From 16efc896b0ef30b04e91126c54b0f8ee28b00e75 Mon Sep 17 00:00:00 2001 From: Rex Dieter Date: Fri, 15 Jun 2012 13:54:19 -0500 Subject: [PATCH] 7.2b-2 - backport patches from gc-7_2-hotfix-2 branch in lieu of 7.2c release - gc 7.2 final abi broken when changing several symbols to hidden (#825473) - gc: malloc() and calloc() overflows (CVE-2012-2673, #828881) --- ...f-GC_clear-set_mark_bit-unhide-symbo.patch | 55 ++++++++++ ...f-GC_push_all-conditional-GC_push_ot.patch | 103 ++++++++++++++++++ 0003-Update-ChangeLog.patch | 39 +++++++ ...DLOpenedLinkMap-for-NetBSD-6-release.patch | 48 ++++++++ 0005-Update-ChangeLog.patch | 29 +++++ ...lloc-and-GC_get_maps-invocations-to-.patch | 93 ++++++++++++++++ 0007-Update-ChangeLog.patch | 33 ++++++ ...r_star-to-prevent-SEGV-in-case-of-ou.patch | 27 +++++ 0009-Update-ChangeLog.patch | 25 +++++ gc.spec | 28 ++++- 10 files changed, 479 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-visibility-of-GC_clear-set_mark_bit-unhide-symbo.patch create mode 100644 0002-Fix-visibility-of-GC_push_all-conditional-GC_push_ot.patch create mode 100644 0003-Update-ChangeLog.patch create mode 100644 0004-Fix-GC_FirstDLOpenedLinkMap-for-NetBSD-6-release.patch create mode 100644 0005-Update-ChangeLog.patch create mode 100644 0006-Fix-GC_scratch_alloc-and-GC_get_maps-invocations-to-.patch create mode 100644 0007-Update-ChangeLog.patch create mode 100644 0008-Fix-CORD_cat_char_star-to-prevent-SEGV-in-case-of-ou.patch create mode 100644 0009-Update-ChangeLog.patch diff --git a/0001-Fix-visibility-of-GC_clear-set_mark_bit-unhide-symbo.patch b/0001-Fix-visibility-of-GC_clear-set_mark_bit-unhide-symbo.patch new file mode 100644 index 0000000..387a921 --- /dev/null +++ b/0001-Fix-visibility-of-GC_clear-set_mark_bit-unhide-symbo.patch @@ -0,0 +1,55 @@ +From 5563e13d2b1b5c063bdabe720303d8068a07dcae Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Sat, 2 Jun 2012 11:13:19 +0400 +Subject: [PATCH 1/9] Fix visibility of GC_clear/set_mark_bit (unhide symbols) + +* include/private/gc_priv.h (GC_clear_mark_bit, GC_set_mark_bit): +Declare as GC_API_PRIV (instead of GC_INNER) to make the symbol +externally visible to 3rd-party software (e.g., ECL). +* mark.c (GC_set_mark_bit, GC_clear_mark_bit): Remove GC_INNER (to +match the declaration). +--- + include/private/gc_priv.h | 4 ++-- + mark.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h +index 8eefb70..5afa916 100644 +--- a/include/private/gc_priv.h ++++ b/include/private/gc_priv.h +@@ -1905,8 +1905,8 @@ GC_EXTERN GC_bool GC_print_back_height; + + /* Slow/general mark bit manipulation: */ + GC_API_PRIV GC_bool GC_is_marked(ptr_t p); +-GC_INNER void GC_clear_mark_bit(ptr_t p); +-GC_INNER void GC_set_mark_bit(ptr_t p); ++GC_API_PRIV void GC_clear_mark_bit(ptr_t p); ++GC_API_PRIV void GC_set_mark_bit(ptr_t p); + + /* Stubborn objects: */ + void GC_read_changed(void); /* Analogous to GC_read_dirty */ +diff --git a/mark.c b/mark.c +index 41a7af5..746f1bd 100644 +--- a/mark.c ++++ b/mark.c +@@ -187,7 +187,7 @@ static void clear_marks_for_block(struct hblk *h, word dummy) + } + + /* Slow but general routines for setting/clearing/asking about mark bits */ +-GC_INNER void GC_set_mark_bit(ptr_t p) ++void GC_set_mark_bit(ptr_t p) + { + struct hblk *h = HBLKPTR(p); + hdr * hhdr = HDR(h); +@@ -199,7 +199,7 @@ GC_INNER void GC_set_mark_bit(ptr_t p) + } + } + +-GC_INNER void GC_clear_mark_bit(ptr_t p) ++void GC_clear_mark_bit(ptr_t p) + { + struct hblk *h = HBLKPTR(p); + hdr * hhdr = HDR(h); +-- +1.7.10.2 + diff --git a/0002-Fix-visibility-of-GC_push_all-conditional-GC_push_ot.patch b/0002-Fix-visibility-of-GC_push_all-conditional-GC_push_ot.patch new file mode 100644 index 0000000..9dd9757 --- /dev/null +++ b/0002-Fix-visibility-of-GC_push_all-conditional-GC_push_ot.patch @@ -0,0 +1,103 @@ +From 4be945a80fe79d6357e2a5525aa6aea4d8a514c1 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Sat, 2 Jun 2012 12:33:03 +0400 +Subject: [PATCH 2/9] Fix visibility of GC_push_all/conditional, + GC_push_other_roots symbols + +* include/private/gc_priv.h (GC_push_all, GC_push_other_roots): +Declare as GC_API_PRIV (instead of GC_INNER) to make the symbol +externally visible to some well-known 3rd-party software (e.g., ECL). +* include/private/gc_priv.h (GC_push_conditional): Declare as +GC_API_PRIV (only if GC_DISABLE_INCREMENTAL is undefined). +* mark.c (GC_push_all, GC_push_conditional): Remove GC_INNER (to match +the declaration). +* os_dep.c (GC_push_other_roots): Likewise. +--- + include/private/gc_priv.h | 10 ++++++---- + mark.c | 4 ++-- + os_dep.c | 4 ++-- + 3 files changed, 10 insertions(+), 8 deletions(-) + +diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h +index 5afa916..9d728a9 100644 +--- a/include/private/gc_priv.h ++++ b/include/private/gc_priv.h +@@ -1428,11 +1428,11 @@ GC_INNER void GC_initiate_gc(void); + GC_INNER GC_bool GC_collection_in_progress(void); + /* Collection is in progress, or was abandoned. */ + +-GC_INNER void GC_push_all(ptr_t bottom, ptr_t top); ++GC_API_PRIV void GC_push_all(ptr_t bottom, ptr_t top); + /* Push everything in a range */ + /* onto mark stack. */ + #ifndef GC_DISABLE_INCREMENTAL +- GC_INNER void GC_push_conditional(ptr_t b, ptr_t t, GC_bool all); ++ GC_API_PRIV void GC_push_conditional(ptr_t b, ptr_t t, GC_bool all); + #else + # define GC_push_conditional(b, t, all) GC_push_all(b, t) + #endif +@@ -1456,13 +1456,15 @@ GC_INNER void GC_push_all_eager(ptr_t b, ptr_t t); + GC_INNER void GC_push_roots(GC_bool all, ptr_t cold_gc_frame); + /* Push all or dirty roots. */ + +-GC_EXTERN void (*GC_push_other_roots)(void); ++GC_API_PRIV void (*GC_push_other_roots)(void); + /* Push system or application specific roots */ + /* onto the mark stack. In some environments */ + /* (e.g. threads environments) this is */ + /* predefined to be non-zero. A client */ + /* supplied replacement should also call the */ +- /* original function. */ ++ /* original function. Remains externally */ ++ /* visible as used by some well-known 3rd-party */ ++ /* software (e.g., ECL) currently. */ + + GC_INNER void GC_push_finalizer_structures(void); + #ifdef THREADS +diff --git a/mark.c b/mark.c +index 746f1bd..cc8dfde 100644 +--- a/mark.c ++++ b/mark.c +@@ -1259,7 +1259,7 @@ GC_INNER void GC_mark_init(void) + * Should only be used if there is no possibility of mark stack + * overflow. + */ +-GC_INNER void GC_push_all(ptr_t bottom, ptr_t top) ++void GC_push_all(ptr_t bottom, ptr_t top) + { + register word length; + +@@ -1332,7 +1332,7 @@ GC_INNER void GC_push_all(ptr_t bottom, ptr_t top) + } + } + +- GC_INNER void GC_push_conditional(ptr_t bottom, ptr_t top, GC_bool all) ++ void GC_push_conditional(ptr_t bottom, ptr_t top, GC_bool all) + { + if (!all) { + GC_push_selected(bottom, top, GC_page_was_dirty); +diff --git a/os_dep.c b/os_dep.c +index 17dabcd..c1b7f20 100644 +--- a/os_dep.c ++++ b/os_dep.c +@@ -2523,7 +2523,7 @@ GC_INNER void GC_unmap_gap(ptr_t start1, size_t bytes1, ptr_t start2, + /* environment, this is also responsible for marking from */ + /* thread stacks. */ + #ifndef THREADS +- GC_INNER void (*GC_push_other_roots)(void) = 0; ++ void (*GC_push_other_roots)(void) = 0; + #else /* THREADS */ + + # ifdef PCR +@@ -2587,7 +2587,7 @@ STATIC void GC_default_push_other_roots(void) + } + # endif /* SN_TARGET_PS3 */ + +- GC_INNER void (*GC_push_other_roots)(void) = GC_default_push_other_roots; ++ void (*GC_push_other_roots)(void) = GC_default_push_other_roots; + #endif /* THREADS */ + + /* +-- +1.7.10.2 + diff --git a/0003-Update-ChangeLog.patch b/0003-Update-ChangeLog.patch new file mode 100644 index 0000000..f4dfbcc --- /dev/null +++ b/0003-Update-ChangeLog.patch @@ -0,0 +1,39 @@ +From 2e3970b8e5064881bc94fbebad57868347777782 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Sat, 2 Jun 2012 12:48:43 +0400 +Subject: [PATCH 3/9] Update ChangeLog + +--- + ChangeLog | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 0e6c8db..c2340e4 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,22 @@ ++2012-06-02 Ivan Maidanski ++ ++ * include/private/gc_priv.h (GC_push_all, GC_push_other_roots): ++ Declare as GC_API_PRIV (instead of GC_INNER) to make the symbol ++ externally visible to some well-known 3rd-party software (e.g., ECL). ++ * include/private/gc_priv.h (GC_push_conditional): Declare as ++ GC_API_PRIV (only if GC_DISABLE_INCREMENTAL is undefined). ++ * mark.c (GC_push_all, GC_push_conditional): Remove GC_INNER (to match ++ the declaration). ++ * os_dep.c (GC_push_other_roots): Likewise. ++ ++2012-06-02 Ivan Maidanski ++ ++ * include/private/gc_priv.h (GC_clear_mark_bit, GC_set_mark_bit): ++ Declare as GC_API_PRIV (instead of GC_INNER) to make the symbol ++ externally visible to 3rd-party software (e.g., ECL). ++ * mark.c (GC_set_mark_bit, GC_clear_mark_bit): Remove GC_INNER (to ++ match the declaration). ++ + [7.2b] + + 2012-05-23 Ivan Maidanski +-- +1.7.10.2 + diff --git a/0004-Fix-GC_FirstDLOpenedLinkMap-for-NetBSD-6-release.patch b/0004-Fix-GC_FirstDLOpenedLinkMap-for-NetBSD-6-release.patch new file mode 100644 index 0000000..3de67c0 --- /dev/null +++ b/0004-Fix-GC_FirstDLOpenedLinkMap-for-NetBSD-6-release.patch @@ -0,0 +1,48 @@ +From e9688bbf5ebecc950eb3e274ff19b3c2cf6ac288 Mon Sep 17 00:00:00 2001 +From: Tsugutomo Enami +Date: Fri, 1 Jun 2012 03:12:24 +0400 +Subject: [PATCH 4/9] Fix GC_FirstDLOpenedLinkMap() for NetBSD 6 release + +* dyn_load.c: Include sys/param.h and dlfcn.h on NetBSD. +* dyn_load.c (GC_FirstDLOpenedLinkMap): Obtain link map using dlinfo() +on NetBSD if RTLD_DI_LINKMAP feature present (defined). +--- + dyn_load.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/dyn_load.c b/dyn_load.c +index ce45ee2..a543d9e 100644 +--- a/dyn_load.c ++++ b/dyn_load.c +@@ -77,6 +77,8 @@ STATIC GC_has_static_roots_func GC_has_static_roots = 0; + #endif + + #if defined(NETBSD) ++# include ++# include + # include + # define ELFSIZE ARCH_ELFSIZE + #endif +@@ -644,6 +646,11 @@ GC_FirstDLOpenedLinkMap(void) + return(0); + } + if( cachedResult == 0 ) { ++# if defined(NETBSD) && defined(RTLD_DI_LINKMAP) ++ struct link_map *lm = NULL; ++ if (!dlinfo(RTLD_SELF, RTLD_DI_LINKMAP, &lm)) ++ cachedResult = lm; ++# else + int tag; + for( dp = _DYNAMIC; (tag = dp->d_tag) != 0; dp++ ) { + if( tag == DT_DEBUG ) { +@@ -653,6 +660,7 @@ GC_FirstDLOpenedLinkMap(void) + break; + } + } ++# endif /* !NETBSD || !RTLD_DI_LINKMAP */ + } + return cachedResult; + } +-- +1.7.10.2 + diff --git a/0005-Update-ChangeLog.patch b/0005-Update-ChangeLog.patch new file mode 100644 index 0000000..fd8c790 --- /dev/null +++ b/0005-Update-ChangeLog.patch @@ -0,0 +1,29 @@ +From a237b23befdb0dd75dff2727a2a5c0d66bc96f04 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Sat, 2 Jun 2012 13:05:51 +0400 +Subject: [PATCH 5/9] Update ChangeLog + +--- + ChangeLog | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index c2340e4..9ff7086 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -17,6 +17,12 @@ + * mark.c (GC_set_mark_bit, GC_clear_mark_bit): Remove GC_INNER (to + match the declaration). + ++2012-06-01 Tsugutomo Enami ++ ++ * dyn_load.c: Include sys/param.h and dlfcn.h on NetBSD. ++ * dyn_load.c (GC_FirstDLOpenedLinkMap): Obtain link map using dlinfo() ++ on NetBSD if RTLD_DI_LINKMAP feature present (defined). ++ + [7.2b] + + 2012-05-23 Ivan Maidanski +-- +1.7.10.2 + diff --git a/0006-Fix-GC_scratch_alloc-and-GC_get_maps-invocations-to-.patch b/0006-Fix-GC_scratch_alloc-and-GC_get_maps-invocations-to-.patch new file mode 100644 index 0000000..d18996b --- /dev/null +++ b/0006-Fix-GC_scratch_alloc-and-GC_get_maps-invocations-to-.patch @@ -0,0 +1,93 @@ +From 1de90aeb38a078550f9b22a5900f959e6dcbd37b Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Thu, 7 Jun 2012 22:00:37 +0400 +Subject: [PATCH 6/9] Fix GC_scratch_alloc and GC_get_maps invocations to + prevent SEGV (if out of memory) + +* dyn_load.c (GC_register_dynamic_libraries): If GC_scratch_alloc +fails (returns null) then abort (with the appropriate message) instead +of causing SEGV. +* os_dep.c (GC_dirty_init): Likewise. +* headers.c (GC_init_headers): Report error and exit if +GC_scratch_alloc fails. +* include/private/gc_priv.h (GC_scratch_alloc): Improve comment. +* os_dep.c (GC_print_address_map): If GC_get_maps return null then +print the appropriate message (instead of passing null to GC_err_puts +thus causing SEGV). +--- + dyn_load.c | 2 ++ + headers.c | 4 ++++ + include/private/gc_priv.h | 2 +- + os_dep.c | 7 ++++++- + 4 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/dyn_load.c b/dyn_load.c +index a543d9e..39efc9b 100644 +--- a/dyn_load.c ++++ b/dyn_load.c +@@ -760,6 +760,8 @@ GC_INNER void GC_register_dynamic_libraries(void) + /* Expansion, plus room for 0 record */ + addr_map = (prmap_t *)GC_scratch_alloc( + (word)current_sz * sizeof(prmap_t)); ++ if (addr_map == NULL) ++ ABORT("Insufficient memory for address map"); + } + if (ioctl(fd, PIOCMAP, addr_map) < 0) { + GC_err_printf("fd = %d, errno = %d, needed_sz = %d, addr_map = %p\n", +diff --git a/headers.c b/headers.c +index de82c20..eac3e9f 100644 +--- a/headers.c ++++ b/headers.c +@@ -196,6 +196,10 @@ GC_INNER void GC_init_headers(void) + register unsigned i; + + GC_all_nils = (bottom_index *)GC_scratch_alloc((word)sizeof(bottom_index)); ++ if (GC_all_nils == NULL) { ++ GC_err_printf("Insufficient memory for GC_all_nils\n"); ++ EXIT(); ++ } + BZERO(GC_all_nils, sizeof(bottom_index)); + for (i = 0; i < TOP_SZ; i++) { + GC_top_index[i] = GC_all_nils; +diff --git a/include/private/gc_priv.h b/include/private/gc_priv.h +index 9d728a9..b44347f 100644 +--- a/include/private/gc_priv.h ++++ b/include/private/gc_priv.h +@@ -1589,7 +1589,7 @@ GC_INNER void GC_unpromote_black_lists(void); + GC_INNER ptr_t GC_scratch_alloc(size_t bytes); + /* GC internal memory allocation for */ + /* small objects. Deallocation is not */ +- /* possible. */ ++ /* possible. May return NULL. */ + + /* Heap block layout maps: */ + GC_INNER GC_bool GC_add_map_entry(size_t sz); +diff --git a/os_dep.c b/os_dep.c +index c1b7f20..333421d 100644 +--- a/os_dep.c ++++ b/os_dep.c +@@ -3641,6 +3641,8 @@ GC_INNER void GC_dirty_init(void) + + GC_dirty_maintained = TRUE; + GC_proc_buf = GC_scratch_alloc(GC_proc_buf_size); ++ if (GC_proc_buf == NULL) ++ ABORT("Insufficient space for /proc read"); + } + + # define READ read +@@ -4724,8 +4726,11 @@ GC_INNER void GC_print_callers(struct callinfo info[NFRAMES]) + /* addresses in FIND_LEAK output. */ + void GC_print_address_map(void) + { ++ char *maps; ++ + GC_err_printf("---------- Begin address map ----------\n"); +- GC_err_puts(GC_get_maps()); ++ maps = GC_get_maps(); ++ GC_err_puts(maps != NULL ? maps : "Failed to get map!\n"); + GC_err_printf("---------- End address map ----------\n"); + } + #endif /* LINUX && ELF */ +-- +1.7.10.2 + diff --git a/0007-Update-ChangeLog.patch b/0007-Update-ChangeLog.patch new file mode 100644 index 0000000..49731be --- /dev/null +++ b/0007-Update-ChangeLog.patch @@ -0,0 +1,33 @@ +From 0a1643fa4cf7cbc31d87a04ae14fd94eefde4a28 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Thu, 7 Jun 2012 23:01:35 +0400 +Subject: [PATCH 7/9] Update ChangeLog + +--- + ChangeLog | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 9ff7086..01bb822 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,16 @@ ++2012-06-07 Ivan Maidanski ++ ++ * dyn_load.c (GC_register_dynamic_libraries): If GC_scratch_alloc ++ fails (returns null) then abort (with the appropriate message) instead ++ of causing SEGV. ++ * os_dep.c (GC_dirty_init): Likewise. ++ * headers.c (GC_init_headers): Report error and exit if ++ GC_scratch_alloc fails. ++ * include/private/gc_priv.h (GC_scratch_alloc): Improve comment. ++ * os_dep.c (GC_print_address_map): If GC_get_maps return null then ++ print the appropriate message (instead of passing null to GC_err_puts ++ thus causing SEGV). ++ + 2012-06-02 Ivan Maidanski + + * include/private/gc_priv.h (GC_push_all, GC_push_other_roots): +-- +1.7.10.2 + diff --git a/0008-Fix-CORD_cat_char_star-to-prevent-SEGV-in-case-of-ou.patch b/0008-Fix-CORD_cat_char_star-to-prevent-SEGV-in-case-of-ou.patch new file mode 100644 index 0000000..bcd9b37 --- /dev/null +++ b/0008-Fix-CORD_cat_char_star-to-prevent-SEGV-in-case-of-ou.patch @@ -0,0 +1,27 @@ +From 5591275f04b1b94395e38eeada745cd97bc8b613 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Fri, 8 Jun 2012 21:10:17 +0400 +Subject: [PATCH 8/9] Fix CORD_cat_char_star to prevent SEGV in case of + out-of-memory + +* cordbscs.c (CORD_cat_char_star): Check GC_MALLOC_ATOMIC result for +NULL (do OUT_OF_MEMORY in such case) to prevent SEGV. +--- + cord/cordbscs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/cord/cordbscs.c b/cord/cordbscs.c +index 924bf44..5128daf 100644 +--- a/cord/cordbscs.c ++++ b/cord/cordbscs.c +@@ -188,6 +188,7 @@ CORD CORD_cat_char_star(CORD x, const char * y, size_t leny) + result_len = right_len + leny; /* length of new_right */ + if (result_len <= SHORT_LIMIT) { + new_right = GC_MALLOC_ATOMIC(result_len + 1); ++ if (new_right == 0) OUT_OF_MEMORY; + memcpy(new_right, right, right_len); + memcpy(new_right + right_len, y, leny); + new_right[result_len] = '\0'; +-- +1.7.10.2 + diff --git a/0009-Update-ChangeLog.patch b/0009-Update-ChangeLog.patch new file mode 100644 index 0000000..10c4115 --- /dev/null +++ b/0009-Update-ChangeLog.patch @@ -0,0 +1,25 @@ +From 98176e156503cc43cb9a5ff6d252fff0bdbf7995 Mon Sep 17 00:00:00 2001 +From: Ivan Maidanski +Date: Fri, 8 Jun 2012 21:22:19 +0400 +Subject: [PATCH 9/9] Update ChangeLog + +--- + ChangeLog | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/ChangeLog b/ChangeLog +index 01bb822..e6f3b14 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2012-06-08 Ivan Maidanski ++ ++ * cordbscs.c (CORD_cat_char_star): Check GC_MALLOC_ATOMIC result for ++ NULL (do OUT_OF_MEMORY in such case) to prevent SEGV. ++ + 2012-06-07 Ivan Maidanski + + * dyn_load.c (GC_register_dynamic_libraries): If GC_scratch_alloc +-- +1.7.10.2 + diff --git a/gc.spec b/gc.spec index 61dea97..eaf7a79 100644 --- a/gc.spec +++ b/gc.spec @@ -3,7 +3,7 @@ Summary: A garbage collector for C and C++ Name: gc %global base_ver 7.2 Version: 7.2b -Release: 1%{?dist} +Release: 2%{?dist} Group: System Environment/Libraries License: BSD @@ -14,6 +14,16 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) ## upstreamable patches ## upstream patches +# patches from gc-7_2-hotfix-2 branch, git format-patch gc7_2b..HEAD +Patch0001: 0001-Fix-visibility-of-GC_clear-set_mark_bit-unhide-symbo.patch +Patch0002: 0002-Fix-visibility-of-GC_push_all-conditional-GC_push_ot.patch +Patch0003: 0003-Update-ChangeLog.patch +Patch0004: 0004-Fix-GC_FirstDLOpenedLinkMap-for-NetBSD-6-release.patch +Patch0005: 0005-Update-ChangeLog.patch +Patch0006: 0006-Fix-GC_scratch_alloc-and-GC_get_maps-invocations-to-.patch +Patch0007: 0007-Update-ChangeLog.patch +Patch0008: 0008-Fix-CORD_cat_char_star-to-prevent-SEGV-in-case-of-ou.patch +Patch0009: 0009-Update-ChangeLog.patch BuildRequires: automake libtool BuildRequires: pkgconfig @@ -53,6 +63,16 @@ that involves minimum overhead across a variety of architectures. %prep %setup -q -n gc-%{base_ver}%{?pre} +%patch0001 -p1 -b .0001 +%patch0002 -p1 -b .0002 +%patch0003 -p1 -b .0003 +%patch0004 -p1 -b .0004 +%patch0005 -p1 -b .0005 +%patch0006 -p1 -b .0006 +%patch0007 -p1 -b .0007 +%patch0008 -p1 -b .0008 +%patch0009 -p1 -b .0009 + # refresh auto*/libtool to purge rpaths rm -f libtool libtool.m4 autoreconf -i -f @@ -140,6 +160,12 @@ rm -rf %{buildroot} %changelog +* Fri Jun 15 2012 Rex Dieter +- 7.2b-2 +- backport patches from gc-7_2-hotfix-2 branch in lieu of 7.2c release +- gc 7.2 final abi broken when changing several symbols to hidden (#825473) +- gc: malloc() and calloc() overflows (CVE-2012-2673, #828881) + * Wed May 30 2012 Rex Dieter 7.2b-1 - gc-7.2b