diff --git a/sharutils-4.15.2-fflush-adjust-to-glibc-2.28-libio.h-removal.patch b/sharutils-4.15.2-fflush-adjust-to-glibc-2.28-libio.h-removal.patch new file mode 100644 index 0000000..78e6564 --- /dev/null +++ b/sharutils-4.15.2-fflush-adjust-to-glibc-2.28-libio.h-removal.patch @@ -0,0 +1,178 @@ +From 0e2f412eeec2e1f7f5743ea23c62bdf98bf4102c Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Thu, 8 Mar 2018 16:42:45 -0800 +Subject: [PATCH] fflush: adjust to glibc 2.28 libio.h removal +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Petr Písař: Ported to sharutils-4.15.2 from: + +commit 4af4a4a71827c0bc5e0ec67af23edef4f15cee8e +Author: Paul Eggert +Date: Mon Mar 5 10:56:29 2018 -0800 + + fflush: adjust to glibc 2.28 libio.h removal + +Problem reported by Daniel P. Berrangé in: +https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html +* lib/fbufmode.c (fbufmode): +* lib/fflush.c (clear_ungetc_buffer_preserving_position) +(disable_seek_optimization, rpl_fflush): +* lib/fpending.c (__fpending): +* lib/fpurge.c (fpurge): +* lib/freadable.c (freadable): +* lib/freadahead.c (freadahead): +* lib/freading.c (freading): +* lib/freadptr.c (freadptr): +* lib/freadseek.c (freadptrinc): +* lib/fseeko.c (fseeko): +* lib/fseterr.c (fseterr): +* lib/fwritable.c (fwritable): +* lib/fwriting.c (fwriting): +Check _IO_EOF_SEEN instead of _IO_ftrylockfile. +* lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]: +Define if not already defined. + +commit 74d9d6a293d7462dea8f83e7fc5ac792e956a0ad +Author: Paul Eggert +Date: Thu Mar 8 16:42:45 2018 -0800 + + fflush: be more paranoid about libio.h change + +Suggested by Eli Zaretskii in: +https://lists.gnu.org/r/emacs-devel/2018-03/msg00270.html +* lib/fbufmode.c (fbufmode): +* lib/fflush.c (clear_ungetc_buffer_preserving_position) +(disable_seek_optimization, rpl_fflush): +* lib/fpending.c (__fpending): +* lib/fpurge.c (fpurge): +* lib/freadable.c (freadable): +* lib/freadahead.c (freadahead): +* lib/freading.c (freading): +* lib/freadptr.c (freadptr): +* lib/freadseek.c (freadptrinc): +* lib/fseeko.c (fseeko): +* lib/fseterr.c (fseterr): +* lib/fwritable.c (fwritable): +* lib/fwriting.c (fwriting): +Look at _IO_ftrylockfile as well as at _IO_EOF_SEEN. + +This is needed for glibc-2.28 (First spotted with +glibc-2.27.9000-13.fc29 on Fedora). + +Signed-off-by: Petr Písař +--- + lib/fflush.c | 9 ++++++--- + lib/fpurge.c | 3 ++- + lib/freading.c | 3 ++- + lib/fseeko.c | 6 ++++-- + lib/stdio-impl.h | 6 ++++++ + 5 files changed, 20 insertions(+), 7 deletions(-) + +diff --git a/lib/fflush.c b/lib/fflush.c +index 5ae3e41..d887ecb 100644 +--- a/lib/fflush.c ++++ b/lib/fflush.c +@@ -33,7 +33,8 @@ + #undef fflush + + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++/* GNU libc, BeOS, Haiku, Linux libc5 */ + + /* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */ + static void +@@ -72,7 +73,8 @@ clear_ungetc_buffer (FILE *fp) + + #endif + +-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) ++#if ! (defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1) ++/* GNU libc, BeOS, Haiku, Linux libc5 */ + + # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT + /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Android */ +@@ -148,7 +150,8 @@ rpl_fflush (FILE *stream) + if (stream == NULL || ! freading (stream)) + return fflush (stream); + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + + clear_ungetc_buffer_preserving_position (stream); + +diff --git a/lib/fpurge.c b/lib/fpurge.c +index f313b22..a760c4d 100644 +--- a/lib/fpurge.c ++++ b/lib/fpurge.c +@@ -62,7 +62,8 @@ fpurge (FILE *fp) + /* Most systems provide FILE as a struct and the necessary bitmask in + , because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_IO_read_end = fp->_IO_read_ptr; + fp->_IO_write_ptr = fp->_IO_write_base; + /* Avoid memory leak when there is an active ungetc buffer. */ +diff --git a/lib/freading.c b/lib/freading.c +index 0512b19..2341577 100644 +--- a/lib/freading.c ++++ b/lib/freading.c +@@ -31,7 +31,8 @@ freading (FILE *fp) + /* Most systems provide FILE as a struct and the necessary bitmask in + , because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + return ((fp->_flags & _IO_NO_WRITES) != 0 + || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0 + && fp->_IO_read_base != NULL)); +diff --git a/lib/fseeko.c b/lib/fseeko.c +index 1c65d2a..1b1cc2f 100644 +--- a/lib/fseeko.c ++++ b/lib/fseeko.c +@@ -47,7 +47,8 @@ fseeko (FILE *fp, off_t offset, int whence) + #endif + + /* These tests are based on fpurge.c. */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_read_end == fp->_IO_read_ptr + && fp->_IO_write_ptr == fp->_IO_write_base + && fp->_IO_save_base == NULL) +@@ -123,7 +124,8 @@ fseeko (FILE *fp, off_t offset, int whence) + return -1; + } + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 ++ /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_flags &= ~_IO_EOF_SEEN; + fp->_offset = pos; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ +diff --git a/lib/stdio-impl.h b/lib/stdio-impl.h +index 502d891..ea38ee2 100644 +--- a/lib/stdio-impl.h ++++ b/lib/stdio-impl.h +@@ -18,6 +18,12 @@ + the same implementation of stdio extension API, except that some fields + have different naming conventions, or their access requires some casts. */ + ++/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this ++ problem by defining it ourselves. FIXME: Do not rely on glibc ++ internals. */ ++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN ++# define _IO_IN_BACKUP 0x100 ++#endif + + /* BSD stdio derived implementations. */ + +-- +2.14.3 + diff --git a/sharutils.spec b/sharutils.spec index 17ea97f..737dd32 100644 --- a/sharutils.spec +++ b/sharutils.spec @@ -1,7 +1,7 @@ Summary: The GNU shar utilities for packaging and unpackaging shell archives Name: sharutils Version: 4.15.2 -Release: 9%{?dist} +Release: 10%{?dist} # The main code: GPLv3+ # lib (gnulib): GPLv3+ # lib/md5.c: Public Domain @@ -18,6 +18,8 @@ Patch0: %{name}-4.14.2-Pass-compilation-with-Werror-format-security.patch # bug #1548019, # Patch1: %{name}-4.15.2-Fix-a-heap-buffer-overflow-in-find_archive.patch +# Adapt bundled gnulib to glibc-2.28 +Patch2: %{name}-4.15.2-fflush-adjust-to-glibc-2.28-libio.h-removal.patch URL: http://www.gnu.org/software/%{name}/ BuildRequires: binutils BuildRequires: coreutils @@ -50,6 +52,7 @@ the shar files. %setup -q %patch0 -p1 -b .format %patch1 -p1 +%patch2 -p1 # convert TODO, THANKS to UTF-8 for i in TODO THANKS; do @@ -87,6 +90,9 @@ fi %{_mandir}/man5/* %changelog +* Tue Apr 10 2018 Petr Pisar - 4.15.2-10 +- Adapt bundled gnulib to glibc-2.28 + * Thu Feb 22 2018 Petr Pisar - 4.15.2-9 - Fix CVE-2018-1000097 (a heap buffer overflow in find_archive()) (bug #1548019)