jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

glibc: update for 8 new upstream fixes.

Browse source 
Patches created by
git format-patch -k -p glibc-2.25..origin/release/2.25/master
This commit is contained in:
Leah Neukirchen 2017-06-20 13:46:17 +02:00
parent 3a7ad332f9
commit 57c0281eb0
24 changed files with 997 additions and 220 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
srcpkgs/glibc/patches/glibc-upstream-01.patch → srcpkgs/glibc/patches/0001-Fix-getting-tunable-values-on-big-endian-BZ-21109.patch
View file

@ -1,7 +1,7 @@
From 58520986c38e34db60e07260c64c563e3efcf353 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu, 9 Feb 2017 17:28:54 +0100
Subject: [PATCH 01] Fix getting tunable values on big-endian (BZ #21109)
Subject: Fix getting tunable values on big-endian (BZ #21109)
The code to set value passed a tunable_val_t, which when cast to
int32_t on big-endian gives the wrong value. Instead, use
@ -9,16 +9,9 @@ tunable_val_t.numval instead, which can then be safely cast into
int32_t.
(cherry picked from commit 8cbc826c37c0221ada65a7a622fe079b4e89a4b0)
---
ChangeLog | 10 ++++++++++
NEWS | 6 ++++++
elf/dl-tunable-types.h | 4 ++--
elf/dl-tunables.c | 2 ++
malloc/arena.c | 8 ++++----
5 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index f140ee6..c88238e 100644
index f140ee67de..c88238e0fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
@ -36,7 +29,7 @@ index f140ee6..c88238e 100644
* version.h (RELEASE): Set to "stable"
diff --git a/NEWS b/NEWS
index ec15dde..325cac7 100644
index ec15dde761..325cac78e4 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ See the end for copying conditions.
@ -53,7 +46,7 @@ index ec15dde..325cac7 100644
* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
diff --git a/elf/dl-tunable-types.h b/elf/dl-tunable-types.h
index a986f0b..37a4e80 100644
index a986f0b593..37a4e8021f 100644
--- a/elf/dl-tunable-types.h
+++ b/elf/dl-tunable-types.h
@@ -21,8 +21,6 @@
@ -75,7 +68,7 @@ index a986f0b..37a4e80 100644
tunables for AT_SECURE binaries. */
typedef enum
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index a8d53d6..e42aa67 100644
index a8d53d6a31..e42aa67003 100644
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -455,6 +455,8 @@ __tunable_set_val (tunable_id_t id, void *valp, tunable_callback_t callback)
@ -88,7 +81,7 @@ index a8d53d6..e42aa67 100644
goto cb;
diff --git a/malloc/arena.c b/malloc/arena.c
index b91d7d6..d49e4a2 100644
index b91d7d6b16..d49e4a21c8 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -212,9 +212,9 @@ __malloc_fork_unlock_child (void)
@ -116,6 +109,5 @@ index b91d7d6..d49e4a2 100644
}
--
2.7.4.GIT
2.13.1

24
srcpkgs/glibc/patches/glibc-upstream-02.patch → srcpkgs/glibc/patches/0002-sunrpc-Avoid-use-after-free-read-access-in-clntudp_c.patch
View file

@ -1,8 +1,7 @@
From 045e368799cd253ddbf8bdec42ed92e8ebb3ce67 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 28 Feb 2017 17:05:46 +0100
Subject: [PATCH 02] sunrpc: Avoid use-after-free read access in
clntudp_call [BZ #21115]
Subject: sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
(CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
@ -14,17 +13,9 @@ to observe the invalid access. A malloc implementation which
immediately calls munmap on free would catch this bug as well.
(cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)
---
ChangeLog | 8 +++++++
NEWS | 1 +
sunrpc/Makefile | 3 ++-
sunrpc/clnt_udp.c | 2 +-
sunrpc/tst-udp-error.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 74 insertions(+), 2 deletions(-)
create mode 100644 sunrpc/tst-udp-error.c
diff --git a/ChangeLog b/ChangeLog
index c88238e..3d781a3 100644
index c88238e0fa..3d781a354a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
@ -40,7 +31,7 @@ index c88238e..3d781a3 100644
[BZ #21109]
diff --git a/NEWS b/NEWS
index 325cac7..5ecc565 100644
index 325cac78e4..5ecc565371 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Version 2.25.1
@ -52,7 +43,7 @@ index 325cac7..5ecc565 100644
Version 2.25
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index 0c1e612..daf8a28 100644
index 0c1e6124ff..daf8a28f1a 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -93,7 +93,7 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \
@ -73,7 +64,7 @@ index 0c1e612..daf8a28 100644
$(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
index 4d9acb1..1de25cb 100644
index 4d9acb1e6a..1de25cb771 100644
--- a/sunrpc/clnt_udp.c
+++ b/sunrpc/clnt_udp.c
@@ -421,9 +421,9 @@ send_again:
@ -89,7 +80,7 @@ index 4d9acb1..1de25cb 100644
free (cbuf);
diff --git a/sunrpc/tst-udp-error.c b/sunrpc/tst-udp-error.c
new file mode 100644
index 0000000..1efc02f
index 0000000000..1efc02f5c6
--- /dev/null
+++ b/sunrpc/tst-udp-error.c
@@ -0,0 +1,62 @@
@ -156,6 +147,5 @@ index 0000000..1efc02f
+
+#include <support/test-driver.c>
--
2.7.4.GIT
2.13.1

46
srcpkgs/glibc/patches/glibc-upstream-03.patch → srcpkgs/glibc/patches/0003-sunrpc-Improvements-for-UDP-client-timeout-handling-.patch
View file

@ -1,35 +1,16 @@
From 93cf93e06ce123439e41d3d62790601c313134cb Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 28 Feb 2017 17:36:00 +0100
Subject: [PATCH 03] sunrpc: Improvements for UDP client timeout handling
[BZ #20257]
Subject: sunrpc: Improvements for UDP client timeout handling [BZ #20257]
This commit fixes various aspects in the UDP client timeout handling.
Timeouts are now applied in a more consistent fashion. Discarded UDP
packets no longer prevent the timeout from happening at all.
(cherry picked from commit cf0bd2f73bd65beab613865bba567d7787836888)
---
ChangeLog | 23 +++
NEWS | 1 +
inet/Makefile | 8 +-
inet/deadline.c | 122 +++++++++++++
inet/net-internal.h | 89 ++++++++++
inet/tst-deadline.c | 188 ++++++++++++++++++++
sunrpc/Makefile | 10 +-
sunrpc/clnt_udp.c | 127 ++++++++------
sunrpc/tst-udp-garbage.c | 104 +++++++++++
sunrpc/tst-udp-nonblocking.c | 333 +++++++++++++++++++++++++++++++++++
sunrpc/tst-udp-timeout.c | 402 +++++++++++++++++++++++++++++++++++++++++++
11 files changed, 1348 insertions(+), 59 deletions(-)
create mode 100644 inet/deadline.c
create mode 100644 inet/tst-deadline.c
create mode 100644 sunrpc/tst-udp-garbage.c
create mode 100644 sunrpc/tst-udp-nonblocking.c
create mode 100644 sunrpc/tst-udp-timeout.c
diff --git a/ChangeLog b/ChangeLog
index 3d781a3..510ca42 100644
index 3d781a354a..510ca42c2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,26 @@
@ -60,7 +41,7 @@ index 3d781a3..510ca42 100644
[BZ #21115]
diff --git a/NEWS b/NEWS
index 5ecc565..e7d6668 100644
index 5ecc565371..e7d6668664 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ The following bugs are resolved with this release:
@ -72,7 +53,7 @@ index 5ecc565..e7d6668 100644
Version 2.25
diff --git a/inet/Makefile b/inet/Makefile
index 010792a..6a7d3e0 100644
index 010792af8f..6a7d3e0664 100644
--- a/inet/Makefile
+++ b/inet/Makefile
@@ -45,14 +45,18 @@ routines := htonl htons \
@ -98,7 +79,7 @@ index 010792a..6a7d3e0 100644
diff --git a/inet/deadline.c b/inet/deadline.c
new file mode 100644
index 0000000..c1fa415
index 0000000000..c1fa415a39
--- /dev/null
+++ b/inet/deadline.c
@@ -0,0 +1,122 @@
@ -225,7 +206,7 @@ index 0000000..c1fa415
+ return msec;
+}
diff --git a/inet/net-internal.h b/inet/net-internal.h
index 087597e..2b2632c 100644
index 087597ed99..2b2632c7ba 100644
--- a/inet/net-internal.h
+++ b/inet/net-internal.h
@@ -20,11 +20,100 @@
@ -331,7 +312,7 @@ index 087597e..2b2632c 100644
#endif /* _NET_INTERNAL_H */
diff --git a/inet/tst-deadline.c b/inet/tst-deadline.c
new file mode 100644
index 0000000..ed04345
index 0000000000..ed04345c35
--- /dev/null
+++ b/inet/tst-deadline.c
@@ -0,0 +1,188 @@
@ -524,7 +505,7 @@ index 0000000..ed04345
+
+#include <support/test-driver.c>
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index daf8a28..7e5d295 100644
index daf8a28f1a..7e5d2955a0 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -93,11 +93,12 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \
@ -552,7 +533,7 @@ index daf8a28..7e5d295 100644
+$(objpfx)tst-udp-garbage: \
+ $(common-objpfx)linkobj/libc.so $(shared-thread-library)
diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
index 1de25cb..6ce16eb 100644
index 1de25cb771..6ce16eb298 100644
--- a/sunrpc/clnt_udp.c
+++ b/sunrpc/clnt_udp.c
@@ -55,6 +55,7 @@
@ -750,7 +731,7 @@ index 1de25cb..6ce16eb 100644
/*
diff --git a/sunrpc/tst-udp-garbage.c b/sunrpc/tst-udp-garbage.c
new file mode 100644
index 0000000..4abda93
index 0000000000..4abda93f08
--- /dev/null
+++ b/sunrpc/tst-udp-garbage.c
@@ -0,0 +1,104 @@
@ -860,7 +841,7 @@ index 0000000..4abda93
+#include <support/test-driver.c>
diff --git a/sunrpc/tst-udp-nonblocking.c b/sunrpc/tst-udp-nonblocking.c
new file mode 100644
index 0000000..1d6a7f4
index 0000000000..1d6a7f4b56
--- /dev/null
+++ b/sunrpc/tst-udp-nonblocking.c
@@ -0,0 +1,333 @@
@ -1199,7 +1180,7 @@ index 0000000..1d6a7f4
+#include <support/test-driver.c>
diff --git a/sunrpc/tst-udp-timeout.c b/sunrpc/tst-udp-timeout.c
new file mode 100644
index 0000000..db9943a
index 0000000000..db9943a03e
--- /dev/null
+++ b/sunrpc/tst-udp-timeout.c
@@ -0,0 +1,402 @@
@ -1606,6 +1587,5 @@ index 0000000..db9943a
+#define TIMEOUT 25
+#include <support/test-driver.c>
--
2.7.4.GIT
2.13.1

37
srcpkgs/glibc/patches/glibc-upstream-04.patch → srcpkgs/glibc/patches/0004-Document-and-fix-enable-bind-now-BZ-21015.patch
View file

@ -1,24 +1,12 @@
From 69e0a87cc4c570e3b7218392fc3e743b5bddcce2 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 2 Mar 2017 20:11:27 +0100
Subject: [PATCH 04] Document and fix --enable-bind-now [BZ #21015]
Subject: Document and fix --enable-bind-now [BZ #21015]
(cherry picked from commit 2d6ab5df3b675e96ee587ae6a8c2ce004c6b1ba9)
---
ChangeLog | 17 +++++++++++++++++
INSTALL | 6 ++++++
Makeconfig | 7 +++++++
Makerules | 9 +++------
NEWS | 1 +
iconvdata/Makefile | 5 +++++
manual/install.texi | 6 ++++++
sysdeps/unix/sysv/linux/alpha/localplt.data | 2 +-
sysdeps/unix/sysv/linux/i386/localplt.data | 2 +-
sysdeps/x86_64/localplt.data | 2 +-
10 files changed, 48 insertions(+), 9 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 510ca42..8aaf9f8 100644
index 510ca42c2b..8aaf9f825d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
@ -43,7 +31,7 @@ index 510ca42..8aaf9f8 100644
[BZ #20257]
diff --git a/INSTALL b/INSTALL
index 3b3fd12..e77cb2d 100644
index 3b3fd121b2..e77cb2d4e2 100644
--- a/INSTALL
+++ b/INSTALL
@@ -146,6 +146,12 @@ will be used, and CFLAGS sets optimization options for the compiler.
@ -60,7 +48,7 @@ index 3b3fd12..e77cb2d 100644
The file 'pt_chown' is a helper binary for 'grantpt' (*note
Pseudo-Terminals: Allocation.) that is installed setuid root to fix
diff --git a/Makeconfig b/Makeconfig
index 97a15b5..1c81511 100644
index 97a15b569e..1c815113b9 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -386,6 +386,13 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
@ -78,7 +66,7 @@ index 97a15b5..1c81511 100644
# This is invoked with $(call after-link,...), so it should operate on
# the file $1. This can be set to do some sort of post-processing on
diff --git a/Makerules b/Makerules
index e9194e5..7f0eef8 100644
index e9194e54cf..7f0eef8096 100644
--- a/Makerules
+++ b/Makerules
@@ -588,7 +588,7 @@ $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
@ -112,7 +100,7 @@ index e9194e5..7f0eef8 100644
| sed -n -f $< > $@.new
test -s $@.new
diff --git a/NEWS b/NEWS
index e7d6668..9bf8c10 100644
index e7d6668664..9bf8c10926 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ The following bugs are resolved with this release:
@ -124,7 +112,7 @@ index e7d6668..9bf8c10 100644
Version 2.25
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index 04157b2..e484587 100644
index 04157b25c5..e4845871f5 100644
--- a/iconvdata/Makefile
+++ b/iconvdata/Makefile
@@ -63,6 +63,11 @@ modules := ISO8859-1 ISO8859-2 ISO8859-3 ISO8859-4 ISO8859-5 \
@ -140,7 +128,7 @@ index 04157b2..e484587 100644
ifeq (yes,$(build-shared))
diff --git a/manual/install.texi b/manual/install.texi
index 266add8..3398cfa 100644
index 266add8ba9..3398cfab02 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -175,6 +175,12 @@ options to detect stack overruns. Only the dynamic linker and a small
@ -157,7 +145,7 @@ index 266add8..3398cfa 100644
@findex grantpt
@item --enable-pt_chown
diff --git a/sysdeps/unix/sysv/linux/alpha/localplt.data b/sysdeps/unix/sysv/linux/alpha/localplt.data
index cca17f1..1f0e3b4 100644
index cca17f1e34..1f0e3b494e 100644
--- a/sysdeps/unix/sysv/linux/alpha/localplt.data
+++ b/sysdeps/unix/sysv/linux/alpha/localplt.data
@@ -20,7 +20,7 @@ libc.so: free + RELA R_ALPHA_GLOB_DAT
@ -170,7 +158,7 @@ index cca17f1..1f0e3b4 100644
# Ought to reorg things such that carg isn't thus forced to use a plt.
libm.so: __atan2
diff --git a/sysdeps/unix/sysv/linux/i386/localplt.data b/sysdeps/unix/sysv/linux/i386/localplt.data
index 2c25849..8ea4333 100644
index 2c2584956d..8ea4333846 100644
--- a/sysdeps/unix/sysv/linux/i386/localplt.data
+++ b/sysdeps/unix/sysv/linux/i386/localplt.data
@@ -6,7 +6,7 @@ libc.so: free + REL R_386_GLOB_DAT
@ -183,7 +171,7 @@ index 2c25849..8ea4333 100644
# allocations after the initial link (when dlopen is used).
ld.so: malloc + REL R_386_GLOB_DAT
diff --git a/sysdeps/x86_64/localplt.data b/sysdeps/x86_64/localplt.data
index 014a9f4..a1840cf 100644
index 014a9f4554..a1840cff31 100644
--- a/sysdeps/x86_64/localplt.data
+++ b/sysdeps/x86_64/localplt.data
@@ -8,7 +8,7 @@ libc.so: free + RELA R_X86_64_GLOB_DAT
@ -196,6 +184,5 @@ index 014a9f4..a1840cf 100644
# allocations after the initial link (when dlopen is used).
ld.so: malloc + RELA R_X86_64_GLOB_DAT
--
2.7.4.GIT
2.13.1

13
srcpkgs/glibc/patches/glibc-upstream-05.patch → srcpkgs/glibc/patches/0005-hppa-Fix-setting-of-__libc_stack_end.patch
View file

@ -1,7 +1,7 @@
From 8b3caa41b9cb82651e72a0c87aa56719c134000e Mon Sep 17 00:00:00 2001
From: John David Anglin <dave.anglin@bell.net>
Date: Mon, 20 Feb 2017 20:31:57 -0500
Subject: [PATCH 05] hppa: Fix setting of __libc_stack_end
Subject: hppa: Fix setting of __libc_stack_end
The binutils package was recently changed to fix -z relro support on hppa.
See ld/21000 for details:
@ -16,13 +16,9 @@ A build log with the attached patch is here:
https://buildd.debian.org/status/fetch.php?pkg=glibc&arch=hppa&ver=2.24-9&stamp=1487639205&raw=0
(cherry picked from commit 5d20a49aaccef5ef7adac93d5ca159f6b7ba0105)
---
ChangeLog | 5 +++++
sysdeps/hppa/dl-machine.h | 9 ++++-----
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8aaf9f8..d8ed2e4 100644
index 8aaf9f825d..d8ed2e4d90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
@ -35,7 +31,7 @@ index 8aaf9f8..d8ed2e4 100644
[BZ #21015]
diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
index 339c7bb..787b95f 100644
index 339c7bb771..787b95f502 100644
--- a/sysdeps/hppa/dl-machine.h
+++ b/sysdeps/hppa/dl-machine.h
@@ -302,6 +302,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
@ -62,6 +58,5 @@ index 339c7bb..787b95f 100644
name as an extra leading argument. */ \
" addil LT'_dl_skip_args,%r19\n" \
--
2.7.4.GIT
2.13.1

15
srcpkgs/glibc/patches/glibc-upstream-06.patch → srcpkgs/glibc/patches/0006-x86_64-fix-static-build-of-__mempcpy_chk-for-compile.patch
View file

@ -1,8 +1,8 @@
From 0889003c67f9c2f520a37281c4b5c3b8a9861f46 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 12 Mar 2017 15:12:21 -0700
Subject: [PATCH 06] x86_64: fix static build of __mempcpy_chk for compilers
defaulting to PIC/PIE
Subject: x86_64: fix static build of __mempcpy_chk for compilers defaulting to
PIC/PIE
When glibc is compiled with gcc 6.2 that has been configured with
to default to PIC/PIE, the static version of __mempcpy_chk is not built,
@ -15,13 +15,9 @@ SHARED, like it is done for similar functions like __memcpy_chk.
instead of PIC.
(cherry picked from commit fbe355fbd1973d6e29561084b3eaeb4bfe9d515a)
---
ChangeLog | 5 +++++
sysdeps/x86_64/mempcpy_chk.S | 2 +-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index d8ed2e4..c29a70a 100644
index d8ed2e4d90..c29a70aa72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
@ -34,7 +30,7 @@ index d8ed2e4..c29a70a 100644
* sysdeps/hppa/dl-machine.h (DL_STACK_END): Define.
diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S
index f8a9260..f912291 100644
index f8a9260e6e..f912291576 100644
--- a/sysdeps/x86_64/mempcpy_chk.S
+++ b/sysdeps/x86_64/mempcpy_chk.S
@@ -19,7 +19,7 @@
@ -47,6 +43,5 @@ index f8a9260..f912291 100644
For libc.a, this is a separate source to avoid
mempcpy bringing in __chk_fail and all routines
--
2.7.4.GIT
2.13.1

13
srcpkgs/glibc/patches/glibc-upstream-07.patch → srcpkgs/glibc/patches/0007-posix_spawn-fix-stack-setup-on-ia64-BZ-21275.patch
View file

@ -1,7 +1,7 @@
From 27ab0d9518746dfb59ed2ba59daefc981dc10e38 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 20 Mar 2017 04:47:56 -0400
Subject: [PATCH 07] posix_spawn: fix stack setup on ia64 [BZ #21275]
Subject: posix_spawn: fix stack setup on ia64 [BZ #21275]
The ia64-specific clone2 call expects the base of the stack mapping and
the stack size as sep arguments, not an initial stack value as on other
@ -10,13 +10,9 @@ pass in the right stack base.
Reported-by: Matt Turner <mattst88@gentoo.org>
(cherry picked from commit ddc3fb333469c2997798742dc0509dc1e3201d91)
---
ChangeLog | 8 ++++++++
sysdeps/unix/sysv/linux/spawni.c | 11 ++++++-----
2 files changed, 14 insertions(+), 5 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c29a70a..ef5388c 100644
index c29a70aa72..ef5388c2c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
@ -32,7 +28,7 @@ index c29a70a..ef5388c 100644
* sysdeps/x86_64/mempcpy_chk.S (__mempcpy_chk): Check for SHARED
diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
index 2daf0c5..c96aac8 100644
index 2daf0c5ef0..c96aac889d 100644
--- a/sysdeps/unix/sysv/linux/spawni.c
+++ b/sysdeps/unix/sysv/linux/spawni.c
@@ -61,17 +61,18 @@
@ -60,6 +56,5 @@ index 2daf0c5..c96aac8 100644
--
2.7.4.GIT
2.13.1

16
srcpkgs/glibc/patches/glibc-upstream-08.patch → srcpkgs/glibc/patches/0008-fts-Fix-symbol-redirect-for-fts_set-BZ-21289.patch
View file

@ -1,20 +1,15 @@
From f035c8d055f25eaf6c93772f308afac10ce31ef2 Mon Sep 17 00:00:00 2001
From: Slava Barinov <v.barinov@samsung.com>
Date: Fri, 31 Mar 2017 08:49:25 +0200
Subject: [PATCH 08] fts: Fix symbol redirect for fts_set [BZ #21289]
Subject: fts: Fix symbol redirect for fts_set [BZ #21289]
In a 32-bit environment with _FILE_OFFSET_BITS=64, the __REDIRECT macro
combined with __THROW generates an invalid C++ declaration.
(cherry picked from commit ce39613205dc47ceaeea76710d49e7a483b503ab)
---
ChangeLog | 5 +++++
NEWS | 5 +++--
io/fts.h | 2 +-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index ef5388c..85d6fc6 100644
index ef5388c2c3..85d6fc6192 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
@ -27,7 +22,7 @@ index ef5388c..85d6fc6 100644
[BZ #21275]
diff --git a/NEWS b/NEWS
index 9bf8c10..fee1cf8 100644
index 9bf8c10926..fee1cf8ca8 100644
--- a/NEWS
+++ b/NEWS
@@ -9,10 +9,11 @@ Version 2.25.1
@ -45,7 +40,7 @@ index 9bf8c10..fee1cf8 100644
Version 2.25
diff --git a/io/fts.h b/io/fts.h
index b9cff53..ab15567 100644
index b9cff534e9..ab15567001 100644
--- a/io/fts.h
+++ b/io/fts.h
@@ -193,7 +193,7 @@ FTS *__REDIRECT (fts_open, (char * const *, int,
@ -58,6 +53,5 @@ index b9cff53..ab15567 100644
# define fts_children fts64_children
# define fts_close fts64_close
--
2.7.4.GIT
2.13.1

15
srcpkgs/glibc/patches/glibc-upstream-09.patch → srcpkgs/glibc/patches/0009-Call-the-right-helper-function-when-setting-mallopt-.patch
View file

@ -1,8 +1,8 @@
From 74522eeeaa4a39809a28f44171e71d36a69edb58 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Sat, 1 Apr 2017 12:39:09 +0530
Subject: [PATCH 09] Call the right helper function when setting mallopt
M_ARENA_MAX (BZ #21338)
Subject: Call the right helper function when setting mallopt M_ARENA_MAX (BZ
#21338)
Fixes a typo introduced in commit
be7991c0705e35b4d70a419d117addcd6c627319. This caused
@ -13,13 +13,9 @@ wrong internal parameter.
[BZ #21338]
* malloc/malloc.c: Call do_set_arena_max for M_ARENA_MAX
instead of incorrect do_set_arena_test
---
ChangeLog | 6 ++++++
malloc/malloc.c | 2 +-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index 85d6fc6..321bf53 100644
index 85d6fc6192..321bf53191 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
@ -33,7 +29,7 @@ index 85d6fc6..321bf53 100644
[BZ #21289]
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 4885793..4e07663 100644
index 4885793905..4e076638b0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4902,7 +4902,7 @@ __libc_mallopt (int param_number, int value)
@ -46,6 +42,5 @@ index 4885793..4e07663 100644
}
__libc_lock_unlock (av->mutex);
--
2.7.4.GIT
2.13.1

14
srcpkgs/glibc/patches/glibc-upstream-10.patch → srcpkgs/glibc/patches/0010-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch
View file

@ -1,8 +1,7 @@
From df29db0bec24211cfc917db52024bf8deecac2c9 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 15 Mar 2017 23:59:31 -0700
Subject: [PATCH 10] posix_spawn: use a larger min stack for -fstack-check
[BZ #21253]
Subject: posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
When glibc is built with -fstack-check, trying to use posix_spawn can
lead to segfaults due to gcc internally probing stack memory too far.
@ -30,13 +29,9 @@ enough to trigger the problem:
[1] https://gcc.gnu.org/onlinedocs/gcc-6.3.0/gccint/Stack-Checking.html
(cherry picked from commit 21f042c804835d1f7a4a8e06f2c93ca35a182042)
---
ChangeLog | 6 ++++++
sysdeps/unix/sysv/linux/spawni.c | 5 +++++
2 files changed, 11 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index 321bf53..b37a054 100644
index 321bf53191..b37a054bae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
@ -50,7 +45,7 @@ index 321bf53..b37a054 100644
[BZ# 21338]
diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
index c96aac8..29d8f25 100644
index c96aac889d..29d8f25ab5 100644
--- a/sysdeps/unix/sysv/linux/spawni.c
+++ b/sysdeps/unix/sysv/linux/spawni.c
@@ -319,6 +319,11 @@ __spawnix (pid_t * pid, const char *file,
@ -66,6 +61,5 @@ index c96aac8..29d8f25 100644
void *stack = __mmap (NULL, stack_size, prot,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
--
2.7.4.GIT
2.13.1

18
srcpkgs/glibc/patches/glibc-upstream-11.patch → srcpkgs/glibc/patches/0011-x86-64-Improve-branch-predication-in-_dl_runtime_res.patch
View file

@ -1,8 +1,8 @@
From 903b77defb6f2ee2552c06472339f33091e3c7b4 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 21 Mar 2017 10:59:31 -0700
Subject: [PATCH 11] x86-64: Improve branch predication in
_dl_runtime_resolve_avx512_opt [BZ #21258]
Subject: x86-64: Improve branch predication in _dl_runtime_resolve_avx512_opt
[BZ #21258]
On Skylake server, _dl_runtime_resolve_avx512_opt is used to preserve
the first 8 vector registers. The code layout is
@ -35,14 +35,9 @@ Tested on Skylake server.
Fallthrough to _dl_runtime_resolve_sse_vex.
(cherry picked from commit c15f8eb50cea7ad1a4ccece6e0982bf426d52c00)
---
ChangeLog | 9 +++++++++
sysdeps/x86_64/dl-trampoline.S | 3 +--
sysdeps/x86_64/dl-trampoline.h | 9 +++++----
3 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index b37a054..8479fba 100644
index b37a054bae..8479fba8c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
@ -59,7 +54,7 @@ index b37a054..8479fba 100644
[BZ #21253]
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
index 33d7fcf..c14c61a 100644
index 33d7fcf7d0..c14c61aa58 100644
--- a/sysdeps/x86_64/dl-trampoline.S
+++ b/sysdeps/x86_64/dl-trampoline.S
@@ -87,11 +87,9 @@
@ -81,7 +76,7 @@ index 33d7fcf..c14c61a 100644
+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
#include "dl-trampoline.h"
diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h
index b27fa06..8db24c1 100644
index b27fa06974..8db24c16ac 100644
--- a/sysdeps/x86_64/dl-trampoline.h
+++ b/sysdeps/x86_64/dl-trampoline.h
@@ -129,19 +129,20 @@ _dl_runtime_resolve_opt:
@ -110,6 +105,5 @@ index b27fa06..8db24c1 100644
# error Unsupported VEC_SIZE!
# endif
--
2.7.4.GIT
2.13.1

13
srcpkgs/glibc/patches/glibc-upstream-12.patch → srcpkgs/glibc/patches/0012-posix-Add-cleanup-on-the-trap-list-for-globtest.sh.patch
View file

@ -1,7 +1,7 @@
From b30b1c97ccfe72e82b0c95bb55274b5660bc539e Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue, 11 Apr 2017 15:08:02 -0300
Subject: [PATCH 12] posix: Add cleanup on the trap list for globtest.sh
Subject: posix: Add cleanup on the trap list for globtest.sh
This patch prevents lingering files for SIGSEGV failures by adding
a cleanup handler on trap handler. Checked on x86_64-linux-gnu.
@ -9,13 +9,9 @@ a cleanup handler on trap handler. Checked on x86_64-linux-gnu.
* posix/globtest.sh: Add cleanup routine on trap 0.
Cherry-pick of 4fee33f.
---
ChangeLog | 4 ++++
posix/globtest.sh | 9 ++++++---
2 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 8479fba..4962000 100644
index 8479fba8c4..4962000b47 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
@ -27,7 +23,7 @@ index 8479fba..4962000 100644
[BZ #21258]
diff --git a/posix/globtest.sh b/posix/globtest.sh
index f9cc80b..73f7ae3 100755
index f9cc80b4b5..73f7ae31cc 100755
--- a/posix/globtest.sh
+++ b/posix/globtest.sh
@@ -47,7 +47,12 @@ testout=${common_objpfx}posix/globtest-out
@ -54,6 +50,5 @@ index f9cc80b..73f7ae3 100755
fi
--
2.7.4.GIT
2.13.1

16
srcpkgs/glibc/patches/glibc-upstream-13.patch → srcpkgs/glibc/patches/0013-x86-Set-Prefer_No_VZEROUPPER-if-AVX512ER-is-availabl.patch
View file

@ -1,7 +1,7 @@
From 4c6f97798fe1854a32b1199c42370eac1620eebf Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 28 Apr 2017 10:03:09 -0700
Subject: [PATCH 13] x86: Set Prefer_No_VZEROUPPER if AVX512ER is available
Subject: x86: Set Prefer_No_VZEROUPPER if AVX512ER is available
AVX512ER won't be implemented in any Xeon processors and will be in
all Xeon Phi processors. Don't check CPU model number when setting
@ -29,14 +29,9 @@ and non-Xeon Phi processors.
(reg_AVX512VL): Likewise.
(cherry picked from commit 1c53cb49de6d82d9469ccbd5aa0c55924502bd8b)
---
ChangeLog | 21 +++++++++++++++++++++
sysdeps/x86/cpu-features.c | 8 ++++++--
sysdeps/x86/cpu-features.h | 15 +++++++++++++++
3 files changed, 42 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 4962000..dc49c78 100644
index 4962000b47..dc49c78b8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
@ -65,7 +60,7 @@ index 4962000..dc49c78 100644
* posix/globtest.sh: Add cleanup routine on trap 0.
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 1c714a4..41d0be2 100644
index 1c714a4017..41d0be2815 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -139,8 +139,6 @@ init_cpu_features (struct cpu_features *cpu_features)
@ -91,7 +86,7 @@ index 1c714a4..41d0be2 100644
If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 95f0fcf..2ee8a0a 100644
index 95f0fcff87..2ee8a0a350 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -62,6 +62,11 @@
@ -131,6 +126,5 @@ index 95f0fcf..2ee8a0a 100644
# define reg_RTM ebx
# define reg_FMA ecx
--
2.7.4.GIT
2.13.1

41
srcpkgs/glibc/patches/glibc-upstream-14.patch → srcpkgs/glibc/patches/0014-x86-Use-AVX2-memcpy-memset-on-Skylake-server-BZ-2139.patch
View file

@ -1,8 +1,7 @@
From 06d79808f6faf6025c5a7d4e27d949a8216275cc Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 28 Apr 2017 10:04:15 -0700
Subject: [PATCH 14] x86: Use AVX2 memcpy/memset on Skylake server [BZ
#21396]
Subject: x86: Use AVX2 memcpy/memset on Skylake server [BZ #21396]
On Skylake server, AVX512 load/store instructions in memcpy/memset may
lead to lower CPU turbo frequency in certain situations. Use of AVX2
@ -33,22 +32,9 @@ used on Skylake server.
Likewise.
(cherry picked from commit 4cb334c4d6249686653137ec273d081371b3672d)
---
ChangeLog | 21 +++++++++++++++++++++
sysdeps/x86/cpu-features.c | 6 +++++-
sysdeps/x86/cpu-features.h | 3 +++
sysdeps/x86_64/multiarch/memcpy.S | 2 ++
sysdeps/x86_64/multiarch/memcpy_chk.S | 2 ++
sysdeps/x86_64/multiarch/memmove.S | 2 ++
sysdeps/x86_64/multiarch/memmove_chk.S | 2 ++
sysdeps/x86_64/multiarch/mempcpy.S | 2 ++
sysdeps/x86_64/multiarch/mempcpy_chk.S | 2 ++
sysdeps/x86_64/multiarch/memset.S | 2 ++
sysdeps/x86_64/multiarch/memset_chk.S | 2 ++
11 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index dc49c78..adebc03 100644
index dc49c78b8c..adebc03b78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,26 @@
@ -79,7 +65,7 @@ index dc49c78..adebc03 100644
Prefer_No_VZEROUPPER if AVX512ER is available.
* sysdeps/x86/cpu-features.h
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 41d0be2..9afd74c 100644
index 41d0be2815..9afd74c42e 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -225,10 +225,14 @@ init_cpu_features (struct cpu_features *cpu_features)
@ -99,7 +85,7 @@ index 41d0be2..9afd74c 100644
/* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 2ee8a0a..a409db6 100644
index 2ee8a0a350..a409db67d8 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -39,6 +39,7 @@
@ -127,7 +113,7 @@ index 2ee8a0a..a409db6 100644
#endif /* !__ASSEMBLER__ */
diff --git a/sysdeps/x86_64/multiarch/memcpy.S b/sysdeps/x86_64/multiarch/memcpy.S
index 1f83ee3..af27703 100644
index 1f83ee3e84..af2770397c 100644
--- a/sysdeps/x86_64/multiarch/memcpy.S
+++ b/sysdeps/x86_64/multiarch/memcpy.S
@@ -32,6 +32,8 @@ ENTRY(__new_memcpy)
@ -140,7 +126,7 @@ index 1f83ee3..af27703 100644
jz 1f
lea __memcpy_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.S b/sysdeps/x86_64/multiarch/memcpy_chk.S
index 5492342..8737fb9 100644
index 54923420f1..8737fb9755 100644
--- a/sysdeps/x86_64/multiarch/memcpy_chk.S
+++ b/sysdeps/x86_64/multiarch/memcpy_chk.S
@@ -30,6 +30,8 @@
@ -153,7 +139,7 @@ index 5492342..8737fb9 100644
jz 1f
lea __memcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memmove.S b/sysdeps/x86_64/multiarch/memmove.S
index 2021bfc..8c534e8 100644
index 2021bfc30c..8c534e83e0 100644
--- a/sysdeps/x86_64/multiarch/memmove.S
+++ b/sysdeps/x86_64/multiarch/memmove.S
@@ -30,6 +30,8 @@ ENTRY(__libc_memmove)
@ -166,7 +152,7 @@ index 2021bfc..8c534e8 100644
jz 1f
lea __memmove_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memmove_chk.S b/sysdeps/x86_64/multiarch/memmove_chk.S
index 8a252ad..7870dd0 100644
index 8a252adcae..7870dd0247 100644
--- a/sysdeps/x86_64/multiarch/memmove_chk.S
+++ b/sysdeps/x86_64/multiarch/memmove_chk.S
@@ -29,6 +29,8 @@
@ -179,7 +165,7 @@ index 8a252ad..7870dd0 100644
jz 1f
lea __memmove_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/mempcpy.S b/sysdeps/x86_64/multiarch/mempcpy.S
index 79c840d..b8b2b28 100644
index 79c840d075..b8b2b28094 100644
--- a/sysdeps/x86_64/multiarch/mempcpy.S
+++ b/sysdeps/x86_64/multiarch/mempcpy.S
@@ -32,6 +32,8 @@ ENTRY(__mempcpy)
@ -192,7 +178,7 @@ index 79c840d..b8b2b28 100644
jz 1f
lea __mempcpy_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.S b/sysdeps/x86_64/multiarch/mempcpy_chk.S
index 6927962..072b22c 100644
index 6927962e81..072b22c49f 100644
--- a/sysdeps/x86_64/multiarch/mempcpy_chk.S
+++ b/sysdeps/x86_64/multiarch/mempcpy_chk.S
@@ -30,6 +30,8 @@
@ -205,7 +191,7 @@ index 6927962..072b22c 100644
jz 1f
lea __mempcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memset.S b/sysdeps/x86_64/multiarch/memset.S
index c958b2f..9d33118 100644
index c958b2f49f..9d33118cf8 100644
--- a/sysdeps/x86_64/multiarch/memset.S
+++ b/sysdeps/x86_64/multiarch/memset.S
@@ -41,6 +41,8 @@ ENTRY(memset)
@ -218,7 +204,7 @@ index c958b2f..9d33118 100644
jz 2f
lea __memset_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memset_chk.S b/sysdeps/x86_64/multiarch/memset_chk.S
index 79eaa37..7e08311 100644
index 79eaa37bb6..7e08311cdf 100644
--- a/sysdeps/x86_64/multiarch/memset_chk.S
+++ b/sysdeps/x86_64/multiarch/memset_chk.S
@@ -38,6 +38,8 @@ ENTRY(__memset_chk)
@ -231,6 +217,5 @@ index 79eaa37..7e08311 100644
jz 2f
lea __memset_chk_avx512_no_vzeroupper(%rip), %RAX_LP
--
2.7.4.GIT
2.13.1

15
srcpkgs/glibc/patches/glibc-upstream-15.patch → srcpkgs/glibc/patches/0015-Fix-i686-memchr-overflow-calculation-BZ-21182.patch
View file

@ -1,7 +1,7 @@
From ccb4fd7a657b0fbc4890c98f4586d58a135fc583 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue, 14 Mar 2017 14:16:13 -0300
Subject: [PATCH 15] Fix i686 memchr overflow calculation (BZ#21182)
Subject: Fix i686 memchr overflow calculation (BZ#21182)
This patch fixes the regression added by 23d2770 for final address
overflow calculation. The subtraction of the considered size (16)
@ -25,14 +25,9 @@ Checked on i686-linux-gnu and x86_64-linux-gnu.
overflow calculation.
Cherry-pick of 3abeeec5f46ff036bd9df60bb096e20314ccd078.
---
ChangeLog | 8 ++++++++
string/test-memchr.c | 6 ++++++
sysdeps/i386/i686/multiarch/memchr-sse2.S | 2 +-
3 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/ChangeLog b/ChangeLog
index adebc03..ac19e98 100644
index adebc03b78..ac19e98613 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
@ -48,7 +43,7 @@ index adebc03..ac19e98 100644
[BZ #21396]
diff --git a/string/test-memchr.c b/string/test-memchr.c
index d62889f..6431605 100644
index d62889ff8f..6431605c7e 100644
--- a/string/test-memchr.c
+++ b/string/test-memchr.c
@@ -208,6 +208,12 @@ test_main (void)
@ -65,7 +60,7 @@ index d62889f..6431605 100644
return ret;
}
diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S
index 910679c..e41f324 100644
index 910679cfc0..e41f324a77 100644
--- a/sysdeps/i386/i686/multiarch/memchr-sse2.S
+++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S
@@ -117,7 +117,6 @@ L(crosscache):
@ -85,5 +80,5 @@ index 910679c..e41f324 100644
lea 16(%edi), %edi
# else
--
2.7.4.GIT
2.13.1

106
srcpkgs/glibc/patches/0016-Fix-test-math-vector-sincos.h-aliasing.patch Normal file
View file

@ -0,0 +1,106 @@
From 34b6f41c14d09fe627c6a6224880d76d0959079e Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Wed, 15 Mar 2017 17:32:46 +0000
Subject: Fix test-math-vector-sincos.h aliasing.
x86_64 libmvec tests have been failing to build lately with GCC
mainline with -Wuninitialized errors, and Markus Trippelsdorf traced
this to an aliasing issue
<https://sourceware.org/ml/libc-alpha/2017-03/msg00169.html>.
This patch fixes the aliasing issue, so that the vectors-of-pointers
are initialized using a union instead of pointer casts. This also
fixes the testsuite build failures with GCC mainline.
Tested for x86_64 (full testsuite with GCC 6; testsuite build with GCC
mainline with build-many-glibcs.py).
* sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
Use a union when storing pointers.
(VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and
cast result when passing to INIT_VEC_PTRS_LOOP.
(VECTOR_WRAPPER_fFF_3): Likewise.
(VECTOR_WRAPPER_fFF_4): Likewise.
(cherry picked from commit ffe308e4fcf2f276c87fd405596569ba52ad0a29)
diff --git a/ChangeLog b/ChangeLog
index ac19e98613..290515a58e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-03-15 Joseph Myers <joseph@codesourcery.com>
+
+ * sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
+ Use a union when storing pointers.
+ (VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and
+ cast result when passing to INIT_VEC_PTRS_LOOP.
+ (VECTOR_WRAPPER_fFF_3): Likewise.
+ (VECTOR_WRAPPER_fFF_4): Likewise.
+
2017-05-01 Adhemerval Zanella <adhemerval.zanella@linaro.org>
[BZ# 21182]
diff --git a/sysdeps/x86/fpu/test-math-vector-sincos.h b/sysdeps/x86/fpu/test-math-vector-sincos.h
index 5043b32563..95282a3ac7 100644
--- a/sysdeps/x86/fpu/test-math-vector-sincos.h
+++ b/sysdeps/x86/fpu/test-math-vector-sincos.h
@@ -17,14 +17,14 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#define INIT_VEC_PTRS_LOOP(vec, val, len) \
- do \
- { \
- for (i = 0; i < len; i++) \
- { \
- vec[i] = &val[i]; \
- } \
- } \
+#define INIT_VEC_PTRS_LOOP(vec, val, len) \
+ do \
+ { \
+ union { VEC_INT_TYPE v; __typeof__ ((val)[0]) *a[(len)]; } u; \
+ for (i = 0; i < len; i++) \
+ u.a[i] = &(val)[i]; \
+ (vec) = u.v; \
+ } \
while (0)
/* Wrapper for vector sincos/sincosf compatible with x86_64 and x32 variants
@@ -40,8 +40,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN); \
vector_func (mx, mr, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN); \
TEST_VEC_LOOP (r1_loc, VEC_LEN); \
@@ -63,8 +63,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/2); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/2); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/2); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/2); \
vector_func (mx, mr, mr, mr1, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN/2); \
TEST_VEC_LOOP (r1_loc, VEC_LEN/2); \
@@ -87,8 +87,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/4); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/4); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/4); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/4); \
vector_func (mx, mr, mr, mr, mr, mr1, mr1, mr1, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN/4); \
TEST_VEC_LOOP (r1_loc, VEC_LEN/4); \
--
2.13.1

70
srcpkgs/glibc/patches/0017-fork-Remove-bogus-parent-PID-assertions-BZ-21386.patch Normal file
View file

@ -0,0 +1,70 @@
From b8d2e394a2900cef5bbbe0503f15960f64a943b1 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 9 Jun 2017 13:21:43 +0200
Subject: fork: Remove bogus parent PID assertions [BZ #21386]
(cherry picked from commit 1d2bc2eae969543b89850e35e532f3144122d80a)
diff --git a/ChangeLog b/ChangeLog
index 290515a58e..d44aff0a36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-05-12 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21386]
+ * sysdeps/nptl/fork.c (__libc_fork): Remove assertions on the
+ parent PID. The assertion in the child is incorrect with PID
+ namespaces.
+
2017-03-15 Joseph Myers <joseph@codesourcery.com>
* sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
diff --git a/NEWS b/NEWS
index fee1cf8ca8..d52872323d 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ The following bugs are resolved with this release:
[21109] Tunables broken on big-endian
[21115] sunrpc: Use-after-free in error path in clntudp_call
[21289] Fix symbol redirect for fts_set
+ [21386] Assertion in fork for distinct parent PID is incorrect
Version 2.25
diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
index db6d721fce..4bb87e2331 100644
--- a/sysdeps/nptl/fork.c
+++ b/sysdeps/nptl/fork.c
@@ -131,10 +131,6 @@ __libc_fork (void)
call_function_static_weak (__malloc_fork_lock_parent);
}
-#ifndef NDEBUG
- pid_t ppid = THREAD_GETMEM (THREAD_SELF, tid);
-#endif
-
#ifdef ARCH_FORK
pid = ARCH_FORK ();
#else
@@ -147,8 +143,6 @@ __libc_fork (void)
{
struct pthread *self = THREAD_SELF;
- assert (THREAD_GETMEM (self, tid) != ppid);
-
/* See __pthread_once. */
if (__fork_generation_pointer != NULL)
*__fork_generation_pointer += __PTHREAD_ONCE_FORK_GEN_INCR;
@@ -230,8 +224,6 @@ __libc_fork (void)
}
else
{
- assert (THREAD_GETMEM (THREAD_SELF, tid) == ppid);
-
/* Release acquired locks in the multi-threaded case. */
if (multiple_threads)
{
--
2.13.1

131
srcpkgs/glibc/patches/0018-Correct-collation-rules-for-Malayalam.patch Normal file
View file

@ -0,0 +1,131 @@
From f92b1025980a939645b1ec7e550411a05ac7c76f Mon Sep 17 00:00:00 2001
From: Santhosh Thottingal <santhosh.thottingal@gmail.com>
Date: Sun, 11 Jun 2017 10:08:37 -0400
Subject: Correct collation rules for Malayalam.
[BZ #19922]
* locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF.
[BZ #19919]
* locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37.
diff --git a/localedata/ChangeLog b/localedata/ChangeLog
index 0cdb097ab6..127c1cfb35 100644
--- a/localedata/ChangeLog
+++ b/localedata/ChangeLog
@@ -1,3 +1,11 @@
+2017-06-11 Santhosh Thottingal <santhosh.thottingal@gmail.com>
+
+ [BZ #19922]
+ * locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF.
+
+ [BZ #19919]
+ * locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37.
+
2017-01-01 Joseph Myers <joseph@codesourcery.com>
* All files with FSF copyright notices: Update copyright dates
diff --git a/localedata/locales/iso14651_t1_common b/localedata/locales/iso14651_t1_common
index eef75ba65e..0e64f26a12 100644
--- a/localedata/locales/iso14651_t1_common
+++ b/localedata/locales/iso14651_t1_common
@@ -1042,9 +1042,9 @@ collating-element <ml-bh> from "<U0D2D><U0D4D>"
collating-element <ml-m> from "<U0D2E><U0D4D>"
collating-element <ml-y> from "<U0D2F><U0D4D>"
collating-element <ml-v> from "<U0D35><U0D4D>"
-collating-element <ml-s> from "<U0D38><U0D4D>"
collating-element <ml-ss> from "<U0D36><U0D4D>"
collating-element <ml-sh> from "<U0D37><U0D4D>"
+collating-element <ml-s> from "<U0D38><U0D4D>"
collating-element <ml-h> from "<U0D39><U0D4D>"
collating-element <ml-zh> from "<U0D34><U0D4D>"
collating-element <ml-rr> from "<U0D31><U0D4D>"
@@ -1103,8 +1103,8 @@ collating-symbol <ml-rra>
collating-symbol <ml-la>
collating-symbol <ml-lla>
collating-symbol <ml-va>
-collating-symbol <ml-sha>
collating-symbol <ml-ssa>
+collating-symbol <ml-sha>
collating-symbol <ml-sa>
collating-symbol <ml-ha>
collating-symbol <ml-avagrah>
@@ -1126,6 +1126,12 @@ collating-symbol <mlvs-o>
collating-symbol <mlvs-au>
collating-symbol <ml-visarga>
collating-symbol <ml-virama>
+collating-symbol <ml-atomic-chillu-k>
+collating-symbol <ml-atomic-chillu-n>
+collating-symbol <ml-atomic-chillu-nn>
+collating-symbol <ml-atomic-chillu-l>
+collating-symbol <ml-atomic-chillu-ll>
+collating-symbol <ml-atomic-chillu-r>
#
# <BENGALI>
#
@@ -4552,6 +4558,12 @@ collating-symbol <TIB-subA>
<mlvs-o>
<mlvs-au>
<ml-visarga>
+<ml-atomic-chillu-k>
+<ml-atomic-chillu-n>
+<ml-atomic-chillu-nn>
+<ml-atomic-chillu-l>
+<ml-atomic-chillu-ll>
+<ml-atomic-chillu-r>
#
# <BENGALI>
#
@@ -7252,6 +7264,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<U0D13> <mlvw-o>;<BAS>;<MIN>;IGNORE
<U0D14> <mlvw-au>;<BAS>;<MIN>;IGNORE
<ml-chillu-k> "<ml-ka><ml-virama>";<BAS>;<MIN>;IGNORE
+<U0D7F> "<ml-ka><ml-virama>";<ml-atomic-chillu-k>;<MIN>;IGNORE
<U0D15> "<ml-ka><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-kh> "<ml-kha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D16> "<ml-kha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7280,6 +7293,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-dh> "<ml-dha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D22> "<ml-dha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-nn> "<ml-nna><ml-virama>";<BAS>;<MIN>;IGNORE # ണ്‍ = ണ + ് + zwj
+<U0D7A> "<ml-nna><ml-virama>";<ml-atomic-chillu-nn>;<MIN>;IGNORE
<U0D23> "<ml-nna><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ണ = ണ + ് + അ
<ml-th> "<ml-tha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D24> "<ml-tha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7290,6 +7304,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-ddh> "<ml-ddha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D27> "<ml-ddha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-n> "<ml-na><ml-virama>";<BAS>;<MIN>;IGNORE # ന്‍= ന + ് + zwj
+<U0D7B> "<ml-na><ml-virama>";<ml-atomic-chillu-n>;<MIN>;IGNORE
<U0D28> "<ml-na><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE #ന = ന + ് + അ
<ml-p> "<ml-pa><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D2A> "<ml-pa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7305,20 +7320,23 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-y> "<ml-ya><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D2F> "<ml-ya><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-r> "<ml-ra><ml-virama>";<BAS>;<MIN>;IGNORE # ര = ര + ് + zwj
+<U0D7C> "<ml-ra><ml-virama>";<ml-atomic-chillu-r>;<MIN>;IGNORE
<U0D30> "<ml-ra><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ര = ര + ് + അ
<ml-chillu-l> <ml-la>;<BAS>;<MIN>;IGNORE # ല്‍ = ല + ് + zwj
+<U0D7D> "<ml-la><ml-virama>";<ml-atomic-chillu-l>;<MIN>;IGNORE
<U0D32> "<ml-la><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ല = ല + ് + അ
<ml-v> "<ml-va><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D35> "<ml-va><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-ss> "<ml-ssa><ml-virama>";<BAS>;<MIN>;IGNORE
-<U0D37> "<ml-ssa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
+<U0D36> "<ml-ssa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-sh> "<ml-sha><ml-virama>";<BAS>;<MIN>;IGNORE
-<U0D36> "<ml-sha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
+<U0D37> "<ml-sha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-s> "<ml-sa><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D38> "<ml-sa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-h> "<ml-ha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D39> "<ml-ha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-ll> "<ml-lla><ml-virama>";<BAS>;<MIN>;IGNORE # ള്‍ = ള + ് + zwj
+<U0D7E> "<ml-lla><ml-virama>";<ml-atomic-chillu-ll>;<MIN>;IGNORE
<U0D33> "<ml-lla><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ള = ള + ് + അ
<ml-zh> "<ml-zha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D34> "<ml-zha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
--
2.13.1

58
srcpkgs/glibc/patches/0019-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch Normal file
View file

@ -0,0 +1,58 @@
From 3c7cd21290cabdadd72984fb69bc51e64ff1002d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 18:31:27 +0200
Subject: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ
#21624]
LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.
This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.
(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
diff --git a/ChangeLog b/ChangeLog
index d44aff0a36..14ff8b8bb3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21624]
+ CVE-2017-1000366
+ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
+ __libc_enable_secure.
+
2017-05-12 Florian Weimer <fweimer@redhat.com>
[BZ #21386]
diff --git a/NEWS b/NEWS
index d52872323d..29079e8586 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ The following bugs are resolved with this release:
[21115] sunrpc: Use-after-free in error path in clntudp_call
[21289] Fix symbol redirect for fts_set
[21386] Assertion in fork for distinct parent PID is incorrect
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
Version 2.25
diff --git a/elf/rtld.c b/elf/rtld.c
index a036ece956..2fc33a6178 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2418,7 +2418,8 @@ process_envvars (enum mode *modep)
case 12:
/* The library search path. */
- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
{
library_path = &envline[13];
break;
--
2.13.1

135
srcpkgs/glibc/patches/0020-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch Normal file
View file

@ -0,0 +1,135 @@
From 46703a3995aa3ca2b816814aa4ad05ed524194dd Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 22:31:04 +0200
Subject: ld.so: Reject overly long LD_PRELOAD path elements
(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8)
diff --git a/ChangeLog b/ChangeLog
index 14ff8b8bb3..fbe4db2cf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2017-06-19 Florian Weimer <fweimer@redhat.com>
+ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
+ (dso_name_valid_for_suid): New function.
+ (handle_ld_preload): Likewise.
+ (dl_main): Call it. Remove alloca.
+
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
[BZ #21624]
CVE-2017-1000366
* elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
diff --git a/elf/rtld.c b/elf/rtld.c
index 2fc33a6178..4badcf6590 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
#endif
+/* Length limits for names and paths, to protect the dynamic linker,
+ particularly when __libc_enable_secure is active. */
+#ifdef NAME_MAX
+# define SECURE_NAME_LIMIT NAME_MAX
+#else
+# define SECURE_NAME_LIMIT 255
+#endif
+#ifdef PATH_MAX
+# define SECURE_PATH_LIMIT PATH_MAX
+#else
+# define SECURE_PATH_LIMIT 1024
+#endif
+
+/* Check that AT_SECURE=0, or that the passed name does not contain
+ directories and is not overly long. Reject empty names
+ unconditionally. */
+static bool
+dso_name_valid_for_suid (const char *p)
+{
+ if (__glibc_unlikely (__libc_enable_secure))
+ {
+ /* Ignore pathnames with directories for AT_SECURE=1
+ programs, and also skip overlong names. */
+ size_t len = strlen (p);
+ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
+ return false;
+ }
+ return *p != '\0';
+}
/* List of auditing DSOs. */
static struct audit_list
@@ -716,6 +745,42 @@ static const char *preloadlist attribute_relro;
/* Nonzero if information about versions has to be printed. */
static int version_info attribute_relro;
+/* The LD_PRELOAD environment variable gives list of libraries
+ separated by white space or colons that are loaded before the
+ executable's dependencies and prepended to the global scope list.
+ (If the binary is running setuid all elements containing a '/' are
+ ignored since it is insecure.) Return the number of preloads
+ performed. */
+unsigned int
+handle_ld_preload (const char *preloadlist, struct link_map *main_map)
+{
+ unsigned int npreloads = 0;
+ const char *p = preloadlist;
+ char fname[SECURE_PATH_LIMIT];
+
+ while (*p != '\0')
+ {
+ /* Split preload list at space/colon. */
+ size_t len = strcspn (p, " :");
+ if (len > 0 && len < sizeof (fname))
+ {
+ memcpy (fname, p, len);
+ fname[len] = '\0';
+ }
+ else
+ fname[0] = '\0';
+
+ /* Skip over the substring and the following delimiter. */
+ p += len;
+ if (*p != '\0')
+ ++p;
+
+ if (dso_name_valid_for_suid (fname))
+ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
+ }
+ return npreloads;
+}
+
static void
dl_main (const ElfW(Phdr) *phdr,
ElfW(Word) phnum,
@@ -1462,23 +1527,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
if (__glibc_unlikely (preloadlist != NULL))
{
- /* The LD_PRELOAD environment variable gives list of libraries
- separated by white space or colons that are loaded before the
- executable's dependencies and prepended to the global scope
- list. If the binary is running setuid all elements
- containing a '/' are ignored since it is insecure. */
- char *list = strdupa (preloadlist);
- char *p;
-
HP_TIMING_NOW (start);
-
- /* Prevent optimizing strsep. Speed is not important here. */
- while ((p = (strsep) (&list, " :")) != NULL)
- if (p[0] != '\0'
- && (__builtin_expect (! __libc_enable_secure, 1)
- || strchr (p, '/') == NULL))
- npreloads += do_preload (p, main_map, "LD_PRELOAD");
-
+ npreloads += handle_ld_preload (preloadlist, main_map);
HP_TIMING_NOW (stop);
HP_TIMING_DIFF (diff, start, stop);
HP_TIMING_ACCUM_NT (load_time, diff);
--
2.13.1

221
srcpkgs/glibc/patches/0021-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch Normal file
View file

@ -0,0 +1,221 @@
From c69d4a0f680a24fdbe323764a50382ad324041e9 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 22:32:12 +0200
Subject: ld.so: Reject overly long LD_AUDIT path elements
Also only process the last LD_AUDIT entry.
(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9)
diff --git a/ChangeLog b/ChangeLog
index fbe4db2cf7..67ce0aa4de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2017-06-19 Florian Weimer <fweimer@redhat.com>
+ * elf/rtld.c (audit_list_string): New variable.
+ (audit_list): Update comment.
+ (struct audit_list_iter): Define.
+ (audit_list_iter_init, audit_list_iter_next): New function.
+ (dl_main): Use struct audit_list_iter to process audit modules.
+ (process_dl_audit): Call dso_name_valid_for_suid.
+ (process_envvars): Set audit_list_string instead of calling
+ process_dl_audit.
+
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
* elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
(dso_name_valid_for_suid): New function.
(handle_ld_preload): Likewise.
diff --git a/elf/rtld.c b/elf/rtld.c
index 4badcf6590..369724babe 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
return *p != '\0';
}
-/* List of auditing DSOs. */
+/* LD_AUDIT variable contents. Must be processed before the
+ audit_list below. */
+const char *audit_list_string;
+
+/* Cyclic list of auditing DSOs. audit_list->next is the first
+ element. */
static struct audit_list
{
const char *name;
struct audit_list *next;
} *audit_list;
+/* Iterator for audit_list_string followed by audit_list. */
+struct audit_list_iter
+{
+ /* Tail of audit_list_string still needing processing, or NULL. */
+ const char *audit_list_tail;
+
+ /* The list element returned in the previous iteration. NULL before
+ the first element. */
+ struct audit_list *previous;
+
+ /* Scratch buffer for returning a name which is part of
+ audit_list_string. */
+ char fname[SECURE_NAME_LIMIT];
+};
+
+/* Initialize an audit list iterator. */
+static void
+audit_list_iter_init (struct audit_list_iter *iter)
+{
+ iter->audit_list_tail = audit_list_string;
+ iter->previous = NULL;
+}
+
+/* Iterate through both audit_list_string and audit_list. */
+static const char *
+audit_list_iter_next (struct audit_list_iter *iter)
+{
+ if (iter->audit_list_tail != NULL)
+ {
+ /* First iterate over audit_list_string. */
+ while (*iter->audit_list_tail != '\0')
+ {
+ /* Split audit list at colon. */
+ size_t len = strcspn (iter->audit_list_tail, ":");
+ if (len > 0 && len < sizeof (iter->fname))
+ {
+ memcpy (iter->fname, iter->audit_list_tail, len);
+ iter->fname[len] = '\0';
+ }
+ else
+ /* Do not return this name to the caller. */
+ iter->fname[0] = '\0';
+
+ /* Skip over the substring and the following delimiter. */
+ iter->audit_list_tail += len;
+ if (*iter->audit_list_tail == ':')
+ ++iter->audit_list_tail;
+
+ /* If the name is valid, return it. */
+ if (dso_name_valid_for_suid (iter->fname))
+ return iter->fname;
+ /* Otherwise, wrap around and try the next name. */
+ }
+ /* Fall through to the procesing of audit_list. */
+ }
+
+ if (iter->previous == NULL)
+ {
+ if (audit_list == NULL)
+ /* No pre-parsed audit list. */
+ return NULL;
+ /* Start of audit list. The first list element is at
+ audit_list->next (cyclic list). */
+ iter->previous = audit_list->next;
+ return iter->previous->name;
+ }
+ if (iter->previous == audit_list)
+ /* Cyclic list wrap-around. */
+ return NULL;
+ iter->previous = iter->previous->next;
+ return iter->previous->name;
+}
+
#ifndef HAVE_INLINED_SYSCALLS
/* Set nonzero during loading and initialization of executable and
libraries, cleared before the executable's entry point runs. This
@@ -1303,11 +1381,13 @@ of this helper program; chances are you did not intend to run this program.\n\
GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
/* If we have auditing DSOs to load, do it now. */
- if (__glibc_unlikely (audit_list != NULL))
+ bool need_security_init = true;
+ if (__glibc_unlikely (audit_list != NULL)
+ || __glibc_unlikely (audit_list_string != NULL))
{
- /* Iterate over all entries in the list. The order is important. */
struct audit_ifaces *last_audit = NULL;
- struct audit_list *al = audit_list->next;
+ struct audit_list_iter al_iter;
+ audit_list_iter_init (&al_iter);
/* Since we start using the auditing DSOs right away we need to
initialize the data structures now. */
@@ -1318,9 +1398,14 @@ of this helper program; chances are you did not intend to run this program.\n\
use different values (especially the pointer guard) and will
fail later on. */
security_init ();
+ need_security_init = false;
- do
+ while (true)
{
+ const char *name = audit_list_iter_next (&al_iter);
+ if (name == NULL)
+ break;
+
int tls_idx = GL(dl_tls_max_dtv_idx);
/* Now it is time to determine the layout of the static TLS
@@ -1329,7 +1414,7 @@ of this helper program; chances are you did not intend to run this program.\n\
no DF_STATIC_TLS bit is set. The reason is that we know
glibc will use the static model. */
struct dlmopen_args dlmargs;
- dlmargs.fname = al->name;
+ dlmargs.fname = name;
dlmargs.map = NULL;
const char *objname;
@@ -1342,7 +1427,7 @@ of this helper program; chances are you did not intend to run this program.\n\
not_loaded:
_dl_error_printf ("\
ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
- al->name, err_str);
+ name, err_str);
if (malloced)
free ((char *) err_str);
}
@@ -1446,10 +1531,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
goto not_loaded;
}
}
-
- al = al->next;
}
- while (al != audit_list->next);
/* If we have any auditing modules, announce that we already
have two objects loaded. */
@@ -1713,7 +1795,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
if (tcbp == NULL)
tcbp = init_tls ();
- if (__glibc_likely (audit_list == NULL))
+ if (__glibc_likely (need_security_init))
/* Initialize security features. But only if we have not done it
earlier. */
security_init ();
@@ -2344,9 +2426,7 @@ process_dl_audit (char *str)
char *p;
while ((p = (strsep) (&str, ":")) != NULL)
- if (p[0] != '\0'
- && (__builtin_expect (! __libc_enable_secure, 1)
- || strchr (p, '/') == NULL))
+ if (dso_name_valid_for_suid (p))
{
/* This is using the local malloc, not the system malloc. The
memory can never be freed. */
@@ -2410,7 +2490,7 @@ process_envvars (enum mode *modep)
break;
}
if (memcmp (envline, "AUDIT", 5) == 0)
- process_dl_audit (&envline[6]);
+ audit_list_string = &envline[6];
break;
case 7:
--
2.13.1

126
srcpkgs/glibc/patches/0022-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch Normal file
View file

@ -0,0 +1,126 @@
From 3776f38fcd267c127ba5eb222e2c614c191744aa Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue, 20 Jun 2017 05:59:17 +0200
Subject: Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209)
The LD_HWCAP_MASK environment variable may alter the selection of
function variants for some architectures. For AT_SECURE process it
means that if an outdated routine has a bug that would otherwise not
affect newer platforms by default, LD_HWCAP_MASK will allow that bug
to be exploited.
To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
binaries.
[BZ #21209]
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
AT_SECURE processes.
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
* elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
(test_child): Likewise.
* elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)
diff --git a/ChangeLog b/ChangeLog
index 67ce0aa4de..85f1e0a495 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+ * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
+ (test_child): Likewise.
+ * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
+
2017-06-19 Florian Weimer <fweimer@redhat.com>
* elf/rtld.c (audit_list_string): New variable.
diff --git a/NEWS b/NEWS
index 29079e8586..7be238c404 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ The following bugs are resolved with this release:
[21015] Document and fix --enable-bind-now
[21109] Tunables broken on big-endian
[21115] sunrpc: Use-after-free in error path in clntudp_call
+ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
[21289] Fix symbol redirect for fts_set
[21386] Assertion in fork for distinct parent PID is incorrect
[21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
diff --git a/elf/Makefile b/elf/Makefile
index 61abeb59ee..cc4aeb25b6 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -1398,6 +1398,7 @@ $(objpfx)tst-nodelete-dlclose: $(objpfx)tst-nodelete-dlclose-dso.so
$(objpfx)tst-nodelete-dlclose.out: $(objpfx)tst-nodelete-dlclose-dso.so \
$(objpfx)tst-nodelete-dlclose-plugin.so
-tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096
+tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096 \
+ LD_HWCAP_MASK=0xffffffff
tst-env-setuid-tunables-ENV = \
GLIBC_TUNABLES=glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096
diff --git a/elf/rtld.c b/elf/rtld.c
index 369724babe..9362a21e73 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2534,7 +2534,8 @@ process_envvars (enum mode *modep)
case 10:
/* Mask for the important hardware capabilities. */
- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "HWCAP_MASK", 10) == 0)
GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
0, 0);
break;
diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c
index 6ec3fa5874..eec408eb5d 100644
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -213,6 +213,12 @@ test_child (void)
return 1;
}
+ if (getenv ("LD_HWCAP_MASK") != NULL)
+ {
+ printf ("LD_HWCAP_MASK still set\n");
+ return 1;
+ }
+
return 0;
}
#endif
@@ -233,6 +239,12 @@ test_parent (void)
return 1;
}
+ if (getenv ("LD_HWCAP_MASK") == NULL)
+ {
+ printf ("LD_HWCAP_MASK lost\n");
+ return 1;
+ }
+
return 0;
}
#endif
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index a74083786e..5ea8a4a259 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -16,6 +16,7 @@
"LD_DEBUG\0" \
"LD_DEBUG_OUTPUT\0" \
"LD_DYNAMIC_WEAK\0" \
+ "LD_HWCAP_MASK\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_PRELOAD\0" \
--
2.13.1

50
srcpkgs/glibc/patches/0023-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch Normal file
View file

@ -0,0 +1,50 @@
From adc7e06fb412a2a1ee52f8cb788caf436335b9f3 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 14 Jun 2017 08:11:22 +0200
Subject: i686: Add missing IS_IN (libc) guards to vectorized strcspn
Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile
rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can
no longer be used in ld.so, even if the compiled code never makes it
into the final ld.so link. This commit adds the missing IS_IN (libc)
guard to the SSE 4.2 strcspn implementation, so that it can be used from
ld.so in the future.
(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c)
diff --git a/ChangeLog b/ChangeLog
index 85f1e0a495..73546da9e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-14 Florian Weimer <fweimer@redhat.com>
+
+ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
+ * sysdeps/i386/i686/multiarch/varshift.c: Likewise.
+
2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
[BZ #21209]
diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
index 6d61e190a8..ec230fb383 100644
--- a/sysdeps/i386/i686/multiarch/strcspn-c.c
+++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
@@ -1,2 +1,4 @@
-#define __strcspn_sse2 __strcspn_ia32
-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
+#if IS_IN (libc)
+# define __strcspn_sse2 __strcspn_ia32
+# include <sysdeps/x86_64/multiarch/strcspn-c.c>
+#endif
diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
index 7760b966e2..6742a35d41 100644
--- a/sysdeps/i386/i686/multiarch/varshift.c
+++ b/sysdeps/i386/i686/multiarch/varshift.c
@@ -1 +1,3 @@
-#include <sysdeps/x86_64/multiarch/varshift.c>
+#if IS_IN (libc)
+# include <sysdeps/x86_64/multiarch/varshift.c>
+#endif
--
2.13.1

2
srcpkgs/glibc/template
View file

@ -1,7 +1,7 @@
# Template file for 'glibc'
pkgname=glibc
version=2.25
revision=4
revision=5
bootstrap=yes
short_desc="The GNU C library"
maintainer="Juan RP <xtraeme@voidlinux.eu>"