6 +19,7 @@ */ #include <string.h> +#include <stdio.h> #include <errno.h> #ifndef __set_errno @@ -122,3 +123,60 @@ char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count, return output; } + +#define SHA2_SALT_LEN_MAX 16 +#define SHA2_ROUNDS_MIN 1000 +#define SHA2_ROUNDS_MAX 999999999 +char *_crypt_gensalt_sha2_rn (const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size) + +{ + char *o = output; + const char *i = input; + unsigned needed = 3 + MIN(size/3*4, SHA2_SALT_LEN_MAX) + 1; + + if (size < 3 || output_size < needed) + goto error; + + size = MIN(size, SHA2_SALT_LEN_MAX/4*3); + + o[0] = prefix[0]; + o[1] = prefix[1]; + o[2] = prefix[2]; + o += 3; + + if (count) { + count = MAX(SHA2_ROUNDS_MIN, MIN(count, SHA2_ROUNDS_MAX)); + int n = snprintf (o, output_size-3, "rounds=%ld$", count); + if (n < 0 || n >= output_size-3) + goto error; + needed += n; + o += n; + } + + if (output_size < needed) + goto error; + + while (size >= 3) { + unsigned long value = + (unsigned long)(unsigned char)i[0] | + ((unsigned long)(unsigned char)i[1] << 8) | + ((unsigned long)(unsigned char)i[2] << 16); + o[0] = _crypt_itoa64[value & 0x3f]; + o[1] = _crypt_itoa64[(value >> 6) & 0x3f]; + o[2] = _crypt_itoa64[(value >> 12) & 0x3f]; + o[3] = _crypt_itoa64[(value >> 18) & 0x3f]; + size -= 3; + i += 3; + o += 3; + } + o[0] = '\0'; + + return output; + +error: + if (output_size > 0) + output[0] = '\0'; + errno = ENOMEM; + return NULL; +} diff --git a/wrapper.c b/wrapper.c index 344053b..070d91d 100644 --- a/wrapper.c +++ b/wrapper.c @@ -44,12 +44,18 @@ #include "crypt_blowfish.h" #include "crypt_gensalt.h" +extern char *_crypt_gensalt_sha2_rn(const char *prefix, unsigned long count, + const char *input, int size, char *output, int output_size); #if defined(__GLIBC__) && defined(_LIBC) /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ #include "crypt.h" extern char *__md5_crypt_r(const char *key, const char *salt, char *buffer, int buflen); +extern char *__sha256_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); +extern char *__sha512_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); /* crypt-entry.c needs to be patched to define __des_crypt_r rather than * __crypt_r, and not define crypt_r and crypt at all */ extern char *__des_crypt_r(const char *key, const char *salt, @@ -112,6 +118,10 @@ static char *_crypt_retval_magic(char *retval, const char *setting, char *__crypt_rn(__const char *key, __const char *setting, void *data, int size) { + if (setting[0] == '$' && setting[1] == '6') + return __sha512_crypt_r(key, setting, (char *)data, size); + if (setting[0] == '$' && setting[1] == '5') + return __sha256_crypt_r(key, setting, (char *)data, size); if (setting[0] == '$' && setting[1] == '2') return _crypt_blowfish_rn(key, setting, (char *)data, size); if (setting[0] == '$' && setting[1] == '1') @@ -129,6 +139,16 @@ char *__crypt_rn(__const char *key, __const char *setting, char *__crypt_ra(__const char *key, __const char *setting, void **data, int *size) { + if (setting[0] == '$' && setting[1] == '6') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return __sha512_crypt_r(key, setting, (char *)*data, *size); + } + if (setting[0] == '$' && setting[1] == '5') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return __sha256_crypt_r(key, setting, (char *)*data, *size); + } if (setting[0] == '$' && setting[1] == '2') { if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) return NULL; @@ -210,6 +230,9 @@ char *__crypt_gensalt_rn(const char *prefix, unsigned long count, return NULL; } + if (!strncmp(prefix, "$5$", 3) || !strncmp(prefix, "$6$", 3)) + use = _crypt_gensalt_sha2_rn; + else if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4)) use = _crypt_gensalt_blowfish_rn; else -- 1.7.3.4 ++++++ crypt_blowfish-1.2-versioning.diff ++++++ Index: crypt_blowfish-1.2/wrapper.c =================================================================== --- crypt_blowfish-1.2/wrapper.c +++ crypt_blowfish-1.2/wrapper.c @@ -38,6 +38,7 @@ #define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1) #if defined(__GLIBC__) && defined(_LIBC) +#include <shlib-compat.h> #define __SKIP_GNU #endif #include "ow-crypt.h" @@ -291,14 +292,34 @@ char *__crypt_gensalt(const char *prefix } #if defined(__GLIBC__) && defined(_LIBC) -weak_alias(__crypt_rn, crypt_rn) -weak_alias(__crypt_ra, crypt_ra) weak_alias(__crypt_r, crypt_r) weak_alias(__crypt, crypt) -weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn) -weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra) -weak_alias(__crypt_gensalt, crypt_gensalt) -weak_alias(crypt, fcrypt) +weak_alias(__crypt, fcrypt) +#if SHARED +#if 1 // Owl has crypt_gensalt as GLIBC_2_0 so keep for compatibility +#define ow_compat_symbol(name) \ + compat_symbol(libcrypt, _compat_##name, name, GLIBC_2_0); \ + weak_alias(__##name, _compat_##name) +#else +#define ow_compat_symbol(name) +#endif + +#define ow_versioned(name) \ + ow_compat_symbol(name) \ + versioned_symbol(libcrypt, _owl_##name, name, OW_CRYPT_1_0); +#else +#define ow_versioned(name) +#endif // SHARED + +#define ow_symbol(name) \ + ow_versioned(name) \ + weak_alias(__##name, _owl_##name) \ + +ow_symbol(crypt_rn) +ow_symbol(crypt_ra) +ow_symbol(crypt_gensalt) +ow_symbol(crypt_gensalt_rn) +ow_symbol(crypt_gensalt_ra) #endif #ifdef TEST ++++++ disable-pt-chown.patch ++++++ 2013-07-21 Siddhesh Poyarekar <siddhesh@redhat.com> Andreas Schwab <schwab@suse.de> Roland McGrath <roland@hack.frob.com> Joseph Myers <joseph@codesourcery.com> Carlos O'Donell <carlos@redhat.com> [BZ #15755] * config.h.in: Define HAVE_PT_CHOWN. * config.make.in (build-pt-chown): New variable. * configure.in (--enable-pt_chown): New configure option. * configure: Regenerate. * login/Makefile: Include Makeconfig. Build pt_chown only if build-pt-chown is enabled. * sysdeps/unix/grantpt.c (grantpt) [HAVE_PT_CHOWN]: Spawn pt_chown to fix pty ownership. * sysdeps/unix/sysv/linux/grantpt.c [HAVE_PT_CHOWN]: Define CLOSE_ALL_FDS. * manual/install.texi (Configuring and compiling): Mention --enable-pt_chown. Add @findex for grantpt. * INSTALL: Regenerate. Index: glibc-2.17/INSTALL =================================================================== --- glibc-2.17.orig/INSTALL +++ glibc-2.17/INSTALL @@ -128,6 +128,18 @@ will be used, and CFLAGS sets optimizati this can be prevented though there generally is no reason since it creates compatibility problems. +`--enable-pt_chown' + The file `pt_chown' is a helper binary for `grantpt' (*note + Pseudo-Terminals: Allocation.) that is installed setuid root to + fix up pseudo-terminal ownership. It is not built by default + because systems using the Linux kernel are commonly built with the + `devpts' filesystem enabled and mounted at `/dev/pts', which + manages pseudo-terminal ownership automatically. By using + `--enable-pt_chown', you may build `pt_chown' and install it + setuid and owned by `root'. The use of `pt_chown' introduces + additional security risks to the system and you should enable it + only if you understand and accept those risks. + `--build=BUILD-SYSTEM' `--host=HOST-SYSTEM' These options are for cross-compiling. If you specify both Index: glibc-2.17/config.h.in =================================================================== --- glibc-2.17.orig/config.h.in +++ glibc-2.17/config.h.in @@ -232,4 +232,7 @@ /* The ARM hard-float ABI is being used. */ #undef HAVE_ARM_PCS_VFP +/* The pt_chown binary is being built and used by grantpt. */ +#undef HAVE_PT_CHOWN + #endif Index: glibc-2.17/config.make.in =================================================================== --- glibc-2.17.orig/config.make.in +++ glibc-2.17/config.make.in @@ -101,6 +101,7 @@ force-install = @force_install@ link-obsolete-rpc = @link_obsolete_rpc@ build-nscd = @build_nscd@ use-nscd = @use_nscd@ +build-pt-chown = @build_pt_chown@ # Build tools. CC = @CC@ Index: glibc-2.17/configure =================================================================== --- glibc-2.17.orig/configure +++ glibc-2.17/configure @@ -653,6 +653,7 @@ multi_arch base_machine add_on_subdirs add_ons +build_pt_chown build_nscd link_obsolete_rpc libc_cv_nss_crypt @@ -759,6 +760,7 @@ enable_obsolete_rpc enable_systemtap enable_build_nscd enable_nscd +enable_pt_chown with_cpu ' ac_precious_vars='build_alias @@ -1419,6 +1421,7 @@ Optional Features: --enable-systemtap enable systemtap static probe points [default=no] --disable-build-nscd disable building and installing the nscd daemon --disable-nscd library functions will not contact the nscd daemon + --enable-pt_chown Enable building and installing pt_chown Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] @@ -3934,6 +3937,19 @@ else fi +# Check whether --enable-pt_chown was given. +if test "${enable_pt_chown+set}" = set; then : + enableval=$enable_pt_chown; build_pt_chown=$enableval +else + build_pt_chown=no +fi + + +if test $build_pt_chown = yes; then + $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h + +fi + # The way shlib-versions is used to generate soversions.mk uses a # fairly simplistic model for name recognition that can't distinguish # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os Index: glibc-2.17/configure.in =================================================================== --- glibc-2.17.orig/configure.in +++ glibc-2.17/configure.in @@ -315,6 +315,16 @@ AC_ARG_ENABLE([nscd], [use_nscd=$enableval], [use_nscd=yes]) +AC_ARG_ENABLE([pt_chown], + [AS_HELP_STRING([--enable-pt_chown], + [Enable building and installing pt_chown])], + [build_pt_chown=$enableval], + [build_pt_chown=no]) +AC_SUBST(build_pt_chown) +if test $build_pt_chown = yes; then + AC_DEFINE(HAVE_PT_CHOWN) +fi + # The way shlib-versions is used to generate soversions.mk uses a # fairly simplistic model for name recognition that can't distinguish # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os Index: glibc-2.17/login/Makefile =================================================================== --- glibc-2.17.orig/login/Makefile +++ glibc-2.17/login/Makefile @@ -29,9 +29,15 @@ routines := getutent getutent_r getutid CFLAGS-grantpt.c = -DLIBEXECDIR='"$(libexecdir)"' -others = utmpdump pt_chown +others = utmpdump + +include ../Makeconfig + +ifeq (yes,$(build-pt-chown)) +others += pt_chown others-pie = pt_chown install-others-programs = $(inst_libexecdir)/pt_chown +endif subdir-dirs = programs vpath %.c programs Index: glibc-2.17/manual/install.texi =================================================================== --- glibc-2.17.orig/manual/install.texi +++ glibc-2.17/manual/install.texi @@ -155,6 +155,20 @@ if the used tools support it. By using prevented though there generally is no reason since it creates compatibility problems. +@pindex pt_chown +@findex grantpt +@item --enable-pt_chown +The file @file{pt_chown} is a helper binary for @code{grantpt} +(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to +fix up pseudo-terminal ownership. It is not built by default because +systems using the Linux kernel are commonly built with the @code{devpts} +filesystem enabled and mounted at @file{/dev/pts}, which manages +pseudo-terminal ownership automatically. By using +@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it +setuid and owned by @code{root}. The use of @file{pt_chown} introduces +additional security risks to the system and you should enable it only if +you understand and accept those risks. + @item --build=@var{build-system} @itemx --host=@var{host-system} These options are for cross-compiling. If you specify both options and Index: glibc-2.17/sysdeps/unix/grantpt.c =================================================================== --- glibc-2.17.orig/sysdeps/unix/grantpt.c +++ glibc-2.17/sysdeps/unix/grantpt.c @@ -173,9 +173,10 @@ grantpt (int fd) retval = 0; goto cleanup; - /* We have to use the helper program. */ + /* We have to use the helper program if it is available. */ helper:; +#ifdef HAVE_PT_CHOWN pid_t pid = __fork (); if (pid == -1) goto cleanup; @@ -190,9 +191,9 @@ grantpt (int fd) if (__dup2 (fd, PTY_FILENO) < 0) _exit (FAIL_EBADF); -#ifdef CLOSE_ALL_FDS +# ifdef CLOSE_ALL_FDS CLOSE_ALL_FDS (); -#endif +# endif execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL); _exit (FAIL_EXEC); @@ -231,6 +232,7 @@ grantpt (int fd) assert(! "getpt: internal error: invalid exit code from pt_chown"); } } +#endif cleanup: if (buf != _buf) Index: glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c =================================================================== --- glibc-2.17.orig/sysdeps/unix/sysv/linux/grantpt.c +++ glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c @@ -11,7 +11,7 @@ #include "pty-private.h" - +#if HAVE_PT_CHOWN /* Close all file descriptors except the one specified. */ static void close_all_fds (void) @@ -38,6 +38,7 @@ close_all_fds (void) __dup2 (STDOUT_FILENO, STDERR_FILENO); } } -#define CLOSE_ALL_FDS() close_all_fds() +# define CLOSE_ALL_FDS() close_all_fds() +#endif #include <sysdeps/unix/grantpt.c> ++++++ getaddrinfo-ipv6-sanity.diff ++++++ Index: glibc-2.16.90/sysdeps/posix/getaddrinfo.c =================================================================== --- glibc-2.16.90.orig/sysdeps/posix/getaddrinfo.c 2012-11-20 03:45:45.000000000 +0100 +++ glibc-2.16.90/sysdeps/posix/getaddrinfo.c 2012-11-23 15:32:33.000000000 +0100 @@ -269,7 +269,7 @@ extern service_user *__nss_hosts_databas static int gaih_inet (const char *name, const struct gaih_service *service, const struct addrinfo *req, struct addrinfo **pai, - unsigned int *naddrs) + unsigned int *naddrs, bool usable_ipv6) { const struct gaih_typeproto *tp = gaih_inet_typeproto; struct gaih_servtuple *st = (struct gaih_servtuple *) &nullserv; @@ -839,7 +839,10 @@ gaih_inet (const char *name, const struc if (req->ai_family == PF_UNSPEC) fct4 = __nss_lookup_function (nip, "gethostbyname4_r"); - if (fct4 != NULL) + /* If we don't want ipv6, don't use gethostbyname4_r, + as it's using T_UNSPEC to libc_res_nsearch, which always + create T_A and T_AAAA queries. */ + if (usable_ipv6 && fct4 != NULL) { int herrno; @@ -942,7 +945,7 @@ gaih_inet (const char *name, const struc if (fct != NULL) { if (req->ai_family == AF_INET6 - || req->ai_family == AF_UNSPEC) + || (req->ai_family == AF_UNSPEC && usable_ipv6)) { gethosts (AF_INET6, struct in6_addr); no_inet6_data = no_data; @@ -2462,7 +2465,11 @@ getaddrinfo (const char *name, const cha if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET || hints->ai_family == AF_INET6) { - last_i = gaih_inet (name, pservice, hints, end, &naddrs); + if (!check_pf_called) + __check_pf (&seen_ipv4, &seen_ipv6, &in6ai, &in6ailen); + check_pf_called = true; + + last_i = gaih_inet (name, pservice, hints, end, &naddrs, seen_ipv6); if (last_i != 0) { freeaddrinfo (p); ++++++ getaddrinfo-overflow.patch ++++++ From 1cef1b19089528db11f221e938f60b9b048945d7 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <schwab@suse.de> Date: Thu, 21 Mar 2013 15:50:27 +0100 Subject: [PATCH] Fix stack overflow in getaddrinfo with many results [BZ #15330] * sysdeps/posix/getaddrinfo.c (getaddrinfo): Allocate results and order arrays from heap if bigger than alloca cutoff. --- ChangeLog | 6 ++++++ NEWS | 5 ++++- sysdeps/posix/getaddrinfo.c | 23 +++++++++++++++++++++-- 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c index d95c2d1..2309281 100644 --- a/sysdeps/posix/getaddrinfo.c +++ b/sysdeps/posix/getaddrinfo.c @@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service, __typeof (once) old_once = once; __libc_once (once, gaiconf_init); /* Sort results according to RFC 3484. */ - struct sort_result results[nresults]; - size_t order[nresults]; + struct sort_result *results; + size_t *order; struct addrinfo *q; struct addrinfo *last = NULL; char *canonname = NULL; + bool malloc_results; + + malloc_results + = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t))); + if (malloc_results) + { + results = malloc (nresults * (sizeof (*results) + sizeof (size_t))); + if (results == NULL) + { + __free_in6ai (in6ai); + return EAI_MEMORY; + } + } + else + results = alloca (nresults * (sizeof (*results) + sizeof (size_t))); + order = (size_t *) (results + nresults); /* Now we definitely need the interface information. */ if (! check_pf_called) @@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service, /* Fill in the canonical name into the new first entry. */ p->ai_canonname = canonname; + + if (malloc_results) + free (results); } __free_in6ai (in6ai); -- 1.8.2.3 ++++++ glibc-2.14-crypt-versioning.diff ++++++ Index: glibc-2.16.90/Versions.def =================================================================== --- glibc-2.16.90.orig/Versions.def +++ glibc-2.16.90/Versions.def @@ -42,6 +42,7 @@ libc { } libcrypt { GLIBC_2.0 + OW_CRYPT_1.0 } libdl { GLIBC_2.0 Index: glibc-2.16.90/crypt/Versions =================================================================== --- glibc-2.16.90.orig/crypt/Versions +++ glibc-2.16.90/crypt/Versions @@ -3,4 +3,7 @@ libcrypt { crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r; crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra; } + OW_CRYPT_1.0 { + crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra; + } } ++++++ glibc-2.14-crypt.diff ++++++ Index: glibc-2.16.90/crypt/Makefile =================================================================== --- glibc-2.16.90.orig/crypt/Makefile +++ glibc-2.16.90/crypt/Makefile @@ -21,6 +21,7 @@ subdir := crypt headers := crypt.h +headers += gnu-crypt.h ow-crypt.h extra-libs := libcrypt extra-libs-others := $(extra-libs) @@ -28,6 +29,8 @@ extra-libs-others := $(extra-libs) libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ crypt_util +libcrypt-routines += crypt_blowfish x86 crypt_gensalt wrapper + tests := cert md5c-test sha256c-test sha512c-test badsalttest include ../Makeconfig Index: glibc-2.16.90/crypt/Versions =================================================================== --- glibc-2.16.90.orig/crypt/Versions +++ glibc-2.16.90/crypt/Versions @@ -1,5 +1,6 @@ libcrypt { GLIBC_2.0 { crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r; + crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra; } } Index: glibc-2.16.90/crypt/crypt-entry.c =================================================================== --- glibc-2.16.90.orig/crypt/crypt-entry.c +++ glibc-2.16.90/crypt/crypt-entry.c @@ -81,7 +81,7 @@ extern struct crypt_data _ufc_foobar; */ char * -__crypt_r (key, salt, data) +__des_crypt_r (key, salt, data) const char *key; const char *salt; struct crypt_data * __restrict data; @@ -155,6 +155,7 @@ __crypt_r (key, salt, data) _ufc_output_conversion_r (res[0], res[1], salt, data); return data->crypt_3_buf; } +#if 0 weak_alias (__crypt_r, crypt_r) char * @@ -197,3 +198,4 @@ __fcrypt (key, salt) return crypt (key, salt); } #endif +#endif ++++++ glibc-2.2-sunrpc.diff ++++++ For details see: http://sourceware.org/bugzilla/show_bug.cgi?id=5379 Index: glibc-2.15/sunrpc/clnt_udp.c =================================================================== --- glibc-2.15.orig/sunrpc/clnt_udp.c +++ glibc-2.15/sunrpc/clnt_udp.c @@ -307,6 +307,7 @@ clntudp_call (cl, proc, xargs, argsp, xr XDR *xdrs; int outlen = 0; int inlen; + int pollresult; socklen_t fromlen; struct pollfd fd; int milliseconds = (cu->cu_wait.tv_sec * 1000) + @@ -377,37 +378,36 @@ send_again: anyup = 0; for (;;) { - switch (__poll (&fd, 1, milliseconds)) + switch (pollresult = __poll (&fd, 1, milliseconds)) { - case 0: - if (anyup == 0) - { - anyup = is_network_up (cu->cu_sock); - if (!anyup) - return (cu->cu_error.re_status = RPC_CANTRECV); - } - - time_waited.tv_sec += cu->cu_wait.tv_sec; - time_waited.tv_usec += cu->cu_wait.tv_usec; - while (time_waited.tv_usec >= 1000000) - { - time_waited.tv_sec++; - time_waited.tv_usec -= 1000000; - } - if ((time_waited.tv_sec < timeout.tv_sec) || - ((time_waited.tv_sec == timeout.tv_sec) && - (time_waited.tv_usec < timeout.tv_usec))) - goto send_again; - return (cu->cu_error.re_status = RPC_TIMEDOUT); - - /* - * buggy in other cases because time_waited is not being - * updated. - */ case -1: - if (errno == EINTR) - continue; + if (pollresult == 0 || errno == EINTR) { + if (anyup == 0) + { + anyup = is_network_up (cu->cu_sock); + if (!anyup) + return (cu->cu_error.re_status = RPC_CANTRECV); + } + + time_waited.tv_sec += cu->cu_wait.tv_sec; + time_waited.tv_usec += cu->cu_wait.tv_usec; + while (time_waited.tv_usec >= 1000000) + { + time_waited.tv_sec++; + time_waited.tv_usec -= 1000000; + } + if ((time_waited.tv_sec < timeout.tv_sec) || + ((time_waited.tv_sec == timeout.tv_sec) && + (time_waited.tv_usec < timeout.tv_usec))) + if (pollresult == 0) + goto send_again; + else + continue; + return (cu->cu_error.re_status = RPC_TIMEDOUT); + } + + /* errno != EINTR */ cu->cu_error.re_errno = errno; return (cu->cu_error.re_status = RPC_CANTRECV); } ++++++ glibc-2.3.2.no_archive.diff ++++++ ------------------------------------------------------------------- Wed Jun 4 14:29:07 CEST 2003 - kukuk@suse.de - Make --no-archive default for localedef Index: glibc-2.15.90/locale/programs/localedef.c =================================================================== --- glibc-2.15.90.orig/locale/programs/localedef.c +++ glibc-2.15.90/locale/programs/localedef.c @@ -81,7 +81,7 @@ const char *alias_file; static struct localedef_t *locales; /* If true don't add locale data to archive. */ -bool no_archive; +bool no_archive = true; /* If true add named locales to archive. */ static bool add_to_archive; @@ -112,6 +112,7 @@ void (*argp_program_version_hook) (FILE #define OPT_REPLACE 307 #define OPT_DELETE_FROM_ARCHIVE 308 #define OPT_LIST_ARCHIVE 309 +#define OPT_ARCHIVE 310 /* Definitions of arguments for argp functions. */ static const struct argp_option options[] = @@ -133,6 +134,8 @@ static const struct argp_option options[ N_("Suppress warnings and information messages") }, { "verbose", 'v', NULL, 0, N_("Print more messages") }, { NULL, 0, NULL, 0, N_("Archive control:") }, + { "archive", OPT_ARCHIVE, NULL, 0, + N_("Add new data to archive") }, { "no-archive", OPT_NO_ARCHIVE, NULL, 0, N_("Don't add new data to archive") }, { "add-to-archive", OPT_ADD_TO_ARCHIVE, NULL, 0, @@ -310,6 +313,9 @@ parse_opt (int key, char *arg, struct ar case OPT_PREFIX: output_prefix = arg; break; + case OPT_ARCHIVE: + no_archive = false; + break; case OPT_NO_ARCHIVE: no_archive = true; break; ++++++ glibc-2.3.3-nscd-db-path.diff ++++++ 2004-12-09 Thorsten Kukuk <kukuk@suse.de> * nscd/nscd.h: Move persistent storage back to /var/run/nscd Index: glibc-2.15.90/nscd/nscd.h =================================================================== --- glibc-2.15.90.orig/nscd/nscd.h +++ glibc-2.15.90/nscd/nscd.h @@ -112,11 +112,11 @@ struct database_dyn /* Paths of the file for the persistent storage. */ -#define _PATH_NSCD_PASSWD_DB "/var/db/nscd/passwd" -#define _PATH_NSCD_GROUP_DB "/var/db/nscd/group" -#define _PATH_NSCD_HOSTS_DB "/var/db/nscd/hosts" -#define _PATH_NSCD_SERVICES_DB "/var/db/nscd/services" -#define _PATH_NSCD_NETGROUP_DB "/var/db/nscd/netgroup" +#define _PATH_NSCD_PASSWD_DB "/var/run/nscd/passwd" +#define _PATH_NSCD_GROUP_DB "/var/run/nscd/group" +#define _PATH_NSCD_HOSTS_DB "/var/run/nscd/hosts" +#define _PATH_NSCD_SERVICES_DB "/var/run/nscd/services" +#define _PATH_NSCD_NETGROUP_DB "/var/run/nscd/netgroup" /* Path used when not using persistent storage. */ #define _PATH_NSCD_XYZ_DB_TMP "/var/run/nscd/dbXXXXXX" ++++++ glibc-2.3.90-bindresvport.blacklist.diff ++++++ Index: glibc-2.17/sunrpc/bindrsvprt.c =================================================================== --- glibc-2.17.orig/sunrpc/bindrsvprt.c +++ glibc-2.17/sunrpc/bindrsvprt.c @@ -29,6 +29,9 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include <stdio.h> +#include <ctype.h> +#include <stdlib.h> #include <errno.h> #include <unistd.h> #include <string.h> @@ -42,6 +45,93 @@ */ __libc_lock_define_initialized (static, lock); +#define STARTPORT 600 +#define LOWPORT 512 +#define ENDPORT (IPPORT_RESERVED - 1) +#define NPORTS (ENDPORT - STARTPORT + 1) + +/* Read the file /etc/rpc.blacklisted, so that we don't bind to these + ports. */ + +static int blacklist_read; +static int *list; +static int list_size = 0; + +static void +load_blacklist (void) +{ + FILE *fp; + char *buf = NULL; + size_t buflen = 0; + int size = 0, ptr = 0; + + __libc_lock_lock (lock); + if (blacklist_read) + goto unlock; + blacklist_read = 1; + + fp = fopen ("/etc/bindresvport.blacklist", "r"); + if (fp == NULL) + goto unlock; + + while (!feof_unlocked (fp)) + { + unsigned long port; + char *tmp, *cp; + ssize_t n = __getline (&buf, &buflen, fp); + if (n < 1) + break; + + cp = buf; + /* Remove comments. */ + tmp = strchr (cp, '#'); + if (tmp) + *tmp = '\0'; + /* Remove spaces and tabs. */ + while (isspace ((unsigned char) *cp)) + ++cp; + /* Ignore empty lines. */ + if (*cp == '\0') + continue; + if (cp[strlen (cp) - 1] == '\n') + cp[strlen (cp) - 1] = '\0'; + + port = strtoul (cp, &tmp, 0); + while (isspace ((unsigned char) *tmp)) + ++tmp; + if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE)) + continue; + + /* Don't bother with out-of-range ports. */ + if (port < LOWPORT || port > ENDPORT) + continue; + + if (ptr >= size) + { + size += 10; + int *new_list = realloc (list, size * sizeof (int)); + if (new_list == NULL) + { + free (list); + list = NULL; + free (buf); + goto unlock; + } + list = new_list; + } + + list[ptr++] = port; + } + + fclose (fp); + free (buf); + list_size = ptr; + + unlock: + __libc_lock_unlock (lock); +} + + /* * Bind a socket to a privileged IP port */ @@ -52,12 +142,11 @@ bindresvport (int sd, struct sockaddr_in struct sockaddr_in myaddr; int i; -#define STARTPORT 600 -#define LOWPORT 512 -#define ENDPORT (IPPORT_RESERVED - 1) -#define NPORTS (ENDPORT - STARTPORT + 1) static short startport = STARTPORT; + if (!blacklist_read) + load_blacklist (); + if (sin == (struct sockaddr_in *) 0) { sin = &myaddr; @@ -75,6 +164,7 @@ bindresvport (int sd, struct sockaddr_in port = (__getpid () % NPORTS) + STARTPORT; } + __set_errno (EADDRINUSE); /* Initialize to make gcc happy. */ int res = -1; @@ -86,12 +176,22 @@ bindresvport (int sd, struct sockaddr_in again: for (i = 0; i < nports; ++i) { - sin->sin_port = htons (port++); - if (port > endport) - port = startport; + int j; + + sin->sin_port = htons (port); + + /* Check that this port is not blacklisted. */ + for (j = 0; j < list_size; j++) + if (port == list[j]) + goto try_next_port; + res = __bind (sd, sin, sizeof (struct sockaddr_in)); if (res >= 0 || errno != EADDRINUSE) break; + + try_next_port: + if (++port > endport) + port = startport; } if (i == nports && startport != LOWPORT) ++++++ glibc-2.3.90-langpackdir.diff ++++++ Index: glibc-2.15.90/intl/loadmsgcat.c =================================================================== --- glibc-2.15.90.orig/intl/loadmsgcat.c +++ glibc-2.15.90/intl/loadmsgcat.c @@ -805,8 +805,52 @@ _nl_load_domain (domain_file, domainbind if (domain_file->filename == NULL) goto out; - /* Try to open the addressed file. */ - fd = open (domain_file->filename, O_RDONLY); + /* Replace /locale/ with /usr/share/locale-langpack/ */ + const char *langpackdir = "/usr/share/locale-langpack/"; + char *filename_langpack = malloc (strlen (domain_file->filename) + + strlen (langpackdir)); + if (filename_langpack != NULL) + { + char *p = strstr (domain_file->filename, "/locale/"); + if (p != NULL) + { + strcpy (filename_langpack, langpackdir); + strcpy (&filename_langpack[strlen (langpackdir)], + (p+8)); + if ((fd = open (filename_langpack, O_RDONLY)) == -1) + fd = open (domain_file->filename, O_RDONLY); + } + else + /* Try to open the addressed file. */ + fd = open (domain_file->filename, O_RDONLY); + + free (filename_langpack); + } + else + /* Try to open the addressed file. */ + fd = open (domain_file->filename, O_RDONLY); + + if (fd == -1) + { + /* Use the fallback directory. */ + const char *bundle_dir = "/usr/share/locale-bundle/"; + char *filename_bundle = malloc (strlen (domain_file->filename) + + strlen (bundle_dir)); + if (filename_bundle != NULL) + { + char *p = strstr (domain_file->filename, "/locale/"); + if (p != NULL) + { + strcpy (filename_bundle, bundle_dir); + strcpy (&filename_bundle[strlen (bundle_dir)], + (p+8)); + fd = open (filename_bundle, O_RDONLY); + } + + free (filename_bundle); + } + } + if (fd == -1) goto out; ++++++ glibc-2.3.90-noversion.diff ++++++ Index: glibc-2.16.90/elf/rtld.c =================================================================== --- glibc-2.16.90.orig/elf/rtld.c +++ glibc-2.16.90/elf/rtld.c @@ -1717,6 +1717,53 @@ ERROR: ld.so: object '%s' cannot be load } } +#if defined(__i386__) + /* + * Modifications by Red Hat Software + * + * Deal with the broken binaries from the non-versioned ages of glibc. + * If a binary does not have version information enabled, we assume that + * it is a glibc 2.0 binary and we load a compatibility library to try to + * overcome binary incompatibilities. + * Blame: gafton@redhat.com + */ +#define LIB_NOVERSION "/lib/obsolete/noversion/libNoVersion.so.1" + + if (__builtin_expect (main_map->l_info[DT_NUM + DT_THISPROCNUM + + DT_VERSIONTAGIDX (DT_VERNEED)] + == NULL, 0) + && (main_map->l_info[DT_DEBUG] + || !(GLRO(dl_debug_mask) & DL_DEBUG_PRELINK))) + { + struct stat test_st; + int test_fd; + int can_load; + + HP_TIMING_NOW (start); + + can_load = 1; + test_fd = __open (LIB_NOVERSION, O_RDONLY); + if (test_fd < 0) { + can_load = 0; + } else { + if (__fxstat (_STAT_VER, test_fd, &test_st) < 0 || test_st.st_size == 0) { + can_load = 0; + } + } + + if (test_fd >= 0) /* open did no fail.. */ + __close(test_fd); /* avoid fd leaks */ + + if (can_load != 0) + npreloads += do_preload (LIB_NOVERSION, main_map, + "nonversioned binary"); + + HP_TIMING_NOW (stop); + HP_TIMING_DIFF (diff, start, stop); + HP_TIMING_ACCUM_NT (load_time, diff); + } +#endif + if (__builtin_expect (*first_preload != NULL, 0)) { /* Set up PRELOADS with a vector of the preloaded libraries. */ ++++++ glibc-2.3.locales.diff.bz2 ++++++ ++++ 74380 lines (skipped) ++++++ glibc-2.4-china.diff ++++++ Index: glibc-2.15/localedata/locales/zh_TW =================================================================== --- glibc-2.15.orig/localedata/locales/zh_TW +++ glibc-2.15/localedata/locales/zh_TW @@ -1,7 +1,7 @@ comment_char % escape_char / % -% Chinese language locale for Taiwan R.O.C. +% Chinese language locale for Taiwan % charmap: BIG5-CP950 % % Original Author: @@ -17,7 +17,7 @@ escape_char / % Reference: http://wwwold.dkuug.dk/JTC1/SC22/WG20/docs/n690.pdf LC_IDENTIFICATION -title "Chinese locale for Taiwan R.O.C." +title "Chinese locale for Taiwan" source "" address "" contact "" @@ -25,7 +25,7 @@ email "bug-glibc-locales@gnu.org" tel "" fax "" language "Chinese" -territory "Taiwan R.O.C." +territory "Taiwan" revision "0.2" date "2000-08-02" % ++++++ glibc-2.4.90-no_NO.diff ++++++ Index: glibc-2.15.90/intl/locale.alias =================================================================== --- glibc-2.15.90.orig/intl/locale.alias +++ glibc-2.15.90/intl/locale.alias @@ -56,8 +56,6 @@ korean ko_KR.eucKR korean.euc ko_KR.eucKR ko_KR ko_KR.eucKR lithuanian lt_LT.ISO-8859-13 -no_NO nb_NO.ISO-8859-1 -no_NO.ISO-8859-1 nb_NO.ISO-8859-1 norwegian nb_NO.ISO-8859-1 nynorsk nn_NO.ISO-8859-1 polish pl_PL.ISO-8859-2 Index: glibc-2.15.90/localedata/locales/no_NO =================================================================== --- /dev/null +++ glibc-2.15.90/localedata/locales/no_NO @@ -0,0 +1,69 @@ +escape_char / +comment_char % + +% Norwegian language locale for Norway +% Source: Norsk Standardiseringsforbund +% Address: University Library, +% Drammensveien 41, N-9242 Oslo, Norge +% Contact: Kolbjoern Aamboe +% Tel: +47 - 22859109 +% Fax: +47 - 22434497 +% Email: kolbjorn.aambo@usit.uio.no +% Language: no +% Territory: NO +% Revision: 4.3 +% Date: 1996-10-15 +% Application: general +% Users: general +% Repertoiremap: mnemonic.ds +% Charset: ISO-8859-1 +% Distribution and use is free, also +% for commercial purposes. + +LC_IDENTIFICATION +copy "nb_NO" +END LC_IDENTIFICATION + +LC_COLLATE +copy "nb_NO" +END LC_COLLATE + +LC_CTYPE +copy "nb_NO" +END LC_CTYPE + +LC_MONETARY +copy "nb_NO" +END LC_MONETARY + +LC_NUMERIC +copy "nb_NO" +END LC_NUMERIC + +LC_TIME +copy "nb_NO" +END LC_TIME + +LC_MESSAGES +copy "nb_NO" +END LC_MESSAGES + +LC_PAPER +copy "nb_NO" +END LC_PAPER + +LC_TELEPHONE +copy "nb_NO" +END LC_TELEPHONE + +LC_MEASUREMENT +copy "nb_NO" +END LC_MEASUREMENT + +LC_NAME +copy "nb_NO" +END LC_NAME + +LC_ADDRESS +copy "nb_NO" +END LC_ADDRESS Index: glibc-2.15.90/localedata/SUPPORTED =================================================================== --- glibc-2.15.90.orig/localedata/SUPPORTED +++ glibc-2.15.90/localedata/SUPPORTED @@ -317,6 +317,8 @@ nl_NL/ISO-8859-1 \ nl_NL@euro/ISO-8859-15 \ nn_NO.UTF-8/UTF-8 \ nn_NO/ISO-8859-1 \ +no_NO.UTF-8/UTF-8 \ +no_NO/ISO-8859-1 \ nr_ZA/UTF-8 \ nso_ZA/UTF-8 \ oc_FR.UTF-8/UTF-8 \ ++++++ glibc-2.4.90-revert-only-euro.diff ++++++ Index: glibc-2.15/locale/iso-4217.def =================================================================== --- glibc-2.15.orig/locale/iso-4217.def +++ glibc-2.15/locale/iso-4217.def @@ -8,6 +8,7 @@ * * !!! The list has to be sorted !!! */ +DEFINE_INT_CURR("ADP") /* Andorran Peseta -> EUR */ DEFINE_INT_CURR("AED") /* United Arab Emirates Dirham */ DEFINE_INT_CURR("AFN") /* Afghanistan Afgani */ DEFINE_INT_CURR("ALL") /* Albanian Lek */ @@ -15,12 +16,14 @@ DEFINE_INT_CURR("AMD") /* Armenia Dram DEFINE_INT_CURR("ANG") /* Netherlands Antilles */ DEFINE_INT_CURR("AOA") /* Angolan Kwanza */ DEFINE_INT_CURR("ARS") /* Argentine Peso */ +DEFINE_INT_CURR("ATS") /* Austrian Schilling -> EUR */ DEFINE_INT_CURR("AUD") /* Australian Dollar */ DEFINE_INT_CURR("AWG") /* Aruba Guilder */ DEFINE_INT_CURR("AZM") /* Azerbaijan Manat */ DEFINE_INT_CURR("BAM") /* Bosnian and Herzegovina Convertible Mark */ DEFINE_INT_CURR("BBD") /* Barbados Dollar */ DEFINE_INT_CURR("BDT") /* Bangladesh Taka */ +DEFINE_INT_CURR("BEF") /* Belgian Franc -> EUR */ DEFINE_INT_CURR("BGN") /* Bulgarian Lev */ DEFINE_INT_CURR("BHD") /* Bahraini Dinar */ DEFINE_INT_CURR("BIF") /* Burundi Franc */ @@ -44,6 +47,7 @@ DEFINE_INT_CURR("CUP") /* Cuban Peso * DEFINE_INT_CURR("CVE") /* Cape Verde Escudo */ DEFINE_INT_CURR("CYP") /* Cypriot Pound */ DEFINE_INT_CURR("CZK") /* Czech Koruna */ +DEFINE_INT_CURR("DEM") /* German Mark -> EUR */ DEFINE_INT_CURR("DJF") /* Djibouti Franc */ DEFINE_INT_CURR("DKK") /* Danish Krone (Faroe Islands, Greenland) */ DEFINE_INT_CURR("DOP") /* Dominican Republic */ @@ -51,16 +55,20 @@ DEFINE_INT_CURR("DZD") /* Algerian Dina DEFINE_INT_CURR("EEK") /* Estonian Kroon */ DEFINE_INT_CURR("EGP") /* Egyptian Pound */ DEFINE_INT_CURR("ERN") /* Eritrean Nakfa */ +DEFINE_INT_CURR("ESP") /* Spanish Peseta -> EUR */ DEFINE_INT_CURR("ETB") /* Ethiopian Birr */ DEFINE_INT_CURR("EUR") /* European Union Euro */ +DEFINE_INT_CURR("FIM") /* Finnish Markka -> EUR */ DEFINE_INT_CURR("FJD") /* Fiji Dollar */ DEFINE_INT_CURR("FKP") /* Falkland Islands Pound (Malvinas) */ +DEFINE_INT_CURR("FRF") /* French Franc -> EUR */ DEFINE_INT_CURR("GBP") /* British Pound */ DEFINE_INT_CURR("GEL") /* Georgia Lari */ DEFINE_INT_CURR("GHC") /* Ghana Cedi */ DEFINE_INT_CURR("GIP") /* Gibraltar Pound */ DEFINE_INT_CURR("GMD") /* Gambian Dalasi */ DEFINE_INT_CURR("GNF") /* Guinea Franc */ +DEFINE_INT_CURR("GRD") /* Greek Drachma -> EUR */ DEFINE_INT_CURR("GTQ") /* Guatemala Quetzal */ DEFINE_INT_CURR("GYD") /* Guyana Dollar */ DEFINE_INT_CURR("HKD") /* Hong Kong Dollar */ @@ -69,12 +77,14 @@ DEFINE_INT_CURR("HRK") /* Croatia Kuna DEFINE_INT_CURR("HTG") /* Haiti Gourde */ DEFINE_INT_CURR("HUF") /* Hungarian Forint */ DEFINE_INT_CURR("IDR") /* Indonesia Rupiah */ +DEFINE_INT_CURR("IEP") /* Irish Pound -> EUR */ DEFINE_INT_CURR("ILS") /* Israeli Shekel */ DEFINE_INT_CURR("IMP") /* Isle of Man Pounds */ DEFINE_INT_CURR("INR") /* Indian Rupee (Bhutan) */ DEFINE_INT_CURR("IQD") /* Iraqi Dinar */ DEFINE_INT_CURR("IRR") /* Iranian Rial */ DEFINE_INT_CURR("ISK") /* Iceland Krona */ +DEFINE_INT_CURR("ITL") /* Italian Lira -> EUR */ DEFINE_INT_CURR("JEP") /* Jersey Pound */ DEFINE_INT_CURR("JMD") /* Jamaican Dollar */ DEFINE_INT_CURR("JOD") /* Jordanian Dinar */ @@ -94,6 +104,7 @@ DEFINE_INT_CURR("LKR") /* Sri Lankan Ru DEFINE_INT_CURR("LRD") /* Liberian Dollar */ DEFINE_INT_CURR("LSL") /* Lesotho Maloti */ DEFINE_INT_CURR("LTL") /* Lithuanian Litas */ +DEFINE_INT_CURR("LUF") /* Luxembourg Franc -> EUR */ DEFINE_INT_CURR("LVL") /* Latvia Lat */ DEFINE_INT_CURR("LYD") /* Libyan Arab Jamahiriya Dinar */ DEFINE_INT_CURR("MAD") /* Moroccan Dirham */ @@ -114,6 +125,7 @@ DEFINE_INT_CURR("MZM") /* Mozambique Me DEFINE_INT_CURR("NAD") /* Namibia Dollar */ DEFINE_INT_CURR("NGN") /* Nigeria Naira */ DEFINE_INT_CURR("NIO") /* Nicaragua Cordoba Oro */ +DEFINE_INT_CURR("NLG") /* Netherlands Guilder -> EUR */ DEFINE_INT_CURR("NOK") /* Norwegian Krone */ DEFINE_INT_CURR("NPR") /* Nepalese Rupee */ DEFINE_INT_CURR("NZD") /* New Zealand Dollar */ @@ -124,6 +136,7 @@ DEFINE_INT_CURR("PGK") /* Papau New Gui DEFINE_INT_CURR("PHP") /* Philippines Peso */ DEFINE_INT_CURR("PKR") /* Pakistan Rupee */ DEFINE_INT_CURR("PLN") /* Polish Zloty */ +DEFINE_INT_CURR("PTE") /* Portugese Escudo -> EUR */ DEFINE_INT_CURR("PYG") /* Paraguay Guarani */ DEFINE_INT_CURR("QAR") /* Qatar Rial */ DEFINE_INT_CURR("ROL") /* Romanian Leu */ ++++++ glibc-armhf-compat.patch ++++++ Patch for elf/dl-load.c taken from Debian: For backward compatibility with armhf binaries built with the old linker SONAME, we need to fake out the linker to believe the new is the old, until such a point as everything is rebuilt. --- glibc-2.15/elf/dl-load.c.~1~ 2011-12-30 23:13:56.000000000 +0100 +++ glibc-2.15/elf/dl-load.c 2012-04-18 15:05:33.203485389 +0200 @@ -2082,10 +2082,13 @@ soname = ((const char *) D_PTR (l, l_info[DT_STRTAB]) + l->l_info[DT_SONAME]->d_un.d_val); if (strcmp (name, soname) != 0) +#ifdef __arm__ + if (strcmp(name, "ld-linux.so.3") || strcmp(soname, "ld-linux-armhf.so.3")) +#endif continue; /* We have a match on a new name -- cache it. */ - add_name_to_object (l, soname); + add_name_to_object (l, name); l->l_soname_added = 1; } ++++++ glibc-cpusetsize.diff ++++++ Index: glibc-2.15.90/bits/sched.h =================================================================== --- glibc-2.15.90.orig/bits/sched.h +++ glibc-2.15.90/bits/sched.h @@ -53,7 +53,7 @@ struct __sched_param #if defined _SCHED_H && !defined __cpu_set_t_defined # define __cpu_set_t_defined /* Size definition for CPU sets. */ -# define __CPU_SETSIZE 1024 +# define __CPU_SETSIZE 4096 # define __NCPUBITS (8 * sizeof (__cpu_mask)) /* Type for array elements in 'cpu_set_t'. */ Index: glibc-2.15.90/sysdeps/unix/sysv/linux/bits/sched.h =================================================================== --- glibc-2.15.90.orig/sysdeps/unix/sysv/linux/bits/sched.h +++ glibc-2.15.90/sysdeps/unix/sysv/linux/bits/sched.h @@ -112,7 +112,7 @@ struct __sched_param #if defined _SCHED_H && !defined __cpu_set_t_defined # define __cpu_set_t_defined /* Size definition for CPU sets. */ -# define __CPU_SETSIZE 1024 +# define __CPU_SETSIZE 4096 # define __NCPUBITS (8 * sizeof (__cpu_mask)) /* Type for array elements in 'cpu_set_t'. */ ++++++ glibc-crypt-badsalttest.patch ++++++ badsalttest expects that crypt fails for unknown salt, but crypt-blowfish doesn't. Index: glibc-2.17/crypt/Makefile =================================================================== --- glibc-2.17.orig/crypt/Makefile +++ glibc-2.17/crypt/Makefile @@ -31,7 +31,7 @@ libcrypt-routines := crypt-entry md5-cry libcrypt-routines += crypt_blowfish x86 crypt_gensalt wrapper -tests := cert md5c-test sha256c-test sha512c-test badsalttest +tests := cert md5c-test sha256c-test sha512c-test include ../Makeconfig ++++++ glibc-fix-check-abi.patch ++++++ ++++ 603 lines (skipped) ++++++ glibc-fix-double-loopback.diff ++++++ This fixes the problem of getent ahosts localhost returning 127.0.0.1 _twice_ on systems that have no ipv6 interfaces up (hence are regarded as ipv4 only by the lookup code), but still have localhost entries for ::1 and 127.0.0.1 in /etc/hosts (like most current systems). Remapping ::1 to 127.0.0.1 is bogus when /etc/hosts is correct. bnc #684534, #606980 http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980 Index: glibc-2.15.90/nss/nss_files/files-hosts.c =================================================================== --- glibc-2.15.90.orig/nss/nss_files/files-hosts.c +++ glibc-2.15.90/nss/nss_files/files-hosts.c @@ -68,11 +68,6 @@ LINE_PARSER { if (IN6_IS_ADDR_V4MAPPED (entdata->host_addr)) memcpy (entdata->host_addr, entdata->host_addr + 12, INADDRSZ); - else if (IN6_IS_ADDR_LOOPBACK (entdata->host_addr)) - { - in_addr_t localhost = htonl (INADDR_LOOPBACK); - memcpy (entdata->host_addr, &localhost, sizeof (localhost)); - } else /* Illegal address: ignore line. */ return 0; ++++++ glibc-ld-profile.patch ++++++ glibc bug #13818 2012-03-07 Jeff Law <law@redhat.com> * elf/dl-reloc.c (_dl_relocate_object): Move code to allocate l_reloc_result prior to calling ELF_DYNAMIC_RELOCATE. diff -rup a/elf/dl-reloc.c b/elf/dl-reloc.c --- a/elf/dl-reloc.c 2012-01-01 05:16:32.000000000 -0700 +++ b/elf/dl-reloc.c 2012-03-06 15:41:56.486242640 -0700 @@ -238,32 +238,9 @@ _dl_relocate_object (struct link_map *l, /* String table object symbols. */ const char *strtab = (const void *) D_PTR (l, l_info[DT_STRTAB]); - /* This macro is used as a callback from the ELF_DYNAMIC_RELOCATE code. */ -#define RESOLVE_MAP(ref, version, r_type) \ - (ELFW(ST_BIND) ((*ref)->st_info) != STB_LOCAL \ - ? ((__builtin_expect ((*ref) == l->l_lookup_cache.sym, 0) \ - && elf_machine_type_class (r_type) == l->l_lookup_cache.type_class) \ - ? (bump_num_cache_relocations (), \ - (*ref) = l->l_lookup_cache.ret, \ - l->l_lookup_cache.value) \ - : ({ lookup_t _lr; \ - int _tc = elf_machine_type_class (r_type); \ - l->l_lookup_cache.type_class = _tc; \ - l->l_lookup_cache.sym = (*ref); \ - const struct r_found_version *v = NULL; \ - if ((version) != NULL && (version)->hash != 0) \ - v = (version); \ - _lr = _dl_lookup_symbol_x (strtab + (*ref)->st_name, l, (ref), \ - scope, v, _tc, \ - DL_LOOKUP_ADD_DEPENDENCY, NULL); \ - l->l_lookup_cache.ret = (*ref); \ - l->l_lookup_cache.value = _lr; })) \ - : l) - -#include "dynamic-link.h" - - ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc); - + /* ELF_DYNAMIC_RELOCATE may need to examine l_reloc_result + when handling MACHINE_IRELATIVE relocs. So we must + allocate l_reloc_result prior to calling ELF_DYNAMIC_RELOCATE. */ #ifndef PROF if (__builtin_expect (consider_profiling, 0)) { @@ -290,6 +267,32 @@ _dl_relocate_object (struct link_map *l, } } #endif + + /* This macro is used as a callback from the ELF_DYNAMIC_RELOCATE code. */ +#define RESOLVE_MAP(ref, version, r_type) \ + (ELFW(ST_BIND) ((*ref)->st_info) != STB_LOCAL \ + ? ((__builtin_expect ((*ref) == l->l_lookup_cache.sym, 0) \ + && elf_machine_type_class (r_type) == l->l_lookup_cache.type_class) \ + ? (bump_num_cache_relocations (), \ + (*ref) = l->l_lookup_cache.ret, \ + l->l_lookup_cache.value) \ + : ({ lookup_t _lr; \ + int _tc = elf_machine_type_class (r_type); \ + l->l_lookup_cache.type_class = _tc; \ + l->l_lookup_cache.sym = (*ref); \ + const struct r_found_version *v = NULL; \ + if ((version) != NULL && (version)->hash != 0) \ + v = (version); \ + _lr = _dl_lookup_symbol_x (strtab + (*ref)->st_name, l, (ref), \ + scope, v, _tc, \ + DL_LOOKUP_ADD_DEPENDENCY, NULL); \ + l->l_lookup_cache.ret = (*ref); \ + l->l_lookup_cache.value = _lr; })) \ + : l) + +#include "dynamic-link.h" + + ELF_DYNAMIC_RELOCATE (l, lazy, consider_profiling, skip_ifunc); } /* Mark the object so we know this work has been done. */ ++++++ glibc-nodate.patch ++++++ Index: glibc-2.15.90/nscd/nscd_stat.c =================================================================== --- glibc-2.15.90.orig/nscd/nscd_stat.c +++ glibc-2.15.90/nscd/nscd_stat.c @@ -36,8 +36,13 @@ #endif /* HAVE_SELINUX */ -/* We use this to make sure the receiver is the same. */ +/* We use this to make sure the receiver is the same. Capture mtime + of this file if possible. */ +#if defined(__TIMESTAMP__) +static const char compilation[21] = __TIMESTAMP__; +#else static const char compilation[21] = __DATE__ " " __TIME__; +#endif /* Statistic data for one database. */ struct dbstat Index: glibc-2.15.90/csu/Makefile =================================================================== --- glibc-2.15.90.orig/csu/Makefile +++ glibc-2.15.90/csu/Makefile @@ -171,8 +171,8 @@ $(objpfx)version-info.h: $(common-objpfx if [ -z "$$os" ]; then \ os=Linux; \ fi; \ - printf '"Compiled on a %s %s system on %s.\\n"\n' \ - "$$os" "$$version" "`date +%Y-%m-%d`";; \ + printf '"Compiled on a %s %s system.\\n"\n' \ + "$$os" "$$version";; \ *) ;; \ esac; \ files="$(all-Banner-files)"; \ ++++++ glibc-nscd-hconf.diff ++++++ See: http://sourceware.org/bugzilla/show_bug.cgi?id=11928 Index: glibc-2.15.90/nscd/aicache.c =================================================================== --- glibc-2.15.90.orig/nscd/aicache.c +++ glibc-2.15.90/nscd/aicache.c @@ -25,6 +25,7 @@ #include <time.h> #include <unistd.h> #include <sys/mman.h> +#include <resolv/res_hconf.h> #include "dbg_log.h" #include "nscd.h" @@ -102,6 +103,8 @@ addhstaiX (struct database_dyn *db, int if (__res_maybe_init (&_res, 0) == -1) no_more = 1; + if (!_res_hconf.initialized) + _res_hconf_init (); /* If we are looking for both IPv4 and IPv6 address we don't want the lookup functions to automatically promote IPv4 addresses to Index: glibc-2.15.90/resolv/res_hconf.c =================================================================== --- glibc-2.15.90.orig/resolv/res_hconf.c +++ glibc-2.15.90/resolv/res_hconf.c @@ -82,7 +82,9 @@ static const struct cmd }; /* Structure containing the state. */ +#ifndef NOT_IN_libc struct hconf _res_hconf; +#endif /* Skip white space. */ static const char * ++++++ glibc-nscd.conf.patch ++++++ Index: glibc-2.15/nscd/nscd.conf =================================================================== --- glibc-2.15.orig/nscd/nscd.conf +++ glibc-2.15/nscd/nscd.conf @@ -61,11 +61,11 @@ auto-propagate group yes enable-cache hosts yes - positive-time-to-live hosts 3600 - negative-time-to-live hosts 20 + positive-time-to-live hosts 600 + negative-time-to-live hosts 0 suggested-size hosts 211 check-files hosts yes - persistent hosts yes + persistent hosts no shared hosts yes max-db-size hosts 33554432 ++++++ glibc-resolv-mdnshint.diff ++++++ Index: glibc-2.15.90/resolv/res_hconf.c =================================================================== --- glibc-2.15.90.orig/resolv/res_hconf.c +++ glibc-2.15.90/resolv/res_hconf.c @@ -241,9 +241,12 @@ parse_line (const char *fname, int line_ if (c == NULL) { char *buf; + char *hint = ""; - if (__asprintf (&buf, _("%s: line %d: bad command `%s'\n"), - fname, line_num, start) < 0) + if (__strncasecmp (start, "mdns", len) == 0 && len == 4) + hint = "Multicast DNS is now configured in /etc/nsswitch.conf instead.\nSee also the package and manpage of nss-mdns.\n"; + if (__asprintf (&buf, _("%s: line %d: bad command `%s'\n%s"), + fname, line_num, start, hint) < 0) return; __fxprintf (NULL, "%s", buf); ++++++ glibc-resolv-reload.diff ++++++ From libc-alpha-return-22754-pasky=ucw.cz@sourceware.org Tue Mar 16 00:47:00 2010 Return-Path: <libc-alpha-return-22754-pasky=ucw.cz@sourceware.org> X-Original-To: pasky@pasky.or.cz Delivered-To: pasky@pasky.or.cz Received: from nikam.ms.mff.cuni.cz (nikam-dmz.ms.mff.cuni.cz [195.113.20.16]) by machine.or.cz (Postfix) with ESMTPS id C1B8586202A for <pasky@pasky.or.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET) Received: by nikam.ms.mff.cuni.cz (Postfix) id 9CDEC9AC7A4; Tue, 16 Mar 2010 00:47:00 +0100 (CET) Delivered-To: pasky@kam.mff.cuni.cz Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [89.250.246.4]) by nikam.ms.mff.cuni.cz (Postfix) with ESMTP id 99F0E9AC77B for <pasky@kam.mff.cuni.cz>; Tue, 16 Mar 2010 00:47:00 +0100 (CET) Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) by jabberwock.ucw.cz (Postfix) with SMTP id 14E1ACF040 for <pasky@ucw.cz>; Tue, 16 Mar 2010 00:46:59 +0100 (CET) Received: (qmail 18956 invoked by alias); 15 Mar 2010 23:46:58 -0000 Delivered-To: moderator for libc-alpha@sourceware.org Received: (qmail 15843 invoked by uid 22791); 15 Mar 2010 17:23:15 -0000 X-SWARE-Spam-Status: No, hits=-2.6 required=5.0 tests=BAYES_00 X-Spam-Check-By: sourceware.org Message-ID: <4B9E6CFA.7020002@riot.org> Date: Mon, 15 Mar 2010 18:23:06 +0100 From: Sebastian Kienzl <seb@riot.org> User-Agent: Thunderbird 2.0.0.23 (Windows/20090812) MIME-Version: 1.0 To: libc-alpha@sourceware.org Subject: Reloading of /etc/resolv.conf Content-Type: multipart/mixed; boundary="------------060407080409020101000002" Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: <libc-alpha.sourceware.org> List-Unsubscribe: <mailto:libc-alpha-unsubscribe-pasky=ucw.cz@sourceware.org> List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org> List-Archive: <http://sourceware.org/ml/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-help@sourceware.org>, <http://sourceware.org/ml/#faqs> Sender: libc-alpha-owner@sourceware.org Delivered-To: mailing list libc-alpha@sourceware.org This is a multi-part message in MIME format. --------------060407080409020101000002 Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Hello! There's a patch in the wild against the resolver which makes it reload /etc/resolv.conf on change, see http://sources.redhat.com/ml/libc-alpha/2004-09/msg00130.html However, this patch actually doesn't work properly for multi-threaded programs, as only one thread will notice the change and refresh its resolver state. I've attached a proper patch. It's for 2.5 but it should work with current versions, too. Even though the patch may not be interesting for upstream, I decided to let you know about this problem, since the mentioned patch seems to be used by at least Debian and Ubuntu. Regards, Seb. --------------060407080409020101000002 Content-Type: text/plain; name="glibc-2.5-resolvconf.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="glibc-2.5-resolvconf.patch" Index: glibc-2.15/resolv/res_libc.c =================================================================== --- glibc-2.15.orig/resolv/res_libc.c +++ glibc-2.15/resolv/res_libc.c @@ -22,7 +22,7 @@ #include <arpa/nameser.h> #include <resolv.h> #include <bits/libc-lock.h> - +#include <sys/stat.h> /* The following bit is copied from res_data.c (where it is #ifdef'ed out) since res_init() should go into libc.so but the rest of that @@ -89,12 +89,34 @@ res_init(void) { return (__res_vinit(&_res, 1)); } +static time_t resconf_mtime; +__libc_lock_define_initialized (static, resconf_mtime_lock); + +/* Check if the modification time of resolv.conf has changed. + If so, have all threads re-initialize their resolver states */ +static void +__res_check_resconf (void) +{ + struct stat statbuf; + if (stat (_PATH_RESCONF, &statbuf) == 0) { + __libc_lock_lock (resconf_mtime_lock); + if (statbuf.st_mtime != resconf_mtime) { + resconf_mtime = statbuf.st_mtime; + atomicinclock (lock); + atomicinc (__res_initstamp); + atomicincunlock (lock); + } + __libc_lock_unlock (resconf_mtime_lock); + } +} + /* Initialize resp if RES_INIT is not yet set or if res_init in some other thread requested re-initializing. */ int __res_maybe_init (res_state resp, int preinit) { if (resp->options & RES_INIT) { + __res_check_resconf (); if (__res_initstamp != resp->_u._ext.initstamp) { if (resp->nscount > 0) __res_iclose (resp, true); ++++++ glibc-testsuite.patch ++++++ test-lfs runs for ever on ReiserFS. Let's disable it completely. Index: glibc-2.15.90/io/Makefile =================================================================== --- glibc-2.15.90.orig/io/Makefile +++ glibc-2.15.90/io/Makefile @@ -63,7 +63,7 @@ static-only-routines = stat fstat lstat others := pwd test-srcs := ftwtest -tests := test-utime test-stat test-stat2 test-lfs tst-getcwd \ +tests := test-utime test-stat test-stat2 tst-getcwd \ tst-fcntl bug-ftw1 bug-ftw2 bug-ftw3 bug-ftw4 tst-statvfs \ tst-openat tst-unlinkat tst-fstatat tst-futimesat \ tst-renameat tst-fchownat tst-fchmodat tst-faccessat \ ++++++ glibc-version.diff ++++++ Index: glibc-2.16.90/csu/version.c =================================================================== --- glibc-2.16.90.orig/csu/version.c +++ glibc-2.16.90/csu/version.c @@ -24,11 +24,12 @@ static const char __libc_release[] = REL static const char __libc_version[] = VERSION; static const char banner[] = -"GNU C Library "PKGVERSION RELEASE" release version "VERSION", by Roland McGrath et al.\n\ +"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID"), by Roland McGrath et al.\n\ Copyright (C) 2012 Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions.\n\ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\ PARTICULAR PURPOSE.\n\ +Configured for "CONFHOST".\n\ Compiled by GNU CC version "__VERSION__".\n" #include "version-info.h" #ifdef LIBC_ABIS_STRING ++++++ glibc.rpmlintrc ++++++ addFilter(".*glibc-profile.* devel-file-in-non-devel-package.*/usr/lib.*/lib.*_p.a") addFilter(".*glibc.* incorrect-fsf-address") # False positive - glibc implements gethostbyname addFilter(".*binary-or-shlib-calls-gethostbyname") # We do need to keep the symtab (see comments in glibc.spec), so this is intented: addFilter(".*unstripped-binary-or-object.*") # The duplication is intented: addFilter(".*files-duplicate /usr/lib64/libbsd-compat.a /usr/lib.*/libg.a") # ld.so is special: addFilter(".*shared-lib-without-dependency-information /lib.*/ld-2.*.so") # Handled via glibc_post_upgrade: addFilter(".*permissions-missing-postin missing %set_permissions /usr/.*pt_chown in %post") # Do not require permissions, this will lead to a cycle (bnc#700925): addFilter("glibc\..*: permissions-missing-requires") # We will not rename glibc to follow the shlib policy addFilter("shlib-policy-missing-suffix") # The dynamic linker and libnsl call exit - this is fine addFilter(".*shared-lib-calls-exit.*") # The man-pages package contains a number of man pages for programs that come # with glibc, therefore do not warn about them addFilter(".*glibc.*no-manual-page-for-binary getent") addFilter(".*glibc.*no-manual-page-for-binary iconv") addFilter(".*glibc.*no-manual-page-for-binary ldd") addFilter(".*glibc.*no-manual-page-for-binary ldconfig") addFilter(".*nscd.*no-manual-page-for-binary nscd") ++++++ glibc_post_upgrade.c ++++++ /* skeleton based on version from Fedora Core 3 */ #define _GNU_SOURCE #include <sys/types.h> #include <sys/wait.h> #include <stdio.h> #include <errno.h> #include <unistd.h> #include <sys/time.h> #include <dirent.h> #include <stddef.h> #include <fcntl.h> #include <string.h> #include <sys/stat.h> #include <elf.h> #define verbose_exec(failcode, fail_ok, path...) \ do \ { \ char *const arr[] = { path, NULL }; \ vexec (failcode, fail_ok, arr); \ } while (0) __attribute__((noinline)) void vexec (int failcode, int fail_ok, char *const path[]); __attribute__((noinline)) void says (const char *str); __attribute__((noinline)) void sayn (long num); __attribute__((noinline)) void message (char *const path[]); __attribute__((noinline)) int check_elf (const char *name); int main (void) { char initpath[256]; struct stat root, init_root; /* First, get rid of platform-optimized libraries. We remove any we have ever built, since otherwise we might end up using some old leftover libraries when new ones aren't installed in their place anymore. */ #ifdef REMOVE_TLS_DIRS const char *library[] = {"libc.so.6", "libc.so.6.1", "libm.so.6", "libm.so.6.1", "librt.so.1", "librtkaio.so.1", "libpthread.so.0", "libthread_db.so.1"}; const char *remove_dir[] = { #ifdef __i386__ "/lib/i686/", #endif #ifdef __powerpc64__ #ifdef REMOVE_PPC_OPTIMIZE_POWER4 "/lib64/power4/", "/lib64/ppc970/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER5 "/lib64/power5/", "/lib64/power5+/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER6 "/lib64/power6/", "/lib64/power6x/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER7 "/lib64/power7/", #endif #ifdef REMOVE_PPC_OPTIMIZE_CELL "/lib64/ppc-cell-be/", #endif #endif /* __powerpc64__ */ #ifdef __powerpc__ #ifdef REMOVE_PPC_OPTIMIZE_POWER4 "/lib/power4/", "/lib/ppc970/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER5 "/lib/power5/", "/lib/power5+/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER6 "/lib/power6/", "/lib/power6x/", #endif #ifdef REMOVE_PPC_OPTIMIZE_POWER7 "/lib/power7/", #endif #ifdef REMOVE_PPC_OPTIMIZE_CELL "/lib/ppc-cell-be/", #endif #endif /* __powerpc__ */ LIBDIR"/tls/" }; int i, j; for (i = 0; i < sizeof (remove_dir) / sizeof (remove_dir[0]); ++i) for (j = 0; j < sizeof (library) / sizeof (library[0]); j++) { char buf[strlen (remove_dir[i]) + strlen (library[j]) + 1]; char readlink_buf[(strlen (remove_dir[i]) + strlen (library[j])) * 2 + 30]; ssize_t len; char *cp; cp = stpcpy (buf, remove_dir[i]); strcpy (cp, library[j]); /* This file could be a symlink to library-%{version}.so, so check this and don't remove only the link, but also the library itself. */ cp = stpcpy (readlink_buf, remove_dir[i]); if ((len = readlink (buf, cp, (sizeof (readlink_buf) - (cp - readlink_buf) - 1))) > 0) { cp[len] = '\0'; if (cp[0] != '/') cp = readlink_buf; unlink (cp); } unlink (buf); } #endif /* If installing bi-arch glibc, rpm sometimes doesn't unpack all files before running one of the lib's %post scriptlet. /sbin/ldconfig will then be run by the other arch's %post. */ if (access ("/sbin/ldconfig", X_OK) == 0) verbose_exec (110, 0, "/sbin/ldconfig", "/sbin/ldconfig", "-X"); if (utimes (GCONV_MODULES_DIR "/gconv-modules.cache", NULL) == 0) { #ifndef ICONVCONFIG #define ICONVCONFIG "/usr/sbin/iconvconfig" #endif verbose_exec (113, 0, ICONVCONFIG, "/usr/sbin/iconvconfig", "-o", GCONV_MODULES_DIR"/gconv-modules.cache", "--nostdlib", GCONV_MODULES_DIR); } /* Check if telinit is available and the init fifo as well. */ if (access ("/sbin/telinit", X_OK) || access ("/dev/initctl", F_OK)) _exit (0); /* Check if we are not inside of some chroot, because we'd just timeout and leave /etc/initrunlvl. */ if (readlink ("/proc/1/exe", initpath, 256) <= 0 || readlink ("/proc/1/root", initpath, 256) <= 0 || stat ("/proc/1/root", &init_root) < 0 || stat ("/.buildenv", &init_root) < 0 || /* XEN build */ stat ("/", &root) < 0 || init_root.st_dev != root.st_dev || init_root.st_ino != root.st_ino) _exit (0); if (check_elf ("/proc/1/exe")) verbose_exec (116, 0, "/sbin/telinit", "/sbin/telinit", "u"); #if 0 /* Check if we can safely condrestart sshd. */ if (access ("/sbin/service", X_OK) == 0 && access ("/usr/sbin/sshd", X_OK) == 0 && access ("/bin/bash", X_OK) == 0) { if (check_elf ("/usr/sbin/sshd")) verbose_exec (121, 0, "/sbin/service", "/sbin/service", "sshd", "condrestart"); } #endif _exit(0); } void vexec (int failcode, int fail_ok, char *const path[]) { pid_t pid; int status, save_errno; pid = vfork (); if (pid == 0) { execv (path[0], path + 1); save_errno = errno; message (path); says (" exec failed with errno "); sayn (save_errno); says ("\n"); _exit (failcode); } else if (pid < 0) { save_errno = errno; message (path); says (" fork failed with errno "); sayn (save_errno); says ("\n"); _exit (failcode + 1); } if (waitpid (0, &status, 0) != pid || !WIFEXITED (status)) { message (path); says (" child terminated abnormally\n"); _exit (failcode + 2); } if (WEXITSTATUS (status)) { message (path); says (" child exited with exit code "); sayn (WEXITSTATUS (status)); if (fail_ok) { says (" (ignored) \n"); } else { says ("\n"); _exit (WEXITSTATUS (status)); } } } void says (const char *str) { write (1, str, strlen (str)); } void sayn (long num) { char string[sizeof (long) * 3 + 1]; char *p = string + sizeof (string) - 1; *p = '\0'; if (num == 0) *--p = '0'; else while (num) { *--p = '0' + num % 10; num = num / 10; } says (p); } void message (char *const path[]) { says ("/usr/sbin/glibc_post_upgrade: While trying to execute "); says (path[0]); } int check_elf (const char *name) { /* Play safe, if we can't open or read, assume it might be ELF for the current arch. */ int ret = 1; int fd = open (name, O_RDONLY); if (fd >= 0) { Elf32_Ehdr ehdr; if (read (fd, &ehdr, offsetof (Elf32_Ehdr, e_version)) == offsetof (Elf32_Ehdr, e_version)) { ret = 0; if (ehdr.e_ident[EI_CLASS] == (sizeof (long) == 8 ? ELFCLASS64 : ELFCLASS32)) { #if defined __i386__ ret = ehdr.e_machine == EM_386; #elif defined __x86_64__ ret = ehdr.e_machine == EM_X86_64; #elif defined __ia64__ ret = ehdr.e_machine == EM_IA_64; #elif defined __powerpc64__ ret = ehdr.e_machine == EM_PPC64; #elif defined __powerpc__ ret = ehdr.e_machine == EM_PPC; #elif defined __s390__ || defined __s390x__ ret = ehdr.e_machine == EM_S390; #elif defined __x86_64__ ret = ehdr.e_machine == EM_X86_64; #elif defined __sparc__ if (sizeof (long) == 8) ret = ehdr.e_machine == EM_SPARCV9; else ret = (ehdr.e_machine == EM_SPARC || ehdr.e_machine == EM_SPARC32PLUS); #else ret = 1; #endif } } close (fd); } return ret; } #ifdef SMALL_BINARY int __libc_multiple_threads __attribute__((nocommon)); int __libc_enable_asynccancel (void) { return 0; } void __libc_disable_asynccancel (int x) { } void __libc_csu_init (void) { } void __libc_csu_fini (void) { } pid_t __fork (void) { return -1; } char thr_buf[65536]; #ifndef __powerpc__ int __libc_start_main (int (*main) (void), int argc, char **argv, void (*init) (void), void (*fini) (void), void (*rtld_fini) (void), void * stack_end) #else struct startup_info { void *sda_base; int (*main) (int, char **, char **, void *); int (*init) (int, char **, char **, void *); void (*fini) (void); }; int __libc_start_main (int argc, char **ubp_av, char **ubp_ev, void *auxvec, void (*rtld_fini) (void), struct startup_info *stinfo, char **stack_on_entry) #endif { #if defined __ia64__ || defined __powerpc64__ register void *r13 __asm ("r13") = thr_buf + 32768; __asm ("" : : "r" (r13)); #elif defined __sparc__ register void *g6 __asm ("g6") = thr_buf + 32768; # ifdef __arch64__ __thread_self = thr_buf + 32768; # else register void *__thread_self __asm ("g7") = thr_buf + 32768; # endif __asm ("" : : "r" (g6), "r" (__thread_self)); #elif defined __s390__ && !defined __s390x__ __asm ("sar %%a0,%0" : : "d" (thr_buf + 32768)); #elif defined __s390x__ __asm ("sar %%a1,%0; srlg 0,%0,32; sar %%a0,0" : : "d" (thr_buf + 32768) : "0"); #elif defined __powerpc__ && !defined __powerpc64__ register void *r2 __asm ("r2") = thr_buf + 32768; __asm ("" : : "r" (r2)); #endif main(); return 0; } #endif ++++++ malloc-overflow.patch ++++++ libc:b73ed247781d533628b681f57257dc85882645d3 libc:55e17aadc1ef17a1df9626fb0e9fba290ece3331 libc:1159a193696ad48ec86e5895f6dee3e539619c0e 2013-09-11 Will Newton <will.newton@linaro.org> [BZ #15857] * malloc/malloc.c (__libc_memalign): Check the value of bytes does not overflow. [BZ #15856] * malloc/malloc.c (__libc_valloc): Check the value of bytes does not overflow. [BZ #15855] * malloc/malloc.c (__libc_pvalloc): Check the value of bytes does not overflow. Index: glibc-2.17/malloc/malloc.c =================================================================== --- glibc-2.17.orig/malloc/malloc.c +++ glibc-2.17/malloc/malloc.c @@ -3020,6 +3020,13 @@ __libc_memalign(size_t alignment, size_t /* Otherwise, ensure that it is at least a minimum chunk size */ if (alignment < MINSIZE) alignment = MINSIZE; + /* Check for overflow. */ + if (bytes > SIZE_MAX - alignment - MINSIZE) + { + __set_errno (ENOMEM); + return 0; + } + arena_get(ar_ptr, bytes + alignment + MINSIZE); if(!ar_ptr) return 0; @@ -3051,6 +3058,13 @@ __libc_valloc(size_t bytes) size_t pagesz = GLRO(dl_pagesize); + /* Check for overflow. */ + if (bytes > SIZE_MAX - pagesz - MINSIZE) + { + __set_errno (ENOMEM); + return 0; + } + __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t, const __malloc_ptr_t)) = force_reg (__memalign_hook); @@ -3088,6 +3102,13 @@ __libc_pvalloc(size_t bytes) size_t page_mask = GLRO(dl_pagesize) - 1; size_t rounded_bytes = (bytes + page_mask) & ~(page_mask); + /* Check for overflow. */ + if (bytes > SIZE_MAX - 2*pagesz - MINSIZE) + { + __set_errno (ENOMEM); + return 0; + } + __malloc_ptr_t (*hook) __MALLOC_PMT ((size_t, size_t, const __malloc_ptr_t)) = force_reg (__memalign_hook); ++++++ manpages.patch ++++++ Index: manpages/locale.1 =================================================================== --- manpages/locale.1.orig +++ manpages/locale.1 @@ -247,17 +247,6 @@ This environment variable can switch aga \& The directory where locale data is stored. By default, /usr/lib/locale is used. .Ve -.SH "FILES" -.IX Header "FILES" -.PP -.PD 0 -.TP 8 -\fI/usr/share/i18n/SUPPORTED\fP -List of supported values (and their associated encoding) for the locale name. -This representation is recommended over -\fB\-\-all\-locales\fR one, due being the system wide supported values. -.PP - .SH "AUTHOR" .IX Header "AUTHOR" \&\fIlocale\fR was written by Ulrich Drepper for the \s-1GNU\s0 C Library. Index: manpages/locale.alias.5 =================================================================== --- manpages/locale.alias.5.orig +++ manpages/locale.alias.5 @@ -18,7 +18,7 @@ .SH "NAME" locale.alias \- Locale name alias data base .SH "DESCRIPTION" -The locale.alias database file (/etc/locale.alias) is used by the +The locale.alias database file (/usr/share/locale/locale.alias) is used by the .B locale command and the .B X Window System @@ -40,6 +40,6 @@ name, or simpler versions of the POSIX l Lines beginning with Hash ("#") are treated as comments and ignored. .SH "SEE ALSO" -locale(1), localedef(1), locale-gen(8), locale.gen(5) +locale(1), localedef(1) .SH "AUTHOR" Alastair McKinstry <mckinstry@computer.org> ++++++ nscd-netgroup.patch ++++++ 2013-06-11 Andreas Schwab <schwab@suse.de> [BZ #15577] * nscd/connections.c (nscd_run_worker): Always zero-terminate key. * nscd/netgroupcache.c (addgetnetgrentX): Properly handle absent values in the triple. * nscd/nscd_netgroup.c (__nscd_setnetgrent): Include zero terminator in the group key. Index: glibc-2.17/nscd/connections.c =================================================================== --- glibc-2.17.orig/nscd/connections.c +++ glibc-2.17/nscd/connections.c @@ -1762,7 +1762,7 @@ nscd_run_worker (void *p) else { /* Get the key. */ - char keybuf[MAXKEYLEN]; + char keybuf[MAXKEYLEN + 1]; if (__builtin_expect (TEMP_FAILURE_RETRY (read (fd, keybuf, req.key_len)) @@ -1774,6 +1774,7 @@ nscd_run_worker (void *p) strerror_r (errno, buf, sizeof (buf))); goto close_and_out; } + keybuf[req.key_len] = '\0'; if (__builtin_expect (debug_level, 0) > 0) { Index: glibc-2.17/nscd/netgroupcache.c =================================================================== --- glibc-2.17.orig/nscd/netgroupcache.c +++ glibc-2.17/nscd/netgroupcache.c @@ -192,18 +192,26 @@ addgetnetgrentX (struct database_dyn *db const char *nuser = data.val.triple.user; const char *ndomain = data.val.triple.domain; - if (data.val.triple.host > data.val.triple.user - || data.val.triple.user > data.val.triple.domain) + if (nhost == NULL || nuser == NULL || ndomain == NULL + || nhost > nuser || nuser > ndomain) { - const char *last = MAX (nhost, - MAX (nuser, ndomain)); - size_t bufused = (last + strlen (last) + 1 - - buffer); + const char *last = nhost; + if (last == NULL + || (nuser != NULL && nuser > last)) + last = nuser; + if (last == NULL + || (ndomain != NULL && ndomain > last)) + last = ndomain; + + size_t bufused + = (last == NULL + ? buffilled + : last + strlen (last) + 1 - buffer); /* We have to make temporary copies. */ - size_t hostlen = strlen (nhost) + 1; - size_t userlen = strlen (nuser) + 1; - size_t domainlen = strlen (ndomain) + 1; + size_t hostlen = strlen (nhost ?: "") + 1; + size_t userlen = strlen (nuser ?: "") + 1; + size_t domainlen = strlen (ndomain ?: "") + 1; size_t needed = hostlen + userlen + domainlen; if (buflen - req->key_len - bufused < needed) @@ -226,11 +234,11 @@ addgetnetgrentX (struct database_dyn *db } nhost = memcpy (buffer + bufused, - nhost, hostlen); + nhost ?: "", hostlen); nuser = memcpy ((char *) nhost + hostlen, - nuser, userlen); + nuser ?: "", userlen); ndomain = memcpy ((char *) nuser + userlen, - ndomain, domainlen); + ndomain ?: "", domainlen); } char *wp = buffer + buffilled; Index: glibc-2.17/nscd/nscd_netgroup.c =================================================================== --- glibc-2.17.orig/nscd/nscd_netgroup.c +++ glibc-2.17/nscd/nscd_netgroup.c @@ -48,7 +48,7 @@ __nscd_setnetgrent (const char *group, s { int gc_cycle; int nretries = 0; - size_t group_len = strlen (group); + size_t group_len = strlen (group) + 1; /* If the mapping is available, try to search there instead of communicating with the nscd. */ ++++++ nscd-short-write.patch ++++++ From 5a7b70c87c5ba03a122db0372e87ecb550ee4b38 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <schwab@suse.de> Date: Tue, 4 Dec 2012 16:14:13 +0100 Subject: [PATCH] Properly check for short writes when sending the response in nscd * nscd/grpcache.c (cache_addgr): Properly check for short write. * nscd/initgrcache.c (addinitgroupsX): Likewise. * nscd/pwdcache.c (cache_addpw): Likewise. * nscd/servicescache.c (cache_addserv): Likewise. Don't write more than recsize. --- nscd/grpcache.c | 6 +++++- nscd/initgrcache.c | 7 ++++++- nscd/pwdcache.c | 8 ++++++-- nscd/servicescache.c | 12 ++++++++---- 4 files changed, 25 insertions(+), 8 deletions(-) diff --git a/nscd/grpcache.c b/nscd/grpcache.c index f0dad4d..696162f 100644 --- a/nscd/grpcache.c +++ b/nscd/grpcache.c @@ -75,6 +75,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req, const void *key, struct group *grp, uid_t owner, struct hashentry *const he, struct datahead *dh, int errval) { + bool all_written = true; ssize_t total; ssize_t written; time_t t = time (NULL); @@ -342,6 +343,9 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req, # endif #endif written = writeall (fd, &dataset->resp, dataset->head.recsize); + + if (written != dataset->head.recsize) + all_written = false; } /* Add the record to the database. But only if it has not been @@ -401,7 +405,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req, } } - if (__builtin_expect (written != total, 0) && debug_level > 0) + if (__builtin_expect (!all_written, 0) && debug_level > 0) { char buf[256]; dbg_log (_("short write in %s: %s"), __FUNCTION__, diff --git a/nscd/initgrcache.c b/nscd/initgrcache.c index 255b121..13ee86e 100644 --- a/nscd/initgrcache.c +++ b/nscd/initgrcache.c @@ -171,10 +171,12 @@ addinitgroupsX (struct database_dyn *db, int fd, request_header *req, nip = nip->next; } + bool all_written; ssize_t total; ssize_t written; time_t timeout; out: + all_written = true; timeout = MAX_TIMEOUT_VALUE; if (!any_success) { @@ -379,6 +381,9 @@ addinitgroupsX (struct database_dyn *db, int fd, request_header *req, # endif #endif written = writeall (fd, &dataset->resp, dataset->head.recsize); + + if (written != dataset->head.recsize) + all_written = false; } @@ -405,7 +410,7 @@ addinitgroupsX (struct database_dyn *db, int fd, request_header *req, free (groups); - if (__builtin_expect (written != total, 0) && debug_level > 0) + if (__builtin_expect (!all_written, 0) && debug_level > 0) { char buf[256]; dbg_log (_("short write in %s: %s"), __FUNCTION__, diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c index a8ea407..d6b91ef 100644 --- a/nscd/pwdcache.c +++ b/nscd/pwdcache.c @@ -81,6 +81,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, const void *key, struct passwd *pwd, uid_t owner, struct hashentry *const he, struct datahead *dh, int errval) { + bool all_written = true; ssize_t total; ssize_t written; time_t t = time (NULL); @@ -306,7 +307,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, + db->head->data_size)); written = sendfileall (fd, db->wr_fd, (char *) &dataset->resp - - (char *) db->head, dataset->head.recsize ); + - (char *) db->head, dataset->head.recsize); # ifndef __ASSUME_SENDFILE if (written == -1 && errno == ENOSYS) goto use_write; @@ -318,6 +319,9 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, # endif #endif written = writeall (fd, &dataset->resp, dataset->head.recsize); + + if (written != dataset->head.recsize) + all_written = false; } @@ -377,7 +381,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, } } - if (__builtin_expect (written != total, 0) && debug_level > 0) + if (__builtin_expect (!all_written, 0) && debug_level > 0) { char buf[256]; dbg_log (_("short write in %s: %s"), __FUNCTION__, diff --git a/nscd/servicescache.c b/nscd/servicescache.c index 0e7520d..917daa4 100644 --- a/nscd/servicescache.c +++ b/nscd/servicescache.c @@ -65,6 +65,7 @@ cache_addserv (struct database_dyn *db, int fd, request_header *req, const void *key, struct servent *serv, uid_t owner, struct hashentry *const he, struct datahead *dh, int errval) { + bool all_written = true; ssize_t total; ssize_t written; time_t t = time (NULL); @@ -290,14 +291,14 @@ cache_addserv (struct database_dyn *db, int fd, request_header *req, { assert (db->wr_fd != -1); assert ((char *) &dataset->resp > (char *) db->data); - assert ((char *) &dataset->resp - (char *) db->head + assert ((char *) dataset - (char *) db->head + total <= (sizeof (struct database_pers_head) + db->head->module * sizeof (ref_t) + db->head->data_size)); written = sendfileall (fd, db->wr_fd, (char *) &dataset->resp - - (char *) db->head, total); + - (char *) db->head, dataset->head.recsize); # ifndef __ASSUME_SENDFILE if (written == -1 && errno == ENOSYS) goto use_write; @@ -308,7 +309,10 @@ cache_addserv (struct database_dyn *db, int fd, request_header *req, use_write: # endif #endif - written = writeall (fd, &dataset->resp, total); + written = writeall (fd, &dataset->resp, dataset->head.recsize); + + if (written != dataset->head.recsize) + all_written = false; } /* Add the record to the database. But only if it has not been @@ -332,7 +336,7 @@ cache_addserv (struct database_dyn *db, int fd, request_header *req, } } - if (__builtin_expect (written != total, 0) && debug_level > 0) + if (__builtin_expect (!all_written, 0) && debug_level > 0) { char buf[256]; dbg_log (_("short write in %s: %s"), __FUNCTION__, -- 1.8.0.1 ++++++ nscd.conf ++++++ d /var/run/nscd 0755 root root ++++++ nscd.service ++++++ [Unit] Description=Name Service Cache Daemon After=syslog.target [Service] ExecStart=/usr/sbin/nscd --foreground ExecStop=/usr/sbin/nscd --shutdown ExecReload=/usr/sbin/nscd -i passwd ExecReload=/usr/sbin/nscd -i group ExecReload=/usr/sbin/nscd -i hosts ExecReload=/usr/sbin/nscd -i services ExecReload=/usr/sbin/nscd -i netgroup Restart=always [Install] WantedBy=multi-user.target ++++++ nss-db-path.patch ++++++ Use /var/db for nss_db Index: glibc-2.16.90/nss/db-Makefile =================================================================== --- glibc-2.16.90.orig/nss/db-Makefile +++ glibc-2.16.90/nss/db-Makefile @@ -22,7 +22,7 @@ DATABASES = $(wildcard /etc/passwd /etc/ /etc/rpc /etc/services /etc/shadow /etc/gshadow \ /etc/netgroup) -VAR_DB = /var/db +VAR_DB = /var/lib/misc AWK = awk MAKEDB = makedb --quiet Index: glibc-2.16.90/sysdeps/unix/sysv/linux/paths.h =================================================================== --- glibc-2.16.90.orig/sysdeps/unix/sysv/linux/paths.h +++ glibc-2.16.90/sysdeps/unix/sysv/linux/paths.h @@ -68,7 +68,7 @@ /* Provide trailing slash, since mostly used for building pathnames. */ #define _PATH_DEV "/dev/" #define _PATH_TMP "/tmp/" -#define _PATH_VARDB "/var/db/" +#define _PATH_VARDB "/var/lib/misc/" #define _PATH_VARRUN "/var/run/" #define _PATH_VARTMP "/var/tmp/" Index: glibc-2.16.90/Makeconfig =================================================================== --- glibc-2.16.90.orig/Makeconfig +++ glibc-2.16.90/Makeconfig @@ -250,7 +250,7 @@ inst_sysconfdir = $(install_root)$(sysco # Directory for the database files and Makefile for nss_db. ifndef vardbdir -vardbdir = $(localstatedir)/db +vardbdir = /var/lib/misc endif inst_vardbdir = $(install_root)$(vardbdir) ++++++ nsswitch.conf ++++++ # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # # passwd: files nis # shadow: files nis # group: files nis passwd: compat group: compat hosts: files dns networks: files dns services: files protocols: files rpc: files ethers: files netmasks: files netgroup: files nis publickey: files bootparams: files automount: files nis aliases: files ++++++ pldd-wait-ptrace-stop.patch ++++++ 2013-07-31 Andreas Schwab <schwab@suse.de> * elf/pldd.c (wait_for_ptrace_stop): New function. (main): Call it after attaching. Index: glibc-2.17/elf/pldd.c =================================================================== --- glibc-2.17.orig/elf/pldd.c +++ glibc-2.17/elf/pldd.c @@ -34,6 +34,7 @@ #include <unistd.h> #include <sys/ptrace.h> #include <sys/stat.h> +#include <sys/wait.h> #include <ldsodefs.h> #include <version.h> @@ -85,6 +86,7 @@ static char *exe; /* Local functions. */ static int get_process_info (int dfd, long int pid); +static void wait_for_ptrace_stop (long int pid); int @@ -173,6 +175,8 @@ main (int argc, char *argv[]) tid); } + wait_for_ptrace_stop (tid); + struct thread_list *newp = alloca (sizeof (*newp)); newp->tid = tid; newp->next = thread_list; @@ -197,6 +201,24 @@ main (int argc, char *argv[]) } +/* Wait for PID to enter ptrace-stop state after being attached. */ +static void +wait_for_ptrace_stop (long int pid) +{ + int status; + + /* While waiting for SIGSTOP being delivered to the tracee we have to + reinject any other pending signal. Ignore all other errors. */ + while (waitpid (pid, &status, __WALL) == pid && WIFSTOPPED (status)) + { + /* The STOP signal should not be delivered to the tracee. */ + if (WSTOPSIG (status) == SIGSTOP) + return; + ptrace (PTRACE_CONT, pid, NULL, (void *) (uintptr_t) WSTOPSIG (status)); + } +} + + /* Handle program arguments. */ static error_t parse_opt (int key, char *arg, struct argp_state *state) ++++++ pre_checkin.sh ++++++ #!/bin/bash # This script is called automatically during autobuild checkin. sed -e 's/^Name:.*glibc/&-testsuite/' glibc.spec > glibc-testsuite.spec cp glibc.changes glibc-testsuite.changes awk '/^Name:/{ $0 = $0 "-utils" } /UTILS-SUMMARY-BEGIN/ { ignore = 1 print "\ Summary: Development utilities from GNU C library\n\ License: LGPL-2.1+\n\ Group: Development/Languages/C and C++" } /UTILS-SUMMARY-END/ { ignore = 0 } /^%description$/ { ignore = 1 print "\ %description\n\ The glibc-utils package contains mtrace, a memory leak tracer and\n\ xtrace, a function call tracer which can be helpful during program\n\ debugging.\n\ \n\ If you are unsure if you need this, don'\''t install this package.\n" } /^%package/ { ignore = 0} !ignore { print }' glibc.spec > glibc-utils.spec cp glibc.changes glibc-utils.changes osc service localrun format_spec_file ++++++ printf-overrun.patch ++++++ From 1aa92494e55792b568663b5aad81a58fad35490d Mon Sep 17 00:00:00 2001 From: Eric Biggers <ebiggers3@gmail.com> Date: Thu, 18 Apr 2013 17:46:08 +0200 Subject: [PATCH] PR15362 [BZ #15362] * libio/fileops.c: Revert problematic fixes for [BZ #11741] * libio/iofwrite.c: Likewise. * libio/iofwrite_u.c: Likewise. * libio/iopadn.c: Likewise. * libio/iowpadn.c: Likewise. * stdio-common/vfprintf.c: Fix [BZ #11741] properly by checking whether _IO_padn() returned the full count written. --- libio/fileops.c | 21 +++++++++------------ libio/iofwrite.c | 10 +++++----- libio/iofwrite_u.c | 10 +++++----- libio/iopadn.c | 2 +- libio/iowpadn.c | 2 +- stdio-common/vfprintf.c | 12 ++++++------ 6 files changed, 27 insertions(+), 30 deletions(-) diff --git a/libio/fileops.c b/libio/fileops.c index 61b61b3..90d5e88 100644 --- a/libio/fileops.c +++ b/libio/fileops.c @@ -1245,13 +1245,12 @@ _IO_new_file_write (f, data, n) _IO_ssize_t n; { _IO_ssize_t to_do = n; - _IO_ssize_t count = 0; while (to_do > 0) { - count = (__builtin_expect (f->_flags2 - & _IO_FLAGS2_NOTCANCEL, 0) - ? write_not_cancel (f->_fileno, data, to_do) - : write (f->_fileno, data, to_do)); + _IO_ssize_t count = (__builtin_expect (f->_flags2 + & _IO_FLAGS2_NOTCANCEL, 0) + ? write_not_cancel (f->_fileno, data, to_do) + : write (f->_fileno, data, to_do)); if (count < 0) { f->_flags |= _IO_ERR_SEEN; @@ -1263,7 +1262,7 @@ _IO_new_file_write (f, data, n) n -= to_do; if (f->_offset >= 0) f->_offset += n; - return count < 0 ? count : n; + return n; } _IO_size_t @@ -1323,13 +1322,11 @@ _IO_new_file_xsputn (f, data, n) _IO_size_t block_size, do_write; /* Next flush the (full) buffer. */ if (_IO_OVERFLOW (f, EOF) == EOF) - /* If nothing else has to be written or nothing has been written, we - must not signal the caller that the call was even partially - successful. */ - return (to_do == 0 || to_do == n) ? EOF : n - to_do; + /* If nothing else has to be written we must not signal the + caller that everything has been written. */ + return to_do == 0 ? EOF : n - to_do; - /* Try to maintain alignment: write a whole number of blocks. - dont_write is what gets left over. */ + /* Try to maintain alignment: write a whole number of blocks. */ block_size = f->_IO_buf_end - f->_IO_buf_base; do_write = to_do - (block_size >= 128 ? to_do % block_size : 0); diff --git a/libio/iofwrite.c b/libio/iofwrite.c index 81596a6..66542ea 100644 --- a/libio/iofwrite.c +++ b/libio/iofwrite.c @@ -42,12 +42,12 @@ _IO_fwrite (buf, size, count, fp) if (_IO_vtable_offset (fp) != 0 || _IO_fwide (fp, -1) == -1) written = _IO_sputn (fp, (const char *) buf, request); _IO_release_lock (fp); - /* We are guaranteed to have written all of the input, none of it, or - some of it. */ - if (written == request) + /* We have written all of the input in case the return value indicates + this or EOF is returned. The latter is a special case where we + simply did not manage to flush the buffer. But the data is in the + buffer and therefore written as far as fwrite is concerned. */ + if (written == request || written == EOF) return count; - else if (written == EOF) - return 0; else return written / size; } diff --git a/libio/iofwrite_u.c b/libio/iofwrite_u.c index 4a9d6ca..18dc6d0 100644 --- a/libio/iofwrite_u.c +++ b/libio/iofwrite_u.c @@ -44,12 +44,12 @@ fwrite_unlocked (buf, size, count, fp) if (_IO_fwide (fp, -1) == -1) { written = _IO_sputn (fp, (const char *) buf, request); - /* We are guaranteed to have written all of the input, none of it, or - some of it. */ - if (written == request) + /* We have written all of the input in case the return value indicates + this or EOF is returned. The latter is a special case where we + simply did not manage to flush the buffer. But the data is in the + buffer and therefore written as far as fwrite is concerned. */ + if (written == request || written == EOF) return count; - else if (written == EOF) - return 0; } return written / size; diff --git a/libio/iopadn.c b/libio/iopadn.c index cc93c0f..5ebbcf4 100644 --- a/libio/iopadn.c +++ b/libio/iopadn.c @@ -59,7 +59,7 @@ _IO_padn (fp, pad, count) w = _IO_sputn (fp, padptr, PADSIZE); written += w; if (w != PADSIZE) - return w == EOF ? w : written; + return written; } if (i > 0) diff --git a/libio/iowpadn.c b/libio/iowpadn.c index d94db71..5600f37 100644 --- a/libio/iowpadn.c +++ b/libio/iowpadn.c @@ -65,7 +65,7 @@ _IO_wpadn (fp, pad, count) w = _IO_sputn (fp, (char *) padptr, PADSIZE); written += w; if (w != PADSIZE) - return w == EOF ? w : written; + return written; } if (i > 0) diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index c8bcf5a..61d9dc2 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -90,13 +90,13 @@ do { \ if (width > 0) \ { \ - unsigned int d = _IO_padn (s, (Padchar), width); \ - if (__builtin_expect (d == EOF, 0)) \ + _IO_ssize_t written = _IO_padn (s, (Padchar), width); \ + if (__builtin_expect (written != width, 0)) \ { \ done = -1; \ goto all_done; \ } \ - done_add (d); \ + done_add (written); \ } \ } while (0) # define PUTC(C, F) _IO_putc_unlocked (C, F) @@ -119,13 +119,13 @@ do { \ if (width > 0) \ { \ - unsigned int d = _IO_wpadn (s, (Padchar), width); \ - if (__builtin_expect (d == EOF, 0)) \ + _IO_ssize_t written = _IO_wpadn (s, (Padchar), width); \ + if (__builtin_expect (written != width, 0)) \ { \ done = -1; \ goto all_done; \ } \ - done_add (d); \ + done_add (written); \ } \ } while (0) # define PUTC(C, F) _IO_putwc_unlocked (C, F) ++++++ pthread-cond-timedwait-i486.patch ++++++ From b8a72d0c4ca74e52ea06fa4e56489499489ec158 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <schwab@suse.de> Date: Thu, 22 Nov 2012 12:57:37 +0100 Subject: [PATCH] Extend i486 pthread_cond_timedwait to use futex syscall with absolute timeout * sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S (__pthread_cond_timedwait): If possible use FUTEX_WAIT_BITSET to directly use absolute timeout. --- .../sysv/linux/i386/i486/pthread_cond_timedwait.S | 381 +++++++++++++++++---- 1 file changed, 315 insertions(+), 66 deletions(-) diff --git a/nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S b/nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S index 6011f69..b9dbe6b 100644 --- a/nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S +++ b/nptl/sysdeps/unix/sysv/linux/i386/i486/pthread_cond_timedwait.S @@ -66,6 +66,34 @@ __pthread_cond_timedwait: movl $EINVAL, %eax jae 18f + /* Stack frame: + + esp + 32 + +--------------------------+ + esp + 24 | timeout value | + +--------------------------+ + esp + 20 | futex pointer | + +--------------------------+ + esp + 16 | pi-requeued flag | + +--------------------------+ + esp + 12 | old broadcast_seq value | + +--------------------------+ + esp + 4 | old wake_seq value | + +--------------------------+ + esp + 0 | old cancellation mode | + +--------------------------+ + */ + +#ifndef __ASSUME_FUTEX_CLOCK_REALTIME +# ifdef PIC + LOAD_PIC_REG (cx) + cmpl $0, __have_futex_clock_realtime@GOTOFF(%ecx) +# else + cmpl $0, __have_futex_clock_realtime +# endif + je .Lreltmo +#endif + /* Get internal lock. */ movl $1, %edx xorl %eax, %eax @@ -96,7 +124,11 @@ __pthread_cond_timedwait: addl $1, cond_futex(%ebx) addl $(1 << nwaiters_shift), cond_nwaiters(%ebx) -#define FRAME_SIZE 32 +#ifdef __ASSUME_FUTEX_CLOCK_REALTIME +# define FRAME_SIZE 24 +#else +# define FRAME_SIZE 32 +#endif subl $FRAME_SIZE, %esp cfi_adjust_cfa_offset(FRAME_SIZE) cfi_remember_state @@ -105,60 +137,19 @@ __pthread_cond_timedwait: movl wakeup_seq(%ebx), %edi movl wakeup_seq+4(%ebx), %edx movl broadcast_seq(%ebx), %eax - movl %edi, 12(%esp) - movl %edx, 16(%esp) - movl %eax, 20(%esp) + movl %edi, 4(%esp) + movl %edx, 8(%esp) + movl %eax, 12(%esp) /* Reset the pi-requeued flag. */ -8: movl $0, 24(%esp) - /* Get the current time. */ - movl %ebx, %edx -#ifdef __NR_clock_gettime - /* Get the clock number. */ - movl cond_nwaiters(%ebx), %ebx - andl $((1 << nwaiters_shift) - 1), %ebx - /* Only clocks 0 and 1 are allowed so far. Both are handled in the - kernel. */ - leal 4(%esp), %ecx - movl $__NR_clock_gettime, %eax - ENTER_KERNEL - movl %edx, %ebx - - /* Compute relative timeout. */ - movl (%ebp), %ecx - movl 4(%ebp), %edx - subl 4(%esp), %ecx - subl 8(%esp), %edx -#else - /* Get the current time. */ - leal 4(%esp), %ebx - xorl %ecx, %ecx - movl $__NR_gettimeofday, %eax - ENTER_KERNEL - movl %edx, %ebx + movl $0, 16(%esp) - /* Compute relative timeout. */ - movl 8(%esp), %eax - movl $1000, %edx - mul %edx /* Milli seconds to nano seconds. */ - movl (%ebp), %ecx - movl 4(%ebp), %edx - subl 4(%esp), %ecx - subl %eax, %edx -#endif - jns 12f - addl $1000000000, %edx - subl $1, %ecx -12: testl %ecx, %ecx + cmpl $0, (%ebp) movl $-ETIMEDOUT, %esi js 6f - /* Store relative timeout. */ -21: movl %ecx, 4(%esp) - movl %edx, 8(%esp) - - movl cond_futex(%ebx), %edi - movl %edi, 28(%esp) +8: movl cond_futex(%ebx), %edi + movl %edi, 20(%esp) /* Unlock. */ LOCK @@ -173,6 +164,7 @@ __pthread_cond_timedwait: 4: call __pthread_enable_asynccancel movl %eax, (%esp) + leal (%ebp), %esi #if FUTEX_PRIVATE_FLAG > 255 xorl %ecx, %ecx #endif @@ -196,9 +188,7 @@ __pthread_cond_timedwait: jne 42f orl $FUTEX_CLOCK_REALTIME, %ecx - /* Requeue-PI uses absolute timeout */ -42: leal (%ebp), %esi - movl 28(%esp), %edx +42: movl 20(%esp), %edx addl $cond_futex, %ebx .Ladd_cond_futex_pi: movl $SYS_futex, %eax @@ -209,12 +199,12 @@ __pthread_cond_timedwait: /* Set the pi-requeued flag only if the kernel has returned 0. The kernel does not hold the mutex on ETIMEDOUT or any other error. */ cmpl $0, %eax - sete 24(%esp) + sete 16(%esp) je 41f /* When a futex syscall with FUTEX_WAIT_REQUEUE_PI returns successfully, it has already locked the mutex for us and the - pi_flag (24(%esp)) is set to denote that fact. However, if another + pi_flag (16(%esp)) is set to denote that fact. However, if another thread changed the futex value before we entered the wait, the syscall may return an EAGAIN and the mutex is not locked. We go ahead with a success anyway since later we look at the pi_flag to @@ -234,22 +224,28 @@ __pthread_cond_timedwait: xorl %ecx, %ecx 40: subl $1, %ecx + movl $0, 16(%esp) #ifdef __ASSUME_PRIVATE_FUTEX andl $FUTEX_PRIVATE_FLAG, %ecx #else andl %gs:PRIVATE_FUTEX, %ecx #endif -#if FUTEX_WAIT != 0 - addl $FUTEX_WAIT, %ecx -#endif - leal 4(%esp), %esi - movl 28(%esp), %edx + addl $FUTEX_WAIT_BITSET, %ecx + /* The following only works like this because we only support + two clocks, represented using a single bit. */ + testl $1, cond_nwaiters(%ebx) + jne 30f + orl $FUTEX_CLOCK_REALTIME, %ecx +30: + movl 20(%esp), %edx + movl $0xffffffff, %ebp addl $cond_futex, %ebx .Ladd_cond_futex: movl $SYS_futex, %eax ENTER_KERNEL subl $cond_futex, %ebx .Lsub_cond_futex: + movl 28+FRAME_SIZE(%esp), %ebp movl %eax, %esi 41: movl (%esp), %eax @@ -268,7 +264,7 @@ __pthread_cond_timedwait: jnz 5f 6: movl broadcast_seq(%ebx), %eax - cmpl 20(%esp), %eax + cmpl 12(%esp), %eax jne 23f movl woken_seq(%ebx), %eax @@ -277,9 +273,9 @@ __pthread_cond_timedwait: movl wakeup_seq(%ebx), %edi movl wakeup_seq+4(%ebx), %edx - cmpl 16(%esp), %edx + cmpl 8(%esp), %edx jne 7f - cmpl 12(%esp), %edi + cmpl 4(%esp), %edi je 15f 7: cmpl %ecx, %edx @@ -292,7 +288,7 @@ __pthread_cond_timedwait: /* We need to go back to futex_wait. If we're using requeue_pi, then release the mutex we had acquired and go back. */ - movl 24(%esp), %edx + movl 16(%esp), %edx test %edx, %edx jz 8b @@ -357,13 +353,13 @@ __pthread_cond_timedwait: 11: movl 24+FRAME_SIZE(%esp), %eax /* With requeue_pi, the mutex lock is held in the kernel. */ - movl 24(%esp), %ecx + movl 16(%esp), %ecx testl %ecx, %ecx jnz 27f call __pthread_mutex_cond_lock 26: addl $FRAME_SIZE, %esp - cfi_adjust_cfa_offset(-FRAME_SIZE); + cfi_adjust_cfa_offset(-FRAME_SIZE) /* We return the result of the mutex_lock operation if it failed. */ testl %eax, %eax @@ -509,6 +505,245 @@ __pthread_cond_timedwait: #endif call __lll_unlock_wake jmp 11b + cfi_adjust_cfa_offset(-FRAME_SIZE) + +#ifndef __ASSUME_FUTEX_CLOCK_REALTIME +.Lreltmo: + /* Get internal lock. */ + movl $1, %edx + xorl %eax, %eax + LOCK +# if cond_lock == 0 + cmpxchgl %edx, (%ebx) +# else + cmpxchgl %edx, cond_lock(%ebx) +# endif + jnz 101f + + /* Store the reference to the mutex. If there is already a + different value in there this is a bad user bug. */ +102: cmpl $-1, dep_mutex(%ebx) + movl 24(%esp), %eax + je 117f + movl %eax, dep_mutex(%ebx) + + /* Unlock the mutex. */ +117: xorl %edx, %edx + call __pthread_mutex_unlock_usercnt + + testl %eax, %eax + jne 16b + + addl $1, total_seq(%ebx) + adcl $0, total_seq+4(%ebx) + addl $1, cond_futex(%ebx) + addl $(1 << nwaiters_shift), cond_nwaiters(%ebx) + + subl $FRAME_SIZE, %esp + cfi_adjust_cfa_offset(FRAME_SIZE) + + /* Get and store current wakeup_seq value. */ + movl wakeup_seq(%ebx), %edi + movl wakeup_seq+4(%ebx), %edx + movl broadcast_seq(%ebx), %eax + movl %edi, 4(%esp) + movl %edx, 8(%esp) + movl %eax, 12(%esp) + + /* Reset the pi-requeued flag. */ + movl $0, 16(%esp) + + /* Get the current time. */ +108: movl %ebx, %edx +# ifdef __NR_clock_gettime + /* Get the clock number. */ + movl cond_nwaiters(%ebx), %ebx + andl $((1 << nwaiters_shift) - 1), %ebx + /* Only clocks 0 and 1 are allowed so far. Both are handled in the + kernel. */ + leal 24(%esp), %ecx + movl $__NR_clock_gettime, %eax + ENTER_KERNEL + movl %edx, %ebx + + /* Compute relative timeout. */ + movl (%ebp), %ecx + movl 4(%ebp), %edx + subl 24(%esp), %ecx + subl 28(%esp), %edx +# else + /* Get the current time. */ + leal 24(%esp), %ebx + xorl %ecx, %ecx + movl $__NR_gettimeofday, %eax + ENTER_KERNEL + movl %edx, %ebx + + /* Compute relative timeout. */ + movl 28(%esp), %eax + movl $1000, %edx + mul %edx /* Milli seconds to nano seconds. */ + movl (%ebp), %ecx + movl 4(%ebp), %edx + subl 24(%esp), %ecx + subl %eax, %edx +# endif + jns 112f + addl $1000000000, %edx + subl $1, %ecx +112: testl %ecx, %ecx + movl $-ETIMEDOUT, %esi + js 106f + + /* Store relative timeout. */ +121: movl %ecx, 24(%esp) + movl %edx, 28(%esp) + + movl cond_futex(%ebx), %edi + movl %edi, 20(%esp) + + /* Unlock. */ + LOCK +# if cond_lock == 0 + subl $1, (%ebx) +# else + subl $1, cond_lock(%ebx) +# endif + jne 103f + +.LcleanupSTART2: +104: call __pthread_enable_asynccancel + movl %eax, (%esp) + + leal 24(%esp), %esi +# if FUTEX_PRIVATE_FLAG > 255 + xorl %ecx, %ecx +# endif + cmpl $-1, dep_mutex(%ebx) + sete %cl + subl $1, %ecx +# ifdef __ASSUME_PRIVATE_FUTEX + andl $FUTEX_PRIVATE_FLAG, %ecx +# else + andl %gs:PRIVATE_FUTEX, %ecx +# endif +# if FUTEX_WAIT != 0 + addl $FUTEX_WAIT, %ecx +# endif + movl 20(%esp), %edx + addl $cond_futex, %ebx +.Ladd_cond_futex2: + movl $SYS_futex, %eax + ENTER_KERNEL + subl $cond_futex, %ebx +.Lsub_cond_futex2: + movl %eax, %esi + +141: movl (%esp), %eax + call __pthread_disable_asynccancel +.LcleanupEND2: + + + /* Lock. */ + movl $1, %edx + xorl %eax, %eax + LOCK +# if cond_lock == 0 + cmpxchgl %edx, (%ebx) +# else + cmpxchgl %edx, cond_lock(%ebx) +# endif + jnz 105f + +106: movl broadcast_seq(%ebx), %eax + cmpl 12(%esp), %eax + jne 23b + + movl woken_seq(%ebx), %eax + movl woken_seq+4(%ebx), %ecx + + movl wakeup_seq(%ebx), %edi + movl wakeup_seq+4(%ebx), %edx + + cmpl 8(%esp), %edx + jne 107f + cmpl 4(%esp), %edi + je 115f + +107: cmpl %ecx, %edx + jne 9b + cmp %eax, %edi + jne 9b + +115: cmpl $-ETIMEDOUT, %esi + je 28b + + jmp 8b + + cfi_adjust_cfa_offset(-FRAME_SIZE) + /* Initial locking failed. */ +101: +# if cond_lock == 0 + movl %ebx, %edx +# else + leal cond_lock(%ebx), %edx +# endif +# if (LLL_SHARED-LLL_PRIVATE) > 255 + xorl %ecx, %ecx +# endif + cmpl $-1, dep_mutex(%ebx) + setne %cl + subl $1, %ecx + andl $(LLL_SHARED-LLL_PRIVATE), %ecx +# if LLL_PRIVATE != 0 + addl $LLL_PRIVATE, %ecx +# endif + call __lll_lock_wait + jmp 102b + + cfi_adjust_cfa_offset(FRAME_SIZE) + + /* Unlock in loop requires wakeup. */ +103: +# if cond_lock == 0 + movl %ebx, %eax +# else + leal cond_lock(%ebx), %eax +# endif +# if (LLL_SHARED-LLL_PRIVATE) > 255 + xorl %ecx, %ecx +# endif + cmpl $-1, dep_mutex(%ebx) + setne %cl + subl $1, %ecx + andl $(LLL_SHARED-LLL_PRIVATE), %ecx +# if LLL_PRIVATE != 0 + addl $LLL_PRIVATE, %ecx +# endif + call __lll_unlock_wake + jmp 104b + + /* Locking in loop failed. */ +105: +# if cond_lock == 0 + movl %ebx, %edx +# else + leal cond_lock(%ebx), %edx +# endif +# if (LLL_SHARED-LLL_PRIVATE) > 255 + xorl %ecx, %ecx +# endif + cmpl $-1, dep_mutex(%ebx) + setne %cl + subl $1, %ecx + andl $(LLL_SHARED-LLL_PRIVATE), %ecx +# if LLL_PRIVATE != 0 + addl $LLL_PRIVATE, %ecx +# endif + call __lll_lock_wait + jmp 106b + cfi_adjust_cfa_offset(-FRAME_SIZE) +#endif .size __pthread_cond_timedwait, .-__pthread_cond_timedwait versioned_symbol (libpthread, __pthread_cond_timedwait, pthread_cond_timedwait, @@ -552,7 +787,7 @@ __condvar_tw_cleanup: call __lll_lock_wait 1: movl broadcast_seq(%ebx), %eax - cmpl 20(%esp), %eax + cmpl 12(%esp), %eax jne 3f /* We increment the wakeup_seq counter only if it is lower than @@ -706,6 +941,20 @@ __condvar_tw_cleanup: .long .LcleanupEND-.Lsub_cond_futex .long __condvar_tw_cleanup-.LSTARTCODE .uleb128 0 +#ifndef __ASSUME_FUTEX_CLOCK_REALTIME + .long .LcleanupSTART2-.LSTARTCODE + .long .Ladd_cond_futex2-.LcleanupSTART2 + .long __condvar_tw_cleanup-.LSTARTCODE + .uleb128 0 + .long .Ladd_cond_futex2-.LSTARTCODE + .long .Lsub_cond_futex2-.Ladd_cond_futex2 + .long __condvar_tw_cleanup2-.LSTARTCODE + .uleb128 0 + .long .Lsub_cond_futex2-.LSTARTCODE + .long .LcleanupEND2-.Lsub_cond_futex2 + .long __condvar_tw_cleanup-.LSTARTCODE + .uleb128 0 +#endif .long .LcallUR-.LSTARTCODE .long .LENDCODE-.LcallUR .long 0 -- 1.8.0.1 ++++++ readdir_r-overflow.patch ++++++ 2013-08-16 Florian Weimer <fweimer@redhat.com> [BZ #14699] CVE-2013-4237 * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode member. * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode member. * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. Return delayed error code. Remove GETDENTS_64BIT_ALIGNED conditional. * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define GETDENTS_64BIT_ALIGNED. * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. * manual/filesys.texi (Reading/Closing Directory): Document ENAMETOOLONG return value of readdir_r. Recommend readdir more strongly. * manual/conf.texi (Limits for Files): Add portability note to NAME_MAX, PATH_MAX. (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. Index: glibc-2.17/manual/conf.texi =================================================================== --- glibc-2.17.orig/manual/conf.texi +++ glibc-2.17/manual/conf.texi @@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues} @deftypevr Macro int NAME_MAX The uniform system limit (if any) for the length of a file name component, not including the terminating null character. + +@strong{Portability Note:} On some systems, @theglibc{} defines +@code{NAME_MAX}, but does not actually enforce this limit. @end deftypevr @comment limits.h @@ -1157,6 +1160,9 @@ including the terminating null character The uniform system limit (if any) for the length of an entire file name (that is, the argument given to system calls such as @code{open}), including the terminating null character. + +@strong{Portability Note:} @Theglibc{} does not enforce this limit +even if @code{PATH_MAX} is defined. @end deftypevr @cindex limits, pipe buffer size @@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_R Inquire about the value of @code{POSIX_REC_XFER_ALIGN}. @end table +@strong{Portability Note:} On some systems, @theglibc{} does not +enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits. + @node Utility Limits @section Utility Program Capacity Limits Index: glibc-2.17/manual/filesys.texi =================================================================== --- glibc-2.17.orig/manual/filesys.texi +++ glibc-2.17/manual/filesys.texi @@ -444,9 +444,9 @@ symbols are declared in the header file @comment POSIX.1 @deftypefun {struct dirent *} readdir (DIR *@var{dirstream}) This function reads the next entry from the directory. It normally -returns a pointer to a structure containing information about the file. -This structure is statically allocated and can be rewritten by a -subsequent call. +returns a pointer to a structure containing information about the +file. This structure is associated with the @var{dirstream} handle +and can be rewritten by a subsequent call. @strong{Portability Note:} On some systems @code{readdir} may not return entries for @file{.} and @file{..}, even though these are always @@ -461,19 +461,61 @@ conditions are defined for this function The @var{dirstream} argument is not valid. @end table -@code{readdir} is not thread safe. Multiple threads using -@code{readdir} on the same @var{dirstream} may overwrite the return -value. Use @code{readdir_r} when this is critical. +To distinguish between an end-of-directory condition or an error, you +must set @code{errno} to zero before calling @code{readdir}. To avoid +entering an infinite loop, you should stop reading from the directory +after the first error. + +In POSIX.1-2008, @code{readdir} is not thread-safe. In @theglibc{} +implementation, it is safe to call @code{readdir} concurrently on +different @var{dirstream}s, but multiple threads accessing the same +@var{dirstream} result in undefined behavior. @code{readdir_r} is a +fully thread-safe alternative, but suffers from poor portability (see +below). It is recommended that you use @code{readdir}, with external +locking if multiple threads access the same @var{dirstream}. @end deftypefun @comment dirent.h @comment GNU @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result}) -This function is the reentrant version of @code{readdir}. Like -@code{readdir} it returns the next entry from the directory. But to -prevent conflicts between simultaneously running threads the result is -not stored in statically allocated memory. Instead the argument -@var{entry} points to a place to store the result. +This function is a version of @code{readdir} which performs internal +locking. Like @code{readdir} it returns the next entry from the +directory. To prevent conflicts between simultaneously running +threads the result is stored inside the @var{entry} object. + +@strong{Portability Note:} It is recommended to use @code{readdir} +instead of @code{readdir_r} for the following reasons: + +@itemize @bullet +@item +On systems which do not define @code{NAME_MAX}, it may not be possible +to use @code{readdir_r} safely because the caller does not specify the +length of the buffer for the directory entry. + +@item +On some systems, @code{readdir_r} cannot read directory entries with +very long names. If such a name is encountered, @theglibc{} +implementation of @code{readdir_r} returns with an error code of +@code{ENAMETOOLONG} after the final directory entry has been read. On +other systems, @code{readdir_r} may return successfully, but the +@code{d_name} member may not be NUL-terminated or may be truncated. + +@item +POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe, +even when access to the same @var{dirstream} is serialized. But in +current implementations (including @theglibc{}), it is safe to call +@code{readdir} concurrently on different @var{dirstream}s, so there is +no need to use @code{readdir_r} in most multi-threaded programs. In +the rare case that multiple threads need to read from the same +@var{dirstream}, it is still better to use @code{readdir} and external +synchronization. + +@item +It is expected that future versions of POSIX will obsolete +@code{readdir_r} and mandate the level of thread safety for +@code{readdir} which is provided by @theglibc{} and other +implementations today. +@end itemize Normally @code{readdir_r} returns zero and sets @code{*@var{result}} to @var{entry}. If there are no more entries in the directory or an @@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets null pointer and returns a nonzero error code, also stored in @code{errno}, as described for @code{readdir}. -@strong{Portability Note:} On some systems @code{readdir_r} may not -return a NUL terminated string for the file name, even when there is no -@code{d_reclen} field in @code{struct dirent} and the file -name is the maximum allowed size. Modern systems all have the -@code{d_reclen} field, and on old systems multi-threading is not -critical. In any case there is no such problem with the @code{readdir} -function, so that even on systems without the @code{d_reclen} member one -could use multiple threads by using external locking. - It is also important to look at the definition of the @code{struct dirent} type. Simply passing a pointer to an object of this type for the second parameter of @code{readdir_r} might not be enough. Some Index: glibc-2.17/sysdeps/posix/dirstream.h =================================================================== --- glibc-2.17.orig/sysdeps/posix/dirstream.h +++ glibc-2.17/sysdeps/posix/dirstream.h @@ -39,6 +39,8 @@ struct __dirstream off_t filepos; /* Position of next entry to read. */ + int errcode; /* Delayed error code. */ + /* Directory block. */ char data[0] __attribute__ ((aligned (__alignof__ (void*)))); }; Index: glibc-2.17/sysdeps/posix/opendir.c =================================================================== --- glibc-2.17.orig/sysdeps/posix/opendir.c +++ glibc-2.17/sysdeps/posix/opendir.c @@ -230,6 +230,7 @@ __alloc_dir (int fd, bool close_fd, int dirp->size = 0; dirp->offset = 0; dirp->filepos = 0; + dirp->errcode = 0; return dirp; } Index: glibc-2.17/sysdeps/posix/readdir_r.c =================================================================== --- glibc-2.17.orig/sysdeps/posix/readdir_r.c +++ glibc-2.17/sysdeps/posix/readdir_r.c @@ -41,6 +41,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *ent DIRENT_TYPE *dp; size_t reclen; const int saved_errno = errno; + int ret; __libc_lock_lock (dirp->lock); @@ -71,10 +72,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *ent bytes = 0; __set_errno (saved_errno); } + if (bytes < 0) + dirp->errcode = errno; dp = NULL; - /* Reclen != 0 signals that an error occurred. */ - reclen = bytes != 0; break; } dirp->size = (size_t) bytes; @@ -107,29 +108,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *ent dirp->filepos += reclen; #endif - /* Skip deleted files. */ +#ifdef NAME_MAX + if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1) + { + /* The record is very long. It could still fit into the + caller-supplied buffer if we can skip padding at the + end. */ + size_t namelen = _D_EXACT_NAMLEN (dp); + if (namelen <= NAME_MAX) + reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1; + else + { + /* The name is too long. Ignore this file. */ + dirp->errcode = ENAMETOOLONG; + dp->d_ino = 0; + continue; + } + } +#endif + + /* Skip deleted and ignored files. */ } while (dp->d_ino == 0); if (dp != NULL) { -#ifdef GETDENTS_64BIT_ALIGNED - /* The d_reclen value might include padding which is not part of - the DIRENT_TYPE data structure. */ - reclen = MIN (reclen, - offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name)); -#endif *result = memcpy (entry, dp, reclen); -#ifdef GETDENTS_64BIT_ALIGNED +#ifdef _DIRENT_HAVE_D_RECLEN entry->d_reclen = reclen; #endif + ret = 0; } else - *result = NULL; + { + *result = NULL; + ret = dirp->errcode; + } __libc_lock_unlock (dirp->lock); - return dp != NULL ? 0 : reclen ? errno : 0; + return ret; } #ifdef __READDIR_R_ALIAS Index: glibc-2.17/sysdeps/posix/rewinddir.c =================================================================== --- glibc-2.17.orig/sysdeps/posix/rewinddir.c +++ glibc-2.17/sysdeps/posix/rewinddir.c @@ -33,6 +33,7 @@ rewinddir (dirp) dirp->filepos = 0; dirp->offset = 0; dirp->size = 0; + dirp->errcode = 0; #ifndef NOT_IN_libc __libc_lock_unlock (dirp->lock); #endif Index: glibc-2.17/sysdeps/unix/sysv/linux/i386/readdir64_r.c =================================================================== --- glibc-2.17.orig/sysdeps/unix/sysv/linux/i386/readdir64_r.c +++ glibc-2.17/sysdeps/unix/sysv/linux/i386/readdir64_r.c @@ -18,7 +18,6 @@ #define __READDIR_R __readdir64_r #define __GETDENTS __getdents64 #define DIRENT_TYPE struct dirent64 -#define GETDENTS_64BIT_ALIGNED 1 #include <sysdeps/posix/readdir_r.c> Index: glibc-2.17/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c =================================================================== --- glibc-2.17.orig/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c +++ glibc-2.17/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c @@ -1,5 +1,4 @@ #define readdir64_r __no_readdir64_r_decl -#define GETDENTS_64BIT_ALIGNED 1 #include <sysdeps/posix/readdir_r.c> #undef readdir64_r weak_alias (__readdir_r, readdir64_r) ++++++ regexp-overrun.patch ++++++ From a445af0bc722d620afed7683cd320c0e4c7c6059 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <schwab@suse.de> Date: Tue, 29 Jan 2013 14:45:15 +0100 Subject: [PATCH] Fix buffer overrun in regexp matcher [BZ #15078] * posix/regexec.c (extend_buffers): Add parameter min_len. (check_matching): Pass minimum needed length. (clean_state_log_if_needed): Likewise. (get_subexp): Likewise. * posix/Makefile (tests): Add bug-regex34. (bug-regex34-ENV): Define. * posix/bug-regex34.c: New file. --- ChangeLog | 9 +++++++++ NEWS | 3 ++- posix/Makefile | 3 ++- posix/bug-regex34.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ posix/regexec.c | 16 +++++++++------- 5 files changed, 68 insertions(+), 9 deletions(-) create mode 100644 posix/bug-regex34.c diff --git a/posix/Makefile b/posix/Makefile index 88d409f..2cacd21 100644 --- a/posix/Makefile +++ b/posix/Makefile @@ -86,7 +86,7 @@ tests := tstgetopt testfnm runtests runptests \ tst-rfc3484-3 \ tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \ bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ - bug-getopt5 tst-getopt_long1 + bug-getopt5 tst-getopt_long1 bug-regex34 xtests := bug-ga2 ifeq (yes,$(build-shared)) test-srcs := globtest @@ -199,6 +199,7 @@ bug-regex26-ENV = LOCPATH=$(common-objpfx)localedata bug-regex30-ENV = LOCPATH=$(common-objpfx)localedata bug-regex32-ENV = LOCPATH=$(common-objpfx)localedata bug-regex33-ENV = LOCPATH=$(common-objpfx)localedata +bug-regex34-ENV = LOCPATH=$(common-objpfx)localedata tst-rxspencer-ARGS = --utf8 rxspencer/tests tst-rxspencer-ENV = LOCPATH=$(common-objpfx)localedata tst-pcre-ARGS = PCRE.tests diff --git a/posix/bug-regex34.c b/posix/bug-regex34.c new file mode 100644 index 0000000..bb3b613 --- /dev/null +++ b/posix/bug-regex34.c @@ -0,0 +1,46 @@ +/* Test re_search with multi-byte characters in UTF-8. + Copyright (C) 2013 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#define _GNU_SOURCE 1 +#include <stdio.h> +#include <string.h> +#include <locale.h> +#include <regex.h> + +static int +do_test (void) +{ + struct re_pattern_buffer r; + /* ကျွန်ုပ်x */ + const char *s = "\xe1\x80\x80\xe1\x80\xbb\xe1\x80\xbd\xe1\x80\x94\xe1\x80\xba\xe1\x80\xaf\xe1\x80\x95\xe1\x80\xbax"; + + if (setlocale (LC_ALL, "en_US.UTF-8") == NULL) + { + puts ("setlocale failed"); + return 1; + } + memset (&r, 0, sizeof (r)); + + re_compile_pattern ("[^x]x", 5, &r); + /* This was triggering a buffer overflow. */ + re_search (&r, s, strlen (s), 0, strlen (s), 0); + return 0; +} + +#define TEST_FUNCTION do_test () +#include "../test-skeleton.c" diff --git a/posix/regexec.c b/posix/regexec.c index 7f2de85..5ca2bf6 100644 --- a/posix/regexec.c +++ b/posix/regexec.c @@ -197,7 +197,7 @@ static int group_nodes_into_DFAstates (const re_dfa_t *dfa, static int check_node_accept (const re_match_context_t *mctx, const re_token_t *node, int idx) internal_function; -static reg_errcode_t extend_buffers (re_match_context_t *mctx) +static reg_errcode_t extend_buffers (re_match_context_t *mctx, int min_len) internal_function;  /* Entry point for POSIX code. */ @@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match, || (BE (next_char_idx >= mctx->input.valid_len, 0) && mctx->input.valid_len < mctx->input.len)) { - err = extend_buffers (mctx); + err = extend_buffers (mctx, next_char_idx + 1); if (BE (err != REG_NOERROR, 0)) { assert (err == REG_ESPACE); @@ -1738,7 +1738,7 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx) && mctx->input.valid_len < mctx->input.len)) { reg_errcode_t err; - err = extend_buffers (mctx); + err = extend_buffers (mctx, next_state_log_idx + 1); if (BE (err != REG_NOERROR, 0)) return err; } @@ -2792,7 +2792,7 @@ get_subexp (re_match_context_t *mctx, int bkref_node, int bkref_str_idx) if (bkref_str_off >= mctx->input.len) break; - err = extend_buffers (mctx); + err = extend_buffers (mctx, bkref_str_off + 1); if (BE (err != REG_NOERROR, 0)) return err; @@ -4102,7 +4102,7 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node, static reg_errcode_t internal_function __attribute_warn_unused_result__ -extend_buffers (re_match_context_t *mctx) +extend_buffers (re_match_context_t *mctx, int min_len) { reg_errcode_t ret; re_string_t *pstr = &mctx->input; @@ -4111,8 +4111,10 @@ extend_buffers (re_match_context_t *mctx) if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0)) return REG_ESPACE; - /* Double the lengthes of the buffers. */ - ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2)); + /* Double the lengthes of the buffers, but allocate at least MIN_LEN. */ + ret = re_string_realloc_buffers (pstr, + MAX (min_len, + MIN (pstr->len, pstr->bufs_len * 2))); if (BE (ret != REG_NOERROR, 0)) return ret; -- 1.8.2.3 ++++++ strcoll-overflow.patch ++++++ ++++ 1105 lines (skipped)