Chakra_Linux/lib32
1
0
Fork 0
mirror of https://gitdl.cn/https://github.com/chakralinux/lib32.git synced 2025-02-03 22:27:18 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

lib32-glibc, gcc-multilib - TC update

Browse Source
This commit is contained in:
AlmAck 2014-06-01 21:37:06 +02:00
parent 0f622328c5
commit d6bd160d93
14 changed files with 155 additions and 2202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
gcc-multilib/PKGBUILD
View File

@ -15,7 +15,7 @@ arch=('x86_64')
license=('GPL' 'LGPL' 'FDL' 'custom')
url="http://gcc.gnu.org"
makedepends=('binutils-multilib>=2.23' 'libmpc' 'cloog' 'gcc-ada-multilib' 'doxygen'
'lib32-glibc>=2.17')
'lib32-glibc>=2.19')
checkdepends=('dejagnu' 'inetutils')
options=('!emptydirs')
source=(#ftp://gcc.gnu.org/pub/gcc/releases/gcc-${pkgver}/gcc-${pkgver}.tar.bz2)

65
lib32-glibc/PKGBUILD
View File

@ -5,50 +5,38 @@
_pkgbasename=glibc
pkgname=lib32-$_pkgbasename
pkgver=2.18
pkgrel=11
pkgdesc="GNU C Library for multilib"
pkgver=2.19
pkgrel=1
pkgdesc="GNU C Library (32-bit)"
arch=('x86_64')
url="http://www.gnu.org/software/libc"
license=('GPL' 'LGPL')
depends=($_pkgbasename=$pkgver)
makedepends=('gcc-multilib>=4.7')
#depends=($_pkgbasename=$pkgver)
makedepends=('gcc-multilib>=4.8')
options=('!strip' '!emptydirs' 'staticlibs')
source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
glibc-2.18-readdir_r-CVE-2013-4237.patch
glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
glibc-2.18-strcoll-CVE-2012-4412+4424.patch
glibc-2.18-ptr-mangle-CVE-2013-4788.patch
glibc-2.18-strstr-hackfix.patch
glibc-2.19-xattr_header.patch
glibc-2.19-fix-sign-in-bsloww1-input.patch
glibc-2.19-tzselect-default.patch
lib32-glibc.conf)
md5sums=('88fbbceafee809e82efd52efa1e3c58f'
md5sums=('e26b8cc666b162f999404b03970f14e4'
'SKIP'
'154da6bf5a5248f42a7bf5bf08e01a47'
'b79561ab9dce900e9bbeaf0d49927c2b'
'c7264b99d0f7e51922a4d3126182c40a'
'9749ba386b08a8fe53e7ecede9bf2dfb'
'4441f6dfe7d75ced1fa75e54dd21d36e'
'39a4876837789e07746f1d84cd8cb46a'
'755a1a9d7844a5e338eddaa9a5d974cd'
'c772dc99ddd8032ecbf43884ae0cf42e'
'6e052f1cb693d5d3203f50f9d4e8c33b')
prepare() {
cd ${srcdir}/${_pkgbasename}-${pkgver}
# upstream commit 91ce4085
patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch
# fix for {linux,sys}/xattr.h incompatibility - commit fdbe8eae
patch -p1 -i $srcdir/glibc-2.19-xattr_header.patch
# upstream commits 1159a193, 55e17aad and b73ed247
patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
# fix issues in sin/cos slow path calculation - commit ffe768a9
patch -p1 -i $srcdir/glibc-2.19-fix-sign-in-bsloww1-input.patch
# upstream commits 1326ba1a, 141f3a77 and 303e567a
# https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html
# https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html
patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch
# upstream commits c61b4d41 and 0b1f8e35
patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch
# hack fix for strstr issues on x86
patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch
# fix tzselect with missing TZDIR - commit 893b4f37/c72399fb
patch -p1 -i $srcdir/glibc-2.19-tzselect-default.patch
mkdir ${srcdir}/glibc-build
}
@ -74,7 +62,7 @@ build() {
${srcdir}/${_pkgbasename}-${pkgver}/configure --prefix=/usr \
--libdir=/usr/lib32 --libexecdir=/usr/lib32 \
--with-headers=/usr/include \
--with-bugurl=https://chakra-project.org/bugs/ \
--with-bugurl=http://chakraos.org/bugtracker\
--enable-add-ons=nptl,libidn \
--enable-obsolete-rpc \
--enable-kernel=2.6.32 \
@ -98,11 +86,11 @@ build() {
}
check() {
# bug to file - the linker commands need to be reordered
# the linker commands need to be reordered - fixed in 2.19
LDFLAGS=${LDFLAGS/--as-needed,/}
cd ${srcdir}/glibc-build
make -k check 2>&1 | tee glibc-check-log
make -k check || true
}
package() {
@ -116,16 +104,19 @@ package() {
# Dynamic linker
# install -d -m755 ${pkgdir}/usr/lib
install -d -m755 ${pkgdir}/lib
# ln -s ../lib32/ld-linux.so.2 ${pkgdir}/usr/lib/ # no reason yet to install in /usr/lib too, only needed once we also move lib
ln -s ../usr/lib32/ld-linux.so.2 ${pkgdir}/lib/
mkdir ${pkgdir}/usr/lib
ln -s ../lib32/ld-linux.so.2 ${pkgdir}/usr/lib/
# Add lib32 paths to the default library search path
install -Dm644 "$srcdir/lib32-glibc.conf" "$pkgdir/etc/ld.so.conf.d/lib32-glibc.conf"
# Symlink /usr/lib32/locale to /usr/lib/locale
ln -s ../lib/locale "$pkgdir/usr/lib32/locale"
# remove the static libraries that have a shared counterpart
# libc, libdl, libm and libpthread are required for toolchain testsuites
# in addition libcrypt appears widely required
rm $pkgdir/usr/lib32/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
# Do not strip the following files for improved debugging support
# ("improved" as in not breaking gdb and valgrind...):

47
lib32-glibc/glibc-2.17-getaddrinfo-stack-overflow.patch
View File

@ -1,47 +0,0 @@
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index d95c2d1..2309281 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service,
__typeof (once) old_once = once;
__libc_once (once, gaiconf_init);
/* Sort results according to RFC 3484. */
- struct sort_result results[nresults];
- size_t order[nresults];
+ struct sort_result *results;
+ size_t *order;
struct addrinfo *q;
struct addrinfo *last = NULL;
char *canonname = NULL;
+ bool malloc_results;
+
+ malloc_results
+ = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (malloc_results)
+ {
+ results = malloc (nresults * (sizeof (*results) + sizeof (size_t)));
+ if (results == NULL)
+ {
+ __free_in6ai (in6ai);
+ return EAI_MEMORY;
+ }
+ }
+ else
+ results = alloca (nresults * (sizeof (*results) + sizeof (size_t)));
+ order = (size_t *) (results + nresults);
/* Now we definitely need the interface information. */
if (! check_pf_called)
@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service,
/* Fill in the canonical name into the new first entry. */
p->ai_canonname = canonname;
+
+ if (malloc_results)
+ free (results);
}
__free_in6ai (in6ai);
--
1.7.1

137
lib32-glibc/glibc-2.17-regexp-matcher-overrun.patch
View File

@ -1,137 +0,0 @@
diff --git a/posix/Makefile b/posix/Makefile
index 88d409f..2cacd21 100644
--- a/posix/Makefile
+++ b/posix/Makefile
@@ -86,7 +86,7 @@ tests := tstgetopt testfnm runtests runptests \
tst-rfc3484-3 \
tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \
bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \
- bug-getopt5 tst-getopt_long1
+ bug-getopt5 tst-getopt_long1 bug-regex34
xtests := bug-ga2
ifeq (yes,$(build-shared))
test-srcs := globtest
@@ -199,5 +199,6 @@ bug-regex26-ENV = LOCPATH=$(common-objpfx)localedata
bug-regex30-ENV = LOCPATH=$(common-objpfx)localedata
bug-regex32-ENV = LOCPATH=$(common-objpfx)localedata
bug-regex33-ENV = LOCPATH=$(common-objpfx)localedata
+bug-regex34-ENV = LOCPATH=$(common-objpfx)localedata
tst-rxspencer-ARGS = --utf8 rxspencer/tests
tst-rxspencer-ENV = LOCPATH=$(common-objpfx)localedata
diff --git a/posix/bug-regex34.c b/posix/bug-regex34.c
new file mode 100644
index 0000000..bb3b613
--- /dev/null
+++ b/posix/bug-regex34.c
@@ -0,0 +1,46 @@
+/* Test re_search with multi-byte characters in UTF-8.
+ Copyright (C) 2013 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#define _GNU_SOURCE 1
+#include <stdio.h>
+#include <string.h>
+#include <locale.h>
+#include <regex.h>
+
+static int
+do_test (void)
+{
+ struct re_pattern_buffer r;
+ /* ကျွန်ုပ်x */
+ const char *s = "\xe1\x80\x80\xe1\x80\xbb\xe1\x80\xbd\xe1\x80\x94\xe1\x80\xba\xe1\x80\xaf\xe1\x80\x95\xe1\x80\xbax";
+
+ if (setlocale (LC_ALL, "en_US.UTF-8") == NULL)
+ {
+ puts ("setlocale failed");
+ return 1;
+ }
+ memset (&r, 0, sizeof (r));
+
+ re_compile_pattern ("[^x]x", 5, &r);
+ /* This was triggering a buffer overflow. */
+ re_search (&r, s, strlen (s), 0, strlen (s), 0);
+ return 0;
+}
+
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/posix/regexec.c b/posix/regexec.c
index 7f2de85..5ca2bf6 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -197,7 +197,7 @@ static int group_nodes_into_DFAstates (const re_dfa_t *dfa,
static int check_node_accept (const re_match_context_t *mctx,
const re_token_t *node, int idx)
internal_function;
-static reg_errcode_t extend_buffers (re_match_context_t *mctx)
+static reg_errcode_t extend_buffers (re_match_context_t *mctx, int min_len)
internal_function;
/* Entry point for POSIX code. */
@@ -1160,7 +1160,7 @@ check_matching (re_match_context_t *mctx, int fl_longest_match,
|| (BE (next_char_idx >= mctx->input.valid_len, 0)
&& mctx->input.valid_len < mctx->input.len))
{
- err = extend_buffers (mctx);
+ err = extend_buffers (mctx, next_char_idx + 1);
if (BE (err != REG_NOERROR, 0))
{
assert (err == REG_ESPACE);
@@ -1738,7 +1738,7 @@ clean_state_log_if_needed (re_match_context_t *mctx, int next_state_log_idx)
&& mctx->input.valid_len < mctx->input.len))
{
reg_errcode_t err;
- err = extend_buffers (mctx);
+ err = extend_buffers (mctx, next_state_log_idx + 1);
if (BE (err != REG_NOERROR, 0))
return err;
}
@@ -2792,7 +2792,7 @@ get_subexp (re_match_context_t *mctx, int bkref_node, int bkref_str_idx)
if (bkref_str_off >= mctx->input.len)
break;
- err = extend_buffers (mctx);
+ err = extend_buffers (mctx, bkref_str_off + 1);
if (BE (err != REG_NOERROR, 0))
return err;
@@ -4102,7 +4102,7 @@ check_node_accept (const re_match_context_t *mctx, const re_token_t *node,
static reg_errcode_t
internal_function __attribute_warn_unused_result__
-extend_buffers (re_match_context_t *mctx)
+extend_buffers (re_match_context_t *mctx, int min_len)
{
reg_errcode_t ret;
re_string_t *pstr = &mctx->input;
@@ -4111,8 +4111,10 @@ extend_buffers (re_match_context_t *mctx)
if (BE (INT_MAX / 2 / sizeof (re_dfastate_t *) <= pstr->bufs_len, 0))
return REG_ESPACE;
- /* Double the lengthes of the buffers. */
- ret = re_string_realloc_buffers (pstr, MIN (pstr->len, pstr->bufs_len * 2));
+ /* Double the lengthes of the buffers, but allocate at least MIN_LEN. */
+ ret = re_string_realloc_buffers (pstr,
+ MAX (min_len,
+ MIN (pstr->len, pstr->bufs_len * 2)));
if (BE (ret != REG_NOERROR, 0))
return ret;
--
1.7.1

130
lib32-glibc/glibc-2.17-sync-with-linux37.patch
View File

@ -1,130 +0,0 @@
diff --git a/sysdeps/gnu/netinet/tcp.h b/sysdeps/gnu/netinet/tcp.h
index 06e8414..b62a696 100644
--- a/sysdeps/gnu/netinet/tcp.h
+++ b/sysdeps/gnu/netinet/tcp.h
@@ -37,20 +37,29 @@
/*
* User-settable options (used with setsockopt).
*/
-#define TCP_NODELAY 1 /* Don't delay send to coalesce packets */
-#define TCP_MAXSEG 2 /* Set maximum segment size */
-#define TCP_CORK 3 /* Control sending of partial frames */
-#define TCP_KEEPIDLE 4 /* Start keeplives after this period */
-#define TCP_KEEPINTVL 5 /* Interval between keepalives */
-#define TCP_KEEPCNT 6 /* Number of keepalives before death */
-#define TCP_SYNCNT 7 /* Number of SYN retransmits */
-#define TCP_LINGER2 8 /* Life time of orphaned FIN-WAIT-2 state */
-#define TCP_DEFER_ACCEPT 9 /* Wake up listener only when data arrive */
-#define TCP_WINDOW_CLAMP 10 /* Bound advertised window */
-#define TCP_INFO 11 /* Information about this connection. */
-#define TCP_QUICKACK 12 /* Bock/reenable quick ACKs. */
-#define TCP_CONGESTION 13 /* Congestion control algorithm. */
-#define TCP_MD5SIG 14 /* TCP MD5 Signature (RFC2385) */
+#define TCP_NODELAY 1 /* Don't delay send to coalesce packets */
+#define TCP_MAXSEG 2 /* Set maximum segment size */
+#define TCP_CORK 3 /* Control sending of partial frames */
+#define TCP_KEEPIDLE 4 /* Start keeplives after this period */
+#define TCP_KEEPINTVL 5 /* Interval between keepalives */
+#define TCP_KEEPCNT 6 /* Number of keepalives before death */
+#define TCP_SYNCNT 7 /* Number of SYN retransmits */
+#define TCP_LINGER2 8 /* Life time of orphaned FIN-WAIT-2 state */
+#define TCP_DEFER_ACCEPT 9 /* Wake up listener only when data arrive */
+#define TCP_WINDOW_CLAMP 10 /* Bound advertised window */
+#define TCP_INFO 11 /* Information about this connection. */
+#define TCP_QUICKACK 12 /* Bock/reenable quick ACKs. */
+#define TCP_CONGESTION 13 /* Congestion control algorithm. */
+#define TCP_MD5SIG 14 /* TCP MD5 Signature (RFC2385) */
+#define TCP_COOKIE_TRANSACTIONS 15 /* TCP Cookie Transactions */
+#define TCP_THIN_LINEAR_TIMEOUTS 16 /* Use linear timeouts for thin streams*/
+#define TCP_THIN_DUPACK 17 /* Fast retrans. after 1 dupack */
+#define TCP_USER_TIMEOUT 18 /* How long for loss retry before timeout */
+#define TCP_REPAIR 19 /* TCP sock is under repair right now */
+#define TCP_REPAIR_QUEUE 20 /* Set TCP queue to repair */
+#define TCP_QUEUE_SEQ 21 /* Set sequence number of repaired queue. */
+#define TCP_REPAIR_OPTIONS 22 /* Repair TCP connection options */
+#define TCP_FASTOPEN 23 /* Enable FastOpen on listeners */
#ifdef __USE_MISC
# include <sys/types.h>
@@ -173,7 +182,9 @@ enum
# define TCPI_OPT_TIMESTAMPS 1
# define TCPI_OPT_SACK 2
# define TCPI_OPT_WSCALE 4
-# define TCPI_OPT_ECN 8
+# define TCPI_OPT_ECN 8 /* ECN was negociated at TCP session init */
+# define TCPI_OPT_ECN_SEEN 16 /* we received at least one packet with ECT */
+# define TCPI_OPT_SYN_DATA 32 /* SYN-ACK acked data in SYN sent or rcvd */
/* Values for tcpi_state. */
enum tcp_ca_state
@@ -241,6 +252,49 @@ struct tcp_md5sig
u_int8_t tcpm_key[TCP_MD5SIG_MAXKEYLEN]; /* Key (binary). */
};
+/* For socket repair options. */
+struct tcp_repair_opt
+{
+ u_int32_t opt_code;
+ u_int32_t opt_val;
+};
+
+/* Queue to repair, for TCP_REPAIR_QUEUE. */
+enum
+{
+ TCP_NO_QUEUE,
+ TCP_RECV_QUEUE,
+ TCP_SEND_QUEUE,
+ TCP_QUEUES_NR,
+};
+
+/* For cookie transactions socket options. */
+#define TCP_COOKIE_MIN 8 /* 64-bits */
+#define TCP_COOKIE_MAX 16 /* 128-bits */
+#define TCP_COOKIE_PAIR_SIZE (2*TCP_COOKIE_MAX)
+
+/* Flags for both getsockopt and setsockopt */
+#define TCP_COOKIE_IN_ALWAYS (1 << 0) /* Discard SYN without cookie */
+#define TCP_COOKIE_OUT_NEVER (1 << 1) /* Prohibit outgoing cookies,
+ * supercedes everything. */
+
+/* Flags for getsockopt */
+#define TCP_S_DATA_IN (1 << 2) /* Was data received? */
+#define TCP_S_DATA_OUT (1 << 3) /* Was data sent? */
+
+#define TCP_MSS_DEFAULT 536U /* IPv4 (RFC1122, RFC2581) */
+#define TCP_MSS_DESIRED 1220U /* IPv6 (tunneled), EDNS0 (RFC3226) */
+
+struct tcp_cookie_transactions
+{
+ u_int16_t tcpct_flags;
+ u_int8_t __tcpct_pad1;
+ u_int8_t tcpct_cookie_desired;
+ u_int16_t tcpct_s_data_desired;
+ u_int16_t tcpct_used;
+ u_int8_t tcpct_value[TCP_MSS_DEFAULT];
+};
+
#endif /* Misc. */
#endif /* netinet/tcp.h */
diff --git a/sysdeps/unix/sysv/linux/bits/socket.h b/sysdeps/unix/sysv/linux/bits/socket.h
index df8f167..eadd7d9 100644
--- a/sysdeps/unix/sysv/linux/bits/socket.h
+++ b/sysdeps/unix/sysv/linux/bits/socket.h
@@ -1,6 +1,5 @@
/* System-specific socket constants and types. Linux version.
- Copyright (C) 1991, 1992, 1994-2001, 2004, 2006-2010, 2011, 2012
- Free Software Foundation, Inc.
+ Copyright (C) 1991-2013 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -208,6 +207,8 @@ enum
#define MSG_MORE MSG_MORE
MSG_WAITFORONE = 0x10000, /* Wait for at least one packet to return.*/
#define MSG_WAITFORONE MSG_WAITFORONE
+ MSG_FASTOPEN = 0x20000000, /* Send data in TCP SYN. */
+#define MSG_FASTOPEN MSG_FASTOPEN
MSG_CMSG_CLOEXEC = 0x40000000 /* Set close_on_exit for file
descriptor received through

54
lib32-glibc/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
View File

@ -1,54 +0,0 @@
diff --git a/malloc/malloc.c b/malloc/malloc.c
index dd295f5..7f43ba3 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes)
size_t page_mask = GLRO(dl_pagesize) - 1;
size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
void *(*hook) (size_t, size_t, const void *) =
force_reg (__memalign_hook);
if (__builtin_expect (hook != NULL, 0))
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 7f43ba3..3148c5f 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
size_t pagesz = GLRO(dl_pagesize);
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
void *(*hook) (size_t, size_t, const void *) =
force_reg (__memalign_hook);
if (__builtin_expect (hook != NULL, 0))
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 3148c5f..f7718a9 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
/* Otherwise, ensure that it is at least a minimum chunk size */
if (alignment < MINSIZE) alignment = MINSIZE;
+ /* Check for overflow. */
+ if (bytes > SIZE_MAX - alignment - MINSIZE)
+ {
+ __set_errno (ENOMEM);
+ return 0;
+ }
+
arena_get(ar_ptr, bytes + alignment + MINSIZE);
if(!ar_ptr)
return 0;

485
lib32-glibc/glibc-2.18-ptr-mangle-CVE-2013-4788.patch
View File

@ -1,485 +0,0 @@
diff --git a/csu/libc-start.c b/csu/libc-start.c
index e5da3ef..c898d06 100644
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -37,6 +37,12 @@ extern void __pthread_initialize_minimal (void);
in thread local area. */
uintptr_t __stack_chk_guard attribute_relro;
# endif
+# ifndef THREAD_SET_POINTER_GUARD
+/* Only exported for architectures that don't store the pointer guard
+ value in thread local area. */
+uintptr_t __pointer_chk_guard_local
+ attribute_relro attribute_hidden __attribute__ ((nocommon));
+# endif
#endif
#ifdef HAVE_PTR_NTHREADS
@@ -195,6 +201,16 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL),
# else
__stack_chk_guard = stack_chk_guard;
# endif
+
+ /* Set up the pointer guard value. */
+ uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random,
+ stack_chk_guard);
+# ifdef THREAD_SET_POINTER_GUARD
+ THREAD_SET_POINTER_GUARD (pointer_chk_guard);
+# else
+ __pointer_chk_guard_local = pointer_chk_guard;
+# endif
+
#endif
/* Register the destructor of the dynamic linker if there is any. */
diff --git a/elf/Makefile b/elf/Makefile
index aaa9534..cb8da93 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -121,7 +121,8 @@ endif
tests = tst-tls1 tst-tls2 tst-tls9 tst-leaks1 \
tst-array1 tst-array2 tst-array3 tst-array4 tst-array5
tests-static = tst-tls1-static tst-tls2-static tst-stackguard1-static \
- tst-leaks1-static tst-array1-static tst-array5-static
+ tst-leaks1-static tst-array1-static tst-array5-static \
+ tst-ptrguard1-static
ifeq (yes,$(build-shared))
tests-static += tst-tls9-static
tst-tls9-static-ENV = \
@@ -145,7 +146,8 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \
tst-audit1 tst-audit2 tst-audit8 \
tst-stackguard1 tst-addr1 tst-thrlock \
tst-unique1 tst-unique2 tst-unique3 tst-unique4 \
- tst-initorder tst-initorder2 tst-relsort1 tst-null-argv
+ tst-initorder tst-initorder2 tst-relsort1 tst-null-argv \
+ tst-ptrguard1
# reldep9
test-srcs = tst-pathopt
selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null)
@@ -1016,6 +1018,9 @@ LDFLAGS-order2mod2.so = $(no-as-needed)
tst-stackguard1-ARGS = --command "$(host-test-program-cmd) --child"
tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
+tst-ptrguard1-ARGS = --command "$(host-test-program-cmd) --child"
+tst-ptrguard1-static-ARGS = --command "$(objpfx)tst-ptrguard1-static --child"
+
$(objpfx)tst-leaks1: $(libdl)
$(objpfx)tst-leaks1-mem: $(objpfx)tst-leaks1.out
$(common-objpfx)malloc/mtrace $(objpfx)tst-leaks1.mtrace > $@
diff --git a/elf/tst-ptrguard1-static.c b/elf/tst-ptrguard1-static.c
new file mode 100644
index 0000000..7aff3b7
--- /dev/null
+++ b/elf/tst-ptrguard1-static.c
@@ -0,0 +1 @@
+#include "tst-ptrguard1.c"
diff --git a/elf/tst-ptrguard1.c b/elf/tst-ptrguard1.c
new file mode 100644
index 0000000..c344a04
--- /dev/null
+++ b/elf/tst-ptrguard1.c
@@ -0,0 +1,202 @@
+/* Copyright (C) 2013 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/wait.h>
+#include <stackguard-macros.h>
+#include <tls.h>
+#include <unistd.h>
+
+#ifndef POINTER_CHK_GUARD
+extern uintptr_t __pointer_chk_guard;
+# define POINTER_CHK_GUARD __pointer_chk_guard
+#endif
+
+static const char *command;
+static bool child;
+static uintptr_t ptr_chk_guard_copy;
+static bool ptr_chk_guard_copy_set;
+static int fds[2];
+
+static void __attribute__ ((constructor))
+con (void)
+{
+ ptr_chk_guard_copy = POINTER_CHK_GUARD;
+ ptr_chk_guard_copy_set = true;
+}
+
+static int
+uintptr_t_cmp (const void *a, const void *b)
+{
+ if (*(uintptr_t *) a < *(uintptr_t *) b)
+ return 1;
+ if (*(uintptr_t *) a > *(uintptr_t *) b)
+ return -1;
+ return 0;
+}
+
+static int
+do_test (void)
+{
+ if (!ptr_chk_guard_copy_set)
+ {
+ puts ("constructor has not been run");
+ return 1;
+ }
+
+ if (ptr_chk_guard_copy != POINTER_CHK_GUARD)
+ {
+ puts ("POINTER_CHK_GUARD changed between constructor and do_test");
+ return 1;
+ }
+
+ if (child)
+ {
+ write (2, &ptr_chk_guard_copy, sizeof (ptr_chk_guard_copy));
+ return 0;
+ }
+
+ if (command == NULL)
+ {
+ puts ("missing --command or --child argument");
+ return 1;
+ }
+
+#define N 16
+ uintptr_t child_ptr_chk_guards[N + 1];
+ child_ptr_chk_guards[N] = ptr_chk_guard_copy;
+ int i;
+ for (i = 0; i < N; ++i)
+ {
+ if (pipe (fds) < 0)
+ {
+ printf ("couldn't create pipe: %m\n");
+ return 1;
+ }
+
+ pid_t pid = fork ();
+ if (pid < 0)
+ {
+ printf ("fork failed: %m\n");
+ return 1;
+ }
+
+ if (!pid)
+ {
+ if (ptr_chk_guard_copy != POINTER_CHK_GUARD)
+ {
+ puts ("POINTER_CHK_GUARD changed after fork");
+ exit (1);
+ }
+
+ close (fds[0]);
+ close (2);
+ dup2 (fds[1], 2);
+ close (fds[1]);
+
+ system (command);
+ exit (0);
+ }
+
+ close (fds[1]);
+
+ if (TEMP_FAILURE_RETRY (read (fds[0], &child_ptr_chk_guards[i],
+ sizeof (uintptr_t))) != sizeof (uintptr_t))
+ {
+ puts ("could not read ptr_chk_guard value from child");
+ return 1;
+ }
+
+ close (fds[0]);
+
+ pid_t termpid;
+ int status;
+ termpid = TEMP_FAILURE_RETRY (waitpid (pid, &status, 0));
+ if (termpid == -1)
+ {
+ printf ("waitpid failed: %m\n");
+ return 1;
+ }
+ else if (termpid != pid)
+ {
+ printf ("waitpid returned %ld != %ld\n",
+ (long int) termpid, (long int) pid);
+ return 1;
+ }
+ else if (!WIFEXITED (status) || WEXITSTATUS (status))
+ {
+ puts ("child hasn't exited with exit status 0");
+ return 1;
+ }
+ }
+
+ qsort (child_ptr_chk_guards, N + 1, sizeof (uintptr_t), uintptr_t_cmp);
+
+ /* The default pointer guard is the same as the default stack guard.
+ They are only set to default if dl_random is NULL. */
+ uintptr_t default_guard = 0;
+ unsigned char *p = (unsigned char *) &default_guard;
+ p[sizeof (uintptr_t) - 1] = 255;
+ p[sizeof (uintptr_t) - 2] = '\n';
+ p[0] = 0;
+
+ /* Test if the pointer guard canaries are either randomized,
+ or equal to the default pointer guard value.
+ Even with randomized pointer guards it might happen
+ that the random number generator generates the same
+ values, but if that happens in more than half from
+ the 16 runs, something is very wrong. */
+ int ndifferences = 0;
+ int ndefaults = 0;
+ for (i = 0; i < N; ++i)
+ {
+ if (child_ptr_chk_guards[i] != child_ptr_chk_guards[i+1])
+ ndifferences++;
+ else if (child_ptr_chk_guards[i] == default_guard)
+ ndefaults++;
+ }
+
+ printf ("differences %d defaults %d\n", ndifferences, ndefaults);
+
+ if (ndifferences < N / 2 && ndefaults < N / 2)
+ {
+ puts ("pointer guard values are not randomized enough");
+ puts ("nor equal to the default value");
+ return 1;
+ }
+
+ return 0;
+}
+
+#define OPT_COMMAND 10000
+#define OPT_CHILD 10001
+#define CMDLINE_OPTIONS \
+ { "command", required_argument, NULL, OPT_COMMAND }, \
+ { "child", no_argument, NULL, OPT_CHILD },
+#define CMDLINE_PROCESS \
+ case OPT_COMMAND: \
+ command = optarg; \
+ break; \
+ case OPT_CHILD: \
+ child = true; \
+ break;
+#define TEST_FUNCTION do_test ()
+#include "../test-skeleton.c"
diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h
index dc683c2..3907293 100644
--- a/ports/sysdeps/ia64/stackguard-macros.h
+++ b/ports/sysdeps/ia64/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h
index 589ea2b..f2e041b 100644
--- a/ports/sysdeps/tile/stackguard-macros.h
+++ b/ports/sysdeps/tile/stackguard-macros.h
@@ -4,11 +4,17 @@
# if __WORDSIZE == 64
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; })
# else
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; })
# endif
#else
# define STACK_CHK_GUARD \
({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; })
+# define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; })
#endif
diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
index ababf65..4fa3d96 100644
--- a/sysdeps/generic/stackguard-macros.h
+++ b/sysdeps/generic/stackguard-macros.h
@@ -2,3 +2,6 @@
extern uintptr_t __stack_chk_guard;
#define STACK_CHK_GUARD __stack_chk_guard
+
+extern uintptr_t __pointer_chk_guard_local;
+#define POINTER_CHK_GUARD __pointer_chk_guard_local
diff --git a/sysdeps/i386/stackguard-macros.h b/sysdeps/i386/stackguard-macros.h
index 8c31e19..0397629 100644
--- a/sysdeps/i386/stackguard-macros.h
+++ b/sysdeps/i386/stackguard-macros.h
@@ -2,3 +2,11 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("movl %%gs:%c1, %0" : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard))); \
+ x; \
+ })
diff --git a/sysdeps/powerpc/powerpc32/stackguard-macros.h b/sysdeps/powerpc/powerpc32/stackguard-macros.h
index 839f6a4..b3d0af8 100644
--- a/sysdeps/powerpc/powerpc32/stackguard-macros.h
+++ b/sysdeps/powerpc/powerpc32/stackguard-macros.h
@@ -2,3 +2,13 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("lwz %0,%1(2)" \
+ : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
+ ); \
+ x; \
+ })
diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
index 9da879c..4620f96 100644
--- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
@@ -2,3 +2,13 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ld %0,%1(2)" \
+ : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
+ ); \
+ x; \
+ })
diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h
index b74c579..449e8d4 100644
--- a/sysdeps/s390/s390-32/stackguard-macros.h
+++ b/sysdeps/s390/s390-32/stackguard-macros.h
@@ -2,3 +2,14 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0; l %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })
diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h
index 0cebb5f..c8270fb 100644
--- a/sysdeps/s390/s390-64/stackguard-macros.h
+++ b/sysdeps/s390/s390-64/stackguard-macros.h
@@ -2,3 +2,17 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
+
+/* On s390/s390x there is no unique pointer guard, instead we use the
+ same value as the stack guard. */
+#define POINTER_CHK_GUARD \
+ ({ \
+ uintptr_t x; \
+ asm ("ear %0,%%a0;" \
+ "sllg %0,%0,32;" \
+ "ear %0,%%a1;" \
+ "lg %0,%1(%0)" \
+ : "=a" (x) \
+ : "i" (offsetof (tcbhead_t, stack_guard))); \
+ x; \
+ })
diff --git a/sysdeps/sparc/sparc32/stackguard-macros.h b/sysdeps/sparc/sparc32/stackguard-macros.h
index c0b02b0..1eef0f1 100644
--- a/sysdeps/sparc/sparc32/stackguard-macros.h
+++ b/sysdeps/sparc/sparc32/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("ld [%%g7+0x18], %0" : "=r" (x)); x; })
diff --git a/sysdeps/sparc/sparc64/stackguard-macros.h b/sysdeps/sparc/sparc64/stackguard-macros.h
index 80f0635..cc0c12c 100644
--- a/sysdeps/sparc/sparc64/stackguard-macros.h
+++ b/sysdeps/sparc/sparc64/stackguard-macros.h
@@ -2,3 +2,6 @@
#define STACK_CHK_GUARD \
({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; asm ("ldx [%%g7+0x30], %0" : "=r" (x)); x; })
diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h
index d7fedb3..1948800 100644
--- a/sysdeps/x86_64/stackguard-macros.h
+++ b/sysdeps/x86_64/stackguard-macros.h
@@ -4,3 +4,8 @@
({ uintptr_t x; \
asm ("mov %%fs:%c1, %0" : "=r" (x) \
: "i" (offsetof (tcbhead_t, stack_guard))); x; })
+
+#define POINTER_CHK_GUARD \
+ ({ uintptr_t x; \
+ asm ("mov %%fs:%c1, %0" : "=r" (x) \
+ : "i" (offsetof (tcbhead_t, pointer_guard))); x; })
diff --git a/elf/Makefile b/elf/Makefile
index cb8da93..27d249b 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -1019,6 +1019,9 @@ tst-stackguard1-ARGS = --command "$(host-test-program-cmd) --child"
tst-stackguard1-static-ARGS = --command "$(objpfx)tst-stackguard1-static --child"
tst-ptrguard1-ARGS = --command "$(host-test-program-cmd) --child"
+# When built statically, the pointer guard interface uses
+# __pointer_chk_guard_local.
+CFLAGS-tst-ptrguard1-static.c = -DPTRGUARD_LOCAL
tst-ptrguard1-static-ARGS = --command "$(objpfx)tst-ptrguard1-static --child"
$(objpfx)tst-leaks1: $(libdl)
diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
index 4fa3d96..b4a6b23 100644
--- a/sysdeps/generic/stackguard-macros.h
+++ b/sysdeps/generic/stackguard-macros.h
@@ -3,5 +3,10 @@
extern uintptr_t __stack_chk_guard;
#define STACK_CHK_GUARD __stack_chk_guard
+#ifdef PTRGUARD_LOCAL
extern uintptr_t __pointer_chk_guard_local;
-#define POINTER_CHK_GUARD __pointer_chk_guard_local
+# define POINTER_CHK_GUARD __pointer_chk_guard_local
+#else
+extern uintptr_t __pointer_chk_guard;
+# define POINTER_CHK_GUARD __pointer_chk_guard
+#endif

281
lib32-glibc/glibc-2.18-readdir_r-CVE-2013-4237.patch
View File

@ -1,281 +0,0 @@
diff --git a/manual/conf.texi b/manual/conf.texi
index 7eb8b36..c720063 100644
--- a/manual/conf.texi
+++ b/manual/conf.texi
@@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues}.
@deftypevr Macro int NAME_MAX
The uniform system limit (if any) for the length of a file name component, not
including the terminating null character.
+
+@strong{Portability Note:} On some systems, @theglibc{} defines
+@code{NAME_MAX}, but does not actually enforce this limit.
@end deftypevr
@comment limits.h
@@ -1157,6 +1160,9 @@ including the terminating null character.
The uniform system limit (if any) for the length of an entire file name (that
is, the argument given to system calls such as @code{open}), including the
terminating null character.
+
+@strong{Portability Note:} @Theglibc{} does not enforce this limit
+even if @code{PATH_MAX} is defined.
@end deftypevr
@cindex limits, pipe buffer size
@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}.
Inquire about the value of @code{POSIX_REC_XFER_ALIGN}.
@end table
+@strong{Portability Note:} On some systems, @theglibc{} does not
+enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits.
+
@node Utility Limits
@section Utility Program Capacity Limits
diff --git a/manual/filesys.texi b/manual/filesys.texi
index 1df9cf2..814c210 100644
--- a/manual/filesys.texi
+++ b/manual/filesys.texi
@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}.
@comment POSIX.1
@deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
This function reads the next entry from the directory. It normally
-returns a pointer to a structure containing information about the file.
-This structure is statically allocated and can be rewritten by a
-subsequent call.
+returns a pointer to a structure containing information about the
+file. This structure is associated with the @var{dirstream} handle
+and can be rewritten by a subsequent call.
@strong{Portability Note:} On some systems @code{readdir} may not
return entries for @file{.} and @file{..}, even though these are always
@@ -461,19 +461,61 @@ conditions are defined for this function:
The @var{dirstream} argument is not valid.
@end table
-@code{readdir} is not thread safe. Multiple threads using
-@code{readdir} on the same @var{dirstream} may overwrite the return
-value. Use @code{readdir_r} when this is critical.
+To distinguish between an end-of-directory condition or an error, you
+must set @code{errno} to zero before calling @code{readdir}. To avoid
+entering an infinite loop, you should stop reading from the directory
+after the first error.
+
+In POSIX.1-2008, @code{readdir} is not thread-safe. In @theglibc{}
+implementation, it is safe to call @code{readdir} concurrently on
+different @var{dirstream}s, but multiple threads accessing the same
+@var{dirstream} result in undefined behavior. @code{readdir_r} is a
+fully thread-safe alternative, but suffers from poor portability (see
+below). It is recommended that you use @code{readdir}, with external
+locking if multiple threads access the same @var{dirstream}.
@end deftypefun
@comment dirent.h
@comment GNU
@deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
-This function is the reentrant version of @code{readdir}. Like
-@code{readdir} it returns the next entry from the directory. But to
-prevent conflicts between simultaneously running threads the result is
-not stored in statically allocated memory. Instead the argument
-@var{entry} points to a place to store the result.
+This function is a version of @code{readdir} which performs internal
+locking. Like @code{readdir} it returns the next entry from the
+directory. To prevent conflicts between simultaneously running
+threads the result is stored inside the @var{entry} object.
+
+@strong{Portability Note:} It is recommended to use @code{readdir}
+instead of @code{readdir_r} for the following reasons:
+
+@itemize @bullet
+@item
+On systems which do not define @code{NAME_MAX}, it may not be possible
+to use @code{readdir_r} safely because the caller does not specify the
+length of the buffer for the directory entry.
+
+@item
+On some systems, @code{readdir_r} cannot read directory entries with
+very long names. If such a name is encountered, @theglibc{}
+implementation of @code{readdir_r} returns with an error code of
+@code{ENAMETOOLONG} after the final directory entry has been read. On
+other systems, @code{readdir_r} may return successfully, but the
+@code{d_name} member may not be NUL-terminated or may be truncated.
+
+@item
+POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe,
+even when access to the same @var{dirstream} is serialized. But in
+current implementations (including @theglibc{}), it is safe to call
+@code{readdir} concurrently on different @var{dirstream}s, so there is
+no need to use @code{readdir_r} in most multi-threaded programs. In
+the rare case that multiple threads need to read from the same
+@var{dirstream}, it is still better to use @code{readdir} and external
+synchronization.
+
+@item
+It is expected that future versions of POSIX will obsolete
+@code{readdir_r} and mandate the level of thread safety for
+@code{readdir} which is provided by @theglibc{} and other
+implementations today.
+@end itemize
Normally @code{readdir_r} returns zero and sets @code{*@var{result}}
to @var{entry}. If there are no more entries in the directory or an
@@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets @code{*@var{result}} to a
null pointer and returns a nonzero error code, also stored in
@code{errno}, as described for @code{readdir}.
-@strong{Portability Note:} On some systems @code{readdir_r} may not
-return a NUL terminated string for the file name, even when there is no
-@code{d_reclen} field in @code{struct dirent} and the file
-name is the maximum allowed size. Modern systems all have the
-@code{d_reclen} field, and on old systems multi-threading is not
-critical. In any case there is no such problem with the @code{readdir}
-function, so that even on systems without the @code{d_reclen} member one
-could use multiple threads by using external locking.
-
It is also important to look at the definition of the @code{struct
dirent} type. Simply passing a pointer to an object of this type for
the second parameter of @code{readdir_r} might not be enough. Some
diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h
index a7a074d..8e8570d 100644
--- a/sysdeps/posix/dirstream.h
+++ b/sysdeps/posix/dirstream.h
@@ -39,6 +39,8 @@ struct __dirstream
off_t filepos; /* Position of next entry to read. */
+ int errcode; /* Delayed error code. */
+
/* Directory block. */
char data[0] __attribute__ ((aligned (__alignof__ (void*))));
};
diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
index ddfc3a7..fc05b0f 100644
--- a/sysdeps/posix/opendir.c
+++ b/sysdeps/posix/opendir.c
@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
dirp->size = 0;
dirp->offset = 0;
dirp->filepos = 0;
+ dirp->errcode = 0;
return dirp;
}
diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c
index b5a8e2e..8ed5c3f 100644
--- a/sysdeps/posix/readdir_r.c
+++ b/sysdeps/posix/readdir_r.c
@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
DIRENT_TYPE *dp;
size_t reclen;
const int saved_errno = errno;
+ int ret;
__libc_lock_lock (dirp->lock);
@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
bytes = 0;
__set_errno (saved_errno);
}
+ if (bytes < 0)
+ dirp->errcode = errno;
dp = NULL;
- /* Reclen != 0 signals that an error occurred. */
- reclen = bytes != 0;
break;
}
dirp->size = (size_t) bytes;
@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
dirp->filepos += reclen;
#endif
- /* Skip deleted files. */
+#ifdef NAME_MAX
+ if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1)
+ {
+ /* The record is very long. It could still fit into the
+ caller-supplied buffer if we can skip padding at the
+ end. */
+ size_t namelen = _D_EXACT_NAMLEN (dp);
+ if (namelen <= NAME_MAX)
+ reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1;
+ else
+ {
+ /* The name is too long. Ignore this file. */
+ dirp->errcode = ENAMETOOLONG;
+ dp->d_ino = 0;
+ continue;
+ }
+ }
+#endif
+
+ /* Skip deleted and ignored files. */
}
while (dp->d_ino == 0);
if (dp != NULL)
{
-#ifdef GETDENTS_64BIT_ALIGNED
- /* The d_reclen value might include padding which is not part of
- the DIRENT_TYPE data structure. */
- reclen = MIN (reclen,
- offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name));
-#endif
*result = memcpy (entry, dp, reclen);
-#ifdef GETDENTS_64BIT_ALIGNED
+#ifdef _DIRENT_HAVE_D_RECLEN
entry->d_reclen = reclen;
#endif
+ ret = 0;
}
else
- *result = NULL;
+ {
+ *result = NULL;
+ ret = dirp->errcode;
+ }
__libc_lock_unlock (dirp->lock);
- return dp != NULL ? 0 : reclen ? errno : 0;
+ return ret;
}
#ifdef __READDIR_R_ALIAS
diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c
index 2935a8e..d4991ad 100644
--- a/sysdeps/posix/rewinddir.c
+++ b/sysdeps/posix/rewinddir.c
@@ -33,6 +33,7 @@ rewinddir (dirp)
dirp->filepos = 0;
dirp->offset = 0;
dirp->size = 0;
+ dirp->errcode = 0;
#ifndef NOT_IN_libc
__libc_lock_unlock (dirp->lock);
#endif
diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
index 8ebbcfd..a7d114e 100644
--- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
@@ -18,7 +18,6 @@
#define __READDIR_R __readdir64_r
#define __GETDENTS __getdents64
#define DIRENT_TYPE struct dirent64
-#define GETDENTS_64BIT_ALIGNED 1
#include <sysdeps/posix/readdir_r.c>
diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
index 5ed8e95..290f2c8 100644
--- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
@@ -1,5 +1,4 @@
#define readdir64_r __no_readdir64_r_decl
-#define GETDENTS_64BIT_ALIGNED 1
#include <sysdeps/posix/readdir_r.c>
#undef readdir64_r
weak_alias (__readdir_r, readdir64_r)
--
1.8.3.4

1004
lib32-glibc/glibc-2.18-strcoll-CVE-2012-4412+4424.patch
View File

File diff suppressed because it is too large Load Diff

13
lib32-glibc/glibc-2.18-strstr-hackfix.patch
View File

@ -1,13 +0,0 @@
diff --git a/sysdeps/x86_64/multiarch/strstr.c b/sysdeps/x86_64/multiarch/strstr.c
index cd63b68..03d8b9a 100644
--- a/sysdeps/x86_64/multiarch/strstr.c
+++ b/sysdeps/x86_64/multiarch/strstr.c
@@ -86,7 +86,7 @@
/* Simple replacement of movdqu to address 4KB boundary cross issue.
If EOS occurs within less than 16B before 4KB boundary, we don't
cross to next page. */
-static __m128i
+static inline __m128i
__m128i_strloadu (const unsigned char * p, __m128i zero)
{
if (__builtin_expect ((int) ((size_t) p & 0xfff) > 0xff0, 0))

71
lib32-glibc/glibc-2.19-fix-sign-in-bsloww1-input.patch Normal file
View File

@ -0,0 +1,71 @@
From ffe768a90912f9bce43b70a82576b3dc99e3121c Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@redhat.com>
Date: Thu, 27 Feb 2014 21:29:16 +0530
Subject: [PATCH] Fix sign of input to bsloww1 (BZ #16623)
In 84ba214c, I removed some redundant sign computations and in the
process, I incorrectly got rid of a temporary variable, thus passing
the absolute value of the input to bsloww1. This caused #16623.
This fix undoes the incorrect change.
---
sysdeps/ieee754/dbl-64/s_sin.c | 16 ++++++++++------
3 files changed, 18 insertions(+), 7 deletions(-)
diff --git a/sysdeps/ieee754/dbl-64/s_sin.c b/sysdeps/ieee754/dbl-64/s_sin.c
index 6105e9f..50109b8 100644
--- a/sysdeps/ieee754/dbl-64/s_sin.c
+++ b/sysdeps/ieee754/dbl-64/s_sin.c
@@ -447,19 +447,21 @@ __sin (double x)
}
else
{
+ double t;
if (a > 0)
{
m = 1;
+ t = a;
db = da;
}
else
{
m = 0;
- a = -a;
+ t = -a;
db = -da;
}
- u.x = big + a;
- y = a - (u.x - big);
+ u.x = big + t;
+ y = t - (u.x - big);
res = do_sin (u, y, db, &cor);
cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps;
retval = ((res == res + cor) ? ((m) ? res : -res)
@@ -671,19 +673,21 @@ __cos (double x)
}
else
{
+ double t;
if (a > 0)
{
m = 1;
+ t = a;
db = da;
}
else
{
m = 0;
- a = -a;
+ t = -a;
db = -da;
}
- u.x = big + a;
- y = a - (u.x - big);
+ u.x = big + t;
+ y = t - (u.x - big);
res = do_sin (u, y, db, &cor);
cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps;
retval = ((res == res + cor) ? ((m) ? res : -res)
--
1.9.0

13
lib32-glibc/glibc-2.19-tzselect-default.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/timezone/Makefile b/timezone/Makefile
index 998cd14..d5f647c 100644
--- a/timezone/Makefile
+++ b/timezone/Makefile
@@ -118,7 +118,7 @@ $(testdata)/Asia/Tokyo: asia $(zic-deps)
$(objpfx)tzselect: tzselect.ksh $(common-objpfx)config.make
sed -e 's|/bin/bash|$(KSH)|g' \
- -e '/TZDIR=/s|\$$(pwd)|$(zonedir)|' \
+ -e 's|TZDIR=[^}]*|TZDIR=$(zonedir)|' \
-e '/TZVERSION=/s|see_Makefile|"$(version)"|' \
-e '/PKGVERSION=/s|=.*|="$(PKGVERSION)"|' \
-e '/REPORT_BUGS_TO=/s|=.*|="$(REPORT_BUGS_TO)"|' \

42
lib32-glibc/glibc-2.19-xattr_header.patch Normal file
View File

@ -0,0 +1,42 @@
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Tue, 11 Mar 2014 04:17:07 +0000 (-0500)
Subject: misc/sys/xattr.h: guard against linux uapi header inclusion
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=fdbe8eae;hp=fede7a5ffa188c22c3789135bd5cf82e487dd3d0
misc/sys/xattr.h: guard against linux uapi header inclusion
If the glibc xattr.h header is included after the uapi header,
compilation fails due to an enum re-using a #define from the
uapi header. Protect against this by guarding the define and
enum inclusions against each other.
(A corresponding kernel patch has been sent here:
http://lkml.org/lkml/2014/3/7/331 )
(See https://lists.debian.org/debian-glibc/2014/03/msg00029.html
and https://sourceware.org/glibc/wiki/Synchronizing_Headers
for more information.)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
diff --git a/misc/sys/xattr.h b/misc/sys/xattr.h
index 929cd87..796df90 100644
--- a/misc/sys/xattr.h
+++ b/misc/sys/xattr.h
@@ -26,6 +26,7 @@ __BEGIN_DECLS
/* The following constants should be used for the fifth parameter of
`*setxattr'. */
+#ifndef __USE_KERNEL_XATTR_DEFS
enum
{
XATTR_CREATE = 1, /* set value, fail if attr already exists. */
@@ -33,6 +34,7 @@ enum
XATTR_REPLACE = 2 /* set value, fail if attr does not exist. */
#define XATTR_REPLACE XATTR_REPLACE
};
+#endif
/* Set the attribute NAME of the file pointed to by PATH to VALUE (which
is SIZE bytes long). Return 0 on success, -1 for errors. */

13
lib32-glibc/glibc-__i686.patch
View File

@ -1,13 +0,0 @@
diff -Naur glibc-old//sysdeps/i386/Makefile glibc//sysdeps/i386/Makefile
--- glibc-old//sysdeps/i386/Makefile 2010-03-18 11:52:30.000000000 +1000
+++ glibc//sysdeps/i386/Makefile 2010-04-16 15:05:50.000000000 +1000
@@ -1,6 +1,7 @@
# The mpn functions need a #define for asm syntax flavor.
-# Every i386 port in use uses gas syntax (I think).
-asm-CPPFLAGS += -DGAS_SYNTAX
+# Every i386 port in use uses gas syntax (I think). Don't replace
+# __i686 in __i686.get_pc_thunk.bx.
+asm-CPPFLAGS += -DGAS_SYNTAX -U __i686
# The i386 `long double' is a distinct type we support.
long-double-fcts = yes