Import Import glibc-2.34-52.fc35 from f35

* Wed Nov 30 2022 Florian Weimer <fweimer@redhat.com> - 2.34-52
- Add noarch sysroot subpackages (#2149644)

* Tue Nov 29 2022 Florian Weimer <fweimer@redhat.com> - 2.34-51
- Prepare for integration of GCC 8 compatible _Static_assert (#2149102)

* Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.34-50
- Sync with upstream branch release/2.34/master,
  commit 405b8ae13540e9fd614df614e3361ebf9abd14cf:
- elf: Fix wrong fscanf usage on tst-pldd
- Allow for unpriviledged nested containers
- elf: Fix wrong fscanf usage on tst-pldd
- x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]
- elf: Fix rtld-audit trampoline for aarch64

Resolves: #2149102
Resolves: #2149644
This commit is contained in:
Florian Weimer 2022-12-05 18:01:18 +01:00
parent 1708d98eba
commit fb3d49c3bf
8 changed files with 733 additions and 9 deletions

19
glibc-rh2149102.patch Normal file
View File

@ -0,0 +1,19 @@
commit b8c6166b1b75036ab3e4127a1c0aacf52ca93651
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Sep 6 19:43:37 2021 +0200
locale: Add missing second argument to _Static_assert in C-collate-seq.c
diff --git a/locale/C-collate-seq.c b/locale/C-collate-seq.c
index 4fb82cb8357936b6..40b17f4f90313144 100644
--- a/locale/C-collate-seq.c
+++ b/locale/C-collate-seq.c
@@ -55,7 +55,7 @@ static const char collseqmb[] =
/* This table must be 256 bytes in size. We index bytes into the
table to find the collation sequence. */
-_Static_assert (sizeof (collseqmb) == 256);
+_Static_assert (sizeof (collseqmb) == 256, "sizeof (collseqmb)");
static const uint32_t collseqwc[] =
{

View File

@ -0,0 +1,46 @@
commit 691f70b84a1284f35c8cf9fbf3ef3b1cec41c234
Author: Vladislav Khmelevsky <och95@yandex.ru>
Date: Thu Nov 17 12:47:29 2022 +0400
elf: Fix rtld-audit trampoline for aarch64
This patch fixes two problems with audit:
1. The DL_OFFSET_RV_VPCS offset was mixed up with DL_OFFSET_RG_VPCS,
resulting in x2 register value nulling in RG structure.
2. We need to preserve the x8 register before function call, but
don't have to save it's new value and restore it before return.
Anyway the final restore was using OFFSET_RV instead of OFFSET_RG value
which is wrong (althoug doesn't affect anything).
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit eb4181e9f4a512de37dad4ba623c921671584dea)
diff --git a/sysdeps/aarch64/dl-trampoline.S b/sysdeps/aarch64/dl-trampoline.S
index 457570e7df5148c0..b84c53d1a544c1b1 100644
--- a/sysdeps/aarch64/dl-trampoline.S
+++ b/sysdeps/aarch64/dl-trampoline.S
@@ -298,12 +298,11 @@ _dl_runtime_profile:
stp x2, x3, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*1]
stp x4, x5, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*2]
stp x6, x7, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*3]
- str x8, [x29, #OFFSET_RG + DL_OFFSET_RG_X0 + 16*4]
stp q0, q1, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*0]
stp q2, q3, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*1]
stp q4, q5, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*2]
stp q6, q7, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*3]
- str xzr, [X29, #OFFSET_RV + DL_OFFSET_RG_VPCS]
+ str xzr, [X29, #OFFSET_RV + DL_OFFSET_RV_VPCS]
/* Setup call to pltexit */
ldp x0, x1, [x29, #OFFSET_SAVED_CALL_X0]
@@ -315,7 +314,6 @@ _dl_runtime_profile:
ldp x2, x3, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*1]
ldp x4, x5, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*2]
ldp x6, x7, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*3]
- ldr x8, [x29, #OFFSET_RV + DL_OFFSET_RV_X0 + 16*4]
ldp q0, q1, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*0]
ldp q2, q3, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*1]
ldp q4, q5, [x29, #OFFSET_RV + DL_OFFSET_RV_V0 + 32*2]

View File

@ -0,0 +1,128 @@
commit e3255e7d2188d1731aad83ad0dc147513560aa1e
Author: Noah Goldstein <goldstein.w.n@gmail.com>
Date: Tue Sep 20 17:58:04 2022 -0700
x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]
Previous implementation was adjusting length (rsi) to match
bytes (eax), but since there is no bound to length this can cause
overflow.
Fix is to just convert the byte-count (eax) to length by dividing by
sizeof (wchar_t) before the comparison.
Full check passes on x86-64 and build succeeds w/ and w/o multiarch.
(cherry picked from commit b0969fa53a28b4ab2159806bf6c99a98999502ee)
diff --git a/string/test-strnlen.c b/string/test-strnlen.c
index bb5d9b5f04fa6586..eac84cd17526d5d9 100644
--- a/string/test-strnlen.c
+++ b/string/test-strnlen.c
@@ -75,7 +75,7 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char)
{
size_t i;
- align &= 63;
+ align &= (getpagesize () / sizeof (CHAR) - 1);
if ((align + len) * sizeof (CHAR) >= page_size)
return;
@@ -92,36 +92,50 @@ do_test (size_t align, size_t len, size_t maxlen, int max_char)
static void
do_overflow_tests (void)
{
- size_t i, j, len;
+ size_t i, j, al_idx, repeats, len;
const size_t one = 1;
uintptr_t buf_addr = (uintptr_t) buf1;
+ const size_t alignments[] = { 0, 1, 7, 9, 31, 33, 63, 65, 95, 97, 127, 129 };
- for (i = 0; i < 750; ++i)
+ for (al_idx = 0; al_idx < sizeof (alignments) / sizeof (alignments[0]);
+ al_idx++)
{
- do_test (0, i, SIZE_MAX - i, BIG_CHAR);
- do_test (0, i, i - buf_addr, BIG_CHAR);
- do_test (0, i, -buf_addr - i, BIG_CHAR);
- do_test (0, i, SIZE_MAX - buf_addr - i, BIG_CHAR);
- do_test (0, i, SIZE_MAX - buf_addr + i, BIG_CHAR);
-
- len = 0;
- for (j = 8 * sizeof(size_t) - 1; j ; --j)
- {
- len |= one << j;
- do_test (0, i, len - i, BIG_CHAR);
- do_test (0, i, len + i, BIG_CHAR);
- do_test (0, i, len - buf_addr - i, BIG_CHAR);
- do_test (0, i, len - buf_addr + i, BIG_CHAR);
-
- do_test (0, i, ~len - i, BIG_CHAR);
- do_test (0, i, ~len + i, BIG_CHAR);
- do_test (0, i, ~len - buf_addr - i, BIG_CHAR);
- do_test (0, i, ~len - buf_addr + i, BIG_CHAR);
-
- do_test (0, i, -buf_addr, BIG_CHAR);
- do_test (0, i, j - buf_addr, BIG_CHAR);
- do_test (0, i, -buf_addr - j, BIG_CHAR);
- }
+ for (repeats = 0; repeats < 2; ++repeats)
+ {
+ size_t align = repeats ? (getpagesize () - alignments[al_idx])
+ : alignments[al_idx];
+ align /= sizeof (CHAR);
+ for (i = 0; i < 750; ++i)
+ {
+ do_test (align, i, SIZE_MAX, BIG_CHAR);
+
+ do_test (align, i, SIZE_MAX - i, BIG_CHAR);
+ do_test (align, i, i - buf_addr, BIG_CHAR);
+ do_test (align, i, -buf_addr - i, BIG_CHAR);
+ do_test (align, i, SIZE_MAX - buf_addr - i, BIG_CHAR);
+ do_test (align, i, SIZE_MAX - buf_addr + i, BIG_CHAR);
+
+ len = 0;
+ for (j = 8 * sizeof (size_t) - 1; j; --j)
+ {
+ len |= one << j;
+ do_test (align, i, len, BIG_CHAR);
+ do_test (align, i, len - i, BIG_CHAR);
+ do_test (align, i, len + i, BIG_CHAR);
+ do_test (align, i, len - buf_addr - i, BIG_CHAR);
+ do_test (align, i, len - buf_addr + i, BIG_CHAR);
+
+ do_test (align, i, ~len - i, BIG_CHAR);
+ do_test (align, i, ~len + i, BIG_CHAR);
+ do_test (align, i, ~len - buf_addr - i, BIG_CHAR);
+ do_test (align, i, ~len - buf_addr + i, BIG_CHAR);
+
+ do_test (align, i, -buf_addr, BIG_CHAR);
+ do_test (align, i, j - buf_addr, BIG_CHAR);
+ do_test (align, i, -buf_addr - j, BIG_CHAR);
+ }
+ }
+ }
}
}
diff --git a/sysdeps/x86_64/multiarch/strlen-avx2.S b/sysdeps/x86_64/multiarch/strlen-avx2.S
index b282a75613bf52ab..4d7d68396bcd4049 100644
--- a/sysdeps/x86_64/multiarch/strlen-avx2.S
+++ b/sysdeps/x86_64/multiarch/strlen-avx2.S
@@ -542,14 +542,11 @@ L(return_vzeroupper):
L(cross_page_less_vec):
tzcntl %eax, %eax
# ifdef USE_AS_WCSLEN
- /* NB: Multiply length by 4 to get byte count. */
- sall $2, %esi
+ /* NB: Divide by 4 to convert from byte-count to length. */
+ shrl $2, %eax
# endif
cmpq %rax, %rsi
cmovb %esi, %eax
-# ifdef USE_AS_WCSLEN
- shrl $2, %eax
-# endif
VZEROUPPER_RETURN
# endif

View File

@ -0,0 +1,26 @@
commit 309c4708aca762f57263a66e5bea926fdbfd82eb
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Fri Mar 25 11:16:49 2022 -0300
elf: Fix wrong fscanf usage on tst-pldd
To take in consideration the extra '\0'.
Checked on x86_64-linux-gnu.
(cherry picked from commit b2cd93fce666fdc8c9a5c64af2741a8a6940ac99)
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index 210ca4d24b8338ab..72b7a99b369a105d 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -113,7 +113,8 @@ do_test (void)
TEST_VERIFY (out != NULL);
/* First line is in the form of <pid>: <full path of executable> */
- TEST_COMPARE (fscanf (out, "%u: " STRINPUT (512), &pid, buffer), 2);
+ TEST_COMPARE (fscanf (out, "%u: " STRINPUT (sizeof (buffer) - 1), &pid,
+ buffer), 2);
TEST_COMPARE (pid, *target_pid_ptr);
TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

View File

@ -0,0 +1,362 @@
commit 42b9d7def8fd7d26f1926cbc801923aa2c8a386a
Author: DJ Delorie <dj@redhat.com>
Date: Mon Mar 28 23:53:33 2022 -0400
Allow for unpriviledged nested containers
If the build itself is run in a container, we may not be able to
fully set up a nested container for test-container testing.
Notably is the mounting of /proc, since it's critical that it
be mounted from within the same PID namespace as its users, and
thus cannot be bind mounted from outside the container like other
mounts.
This patch defaults to using the parent's PID namespace instead of
creating a new one, as this is more likely to be allowed.
If the test needs an isolated PID namespace, it should add the "pidns"
command to its init script.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 2fe64148a81f0d78050c302f34a6853d21f7cae4)
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index 72b7a99b369a105d..6e4174cbf95b15c0 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -85,6 +85,8 @@ in_str_list (const char *libname, const char *const strlist[])
static int
do_test (void)
{
+ support_need_proc ("needs /proc/sys/kernel/yama/ptrace_scope and /proc/$child");
+
/* Check if our subprocess can be debugged with ptrace. */
{
int ptrace_scope = support_ptrace_scope ();
diff --git a/nptl/tst-pthread-getattr.c b/nptl/tst-pthread-getattr.c
index 5f60cf9722b77a1a..6128402b2673c010 100644
--- a/nptl/tst-pthread-getattr.c
+++ b/nptl/tst-pthread-getattr.c
@@ -28,6 +28,8 @@
#include <unistd.h>
#include <inttypes.h>
+#include <support/support.h>
+
/* There is an obscure bug in the kernel due to which RLIMIT_STACK is sometimes
returned as unlimited when it is not, which may cause this test to fail.
There is also the other case where RLIMIT_STACK is intentionally set as
@@ -153,6 +155,8 @@ check_stack_top (void)
static int
do_test (void)
{
+ support_need_proc ("Reads /proc/self/maps to get stack size.");
+
pagesize = sysconf (_SC_PAGESIZE);
return check_stack_top ();
}
diff --git a/nss/tst-reload2.c b/nss/tst-reload2.c
index 5ecb032e9fcd6868..a494145dd679099d 100644
--- a/nss/tst-reload2.c
+++ b/nss/tst-reload2.c
@@ -95,6 +95,8 @@ do_test (void)
char buf1[PATH_MAX];
char buf2[PATH_MAX];
+ support_need_proc ("Our xmkdirp fails if we can't map our uid, which requires /proc.");
+
sprintf (buf1, "/subdir%s", support_slibdir_prefix);
xmkdirp (buf1, 0777);
diff --git a/support/Makefile b/support/Makefile
index 6a5fc9faf2ca2e2d..0aa9d41c5a890087 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -63,6 +63,7 @@ libsupport-routines = \
support_format_hostent \
support_format_netent \
support_isolate_in_subprocess \
+ support_need_proc \
support_path_support_time64 \
support_process_state \
support_ptrace \
diff --git a/support/support.h b/support/support.h
index ecfc9a336d272a30..b69f588e2edce6be 100644
--- a/support/support.h
+++ b/support/support.h
@@ -90,6 +90,11 @@ char *support_quote_string (const char *);
regular file open for writing, and initially empty. */
int support_descriptor_supports_holes (int fd);
+/* Predicates that a test requires a working /proc filesystem. This
+ call will exit with UNSUPPORTED if /proc is not available, printing
+ WHY_MSG as part of the diagnostic. */
+void support_need_proc (const char *why_msg);
+
/* Error-checking wrapper functions which terminate the process on
error. */
diff --git a/support/support_need_proc.c b/support/support_need_proc.c
new file mode 100644
index 0000000000000000..9b4eab7539b2d6c3
--- /dev/null
+++ b/support/support_need_proc.c
@@ -0,0 +1,35 @@
+/* Indicate that a test requires a working /proc.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <unistd.h>
+#include <support/check.h>
+#include <support/support.h>
+
+/* We test for /proc/self/maps since that's one of the files that one
+ of our tests actually uses, but the general idea is if Linux's
+ /proc/ (procfs) filesystem is mounted. If not, the process exits
+ with an UNSUPPORTED result code. */
+
+void
+support_need_proc (const char *why_msg)
+{
+#ifdef __linux__
+ if (access ("/proc/self/maps", R_OK))
+ FAIL_UNSUPPORTED ("/proc is not available, %s", why_msg);
+#endif
+}
diff --git a/support/test-container.c b/support/test-container.c
index 94498d39019a4776..7310335f7566b41e 100644
--- a/support/test-container.c
+++ b/support/test-container.c
@@ -97,6 +97,7 @@ int verbose = 0;
* mytest.root/mytest.script has a list of "commands" to run:
syntax:
# comment
+ pidns <comment>
su
mv FILE FILE
cp FILE FILE
@@ -122,6 +123,8 @@ int verbose = 0;
details:
- '#': A comment.
+ - 'pidns': Require a separate PID namespace, prints comment if it can't
+ (default is a shared pid namespace)
- 'su': Enables running test as root in the container.
- 'mv': A minimal move files command.
- 'cp': A minimal copy files command.
@@ -148,7 +151,7 @@ int verbose = 0;
* Simple, easy to review code (i.e. prefer simple naive code over
complex efficient code)
- * The current implementation ist parallel-make-safe, but only in
+ * The current implementation is parallel-make-safe, but only in
that it uses a lock to prevent parallel access to the testroot. */
@@ -227,11 +230,37 @@ concat (const char *str, ...)
return bufs[n];
}
+/* Like the above, but put spaces between words. Caller frees. */
+static char *
+concat_words (char **words, int num_words)
+{
+ int len = 0;
+ int i;
+ char *rv, *p;
+
+ for (i = 0; i < num_words; i ++)
+ {
+ len += strlen (words[i]);
+ len ++;
+ }
+
+ p = rv = (char *) xmalloc (len);
+
+ for (i = 0; i < num_words; i ++)
+ {
+ if (i > 0)
+ p = stpcpy (p, " ");
+ p = stpcpy (p, words[i]);
+ }
+
+ return rv;
+}
+
/* Try to mount SRC onto DEST. */
static void
trymount (const char *src, const char *dest)
{
- if (mount (src, dest, "", MS_BIND, NULL) < 0)
+ if (mount (src, dest, "", MS_BIND | MS_REC, NULL) < 0)
FAIL_EXIT1 ("can't mount %s onto %s\n", src, dest);
}
@@ -726,6 +755,9 @@ main (int argc, char **argv)
gid_t original_gid;
/* If set, the test runs as root instead of the user running the testsuite. */
int be_su = 0;
+ int require_pidns = 0;
+ const char *pidns_comment = NULL;
+ int do_proc_mounts = 0;
int UMAP;
int GMAP;
/* Used for "%lld %lld 1" so need not be large. */
@@ -1011,6 +1043,12 @@ main (int argc, char **argv)
{
be_su = 1;
}
+ else if (nt >= 1 && strcmp (the_words[0], "pidns") == 0)
+ {
+ require_pidns = 1;
+ if (nt > 1)
+ pidns_comment = concat_words (the_words + 1, nt - 1);
+ }
else if (nt == 3 && strcmp (the_words[0], "mkdirp") == 0)
{
long int m;
@@ -1068,7 +1106,8 @@ main (int argc, char **argv)
#ifdef CLONE_NEWNS
/* The unshare here gives us our own spaces and capabilities. */
- if (unshare (CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNS) < 0)
+ if (unshare (CLONE_NEWUSER | CLONE_NEWNS
+ | (require_pidns ? CLONE_NEWPID : 0)) < 0)
{
/* Older kernels may not support all the options, or security
policy may block this call. */
@@ -1079,6 +1118,11 @@ main (int argc, char **argv)
check_for_unshare_hints ();
FAIL_UNSUPPORTED ("unable to unshare user/fs: %s", strerror (saved_errno));
}
+ /* We're about to exit anyway, it's "safe" to call unshare again
+ just to see if the CLONE_NEWPID caused the error. */
+ else if (require_pidns && unshare (CLONE_NEWUSER | CLONE_NEWNS) >= 0)
+ FAIL_EXIT1 ("unable to unshare pid ns: %s : %s", strerror (errno),
+ pidns_comment ? pidns_comment : "required by test");
else
FAIL_EXIT1 ("unable to unshare user/fs: %s", strerror (errno));
}
@@ -1094,6 +1138,15 @@ main (int argc, char **argv)
trymount (support_srcdir_root, new_srcdir_path);
trymount (support_objdir_root, new_objdir_path);
+ /* It may not be possible to mount /proc directly. */
+ if (! require_pidns)
+ {
+ char *new_proc = concat (new_root_path, "/proc", NULL);
+ xmkdirp (new_proc, 0755);
+ trymount ("/proc", new_proc);
+ do_proc_mounts = 1;
+ }
+
xmkdirp (concat (new_root_path, "/dev", NULL), 0755);
devmount (new_root_path, "null");
devmount (new_root_path, "zero");
@@ -1163,42 +1216,60 @@ main (int argc, char **argv)
maybe_xmkdir ("/tmp", 0755);
- /* Now that we're pid 1 (effectively "root") we can mount /proc */
- maybe_xmkdir ("/proc", 0777);
- if (mount ("proc", "/proc", "proc", 0, NULL) < 0)
- FAIL_EXIT1 ("Unable to mount /proc: ");
-
- /* We map our original UID to the same UID in the container so we
- can own our own files normally. */
- UMAP = open ("/proc/self/uid_map", O_WRONLY);
- if (UMAP < 0)
- FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
-
- sprintf (tmp, "%lld %lld 1\n",
- (long long) (be_su ? 0 : original_uid), (long long) original_uid);
- write (UMAP, tmp, strlen (tmp));
- xclose (UMAP);
-
- /* We must disable setgroups () before we can map our groups, else we
- get EPERM. */
- GMAP = open ("/proc/self/setgroups", O_WRONLY);
- if (GMAP >= 0)
+ if (require_pidns)
{
- /* We support kernels old enough to not have this. */
- write (GMAP, "deny\n", 5);
- xclose (GMAP);
+ /* Now that we're pid 1 (effectively "root") we can mount /proc */
+ maybe_xmkdir ("/proc", 0777);
+ if (mount ("proc", "/proc", "proc", 0, NULL) != 0)
+ {
+ /* This happens if we're trying to create a nested container,
+ like if the build is running under podman, and we lack
+ priviledges.
+
+ Ideally we would WARN here, but that would just add noise to
+ *every* test-container test, and the ones that care should
+ have their own relevent diagnostics.
+
+ FAIL_EXIT1 ("Unable to mount /proc: "); */
+ }
+ else
+ do_proc_mounts = 1;
}
- /* We map our original GID to the same GID in the container so we
- can own our own files normally. */
- GMAP = open ("/proc/self/gid_map", O_WRONLY);
- if (GMAP < 0)
- FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
+ if (do_proc_mounts)
+ {
+ /* We map our original UID to the same UID in the container so we
+ can own our own files normally. */
+ UMAP = open ("/proc/self/uid_map", O_WRONLY);
+ if (UMAP < 0)
+ FAIL_EXIT1 ("can't write to /proc/self/uid_map\n");
+
+ sprintf (tmp, "%lld %lld 1\n",
+ (long long) (be_su ? 0 : original_uid), (long long) original_uid);
+ write (UMAP, tmp, strlen (tmp));
+ xclose (UMAP);
+
+ /* We must disable setgroups () before we can map our groups, else we
+ get EPERM. */
+ GMAP = open ("/proc/self/setgroups", O_WRONLY);
+ if (GMAP >= 0)
+ {
+ /* We support kernels old enough to not have this. */
+ write (GMAP, "deny\n", 5);
+ xclose (GMAP);
+ }
- sprintf (tmp, "%lld %lld 1\n",
- (long long) (be_su ? 0 : original_gid), (long long) original_gid);
- write (GMAP, tmp, strlen (tmp));
- xclose (GMAP);
+ /* We map our original GID to the same GID in the container so we
+ can own our own files normally. */
+ GMAP = open ("/proc/self/gid_map", O_WRONLY);
+ if (GMAP < 0)
+ FAIL_EXIT1 ("can't write to /proc/self/gid_map\n");
+
+ sprintf (tmp, "%lld %lld 1\n",
+ (long long) (be_su ? 0 : original_gid), (long long) original_gid);
+ write (GMAP, tmp, strlen (tmp));
+ xclose (GMAP);
+ }
if (change_cwd)
{

View File

@ -0,0 +1,39 @@
commit 405b8ae13540e9fd614df614e3361ebf9abd14cf
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue Jul 5 12:58:40 2022 -0300
elf: Fix wrong fscanf usage on tst-pldd
The fix done b2cd93fce666fdc8c9a5c64af2741a8a6940ac99 does not really
work since macro strification does not expand the sizeof nor the
arithmetic operation.
Checked on x86_64-linux-gnu.
(cherry picked from commit c353689e49e72f3aafa1a9e68d4f7a4f33a79cbe)
diff --git a/elf/tst-pldd.c b/elf/tst-pldd.c
index 6e4174cbf95b15c0..d3ecb99149d619c6 100644
--- a/elf/tst-pldd.c
+++ b/elf/tst-pldd.c
@@ -108,15 +108,16 @@ do_test (void)
loader and libc. */
{
pid_t pid;
- char buffer[512];
-#define STRINPUT(size) "%" # size "s"
+#define BUFFERLEN 511
+ char buffer[BUFFERLEN + 1];
+#define STRINPUT(size) XSTRINPUT(size)
+#define XSTRINPUT(size) "%" # size "s"
FILE *out = fmemopen (pldd.out.buffer, pldd.out.length, "r");
TEST_VERIFY (out != NULL);
/* First line is in the form of <pid>: <full path of executable> */
- TEST_COMPARE (fscanf (out, "%u: " STRINPUT (sizeof (buffer) - 1), &pid,
- buffer), 2);
+ TEST_COMPARE (fscanf (out, "%u: " STRINPUT (BUFFERLEN), &pid, buffer), 2);
TEST_COMPARE (pid, *target_pid_ptr);
TEST_COMPARE (strcmp (basename (buffer), "tst-pldd"), 0);

View File

@ -148,7 +148,7 @@ end \
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: glibc Name: glibc
Version: %{glibcversion} Version: %{glibcversion}
Release: 49%{?dist} Release: 52%{?dist}
# In general, GPLv2+ is used by programs, LGPLv2+ is used for # In general, GPLv2+ is used by programs, LGPLv2+ is used for
# libraries. # libraries.
@ -203,6 +203,19 @@ rpm.define("__debug_install_post bash " .. wrapper
.. " " .. sysroot .. " " .. original) .. " " .. sysroot .. " " .. original)
} }
# sysroot package support. These contain arch-specific packages, so
# turn off the rpmbuild check.
%global _binaries_in_noarch_packages_terminate_build 0
# Variant of %%dist that contains just the distribution release, no affixes.
%{?fedora:%global sysroot_dist fc%{fedora}}
%{?rhel:%global sysroot_dist el%{rhel}}
%{?!sysroot_dist:%global sysroot_dist root}
# The name of the sysroot package.
%global sysroot_package_arch sysroot-%{_arch}-%{sysroot_dist}-%{name}
# Installed path for the sysroot tree. Must contain /sys-root/, which
# triggers filtering.
%global sysroot_prefix /usr/%{_arch}-redhat-linux/sys-root/%{sysroot_dist}
# The wrapper script relies on the fact that debugedit does not change # The wrapper script relies on the fact that debugedit does not change
# build IDs. # build IDs.
%define _no_recompute_build_ids 1 %define _no_recompute_build_ids 1
@ -649,6 +662,12 @@ Patch438: glibc-upstream-2.34-357.patch
Patch439: glibc-upstream-2.34-358.patch Patch439: glibc-upstream-2.34-358.patch
Patch440: glibc-upstream-2.34-359.patch Patch440: glibc-upstream-2.34-359.patch
# glibc-2.34-360-g75b0edb7ef only changes NEWS. # glibc-2.34-360-g75b0edb7ef only changes NEWS.
Patch441: glibc-upstream-2.34-361.patch
Patch442: glibc-upstream-2.34-362.patch
Patch443: glibc-upstream-2.34-363.patch
Patch444: glibc-upstream-2.34-364.patch
Patch445: glibc-upstream-2.34-365.patch
Patch446: glibc-rh2149102.patch
############################################################################## ##############################################################################
# Continued list of core "glibc" package information: # Continued list of core "glibc" package information:
@ -1450,6 +1469,21 @@ libpthread_nonshared.a which is no longer used. The static library
libpthread_nonshared.a is an internal implementation detail of the C libpthread_nonshared.a is an internal implementation detail of the C
runtime and should not be expected to exist. runtime and should not be expected to exist.
%if %{without bootstrap}
%package -n %sysroot_package_arch
Summary: Sysroot package for glibc, %{_arch} architecture
BuildArch: noarch
Provides: sysroot-%{_arch}-%{name}
# The files are not usable for execution, so do not provide nor
# require anything.
AutoReqProv: no
%description -n %sysroot_package_arch
This package contains development files for the glibc package
that can be installed across architectures.
%dnl %%{without bootstrap}
%endif
############################################################################## ##############################################################################
# Prepare for the build. # Prepare for the build.
############################################################################## ##############################################################################
@ -1955,6 +1989,53 @@ done
############################################################################## ##############################################################################
ar cr %{glibc_sysroot}%{_prefix}/%{_lib}/libpthread_nonshared.a ar cr %{glibc_sysroot}%{_prefix}/%{_lib}/libpthread_nonshared.a
###############################################################################
# Sysroot package creation.
###############################################################################
%if %{without bootstrap}
mkdir -p %{glibc_sysroot}/%{sysroot_prefix}
pushd %{glibc_sysroot}/%{sysroot_prefix}
mkdir -p usr/lib usr/lib64
cp -a %{glibc_sysroot}/%{_prefix}/include usr/.
for lib in lib lib64; do
for pfx in "" %{_prefix}/; do
if test -d %{glibc_sysroot}/$pfx$lib ; then
# Implement UsrMove: everything goes into usr/$lib. Only
# copy files directly in $lib.
find %{glibc_sysroot}/$pfx$lib -maxdepth 1 -type f \
| xargs -I '{}' cp '{}' usr/$lib/.
# Symbolic links need to be adjusted for UsrMove: They
# need to stay within the same directory.
for sl in `find %{glibc_sysroot}/$pfx$lib -maxdepth 1 -type l`; do
set +x
slbase=$(basename $sl)
sltarget=$(basename $(readlink $sl))
if ! test -r usr/$lib/$sltarget; then
echo "$sl: inferred $sltarget ($(readlink $sl)) missing"
exit 1
fi
set -x
ln -s $sltarget usr/$lib/$slbase
done
fi
done
done
# Remove the executable bit from files in the sysroot. This prevents
# debuginfo extraction.
find -type f | xargs chmod a-x
# Use sysroot-relative paths in linker script. Ignore symbolic links.
sed -e 's,\([^0-9a-zA-Z=*]/lib\),=/usr/lib,g' \
-e 's,\([^0-9a-zA-Z=*]\)/,\1=/,g' \
-i $(find -type f -name 'lib[cm].so')
popd
%dnl %%{without bootstrap}
%endif
############################################################################## ##############################################################################
# Beyond this point in the install process we no longer modify the set of # Beyond this point in the install process we no longer modify the set of
# installed files. # installed files.
@ -2043,13 +2124,14 @@ touch compat-libpthread-nonshared.filelist
# language specific sub-packages. # language specific sub-packages.
# libnss_ files go into subpackages related to NSS modules. # libnss_ files go into subpackages related to NSS modules.
# and .*/share/i18n/charmaps/.*), they go into the sub-package # and .*/share/i18n/charmaps/.*), they go into the sub-package
# "locale-source": # "locale-source". /sys-root/ files are put into the sysroot package.
sed -e '\,.*/share/locale/\([^/_]\+\).*/LC_MESSAGES/.*\.mo,d' \ sed -e '\,.*/share/locale/\([^/_]\+\).*/LC_MESSAGES/.*\.mo,d' \
-e '\,.*/share/i18n/locales/.*,d' \ -e '\,.*/share/i18n/locales/.*,d' \
-e '\,.*/share/i18n/charmaps/.*,d' \ -e '\,.*/share/i18n/charmaps/.*,d' \
-e '\,.*/etc/\(localtime\|nsswitch.conf\|ld\.so\.conf\|ld\.so\.cache\|default\|rpc\|gai\.conf\),d' \ -e '\,.*/etc/\(localtime\|nsswitch.conf\|ld\.so\.conf\|ld\.so\.cache\|default\|rpc\|gai\.conf\),d' \
-e '\,.*/%{_libdir}/lib\(pcprofile\|memusage\)\.so,d' \ -e '\,.*/%{_libdir}/lib\(pcprofile\|memusage\)\.so,d' \
-e '\,.*/bin/\(memusage\|mtrace\|xtrace\|pcprofiledump\),d' -e '\,.*/bin/\(memusage\|mtrace\|xtrace\|pcprofiledump\),d' \
-e '\,.*/sys-root,d'
} | sort > master.filelist } | sort > master.filelist
# The master file list is now used by each subpackage to list their own # The master file list is now used by each subpackage to list their own
@ -2384,8 +2466,9 @@ echo ====================PLT RELOCS END==================
# Obtain a way to run the dynamic loader. Avoid matching the symbolic # Obtain a way to run the dynamic loader. Avoid matching the symbolic
# link and then pick the first loader (although there should be only # link and then pick the first loader (although there should be only
# one). See wrap-find-debuginfo.sh. # one). Use -maxdepth 2 to avoid descending into the /sys-root/
ldso_path="$(find %{glibc_sysroot}/ -regextype posix-extended \ # sub-tree. See wrap-find-debuginfo.sh.
ldso_path="$(find %{glibc_sysroot}/ -maxdepth 2 -regextype posix-extended \
-regex '.*/ld(-.*|64|)\.so\.[0-9]+$' -type f | LC_ALL=C sort | head -n1)" -regex '.*/ld(-.*|64|)\.so\.[0-9]+$' -type f | LC_ALL=C sort | head -n1)"
run_ldso="$ldso_path --library-path %{glibc_sysroot}/%{_lib}" run_ldso="$ldso_path --library-path %{glibc_sysroot}/%{_lib}"
@ -2704,7 +2787,27 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%if %{without bootstrap}
%files -n sysroot-%{_arch}-%{sysroot_dist}-glibc
%{sysroot_prefix}
%endif
%changelog %changelog
* Wed Nov 30 2022 Florian Weimer <fweimer@redhat.com> - 2.34-52
- Add noarch sysroot subpackages (#2149644)
* Tue Nov 29 2022 Florian Weimer <fweimer@redhat.com> - 2.34-51
- Prepare for integration of GCC 8 compatible _Static_assert (#2149102)
* Fri Nov 25 2022 Arjun Shankar <arjun@redhat.com> - 2.34-50
- Sync with upstream branch release/2.34/master,
commit 405b8ae13540e9fd614df614e3361ebf9abd14cf:
- elf: Fix wrong fscanf usage on tst-pldd
- Allow for unpriviledged nested containers
- elf: Fix wrong fscanf usage on tst-pldd
- x86: Fix wcsnlen-avx2 page cross length comparison [BZ #29591]
- elf: Fix rtld-audit trampoline for aarch64
* Mon Nov 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-49 * Mon Nov 14 2022 Arjun Shankar <arjun@redhat.com> - 2.34-49
- Sync with upstream branch release/2.34/master, - Sync with upstream branch release/2.34/master,
commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4: commit: 75b0edb7ef338084e53925139ae81fb0dfc07dd4:

View File

@ -39,8 +39,8 @@ shift
# See ldso_path setting in glibc.spec. # See ldso_path setting in glibc.spec.
ldso_path= ldso_path=
for ldso_candidate in `find "$sysroot_path" -regextype posix-extended \ for ldso_candidate in `find "$sysroot_path" -maxdepth 2 \
-regex '.*/ld(-.*|64|)\.so\.[0-9]+$' -type f` ; do -regextype posix-extended -regex '.*/ld(-.*|64|)\.so\.[0-9]+$' -type f` ; do
if test -z "$ldso_path" ; then if test -z "$ldso_path" ; then
ldso_path="$ldso_candidate" ldso_path="$ldso_candidate"
else else
@ -51,7 +51,7 @@ done
# libc.so.6 always uses this name, so it is simpler to locate. # libc.so.6 always uses this name, so it is simpler to locate.
libc_path= libc_path=
for libc_candidate in `find "$sysroot_path" -name libc.so.6`; do for libc_candidate in `find "$sysroot_path" -maxdepth 2 -name libc.so.6`; do
if test -z "$libc_path" ; then if test -z "$libc_path" ; then
libc_path="$libc_candidate" libc_path="$libc_candidate"
else else
@ -86,7 +86,8 @@ objcopy --add-section .gnu_debuglink="$libc_tmp.debuglink" "$libc_path"
# ld.so does not have separated debuginfo and so the debuginfo file # ld.so does not have separated debuginfo and so the debuginfo file
# generated by find-debuginfo is redundant. Therefore, remove it. # generated by find-debuginfo is redundant. Therefore, remove it.
ldso_debug= ldso_debug=
for ldso_debug_candidate in `find "$sysroot_path" -regextype posix-extended \ for ldso_debug_candidate in `find "$sysroot_path" -maxdepth 2 \
-regextype posix-extended \
-regex '.*/ld(-.*|64|)\.so\.[0-9]+.*debug$' -type f` ; do -regex '.*/ld(-.*|64|)\.so\.[0-9]+.*debug$' -type f` ; do
if test -z "$ldso_debug" ; then if test -z "$ldso_debug" ; then
ldso_debug="$ldso_debug_candidate" ldso_debug="$ldso_debug_candidate"