diff --git a/glibc-RHEL-12867-3.patch b/glibc-RHEL-12867-3.patch new file mode 100644 index 0000000..4c09288 --- /dev/null +++ b/glibc-RHEL-12867-3.patch @@ -0,0 +1,32 @@ +commit b933e5cef63a6c136fe57de29eba7abc51b678de +Author: Florian Weimer +Date: Sun Dec 15 17:05:25 2024 +0100 + + Linux: Check for 0 return value from vDSO getrandom probe + + As of Linux 6.13, there is no code in the vDSO that declines this + initialization request with the special ~0UL state size. If the vDSO + has the function, the call succeeds and returns 0. It's expected + that the code would follow the “a negative value indicating an error” + convention, as indicated in the __cvdso_getrandom_data function + comment, so that INTERNAL_SYSCALL_ERROR_P on glibc's side would return + true. This commit changes the commit to check for zero to indicate + success instead, which covers potential future non-zero success + return values and error returns. + + Fixes commit 4f5704ea347e52ac3f272d1341da10aed6e9973e ("powerpc: Use + correct procedure call standard for getrandom vDSO call (bug 32440)"). + +diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c +index 0dc8fa6e65b9ef6a..d3eab66a1af6229e 100644 +--- a/sysdeps/unix/sysv/linux/getrandom.c ++++ b/sysdeps/unix/sysv/linux/getrandom.c +@@ -246,7 +246,7 @@ __getrandom_early_init (_Bool initial) + } params; + long int ret = INTERNAL_VSYSCALL_CALL (GLRO(dl_vdso_getrandom), + 5, NULL, 0, 0, ¶ms, ~0UL); +- if (! INTERNAL_SYSCALL_ERROR_P (ret)) ++ if (ret == 0) + { + /* Align each opaque state to L1 data cache size to avoid false + sharing. If the size can not be obtained, use the kernel diff --git a/glibc.spec b/glibc.spec index f574372..951c747 100644 --- a/glibc.spec +++ b/glibc.spec @@ -145,7 +145,7 @@ Version: %{glibcversion} # - It allows using the Release number without the %%dist tag in the dependency # generator to make the generated requires interchangeable between Rawhide # and ELN (.elnYY < .fcXX). -%global baserelease 30 +%global baserelease 31 Release: %{baserelease}%{?dist} # Licenses: @@ -483,6 +483,7 @@ Patch165: glibc-upstream-2.39-135.patch Patch166: glibc-upstream-2.39-136.patch Patch167: glibc-upstream-2.39-137.patch Patch168: glibc-RHEL-12867-2.patch +Patch169: glibc-RHEL-12867-3.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2478,6 +2479,9 @@ update_gconv_modules_cache () %endif %changelog +* Sun Dec 15 2024 Florian Weimer - 2.39-31 +- Minor update to getrandom vDSO handshake + * Wed Dec 11 2024 Florian Weimer - 2.39-30 - CVE-2024-12455: Incorrect getrandom return value on ppc64le