From 46f50433f3b9532726e1eabccb0097b79bfbdd79 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sat, 5 Feb 2022 05:26:15 +0000 Subject: [PATCH] import glibc-2.28-189.el8 --- SOURCES/glibc-rh2007327-1.patch | 92 +++++++++ SOURCES/glibc-rh2007327-2.patch | 200 +++++++++++++++++++ SOURCES/glibc-rh2032281-1.patch | 64 ++++++ SOURCES/glibc-rh2032281-2.patch | 74 +++++++ SOURCES/glibc-rh2032281-3.patch | 278 +++++++++++++++++++++++++++ SOURCES/glibc-rh2032281-4.patch | 331 ++++++++++++++++++++++++++++++++ SOURCES/glibc-rh2032281-5.patch | 121 ++++++++++++ SOURCES/glibc-rh2032281-6.patch | 46 +++++ SOURCES/glibc-rh2032281-7.patch | 24 +++ SOURCES/glibc-rh2045063-1.patch | 164 ++++++++++++++++ SOURCES/glibc-rh2045063-2.patch | 32 +++ SOURCES/glibc-rh2045063-3.patch | 80 ++++++++ SOURCES/glibc-rh2045063-4.patch | 101 ++++++++++ SOURCES/glibc-rh2045063-5.patch | 54 ++++++ SOURCES/wrap-find-debuginfo.sh | 112 +++++++++++ SPECS/glibc.spec | 256 +++++++----------------- 16 files changed, 1838 insertions(+), 191 deletions(-) create mode 100644 SOURCES/glibc-rh2007327-1.patch create mode 100644 SOURCES/glibc-rh2007327-2.patch create mode 100644 SOURCES/glibc-rh2032281-1.patch create mode 100644 SOURCES/glibc-rh2032281-2.patch create mode 100644 SOURCES/glibc-rh2032281-3.patch create mode 100644 SOURCES/glibc-rh2032281-4.patch create mode 100644 SOURCES/glibc-rh2032281-5.patch create mode 100644 SOURCES/glibc-rh2032281-6.patch create mode 100644 SOURCES/glibc-rh2032281-7.patch create mode 100644 SOURCES/glibc-rh2045063-1.patch create mode 100644 SOURCES/glibc-rh2045063-2.patch create mode 100644 SOURCES/glibc-rh2045063-3.patch create mode 100644 SOURCES/glibc-rh2045063-4.patch create mode 100644 SOURCES/glibc-rh2045063-5.patch create mode 100755 SOURCES/wrap-find-debuginfo.sh diff --git a/SOURCES/glibc-rh2007327-1.patch b/SOURCES/glibc-rh2007327-1.patch new file mode 100644 index 0000000..2c6379e --- /dev/null +++ b/SOURCES/glibc-rh2007327-1.patch @@ -0,0 +1,92 @@ +commit 28c30a6232aa9a54783c146590498a061fc0112a +Author: Samuel Thibault +Date: Sun Feb 9 19:50:21 2020 +0000 + + pthread: Move most once tests from nptl to sysdeps/pthread + + So they can be checked with htl too. + +# Conflicts: +# sysdeps/pthread/Makefile +# (Moved only the tests in this commit which subsequently +# needed for the pthread_once fix) + +diff --git a/nptl/Makefile b/nptl/Makefile +index b14de3ffb330c10b..dcf3868869767015 100644 +--- a/nptl/Makefile ++++ b/nptl/Makefile +@@ -260,7 +260,7 @@ tests = tst-attr1 tst-attr2 tst-attr3 tst-default-attr \ + tst-rwlock4 tst-rwlock5 tst-rwlock6 tst-rwlock7 tst-rwlock8 \ + tst-rwlock9 tst-rwlock10 tst-rwlock11 tst-rwlock12 tst-rwlock13 \ + tst-rwlock14 tst-rwlock15 tst-rwlock16 tst-rwlock17 tst-rwlock18 \ +- tst-once1 tst-once2 tst-once3 tst-once4 tst-once5 \ ++ tst-once5 \ + tst-key1 tst-key2 tst-key3 tst-key4 \ + tst-sem1 tst-sem2 tst-sem3 tst-sem4 tst-sem5 tst-sem6 tst-sem7 \ + tst-sem8 tst-sem9 tst-sem10 tst-sem14 \ +@@ -384,8 +384,7 @@ tests += tst-cancelx2 tst-cancelx3 tst-cancelx4 tst-cancelx5 \ + tst-cancelx6 tst-cancelx7 tst-cancelx8 tst-cancelx9 tst-cancelx10 \ + tst-cancelx11 tst-cancelx12 tst-cancelx13 tst-cancelx14 tst-cancelx15 \ + tst-cancelx16 tst-cancelx17 tst-cancelx18 tst-cancelx20 tst-cancelx21 \ +- tst-cleanupx0 tst-cleanupx1 tst-cleanupx2 tst-cleanupx3 tst-cleanupx4 \ +- tst-oncex3 tst-oncex4 ++ tst-cleanupx0 tst-cleanupx1 tst-cleanupx2 tst-cleanupx3 tst-cleanupx4 + ifeq ($(build-shared),yes) + tests += tst-atfork2 tst-tls4 tst-_res1 tst-fini1 tst-compat-forwarder \ + tst-audit-threads +@@ -525,8 +524,6 @@ CFLAGS-tst-cleanupx2.c += -fexceptions + CFLAGS-tst-cleanupx3.c += -fexceptions + CFLAGS-tst-cleanupx4.c += -fexceptions + CFLAGS-tst-cleanupx4aux.c += -fexceptions +-CFLAGS-tst-oncex3.c += -fexceptions +-CFLAGS-tst-oncex4.c += -fexceptions + CFLAGS-tst-align.c += $(stack-align-test-flags) + CFLAGS-tst-align3.c += $(stack-align-test-flags) + CFLAGS-tst-initializers1.c += -W -Wall -Werror +diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile +index 98a92f8d6bb119ba..14ef04247cb84ad3 100644 +--- a/sysdeps/pthread/Makefile ++++ b/sysdeps/pthread/Makefile +@@ -33,11 +33,18 @@ endif + + tst-create1mod.so-no-z-defs = yes + ++tests += tst-once1 tst-once2 tst-once3 tst-once4 ++ ++tests += tst-oncex3 tst-oncex4 ++ + ifeq ($(build-shared),yes) + # Build all the modules even when not actually running test programs. + tests: $(test-modules) + endif + ++CFLAGS-tst-oncex3.c += -fexceptions ++CFLAGS-tst-oncex4.c += -fexceptions ++ + modules-names += tst-create1mod + test-modules = $(addprefix $(objpfx),$(addsuffix .so,$(modules-names))) + +diff --git a/nptl/tst-once1.c b/sysdeps/pthread/tst-once1.c +similarity index 100% +rename from nptl/tst-once1.c +rename to sysdeps/pthread/tst-once1.c +diff --git a/nptl/tst-once2.c b/sysdeps/pthread/tst-once2.c +similarity index 100% +rename from nptl/tst-once2.c +rename to sysdeps/pthread/tst-once2.c +diff --git a/nptl/tst-once3.c b/sysdeps/pthread/tst-once3.c +similarity index 100% +rename from nptl/tst-once3.c +rename to sysdeps/pthread/tst-once3.c +diff --git a/nptl/tst-once4.c b/sysdeps/pthread/tst-once4.c +similarity index 100% +rename from nptl/tst-once4.c +rename to sysdeps/pthread/tst-once4.c +diff --git a/nptl/tst-oncex3.c b/sysdeps/pthread/tst-oncex3.c +similarity index 100% +rename from nptl/tst-oncex3.c +rename to sysdeps/pthread/tst-oncex3.c +diff --git a/nptl/tst-oncex4.c b/sysdeps/pthread/tst-oncex4.c +similarity index 100% +rename from nptl/tst-oncex4.c +rename to sysdeps/pthread/tst-oncex4.c diff --git a/SOURCES/glibc-rh2007327-2.patch b/SOURCES/glibc-rh2007327-2.patch new file mode 100644 index 0000000..29e67f9 --- /dev/null +++ b/SOURCES/glibc-rh2007327-2.patch @@ -0,0 +1,200 @@ +commit f0419e6a10740a672b28e112c409ae24f5e890ab +Author: Jakub Jelinek +Date: Thu Mar 4 15:15:33 2021 +0100 + + [PATCH] pthread_once hangs when init routine throws an exception [BZ #18435] + + This is another attempt at making pthread_once handle throwing exceptions + from the init routine callback. As the new testcases show, just switching + to the cleanup attribute based cleanup does fix the tst-once5 test, but + breaks the new tst-oncey3 test. That is because when throwing exceptions, + only the unwind info registered cleanups (i.e. C++ destructors or cleanup + attribute), when cancelling threads and there has been unwind info from the + cancellation point up to whatever needs cleanup both unwind info registered + cleanups and THREAD_SETMEM (self, cleanup, ...) registered cleanups are + invoked, but once we hit some frame with no unwind info, only the + THREAD_SETMEM (self, cleanup, ...) registered cleanups are invoked. + So, to stay fully backwards compatible (allow init routines without + unwind info which encounter cancellation points) and handle exception throwing + we actually need to register the pthread_once cleanups in both unwind info + and in the THREAD_SETMEM (self, cleanup, ...) way. + If an exception is thrown, only the former will happen and we in that case + need to also unregister the THREAD_SETMEM (self, cleanup, ...) registered + handler, because otherwise after catching the exception the user code could + call deeper into the stack some cancellation point, get cancelled and then + a stale cleanup handler would clobber stack and probably crash. + If a thread calling init routine is cancelled and unwind info ends before + the pthread_once frame, it will be cleaned up through self->cleanup as + before. And if unwind info is present, unwind_stop first calls the + self->cleanup registered handler for the frame, then it will call the + unwind info registered handler but that will already see __do_it == 0 + and do nothing. + +# Conflicts: +# nptl/Makefile +# (The usual cleanups because they don't match.) +# sysdeps/pthread/Makefile +# (The usual cleanups because all the other tests aren't moved.) + +diff --git a/nptl/Makefile b/nptl/Makefile +index dcf3868869767015..70a3be23ecfcd9c9 100644 +--- a/nptl/Makefile ++++ b/nptl/Makefile +@@ -334,10 +334,6 @@ xtests = tst-setuid1 tst-setuid1-static tst-setuid2 \ + tst-mutexpp1 tst-mutexpp6 tst-mutexpp10 + test-srcs = tst-oddstacklimit + +-# Test expected to fail on most targets (except x86_64) due to bug +-# 18435 - pthread_once hangs when init routine throws an exception. +-test-xfail-tst-once5 = yes +- + # Files which must not be linked with libpthread. + tests-nolibpthread = tst-unload + +diff --git a/nptl/pthreadP.h b/nptl/pthreadP.h +index a2d48b2015cd385c..7ddc166cf32414c4 100644 +--- a/nptl/pthreadP.h ++++ b/nptl/pthreadP.h +@@ -571,6 +571,67 @@ extern void __pthread_cleanup_pop (struct _pthread_cleanup_buffer *buffer, + # undef pthread_cleanup_pop + # define pthread_cleanup_pop(execute) \ + __pthread_cleanup_pop (&_buffer, (execute)); } ++ ++# if defined __EXCEPTIONS && !defined __cplusplus ++/* Structure to hold the cleanup handler information. */ ++struct __pthread_cleanup_combined_frame ++{ ++ void (*__cancel_routine) (void *); ++ void *__cancel_arg; ++ int __do_it; ++ struct _pthread_cleanup_buffer __buffer; ++}; ++ ++/* Special cleanup macros which register cleanup both using ++ __pthread_cleanup_{push,pop} and using cleanup attribute. This is needed ++ for pthread_once, so that it supports both throwing exceptions from the ++ pthread_once callback (only cleanup attribute works there) and cancellation ++ of the thread running the callback if the callback or some routines it ++ calls don't have unwind information. */ ++ ++static __always_inline void ++__pthread_cleanup_combined_routine (struct __pthread_cleanup_combined_frame ++ *__frame) ++{ ++ if (__frame->__do_it) ++ { ++ __frame->__cancel_routine (__frame->__cancel_arg); ++ __frame->__do_it = 0; ++ __pthread_cleanup_pop (&__frame->__buffer, 0); ++ } ++} ++ ++static inline void ++__pthread_cleanup_combined_routine_voidptr (void *__arg) ++{ ++ struct __pthread_cleanup_combined_frame *__frame ++ = (struct __pthread_cleanup_combined_frame *) __arg; ++ if (__frame->__do_it) ++ { ++ __frame->__cancel_routine (__frame->__cancel_arg); ++ __frame->__do_it = 0; ++ } ++} ++ ++# define pthread_cleanup_combined_push(routine, arg) \ ++ do { \ ++ void (*__cancel_routine) (void *) = (routine); \ ++ struct __pthread_cleanup_combined_frame __clframe \ ++ __attribute__ ((__cleanup__ (__pthread_cleanup_combined_routine))) \ ++ = { .__cancel_routine = __cancel_routine, .__cancel_arg = (arg), \ ++ .__do_it = 1 }; \ ++ __pthread_cleanup_push (&__clframe.__buffer, \ ++ __pthread_cleanup_combined_routine_voidptr, \ ++ &__clframe); ++ ++# define pthread_cleanup_combined_pop(execute) \ ++ __pthread_cleanup_pop (&__clframe.__buffer, 0); \ ++ __clframe.__do_it = 0; \ ++ if (execute) \ ++ __cancel_routine (__clframe.__cancel_arg); \ ++ } while (0) ++ ++# endif + #endif + + extern void __pthread_cleanup_push_defer (struct _pthread_cleanup_buffer *buffer, +diff --git a/nptl/pthread_once.c b/nptl/pthread_once.c +index 1653226286dc3539..45e965e8743d9412 100644 +--- a/nptl/pthread_once.c ++++ b/nptl/pthread_once.c +@@ -111,11 +111,11 @@ __pthread_once_slow (pthread_once_t *once_control, void (*init_routine) (void)) + /* This thread is the first here. Do the initialization. + Register a cleanup handler so that in case the thread gets + interrupted the initialization can be restarted. */ +- pthread_cleanup_push (clear_once_control, once_control); ++ pthread_cleanup_combined_push (clear_once_control, once_control); + + init_routine (); + +- pthread_cleanup_pop (0); ++ pthread_cleanup_combined_pop (0); + + + /* Mark *once_control as having finished the initialization. We need +diff --git a/nptl/tst-once5.cc b/nptl/tst-once5.cc +index d232266c3ace89d9..dda18e610c9114bc 100644 +--- a/nptl/tst-once5.cc ++++ b/nptl/tst-once5.cc +@@ -59,7 +59,7 @@ do_test (void) + " throwing an exception", stderr); + } + catch (OnceException) { +- if (1 < niter) ++ if (niter > 1) + fputs ("pthread_once unexpectedly threw", stderr); + result = 0; + } +@@ -75,7 +75,5 @@ do_test (void) + return result; + } + +-// The test currently hangs and is XFAILed. Reduce the timeout. +-#define TIMEOUT 1 + #define TEST_FUNCTION do_test () + #include "../test-skeleton.c" +diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile +index 14ef04247cb84ad3..80a71f3f9f0e72ae 100644 +--- a/sysdeps/pthread/Makefile ++++ b/sysdeps/pthread/Makefile +@@ -35,7 +35,7 @@ tst-create1mod.so-no-z-defs = yes + + tests += tst-once1 tst-once2 tst-once3 tst-once4 + +-tests += tst-oncex3 tst-oncex4 ++tests += tst-oncex3 tst-oncex4 tst-oncey3 tst-oncey4 + + ifeq ($(build-shared),yes) + # Build all the modules even when not actually running test programs. +@@ -44,6 +44,8 @@ endif + + CFLAGS-tst-oncex3.c += -fexceptions + CFLAGS-tst-oncex4.c += -fexceptions ++CFLAGS-tst-oncey3.c += -fno-exceptions -fno-asynchronous-unwind-tables ++CFLAGS-tst-oncey4.c += -fno-exceptions -fno-asynchronous-unwind-tables + + modules-names += tst-create1mod + test-modules = $(addprefix $(objpfx),$(addsuffix .so,$(modules-names))) +diff --git a/sysdeps/pthread/tst-oncey3.c b/sysdeps/pthread/tst-oncey3.c +new file mode 100644 +index 0000000000000000..08225b88dc06b979 +--- /dev/null ++++ b/sysdeps/pthread/tst-oncey3.c +@@ -0,0 +1 @@ ++#include "tst-once3.c" +diff --git a/sysdeps/pthread/tst-oncey4.c b/sysdeps/pthread/tst-oncey4.c +new file mode 100644 +index 0000000000000000..9b4d98f3f13c265a +--- /dev/null ++++ b/sysdeps/pthread/tst-oncey4.c +@@ -0,0 +1 @@ ++#include "tst-once4.c" diff --git a/SOURCES/glibc-rh2032281-1.patch b/SOURCES/glibc-rh2032281-1.patch new file mode 100644 index 0000000..6308350 --- /dev/null +++ b/SOURCES/glibc-rh2032281-1.patch @@ -0,0 +1,64 @@ +commit a7e9dbb7742954814643a8562dcad09abb0b0e5d +Author: Alexandra Hájková +Date: Sat Dec 26 18:45:13 2020 +0100 + + Add xchdir to libsupport. + +diff --git a/support/Makefile b/support/Makefile +index dcf3c4baa2a31070..fb95a69ed9158e78 100644 +--- a/support/Makefile ++++ b/support/Makefile +@@ -82,6 +82,7 @@ libsupport-routines = \ + xasprintf \ + xbind \ + xcalloc \ ++ xchdir \ + xchroot \ + xclose \ + xconnect \ +diff --git a/support/xchdir.c b/support/xchdir.c +new file mode 100644 +index 0000000000000000..beb4feff72832065 +--- /dev/null ++++ b/support/xchdir.c +@@ -0,0 +1,28 @@ ++/* chdir with error checking. ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++ ++void ++xchdir (const char *path) ++{ ++ if (chdir (path) != 0) ++ FAIL_EXIT1 ("chdir (\"%s\"): %m", path); ++} +diff --git a/support/xunistd.h b/support/xunistd.h +index f99f362cb4763c5b..74fd2771d12c36fe 100644 +--- a/support/xunistd.h ++++ b/support/xunistd.h +@@ -44,6 +44,7 @@ long xsysconf (int name); + long long xlseek (int fd, long long offset, int whence); + void xftruncate (int fd, long long length); + void xsymlink (const char *target, const char *linkpath); ++void xchdir (const char *path); + + /* Equivalent of "mkdir -p". */ + void xmkdirp (const char *, mode_t); diff --git a/SOURCES/glibc-rh2032281-2.patch b/SOURCES/glibc-rh2032281-2.patch new file mode 100644 index 0000000..feac384 --- /dev/null +++ b/SOURCES/glibc-rh2032281-2.patch @@ -0,0 +1,74 @@ +Additionally include stdbool.h to fix issues with bool keyword usage. + +commit 60854f40ea2d420867ed2f0f052ee7fca661dbff +Author: Adhemerval Zanella +Date: Thu Oct 15 15:14:22 2020 -0300 + + support: Add create_temp_file_in_dir + + It allows created a temporary file in a specified directory. + +diff --git a/support/support.h b/support/support.h +index f50f8cc1496d657d..96833bd4e992e6d3 100644 +--- a/support/support.h ++++ b/support/support.h +@@ -23,6 +23,7 @@ + #ifndef SUPPORT_H + #define SUPPORT_H + ++#include + #include + #include + /* For mode_t. */ +diff --git a/support/temp_file.c b/support/temp_file.c +index 0bbc7f997264f758..5a2728c94a9c32ae 100644 +--- a/support/temp_file.c ++++ b/support/temp_file.c +@@ -60,14 +60,12 @@ add_temp_file (const char *name) + } + + int +-create_temp_file (const char *base, char **filename) ++create_temp_file_in_dir (const char *base, const char *dir, char **filename) + { + char *fname; + int fd; + +- fname = (char *) xmalloc (strlen (test_dir) + 1 + strlen (base) +- + sizeof ("XXXXXX")); +- strcpy (stpcpy (stpcpy (stpcpy (fname, test_dir), "/"), base), "XXXXXX"); ++ fname = xasprintf ("%s/%sXXXXXX", dir, base); + + fd = mkstemp (fname); + if (fd == -1) +@@ -86,6 +84,12 @@ create_temp_file (const char *base, char **filename) + return fd; + } + ++int ++create_temp_file (const char *base, char **filename) ++{ ++ return create_temp_file_in_dir (base, test_dir, filename); ++} ++ + char * + support_create_temp_directory (const char *base) + { +diff --git a/support/temp_file.h b/support/temp_file.h +index c7795cc577ca22a9..d64563f41f1f50cd 100644 +--- a/support/temp_file.h ++++ b/support/temp_file.h +@@ -32,6 +32,13 @@ void add_temp_file (const char *name); + *FILENAME. */ + int create_temp_file (const char *base, char **filename); + ++/* Create a temporary file in directory DIR. Return the opened file ++ descriptor on success, or -1 on failure. Write the file name to ++ *FILENAME if FILENAME is not NULL. In this case, the caller is ++ expected to free *FILENAME. */ ++int create_temp_file_in_dir (const char *base, const char *dir, ++ char **filename); ++ + /* Create a temporary directory and schedule it for deletion. BASE is + used as a prefix for the unique directory name, which the function + returns. The caller should free this string. */ diff --git a/SOURCES/glibc-rh2032281-3.patch b/SOURCES/glibc-rh2032281-3.patch new file mode 100644 index 0000000..7cb306d --- /dev/null +++ b/SOURCES/glibc-rh2032281-3.patch @@ -0,0 +1,278 @@ +commit fb7bff12e81c677a6622f724edd4d4987dd9d971 +Author: Siddhesh Poyarekar +Date: Tue Jan 18 13:29:36 2022 +0530 + + support: Add helpers to create paths longer than PATH_MAX + + Add new helpers support_create_and_chdir_toolong_temp_directory and + support_chdir_toolong_temp_directory to create and descend into + directory trees longer than PATH_MAX. + + Reviewed-by: Adhemerval Zanella + Signed-off-by: Siddhesh Poyarekar + +# Conflicts: +# support/temp_file.c + +diff --git a/support/temp_file.c b/support/temp_file.c +index 5a2728c94a9c32ae..661c86bad5c0121f 100644 +--- a/support/temp_file.c ++++ b/support/temp_file.c +@@ -1,5 +1,6 @@ + /* Temporary file handling for tests. +- Copyright (C) 1998-2018 Free Software Foundation, Inc. ++ Copyright (C) 1998-2022 Free Software Foundation, Inc. ++ Copyright The GNU Tools Authors. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -20,15 +21,17 @@ + some 32-bit platforms. */ + #define _FILE_OFFSET_BITS 64 + ++#include + #include + #include + #include + ++#include + #include + #include + #include + #include +-#include ++#include + + /* List of temporary files. */ + static struct temp_name_list +@@ -36,14 +39,20 @@ static struct temp_name_list + struct temp_name_list *next; + char *name; + pid_t owner; ++ bool toolong; + } *temp_name_list; + + /* Location of the temporary files. Set by the test skeleton via + support_set_test_dir. The string is not be freed. */ + static const char *test_dir = _PATH_TMP; + +-void +-add_temp_file (const char *name) ++/* Name of subdirectories in a too long temporary directory tree. */ ++static char toolong_subdir[NAME_MAX + 1]; ++static bool toolong_initialized; ++static size_t toolong_path_max; ++ ++static void ++add_temp_file_internal (const char *name, bool toolong) + { + struct temp_name_list *newp + = (struct temp_name_list *) xcalloc (sizeof (*newp), 1); +@@ -53,12 +62,19 @@ add_temp_file (const char *name) + newp->name = newname; + newp->next = temp_name_list; + newp->owner = getpid (); ++ newp->toolong = toolong; + temp_name_list = newp; + } + else + free (newp); + } + ++void ++add_temp_file (const char *name) ++{ ++ add_temp_file_internal (name, false); ++} ++ + int + create_temp_file_in_dir (const char *base, const char *dir, char **filename) + { +@@ -90,8 +106,8 @@ create_temp_file (const char *base, char **filename) + return create_temp_file_in_dir (base, test_dir, filename); + } + +-char * +-support_create_temp_directory (const char *base) ++static char * ++create_temp_directory_internal (const char *base, bool toolong) + { + char *path = xasprintf ("%s/%sXXXXXX", test_dir, base); + if (mkdtemp (path) == NULL) +@@ -99,16 +115,132 @@ support_create_temp_directory (const char *base) + printf ("error: mkdtemp (\"%s\"): %m", path); + exit (1); + } +- add_temp_file (path); ++ add_temp_file_internal (path, toolong); + return path; + } + +-/* Helper functions called by the test skeleton follow. */ ++char * ++support_create_temp_directory (const char *base) ++{ ++ return create_temp_directory_internal (base, false); ++} ++ ++static void ++ensure_toolong_initialized (void) ++{ ++ if (!toolong_initialized) ++ FAIL_EXIT1 ("uninitialized toolong directory tree\n"); ++} ++ ++static void ++initialize_toolong (const char *base) ++{ ++ long name_max = pathconf (base, _PC_NAME_MAX); ++ name_max = (name_max < 0 ? 64 ++ : (name_max < sizeof (toolong_subdir) ? name_max ++ : sizeof (toolong_subdir) - 1)); ++ ++ long path_max = pathconf (base, _PC_PATH_MAX); ++ path_max = (path_max < 0 ? 1024 ++ : path_max <= PTRDIFF_MAX ? path_max : PTRDIFF_MAX); ++ ++ /* Sanity check to ensure that the test does not create temporary directories ++ in different filesystems because this API doesn't support it. */ ++ if (toolong_initialized) ++ { ++ if (name_max != strlen (toolong_subdir)) ++ FAIL_UNSUPPORTED ("name_max: Temporary directories in different" ++ " filesystems not supported yet\n"); ++ if (path_max != toolong_path_max) ++ FAIL_UNSUPPORTED ("path_max: Temporary directories in different" ++ " filesystems not supported yet\n"); ++ return; ++ } ++ ++ toolong_path_max = path_max; ++ ++ size_t len = name_max; ++ memset (toolong_subdir, 'X', len); ++ toolong_initialized = true; ++} ++ ++char * ++support_create_and_chdir_toolong_temp_directory (const char *basename) ++{ ++ char *base = create_temp_directory_internal (basename, true); ++ xchdir (base); ++ ++ initialize_toolong (base); ++ ++ size_t sz = strlen (toolong_subdir); ++ ++ /* Create directories and descend into them so that the final path is larger ++ than PATH_MAX. */ ++ for (size_t i = 0; i <= toolong_path_max / sz; i++) ++ { ++ int ret = mkdir (toolong_subdir, S_IRWXU); ++ if (ret != 0 && errno == ENAMETOOLONG) ++ FAIL_UNSUPPORTED ("Filesystem does not support creating too long " ++ "directory trees\n"); ++ else if (ret != 0) ++ FAIL_EXIT1 ("Failed to create directory tree: %m\n"); ++ xchdir (toolong_subdir); ++ } ++ return base; ++} + + void +-support_set_test_dir (const char *path) ++support_chdir_toolong_temp_directory (const char *base) + { +- test_dir = path; ++ ensure_toolong_initialized (); ++ ++ xchdir (base); ++ ++ size_t sz = strlen (toolong_subdir); ++ for (size_t i = 0; i <= toolong_path_max / sz; i++) ++ xchdir (toolong_subdir); ++} ++ ++/* Helper functions called by the test skeleton follow. */ ++ ++static void ++remove_toolong_subdirs (const char *base) ++{ ++ ensure_toolong_initialized (); ++ ++ if (chdir (base) != 0) ++ { ++ printf ("warning: toolong cleanup base failed: chdir (\"%s\"): %m\n", ++ base); ++ return; ++ } ++ ++ /* Descend. */ ++ int levels = 0; ++ size_t sz = strlen (toolong_subdir); ++ for (levels = 0; levels <= toolong_path_max / sz; levels++) ++ if (chdir (toolong_subdir) != 0) ++ { ++ printf ("warning: toolong cleanup failed: chdir (\"%s\"): %m\n", ++ toolong_subdir); ++ break; ++ } ++ ++ /* Ascend and remove. */ ++ while (--levels >= 0) ++ { ++ if (chdir ("..") != 0) ++ { ++ printf ("warning: toolong cleanup failed: chdir (\"..\"): %m\n"); ++ return; ++ } ++ if (remove (toolong_subdir) != 0) ++ { ++ printf ("warning: could not remove subdirectory: %s: %m\n", ++ toolong_subdir); ++ return; ++ } ++ } + } + + void +@@ -123,6 +255,9 @@ support_delete_temp_files (void) + around, to prevent PID reuse.) */ + if (temp_name_list->owner == pid) + { ++ if (temp_name_list->toolong) ++ remove_toolong_subdirs (temp_name_list->name); ++ + if (remove (temp_name_list->name) != 0) + printf ("warning: could not remove temporary file: %s: %m\n", + temp_name_list->name); +@@ -147,3 +282,9 @@ support_print_temp_files (FILE *f) + fprintf (f, ")\n"); + } + } ++ ++void ++support_set_test_dir (const char *path) ++{ ++ test_dir = path; ++} +diff --git a/support/temp_file.h b/support/temp_file.h +index d64563f41f1f50cd..055e31dcfb843ba6 100644 +--- a/support/temp_file.h ++++ b/support/temp_file.h +@@ -44,6 +44,15 @@ int create_temp_file_in_dir (const char *base, const char *dir, + returns. The caller should free this string. */ + char *support_create_temp_directory (const char *base); + ++/* Create a temporary directory tree that is longer than PATH_MAX and schedule ++ it for deletion. BASENAME is used as a prefix for the unique directory ++ name, which the function returns. The caller should free this string. */ ++char *support_create_and_chdir_toolong_temp_directory (const char *basename); ++ ++/* Change into the innermost directory of the directory tree BASE, which was ++ created using support_create_and_chdir_toolong_temp_directory. */ ++void support_chdir_toolong_temp_directory (const char *base); ++ + __END_DECLS + + #endif /* SUPPORT_TEMP_FILE_H */ diff --git a/SOURCES/glibc-rh2032281-4.patch b/SOURCES/glibc-rh2032281-4.patch new file mode 100644 index 0000000..65ba651 --- /dev/null +++ b/SOURCES/glibc-rh2032281-4.patch @@ -0,0 +1,331 @@ +commit 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e +Author: Siddhesh Poyarekar +Date: Fri Jan 21 23:32:56 2022 +0530 + + getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) + + No valid path returned by getcwd would fit into 1 byte, so reject the + size early and return NULL with errno set to ERANGE. This change is + prompted by CVE-2021-3999, which describes a single byte buffer + underflow and overflow when all of the following conditions are met: + + - The buffer size (i.e. the second argument of getcwd) is 1 byte + - The current working directory is too long + - '/' is also mounted on the current working directory + + Sequence of events: + + - In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG + because the linux kernel checks for name length before it checks + buffer size + + - The code falls back to the generic getcwd in sysdeps/posix + + - In the generic func, the buf[0] is set to '\0' on line 250 + + - this while loop on line 262 is bypassed: + + while (!(thisdev == rootdev && thisino == rootino)) + + since the rootfs (/) is bind mounted onto the directory and the flow + goes on to line 449, where it puts a '/' in the byte before the + buffer. + + - Finally on line 458, it moves 2 bytes (the underflowed byte and the + '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow. + + - buf is returned on line 469 and errno is not set. + + This resolves BZ #28769. + + Reviewed-by: Andreas Schwab + Reviewed-by: Adhemerval Zanella + Signed-off-by: Qualys Security Advisory + Signed-off-by: Siddhesh Poyarekar + +# Conflicts: +# sysdeps/posix/getcwd.c +# sysdeps/unix/sysv/linux/Makefile + +diff --git a/sysdeps/posix/getcwd.c b/sysdeps/posix/getcwd.c +index b53433a2dc77fafa..fcd7aaea79c6477b 100644 +--- a/sysdeps/posix/getcwd.c ++++ b/sysdeps/posix/getcwd.c +@@ -238,6 +238,13 @@ __getcwd (char *buf, size_t size) + bool fd_needs_closing = false; + int fd = AT_FDCWD; + ++ /* A size of 1 byte is never useful. */ ++ if (size == 1) ++ { ++ __set_errno (ERANGE); ++ return NULL; ++ } ++ + char *path; + #ifndef NO_ALLOCATION + size_t allocated = size; +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index 688cf9fa9dea23a6..bb055f9d6b841ff5 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -180,7 +180,11 @@ sysdep_routines += xstatconv internal_statvfs internal_statvfs64 \ + + sysdep_headers += bits/fcntl-linux.h + +-tests += tst-fallocate tst-fallocate64 ++tests += \ ++ tst-fallocate \ ++ tst-fallocate64 \ ++ tst-getcwd-smallbuff \ ++# tests + endif + + ifeq ($(subdir),elf) +diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +new file mode 100644 +index 0000000000000000..d460d6e7662dc5e4 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +@@ -0,0 +1,241 @@ ++/* Verify that getcwd returns ERANGE for size 1 byte and does not underflow ++ buffer when the CWD is too long and is also a mount target of /. See bug ++ #28769 or CVE-2021-3999 for more context. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static char *base; ++#define BASENAME "tst-getcwd-smallbuff" ++#define MOUNT_NAME "mpoint" ++static int sockfd[2]; ++ ++static void ++do_cleanup (void) ++{ ++ support_chdir_toolong_temp_directory (base); ++ TEST_VERIFY_EXIT (rmdir (MOUNT_NAME) == 0); ++ free (base); ++} ++ ++static void ++send_fd (const int sock, const int fd) ++{ ++ struct msghdr msg = {0}; ++ union ++ { ++ struct cmsghdr hdr; ++ char buf[CMSG_SPACE (sizeof (int))]; ++ } cmsgbuf = {0}; ++ struct cmsghdr *cmsg; ++ struct iovec vec; ++ char ch = 'A'; ++ ssize_t n; ++ ++ msg.msg_control = &cmsgbuf.buf; ++ msg.msg_controllen = sizeof (cmsgbuf.buf); ++ ++ cmsg = CMSG_FIRSTHDR (&msg); ++ cmsg->cmsg_len = CMSG_LEN (sizeof (int)); ++ cmsg->cmsg_level = SOL_SOCKET; ++ cmsg->cmsg_type = SCM_RIGHTS; ++ memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd)); ++ ++ vec.iov_base = &ch; ++ vec.iov_len = 1; ++ msg.msg_iov = &vec; ++ msg.msg_iovlen = 1; ++ ++ while ((n = sendmsg (sock, &msg, 0)) == -1 && errno == EINTR); ++ ++ TEST_VERIFY_EXIT (n == 1); ++} ++ ++static int ++recv_fd (const int sock) ++{ ++ struct msghdr msg = {0}; ++ union ++ { ++ struct cmsghdr hdr; ++ char buf[CMSG_SPACE(sizeof(int))]; ++ } cmsgbuf = {0}; ++ struct cmsghdr *cmsg; ++ struct iovec vec; ++ ssize_t n; ++ char ch = '\0'; ++ int fd = -1; ++ ++ vec.iov_base = &ch; ++ vec.iov_len = 1; ++ msg.msg_iov = &vec; ++ msg.msg_iovlen = 1; ++ ++ msg.msg_control = &cmsgbuf.buf; ++ msg.msg_controllen = sizeof (cmsgbuf.buf); ++ ++ while ((n = recvmsg (sock, &msg, 0)) == -1 && errno == EINTR); ++ if (n != 1 || ch != 'A') ++ return -1; ++ ++ cmsg = CMSG_FIRSTHDR (&msg); ++ if (cmsg == NULL) ++ return -1; ++ if (cmsg->cmsg_type != SCM_RIGHTS) ++ return -1; ++ memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd)); ++ if (fd < 0) ++ return -1; ++ return fd; ++} ++ ++static int ++child_func (void * const arg) ++{ ++ xclose (sockfd[0]); ++ const int sock = sockfd[1]; ++ char ch; ++ ++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1); ++ TEST_VERIFY_EXIT (ch == '1'); ++ ++ if (mount ("/", MOUNT_NAME, NULL, MS_BIND | MS_REC, NULL)) ++ FAIL_EXIT1 ("mount failed: %m\n"); ++ const int fd = xopen ("mpoint", ++ O_RDONLY | O_PATH | O_DIRECTORY | O_NOFOLLOW, 0); ++ ++ send_fd (sock, fd); ++ xclose (fd); ++ ++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1); ++ TEST_VERIFY_EXIT (ch == 'a'); ++ ++ xclose (sock); ++ return 0; ++} ++ ++static void ++update_map (char * const mapping, const char * const map_file) ++{ ++ const size_t map_len = strlen (mapping); ++ ++ const int fd = xopen (map_file, O_WRONLY, 0); ++ xwrite (fd, mapping, map_len); ++ xclose (fd); ++} ++ ++static void ++proc_setgroups_write (const long child_pid, const char * const str) ++{ ++ const size_t str_len = strlen(str); ++ ++ char setgroups_path[sizeof ("/proc//setgroups") + INT_STRLEN_BOUND (long)]; ++ ++ snprintf (setgroups_path, sizeof (setgroups_path), ++ "/proc/%ld/setgroups", child_pid); ++ ++ const int fd = open (setgroups_path, O_WRONLY); ++ ++ if (fd < 0) ++ { ++ TEST_VERIFY_EXIT (errno == ENOENT); ++ FAIL_UNSUPPORTED ("/proc/%ld/setgroups not found\n", child_pid); ++ } ++ ++ xwrite (fd, str, str_len); ++ xclose(fd); ++} ++ ++static char child_stack[1024 * 1024]; ++ ++int ++do_test (void) ++{ ++ base = support_create_and_chdir_toolong_temp_directory (BASENAME); ++ ++ xmkdir (MOUNT_NAME, S_IRWXU); ++ atexit (do_cleanup); ++ ++ TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0); ++ pid_t child_pid = xclone (child_func, NULL, child_stack, ++ sizeof (child_stack), ++ CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD); ++ ++ xclose (sockfd[1]); ++ const int sock = sockfd[0]; ++ ++ char map_path[sizeof ("/proc//uid_map") + INT_STRLEN_BOUND (long)]; ++ char map_buf[sizeof ("0 1") + INT_STRLEN_BOUND (long)]; ++ ++ snprintf (map_path, sizeof (map_path), "/proc/%ld/uid_map", ++ (long) child_pid); ++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getuid()); ++ update_map (map_buf, map_path); ++ ++ proc_setgroups_write ((long) child_pid, "deny"); ++ snprintf (map_path, sizeof (map_path), "/proc/%ld/gid_map", ++ (long) child_pid); ++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getgid()); ++ update_map (map_buf, map_path); ++ ++ TEST_VERIFY_EXIT (send (sock, "1", 1, MSG_NOSIGNAL) == 1); ++ const int fd = recv_fd (sock); ++ TEST_VERIFY_EXIT (fd >= 0); ++ TEST_VERIFY_EXIT (fchdir (fd) == 0); ++ ++ static char buf[2 * 10 + 1]; ++ memset (buf, 'A', sizeof (buf)); ++ ++ /* Finally, call getcwd and check if it resulted in a buffer underflow. */ ++ char * cwd = getcwd (buf + sizeof (buf) / 2, 1); ++ TEST_VERIFY (cwd == NULL); ++ TEST_VERIFY (errno == ERANGE); ++ ++ for (int i = 0; i < sizeof (buf); i++) ++ if (buf[i] != 'A') ++ { ++ printf ("buf[%d] = %02x\n", i, (unsigned int) buf[i]); ++ support_record_failure (); ++ } ++ ++ TEST_VERIFY_EXIT (send (sock, "a", 1, MSG_NOSIGNAL) == 1); ++ xclose (sock); ++ TEST_VERIFY_EXIT (xwaitpid (child_pid, NULL, 0) == child_pid); ++ ++ return 0; ++} ++ ++#define CLEANUP_HANDLER do_cleanup ++#include diff --git a/SOURCES/glibc-rh2032281-5.patch b/SOURCES/glibc-rh2032281-5.patch new file mode 100644 index 0000000..f761b9d --- /dev/null +++ b/SOURCES/glibc-rh2032281-5.patch @@ -0,0 +1,121 @@ +commit de8995a2a04163617c1a233b4b81356ef9f9741f +Author: Adhemerval Zanella +Date: Wed Mar 10 12:26:30 2021 -0300 + + support: Add xclone + + It is a wrapper for Linux clone syscall, to simplify the call to the + use only the most common arguments and remove architecture specific + handling (such as ia64 different name and signature). + +# Conflicts: +# support/Makefile + +diff --git a/support/Makefile b/support/Makefile +index fb95a69ed9158e78..d2b95539403e416c 100644 +--- a/support/Makefile ++++ b/support/Makefile +@@ -84,6 +84,7 @@ libsupport-routines = \ + xcalloc \ + xchdir \ + xchroot \ ++ xclone \ + xclose \ + xconnect \ + xcopy_file_range \ +diff --git a/support/xclone.c b/support/xclone.c +new file mode 100644 +index 0000000000000000..924d2b875402a819 +--- /dev/null ++++ b/support/xclone.c +@@ -0,0 +1,50 @@ ++/* Auxiliary functions to issue the clone syscall. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#ifdef __linux__ ++# include ++# include /* For _STACK_GROWS_{UP,DOWN}. */ ++# include ++ ++pid_t ++xclone (int (*fn) (void *arg), void *arg, void *stack, size_t stack_size, ++ int flags) ++{ ++ pid_t r = -1; ++ ++# ifdef __ia64__ ++ extern int __clone2 (int (*fn) (void *arg), void *stack, size_t stack_size, ++ int flags, void *arg, ...); ++ r = __clone2 (f, stack, stack_size, flags, arg, /* ptid */ NULL, ++ /* tls */ NULL, /* ctid */ ctid); ++# else ++# if _STACK_GROWS_DOWN ++ r = clone (fn, stack + stack_size, flags, arg, /* ptid */ NULL, ++ /* tls */ NULL, /* ctid */ NULL); ++# elif _STACK_GROWS_UP ++ r = clone (fn, stack, flags, arg, /* ptid */ NULL, /* tls */ NULL, ++ &ctid); ++# endif ++# endif ++ ++ if (r < 0) ++ FAIL_EXIT1 ("clone: %m"); ++ ++ return r; ++} ++#endif +diff --git a/support/xsched.h b/support/xsched.h +new file mode 100644 +index 0000000000000000..eefd731940187b39 +--- /dev/null ++++ b/support/xsched.h +@@ -0,0 +1,34 @@ ++/* Wrapper for sched.h functions. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#ifndef SUPPORT_XSCHED_H ++#define SUPPORT_XSCHED_H ++ ++__BEGIN_DECLS ++ ++#include ++#include ++ ++#ifdef __linux__ ++pid_t xclone (int (*fn) (void *arg), void *arg, void *stack, ++ size_t stack_size, int flags); ++#endif ++ ++__END_DECLS ++ ++#endif diff --git a/SOURCES/glibc-rh2032281-6.patch b/SOURCES/glibc-rh2032281-6.patch new file mode 100644 index 0000000..a8bc55b --- /dev/null +++ b/SOURCES/glibc-rh2032281-6.patch @@ -0,0 +1,46 @@ +commit 5b8e7980c5dabd9aaefeba4f0208baa8cf7653ee +Author: Florian Weimer +Date: Mon Jan 24 18:14:24 2022 +0100 + + Linux: Detect user namespace support in io/tst-getcwd-smallbuff + + Otherwise the test fails with certain container runtimes. + + Reviewed-by: Siddhesh Poyarekar + +diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +index d460d6e7662dc5e4..55362f6060a2b3be 100644 +--- a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c ++++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -188,6 +189,23 @@ do_test (void) + xmkdir (MOUNT_NAME, S_IRWXU); + atexit (do_cleanup); + ++ /* Check whether user namespaces are supported. */ ++ { ++ pid_t pid = xfork (); ++ if (pid == 0) ++ { ++ if (unshare (CLONE_NEWUSER | CLONE_NEWNS) != 0) ++ _exit (EXIT_UNSUPPORTED); ++ else ++ _exit (0); ++ } ++ int status; ++ xwaitpid (pid, &status, 0); ++ TEST_VERIFY_EXIT (WIFEXITED (status)); ++ if (WEXITSTATUS (status) != 0) ++ return WEXITSTATUS (status); ++ } ++ + TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0); + pid_t child_pid = xclone (child_func, NULL, child_stack, + sizeof (child_stack), diff --git a/SOURCES/glibc-rh2032281-7.patch b/SOURCES/glibc-rh2032281-7.patch new file mode 100644 index 0000000..60ea205 --- /dev/null +++ b/SOURCES/glibc-rh2032281-7.patch @@ -0,0 +1,24 @@ +commit 3842ba494963b1d76ad5f68b8d1e5c2279160e31 +Author: Szabolcs Nagy +Date: Tue Jun 1 09:23:40 2021 +0100 + + aarch64: align stack in clone [BZ #27939] + + The AArch64 PCS requires 16 byte aligned stack. Previously if the + caller passed an unaligned stack to clone then the child crashed. + + Fixes bug 27939. + +diff --git a/sysdeps/unix/sysv/linux/aarch64/clone.S b/sysdeps/unix/sysv/linux/aarch64/clone.S +index e0653048259dd9a3..4a1a999447ee5cf1 100644 +--- a/sysdeps/unix/sysv/linux/aarch64/clone.S ++++ b/sysdeps/unix/sysv/linux/aarch64/clone.S +@@ -48,6 +48,8 @@ ENTRY(__clone) + /* Sanity check args. */ + mov x0, #-EINVAL + cbz x10, .Lsyscall_error ++ /* Align sp. */ ++ and x1, x1, -16 + cbz x1, .Lsyscall_error + + /* Do the system call. */ diff --git a/SOURCES/glibc-rh2045063-1.patch b/SOURCES/glibc-rh2045063-1.patch new file mode 100644 index 0000000..2885e3f --- /dev/null +++ b/SOURCES/glibc-rh2045063-1.patch @@ -0,0 +1,164 @@ +commit e368b12f6c16b6888dda99ba641e999b9c9643c8 +Author: Florian Weimer +Date: Mon Jan 17 10:21:34 2022 +0100 + + socket: Add the __sockaddr_un_set function + + Reviewed-by: Siddhesh Poyarekar + +# Conflicts: +# socket/Makefile + +diff --git a/include/sys/un.h b/include/sys/un.h +index bdbee999806930f4..152afd9fc7426d8b 100644 +--- a/include/sys/un.h ++++ b/include/sys/un.h +@@ -1 +1,13 @@ + #include ++ ++#ifndef _ISOMAC ++ ++/* Set ADDR->sun_family to AF_UNIX and ADDR->sun_path to PATHNAME. ++ Return 0 on success or -1 on failure (due to overlong PATHNAME). ++ The caller should always use sizeof (struct sockaddr_un) as the ++ socket address length, disregaring the length of PATHNAME. ++ Only concrete (non-abstract) pathnames are supported. */ ++int __sockaddr_un_set (struct sockaddr_un *addr, const char *pathname) ++ attribute_hidden; ++ ++#endif /* _ISOMAC */ +diff --git a/socket/Makefile b/socket/Makefile +index b41eb071507a6271..8975a65c2aabbfbc 100644 +--- a/socket/Makefile ++++ b/socket/Makefile +@@ -29,10 +29,14 @@ headers := sys/socket.h sys/un.h bits/sockaddr.h bits/socket.h \ + routines := accept bind connect getpeername getsockname getsockopt \ + listen recv recvfrom recvmsg send sendmsg sendto \ + setsockopt shutdown socket socketpair isfdtype opensock \ +- sockatmark accept4 recvmmsg sendmmsg ++ sockatmark accept4 recvmmsg sendmmsg sockaddr_un_set + + tests := tst-accept4 + ++tests-internal := \ ++ tst-sockaddr_un_set \ ++ # tests-internal ++ + aux := sa_len + + include ../Rules +diff --git a/socket/sockaddr_un_set.c b/socket/sockaddr_un_set.c +new file mode 100644 +index 0000000000000000..0bd40dc34e3d7efc +--- /dev/null ++++ b/socket/sockaddr_un_set.c +@@ -0,0 +1,41 @@ ++/* Set the sun_path member of struct sockaddr_un. ++ Copyright (C) 2022 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++int ++__sockaddr_un_set (struct sockaddr_un *addr, const char *pathname) ++{ ++ size_t name_length = strlen (pathname); ++ ++ /* The kernel supports names of exactly sizeof (addr->sun_path) ++ bytes, without a null terminator, but userspace does not; see the ++ SUN_LEN macro. */ ++ if (name_length >= sizeof (addr->sun_path)) ++ { ++ __set_errno (EINVAL); /* Error code used by the kernel. */ ++ return -1; ++ } ++ ++ addr->sun_family = AF_UNIX; ++ memcpy (addr->sun_path, pathname, name_length + 1); ++ return 0; ++} +diff --git a/socket/tst-sockaddr_un_set.c b/socket/tst-sockaddr_un_set.c +new file mode 100644 +index 0000000000000000..29c2a81afda81b5e +--- /dev/null ++++ b/socket/tst-sockaddr_un_set.c +@@ -0,0 +1,62 @@ ++/* Test the __sockaddr_un_set function. ++ Copyright (C) 2022 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* Re-compile the function because the version in libc is not ++ exported. */ ++#include "sockaddr_un_set.c" ++ ++#include ++ ++static int ++do_test (void) ++{ ++ struct sockaddr_un sun; ++ ++ memset (&sun, 0xcc, sizeof (sun)); ++ __sockaddr_un_set (&sun, ""); ++ TEST_COMPARE (sun.sun_family, AF_UNIX); ++ TEST_COMPARE (__sockaddr_un_set (&sun, ""), 0); ++ ++ memset (&sun, 0xcc, sizeof (sun)); ++ TEST_COMPARE (__sockaddr_un_set (&sun, "/example"), 0); ++ TEST_COMPARE_STRING (sun.sun_path, "/example"); ++ ++ { ++ char pathname[108]; /* Length of sun_path (ABI constant). */ ++ memset (pathname, 'x', sizeof (pathname)); ++ pathname[sizeof (pathname) - 1] = '\0'; ++ memset (&sun, 0xcc, sizeof (sun)); ++ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), 0); ++ TEST_COMPARE (sun.sun_family, AF_UNIX); ++ TEST_COMPARE_STRING (sun.sun_path, pathname); ++ } ++ ++ { ++ char pathname[109]; ++ memset (pathname, 'x', sizeof (pathname)); ++ pathname[sizeof (pathname) - 1] = '\0'; ++ memset (&sun, 0xcc, sizeof (sun)); ++ errno = 0; ++ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), -1); ++ TEST_COMPARE (errno, EINVAL); ++ } ++ ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-rh2045063-2.patch b/SOURCES/glibc-rh2045063-2.patch new file mode 100644 index 0000000..9e74607 --- /dev/null +++ b/SOURCES/glibc-rh2045063-2.patch @@ -0,0 +1,32 @@ +commit 226b46770c82899b555986583294b049c6ec9b40 +Author: Florian Weimer +Date: Mon Jan 17 10:21:34 2022 +0100 + + CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) + + Processing an overlong pathname in the sunrpc clnt_create function + results in a stack-based buffer overflow. + + Reviewed-by: Siddhesh Poyarekar + +diff --git a/sunrpc/clnt_gen.c b/sunrpc/clnt_gen.c +index 13ced8994e49d4ee..b44357cd88e60599 100644 +--- a/sunrpc/clnt_gen.c ++++ b/sunrpc/clnt_gen.c +@@ -57,9 +57,13 @@ clnt_create (const char *hostname, u_long prog, u_long vers, + + if (strcmp (proto, "unix") == 0) + { +- memset ((char *)&sun, 0, sizeof (sun)); +- sun.sun_family = AF_UNIX; +- strcpy (sun.sun_path, hostname); ++ if (__sockaddr_un_set (&sun, hostname) < 0) ++ { ++ struct rpc_createerr *ce = &get_rpc_createerr (); ++ ce->cf_stat = RPC_SYSTEMERROR; ++ ce->cf_error.re_errno = errno; ++ return NULL; ++ } + sock = RPC_ANYSOCK; + client = clntunix_create (&sun, prog, vers, &sock, 0, 0); + if (client == NULL) diff --git a/SOURCES/glibc-rh2045063-3.patch b/SOURCES/glibc-rh2045063-3.patch new file mode 100644 index 0000000..cd1e55d --- /dev/null +++ b/SOURCES/glibc-rh2045063-3.patch @@ -0,0 +1,80 @@ +commit ef972a4c50014a16132b5c75571cfb6b30bef136 +Author: Martin Sebor +Date: Mon Jan 17 10:21:34 2022 +0100 + + sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) + + Reviewed-by: Siddhesh Poyarekar + +# Conflicts: +# sunrpc/Makefile + +diff --git a/sunrpc/Makefile b/sunrpc/Makefile +index 85b0b3356aaf81a3..2f8f0597c99e117f 100644 +--- a/sunrpc/Makefile ++++ b/sunrpc/Makefile +@@ -95,7 +95,8 @@ others += rpcgen + endif + + tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \ +- tst-udp-nonblocking ++ tst-udp-nonblocking tst-bug22542 ++ + xtests := tst-getmyaddr + + ifeq ($(have-thread-library),yes) +@@ -246,3 +247,4 @@ $(objpfx)tst-udp-timeout: $(common-objpfx)linkobj/libc.so + $(objpfx)tst-udp-nonblocking: $(common-objpfx)linkobj/libc.so + $(objpfx)tst-udp-garbage: \ + $(common-objpfx)linkobj/libc.so $(shared-thread-library) ++$(objpfx)tst-bug22542: $(common-objpfx)linkobj/libc.so +diff --git a/sunrpc/tst-bug22542.c b/sunrpc/tst-bug22542.c +new file mode 100644 +index 0000000000000000..d6cd79787bdef21d +--- /dev/null ++++ b/sunrpc/tst-bug22542.c +@@ -0,0 +1,44 @@ ++/* Test to verify that overlong hostname is rejected by clnt_create ++ and doesn't cause a buffer overflow (bug 22542). ++ ++ Copyright (C) 2022 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ /* Create an arbitrary hostname that's longer than fits in sun_path. */ ++ char name [sizeof ((struct sockaddr_un*)0)->sun_path * 2]; ++ memset (name, 'x', sizeof name - 1); ++ name [sizeof name - 1] = '\0'; ++ ++ errno = 0; ++ CLIENT *clnt = clnt_create (name, 0, 0, "unix"); ++ ++ TEST_VERIFY (clnt == NULL); ++ TEST_COMPARE (errno, EINVAL); ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-rh2045063-4.patch b/SOURCES/glibc-rh2045063-4.patch new file mode 100644 index 0000000..489c315 --- /dev/null +++ b/SOURCES/glibc-rh2045063-4.patch @@ -0,0 +1,101 @@ +commit f545ad4928fa1f27a3075265182b38a4f939a5f7 +Author: Florian Weimer +Date: Mon Jan 17 10:21:34 2022 +0100 + + CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) + + The sunrpc function svcunix_create suffers from a stack-based buffer + overflow with overlong pathname arguments. + + Reviewed-by: Siddhesh Poyarekar + +diff --git a/sunrpc/Makefile b/sunrpc/Makefile +index 2f8f0597c99e117f..5f7087aee494cc2e 100644 +--- a/sunrpc/Makefile ++++ b/sunrpc/Makefile +@@ -95,7 +95,7 @@ others += rpcgen + endif + + tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \ +- tst-udp-nonblocking tst-bug22542 ++ tst-udp-nonblocking tst-bug22542 tst-bug28768 + + xtests := tst-getmyaddr + +diff --git a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c +index c2c076aa87f0a2ad..8fac2b35da1d38a5 100644 +--- a/sunrpc/svc_unix.c ++++ b/sunrpc/svc_unix.c +@@ -154,7 +154,10 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path) + SVCXPRT *xprt; + struct unix_rendezvous *r; + struct sockaddr_un addr; +- socklen_t len = sizeof (struct sockaddr_in); ++ socklen_t len = sizeof (addr); ++ ++ if (__sockaddr_un_set (&addr, path) < 0) ++ return NULL; + + if (sock == RPC_ANYSOCK) + { +@@ -165,12 +168,6 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path) + } + madesock = TRUE; + } +- memset (&addr, '\0', sizeof (addr)); +- addr.sun_family = AF_UNIX; +- len = strlen (path) + 1; +- memcpy (addr.sun_path, path, len); +- len += sizeof (addr.sun_family); +- + __bind (sock, (struct sockaddr *) &addr, len); + + if (__getsockname (sock, (struct sockaddr *) &addr, &len) != 0 +diff --git a/sunrpc/tst-bug28768.c b/sunrpc/tst-bug28768.c +new file mode 100644 +index 0000000000000000..35a4b7b0b3d34350 +--- /dev/null ++++ b/sunrpc/tst-bug28768.c +@@ -0,0 +1,42 @@ ++/* Test to verify that long path is rejected by svcunix_create (bug 28768). ++ Copyright (C) 2022 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++ ++/* svcunix_create does not have a default version in linkobj/libc.so. */ ++compat_symbol_reference (libc, svcunix_create, svcunix_create, GLIBC_2_1); ++ ++static int ++do_test (void) ++{ ++ char pathname[109]; ++ memset (pathname, 'x', sizeof (pathname)); ++ pathname[sizeof (pathname) - 1] = '\0'; ++ ++ errno = 0; ++ TEST_VERIFY (svcunix_create (RPC_ANYSOCK, 4096, 4096, pathname) == NULL); ++ TEST_COMPARE (errno, EINVAL); ++ ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-rh2045063-5.patch b/SOURCES/glibc-rh2045063-5.patch new file mode 100644 index 0000000..3d7b71e --- /dev/null +++ b/SOURCES/glibc-rh2045063-5.patch @@ -0,0 +1,54 @@ +commit 36f6e408845c8c539128f3fb9cb132bf1845a2c8 +Author: Florian Weimer +Date: Tue Mar 9 21:07:24 2021 +0100 + + : Support compat_symbol_reference for _ISOMAC + + This is helpful for testing compat symbols in cases where _ISOMAC + is activated implicitly due to -DMODULE_NAME=testsuite and cannot + be disabled easily. + +diff --git a/include/libc-symbols.h b/include/libc-symbols.h +index 41436050d060b89f..44e12b63d40cc572 100644 +--- a/include/libc-symbols.h ++++ b/include/libc-symbols.h +@@ -59,6 +59,19 @@ + # define IN_MODULE (-1) + #endif + ++/* Use symbol_version_reference to specify the version a symbol ++ reference should link to. Use symbol_version or ++ default_symbol_version for the definition of a versioned symbol. ++ The difference is that the latter is a no-op in non-shared ++ builds. */ ++#ifdef __ASSEMBLER__ ++# define symbol_version_reference(real, name, version) \ ++ .symver real, name##@##version ++#else /* !__ASSEMBLER__ */ ++# define symbol_version_reference(real, name, version) \ ++ __asm__ (".symver " #real "," #name "@" #version) ++#endif ++ + #ifndef _ISOMAC + + /* This is defined for the compilation of all C library code. features.h +@@ -388,19 +401,6 @@ for linking") + past the last element in SET. */ + #define symbol_set_end_p(set, ptr) ((ptr) >= (void *const *) &__stop_##set) + +-/* Use symbol_version_reference to specify the version a symbol +- reference should link to. Use symbol_version or +- default_symbol_version for the definition of a versioned symbol. +- The difference is that the latter is a no-op in non-shared +- builds. */ +-#ifdef __ASSEMBLER__ +-# define symbol_version_reference(real, name, version) \ +- .symver real, name##@##version +-#else /* !__ASSEMBLER__ */ +-# define symbol_version_reference(real, name, version) \ +- __asm__ (".symver " #real "," #name "@" #version) +-#endif +- + #ifdef SHARED + # define symbol_version(real, name, version) \ + symbol_version_reference(real, name, version) diff --git a/SOURCES/wrap-find-debuginfo.sh b/SOURCES/wrap-find-debuginfo.sh new file mode 100755 index 0000000..6eeb802 --- /dev/null +++ b/SOURCES/wrap-find-debuginfo.sh @@ -0,0 +1,112 @@ +#!/bin/bash +# Wrapper script for find-debuginfo.sh +# +# Usage: +# wrap-find-debuginfo.sh SYSROOT-PATH SCRIPT-PATH SCRIPT-ARGS... +# +# The wrapper saves the original version of ld.so found in SYSROOT-PATH, +# invokes SCRIPT-PATH with SCRIPT-ARGS, and then restores the +# LDSO-PATH file, followed by note merging and DWZ compression. +# As a result, ld.so has (mostly) unchanged debuginfo even +# after debuginfo extraction. +# +# For libc.so.6 and other shared objects, a set of strategic symbols +# is preserved in .symtab that are frequently used in valgrind +# suppressions and elsewhere. + +set -evx + +tar_tmp="$(mktemp)" + +# Prefer a separately installed debugedit over the RPM-integrated one. +if command -v debugedit >/dev/null ; then + debugedit=debugedit +else + debugedit=/usr/lib/rpm/debugedit +fi + +cleanup () { + rm -f "$tar_tmp" +} +trap cleanup 0 + +sysroot_path="$1" +shift +script_path="$1" +shift + +# See run_ldso setting in glibc.spec. +ldso_list=`cd "$sysroot_path"; find . -name 'ld-*.so' -type f` +libc_list=`cd "$sysroot_path"; find . -name 'libc-*.so' -type f` +libdl_list=`cd "$sysroot_path"; find . -name 'libdl-*.so' -type f` +libpthread_list=`cd "$sysroot_path"; find . -name 'libpthread-*.so' -type f` +librt_list=`cd "$sysroot_path"; find . -name 'librt-*.so' -type f` + +full_list="$ldso_list $libc_list $libdl_list $libpthread_list $librt_list" + +# Preserve the original files. +(cd "$sysroot_path"; ls -l $full_list) +(cd "$sysroot_path"; tar cvf "$tar_tmp" $full_list) + +# Run the debuginfo extraction. +"$script_path" "$@" + +# Restore the original files. +(cd "$sysroot_path"; tar xf "$tar_tmp") +(cd "$sysroot_path"; ls -l $full_list) + +# Reduce the size of notes. Primarily for annobin. +for p in $full_list +do + objcopy --merge-notes "$sysroot_path/$p" +done + +# libc.so.6 and other shared objects: Reduce to valuable symbols. +# Eliminate file symbols, annobin symbols, and symbols used by the +# glibc build to implement hidden aliases (__EI_*). We would also +# like to remove __GI_* symbols, but even listing them explicitly (as +# in -K __GI_strlen) still causes strip to remove them, so there is no +# filtering of __GI_* here. (Debuginfo is gone after this, so no need +# to optimize it.) +for p in $libc_list $libdl_list $libpthread_list $librt_list ; do + strip -w \ + -K '*' \ + -K '!*.c' \ + -K '!*.os' \ + -K '!.annobin_*' \ + -K '!__EI_*' \ + -K '!__PRETTY_FUNCTION__*' \ + "$sysroot_path/$p" +done + +# ld.so: Rewrite the source file paths to match the extracted +# locations. First compute the arguments for invoking debugedit. +# See find-debuginfo.sh. +debug_dest_name="/usr/src/debug" +last_arg= +while true ; do + arg="$1" + shift || break + case "$arg" in + (--unique-debug-src-base) + debug_dest_name="/usr/src/debug/$1" + shift + ;; + (-*) + ;; + (*) + last_arg="$arg" + ;; + esac +done +debug_base_name=${last_arg:-$RPM_BUILD_ROOT} +for p in $ldso_list +do + $debugedit -b "$debug_base_name" -d "$debug_dest_name" -n "$sysroot_path/$p" +done + +# Apply single-file DWARF optimization. +for ldso in $ldso_list +do + dwz "$sysroot_path/$p" +done diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index 55a40ff..446f38d 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -1,6 +1,6 @@ %define glibcsrcdir glibc-2.28 %define glibcversion 2.28 -%define glibcrelease 184%{?dist} +%define glibcrelease 189%{?dist} # Pre-release tarballs are pulled in from git using a command that is # effectively: # @@ -176,6 +176,23 @@ Source11: SUPPORTED # Include in the source RPM for reference. Source12: ChangeLog.old +Source13: wrap-find-debuginfo.sh + +###################################################################### +# Activate the wrapper script for debuginfo generation, by rewriting +# the definition of __debug_install_post. +%{lua: +local wrapper = rpm.expand("%{SOURCE13}") +local sysroot = rpm.expand("%{glibc_sysroot}") +local original = rpm.expand("%{__find_debuginfo}") +rpm.define("__find_debuginfo " .. wrapper .. " " .. sysroot .. " " .. original) +} + +# The wrapper script relies on the fact that debugedit does not change +# build IDs. +%define _no_recompute_build_ids 1 +%undefine _unique_build_ids + ############################################################################## # Patches: # - See each individual patch file for origin and upstream status. @@ -824,6 +841,20 @@ Patch646: glibc-rh2033648-1.patch Patch647: glibc-rh2033648-2.patch Patch648: glibc-rh2036955.patch Patch649: glibc-rh2033655.patch +Patch650: glibc-rh2007327-1.patch +Patch651: glibc-rh2007327-2.patch +Patch652: glibc-rh2032281-1.patch +Patch653: glibc-rh2032281-2.patch +Patch654: glibc-rh2032281-3.patch +Patch655: glibc-rh2032281-4.patch +Patch656: glibc-rh2032281-5.patch +Patch657: glibc-rh2032281-6.patch +Patch658: glibc-rh2032281-7.patch +Patch659: glibc-rh2045063-1.patch +Patch660: glibc-rh2045063-2.patch +Patch661: glibc-rh2045063-3.patch +Patch662: glibc-rh2045063-4.patch +Patch663: glibc-rh2045063-5.patch ############################################################################## # Continued list of core "glibc" package information: @@ -913,7 +944,8 @@ Conflicts: prelink < 0.4.2 %if 0%{?_enable_debug_packages} BuildRequires: elfutils >= 0.72 -BuildRequires: rpm >= 4.2-0.56 +# -20 adds __find_debuginfo macro +BuildRequires: rpm >= 4.14.3-20 %endif %if %{without bootstrap} @@ -1313,62 +1345,6 @@ which can be helpful during program debugging. If unsure if you need this, don't install this package. -############################################################################## -# glibc core "debuginfo" sub-package -############################################################################## -%if 0%{?_enable_debug_packages} -%define debug_package %{nil} -%define __debug_install_post %{nil} -%global __debug_package 1 -# Disable thew new features that glibc packages don't use. -%undefine _debugsource_packages -%undefine _debuginfo_subpackages -%undefine _unique_debug_names -%undefine _unique_debug_srcs - -%package debuginfo -Summary: Debug information for package %{name} -AutoReqProv: no -%ifarch %{debuginfocommonarches} -Requires: glibc-debuginfo-common = %{version}-%{release} -%else -%ifarch %{ix86} %{sparc} -Obsoletes: glibc-debuginfo-common -%endif -%endif - -%description debuginfo -This package provides debug information for package %{name}. -Debug information is useful when developing applications that use this -package or when debugging this package. - -This package also contains static standard C libraries with -debugging information. You need this only if you want to step into -C library routines during debugging programs statically linked against -one or more of the standard C libraries. -To use this debugging information, you need to link binaries -with -static -L%{_prefix}/lib/debug%{_libdir} compiler options. - -############################################################################## -# glibc common "debuginfo-common" sub-package -############################################################################## -%ifarch %{debuginfocommonarches} - -%package debuginfo-common -Summary: Debug information for package %{name} -AutoReqProv: no - -%description debuginfo-common -This package provides debug information for package %{name}. -Debug information is useful when developing applications that use this -package or when debugging this package. - -%comment Matches: %ifarch %{debuginfocommonarches} -%endif - -%comment Matches: %if 0%{?_enable_debug_packages} -%endif - %if %{with benchtests} %package benchtests Summary: Benchmarking binaries and scripts for %{name} @@ -1829,15 +1805,6 @@ chmod 644 %{glibc_sysroot}%{_libdir}/gconv/gconv-modules.cache # archives we might have added. ############################################################################## -# If we are building a debug package then copy all of the static archives -# into the debug directory to keep them as unstripped copies. -%if 0%{?_enable_debug_packages} -mkdir -p %{glibc_sysroot}%{_prefix}/lib/debug%{_libdir} -cp -a %{glibc_sysroot}%{_libdir}/*.a \ - %{glibc_sysroot}%{_prefix}/lib/debug%{_libdir}/ -rm -f %{glibc_sysroot}%{_prefix}/lib/debug%{_libdir}/*_p.a -%endif - # Remove any zoneinfo files; they are maintained by tzdata. rm -rf %{glibc_sysroot}%{_prefix}/share/zoneinfo @@ -1903,6 +1870,7 @@ popd pushd iconv ln -s ../locale/programs/charmap-kw.gperf . popd +%endif %if %{with docs} # Remove the `dir' info-heirarchy file which will be maintained @@ -2002,11 +1970,6 @@ ar cr %{glibc_sysroot}%{_prefix}/%{_lib}/libpthread_nonshared.a # - File list with the .so symbolic links for NSS packages. # * compat-libpthread-nonshared.filelist. # - File list for compat-libpthread-nonshared subpackage. -# * debuginfo.filelist -# - Files for the glibc debuginfo package. -# * debuginfocommon.filelist -# - Files for the glibc common debuginfo package. -# # Create the main file lists. This way we can append to any one of them later # wihtout having to create it. Note these are removed at the start of the @@ -2026,8 +1989,6 @@ touch nss_db.filelist touch nss_hesiod.filelist touch nss-devel.filelist touch compat-libpthread-nonshared.filelist -touch debuginfo.filelist -touch debuginfocommon.filelist ############################################################################### # Master file list, excluding a few things. @@ -2317,109 +2278,6 @@ echo "%{_prefix}/libexec/glibc-benchtests/validate_benchout.py*" >> benchtests.f ############################################################################### echo "%{_libdir}/libpthread_nonshared.a" >> compat-libpthread-nonshared.filelist -############################################################################### -# glibc-debuginfocommon, and glibc-debuginfo -############################################################################### - -find_debuginfo_args='--strict-build-id -g -i' -%ifarch %{debuginfocommonarches} -find_debuginfo_args="$find_debuginfo_args \ - -l common.filelist \ - -l utils.filelist \ - -l nscd.filelist \ - -p '.*/(sbin|libexec)/.*' \ - -o debuginfocommon.filelist \ - -l gconv.filelist \ - -l nss_db.filelist -l nss_hesiod.filelist \ - -l libnsl.filelist -l glibc.filelist \ -%if %{with benchtests} - -l benchtests.filelist -%endif - " -%endif - -/usr/lib/rpm/find-debuginfo.sh $find_debuginfo_args -o debuginfo.filelist - -# List all of the *.a archives in the debug directory. -list_debug_archives() -{ - local dir=%{_prefix}/lib/debug%{_libdir} - find %{glibc_sysroot}$dir -name "*.a" -printf "$dir/%%P\n" -} - -%ifarch %{debuginfocommonarches} - -# Remove the source files from the common package debuginfo. -sed -i '\#^%{glibc_sysroot}%{_prefix}/src/debug/#d' debuginfocommon.filelist - -# Create a list of all of the source files we copied to the debug directory. -find %{glibc_sysroot}%{_prefix}/src/debug \ - \( -type d -printf '%%%%dir ' \) , \ - -printf '%{_prefix}/src/debug/%%P\n' > debuginfocommon.sources - -%ifarch %{biarcharches} - -# Add the source files to the core debuginfo package. -cat debuginfocommon.sources >> debuginfo.filelist - -%else - -%ifarch %{ix86} -%define basearch i686 -%endif -%ifarch sparc sparcv9 -%define basearch sparc -%endif - -# The auxarches get only these few source files. -auxarches_debugsources=\ -'/(generic|linux|%{basearch}|nptl(_db)?)/|/%{glibcsrcdir}/build|/dl-osinfo\.h' - -# Place the source files into the core debuginfo pakcage. -egrep "$auxarches_debugsources" debuginfocommon.sources >> debuginfo.filelist - -# Remove the source files from the common debuginfo package. -egrep -v "$auxarches_debugsources" \ - debuginfocommon.sources >> debuginfocommon.filelist - -%comment Matches: %ifarch %{biarcharches} -%endif - -# Add the list of *.a archives in the debug directory to -# the common debuginfo package. -list_debug_archives >> debuginfocommon.filelist - -%comment Matches: %ifarch %{debuginfocommonarches} -%endif - -# Remove some common directories from the common package debuginfo so that we -# don't end up owning them. -exclude_common_dirs() -{ - exclude_dirs="%{_prefix}/src/debug" - exclude_dirs="$exclude_dirs $(echo %{_prefix}/lib/debug{,/%{_lib},/bin,/sbin})" - exclude_dirs="$exclude_dirs $(echo %{_prefix}/lib/debug%{_prefix}{,/%{_lib},/libexec,/bin,/sbin})" - - for d in $(echo $exclude_dirs | sed 's/ /\n/g'); do - sed -i "\|^%%dir $d/\?$|d" $1 - done - - # Special kludge: /usr/bin/ld.so is a symbolic link, so debuggers - # do not need it to locate debugging information (they can use - # the real path instead). - sed -i '\,^/usr/lib/debug/usr/bin/ld\.so\.debug$,d' $1 -} -# The file does not exist on all architectures. -rm -f %{glibc_sysroot}/usr/lib/debug/usr/bin/ld.so.debug - -%ifarch %{debuginfocommonarches} -exclude_common_dirs debuginfocommon.filelist -%endif -exclude_common_dirs debuginfo.filelist - -%comment Matches: %if 0%{?_enable_debug_packages} -%endif - ############################################################################## # Delete files that we do not intended to ship with the auxarch. # This is the only place where we touch the installed files after generating @@ -2509,6 +2367,15 @@ echo ====================PLT RELOCS LIBC.SO============== readelf -Wr %{glibc_sysroot}/%{_lib}/libc-*.so | sed -n -e "$PLTCMD" echo ====================PLT RELOCS END================== +# Obtain a way to run the dynamic loader. Avoid matching the symbolic +# link and then pick the first loader (although there should be only +# one). +run_ldso="$(find %{glibc_sysroot}/%{_lib}/ld-*.so -type f | LC_ALL=C sort | head -n1) --library-path %{glibc_sysroot}/%{_lib}" + +# Show the auxiliary vector as seen by the new library +# (even if we do not perform the valgrind test). +LD_SHOW_AUXV=1 $run_ldso /bin/true + # Finally, check if valgrind runs with the new glibc. # We want to fail building if valgrind is not able to run with this glibc so # that we can then coordinate with valgrind to get it fixed before we update @@ -2517,16 +2384,15 @@ pushd build-%{target} # Show the auxiliary vector as seen by the new library # (even if we do not perform the valgrind test). -LD_SHOW_AUXV=1 elf/ld.so --library-path .:elf:nptl:dlfcn /bin/true +LD_SHOW_AUXV=1 $run_ldso /bin/true %if %{with valgrind} -elf/ld.so --library-path .:elf:nptl:dlfcn \ - /usr/bin/valgrind --error-exitcode=1 \ - elf/ld.so --library-path .:elf:nptl:dlfcn /usr/bin/true +$run_ldso /usr/bin/valgrind --error-exitcode=1 \ + $run_ldso /usr/bin/true %endif popd -%comment Matches: %if %{run_glibc_tests} +%comment Matches: %if %{with testsuite} %endif @@ -2797,15 +2663,6 @@ fi %files -f libnsl.filelist -n libnsl /%{_lib}/libnsl.so.1 -%if 0%{?_enable_debug_packages} -%files debuginfo -f debuginfo.filelist -%ifarch %{debuginfocommonarches} -%ifnarch %{auxarches} -%files debuginfo-common -f debuginfocommon.filelist -%endif -%endif -%endif - %if %{with benchtests} %files benchtests -f benchtests.filelist %endif @@ -2813,6 +2670,23 @@ fi %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %changelog +* Thu Jan 27 2022 Siddhesh Poyarekar - 2.28-189 +- CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak + (#2032281) + +* Tue Jan 25 2022 Siddhesh Poyarekar - 2.28-188 +- CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clnt_create + for "unix" and svcunix_create (#2045063). + +* Mon Jan 24 2022 Siddhesh Poyarekar - 2.28-187 +- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 (#2032281) + +* Fri Jan 21 2022 Carlos O'Donell - 2.28-186 +- Fix pthread_once regression with C++ exceptions (#2007327) + +* Thu Jan 20 2022 DJ Delorie - 2.28-185 +- Adjust to rpm's find-debuginfo.sh changes, to keep stripping binaries (#1661513) + * Fri Jan 7 2022 Florian Weimer - 2.28-184 - Conversion from ISO-2022-JP-3 may emit spurious NUL character (#2033655)