forked from rpms/glibc
import UBI glibc-2.28-251.el8_10.25
This commit is contained in:
parent
73b8a454b8
commit
6f91983eb9
236
SOURCES/glibc-RHEL-105326.patch
Normal file
236
SOURCES/glibc-RHEL-105326.patch
Normal file
@ -0,0 +1,236 @@
|
||||
commit 7ea06e994093fa0bcca0d0ee2c1db271d8d7885d
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Mon Jul 21 21:43:49 2025 +0200
|
||||
|
||||
posix: Fix double-free after allocation failure in regcomp (bug 33185)
|
||||
|
||||
If a memory allocation failure occurs during bracket expression
|
||||
parsing in regcomp, a double-free error may result.
|
||||
|
||||
Reported-by: Anastasia Belova <abelova@astralinux.ru>
|
||||
Co-authored-by: Paul Eggert <eggert@cs.ucla.edu>
|
||||
Reviewed-by: Andreas K. Huettel <dilfridge@gentoo.org>
|
||||
|
||||
Conflicts:
|
||||
posix/Makefile
|
||||
(tests list not reformatted/sorted downstream)
|
||||
posix/tst-regcomp-bracket-free.c
|
||||
(missing strerrorname_np downstream)
|
||||
|
||||
diff --git a/posix/Makefile b/posix/Makefile
|
||||
index 83162123f9c927a0..42a0290370b40fd9 100644
|
||||
--- a/posix/Makefile
|
||||
+++ b/posix/Makefile
|
||||
@@ -96,7 +96,7 @@ tests := test-errno tstgetopt testfnm runtests runptests \
|
||||
tst-posix_fadvise tst-posix_fadvise64 \
|
||||
tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \
|
||||
tst-glob-tilde test-ssize-max tst-spawn4 bug-regex37 \
|
||||
- bug-regex38 tst-regcomp-truncated
|
||||
+ bug-regex38 tst-regcomp-truncated tst-regcomp-bracket-free
|
||||
tests-internal := bug-regex5 bug-regex20 bug-regex33 \
|
||||
tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3 \
|
||||
tst-glob_lstat_compat tst-spawn4-compat
|
||||
diff --git a/posix/regcomp.c b/posix/regcomp.c
|
||||
index 545d188468c376e7..b737b22da8703d6c 100644
|
||||
--- a/posix/regcomp.c
|
||||
+++ b/posix/regcomp.c
|
||||
@@ -3375,6 +3375,7 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token,
|
||||
{
|
||||
#ifdef RE_ENABLE_I18N
|
||||
free_charset (mbcset);
|
||||
+ mbcset = NULL;
|
||||
#endif
|
||||
/* Build a tree for simple bracket. */
|
||||
br_token.type = SIMPLE_BRACKET;
|
||||
@@ -3390,7 +3391,8 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token,
|
||||
parse_bracket_exp_free_return:
|
||||
re_free (sbcset);
|
||||
#ifdef RE_ENABLE_I18N
|
||||
- free_charset (mbcset);
|
||||
+ if (__glibc_likely (mbcset != NULL))
|
||||
+ free_charset (mbcset);
|
||||
#endif /* RE_ENABLE_I18N */
|
||||
return NULL;
|
||||
}
|
||||
diff --git a/posix/tst-regcomp-bracket-free.c b/posix/tst-regcomp-bracket-free.c
|
||||
new file mode 100644
|
||||
index 0000000000000000..e6041ddaeba3045c
|
||||
--- /dev/null
|
||||
+++ b/posix/tst-regcomp-bracket-free.c
|
||||
@@ -0,0 +1,176 @@
|
||||
+/* Test regcomp bracket parsing with injected allocation failures (bug 33185).
|
||||
+ Copyright (C) 2025 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+/* This test invokes regcomp multiple times, failing one memory
|
||||
+ allocation in each call. The function call should fail with
|
||||
+ REG_ESPACE (or succeed if it can recover from the allocation
|
||||
+ failure). Previously, there was double-free bug. */
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <regex.h>
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/namespace.h>
|
||||
+#include <support/support.h>
|
||||
+
|
||||
+/* Data structure allocated via MAP_SHARED, so that writes from the
|
||||
+ subprocess are visible. */
|
||||
+struct shared_data
|
||||
+{
|
||||
+ /* Number of tracked allocations performed so far. */
|
||||
+ volatile unsigned int allocation_count;
|
||||
+
|
||||
+ /* If this number is reached, one allocation fails. */
|
||||
+ volatile unsigned int failing_allocation;
|
||||
+
|
||||
+ /* The subprocess stores the expected name here. */
|
||||
+ char name[100];
|
||||
+};
|
||||
+
|
||||
+/* Allocation count in shared mapping. */
|
||||
+static struct shared_data *shared;
|
||||
+
|
||||
+/* Returns true if a failure should be injected for this allocation. */
|
||||
+static bool
|
||||
+fail_this_allocation (void)
|
||||
+{
|
||||
+ if (shared != NULL)
|
||||
+ {
|
||||
+ unsigned int count = shared->allocation_count;
|
||||
+ shared->allocation_count = count + 1;
|
||||
+ return count == shared->failing_allocation;
|
||||
+ }
|
||||
+ else
|
||||
+ return false;
|
||||
+}
|
||||
+
|
||||
+/* Failure-injecting wrappers for allocation functions used by glibc. */
|
||||
+
|
||||
+void *
|
||||
+malloc (size_t size)
|
||||
+{
|
||||
+ if (fail_this_allocation ())
|
||||
+ {
|
||||
+ errno = ENOMEM;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ extern __typeof (malloc) __libc_malloc;
|
||||
+ return __libc_malloc (size);
|
||||
+}
|
||||
+
|
||||
+void *
|
||||
+calloc (size_t a, size_t b)
|
||||
+{
|
||||
+ if (fail_this_allocation ())
|
||||
+ {
|
||||
+ errno = ENOMEM;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ extern __typeof (calloc) __libc_calloc;
|
||||
+ return __libc_calloc (a, b);
|
||||
+}
|
||||
+
|
||||
+void *
|
||||
+realloc (void *ptr, size_t size)
|
||||
+{
|
||||
+ if (fail_this_allocation ())
|
||||
+ {
|
||||
+ errno = ENOMEM;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+ extern __typeof (realloc) __libc_realloc;
|
||||
+ return __libc_realloc (ptr, size);
|
||||
+}
|
||||
+
|
||||
+/* No-op subprocess to verify that support_isolate_in_subprocess does
|
||||
+ not perform any heap allocations. */
|
||||
+static void
|
||||
+no_op (void *ignored)
|
||||
+{
|
||||
+}
|
||||
+
|
||||
+/* Perform a regcomp call in a subprocess. Used to count its
|
||||
+ allocations. */
|
||||
+static void
|
||||
+initialize (void *regexp1)
|
||||
+{
|
||||
+ const char *regexp = regexp1;
|
||||
+
|
||||
+ shared->allocation_count = 0;
|
||||
+
|
||||
+ regex_t reg;
|
||||
+ TEST_COMPARE (regcomp (®, regexp, 0), 0);
|
||||
+}
|
||||
+
|
||||
+/* Perform regcomp in a subprocess with fault injection. */
|
||||
+static void
|
||||
+test_in_subprocess (void *regexp1)
|
||||
+{
|
||||
+ const char *regexp = regexp1;
|
||||
+ unsigned int inject_at = shared->failing_allocation;
|
||||
+
|
||||
+ regex_t reg;
|
||||
+ int ret = regcomp (®, regexp, 0);
|
||||
+
|
||||
+ if (ret != 0)
|
||||
+ {
|
||||
+ TEST_COMPARE (ret, REG_ESPACE);
|
||||
+ printf ("info: allocation %u failure results in return value %d,"
|
||||
+ " error %s (%d)\n",
|
||||
+ inject_at, ret, strerror (errno), errno);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ char regexp[] = "[:alpha:]";
|
||||
+
|
||||
+ shared = support_shared_allocate (sizeof (*shared));
|
||||
+
|
||||
+ /* Disable fault injection. */
|
||||
+ shared->failing_allocation = ~0U;
|
||||
+
|
||||
+ support_isolate_in_subprocess (no_op, NULL);
|
||||
+ TEST_COMPARE (shared->allocation_count, 0);
|
||||
+
|
||||
+ support_isolate_in_subprocess (initialize, regexp);
|
||||
+
|
||||
+ /* The number of allocations in the successful case, plus some
|
||||
+ slack. Once the number of expected allocations is exceeded,
|
||||
+ injecting further failures does not make a difference. */
|
||||
+ unsigned int maximum_allocation_count = shared->allocation_count;
|
||||
+ printf ("info: successful call performs %u allocations\n",
|
||||
+ maximum_allocation_count);
|
||||
+ maximum_allocation_count += 10;
|
||||
+
|
||||
+ for (unsigned int inject_at = 0; inject_at <= maximum_allocation_count;
|
||||
+ ++inject_at)
|
||||
+ {
|
||||
+ shared->allocation_count = 0;
|
||||
+ shared->failing_allocation = inject_at;
|
||||
+ support_isolate_in_subprocess (test_in_subprocess, regexp);
|
||||
+ }
|
||||
+
|
||||
+ support_shared_free (shared);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
59
SOURCES/glibc-RHEL-18039-1.patch
Normal file
59
SOURCES/glibc-RHEL-18039-1.patch
Normal file
@ -0,0 +1,59 @@
|
||||
commit 868ab8923a2ec977faafec97ecafac0c3159c1b2
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu Jun 13 18:56:30 2024 +0200
|
||||
|
||||
resolv: Track single-request fallback via _res._flags (bug 31476)
|
||||
|
||||
This avoids changing _res.options, which inteferes with change
|
||||
detection as part of automatic reloading of /etc/resolv.conf.
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
diff -Nrup a/resolv/res_send.c b/resolv/res_send.c
|
||||
--- a/resolv/res_send.c 2025-02-19 21:54:08.104421209 -0500
|
||||
+++ b/resolv/res_send.c 2025-02-19 21:54:51.202625194 -0500
|
||||
@@ -1065,9 +1065,11 @@ send_dg(res_state statp,
|
||||
seconds /= statp->nscount;
|
||||
if (seconds <= 0)
|
||||
seconds = 1;
|
||||
- bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0;
|
||||
- bool single_request = (((statp->options & RES_SNGLKUP) != 0)
|
||||
- | single_request_reopen);
|
||||
+ bool single_request_reopen = ((statp->options & RES_SNGLKUPREOP)
|
||||
+ || (statp->_flags & RES_F_SNGLKUPREOP));
|
||||
+ bool single_request = ((statp->options & RES_SNGLKUP)
|
||||
+ || (statp->_flags & RES_F_SNGLKUP)
|
||||
+ || single_request_reopen);
|
||||
int save_gotsomewhere = *gotsomewhere;
|
||||
|
||||
int retval;
|
||||
@@ -1124,14 +1126,14 @@ send_dg(res_state statp,
|
||||
have received the first answer. */
|
||||
if (!single_request)
|
||||
{
|
||||
- statp->options |= RES_SNGLKUP;
|
||||
+ statp->_flags |= RES_F_SNGLKUP;
|
||||
single_request = true;
|
||||
*gotsomewhere = save_gotsomewhere;
|
||||
goto retry;
|
||||
}
|
||||
else if (!single_request_reopen)
|
||||
{
|
||||
- statp->options |= RES_SNGLKUPREOP;
|
||||
+ statp->_flags |= RES_F_SNGLKUPREOP;
|
||||
single_request_reopen = true;
|
||||
*gotsomewhere = save_gotsomewhere;
|
||||
__res_iclose (statp, false);
|
||||
diff -Nrup a/resolv/resolv-internal.h b/resolv/resolv-internal.h
|
||||
--- a/resolv/resolv-internal.h 2025-02-19 21:54:08.104421209 -0500
|
||||
+++ b/resolv/resolv-internal.h 2025-02-19 21:56:25.771072777 -0500
|
||||
@@ -26,7 +26,8 @@
|
||||
#define RES_F_VC 0x00000001 /* Socket is TCP. */
|
||||
#define RES_F_CONN 0x00000002 /* Socket is connected. */
|
||||
#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors. */
|
||||
-
|
||||
+#define RES_F_SNGLKUP 0x00200000 /* Private version of RES_SNGLKUP. */
|
||||
+#define RES_F_SNGLKUPREOP 0x00400000 /* Private version of RES_SNGLKUPREOP. */
|
||||
|
||||
/* Internal version of RES_USE_INET6 which does not trigger a
|
||||
deprecation warning. */
|
197
SOURCES/glibc-RHEL-18039-2.patch
Normal file
197
SOURCES/glibc-RHEL-18039-2.patch
Normal file
@ -0,0 +1,197 @@
|
||||
commit 691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jul 24 12:06:47 2024 +0200
|
||||
|
||||
resolv: Allow short error responses to match any query (bug 31890)
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
resolv/res_send.c: res_queriesmatch/__libc_res_queriesmatch
|
||||
|
||||
diff -Nrup a/resolv/Makefile b/resolv/Makefile
|
||||
--- a/resolv/Makefile 2025-06-06 08:53:20.890276516 -0400
|
||||
+++ b/resolv/Makefile 2025-06-06 08:57:09.981844872 -0400
|
||||
@@ -62,6 +62,7 @@ tests += \
|
||||
tst-resolv-nondecimal \
|
||||
tst-resolv-res_init-multi \
|
||||
tst-resolv-search \
|
||||
+ tst-resolv-short-response \
|
||||
tst-resolv-trailing \
|
||||
|
||||
# This test calls __res_context_send directly, which is not exported
|
||||
@@ -208,6 +209,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx
|
||||
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
+$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \
|
||||
+ $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-threads: \
|
||||
$(libdl) $(objpfx)libresolv.so $(shared-thread-library)
|
||||
diff -Nrup a/resolv/res_send.c b/resolv/res_send.c
|
||||
--- a/resolv/res_send.c 2025-06-06 08:53:30.892216323 -0400
|
||||
+++ b/resolv/res_send.c 2025-06-06 08:59:35.588914830 -0400
|
||||
@@ -1322,17 +1322,30 @@ send_dg(res_state statp,
|
||||
goto wait;
|
||||
|
||||
/* Check for the correct header layout and a matching
|
||||
- question. */
|
||||
+ question. Some recursive resolvers send REFUSED
|
||||
+ without copying back the question section
|
||||
+ (producing a response that is only HFIXEDSZ bytes
|
||||
+ long). Skip query matching in this case. */
|
||||
+ bool thisansp_error = (anhp->rcode == SERVFAIL ||
|
||||
+ anhp->rcode == NOTIMP ||
|
||||
+ anhp->rcode == REFUSED);
|
||||
+ bool skip_query_match = (*thisresplenp == HFIXEDSZ
|
||||
+ && ntohs (anhp->qdcount) == 0
|
||||
+ && thisansp_error);
|
||||
int matching_query = 0; /* Default to no matching query. */
|
||||
if (!recvresp1
|
||||
&& anhp->id == hp->id
|
||||
- && res_queriesmatch (buf, buf + buflen,
|
||||
- *thisansp, *thisansp + *thisanssizp))
|
||||
+ && (skip_query_match
|
||||
+ || res_queriesmatch (buf, buf + buflen,
|
||||
+ *thisansp,
|
||||
+ *thisansp + *thisanssizp)))
|
||||
matching_query = 1;
|
||||
if (!recvresp2
|
||||
&& anhp->id == hp2->id
|
||||
- && res_queriesmatch (buf2, buf2 + buflen2,
|
||||
- *thisansp, *thisansp + *thisanssizp))
|
||||
+ && (skip_query_match
|
||||
+ || res_queriesmatch (buf2, buf2 + buflen2,
|
||||
+ *thisansp,
|
||||
+ *thisansp + *thisanssizp)))
|
||||
matching_query = 2;
|
||||
if (matching_query == 0)
|
||||
/* Spurious UDP packet. Drop it and continue
|
||||
@@ -1342,9 +1355,7 @@ send_dg(res_state statp,
|
||||
goto wait;
|
||||
}
|
||||
|
||||
- if (anhp->rcode == SERVFAIL ||
|
||||
- anhp->rcode == NOTIMP ||
|
||||
- anhp->rcode == REFUSED) {
|
||||
+ if (thisansp_error) {
|
||||
next_ns:
|
||||
if (recvresp1 || (buf2 != NULL && recvresp2)) {
|
||||
*resplen2 = 0;
|
||||
diff -Nrup a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c
|
||||
--- a/resolv/tst-resolv-short-response.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ b/resolv/tst-resolv-short-response.c 2025-06-06 08:57:09.987844834 -0400
|
||||
@@ -0,0 +1,112 @@
|
||||
+/* Test for spurious timeouts with short 12-byte responses (bug 31890).
|
||||
+ Copyright (C) 2024 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <resolv.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/resolv_test.h>
|
||||
+#include <support/check_nss.h>
|
||||
+
|
||||
+/* The rcode in the initial response. */
|
||||
+static volatile int rcode;
|
||||
+
|
||||
+static void
|
||||
+response (const struct resolv_response_context *ctx,
|
||||
+ struct resolv_response_builder *b,
|
||||
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
||||
+{
|
||||
+ switch (ctx->server_index)
|
||||
+ {
|
||||
+ case 0:
|
||||
+ /* First server times out. */
|
||||
+ struct resolv_response_flags flags = {.rcode = rcode};
|
||||
+ resolv_response_init (b, flags);
|
||||
+ break;
|
||||
+ case 1:
|
||||
+ /* Second server sends reply. */
|
||||
+ resolv_response_init (b, (struct resolv_response_flags) {});
|
||||
+ resolv_response_add_question (b, qname, qclass, qtype);
|
||||
+ resolv_response_section (b, ns_s_an);
|
||||
+ resolv_response_open_record (b, qname, qclass, qtype, 0);
|
||||
+ switch (qtype)
|
||||
+ {
|
||||
+ case T_A:
|
||||
+ {
|
||||
+ char ipv4[4] = {192, 0, 2, 17};
|
||||
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
|
||||
+ }
|
||||
+ break;
|
||||
+ case T_AAAA:
|
||||
+ {
|
||||
+ char ipv6[16]
|
||||
+ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
|
||||
+ resolv_response_add_data (b, &ipv6, sizeof (ipv6));
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ FAIL_EXIT1 ("unexpected TYPE%d query", qtype);
|
||||
+ }
|
||||
+ resolv_response_close_record (b);
|
||||
+ break;
|
||||
+ default:
|
||||
+ FAIL_EXIT1 ("unexpected query to server %d", ctx->server_index);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+check_one (void)
|
||||
+{
|
||||
+
|
||||
+ /* The buggy 1-second query timeout results in 30 seconds of delay,
|
||||
+ which triggers a test timeout failure. */
|
||||
+ for (int i = 0; i < 10; ++i)
|
||||
+ {
|
||||
+ check_hostent ("www.example", gethostbyname ("www.example"),
|
||||
+ "name: www.example\n"
|
||||
+ "address: 192.0.2.17\n");
|
||||
+ check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6),
|
||||
+ "name: www.example\n"
|
||||
+ "address: 2001:db8::1\n");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ struct resolv_test *aux = resolv_test_start
|
||||
+ ((struct resolv_redirect_config)
|
||||
+ {
|
||||
+ .response_callback = response,
|
||||
+ });
|
||||
+
|
||||
+ _res.options |= RES_SNGLKUP;
|
||||
+
|
||||
+ rcode = 2; /* SERVFAIL. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 4; /* NOTIMP. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 5; /* REFUSED. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ resolv_test_end (aux);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
203
SOURCES/glibc-RHEL-18039-3.patch
Normal file
203
SOURCES/glibc-RHEL-18039-3.patch
Normal file
@ -0,0 +1,203 @@
|
||||
commit af625987d619388a100b153520d3ee308bda9889
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jul 24 12:06:47 2024 +0200
|
||||
|
||||
resolv: Do not wait for non-existing second DNS response after error (bug 30081)
|
||||
|
||||
In single-request mode, there is no second response after an error
|
||||
because the second query has not been sent yet. Waiting for it
|
||||
introduces an unnecessary timeout.
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
diff -Nrup a/resolv/Makefile b/resolv/Makefile
|
||||
--- a/resolv/Makefile 2025-02-19 22:32:03.567568899 -0500
|
||||
+++ b/resolv/Makefile 2025-02-19 22:36:58.647149025 -0500
|
||||
@@ -62,6 +62,7 @@ tests += \
|
||||
tst-resolv-nondecimal \
|
||||
tst-resolv-res_init-multi \
|
||||
tst-resolv-search \
|
||||
+ tst-resolv-semi-failure \
|
||||
tst-resolv-short-response \
|
||||
tst-resolv-trailing \
|
||||
|
||||
@@ -209,6 +210,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx
|
||||
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
+$(objpfx)tst-resolv-semi-failure: $(objpfx)libresolv.so \
|
||||
+ $(shared-thread-library)
|
||||
$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \
|
||||
$(shared-thread-library)
|
||||
$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
|
||||
diff -Nrup a/resolv/res_send.c b/resolv/res_send.c
|
||||
--- a/resolv/res_send.c 2025-02-19 22:32:03.567568899 -0500
|
||||
+++ b/resolv/res_send.c 2025-02-19 22:34:59.213509475 -0500
|
||||
@@ -1361,7 +1361,7 @@ send_dg(res_state statp,
|
||||
*resplen2 = 0;
|
||||
return resplen;
|
||||
}
|
||||
- if (buf2 != NULL)
|
||||
+ if (buf2 != NULL && !single_request)
|
||||
{
|
||||
/* No data from the first reply. */
|
||||
resplen = 0;
|
||||
diff -Nrup a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c
|
||||
--- a/resolv/tst-resolv-semi-failure.c 1969-12-31 19:00:00.000000000 -0500
|
||||
+++ b/resolv/tst-resolv-semi-failure.c 2025-02-19 22:34:59.213509475 -0500
|
||||
@@ -0,0 +1,133 @@
|
||||
+/* Test parallel failure/success responses (bug 30081).
|
||||
+ Copyright (C) 2024 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <https://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <resolv.h>
|
||||
+#include <support/check.h>
|
||||
+#include <support/resolv_test.h>
|
||||
+#include <support/check_nss.h>
|
||||
+
|
||||
+/* The rcode in the initial response. */
|
||||
+static volatile int rcode;
|
||||
+
|
||||
+/* Whether to fail the initial A query (!fail_aaaa) or the initial
|
||||
+ AAAA query (fail_aaaa). */
|
||||
+static volatile bool fail_aaaa;
|
||||
+
|
||||
+static void
|
||||
+response (const struct resolv_response_context *ctx,
|
||||
+ struct resolv_response_builder *b,
|
||||
+ const char *qname, uint16_t qclass, uint16_t qtype)
|
||||
+{
|
||||
+ /* Handle the failing query. */
|
||||
+ if ((fail_aaaa && qtype == T_AAAA) && ctx->server_index == 0)
|
||||
+ {
|
||||
+ struct resolv_response_flags flags = {.rcode = rcode};
|
||||
+ resolv_response_init (b, flags);
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ /* Otherwise produce a response. */
|
||||
+ resolv_response_init (b, (struct resolv_response_flags) {});
|
||||
+ resolv_response_add_question (b, qname, qclass, qtype);
|
||||
+ resolv_response_section (b, ns_s_an);
|
||||
+ resolv_response_open_record (b, qname, qclass, qtype, 0);
|
||||
+ switch (qtype)
|
||||
+ {
|
||||
+ case T_A:
|
||||
+ {
|
||||
+ char ipv4[4] = {192, 0, 2, 17};
|
||||
+ resolv_response_add_data (b, &ipv4, sizeof (ipv4));
|
||||
+ }
|
||||
+ break;
|
||||
+ case T_AAAA:
|
||||
+ {
|
||||
+ char ipv6[16]
|
||||
+ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1};
|
||||
+ resolv_response_add_data (b, &ipv6, sizeof (ipv6));
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ FAIL_EXIT1 ("unexpected TYPE%d query", qtype);
|
||||
+ }
|
||||
+ resolv_response_close_record (b);
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+check_one (void)
|
||||
+{
|
||||
+
|
||||
+ /* The buggy 1-second query timeout results in 30 seconds of delay,
|
||||
+ which triggers are test timeout failure. */
|
||||
+ for (int i = 0; i < 30; ++i)
|
||||
+ {
|
||||
+ static const struct addrinfo hints =
|
||||
+ {
|
||||
+ .ai_family = AF_UNSPEC,
|
||||
+ .ai_socktype = SOCK_STREAM,
|
||||
+ };
|
||||
+ struct addrinfo *ai;
|
||||
+ int ret = getaddrinfo ("www.example", "80", &hints, &ai);
|
||||
+ const char *expected;
|
||||
+ if (ret == 0 && ai->ai_next != NULL)
|
||||
+ expected = ("address: STREAM/TCP 192.0.2.17 80\n"
|
||||
+ "address: STREAM/TCP 2001:db8::1 80\n");
|
||||
+ else
|
||||
+ /* Only one response because the AAAA lookup failure is
|
||||
+ treated as an ignoreable error. */
|
||||
+ expected = "address: STREAM/TCP 192.0.2.17 80\n";
|
||||
+ check_addrinfo ("www.example", ai, ret, expected);
|
||||
+ if (ret == 0)
|
||||
+ freeaddrinfo (ai);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static int
|
||||
+do_test (void)
|
||||
+{
|
||||
+ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup)
|
||||
+ {
|
||||
+ struct resolv_test *aux = resolv_test_start
|
||||
+ ((struct resolv_redirect_config)
|
||||
+ {
|
||||
+ .response_callback = response,
|
||||
+ });
|
||||
+
|
||||
+ if (do_single_lookup)
|
||||
+ _res.options |= RES_SNGLKUP;
|
||||
+
|
||||
+ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa)
|
||||
+ {
|
||||
+ fail_aaaa = do_fail_aaaa;
|
||||
+
|
||||
+ rcode = 2; /* SERVFAIL. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 4; /* NOTIMP. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 5; /* REFUSED. */
|
||||
+ check_one ();
|
||||
+ }
|
||||
+
|
||||
+ resolv_test_end (aux);
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+#include <support/test-driver.c>
|
||||
diff -Nrup a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c
|
||||
--- a/resolv/tst-resolv-short-response.c 2025-02-19 22:32:03.567568899 -0500
|
||||
+++ b/resolv/tst-resolv-short-response.c 2025-02-19 22:34:59.213509475 -0500
|
||||
@@ -81,6 +81,18 @@ check_one (void)
|
||||
check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6),
|
||||
"name: www.example\n"
|
||||
"address: 2001:db8::1\n");
|
||||
+ static const struct addrinfo hints =
|
||||
+ {
|
||||
+ .ai_family = AF_UNSPEC,
|
||||
+ .ai_socktype = SOCK_STREAM,
|
||||
+ };
|
||||
+ struct addrinfo *ai;
|
||||
+ int ret = getaddrinfo ("www.example", "80", &hints, &ai);
|
||||
+ check_addrinfo ("www.example", ai, ret,
|
||||
+ "address: STREAM/TCP 192.0.2.17 80\n"
|
||||
+ "address: STREAM/TCP 2001:db8::1 80\n");
|
||||
+ if (ret == 0)
|
||||
+ freeaddrinfo (ai);
|
||||
}
|
||||
}
|
||||
|
81
SOURCES/glibc-RHEL-18039-4.patch
Normal file
81
SOURCES/glibc-RHEL-18039-4.patch
Normal file
@ -0,0 +1,81 @@
|
||||
commit 95f61610f3e481d191b6184432342236fd59186d
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jul 24 12:06:47 2024 +0200
|
||||
|
||||
resolv: Support clearing option flags with a “-” prefix (bug 14799)
|
||||
|
||||
I think using a “-” prefix is less confusing than introducing
|
||||
double-negation construct (“no-no-tld-query”).
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
NEWS: Dropped
|
||||
resolv/res_init.c: DEPRECATED_RES_USE_INET6 and RES_TRUSTAD
|
||||
|
||||
diff -Nrup a/resolv/res_init.c b/resolv/res_init.c
|
||||
--- a/resolv/res_init.c 2025-05-21 08:57:39.108958310 -0400
|
||||
+++ b/resolv/res_init.c 2025-05-21 08:59:11.528419481 -0400
|
||||
@@ -682,27 +682,29 @@ res_setoptions (struct resolv_conf_parse
|
||||
{
|
||||
char str[22];
|
||||
uint8_t len;
|
||||
- uint8_t clear;
|
||||
unsigned long int flag;
|
||||
} options[] = {
|
||||
#define STRnLEN(str) str, sizeof (str) - 1
|
||||
- { STRnLEN ("inet6"), 0, DEPRECATED_RES_USE_INET6 },
|
||||
- { STRnLEN ("rotate"), 0, RES_ROTATE },
|
||||
- { STRnLEN ("edns0"), 0, RES_USE_EDNS0 },
|
||||
- { STRnLEN ("single-request-reopen"), 0, RES_SNGLKUPREOP },
|
||||
- { STRnLEN ("single-request"), 0, RES_SNGLKUP },
|
||||
- { STRnLEN ("no_tld_query"), 0, RES_NOTLDQUERY },
|
||||
- { STRnLEN ("no-tld-query"), 0, RES_NOTLDQUERY },
|
||||
- { STRnLEN ("no-reload"), 0, RES_NORELOAD },
|
||||
- { STRnLEN ("use-vc"), 0, RES_USEVC },
|
||||
- { STRnLEN ("no-aaaa"), 0, RES_NOAAAA },
|
||||
+ { STRnLEN ("inet6"), DEPRECATED_RES_USE_INET6 },
|
||||
+ { STRnLEN ("rotate"), RES_ROTATE },
|
||||
+ { STRnLEN ("edns0"), RES_USE_EDNS0 },
|
||||
+ { STRnLEN ("single-request-reopen"), RES_SNGLKUPREOP },
|
||||
+ { STRnLEN ("single-request"), RES_SNGLKUP },
|
||||
+ { STRnLEN ("no_tld_query"), RES_NOTLDQUERY },
|
||||
+ { STRnLEN ("no-tld-query"), RES_NOTLDQUERY },
|
||||
+ { STRnLEN ("no-reload"), RES_NORELOAD },
|
||||
+ { STRnLEN ("use-vc"), RES_USEVC },
|
||||
+ { STRnLEN ("no-aaaa"), RES_NOAAAA },
|
||||
};
|
||||
#define noptions (sizeof (options) / sizeof (options[0]))
|
||||
+ bool negate_option = *cp == '-';
|
||||
+ if (negate_option)
|
||||
+ ++cp;
|
||||
for (int i = 0; i < noptions; ++i)
|
||||
if (strncmp (cp, options[i].str, options[i].len) == 0)
|
||||
{
|
||||
- if (options[i].clear)
|
||||
- parser->template.options &= options[i].flag;
|
||||
+ if (negate_option)
|
||||
+ parser->template.options &= ~options[i].flag;
|
||||
else
|
||||
parser->template.options |= options[i].flag;
|
||||
break;
|
||||
diff -Nrup a/resolv/tst-resolv-res_init-skeleton.c b/resolv/tst-resolv-res_init-skeleton.c
|
||||
--- a/resolv/tst-resolv-res_init-skeleton.c 2025-05-21 08:57:39.109958315 -0400
|
||||
+++ b/resolv/tst-resolv-res_init-skeleton.c 2025-05-21 08:58:09.541110166 -0400
|
||||
@@ -680,6 +680,16 @@ struct test_case test_cases[] =
|
||||
"; nameserver[0]: [192.0.2.1]:53\n",
|
||||
.res_options = "attempts:5 ndots:3 edns0 ",
|
||||
},
|
||||
+ {.name = "RES_OPTIONS can clear flags",
|
||||
+ .conf = "options ndots:2 use-vc no-aaaa edns0\n"
|
||||
+ "nameserver 192.0.2.1\n",
|
||||
+ .expected = "options ndots:3 use-vc\n"
|
||||
+ "search example.com\n"
|
||||
+ "; search[0]: example.com\n"
|
||||
+ "nameserver 192.0.2.1\n"
|
||||
+ "; nameserver[0]: [192.0.2.1]:53\n",
|
||||
+ .res_options = "ndots:3 -edns0 -no-aaaa",
|
||||
+ },
|
||||
{.name = "many search list entries (bug 19569)",
|
||||
.conf = "nameserver 192.0.2.1\n"
|
||||
"search corp.example.com support.example.com"
|
207
SOURCES/glibc-RHEL-18039-5.patch
Normal file
207
SOURCES/glibc-RHEL-18039-5.patch
Normal file
@ -0,0 +1,207 @@
|
||||
commit 765325951ac5c7d072278c9424930b29657e9758
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jul 24 12:06:47 2024 +0200
|
||||
|
||||
resolv: Implement strict-error stub resolver option (bug 27929)
|
||||
|
||||
For now, do not enable this mode by default due to the potential
|
||||
impact on compatibility with existing deployments.
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
Conflicts:
|
||||
NEWS
|
||||
(Dropped)
|
||||
|
||||
diff -Nrup a/resolv/res_init.c b/resolv/res_init.c
|
||||
--- a/resolv/res_init.c 2025-06-06 07:00:12.496548260 -0400
|
||||
+++ b/resolv/res_init.c 2025-06-06 07:02:49.092632696 -0400
|
||||
@@ -695,6 +695,7 @@ res_setoptions (struct resolv_conf_parse
|
||||
{ STRnLEN ("no-reload"), RES_NORELOAD },
|
||||
{ STRnLEN ("use-vc"), RES_USEVC },
|
||||
{ STRnLEN ("no-aaaa"), RES_NOAAAA },
|
||||
+ { STRnLEN ("strict-error"), RES_STRICTERR },
|
||||
};
|
||||
#define noptions (sizeof (options) / sizeof (options[0]))
|
||||
bool negate_option = *cp == '-';
|
||||
diff -Nrup a/resolv/res_send.c b/resolv/res_send.c
|
||||
--- a/resolv/res_send.c 2025-06-06 07:00:12.434548622 -0400
|
||||
+++ b/resolv/res_send.c 2025-06-06 07:02:49.095632678 -0400
|
||||
@@ -1357,21 +1357,38 @@ send_dg(res_state statp,
|
||||
|
||||
if (thisansp_error) {
|
||||
next_ns:
|
||||
- if (recvresp1 || (buf2 != NULL && recvresp2)) {
|
||||
- *resplen2 = 0;
|
||||
- return resplen;
|
||||
- }
|
||||
- if (buf2 != NULL && !single_request)
|
||||
+ /* Outside of strict-error mode, use the first
|
||||
+ response even if the second response is an
|
||||
+ error. This allows parallel resolution to
|
||||
+ succeed even if the recursive resolver
|
||||
+ always answers with SERVFAIL for AAAA
|
||||
+ queries (which still happens in practice
|
||||
+ unfortunately).
|
||||
+
|
||||
+ In strict-error mode, always switch to the
|
||||
+ next server and try to get a response from
|
||||
+ there. */
|
||||
+ if ((statp->options & RES_STRICTERR) == 0)
|
||||
{
|
||||
- /* No data from the first reply. */
|
||||
- resplen = 0;
|
||||
- /* We are waiting for a possible second reply. */
|
||||
- if (matching_query == 1)
|
||||
- recvresp1 = 1;
|
||||
- else
|
||||
- recvresp2 = 1;
|
||||
+ if (recvresp1 || (buf2 != NULL && recvresp2))
|
||||
+ {
|
||||
+ *resplen2 = 0;
|
||||
+ return resplen;
|
||||
+ }
|
||||
+
|
||||
+ if (buf2 != NULL && !single_request)
|
||||
+ {
|
||||
+ /* No data from the first reply. */
|
||||
+ resplen = 0;
|
||||
+ /* We are waiting for a possible
|
||||
+ second reply. */
|
||||
+ if (matching_query == 1)
|
||||
+ recvresp1 = 1;
|
||||
+ else
|
||||
+ recvresp2 = 1;
|
||||
|
||||
- goto wait;
|
||||
+ goto wait;
|
||||
+ }
|
||||
}
|
||||
|
||||
/* don't retry if called from dig */
|
||||
diff -Nrup a/resolv/resolv.h b/resolv/resolv.h
|
||||
--- a/resolv/resolv.h 2025-06-06 06:59:53.530659146 -0400
|
||||
+++ b/resolv/resolv.h 2025-06-06 07:09:57.754126400 -0400
|
||||
@@ -136,6 +136,7 @@ struct res_sym {
|
||||
as a TLD. */
|
||||
#define RES_NORELOAD 0x02000000 /* No automatic configuration reload. */
|
||||
#define RES_NOAAAA 0x08000000 /* Suppress AAAA queries. */
|
||||
+#define RES_STRICTERR 0x10000000 /* Report more DNS errors as errors. */
|
||||
|
||||
#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH)
|
||||
|
||||
diff -Nrup a/resolv/tst-resolv-res_init-skeleton.c b/resolv/tst-resolv-res_init-skeleton.c
|
||||
--- a/resolv/tst-resolv-res_init-skeleton.c 2025-06-06 07:00:12.499548242 -0400
|
||||
+++ b/resolv/tst-resolv-res_init-skeleton.c 2025-06-06 07:11:46.131274310 -0400
|
||||
@@ -130,6 +130,7 @@ print_resp (FILE *fp, res_state resp)
|
||||
print_option_flag (fp, &options, RES_NOTLDQUERY, "no-tld-query");
|
||||
print_option_flag (fp, &options, RES_NORELOAD, "no-reload");
|
||||
print_option_flag (fp, &options, RES_NOAAAA, "no-aaaa");
|
||||
+ print_option_flag (fp, &options, RES_STRICTERR, "strict-error");
|
||||
fputc ('\n', fp);
|
||||
if (options != 0)
|
||||
fprintf (fp, "; error: unresolved option bits: 0x%x\n", options);
|
||||
@@ -731,6 +732,15 @@ struct test_case test_cases[] =
|
||||
"search example.com\n"
|
||||
"; search[0]: example.com\n"
|
||||
"nameserver 192.0.2.1\n"
|
||||
+ "; nameserver[0]: [192.0.2.1]:53\n"
|
||||
+ },
|
||||
+ {.name = "strict-error flag",
|
||||
+ .conf = "options strict-error\n"
|
||||
+ "nameserver 192.0.2.1\n",
|
||||
+ .expected = "options strict-error\n"
|
||||
+ "search example.com\n"
|
||||
+ "; search[0]: example.com\n"
|
||||
+ "nameserver 192.0.2.1\n"
|
||||
"; nameserver[0]: [192.0.2.1]:53\n"
|
||||
},
|
||||
{ NULL }
|
||||
diff -Nrup a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c
|
||||
--- a/resolv/tst-resolv-semi-failure.c 2025-06-06 07:00:12.438548599 -0400
|
||||
+++ b/resolv/tst-resolv-semi-failure.c 2025-06-06 07:02:49.099632654 -0400
|
||||
@@ -67,6 +67,9 @@ response (const struct resolv_response_c
|
||||
resolv_response_close_record (b);
|
||||
}
|
||||
|
||||
+/* Set to 1 if strict error checking is enabled. */
|
||||
+static int do_strict_error;
|
||||
+
|
||||
static void
|
||||
check_one (void)
|
||||
{
|
||||
@@ -83,7 +86,10 @@ check_one (void)
|
||||
struct addrinfo *ai;
|
||||
int ret = getaddrinfo ("www.example", "80", &hints, &ai);
|
||||
const char *expected;
|
||||
- if (ret == 0 && ai->ai_next != NULL)
|
||||
+ /* In strict-error mode, a switch to the second name server
|
||||
+ happens, and both responses are received, so a single
|
||||
+ response is a bug. */
|
||||
+ if (do_strict_error || (ret == 0 && ai->ai_next != NULL))
|
||||
expected = ("address: STREAM/TCP 192.0.2.17 80\n"
|
||||
"address: STREAM/TCP 2001:db8::1 80\n");
|
||||
else
|
||||
@@ -99,33 +105,36 @@ check_one (void)
|
||||
static int
|
||||
do_test (void)
|
||||
{
|
||||
- for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup)
|
||||
- {
|
||||
- struct resolv_test *aux = resolv_test_start
|
||||
- ((struct resolv_redirect_config)
|
||||
- {
|
||||
- .response_callback = response,
|
||||
- });
|
||||
-
|
||||
- if (do_single_lookup)
|
||||
- _res.options |= RES_SNGLKUP;
|
||||
-
|
||||
- for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa)
|
||||
- {
|
||||
- fail_aaaa = do_fail_aaaa;
|
||||
+ for (do_strict_error = 0; do_strict_error < 2; ++do_strict_error)
|
||||
+ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup)
|
||||
+ {
|
||||
+ struct resolv_test *aux = resolv_test_start
|
||||
+ ((struct resolv_redirect_config)
|
||||
+ {
|
||||
+ .response_callback = response,
|
||||
+ });
|
||||
+
|
||||
+ if (do_strict_error)
|
||||
+ _res.options |= RES_STRICTERR;
|
||||
+ if (do_single_lookup)
|
||||
+ _res.options |= RES_SNGLKUP;
|
||||
+
|
||||
+ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa)
|
||||
+ {
|
||||
+ fail_aaaa = do_fail_aaaa;
|
||||
+
|
||||
+ rcode = 2; /* SERVFAIL. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 4; /* NOTIMP. */
|
||||
+ check_one ();
|
||||
+
|
||||
+ rcode = 5; /* REFUSED. */
|
||||
+ check_one ();
|
||||
+ }
|
||||
|
||||
- rcode = 2; /* SERVFAIL. */
|
||||
- check_one ();
|
||||
-
|
||||
- rcode = 4; /* NOTIMP. */
|
||||
- check_one ();
|
||||
-
|
||||
- rcode = 5; /* REFUSED. */
|
||||
- check_one ();
|
||||
- }
|
||||
-
|
||||
- resolv_test_end (aux);
|
||||
- }
|
||||
+ resolv_test_end (aux);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
28
SOURCES/glibc-RHEL-18039-6.patch
Normal file
28
SOURCES/glibc-RHEL-18039-6.patch
Normal file
@ -0,0 +1,28 @@
|
||||
commit ec119972cb2598c04ec7d4219e20506006836f64
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Thu Aug 1 10:46:10 2024 +0200
|
||||
|
||||
resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
|
||||
|
||||
Previous GCC versions do not support the C23 change that
|
||||
allows labels on declarations.
|
||||
|
||||
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
|
||||
diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c
|
||||
index be354ae1c7..9b06b0c176 100644
|
||||
--- a/resolv/tst-resolv-short-response.c
|
||||
+++ b/resolv/tst-resolv-short-response.c
|
||||
@@ -33,8 +33,10 @@ response (const struct resolv_response_context *ctx,
|
||||
{
|
||||
case 0:
|
||||
/* First server times out. */
|
||||
- struct resolv_response_flags flags = {.rcode = rcode};
|
||||
- resolv_response_init (b, flags);
|
||||
+ {
|
||||
+ struct resolv_response_flags flags = {.rcode = rcode};
|
||||
+ resolv_response_init (b, flags);
|
||||
+ }
|
||||
break;
|
||||
case 1:
|
||||
/* Second server sends reply. */
|
25
SOURCES/glibc-RHEL-93937-1.patch
Normal file
25
SOURCES/glibc-RHEL-93937-1.patch
Normal file
@ -0,0 +1,25 @@
|
||||
commit 81a1fa6cbfef5ca33e7eeb11f8f9a528f4dc0117
|
||||
Author: Arjun Shankar <arjun@redhat.com>
|
||||
Date: Tue Nov 5 16:41:25 2019 +0100
|
||||
|
||||
Fix run-one-test so that it runs elf tests
|
||||
|
||||
The `test' make target passes a trailing slash in the subdir argument. This
|
||||
does not play well with elf/rtld-Rules which looks for `elf' without any
|
||||
trailing slash, and therefore doesn't find a match when running an elf test
|
||||
individually. This commit removes the trailing slash from the invocation.
|
||||
|
||||
Reviewed-by: DJ Delorie <dj@redhat.com>
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 6518f62ee0676b0d..40066189f3f49441 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -518,6 +518,6 @@ iconvdata/% localedata/% po/%: FORCE
|
||||
.PHONY: test
|
||||
test :
|
||||
@-rm -f $(objpfx)$t.out
|
||||
- $(MAKE) subdir=$(dir $t) -C $(dir $t) ..=../ $(objpfx)$t.out
|
||||
+ $(MAKE) subdir=$(patsubst %/,%,$(dir $t)) -C $(dir $t) ..=../ $(objpfx)$t.out
|
||||
@cat $(objpfx)$t.test-result
|
||||
@cat $(objpfx)$t.out
|
100
SOURCES/glibc-RHEL-93937-2.patch
Normal file
100
SOURCES/glibc-RHEL-93937-2.patch
Normal file
@ -0,0 +1,100 @@
|
||||
commit 2fca4b624bd3ceb8c756b4145c7e96aa032b2b98
|
||||
Author: Florian Weimer <fweimer@redhat.com>
|
||||
Date: Wed Jun 4 17:44:19 2025 +0200
|
||||
|
||||
Makefile: Avoid $(objpfx)/ in makefiles
|
||||
|
||||
If paths with both $(objpfx)/ and $(objpfx) (which already includes
|
||||
a trailing slash) appear during the build, this can trigger unexpected
|
||||
rebuilds, or incorrect concurrent rebuilds.
|
||||
|
||||
Conflicts:
|
||||
elf/Makefile: Test differences.
|
||||
nss/Makefile: Test differences.
|
||||
|
||||
diff --git a/elf/Makefile b/elf/Makefile
|
||||
index 38976f195a398abf..d09f5482c089f18c 100644
|
||||
--- a/elf/Makefile
|
||||
+++ b/elf/Makefile
|
||||
@@ -1055,8 +1055,8 @@ $(objpfx)$(1).generated-makefile: $(1)
|
||||
endef
|
||||
endif
|
||||
|
||||
-postclean-generated += $(objpfx)/dso-sort-tests-2.generated-makefile \
|
||||
- $(objpfx)/dso-sort-tests-2.generated-makefile
|
||||
+postclean-generated += $(objpfx)dso-sort-tests-2.generated-makefile \
|
||||
+ $(objpfx)dso-sort-tests-2.generated-makefile
|
||||
|
||||
# Generate from each testcase description file
|
||||
ifeq (yes,$(have-tunables))
|
||||
@@ -2674,7 +2674,7 @@ $(objpfx)tst-tls21: $(libdl) $(shared-thread-library)
|
||||
$(objpfx)tst-tls21.out: $(objpfx)tst-tls21mod.so
|
||||
$(objpfx)tst-tls21mod.so: $(tst-tls-many-dynamic-modules:%=$(objpfx)%.so)
|
||||
|
||||
-$(objpfx)tst-rtld-run-static.out: $(objpfx)/ldconfig
|
||||
+$(objpfx)tst-rtld-run-static.out: $(objpfx)ldconfig
|
||||
|
||||
$(objpfx)tst-dlmopen-gethostbyname: $(libdl)
|
||||
$(objpfx)tst-dlmopen-gethostbyname.out: $(objpfx)tst-dlmopen-gethostbyname-mod.so
|
||||
diff --git a/nss/Makefile b/nss/Makefile
|
||||
index 4ee8b1eefd792062..05fcadf60fd0d771 100644
|
||||
--- a/nss/Makefile
|
||||
+++ b/nss/Makefile
|
||||
@@ -172,36 +172,36 @@ libof-nss_test1 = extramodules
|
||||
libof-nss_test2 = extramodules
|
||||
libof-nss_test_errno = extramodules
|
||||
libof-nss_test_gai_hv2_canonname = extramodules
|
||||
-$(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
|
||||
+$(objpfx)libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
-$(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
|
||||
+$(objpfx)libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
-$(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
|
||||
+$(objpfx)libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps)
|
||||
$(build-module)
|
||||
-$(objpfx)/libnss_test_gai_hv2_canonname.so: \
|
||||
+$(objpfx)libnss_test_gai_hv2_canonname.so: \
|
||||
$(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) \
|
||||
- $(objpfx)/libnss_files.so
|
||||
+ $(objpfx)libnss_files.so
|
||||
$(build-module)
|
||||
$(objpfx)nss_test2.os : nss_test1.c
|
||||
ifdef libnss_test1.so-version
|
||||
-$(objpfx)/libnss_test1.so$(libnss_test1.so-version): $(objpfx)/libnss_test1.so
|
||||
+$(objpfx)libnss_test1.so$(libnss_test1.so-version): $(objpfx)libnss_test1.so
|
||||
$(make-link)
|
||||
endif
|
||||
ifdef libnss_test2.so-version
|
||||
-$(objpfx)/libnss_test2.so$(libnss_test2.so-version): $(objpfx)/libnss_test2.so
|
||||
+$(objpfx)libnss_test2.so$(libnss_test2.so-version): $(objpfx)libnss_test2.so
|
||||
$(make-link)
|
||||
endif
|
||||
-$(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \
|
||||
- $(objpfx)/libnss_test_errno.so
|
||||
+$(objpfx)libnss_test_errno.so$(libnss_files.so-version): \
|
||||
+ $(objpfx)libnss_test_errno.so
|
||||
$(make-link)
|
||||
-$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
|
||||
- $(objpfx)/libnss_test_gai_hv2_canonname.so
|
||||
+$(objpfx)libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \
|
||||
+ $(objpfx)libnss_test_gai_hv2_canonname.so
|
||||
$(make-link)
|
||||
$(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \
|
||||
- $(objpfx)/libnss_test1.so$(libnss_test1.so-version) \
|
||||
- $(objpfx)/libnss_test2.so$(libnss_test2.so-version) \
|
||||
- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \
|
||||
- $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
|
||||
+ $(objpfx)libnss_test1.so$(libnss_test1.so-version) \
|
||||
+ $(objpfx)libnss_test2.so$(libnss_test2.so-version) \
|
||||
+ $(objpfx)libnss_test_errno.so$(libnss_files.so-version) \
|
||||
+ $(objpfx)libnss_test_gai_hv2_canonname.so$(libnss_files.so-version)
|
||||
|
||||
ifeq (yes,$(have-thread-library))
|
||||
$(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library)
|
||||
@@ -211,4 +211,4 @@ $(objpfx)tst-nss-files-hosts-erange: $(libdl)
|
||||
$(objpfx)tst-nss-files-hosts-multi: $(libdl)
|
||||
$(objpfx)tst-nss-files-hosts-getent: $(libdl)
|
||||
$(objpfx)tst-nss-files-alias-leak: $(libdl)
|
||||
-$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
|
||||
+$(objpfx)tst-nss-files-alias-leak.out: $(objpfx)libnss_files.so
|
@ -115,7 +115,7 @@ end \
|
||||
Summary: The GNU libc libraries
|
||||
Name: glibc
|
||||
Version: %{glibcversion}
|
||||
Release: %{glibcrelease}.22
|
||||
Release: %{glibcrelease}.25
|
||||
|
||||
# In general, GPLv2+ is used by programs, LGPLv2+ is used for
|
||||
# libraries.
|
||||
@ -1277,6 +1277,15 @@ Patch1042: glibc-RHEL-92685-6.patch
|
||||
Patch1043: glibc-RHEL-92685-7.patch
|
||||
Patch1044: glibc-RHEL-92685-8.patch
|
||||
Patch1045: glibc-RHEL-92685-9.patch
|
||||
Patch1046: glibc-RHEL-93937-1.patch
|
||||
Patch1047: glibc-RHEL-93937-2.patch
|
||||
Patch1048: glibc-RHEL-18039-1.patch
|
||||
Patch1049: glibc-RHEL-18039-2.patch
|
||||
Patch1050: glibc-RHEL-18039-3.patch
|
||||
Patch1051: glibc-RHEL-18039-4.patch
|
||||
Patch1052: glibc-RHEL-18039-5.patch
|
||||
Patch1053: glibc-RHEL-18039-6.patch
|
||||
Patch1054: glibc-RHEL-105326.patch
|
||||
|
||||
##############################################################################
|
||||
# Continued list of core "glibc" package information:
|
||||
@ -2938,6 +2947,18 @@ fi
|
||||
%{_libdir}/libpthread_nonshared.a
|
||||
|
||||
%changelog
|
||||
* Thu Jul 24 2025 Florian Weimer <fweimer@redhat.com> - 2.28-251.25
|
||||
- CVE-2025-8058: Double free in regcomp (RHEL-105326)
|
||||
|
||||
* Thu Jun 05 2025 Patsy Griffin <patsy@redhat.com> - 2.28-251.24
|
||||
- Keep reloading /etc/resolv.conf after timeouts with getaddrinfo
|
||||
and AF_UNSPEC.
|
||||
- Avoid timeouts with getaddrinfo, AF_UNSPEC, and certain DNS error
|
||||
responses. (RHEL-18039)
|
||||
|
||||
* Thu Jun 05 2025 Arjun Shankar <arjun@redhat.com> - 2.28-251.23
|
||||
- Reduce spurious rebuilds while running tests (RHEL-93937)
|
||||
|
||||
* Mon May 26 2025 Florian Weimer <fweimer@redhat.com> - 2.28-251.22
|
||||
- CVE-2025-4802: static setuid dlopen may search LD_LIBRARY_PATH (RHEL-92685)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user