Hello community,
here is the log from the commit of package glibc for openSUSE:Factory
checked in at Fri Jun 17 11:13:48 CEST 2011.
--------
--- glibc/glibc.changes 2011-06-15 14:42:49.000000000 +0200
+++ /mounts/work_src_done/STABLE/glibc/glibc.changes 2011-06-17 09:24:36.000000000 +0200
@@ -1,0 +2,22 @@
+Fri Jun 17 07:07:37 UTC 2011 - aj@suse.de
+
+- Do not package memusage and memusagestat since they require
+ lib-gd and that grows the build cycle.
+
+-------------------------------------------------------------------
+Thu Jun 16 18:37:19 UTC 2011 - aj@suse.de
+
+- Fix handling of shared library preloading.
+
+-------------------------------------------------------------------
+Thu Jun 16 13:33:23 UTC 2011 - aj@suse.de
+
+- Fix getaddrinfo IPv6 code (bnc#684534).
+- Split up glibc-devel-static subpackage (bnc#655261).
+
+-------------------------------------------------------------------
+Thu Jun 16 12:23:32 UTC 2011 - aj@suse.de
+
+- Reorder ld.so.conf library list (bnc#671725).
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
minmem
New:
----
glibc-2.13-dl-load.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glibc.spec ++++++
--- /var/tmp/diff_new_pack.yPKcrS/_old 2011-06-17 11:08:06.000000000 +0200
+++ /var/tmp/diff_new_pack.yPKcrS/_new 2011-06-17 11:08:06.000000000 +0200
@@ -19,11 +19,8 @@
Name: glibc
BuildRequires: gcc-c++
-BuildRequires: gd-devel
-BuildRequires: libpng-devel
BuildRequires: libselinux-devel
BuildRequires: libstdc++-devel
-BuildRequires: zlib-devel
%define _filter_GLIBC_PRIVATE 1
%define build_locales 1
%define run_testsuite 0
@@ -74,7 +71,7 @@
Obsoletes: glibc-32bit
%endif
Version: 2.13
-Release: 5
+Release: 7
Url: http://www.gnu.org/software/libc/libc.html
Source: glibc-%{version}-996cf2ef0727.tar.bz2
Source2: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.13.tar.bz2
@@ -149,7 +146,7 @@
Patch28: glibc-2.2-sunrpc.diff
# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch29: glibc-2.8-getconf.diff
-# PATCH-FIX-OPENSUSE only use ipv6 if real ipv6 address exists bnc#361697
+# PATCH-FIX-OPENSUSE only use ipv6 if real ipv6 address exists bnc#361697, bnc#684534
Patch30: getaddrinfo-ipv6-sanity.diff
# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch31: ppc-atomic.diff
@@ -199,6 +196,8 @@
Patch56: glibc-static-memcpy.diff
# FIX-OPENSUSE compile some files with -fno-strict-aliasing
Patch58: glibc-strict-aliasing.diff
+# PATCH-FIX-UPSTREAM fix preloading of shared libs aj@suse.de
+Patch59: glibc-2.13-dl-load.patch
# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
Patch500: ARM_glibc-2.10.1-local-eabi-wchar.diff
# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
@@ -312,6 +311,18 @@
These libraries are needed to develop programs which use the standard C
library.
+%package devel-static
+
+
+Summary: C library static libraries for -static linking
+Group: Development/Libraries/C and C++
+Requires: %{name}-devel = %{version}
+
+%description devel-static
+The glibc-devel-static package contains the C library static libraries
+for -static linking. You don't need these, unless you link statically,
+which is highly discouraged.
+
%package utils
License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+
Summary: Development utilities from GNU C library
@@ -418,6 +429,7 @@
%patch55 -p1
%patch56 -p1
%patch58
+%patch59 -p1
%ifarch %arm armv5tel armv7l
%patch500
%patch501
@@ -772,12 +784,8 @@
#
cat > $RPM_BUILD_ROOT/etc/ld.so.conf <ai_family == AF_INET6
@@ -22,7 +31,7 @@
{
gethosts (AF_INET6, struct in6_addr);
no_inet6_data = no_data;
-@@ -2157,7 +2157,7 @@ getaddrinfo (const char *name, const cha
+@@ -2156,7 +2156,7 @@ getaddrinfo (const char *name, const cha
if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET
|| hints->ai_family == AF_INET6)
{
++++++ glibc-2.13-dl-load.patch ++++++
2011-05-11 Ulrich Drepper
[BZ #12393]
* elf/dl-load.c (is_trusted_path): Remove unnecessary test.
(is_trusted_path_normalize): Skip initial colon. Append slash
to empty buffer. Duplicate is_trusted_path code but allow
constructed patch to be prefix.
(is_dst): Allow $ORIGIN followed by /.
(_dl_dst_substitute): Correct clearing of check_for_trusted.
Correct testing of result of is_trusted_path_normalize
(decompose_rpath): Fix warning.
2011-05-07 Petr Baudis
Ulrich Drepper
[BZ #12393]
* elf/dl-load.c (fillin_rpath): Move trusted path check...
(is_trusted_path): ...to here.
(is_trusted_path_normalize): Wrapper for /../ and /./ normalization.
(_dl_dst_substitute): Verify expanded $ORIGIN path elements
using is_trusted_path_normalize() in setuid scripts.
2011-03-14 Andreas Schwab
* elf/dl-load.c (_dl_dst_substitute): When skipping the first
rpath element also skip the following colon.
(expand_dynamic_string_token): Add is_path parameter and pass
down to DL_DST_REQUIRED and _dl_dst_substitute.
(decompose_rpath): Call expand_dynamic_string_token with
non-zero is_path. Ignore empty rpaths.
(_dl_map_object_from_fd): Call expand_dynamic_string_token
with zero is_path.
2011-03-06 Ulrich Drepper
* elf/dl-load.c (_dl_map_object): If we are looking for the first
to-be-loaded object along a path to loader is ld.so.
--- glibc-2.13/elf/dl-load.c 2011-05-20 21:53:43.766426054 +0200
+++ glibc-2.14/elf/dl-load.c 2011-05-31 09:59:16.781617374 +0200
@@ -1,5 +1,5 @@
/* Map in a shared object's segments from the file.
- Copyright (C) 1995-2005, 2006, 2007, 2009, 2010 Free Software Foundation, Inc.
+ Copyright (C) 1995-2007, 2009, 2010, 2011 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -168,6 +168,87 @@ local_strdup (const char *s)
}
+static bool
+is_trusted_path (const char *path, size_t len)
+{
+ const char *trun = system_dirs;
+
+ for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
+ {
+ if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0)
+ /* Found it. */
+ return true;
+
+ trun += system_dirs_len[idx] + 1;
+ }
+
+ return false;
+}
+
+
+static bool
+is_trusted_path_normalize (const char *path, size_t len)
+{
+ if (len == 0)
+ return false;
+
+ if (*path == ':')
+ {
+ ++path;
+ --len;
+ }
+
+ char *npath = (char *) alloca (len + 2);
+ char *wnp = npath;
+ while (*path != '\0')
+ {
+ if (path[0] == '/')
+ {
+ if (path[1] == '.')
+ {
+ if (path[2] == '.' && (path[3] == '/' || path[3] == '\0'))
+ {
+ while (wnp > npath && *--wnp != '/')
+ ;
+ path += 3;
+ continue;
+ }
+ else if (path[2] == '/' || path[2] == '\0')
+ {
+ path += 2;
+ continue;
+ }
+ }
+
+ if (wnp > npath && wnp[-1] == '/')
+ {
+ ++path;
+ continue;
+ }
+ }
+
+ *wnp++ = *path++;
+ }
+
+ if (wnp == npath || wnp[-1] != '/')
+ *wnp++ = '/';
+
+ const char *trun = system_dirs;
+
+ for (size_t idx = 0; idx < nsystem_dirs_len; ++idx)
+ {
+ if (wnp - npath >= system_dirs_len[idx]
+ && memcmp (trun, npath, system_dirs_len[idx]) == 0)
+ /* Found it. */
+ return true;
+
+ trun += system_dirs_len[idx] + 1;
+ }
+
+ return false;
+}
+
+
static size_t
is_dst (const char *start, const char *name, const char *str,
int is_path, int secure)
@@ -200,7 +281,8 @@ is_dst (const char *start, const char *n
return 0;
if (__builtin_expect (secure, 0)
- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
+ && ((name[len] != '\0' && name[len] != '/'
+ && (!is_path || name[len] != ':'))
|| (name != start + 1 && (!is_path || name[-2] != ':'))))
return 0;
@@ -240,13 +322,14 @@ _dl_dst_substitute (struct link_map *l,
int is_path)
{
const char *const start = name;
- char *last_elem, *wp;
/* Now fill the result path. While copying over the string we keep
track of the start of the last path element. When we come accross
a DST we copy over the value or (if the value is not available)
leave the entire path element out. */
- last_elem = wp = result;
+ char *wp = result;
+ char *last_elem = result;
+ bool check_for_trusted = false;
do
{
@@ -265,6 +348,9 @@ _dl_dst_substitute (struct link_map *l,
else
#endif
repl = l->l_origin;
+
+ check_for_trusted = (INTUSE(__libc_enable_secure)
+ && l->l_type == lt_executable);
}
else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
repl = GLRO(dl_platform);
@@ -284,6 +370,10 @@ _dl_dst_substitute (struct link_map *l,
name += len;
while (*name != '\0' && (!is_path || *name != ':'))
++name;
+ /* Also skip following colon if this is the first rpath
+ element, but keep an empty element at the end. */
+ if (wp == result && is_path && *name == ':' && name[1] != '\0')
+ ++name;
}
else
/* No DST we recognize. */
@@ -293,11 +383,28 @@ _dl_dst_substitute (struct link_map *l,
{
*wp++ = *name++;
if (is_path && *name == ':')
- last_elem = wp;
+ {
+ /* In SUID/SGID programs, after $ORIGIN expansion the
+ normalized path must be rooted in one of the trusted
+ directories. */
+ if (__builtin_expect (check_for_trusted, false)
+ && !is_trusted_path_normalize (last_elem, wp - last_elem))
+ wp = last_elem;
+ else
+ last_elem = wp;
+
+ check_for_trusted = false;
+ }
}
}
while (*name != '\0');
+ /* In SUID/SGID programs, after $ORIGIN expansion the normalized
+ path must be rooted in one of the trusted directories. */
+ if (__builtin_expect (check_for_trusted, false)
+ && !is_trusted_path_normalize (last_elem, wp - last_elem))
+ wp = last_elem;
+
*wp = '\0';
return result;
@@ -310,7 +417,7 @@ _dl_dst_substitute (struct link_map *l,
belonging to the map is loaded. In this case the path element
containing $ORIGIN is left out. */
static char *
-expand_dynamic_string_token (struct link_map *l, const char *s)
+expand_dynamic_string_token (struct link_map *l, const char *s, int is_path)
{
/* We make two runs over the string. First we determine how large the
resulting string is and then we copy it over. Since this is no
@@ -321,7 +428,7 @@ expand_dynamic_string_token (struct link
char *result;
/* Determine the number of DST elements. */
- cnt = DL_DST_COUNT (s, 1);
+ cnt = DL_DST_COUNT (s, is_path);
/* If we do not have to replace anything simply copy the string. */
if (__builtin_expect (cnt, 0) == 0)
@@ -335,7 +442,7 @@ expand_dynamic_string_token (struct link
if (result == NULL)
return NULL;
- return _dl_dst_substitute (l, s, result, 1);
+ return _dl_dst_substitute (l, s, result, is_path);
}
@@ -407,33 +514,8 @@ fillin_rpath (char *rpath, struct r_sear
cp[len++] = '/';
/* Make sure we don't use untrusted directories if we run SUID. */
- if (__builtin_expect (check_trusted, 0))
- {
- const char *trun = system_dirs;
- size_t idx;
- int unsecure = 1;
-
- /* All trusted directories must be complete names. */
- if (cp[0] == '/')
- {
- for (idx = 0; idx < nsystem_dirs_len; ++idx)
- {
- if (len == system_dirs_len[idx]
- && memcmp (trun, cp, len) == 0)
- {
- /* Found it. */
- unsecure = 0;
- break;
- }
-
- trun += system_dirs_len[idx] + 1;
- }
- }
-
- if (unsecure)
- /* Simply drop this directory. */
- continue;
- }
+ if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len))
+ continue;
/* See if this directory is already known. */
for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next)
@@ -551,13 +633,21 @@ decompose_rpath (struct r_search_path_st
/* Make a writable copy. At the same time expand possible dynamic
string tokens. */
- copy = expand_dynamic_string_token (l, rpath);
+ copy = expand_dynamic_string_token (l, rpath, 1);
if (copy == NULL)
{
errstring = N_("cannot create RUNPATH/RPATH copy");
goto signal_error;
}
+ /* Ignore empty rpaths. */
+ if (*copy == 0)
+ {
+ free (copy);
+ sps->dirs = (struct r_search_path_elem **) -1;
+ return false;
+ }
+
/* Count the number of necessary elements in the result array. */
nelems = 0;
for (cp = copy; *cp != '\0'; ++cp)
@@ -2109,7 +2201,9 @@ _dl_map_object (struct link_map *loader,
{
#ifdef SHARED
// XXX Correct to unconditionally default to namespace 0?
- l = loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded;
+ l = (loader
+ ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded
+ ?: &GL(dl_rtld_map));
#else
l = loader;
#endif
@@ -2175,7 +2269,7 @@ _dl_map_object (struct link_map *loader,
{
/* The path may contain dynamic string tokens. */
realname = (loader
- ? expand_dynamic_string_token (loader, name)
+ ? expand_dynamic_string_token (loader, name, 0)
: local_strdup (name));
if (realname == NULL)
fd = -1;
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org