import glibc-2.28-189.el8

This commit is contained in:
CentOS Sources 2022-02-05 05:26:15 +00:00 committed by Stepan Oksanichenko
parent f73a02cba0
commit 46f50433f3
16 changed files with 1838 additions and 191 deletions

View File

@ -0,0 +1,92 @@
commit 28c30a6232aa9a54783c146590498a061fc0112a
Author: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun Feb 9 19:50:21 2020 +0000
pthread: Move most once tests from nptl to sysdeps/pthread
So they can be checked with htl too.
# Conflicts:
# sysdeps/pthread/Makefile
# (Moved only the tests in this commit which subsequently
# needed for the pthread_once fix)
diff --git a/nptl/Makefile b/nptl/Makefile
index b14de3ffb330c10b..dcf3868869767015 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -260,7 +260,7 @@ tests = tst-attr1 tst-attr2 tst-attr3 tst-default-attr \
tst-rwlock4 tst-rwlock5 tst-rwlock6 tst-rwlock7 tst-rwlock8 \
tst-rwlock9 tst-rwlock10 tst-rwlock11 tst-rwlock12 tst-rwlock13 \
tst-rwlock14 tst-rwlock15 tst-rwlock16 tst-rwlock17 tst-rwlock18 \
- tst-once1 tst-once2 tst-once3 tst-once4 tst-once5 \
+ tst-once5 \
tst-key1 tst-key2 tst-key3 tst-key4 \
tst-sem1 tst-sem2 tst-sem3 tst-sem4 tst-sem5 tst-sem6 tst-sem7 \
tst-sem8 tst-sem9 tst-sem10 tst-sem14 \
@@ -384,8 +384,7 @@ tests += tst-cancelx2 tst-cancelx3 tst-cancelx4 tst-cancelx5 \
tst-cancelx6 tst-cancelx7 tst-cancelx8 tst-cancelx9 tst-cancelx10 \
tst-cancelx11 tst-cancelx12 tst-cancelx13 tst-cancelx14 tst-cancelx15 \
tst-cancelx16 tst-cancelx17 tst-cancelx18 tst-cancelx20 tst-cancelx21 \
- tst-cleanupx0 tst-cleanupx1 tst-cleanupx2 tst-cleanupx3 tst-cleanupx4 \
- tst-oncex3 tst-oncex4
+ tst-cleanupx0 tst-cleanupx1 tst-cleanupx2 tst-cleanupx3 tst-cleanupx4
ifeq ($(build-shared),yes)
tests += tst-atfork2 tst-tls4 tst-_res1 tst-fini1 tst-compat-forwarder \
tst-audit-threads
@@ -525,8 +524,6 @@ CFLAGS-tst-cleanupx2.c += -fexceptions
CFLAGS-tst-cleanupx3.c += -fexceptions
CFLAGS-tst-cleanupx4.c += -fexceptions
CFLAGS-tst-cleanupx4aux.c += -fexceptions
-CFLAGS-tst-oncex3.c += -fexceptions
-CFLAGS-tst-oncex4.c += -fexceptions
CFLAGS-tst-align.c += $(stack-align-test-flags)
CFLAGS-tst-align3.c += $(stack-align-test-flags)
CFLAGS-tst-initializers1.c += -W -Wall -Werror
diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
index 98a92f8d6bb119ba..14ef04247cb84ad3 100644
--- a/sysdeps/pthread/Makefile
+++ b/sysdeps/pthread/Makefile
@@ -33,11 +33,18 @@ endif
tst-create1mod.so-no-z-defs = yes
+tests += tst-once1 tst-once2 tst-once3 tst-once4
+
+tests += tst-oncex3 tst-oncex4
+
ifeq ($(build-shared),yes)
# Build all the modules even when not actually running test programs.
tests: $(test-modules)
endif
+CFLAGS-tst-oncex3.c += -fexceptions
+CFLAGS-tst-oncex4.c += -fexceptions
+
modules-names += tst-create1mod
test-modules = $(addprefix $(objpfx),$(addsuffix .so,$(modules-names)))
diff --git a/nptl/tst-once1.c b/sysdeps/pthread/tst-once1.c
similarity index 100%
rename from nptl/tst-once1.c
rename to sysdeps/pthread/tst-once1.c
diff --git a/nptl/tst-once2.c b/sysdeps/pthread/tst-once2.c
similarity index 100%
rename from nptl/tst-once2.c
rename to sysdeps/pthread/tst-once2.c
diff --git a/nptl/tst-once3.c b/sysdeps/pthread/tst-once3.c
similarity index 100%
rename from nptl/tst-once3.c
rename to sysdeps/pthread/tst-once3.c
diff --git a/nptl/tst-once4.c b/sysdeps/pthread/tst-once4.c
similarity index 100%
rename from nptl/tst-once4.c
rename to sysdeps/pthread/tst-once4.c
diff --git a/nptl/tst-oncex3.c b/sysdeps/pthread/tst-oncex3.c
similarity index 100%
rename from nptl/tst-oncex3.c
rename to sysdeps/pthread/tst-oncex3.c
diff --git a/nptl/tst-oncex4.c b/sysdeps/pthread/tst-oncex4.c
similarity index 100%
rename from nptl/tst-oncex4.c
rename to sysdeps/pthread/tst-oncex4.c

View File

@ -0,0 +1,200 @@
commit f0419e6a10740a672b28e112c409ae24f5e890ab
Author: Jakub Jelinek <jakub@redhat.com>
Date: Thu Mar 4 15:15:33 2021 +0100
[PATCH] pthread_once hangs when init routine throws an exception [BZ #18435]
This is another attempt at making pthread_once handle throwing exceptions
from the init routine callback. As the new testcases show, just switching
to the cleanup attribute based cleanup does fix the tst-once5 test, but
breaks the new tst-oncey3 test. That is because when throwing exceptions,
only the unwind info registered cleanups (i.e. C++ destructors or cleanup
attribute), when cancelling threads and there has been unwind info from the
cancellation point up to whatever needs cleanup both unwind info registered
cleanups and THREAD_SETMEM (self, cleanup, ...) registered cleanups are
invoked, but once we hit some frame with no unwind info, only the
THREAD_SETMEM (self, cleanup, ...) registered cleanups are invoked.
So, to stay fully backwards compatible (allow init routines without
unwind info which encounter cancellation points) and handle exception throwing
we actually need to register the pthread_once cleanups in both unwind info
and in the THREAD_SETMEM (self, cleanup, ...) way.
If an exception is thrown, only the former will happen and we in that case
need to also unregister the THREAD_SETMEM (self, cleanup, ...) registered
handler, because otherwise after catching the exception the user code could
call deeper into the stack some cancellation point, get cancelled and then
a stale cleanup handler would clobber stack and probably crash.
If a thread calling init routine is cancelled and unwind info ends before
the pthread_once frame, it will be cleaned up through self->cleanup as
before. And if unwind info is present, unwind_stop first calls the
self->cleanup registered handler for the frame, then it will call the
unwind info registered handler but that will already see __do_it == 0
and do nothing.
# Conflicts:
# nptl/Makefile
# (The usual cleanups because they don't match.)
# sysdeps/pthread/Makefile
# (The usual cleanups because all the other tests aren't moved.)
diff --git a/nptl/Makefile b/nptl/Makefile
index dcf3868869767015..70a3be23ecfcd9c9 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -334,10 +334,6 @@ xtests = tst-setuid1 tst-setuid1-static tst-setuid2 \
tst-mutexpp1 tst-mutexpp6 tst-mutexpp10
test-srcs = tst-oddstacklimit
-# Test expected to fail on most targets (except x86_64) due to bug
-# 18435 - pthread_once hangs when init routine throws an exception.
-test-xfail-tst-once5 = yes
-
# Files which must not be linked with libpthread.
tests-nolibpthread = tst-unload
diff --git a/nptl/pthreadP.h b/nptl/pthreadP.h
index a2d48b2015cd385c..7ddc166cf32414c4 100644
--- a/nptl/pthreadP.h
+++ b/nptl/pthreadP.h
@@ -571,6 +571,67 @@ extern void __pthread_cleanup_pop (struct _pthread_cleanup_buffer *buffer,
# undef pthread_cleanup_pop
# define pthread_cleanup_pop(execute) \
__pthread_cleanup_pop (&_buffer, (execute)); }
+
+# if defined __EXCEPTIONS && !defined __cplusplus
+/* Structure to hold the cleanup handler information. */
+struct __pthread_cleanup_combined_frame
+{
+ void (*__cancel_routine) (void *);
+ void *__cancel_arg;
+ int __do_it;
+ struct _pthread_cleanup_buffer __buffer;
+};
+
+/* Special cleanup macros which register cleanup both using
+ __pthread_cleanup_{push,pop} and using cleanup attribute. This is needed
+ for pthread_once, so that it supports both throwing exceptions from the
+ pthread_once callback (only cleanup attribute works there) and cancellation
+ of the thread running the callback if the callback or some routines it
+ calls don't have unwind information. */
+
+static __always_inline void
+__pthread_cleanup_combined_routine (struct __pthread_cleanup_combined_frame
+ *__frame)
+{
+ if (__frame->__do_it)
+ {
+ __frame->__cancel_routine (__frame->__cancel_arg);
+ __frame->__do_it = 0;
+ __pthread_cleanup_pop (&__frame->__buffer, 0);
+ }
+}
+
+static inline void
+__pthread_cleanup_combined_routine_voidptr (void *__arg)
+{
+ struct __pthread_cleanup_combined_frame *__frame
+ = (struct __pthread_cleanup_combined_frame *) __arg;
+ if (__frame->__do_it)
+ {
+ __frame->__cancel_routine (__frame->__cancel_arg);
+ __frame->__do_it = 0;
+ }
+}
+
+# define pthread_cleanup_combined_push(routine, arg) \
+ do { \
+ void (*__cancel_routine) (void *) = (routine); \
+ struct __pthread_cleanup_combined_frame __clframe \
+ __attribute__ ((__cleanup__ (__pthread_cleanup_combined_routine))) \
+ = { .__cancel_routine = __cancel_routine, .__cancel_arg = (arg), \
+ .__do_it = 1 }; \
+ __pthread_cleanup_push (&__clframe.__buffer, \
+ __pthread_cleanup_combined_routine_voidptr, \
+ &__clframe);
+
+# define pthread_cleanup_combined_pop(execute) \
+ __pthread_cleanup_pop (&__clframe.__buffer, 0); \
+ __clframe.__do_it = 0; \
+ if (execute) \
+ __cancel_routine (__clframe.__cancel_arg); \
+ } while (0)
+
+# endif
#endif
extern void __pthread_cleanup_push_defer (struct _pthread_cleanup_buffer *buffer,
diff --git a/nptl/pthread_once.c b/nptl/pthread_once.c
index 1653226286dc3539..45e965e8743d9412 100644
--- a/nptl/pthread_once.c
+++ b/nptl/pthread_once.c
@@ -111,11 +111,11 @@ __pthread_once_slow (pthread_once_t *once_control, void (*init_routine) (void))
/* This thread is the first here. Do the initialization.
Register a cleanup handler so that in case the thread gets
interrupted the initialization can be restarted. */
- pthread_cleanup_push (clear_once_control, once_control);
+ pthread_cleanup_combined_push (clear_once_control, once_control);
init_routine ();
- pthread_cleanup_pop (0);
+ pthread_cleanup_combined_pop (0);
/* Mark *once_control as having finished the initialization. We need
diff --git a/nptl/tst-once5.cc b/nptl/tst-once5.cc
index d232266c3ace89d9..dda18e610c9114bc 100644
--- a/nptl/tst-once5.cc
+++ b/nptl/tst-once5.cc
@@ -59,7 +59,7 @@ do_test (void)
" throwing an exception", stderr);
}
catch (OnceException) {
- if (1 < niter)
+ if (niter > 1)
fputs ("pthread_once unexpectedly threw", stderr);
result = 0;
}
@@ -75,7 +75,5 @@ do_test (void)
return result;
}
-// The test currently hangs and is XFAILed. Reduce the timeout.
-#define TIMEOUT 1
#define TEST_FUNCTION do_test ()
#include "../test-skeleton.c"
diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile
index 14ef04247cb84ad3..80a71f3f9f0e72ae 100644
--- a/sysdeps/pthread/Makefile
+++ b/sysdeps/pthread/Makefile
@@ -35,7 +35,7 @@ tst-create1mod.so-no-z-defs = yes
tests += tst-once1 tst-once2 tst-once3 tst-once4
-tests += tst-oncex3 tst-oncex4
+tests += tst-oncex3 tst-oncex4 tst-oncey3 tst-oncey4
ifeq ($(build-shared),yes)
# Build all the modules even when not actually running test programs.
@@ -44,6 +44,8 @@ endif
CFLAGS-tst-oncex3.c += -fexceptions
CFLAGS-tst-oncex4.c += -fexceptions
+CFLAGS-tst-oncey3.c += -fno-exceptions -fno-asynchronous-unwind-tables
+CFLAGS-tst-oncey4.c += -fno-exceptions -fno-asynchronous-unwind-tables
modules-names += tst-create1mod
test-modules = $(addprefix $(objpfx),$(addsuffix .so,$(modules-names)))
diff --git a/sysdeps/pthread/tst-oncey3.c b/sysdeps/pthread/tst-oncey3.c
new file mode 100644
index 0000000000000000..08225b88dc06b979
--- /dev/null
+++ b/sysdeps/pthread/tst-oncey3.c
@@ -0,0 +1 @@
+#include "tst-once3.c"
diff --git a/sysdeps/pthread/tst-oncey4.c b/sysdeps/pthread/tst-oncey4.c
new file mode 100644
index 0000000000000000..9b4d98f3f13c265a
--- /dev/null
+++ b/sysdeps/pthread/tst-oncey4.c
@@ -0,0 +1 @@
+#include "tst-once4.c"

View File

@ -0,0 +1,64 @@
commit a7e9dbb7742954814643a8562dcad09abb0b0e5d
Author: Alexandra Hájková <ahajkova@redhat.com>
Date: Sat Dec 26 18:45:13 2020 +0100
Add xchdir to libsupport.
diff --git a/support/Makefile b/support/Makefile
index dcf3c4baa2a31070..fb95a69ed9158e78 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -82,6 +82,7 @@ libsupport-routines = \
xasprintf \
xbind \
xcalloc \
+ xchdir \
xchroot \
xclose \
xconnect \
diff --git a/support/xchdir.c b/support/xchdir.c
new file mode 100644
index 0000000000000000..beb4feff72832065
--- /dev/null
+++ b/support/xchdir.c
@@ -0,0 +1,28 @@
+/* chdir with error checking.
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <support/check.h>
+#include <support/xunistd.h>
+#include <unistd.h>
+
+void
+xchdir (const char *path)
+{
+ if (chdir (path) != 0)
+ FAIL_EXIT1 ("chdir (\"%s\"): %m", path);
+}
diff --git a/support/xunistd.h b/support/xunistd.h
index f99f362cb4763c5b..74fd2771d12c36fe 100644
--- a/support/xunistd.h
+++ b/support/xunistd.h
@@ -44,6 +44,7 @@ long xsysconf (int name);
long long xlseek (int fd, long long offset, int whence);
void xftruncate (int fd, long long length);
void xsymlink (const char *target, const char *linkpath);
+void xchdir (const char *path);
/* Equivalent of "mkdir -p". */
void xmkdirp (const char *, mode_t);

View File

@ -0,0 +1,74 @@
Additionally include stdbool.h to fix issues with bool keyword usage.
commit 60854f40ea2d420867ed2f0f052ee7fca661dbff
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu Oct 15 15:14:22 2020 -0300
support: Add create_temp_file_in_dir
It allows created a temporary file in a specified directory.
diff --git a/support/support.h b/support/support.h
index f50f8cc1496d657d..96833bd4e992e6d3 100644
--- a/support/support.h
+++ b/support/support.h
@@ -23,6 +23,7 @@
#ifndef SUPPORT_H
#define SUPPORT_H
+#include <stdbool.h>
#include <stddef.h>
#include <sys/cdefs.h>
/* For mode_t. */
diff --git a/support/temp_file.c b/support/temp_file.c
index 0bbc7f997264f758..5a2728c94a9c32ae 100644
--- a/support/temp_file.c
+++ b/support/temp_file.c
@@ -60,14 +60,12 @@ add_temp_file (const char *name)
}
int
-create_temp_file (const char *base, char **filename)
+create_temp_file_in_dir (const char *base, const char *dir, char **filename)
{
char *fname;
int fd;
- fname = (char *) xmalloc (strlen (test_dir) + 1 + strlen (base)
- + sizeof ("XXXXXX"));
- strcpy (stpcpy (stpcpy (stpcpy (fname, test_dir), "/"), base), "XXXXXX");
+ fname = xasprintf ("%s/%sXXXXXX", dir, base);
fd = mkstemp (fname);
if (fd == -1)
@@ -86,6 +84,12 @@ create_temp_file (const char *base, char **filename)
return fd;
}
+int
+create_temp_file (const char *base, char **filename)
+{
+ return create_temp_file_in_dir (base, test_dir, filename);
+}
+
char *
support_create_temp_directory (const char *base)
{
diff --git a/support/temp_file.h b/support/temp_file.h
index c7795cc577ca22a9..d64563f41f1f50cd 100644
--- a/support/temp_file.h
+++ b/support/temp_file.h
@@ -32,6 +32,13 @@ void add_temp_file (const char *name);
*FILENAME. */
int create_temp_file (const char *base, char **filename);
+/* Create a temporary file in directory DIR. Return the opened file
+ descriptor on success, or -1 on failure. Write the file name to
+ *FILENAME if FILENAME is not NULL. In this case, the caller is
+ expected to free *FILENAME. */
+int create_temp_file_in_dir (const char *base, const char *dir,
+ char **filename);
+
/* Create a temporary directory and schedule it for deletion. BASE is
used as a prefix for the unique directory name, which the function
returns. The caller should free this string. */

View File

@ -0,0 +1,278 @@
commit fb7bff12e81c677a6622f724edd4d4987dd9d971
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue Jan 18 13:29:36 2022 +0530
support: Add helpers to create paths longer than PATH_MAX
Add new helpers support_create_and_chdir_toolong_temp_directory and
support_chdir_toolong_temp_directory to create and descend into
directory trees longer than PATH_MAX.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
# Conflicts:
# support/temp_file.c
diff --git a/support/temp_file.c b/support/temp_file.c
index 5a2728c94a9c32ae..661c86bad5c0121f 100644
--- a/support/temp_file.c
+++ b/support/temp_file.c
@@ -1,5 +1,6 @@
/* Temporary file handling for tests.
- Copyright (C) 1998-2018 Free Software Foundation, Inc.
+ Copyright (C) 1998-2022 Free Software Foundation, Inc.
+ Copyright The GNU Tools Authors.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -20,15 +21,17 @@
some 32-bit platforms. */
#define _FILE_OFFSET_BITS 64
+#include <support/check.h>
#include <support/temp_file.h>
#include <support/temp_file-internal.h>
#include <support/support.h>
+#include <errno.h>
#include <paths.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <unistd.h>
+#include <xunistd.h>
/* List of temporary files. */
static struct temp_name_list
@@ -36,14 +39,20 @@ static struct temp_name_list
struct temp_name_list *next;
char *name;
pid_t owner;
+ bool toolong;
} *temp_name_list;
/* Location of the temporary files. Set by the test skeleton via
support_set_test_dir. The string is not be freed. */
static const char *test_dir = _PATH_TMP;
-void
-add_temp_file (const char *name)
+/* Name of subdirectories in a too long temporary directory tree. */
+static char toolong_subdir[NAME_MAX + 1];
+static bool toolong_initialized;
+static size_t toolong_path_max;
+
+static void
+add_temp_file_internal (const char *name, bool toolong)
{
struct temp_name_list *newp
= (struct temp_name_list *) xcalloc (sizeof (*newp), 1);
@@ -53,12 +62,19 @@ add_temp_file (const char *name)
newp->name = newname;
newp->next = temp_name_list;
newp->owner = getpid ();
+ newp->toolong = toolong;
temp_name_list = newp;
}
else
free (newp);
}
+void
+add_temp_file (const char *name)
+{
+ add_temp_file_internal (name, false);
+}
+
int
create_temp_file_in_dir (const char *base, const char *dir, char **filename)
{
@@ -90,8 +106,8 @@ create_temp_file (const char *base, char **filename)
return create_temp_file_in_dir (base, test_dir, filename);
}
-char *
-support_create_temp_directory (const char *base)
+static char *
+create_temp_directory_internal (const char *base, bool toolong)
{
char *path = xasprintf ("%s/%sXXXXXX", test_dir, base);
if (mkdtemp (path) == NULL)
@@ -99,16 +115,132 @@ support_create_temp_directory (const char *base)
printf ("error: mkdtemp (\"%s\"): %m", path);
exit (1);
}
- add_temp_file (path);
+ add_temp_file_internal (path, toolong);
return path;
}
-/* Helper functions called by the test skeleton follow. */
+char *
+support_create_temp_directory (const char *base)
+{
+ return create_temp_directory_internal (base, false);
+}
+
+static void
+ensure_toolong_initialized (void)
+{
+ if (!toolong_initialized)
+ FAIL_EXIT1 ("uninitialized toolong directory tree\n");
+}
+
+static void
+initialize_toolong (const char *base)
+{
+ long name_max = pathconf (base, _PC_NAME_MAX);
+ name_max = (name_max < 0 ? 64
+ : (name_max < sizeof (toolong_subdir) ? name_max
+ : sizeof (toolong_subdir) - 1));
+
+ long path_max = pathconf (base, _PC_PATH_MAX);
+ path_max = (path_max < 0 ? 1024
+ : path_max <= PTRDIFF_MAX ? path_max : PTRDIFF_MAX);
+
+ /* Sanity check to ensure that the test does not create temporary directories
+ in different filesystems because this API doesn't support it. */
+ if (toolong_initialized)
+ {
+ if (name_max != strlen (toolong_subdir))
+ FAIL_UNSUPPORTED ("name_max: Temporary directories in different"
+ " filesystems not supported yet\n");
+ if (path_max != toolong_path_max)
+ FAIL_UNSUPPORTED ("path_max: Temporary directories in different"
+ " filesystems not supported yet\n");
+ return;
+ }
+
+ toolong_path_max = path_max;
+
+ size_t len = name_max;
+ memset (toolong_subdir, 'X', len);
+ toolong_initialized = true;
+}
+
+char *
+support_create_and_chdir_toolong_temp_directory (const char *basename)
+{
+ char *base = create_temp_directory_internal (basename, true);
+ xchdir (base);
+
+ initialize_toolong (base);
+
+ size_t sz = strlen (toolong_subdir);
+
+ /* Create directories and descend into them so that the final path is larger
+ than PATH_MAX. */
+ for (size_t i = 0; i <= toolong_path_max / sz; i++)
+ {
+ int ret = mkdir (toolong_subdir, S_IRWXU);
+ if (ret != 0 && errno == ENAMETOOLONG)
+ FAIL_UNSUPPORTED ("Filesystem does not support creating too long "
+ "directory trees\n");
+ else if (ret != 0)
+ FAIL_EXIT1 ("Failed to create directory tree: %m\n");
+ xchdir (toolong_subdir);
+ }
+ return base;
+}
void
-support_set_test_dir (const char *path)
+support_chdir_toolong_temp_directory (const char *base)
{
- test_dir = path;
+ ensure_toolong_initialized ();
+
+ xchdir (base);
+
+ size_t sz = strlen (toolong_subdir);
+ for (size_t i = 0; i <= toolong_path_max / sz; i++)
+ xchdir (toolong_subdir);
+}
+
+/* Helper functions called by the test skeleton follow. */
+
+static void
+remove_toolong_subdirs (const char *base)
+{
+ ensure_toolong_initialized ();
+
+ if (chdir (base) != 0)
+ {
+ printf ("warning: toolong cleanup base failed: chdir (\"%s\"): %m\n",
+ base);
+ return;
+ }
+
+ /* Descend. */
+ int levels = 0;
+ size_t sz = strlen (toolong_subdir);
+ for (levels = 0; levels <= toolong_path_max / sz; levels++)
+ if (chdir (toolong_subdir) != 0)
+ {
+ printf ("warning: toolong cleanup failed: chdir (\"%s\"): %m\n",
+ toolong_subdir);
+ break;
+ }
+
+ /* Ascend and remove. */
+ while (--levels >= 0)
+ {
+ if (chdir ("..") != 0)
+ {
+ printf ("warning: toolong cleanup failed: chdir (\"..\"): %m\n");
+ return;
+ }
+ if (remove (toolong_subdir) != 0)
+ {
+ printf ("warning: could not remove subdirectory: %s: %m\n",
+ toolong_subdir);
+ return;
+ }
+ }
}
void
@@ -123,6 +255,9 @@ support_delete_temp_files (void)
around, to prevent PID reuse.) */
if (temp_name_list->owner == pid)
{
+ if (temp_name_list->toolong)
+ remove_toolong_subdirs (temp_name_list->name);
+
if (remove (temp_name_list->name) != 0)
printf ("warning: could not remove temporary file: %s: %m\n",
temp_name_list->name);
@@ -147,3 +282,9 @@ support_print_temp_files (FILE *f)
fprintf (f, ")\n");
}
}
+
+void
+support_set_test_dir (const char *path)
+{
+ test_dir = path;
+}
diff --git a/support/temp_file.h b/support/temp_file.h
index d64563f41f1f50cd..055e31dcfb843ba6 100644
--- a/support/temp_file.h
+++ b/support/temp_file.h
@@ -44,6 +44,15 @@ int create_temp_file_in_dir (const char *base, const char *dir,
returns. The caller should free this string. */
char *support_create_temp_directory (const char *base);
+/* Create a temporary directory tree that is longer than PATH_MAX and schedule
+ it for deletion. BASENAME is used as a prefix for the unique directory
+ name, which the function returns. The caller should free this string. */
+char *support_create_and_chdir_toolong_temp_directory (const char *basename);
+
+/* Change into the innermost directory of the directory tree BASE, which was
+ created using support_create_and_chdir_toolong_temp_directory. */
+void support_chdir_toolong_temp_directory (const char *base);
+
__END_DECLS
#endif /* SUPPORT_TEMP_FILE_H */

View File

@ -0,0 +1,331 @@
commit 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e
Author: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Fri Jan 21 23:32:56 2022 +0530
getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)
No valid path returned by getcwd would fit into 1 byte, so reject the
size early and return NULL with errno set to ERANGE. This change is
prompted by CVE-2021-3999, which describes a single byte buffer
underflow and overflow when all of the following conditions are met:
- The buffer size (i.e. the second argument of getcwd) is 1 byte
- The current working directory is too long
- '/' is also mounted on the current working directory
Sequence of events:
- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG
because the linux kernel checks for name length before it checks
buffer size
- The code falls back to the generic getcwd in sysdeps/posix
- In the generic func, the buf[0] is set to '\0' on line 250
- this while loop on line 262 is bypassed:
while (!(thisdev == rootdev && thisino == rootino))
since the rootfs (/) is bind mounted onto the directory and the flow
goes on to line 449, where it puts a '/' in the byte before the
buffer.
- Finally on line 458, it moves 2 bytes (the underflowed byte and the
'\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow.
- buf is returned on line 469 and errno is not set.
This resolves BZ #28769.
Reviewed-by: Andreas Schwab <schwab@linux-m68k.org>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Qualys Security Advisory <qsa@qualys.com>
Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
# Conflicts:
# sysdeps/posix/getcwd.c
# sysdeps/unix/sysv/linux/Makefile
diff --git a/sysdeps/posix/getcwd.c b/sysdeps/posix/getcwd.c
index b53433a2dc77fafa..fcd7aaea79c6477b 100644
--- a/sysdeps/posix/getcwd.c
+++ b/sysdeps/posix/getcwd.c
@@ -238,6 +238,13 @@ __getcwd (char *buf, size_t size)
bool fd_needs_closing = false;
int fd = AT_FDCWD;
+ /* A size of 1 byte is never useful. */
+ if (size == 1)
+ {
+ __set_errno (ERANGE);
+ return NULL;
+ }
+
char *path;
#ifndef NO_ALLOCATION
size_t allocated = size;
diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile
index 688cf9fa9dea23a6..bb055f9d6b841ff5 100644
--- a/sysdeps/unix/sysv/linux/Makefile
+++ b/sysdeps/unix/sysv/linux/Makefile
@@ -180,7 +180,11 @@ sysdep_routines += xstatconv internal_statvfs internal_statvfs64 \
sysdep_headers += bits/fcntl-linux.h
-tests += tst-fallocate tst-fallocate64
+tests += \
+ tst-fallocate \
+ tst-fallocate64 \
+ tst-getcwd-smallbuff \
+# tests
endif
ifeq ($(subdir),elf)
diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
new file mode 100644
index 0000000000000000..d460d6e7662dc5e4
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
@@ -0,0 +1,241 @@
+/* Verify that getcwd returns ERANGE for size 1 byte and does not underflow
+ buffer when the CWD is too long and is also a mount target of /. See bug
+ #28769 or CVE-2021-3999 for more context.
+ Copyright The GNU Toolchain Authors.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <intprops.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#include <sys/socket.h>
+#include <sys/un.h>
+#include <support/check.h>
+#include <support/temp_file.h>
+#include <support/xsched.h>
+#include <support/xunistd.h>
+
+static char *base;
+#define BASENAME "tst-getcwd-smallbuff"
+#define MOUNT_NAME "mpoint"
+static int sockfd[2];
+
+static void
+do_cleanup (void)
+{
+ support_chdir_toolong_temp_directory (base);
+ TEST_VERIFY_EXIT (rmdir (MOUNT_NAME) == 0);
+ free (base);
+}
+
+static void
+send_fd (const int sock, const int fd)
+{
+ struct msghdr msg = {0};
+ union
+ {
+ struct cmsghdr hdr;
+ char buf[CMSG_SPACE (sizeof (int))];
+ } cmsgbuf = {0};
+ struct cmsghdr *cmsg;
+ struct iovec vec;
+ char ch = 'A';
+ ssize_t n;
+
+ msg.msg_control = &cmsgbuf.buf;
+ msg.msg_controllen = sizeof (cmsgbuf.buf);
+
+ cmsg = CMSG_FIRSTHDR (&msg);
+ cmsg->cmsg_len = CMSG_LEN (sizeof (int));
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_RIGHTS;
+ memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd));
+
+ vec.iov_base = &ch;
+ vec.iov_len = 1;
+ msg.msg_iov = &vec;
+ msg.msg_iovlen = 1;
+
+ while ((n = sendmsg (sock, &msg, 0)) == -1 && errno == EINTR);
+
+ TEST_VERIFY_EXIT (n == 1);
+}
+
+static int
+recv_fd (const int sock)
+{
+ struct msghdr msg = {0};
+ union
+ {
+ struct cmsghdr hdr;
+ char buf[CMSG_SPACE(sizeof(int))];
+ } cmsgbuf = {0};
+ struct cmsghdr *cmsg;
+ struct iovec vec;
+ ssize_t n;
+ char ch = '\0';
+ int fd = -1;
+
+ vec.iov_base = &ch;
+ vec.iov_len = 1;
+ msg.msg_iov = &vec;
+ msg.msg_iovlen = 1;
+
+ msg.msg_control = &cmsgbuf.buf;
+ msg.msg_controllen = sizeof (cmsgbuf.buf);
+
+ while ((n = recvmsg (sock, &msg, 0)) == -1 && errno == EINTR);
+ if (n != 1 || ch != 'A')
+ return -1;
+
+ cmsg = CMSG_FIRSTHDR (&msg);
+ if (cmsg == NULL)
+ return -1;
+ if (cmsg->cmsg_type != SCM_RIGHTS)
+ return -1;
+ memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd));
+ if (fd < 0)
+ return -1;
+ return fd;
+}
+
+static int
+child_func (void * const arg)
+{
+ xclose (sockfd[0]);
+ const int sock = sockfd[1];
+ char ch;
+
+ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
+ TEST_VERIFY_EXIT (ch == '1');
+
+ if (mount ("/", MOUNT_NAME, NULL, MS_BIND | MS_REC, NULL))
+ FAIL_EXIT1 ("mount failed: %m\n");
+ const int fd = xopen ("mpoint",
+ O_RDONLY | O_PATH | O_DIRECTORY | O_NOFOLLOW, 0);
+
+ send_fd (sock, fd);
+ xclose (fd);
+
+ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1);
+ TEST_VERIFY_EXIT (ch == 'a');
+
+ xclose (sock);
+ return 0;
+}
+
+static void
+update_map (char * const mapping, const char * const map_file)
+{
+ const size_t map_len = strlen (mapping);
+
+ const int fd = xopen (map_file, O_WRONLY, 0);
+ xwrite (fd, mapping, map_len);
+ xclose (fd);
+}
+
+static void
+proc_setgroups_write (const long child_pid, const char * const str)
+{
+ const size_t str_len = strlen(str);
+
+ char setgroups_path[sizeof ("/proc//setgroups") + INT_STRLEN_BOUND (long)];
+
+ snprintf (setgroups_path, sizeof (setgroups_path),
+ "/proc/%ld/setgroups", child_pid);
+
+ const int fd = open (setgroups_path, O_WRONLY);
+
+ if (fd < 0)
+ {
+ TEST_VERIFY_EXIT (errno == ENOENT);
+ FAIL_UNSUPPORTED ("/proc/%ld/setgroups not found\n", child_pid);
+ }
+
+ xwrite (fd, str, str_len);
+ xclose(fd);
+}
+
+static char child_stack[1024 * 1024];
+
+int
+do_test (void)
+{
+ base = support_create_and_chdir_toolong_temp_directory (BASENAME);
+
+ xmkdir (MOUNT_NAME, S_IRWXU);
+ atexit (do_cleanup);
+
+ TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0);
+ pid_t child_pid = xclone (child_func, NULL, child_stack,
+ sizeof (child_stack),
+ CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD);
+
+ xclose (sockfd[1]);
+ const int sock = sockfd[0];
+
+ char map_path[sizeof ("/proc//uid_map") + INT_STRLEN_BOUND (long)];
+ char map_buf[sizeof ("0 1") + INT_STRLEN_BOUND (long)];
+
+ snprintf (map_path, sizeof (map_path), "/proc/%ld/uid_map",
+ (long) child_pid);
+ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getuid());
+ update_map (map_buf, map_path);
+
+ proc_setgroups_write ((long) child_pid, "deny");
+ snprintf (map_path, sizeof (map_path), "/proc/%ld/gid_map",
+ (long) child_pid);
+ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getgid());
+ update_map (map_buf, map_path);
+
+ TEST_VERIFY_EXIT (send (sock, "1", 1, MSG_NOSIGNAL) == 1);
+ const int fd = recv_fd (sock);
+ TEST_VERIFY_EXIT (fd >= 0);
+ TEST_VERIFY_EXIT (fchdir (fd) == 0);
+
+ static char buf[2 * 10 + 1];
+ memset (buf, 'A', sizeof (buf));
+
+ /* Finally, call getcwd and check if it resulted in a buffer underflow. */
+ char * cwd = getcwd (buf + sizeof (buf) / 2, 1);
+ TEST_VERIFY (cwd == NULL);
+ TEST_VERIFY (errno == ERANGE);
+
+ for (int i = 0; i < sizeof (buf); i++)
+ if (buf[i] != 'A')
+ {
+ printf ("buf[%d] = %02x\n", i, (unsigned int) buf[i]);
+ support_record_failure ();
+ }
+
+ TEST_VERIFY_EXIT (send (sock, "a", 1, MSG_NOSIGNAL) == 1);
+ xclose (sock);
+ TEST_VERIFY_EXIT (xwaitpid (child_pid, NULL, 0) == child_pid);
+
+ return 0;
+}
+
+#define CLEANUP_HANDLER do_cleanup
+#include <support/test-driver.c>

View File

@ -0,0 +1,121 @@
commit de8995a2a04163617c1a233b4b81356ef9f9741f
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Mar 10 12:26:30 2021 -0300
support: Add xclone
It is a wrapper for Linux clone syscall, to simplify the call to the
use only the most common arguments and remove architecture specific
handling (such as ia64 different name and signature).
# Conflicts:
# support/Makefile
diff --git a/support/Makefile b/support/Makefile
index fb95a69ed9158e78..d2b95539403e416c 100644
--- a/support/Makefile
+++ b/support/Makefile
@@ -84,6 +84,7 @@ libsupport-routines = \
xcalloc \
xchdir \
xchroot \
+ xclone \
xclose \
xconnect \
xcopy_file_range \
diff --git a/support/xclone.c b/support/xclone.c
new file mode 100644
index 0000000000000000..924d2b875402a819
--- /dev/null
+++ b/support/xclone.c
@@ -0,0 +1,50 @@
+/* Auxiliary functions to issue the clone syscall.
+ Copyright (C) 2021 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#ifdef __linux__
+# include <support/check.h>
+# include <stackinfo.h> /* For _STACK_GROWS_{UP,DOWN}. */
+# include <xsched.h>
+
+pid_t
+xclone (int (*fn) (void *arg), void *arg, void *stack, size_t stack_size,
+ int flags)
+{
+ pid_t r = -1;
+
+# ifdef __ia64__
+ extern int __clone2 (int (*fn) (void *arg), void *stack, size_t stack_size,
+ int flags, void *arg, ...);
+ r = __clone2 (f, stack, stack_size, flags, arg, /* ptid */ NULL,
+ /* tls */ NULL, /* ctid */ ctid);
+# else
+# if _STACK_GROWS_DOWN
+ r = clone (fn, stack + stack_size, flags, arg, /* ptid */ NULL,
+ /* tls */ NULL, /* ctid */ NULL);
+# elif _STACK_GROWS_UP
+ r = clone (fn, stack, flags, arg, /* ptid */ NULL, /* tls */ NULL,
+ &ctid);
+# endif
+# endif
+
+ if (r < 0)
+ FAIL_EXIT1 ("clone: %m");
+
+ return r;
+}
+#endif
diff --git a/support/xsched.h b/support/xsched.h
new file mode 100644
index 0000000000000000..eefd731940187b39
--- /dev/null
+++ b/support/xsched.h
@@ -0,0 +1,34 @@
+/* Wrapper for sched.h functions.
+ Copyright (C) 2021 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#ifndef SUPPORT_XSCHED_H
+#define SUPPORT_XSCHED_H
+
+__BEGIN_DECLS
+
+#include <sched.h>
+#include <sys/types.h>
+
+#ifdef __linux__
+pid_t xclone (int (*fn) (void *arg), void *arg, void *stack,
+ size_t stack_size, int flags);
+#endif
+
+__END_DECLS
+
+#endif

View File

@ -0,0 +1,46 @@
commit 5b8e7980c5dabd9aaefeba4f0208baa8cf7653ee
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Jan 24 18:14:24 2022 +0100
Linux: Detect user namespace support in io/tst-getcwd-smallbuff
Otherwise the test fails with certain container runtimes.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
index d460d6e7662dc5e4..55362f6060a2b3be 100644
--- a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
+++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c
@@ -34,6 +34,7 @@
#include <sys/un.h>
#include <support/check.h>
#include <support/temp_file.h>
+#include <support/test-driver.h>
#include <support/xsched.h>
#include <support/xunistd.h>
@@ -188,6 +189,23 @@ do_test (void)
xmkdir (MOUNT_NAME, S_IRWXU);
atexit (do_cleanup);
+ /* Check whether user namespaces are supported. */
+ {
+ pid_t pid = xfork ();
+ if (pid == 0)
+ {
+ if (unshare (CLONE_NEWUSER | CLONE_NEWNS) != 0)
+ _exit (EXIT_UNSUPPORTED);
+ else
+ _exit (0);
+ }
+ int status;
+ xwaitpid (pid, &status, 0);
+ TEST_VERIFY_EXIT (WIFEXITED (status));
+ if (WEXITSTATUS (status) != 0)
+ return WEXITSTATUS (status);
+ }
+
TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0);
pid_t child_pid = xclone (child_func, NULL, child_stack,
sizeof (child_stack),

View File

@ -0,0 +1,24 @@
commit 3842ba494963b1d76ad5f68b8d1e5c2279160e31
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Tue Jun 1 09:23:40 2021 +0100
aarch64: align stack in clone [BZ #27939]
The AArch64 PCS requires 16 byte aligned stack. Previously if the
caller passed an unaligned stack to clone then the child crashed.
Fixes bug 27939.
diff --git a/sysdeps/unix/sysv/linux/aarch64/clone.S b/sysdeps/unix/sysv/linux/aarch64/clone.S
index e0653048259dd9a3..4a1a999447ee5cf1 100644
--- a/sysdeps/unix/sysv/linux/aarch64/clone.S
+++ b/sysdeps/unix/sysv/linux/aarch64/clone.S
@@ -48,6 +48,8 @@ ENTRY(__clone)
/* Sanity check args. */
mov x0, #-EINVAL
cbz x10, .Lsyscall_error
+ /* Align sp. */
+ and x1, x1, -16
cbz x1, .Lsyscall_error
/* Do the system call. */

View File

@ -0,0 +1,164 @@
commit e368b12f6c16b6888dda99ba641e999b9c9643c8
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Jan 17 10:21:34 2022 +0100
socket: Add the __sockaddr_un_set function
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
# Conflicts:
# socket/Makefile
diff --git a/include/sys/un.h b/include/sys/un.h
index bdbee999806930f4..152afd9fc7426d8b 100644
--- a/include/sys/un.h
+++ b/include/sys/un.h
@@ -1 +1,13 @@
#include <socket/sys/un.h>
+
+#ifndef _ISOMAC
+
+/* Set ADDR->sun_family to AF_UNIX and ADDR->sun_path to PATHNAME.
+ Return 0 on success or -1 on failure (due to overlong PATHNAME).
+ The caller should always use sizeof (struct sockaddr_un) as the
+ socket address length, disregaring the length of PATHNAME.
+ Only concrete (non-abstract) pathnames are supported. */
+int __sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
+ attribute_hidden;
+
+#endif /* _ISOMAC */
diff --git a/socket/Makefile b/socket/Makefile
index b41eb071507a6271..8975a65c2aabbfbc 100644
--- a/socket/Makefile
+++ b/socket/Makefile
@@ -29,10 +29,14 @@ headers := sys/socket.h sys/un.h bits/sockaddr.h bits/socket.h \
routines := accept bind connect getpeername getsockname getsockopt \
listen recv recvfrom recvmsg send sendmsg sendto \
setsockopt shutdown socket socketpair isfdtype opensock \
- sockatmark accept4 recvmmsg sendmmsg
+ sockatmark accept4 recvmmsg sendmmsg sockaddr_un_set
tests := tst-accept4
+tests-internal := \
+ tst-sockaddr_un_set \
+ # tests-internal
+
aux := sa_len
include ../Rules
diff --git a/socket/sockaddr_un_set.c b/socket/sockaddr_un_set.c
new file mode 100644
index 0000000000000000..0bd40dc34e3d7efc
--- /dev/null
+++ b/socket/sockaddr_un_set.c
@@ -0,0 +1,41 @@
+/* Set the sun_path member of struct sockaddr_un.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+int
+__sockaddr_un_set (struct sockaddr_un *addr, const char *pathname)
+{
+ size_t name_length = strlen (pathname);
+
+ /* The kernel supports names of exactly sizeof (addr->sun_path)
+ bytes, without a null terminator, but userspace does not; see the
+ SUN_LEN macro. */
+ if (name_length >= sizeof (addr->sun_path))
+ {
+ __set_errno (EINVAL); /* Error code used by the kernel. */
+ return -1;
+ }
+
+ addr->sun_family = AF_UNIX;
+ memcpy (addr->sun_path, pathname, name_length + 1);
+ return 0;
+}
diff --git a/socket/tst-sockaddr_un_set.c b/socket/tst-sockaddr_un_set.c
new file mode 100644
index 0000000000000000..29c2a81afda81b5e
--- /dev/null
+++ b/socket/tst-sockaddr_un_set.c
@@ -0,0 +1,62 @@
+/* Test the __sockaddr_un_set function.
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+/* Re-compile the function because the version in libc is not
+ exported. */
+#include "sockaddr_un_set.c"
+
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+ struct sockaddr_un sun;
+
+ memset (&sun, 0xcc, sizeof (sun));
+ __sockaddr_un_set (&sun, "");
+ TEST_COMPARE (sun.sun_family, AF_UNIX);
+ TEST_COMPARE (__sockaddr_un_set (&sun, ""), 0);
+
+ memset (&sun, 0xcc, sizeof (sun));
+ TEST_COMPARE (__sockaddr_un_set (&sun, "/example"), 0);
+ TEST_COMPARE_STRING (sun.sun_path, "/example");
+
+ {
+ char pathname[108]; /* Length of sun_path (ABI constant). */
+ memset (pathname, 'x', sizeof (pathname));
+ pathname[sizeof (pathname) - 1] = '\0';
+ memset (&sun, 0xcc, sizeof (sun));
+ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), 0);
+ TEST_COMPARE (sun.sun_family, AF_UNIX);
+ TEST_COMPARE_STRING (sun.sun_path, pathname);
+ }
+
+ {
+ char pathname[109];
+ memset (pathname, 'x', sizeof (pathname));
+ pathname[sizeof (pathname) - 1] = '\0';
+ memset (&sun, 0xcc, sizeof (sun));
+ errno = 0;
+ TEST_COMPARE (__sockaddr_un_set (&sun, pathname), -1);
+ TEST_COMPARE (errno, EINVAL);
+ }
+
+ return 0;
+}
+
+#include <support/test-driver.c>

View File

@ -0,0 +1,32 @@
commit 226b46770c82899b555986583294b049c6ec9b40
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Jan 17 10:21:34 2022 +0100
CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542)
Processing an overlong pathname in the sunrpc clnt_create function
results in a stack-based buffer overflow.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
diff --git a/sunrpc/clnt_gen.c b/sunrpc/clnt_gen.c
index 13ced8994e49d4ee..b44357cd88e60599 100644
--- a/sunrpc/clnt_gen.c
+++ b/sunrpc/clnt_gen.c
@@ -57,9 +57,13 @@ clnt_create (const char *hostname, u_long prog, u_long vers,
if (strcmp (proto, "unix") == 0)
{
- memset ((char *)&sun, 0, sizeof (sun));
- sun.sun_family = AF_UNIX;
- strcpy (sun.sun_path, hostname);
+ if (__sockaddr_un_set (&sun, hostname) < 0)
+ {
+ struct rpc_createerr *ce = &get_rpc_createerr ();
+ ce->cf_stat = RPC_SYSTEMERROR;
+ ce->cf_error.re_errno = errno;
+ return NULL;
+ }
sock = RPC_ANYSOCK;
client = clntunix_create (&sun, prog, vers, &sock, 0, 0);
if (client == NULL)

View File

@ -0,0 +1,80 @@
commit ef972a4c50014a16132b5c75571cfb6b30bef136
Author: Martin Sebor <msebor@redhat.com>
Date: Mon Jan 17 10:21:34 2022 +0100
sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542)
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
# Conflicts:
# sunrpc/Makefile
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index 85b0b3356aaf81a3..2f8f0597c99e117f 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -95,7 +95,8 @@ others += rpcgen
endif
tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \
- tst-udp-nonblocking
+ tst-udp-nonblocking tst-bug22542
+
xtests := tst-getmyaddr
ifeq ($(have-thread-library),yes)
@@ -246,3 +247,4 @@ $(objpfx)tst-udp-timeout: $(common-objpfx)linkobj/libc.so
$(objpfx)tst-udp-nonblocking: $(common-objpfx)linkobj/libc.so
$(objpfx)tst-udp-garbage: \
$(common-objpfx)linkobj/libc.so $(shared-thread-library)
+$(objpfx)tst-bug22542: $(common-objpfx)linkobj/libc.so
diff --git a/sunrpc/tst-bug22542.c b/sunrpc/tst-bug22542.c
new file mode 100644
index 0000000000000000..d6cd79787bdef21d
--- /dev/null
+++ b/sunrpc/tst-bug22542.c
@@ -0,0 +1,44 @@
+/* Test to verify that overlong hostname is rejected by clnt_create
+ and doesn't cause a buffer overflow (bug 22542).
+
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <rpc/clnt.h>
+#include <string.h>
+#include <support/check.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+static int
+do_test (void)
+{
+ /* Create an arbitrary hostname that's longer than fits in sun_path. */
+ char name [sizeof ((struct sockaddr_un*)0)->sun_path * 2];
+ memset (name, 'x', sizeof name - 1);
+ name [sizeof name - 1] = '\0';
+
+ errno = 0;
+ CLIENT *clnt = clnt_create (name, 0, 0, "unix");
+
+ TEST_VERIFY (clnt == NULL);
+ TEST_COMPARE (errno, EINVAL);
+ return 0;
+}
+
+#include <support/test-driver.c>

View File

@ -0,0 +1,101 @@
commit f545ad4928fa1f27a3075265182b38a4f939a5f7
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Jan 17 10:21:34 2022 +0100
CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768)
The sunrpc function svcunix_create suffers from a stack-based buffer
overflow with overlong pathname arguments.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index 2f8f0597c99e117f..5f7087aee494cc2e 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -95,7 +95,7 @@ others += rpcgen
endif
tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error tst-udp-timeout \
- tst-udp-nonblocking tst-bug22542
+ tst-udp-nonblocking tst-bug22542 tst-bug28768
xtests := tst-getmyaddr
diff --git a/sunrpc/svc_unix.c b/sunrpc/svc_unix.c
index c2c076aa87f0a2ad..8fac2b35da1d38a5 100644
--- a/sunrpc/svc_unix.c
+++ b/sunrpc/svc_unix.c
@@ -154,7 +154,10 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path)
SVCXPRT *xprt;
struct unix_rendezvous *r;
struct sockaddr_un addr;
- socklen_t len = sizeof (struct sockaddr_in);
+ socklen_t len = sizeof (addr);
+
+ if (__sockaddr_un_set (&addr, path) < 0)
+ return NULL;
if (sock == RPC_ANYSOCK)
{
@@ -165,12 +168,6 @@ svcunix_create (int sock, u_int sendsize, u_int recvsize, char *path)
}
madesock = TRUE;
}
- memset (&addr, '\0', sizeof (addr));
- addr.sun_family = AF_UNIX;
- len = strlen (path) + 1;
- memcpy (addr.sun_path, path, len);
- len += sizeof (addr.sun_family);
-
__bind (sock, (struct sockaddr *) &addr, len);
if (__getsockname (sock, (struct sockaddr *) &addr, &len) != 0
diff --git a/sunrpc/tst-bug28768.c b/sunrpc/tst-bug28768.c
new file mode 100644
index 0000000000000000..35a4b7b0b3d34350
--- /dev/null
+++ b/sunrpc/tst-bug28768.c
@@ -0,0 +1,42 @@
+/* Test to verify that long path is rejected by svcunix_create (bug 28768).
+ Copyright (C) 2022 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <rpc/svc.h>
+#include <shlib-compat.h>
+#include <string.h>
+#include <support/check.h>
+
+/* svcunix_create does not have a default version in linkobj/libc.so. */
+compat_symbol_reference (libc, svcunix_create, svcunix_create, GLIBC_2_1);
+
+static int
+do_test (void)
+{
+ char pathname[109];
+ memset (pathname, 'x', sizeof (pathname));
+ pathname[sizeof (pathname) - 1] = '\0';
+
+ errno = 0;
+ TEST_VERIFY (svcunix_create (RPC_ANYSOCK, 4096, 4096, pathname) == NULL);
+ TEST_COMPARE (errno, EINVAL);
+
+ return 0;
+}
+
+#include <support/test-driver.c>

View File

@ -0,0 +1,54 @@
commit 36f6e408845c8c539128f3fb9cb132bf1845a2c8
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Mar 9 21:07:24 2021 +0100
<shlib-compat.h>: Support compat_symbol_reference for _ISOMAC
This is helpful for testing compat symbols in cases where _ISOMAC
is activated implicitly due to -DMODULE_NAME=testsuite and cannot
be disabled easily.
diff --git a/include/libc-symbols.h b/include/libc-symbols.h
index 41436050d060b89f..44e12b63d40cc572 100644
--- a/include/libc-symbols.h
+++ b/include/libc-symbols.h
@@ -59,6 +59,19 @@
# define IN_MODULE (-1)
#endif
+/* Use symbol_version_reference to specify the version a symbol
+ reference should link to. Use symbol_version or
+ default_symbol_version for the definition of a versioned symbol.
+ The difference is that the latter is a no-op in non-shared
+ builds. */
+#ifdef __ASSEMBLER__
+# define symbol_version_reference(real, name, version) \
+ .symver real, name##@##version
+#else /* !__ASSEMBLER__ */
+# define symbol_version_reference(real, name, version) \
+ __asm__ (".symver " #real "," #name "@" #version)
+#endif
+
#ifndef _ISOMAC
/* This is defined for the compilation of all C library code. features.h
@@ -388,19 +401,6 @@ for linking")
past the last element in SET. */
#define symbol_set_end_p(set, ptr) ((ptr) >= (void *const *) &__stop_##set)
-/* Use symbol_version_reference to specify the version a symbol
- reference should link to. Use symbol_version or
- default_symbol_version for the definition of a versioned symbol.
- The difference is that the latter is a no-op in non-shared
- builds. */
-#ifdef __ASSEMBLER__
-# define symbol_version_reference(real, name, version) \
- .symver real, name##@##version
-#else /* !__ASSEMBLER__ */
-# define symbol_version_reference(real, name, version) \
- __asm__ (".symver " #real "," #name "@" #version)
-#endif
-
#ifdef SHARED
# define symbol_version(real, name, version) \
symbol_version_reference(real, name, version)

112
SOURCES/wrap-find-debuginfo.sh Executable file
View File

@ -0,0 +1,112 @@
#!/bin/bash
# Wrapper script for find-debuginfo.sh
#
# Usage:
# wrap-find-debuginfo.sh SYSROOT-PATH SCRIPT-PATH SCRIPT-ARGS...
#
# The wrapper saves the original version of ld.so found in SYSROOT-PATH,
# invokes SCRIPT-PATH with SCRIPT-ARGS, and then restores the
# LDSO-PATH file, followed by note merging and DWZ compression.
# As a result, ld.so has (mostly) unchanged debuginfo even
# after debuginfo extraction.
#
# For libc.so.6 and other shared objects, a set of strategic symbols
# is preserved in .symtab that are frequently used in valgrind
# suppressions and elsewhere.
set -evx
tar_tmp="$(mktemp)"
# Prefer a separately installed debugedit over the RPM-integrated one.
if command -v debugedit >/dev/null ; then
debugedit=debugedit
else
debugedit=/usr/lib/rpm/debugedit
fi
cleanup () {
rm -f "$tar_tmp"
}
trap cleanup 0
sysroot_path="$1"
shift
script_path="$1"
shift
# See run_ldso setting in glibc.spec.
ldso_list=`cd "$sysroot_path"; find . -name 'ld-*.so' -type f`
libc_list=`cd "$sysroot_path"; find . -name 'libc-*.so' -type f`
libdl_list=`cd "$sysroot_path"; find . -name 'libdl-*.so' -type f`
libpthread_list=`cd "$sysroot_path"; find . -name 'libpthread-*.so' -type f`
librt_list=`cd "$sysroot_path"; find . -name 'librt-*.so' -type f`
full_list="$ldso_list $libc_list $libdl_list $libpthread_list $librt_list"
# Preserve the original files.
(cd "$sysroot_path"; ls -l $full_list)
(cd "$sysroot_path"; tar cvf "$tar_tmp" $full_list)
# Run the debuginfo extraction.
"$script_path" "$@"
# Restore the original files.
(cd "$sysroot_path"; tar xf "$tar_tmp")
(cd "$sysroot_path"; ls -l $full_list)
# Reduce the size of notes. Primarily for annobin.
for p in $full_list
do
objcopy --merge-notes "$sysroot_path/$p"
done
# libc.so.6 and other shared objects: Reduce to valuable symbols.
# Eliminate file symbols, annobin symbols, and symbols used by the
# glibc build to implement hidden aliases (__EI_*). We would also
# like to remove __GI_* symbols, but even listing them explicitly (as
# in -K __GI_strlen) still causes strip to remove them, so there is no
# filtering of __GI_* here. (Debuginfo is gone after this, so no need
# to optimize it.)
for p in $libc_list $libdl_list $libpthread_list $librt_list ; do
strip -w \
-K '*' \
-K '!*.c' \
-K '!*.os' \
-K '!.annobin_*' \
-K '!__EI_*' \
-K '!__PRETTY_FUNCTION__*' \
"$sysroot_path/$p"
done
# ld.so: Rewrite the source file paths to match the extracted
# locations. First compute the arguments for invoking debugedit.
# See find-debuginfo.sh.
debug_dest_name="/usr/src/debug"
last_arg=
while true ; do
arg="$1"
shift || break
case "$arg" in
(--unique-debug-src-base)
debug_dest_name="/usr/src/debug/$1"
shift
;;
(-*)
;;
(*)
last_arg="$arg"
;;
esac
done
debug_base_name=${last_arg:-$RPM_BUILD_ROOT}
for p in $ldso_list
do
$debugedit -b "$debug_base_name" -d "$debug_dest_name" -n "$sysroot_path/$p"
done
# Apply single-file DWARF optimization.
for ldso in $ldso_list
do
dwz "$sysroot_path/$p"
done

View File

@ -1,6 +1,6 @@
%define glibcsrcdir glibc-2.28 %define glibcsrcdir glibc-2.28
%define glibcversion 2.28 %define glibcversion 2.28
%define glibcrelease 184%{?dist} %define glibcrelease 189%{?dist}
# Pre-release tarballs are pulled in from git using a command that is # Pre-release tarballs are pulled in from git using a command that is
# effectively: # effectively:
# #
@ -176,6 +176,23 @@ Source11: SUPPORTED
# Include in the source RPM for reference. # Include in the source RPM for reference.
Source12: ChangeLog.old Source12: ChangeLog.old
Source13: wrap-find-debuginfo.sh
######################################################################
# Activate the wrapper script for debuginfo generation, by rewriting
# the definition of __debug_install_post.
%{lua:
local wrapper = rpm.expand("%{SOURCE13}")
local sysroot = rpm.expand("%{glibc_sysroot}")
local original = rpm.expand("%{__find_debuginfo}")
rpm.define("__find_debuginfo " .. wrapper .. " " .. sysroot .. " " .. original)
}
# The wrapper script relies on the fact that debugedit does not change
# build IDs.
%define _no_recompute_build_ids 1
%undefine _unique_build_ids
############################################################################## ##############################################################################
# Patches: # Patches:
# - See each individual patch file for origin and upstream status. # - See each individual patch file for origin and upstream status.
@ -824,6 +841,20 @@ Patch646: glibc-rh2033648-1.patch
Patch647: glibc-rh2033648-2.patch Patch647: glibc-rh2033648-2.patch
Patch648: glibc-rh2036955.patch Patch648: glibc-rh2036955.patch
Patch649: glibc-rh2033655.patch Patch649: glibc-rh2033655.patch
Patch650: glibc-rh2007327-1.patch
Patch651: glibc-rh2007327-2.patch
Patch652: glibc-rh2032281-1.patch
Patch653: glibc-rh2032281-2.patch
Patch654: glibc-rh2032281-3.patch
Patch655: glibc-rh2032281-4.patch
Patch656: glibc-rh2032281-5.patch
Patch657: glibc-rh2032281-6.patch
Patch658: glibc-rh2032281-7.patch
Patch659: glibc-rh2045063-1.patch
Patch660: glibc-rh2045063-2.patch
Patch661: glibc-rh2045063-3.patch
Patch662: glibc-rh2045063-4.patch
Patch663: glibc-rh2045063-5.patch
############################################################################## ##############################################################################
# Continued list of core "glibc" package information: # Continued list of core "glibc" package information:
@ -913,7 +944,8 @@ Conflicts: prelink < 0.4.2
%if 0%{?_enable_debug_packages} %if 0%{?_enable_debug_packages}
BuildRequires: elfutils >= 0.72 BuildRequires: elfutils >= 0.72
BuildRequires: rpm >= 4.2-0.56 # -20 adds __find_debuginfo macro
BuildRequires: rpm >= 4.14.3-20
%endif %endif
%if %{without bootstrap} %if %{without bootstrap}
@ -1313,62 +1345,6 @@ which can be helpful during program debugging.
If unsure if you need this, don't install this package. If unsure if you need this, don't install this package.
##############################################################################
# glibc core "debuginfo" sub-package
##############################################################################
%if 0%{?_enable_debug_packages}
%define debug_package %{nil}
%define __debug_install_post %{nil}
%global __debug_package 1
# Disable thew new features that glibc packages don't use.
%undefine _debugsource_packages
%undefine _debuginfo_subpackages
%undefine _unique_debug_names
%undefine _unique_debug_srcs
%package debuginfo
Summary: Debug information for package %{name}
AutoReqProv: no
%ifarch %{debuginfocommonarches}
Requires: glibc-debuginfo-common = %{version}-%{release}
%else
%ifarch %{ix86} %{sparc}
Obsoletes: glibc-debuginfo-common
%endif
%endif
%description debuginfo
This package provides debug information for package %{name}.
Debug information is useful when developing applications that use this
package or when debugging this package.
This package also contains static standard C libraries with
debugging information. You need this only if you want to step into
C library routines during debugging programs statically linked against
one or more of the standard C libraries.
To use this debugging information, you need to link binaries
with -static -L%{_prefix}/lib/debug%{_libdir} compiler options.
##############################################################################
# glibc common "debuginfo-common" sub-package
##############################################################################
%ifarch %{debuginfocommonarches}
%package debuginfo-common
Summary: Debug information for package %{name}
AutoReqProv: no
%description debuginfo-common
This package provides debug information for package %{name}.
Debug information is useful when developing applications that use this
package or when debugging this package.
%comment Matches: %ifarch %{debuginfocommonarches}
%endif
%comment Matches: %if 0%{?_enable_debug_packages}
%endif
%if %{with benchtests} %if %{with benchtests}
%package benchtests %package benchtests
Summary: Benchmarking binaries and scripts for %{name} Summary: Benchmarking binaries and scripts for %{name}
@ -1829,15 +1805,6 @@ chmod 644 %{glibc_sysroot}%{_libdir}/gconv/gconv-modules.cache
# archives we might have added. # archives we might have added.
############################################################################## ##############################################################################
# If we are building a debug package then copy all of the static archives
# into the debug directory to keep them as unstripped copies.
%if 0%{?_enable_debug_packages}
mkdir -p %{glibc_sysroot}%{_prefix}/lib/debug%{_libdir}
cp -a %{glibc_sysroot}%{_libdir}/*.a \
%{glibc_sysroot}%{_prefix}/lib/debug%{_libdir}/
rm -f %{glibc_sysroot}%{_prefix}/lib/debug%{_libdir}/*_p.a
%endif
# Remove any zoneinfo files; they are maintained by tzdata. # Remove any zoneinfo files; they are maintained by tzdata.
rm -rf %{glibc_sysroot}%{_prefix}/share/zoneinfo rm -rf %{glibc_sysroot}%{_prefix}/share/zoneinfo
@ -1903,6 +1870,7 @@ popd
pushd iconv pushd iconv
ln -s ../locale/programs/charmap-kw.gperf . ln -s ../locale/programs/charmap-kw.gperf .
popd popd
%endif
%if %{with docs} %if %{with docs}
# Remove the `dir' info-heirarchy file which will be maintained # Remove the `dir' info-heirarchy file which will be maintained
@ -2002,11 +1970,6 @@ ar cr %{glibc_sysroot}%{_prefix}/%{_lib}/libpthread_nonshared.a
# - File list with the .so symbolic links for NSS packages. # - File list with the .so symbolic links for NSS packages.
# * compat-libpthread-nonshared.filelist. # * compat-libpthread-nonshared.filelist.
# - File list for compat-libpthread-nonshared subpackage. # - File list for compat-libpthread-nonshared subpackage.
# * debuginfo.filelist
# - Files for the glibc debuginfo package.
# * debuginfocommon.filelist
# - Files for the glibc common debuginfo package.
#
# Create the main file lists. This way we can append to any one of them later # Create the main file lists. This way we can append to any one of them later
# wihtout having to create it. Note these are removed at the start of the # wihtout having to create it. Note these are removed at the start of the
@ -2026,8 +1989,6 @@ touch nss_db.filelist
touch nss_hesiod.filelist touch nss_hesiod.filelist
touch nss-devel.filelist touch nss-devel.filelist
touch compat-libpthread-nonshared.filelist touch compat-libpthread-nonshared.filelist
touch debuginfo.filelist
touch debuginfocommon.filelist
############################################################################### ###############################################################################
# Master file list, excluding a few things. # Master file list, excluding a few things.
@ -2317,109 +2278,6 @@ echo "%{_prefix}/libexec/glibc-benchtests/validate_benchout.py*" >> benchtests.f
############################################################################### ###############################################################################
echo "%{_libdir}/libpthread_nonshared.a" >> compat-libpthread-nonshared.filelist echo "%{_libdir}/libpthread_nonshared.a" >> compat-libpthread-nonshared.filelist
###############################################################################
# glibc-debuginfocommon, and glibc-debuginfo
###############################################################################
find_debuginfo_args='--strict-build-id -g -i'
%ifarch %{debuginfocommonarches}
find_debuginfo_args="$find_debuginfo_args \
-l common.filelist \
-l utils.filelist \
-l nscd.filelist \
-p '.*/(sbin|libexec)/.*' \
-o debuginfocommon.filelist \
-l gconv.filelist \
-l nss_db.filelist -l nss_hesiod.filelist \
-l libnsl.filelist -l glibc.filelist \
%if %{with benchtests}
-l benchtests.filelist
%endif
"
%endif
/usr/lib/rpm/find-debuginfo.sh $find_debuginfo_args -o debuginfo.filelist
# List all of the *.a archives in the debug directory.
list_debug_archives()
{
local dir=%{_prefix}/lib/debug%{_libdir}
find %{glibc_sysroot}$dir -name "*.a" -printf "$dir/%%P\n"
}
%ifarch %{debuginfocommonarches}
# Remove the source files from the common package debuginfo.
sed -i '\#^%{glibc_sysroot}%{_prefix}/src/debug/#d' debuginfocommon.filelist
# Create a list of all of the source files we copied to the debug directory.
find %{glibc_sysroot}%{_prefix}/src/debug \
\( -type d -printf '%%%%dir ' \) , \
-printf '%{_prefix}/src/debug/%%P\n' > debuginfocommon.sources
%ifarch %{biarcharches}
# Add the source files to the core debuginfo package.
cat debuginfocommon.sources >> debuginfo.filelist
%else
%ifarch %{ix86}
%define basearch i686
%endif
%ifarch sparc sparcv9
%define basearch sparc
%endif
# The auxarches get only these few source files.
auxarches_debugsources=\
'/(generic|linux|%{basearch}|nptl(_db)?)/|/%{glibcsrcdir}/build|/dl-osinfo\.h'
# Place the source files into the core debuginfo pakcage.
egrep "$auxarches_debugsources" debuginfocommon.sources >> debuginfo.filelist
# Remove the source files from the common debuginfo package.
egrep -v "$auxarches_debugsources" \
debuginfocommon.sources >> debuginfocommon.filelist
%comment Matches: %ifarch %{biarcharches}
%endif
# Add the list of *.a archives in the debug directory to
# the common debuginfo package.
list_debug_archives >> debuginfocommon.filelist
%comment Matches: %ifarch %{debuginfocommonarches}
%endif
# Remove some common directories from the common package debuginfo so that we
# don't end up owning them.
exclude_common_dirs()
{
exclude_dirs="%{_prefix}/src/debug"
exclude_dirs="$exclude_dirs $(echo %{_prefix}/lib/debug{,/%{_lib},/bin,/sbin})"
exclude_dirs="$exclude_dirs $(echo %{_prefix}/lib/debug%{_prefix}{,/%{_lib},/libexec,/bin,/sbin})"
for d in $(echo $exclude_dirs | sed 's/ /\n/g'); do
sed -i "\|^%%dir $d/\?$|d" $1
done
# Special kludge: /usr/bin/ld.so is a symbolic link, so debuggers
# do not need it to locate debugging information (they can use
# the real path instead).
sed -i '\,^/usr/lib/debug/usr/bin/ld\.so\.debug$,d' $1
}
# The file does not exist on all architectures.
rm -f %{glibc_sysroot}/usr/lib/debug/usr/bin/ld.so.debug
%ifarch %{debuginfocommonarches}
exclude_common_dirs debuginfocommon.filelist
%endif
exclude_common_dirs debuginfo.filelist
%comment Matches: %if 0%{?_enable_debug_packages}
%endif
############################################################################## ##############################################################################
# Delete files that we do not intended to ship with the auxarch. # Delete files that we do not intended to ship with the auxarch.
# This is the only place where we touch the installed files after generating # This is the only place where we touch the installed files after generating
@ -2509,6 +2367,15 @@ echo ====================PLT RELOCS LIBC.SO==============
readelf -Wr %{glibc_sysroot}/%{_lib}/libc-*.so | sed -n -e "$PLTCMD" readelf -Wr %{glibc_sysroot}/%{_lib}/libc-*.so | sed -n -e "$PLTCMD"
echo ====================PLT RELOCS END================== echo ====================PLT RELOCS END==================
# Obtain a way to run the dynamic loader. Avoid matching the symbolic
# link and then pick the first loader (although there should be only
# one).
run_ldso="$(find %{glibc_sysroot}/%{_lib}/ld-*.so -type f | LC_ALL=C sort | head -n1) --library-path %{glibc_sysroot}/%{_lib}"
# Show the auxiliary vector as seen by the new library
# (even if we do not perform the valgrind test).
LD_SHOW_AUXV=1 $run_ldso /bin/true
# Finally, check if valgrind runs with the new glibc. # Finally, check if valgrind runs with the new glibc.
# We want to fail building if valgrind is not able to run with this glibc so # We want to fail building if valgrind is not able to run with this glibc so
# that we can then coordinate with valgrind to get it fixed before we update # that we can then coordinate with valgrind to get it fixed before we update
@ -2517,16 +2384,15 @@ pushd build-%{target}
# Show the auxiliary vector as seen by the new library # Show the auxiliary vector as seen by the new library
# (even if we do not perform the valgrind test). # (even if we do not perform the valgrind test).
LD_SHOW_AUXV=1 elf/ld.so --library-path .:elf:nptl:dlfcn /bin/true LD_SHOW_AUXV=1 $run_ldso /bin/true
%if %{with valgrind} %if %{with valgrind}
elf/ld.so --library-path .:elf:nptl:dlfcn \ $run_ldso /usr/bin/valgrind --error-exitcode=1 \
/usr/bin/valgrind --error-exitcode=1 \ $run_ldso /usr/bin/true
elf/ld.so --library-path .:elf:nptl:dlfcn /usr/bin/true
%endif %endif
popd popd
%comment Matches: %if %{run_glibc_tests} %comment Matches: %if %{with testsuite}
%endif %endif
@ -2797,15 +2663,6 @@ fi
%files -f libnsl.filelist -n libnsl %files -f libnsl.filelist -n libnsl
/%{_lib}/libnsl.so.1 /%{_lib}/libnsl.so.1
%if 0%{?_enable_debug_packages}
%files debuginfo -f debuginfo.filelist
%ifarch %{debuginfocommonarches}
%ifnarch %{auxarches}
%files debuginfo-common -f debuginfocommon.filelist
%endif
%endif
%endif
%if %{with benchtests} %if %{with benchtests}
%files benchtests -f benchtests.filelist %files benchtests -f benchtests.filelist
%endif %endif
@ -2813,6 +2670,23 @@ fi
%files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared
%changelog %changelog
* Thu Jan 27 2022 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-189
- CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak
(#2032281)
* Tue Jan 25 2022 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-188
- CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc clnt_create
for "unix" and svcunix_create (#2045063).
* Mon Jan 24 2022 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-187
- CVE-2021-3999: getcwd: Set errno to ERANGE for size == 1 (#2032281)
* Fri Jan 21 2022 Carlos O'Donell <carlos@redhat.com> - 2.28-186
- Fix pthread_once regression with C++ exceptions (#2007327)
* Thu Jan 20 2022 DJ Delorie <dj@redhat.com> - 2.28-185
- Adjust to rpm's find-debuginfo.sh changes, to keep stripping binaries (#1661513)
* Fri Jan 7 2022 Florian Weimer <fweimer@redhat.com> - 2.28-184 * Fri Jan 7 2022 Florian Weimer <fweimer@redhat.com> - 2.28-184
- Conversion from ISO-2022-JP-3 may emit spurious NUL character (#2033655) - Conversion from ISO-2022-JP-3 may emit spurious NUL character (#2033655)