microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update glibc to 2.35 to fix CVE-2022-23218 and CVE-2022-23219 (#2724) 

* update glibc to 2.35

* update manifests

* add patch

* patch cleanup

* apply glibc fhs patch in temp toolchain

* update libxcrypt glibcversion

* fix changelog typo
This commit is contained in:
Andrew Phelps 2022-04-15 13:19:43 -07:00 коммит произвёл GitHub
Родитель cf8471fe4e
Коммит 18a1c779a1
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
25 изменённых файлов: 61 добавлений и 2188 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

249
SPECS/glibc/0002-malloc-arena-fix.patch
Просмотреть файл

@ -1,249 +0,0 @@
From e72b84cec44852dd76365cb7e1bf691b56a8adfc Mon Sep 17 00:00:00 2001
From: Alexey Makhalov <amakhalov@vmware.com>
Date: Tue, 29 Aug 2017 21:10:08 +0000
Subject: [PATCH 2/2] malloc arena fix
---
elf/dl-tunables.list | 5 ++++
malloc/arena.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++
malloc/malloc.c | 31 +++++++++++++++++++++++++
malloc/malloc.h | 1 +
4 files changed, 101 insertions(+)
diff --git a/elf/dl-tunables.list b/elf/dl-tunables.list
index c188c6a..15a1a14 100644
--- a/elf/dl-tunables.list
+++ b/elf/dl-tunables.list
@@ -76,6 +76,11 @@ glibc {
minval: 1
security_level: SXID_IGNORE
}
+ arena_stickiness {
+ type: SIZE_T
+ env_alias: MALLOC_ARENA_STICKINESS
+ security_level: SXID_IGNORE
+ }
tcache_max {
type: SIZE_T
}
diff --git a/malloc/arena.c b/malloc/arena.c
index dc14fae..f0edf2b 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -63,6 +63,12 @@ typedef struct _heap_info
char pad[-6 * SIZE_SZ & MALLOC_ALIGN_MASK];
} heap_info;
+typedef struct _arena_tracker
+{
+ mstate arena; /* Arena most recently tracked for growth. */
+ size_t growth; /* Current size in bytes. */
+} arena_tracker;
+
/* Get a compile-time error if the heap_info padding is not correct
to make alignment work as expected in sYSMALLOc. */
extern int sanity_check_heap_info_alignment[(sizeof (heap_info)
@@ -73,6 +79,8 @@ extern int sanity_check_heap_info_alignment[(sizeof (heap_info)
static __thread mstate thread_arena attribute_tls_model_ie;
+static __thread arena_tracker thread_arena_tracker attribute_tls_model_ie;
+
/* Arena free list. free_list_lock synchronizes access to the
free_list variable below, and the next_free and attached_threads
members of struct malloc_state objects. No other locks must be
@@ -236,6 +244,7 @@ TUNABLE_CALLBACK_FNDECL (set_perturb_byte, int32_t)
TUNABLE_CALLBACK_FNDECL (set_trim_threshold, size_t)
TUNABLE_CALLBACK_FNDECL (set_arena_max, size_t)
TUNABLE_CALLBACK_FNDECL (set_arena_test, size_t)
+TUNABLE_CALLBACK_FNDECL (set_arena_stickiness, size_t)
#if USE_TCACHE
TUNABLE_CALLBACK_FNDECL (set_tcache_max, size_t)
TUNABLE_CALLBACK_FNDECL (set_tcache_count, size_t)
@@ -327,6 +336,7 @@ ptmalloc_init (void)
TUNABLE_GET (mmap_max, int32_t, TUNABLE_CALLBACK (set_mmaps_max));
TUNABLE_GET (arena_max, size_t, TUNABLE_CALLBACK (set_arena_max));
TUNABLE_GET (arena_test, size_t, TUNABLE_CALLBACK (set_arena_test));
+ TUNABLE_GET (arena_stickiness, size_t, TUNABLE_CALLBACK (set_arena_stickiness));
# if USE_TCACHE
TUNABLE_GET (tcache_max, size_t, TUNABLE_CALLBACK (set_tcache_max));
TUNABLE_GET (tcache_count, size_t, TUNABLE_CALLBACK (set_tcache_count));
@@ -392,6 +402,13 @@ ptmalloc_init (void)
__libc_mallopt (M_MMAP_THRESHOLD, atoi (&envline[16]));
}
break;
+ case 16:
+ if (!__builtin_expect (__libc_enable_secure, 0))
+ {
+ if (memcmp (envline, "ARENA_STICKINESS", 16) == 0)
+ __libc_mallopt (M_ARENA_STICKINESS, atoi (&envline[17]));
+ }
+ break;
default:
break;
}
@@ -974,6 +991,51 @@ arena_get_retry (mstate ar_ptr, size_t bytes)
return ar_ptr;
}
+static void
+arena_stickiness_track_alloc (void *victim)
+{
+ if (!victim || chunk_is_mmapped (mem2chunk (victim)))
+ return;
+
+ if (thread_arena_tracker.arena != arena_for_chunk (mem2chunk (victim))) {
+ thread_arena_tracker.growth = 0;
+ thread_arena_tracker.arena = arena_for_chunk (mem2chunk (victim));
+ } else {
+ thread_arena_tracker.growth += chunksize (mem2chunk (victim));
+ if (thread_arena_tracker.growth >= mp_.arena_stickiness) {
+ /* Swtich thread to the next arena */
+ mstate replaced_arena = thread_arena;
+ mstate next_to_use = replaced_arena->next;
+
+ __libc_lock_lock (free_list_lock);
+ detach_arena (replaced_arena);
+#if 0
+ /* If this was the last attached thread for this arena, put the
+ arena on the free list. */
+ if (replaced_arena->attached_threads == 0)
+ {
+ replaced_arena->next_free = free_list;
+ free_list = replaced_arena;
+ }
+#endif
+ if (next_to_use->attached_threads == 0)
+ remove_from_free_list (next_to_use);
+ ++next_to_use->attached_threads;
+
+ __libc_lock_unlock (free_list_lock);
+ thread_arena = next_to_use;
+ }
+ }
+}
+
+/* chunk must be valid and not mmaped. */
+static void
+arena_stickiness_track_free (mchunkptr chunk)
+{
+ if (thread_arena_tracker.arena == arena_for_chunk (chunk))
+ thread_arena_tracker.growth -= chunksize (chunk);
+}
+
void
__malloc_arena_thread_freeres (void)
{
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 54e406b..29787a5 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -1723,6 +1723,7 @@ struct malloc_par
INTERNAL_SIZE_T mmap_threshold;
INTERNAL_SIZE_T arena_test;
INTERNAL_SIZE_T arena_max;
+ INTERNAL_SIZE_T arena_stickiness;
/* Memory map support */
int n_mmaps;
@@ -1787,6 +1788,7 @@ static struct malloc_par mp_ =
.mmap_threshold = DEFAULT_MMAP_THRESHOLD,
.trim_threshold = DEFAULT_TRIM_THRESHOLD,
#define NARENAS_FROM_NCORES(n) ((n) * (sizeof (long) == 4 ? 2 : 8))
+ .arena_stickiness = 0,
.arena_test = NARENAS_FROM_NCORES (1)
#if USE_TCACHE
,
@@ -3083,6 +3085,10 @@ __libc_malloc (size_t bytes)
assert (!victim || chunk_is_mmapped (mem2chunk (victim)) ||
ar_ptr == arena_for_chunk (mem2chunk (victim)));
+
+ if (mp_.arena_stickiness > 0)
+ arena_stickiness_track_alloc (victim);
+
return victim;
}
libc_hidden_def (__libc_malloc)
@@ -3126,6 +3132,9 @@ __libc_free (void *mem)
MAYBE_INIT_TCACHE ();
+ if (mp_.arena_stickiness > 0)
+ arena_stickiness_track_free (p);
+
ar_ptr = arena_for_chunk (p);
_int_free (ar_ptr, p, 0);
}
@@ -3226,6 +3235,8 @@ __libc_realloc (void *oldmem, size_t bytes)
return newp;
}
+ if (mp_.arena_stickiness > 0)
+ arena_stickiness_track_free (oldp);
__libc_lock_lock (ar_ptr->mutex);
newp = _int_realloc (ar_ptr, oldp, oldsize, nb);
@@ -3234,6 +3245,9 @@ __libc_realloc (void *oldmem, size_t bytes)
assert (!newp || chunk_is_mmapped (mem2chunk (newp)) ||
ar_ptr == arena_for_chunk (mem2chunk (newp)));
+ if (mp_.arena_stickiness > 0)
+ arena_stickiness_track_alloc (newp);
+
if (newp == NULL)
{
/* Try harder to allocate memory in other arenas. */
@@ -3452,6 +3466,9 @@ __libc_calloc (size_t n, size_t elem_size)
return mem;
}
+ if (mp_.arena_stickiness > 0)
+ arena_stickiness_track_alloc (mem);
+
csz = chunksize (p);
#if MORECORE_CLEARS
@@ -5145,6 +5162,15 @@ do_set_arena_max (size_t value)
return 1;
}
+static inline int
+__always_inline
+do_set_arena_stickiness (size_t value)
+{
+ LIBC_PROBE (memory_mallopt_arena_stickiness, 2, value, mp_.arena_stickiness);
+ mp_.arena_stickiness = value;
+ return 1;
+}
+
#if USE_TCACHE
static inline int
__always_inline
@@ -5237,6 +5263,11 @@ __libc_mallopt (int param_number, int value)
if (value > 0)
do_set_arena_max (value);
break;
+
+ case M_ARENA_STICKINESS:
+ if (value > 0)
+ do_set_arena_stickiness (value);
+ break;
}
__libc_lock_unlock (av->mutex);
return res;
diff --git a/malloc/malloc.h b/malloc/malloc.h
index 339ab64..31bdb44 100644
--- a/malloc/malloc.h
+++ b/malloc/malloc.h
@@ -121,6 +121,7 @@ extern struct mallinfo mallinfo (void) __THROW;
#define M_PERTURB -6
#define M_ARENA_TEST -7
#define M_ARENA_MAX -8
+#define M_ARENA_STICKINESS -9
/* General SVID/XPG interface to tunable parameters. */
extern int mallopt (int __param, int __val) __THROW;
--
2.9.3

728
SPECS/glibc/CVE-2016-10739.patch
Просмотреть файл

@ -1,728 +0,0 @@
From 108bc4049f8ae82710aec26a92ffdb4b439c83fd Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 21 Jan 2019 21:26:03 +0100
Subject: [PATCH] CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings
[BZ #20018]
The IPv4 address parser in the getaddrinfo function is changed so that
it does not ignore trailing whitespace and all characters after it.
For backwards compatibility, the getaddrinfo function still recognizes
legacy name syntax, such as 192.000.002.010 interpreted as 192.0.2.8
(octal).
This commit does not change the behavior of inet_addr and inet_aton.
gethostbyname already had additional sanity checks (but is switched
over to the new __inet_aton_exact function for completeness as well).
To avoid sending the problematic query names over DNS, commit
6ca53a2453598804a2559a548a08424fca96434a ("resolv: Do not send queries
for non-host-names in nss_dns [BZ #24112]") is needed.
This patch has been modified to apply to 2.28 release.
---
include/arpa/inet.h | 6 +-
nscd/gai.c | 1 -
nscd/gethstbynm3_r.c | 2 -
nss/digits_dots.c | 3 +-
resolv/Makefile | 7 ++
resolv/Versions | 1 +
resolv/inet_addr.c | 62 ++++++++++-----
resolv/res_init.c | 17 ++--
resolv/tst-aton.c | 35 +++++++--
resolv/tst-inet_aton_exact.c | 47 +++++++++++
resolv/tst-resolv-nondecimal.c | 139 +++++++++++++++++++++++++++++++++
resolv/tst-resolv-trailing.c | 136 ++++++++++++++++++++++++++++++++
sysdeps/posix/getaddrinfo.c | 2 +-
15 files changed, 455 insertions(+), 40 deletions(-)
create mode 100644 resolv/tst-inet_aton_exact.c
create mode 100644 resolv/tst-resolv-nondecimal.c
create mode 100644 resolv/tst-resolv-trailing.c
diff --git a/include/arpa/inet.h b/include/arpa/inet.h
index c3f28f2baa..19aec74275 100644
--- a/include/arpa/inet.h
+++ b/include/arpa/inet.h
@@ -1,10 +1,10 @@
#include <inet/arpa/inet.h>
#ifndef _ISOMAC
-extern int __inet_aton (const char *__cp, struct in_addr *__inp);
-libc_hidden_proto (__inet_aton)
+/* Variant of inet_aton which rejects trailing garbage. */
+extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
+libc_hidden_proto (__inet_aton_exact)
-libc_hidden_proto (inet_aton)
libc_hidden_proto (inet_ntop)
libc_hidden_proto (inet_pton)
extern __typeof (inet_pton) __inet_pton;
diff --git a/nscd/gai.c b/nscd/gai.c
index fd4e8e092f..801d304d47 100644
--- a/nscd/gai.c
+++ b/nscd/gai.c
@@ -19,7 +19,6 @@
/* This file uses the getaddrinfo code but it compiles it without NSCD
support. We just need a few symbol renames. */
-#define __inet_aton inet_aton
#define __ioctl ioctl
#define __getsockname getsockname
#define __socket socket
diff --git a/nscd/gethstbynm3_r.c b/nscd/gethstbynm3_r.c
index 9f70a86a58..ff594b6d27 100644
--- a/nscd/gethstbynm3_r.c
+++ b/nscd/gethstbynm3_r.c
@@ -38,8 +38,6 @@
#define HAVE_LOOKUP_BUFFER 1
#define HAVE_AF 1
-#define __inet_aton inet_aton
-
/* We are nscd, so we don't want to be talking to ourselves. */
#undef USE_NSCD
diff --git a/nss/digits_dots.c b/nss/digits_dots.c
index 95015896a4..440d9955d2 100644
--- a/nss/digits_dots.c
+++ b/nss/digits_dots.c
@@ -29,7 +29,6 @@
#include "nsswitch.h"
#ifdef USE_NSCD
-# define inet_aton __inet_aton
# include <nscd/nscd_proto.h>
#endif
@@ -160,7 +159,7 @@ __nss_hostname_digits_dots_context (struct resolv_context *ctx,
255.255.255.255? The test below will succeed
spuriously... ??? */
if (af == AF_INET)
- ok = __inet_aton (name, (struct in_addr *) host_addr);
+ ok = __inet_aton_exact (name, (struct in_addr *) host_addr);
else
{
assert (af == AF_INET6);
diff --git a/resolv/Makefile b/resolv/Makefile
index 450e171b01..8f22e6a154 100644
--- a/resolv/Makefile
+++ b/resolv/Makefile
@@ -34,6 +34,9 @@ routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
tests = tst-aton tst-leaks tst-inet_ntop
xtests = tst-leaks2
+tests-internal += tst-inet_aton_exact
+
+
generate := mtrace-tst-leaks.out tst-leaks.mtrace tst-leaks2.mtrace
extra-libs := libresolv libnss_dns
@@ -54,8 +57,10 @@ tests += \
tst-resolv-binary \
tst-resolv-edns \
tst-resolv-network \
+ tst-resolv-nondecimal \
tst-resolv-res_init-multi \
tst-resolv-search \
+ tst-resolv-trailing \
# These tests need libdl.
ifeq (yes,$(build-shared))
@@ -190,9 +195,11 @@ $(objpfx)tst-resolv-res_init-multi: $(objpfx)libresolv.so \
$(shared-thread-library)
$(objpfx)tst-resolv-res_init-thread: $(libdl) $(objpfx)libresolv.so \
$(shared-thread-library)
+$(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library)
+$(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-threads: \
$(libdl) $(objpfx)libresolv.so $(shared-thread-library)
$(objpfx)tst-resolv-canonname: \
diff --git a/resolv/Versions b/resolv/Versions
index b05778d965..9a82704af7 100644
--- a/resolv/Versions
+++ b/resolv/Versions
@@ -27,6 +27,7 @@ libc {
__h_errno; __resp;
__res_iclose;
+ __inet_aton_exact;
__inet_pton_length;
__resolv_context_get;
__resolv_context_get_preinit;
diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
index 32f58b0e13..41b6166a5b 100644
--- a/resolv/inet_addr.c
+++ b/resolv/inet_addr.c
@@ -96,29 +96,14 @@
#include <limits.h>
#include <errno.h>
-/*
- * Ascii internet address interpretation routine.
- * The value returned is in network order.
- */
-in_addr_t
-__inet_addr(const char *cp) {
- struct in_addr val;
-
- if (__inet_aton(cp, &val))
- return (val.s_addr);
- return (INADDR_NONE);
-}
-weak_alias (__inet_addr, inet_addr)
-
-/*
- * Check whether "cp" is a valid ascii representation
- * of an Internet address and convert to a binary address.
- * Returns 1 if the address is valid, 0 if not.
- * This replaces inet_addr, the return value from which
- * cannot distinguish between failure and a local broadcast address.
- */
-int
-__inet_aton(const char *cp, struct in_addr *addr)
+ /* Check whether "cp" is a valid ASCII representation of an IPv4
+ Internet address and convert it to a binary address. Returns 1 if
+ the address is valid, 0 if not. This replaces inet_addr, the
+ return value from which cannot distinguish between failure and a
+ local broadcast address. Write a pointer to the first
+ non-converted character to *endp. */
+static int
+inet_aton_end (const char *cp, struct in_addr *addr, const char **endp)
{
static const in_addr_t max[4] = { 0xffffffff, 0xffffff, 0xffff, 0xff };
in_addr_t val;
@@ -180,6 +168,7 @@ __inet_aton (const char *cp, struct in_addr *addr)
if (addr != NULL)
addr->s_addr = res.word | htonl (val);
+ *endp = cp;
__set_errno (saved_errno);
return (1);
@@ -188,6 +177,41 @@ __inet_aton (const char *cp, struct in_addr *addr)
__set_errno (saved_errno);
return (0);
}
-weak_alias (__inet_aton, inet_aton)
-libc_hidden_def (__inet_aton)
-libc_hidden_weak (inet_aton)
+
+int
+__inet_aton_exact (const char *cp, struct in_addr *addr)
+{
+ struct in_addr val;
+ const char *endp;
+ /* Check that inet_aton_end parsed the entire string. */
+ if (inet_aton_end (cp, &val, &endp) != 0 && *endp == 0)
+ {
+ *addr = val;
+ return 1;
+ }
+ else
+ return 0;
+}
+libc_hidden_def (__inet_aton_exact)
+
+/* inet_aton ignores trailing garbage. */
+int
+__inet_aton_ignore_trailing (const char *cp, struct in_addr *addr)
+{
+ const char *endp;
+ return inet_aton_end (cp, addr, &endp);
+}
+weak_alias (__inet_aton_ignore_trailing, inet_aton)
+
+/* ASCII IPv4 Internet address interpretation routine. The value
+ returned is in network order. */
+in_addr_t
+__inet_addr (const char *cp)
+{
+ struct in_addr val;
+ const char *endp;
+ if (inet_aton_end (cp, &val, &endp))
+ return val.s_addr;
+ return INADDR_NONE;
+}
+weak_alias (__inet_addr, inet_addr)
diff --git a/resolv/res_init.c b/resolv/res_init.c
index 58c563898e..265e3cc6e3 100644
--- a/resolv/res_init.c
+++ b/resolv/res_init.c
@@ -399,8 +399,16 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
cp = parser->buffer + sizeof ("nameserver") - 1;
while (*cp == ' ' || *cp == '\t')
cp++;
+
+ /* Ignore trailing contents on the name server line. */
+ {
+ char *el;
+ if ((el = strpbrk (cp, " \t\n")) != NULL)
+ *el = '\0';
+ }
+
struct sockaddr *sa;
- if ((*cp != '\0') && (*cp != '\n') && __inet_aton (cp, &a))
+ if ((*cp != '\0') && (*cp != '\n') && __inet_aton_exact (cp, &a))
{
sa = allocate_address_v4 (a, NAMESERVER_PORT);
if (sa == NULL)
@@ -410,9 +418,6 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
{
struct in6_addr a6;
char *el;
-
- if ((el = strpbrk (cp, " \t\n")) != NULL)
- *el = '\0';
if ((el = strchr (cp, SCOPE_DELIMITER)) != NULL)
*el = '\0';
if ((*cp != '\0') && (__inet_pton (AF_INET6, cp, &a6) > 0))
@@ -472,7 +477,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
char separator = *cp;
*cp = 0;
struct resolv_sortlist_entry e;
- if (__inet_aton (net, &a))
+ if (__inet_aton_exact (net, &a))
{
e.addr = a;
if (is_sort_mask (separator))
@@ -484,7 +489,7 @@ res_vinit_1 (FILE *fp, struct resolv_conf_parser *parser)
cp++;
separator = *cp;
*cp = 0;
- if (__inet_aton (net, &a))
+ if (__inet_aton_exact (net, &a))
e.mask = a.s_addr;
else
e.mask = net_mask (e.addr);
diff --git a/resolv/tst-aton.c b/resolv/tst-aton.c
index 08110a007a..eb734d7758 100644
--- a/resolv/tst-aton.c
+++ b/resolv/tst-aton.c
@@ -1,11 +1,29 @@
+/* Test legacy IPv4 text-to-address function inet_aton.
+ Copyright (C) 1998-2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <array_length.h>
#include <stdio.h>
#include <stdint.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-
-static struct tests
+static const struct tests
{
const char *input;
int valid;
@@ -16,6 +34,7 @@ static struct tests
{ "-1", 0, 0 },
{ "256", 1, 0x00000100 },
{ "256.", 0, 0 },
+ { "255a", 0, 0 },
{ "256a", 0, 0 },
{ "0x100", 1, 0x00000100 },
{ "0200.0x123456", 1, 0x80123456 },
@@ -40,7 +59,12 @@ static struct tests
{ "1.2.256.4", 0, 0 },
{ "1.2.3.0x100", 0, 0 },
{ "323543357756889", 0, 0 },
- { "10.1.2.3.4", 0, 0},
+ { "10.1.2.3.4", 0, 0 },
+ { "192.0.2.1", 1, 0xc0000201 },
+ { "192.0.2.2\nX", 1, 0xc0000202 },
+ { "192.0.2.3 Y", 1, 0xc0000203 },
+ { "192.0.2.3Z", 0, 0 },
+ { "192.000.002.010", 1, 0xc0000208 },
};
@@ -50,7 +74,7 @@ do_test (void)
int result = 0;
size_t cnt;
- for (cnt = 0; cnt < sizeof (tests) / sizeof (tests[0]); ++cnt)
+ for (cnt = 0; cnt < array_length (tests); ++cnt)
{
struct in_addr addr;
@@ -73,5 +97,4 @@ do_test (void)
return result;
}
-#define TEST_FUNCTION do_test ()
-#include "../test-skeleton.c"
+#include <support/test-driver.c>
diff --git a/resolv/tst-inet_aton_exact.c b/resolv/tst-inet_aton_exact.c
new file mode 100644
index 0000000000..0fdfa3d6aa
--- /dev/null
+++ b/resolv/tst-inet_aton_exact.c
@@ -0,0 +1,47 @@
+/* Test internal legacy IPv4 text-to-address function __inet_aton_exact.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <arpa/inet.h>
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+ struct in_addr addr = { };
+
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.1", &addr), 1);
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000201);
+
+ TEST_COMPARE (__inet_aton_exact ("192.000.002.010", &addr), 1);
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000208);
+ TEST_COMPARE (__inet_aton_exact ("0xC0000234", &addr), 1);
+ TEST_COMPARE (ntohl (addr.s_addr), 0xC0000234);
+
+ /* Trailing content is not accepted. */
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.2X", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.3 Y", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.4\nZ", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.5\tT", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.6 Y", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.7\n", &addr), 0);
+ TEST_COMPARE (__inet_aton_exact ("192.0.2.8\t", &addr), 0);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/resolv/tst-resolv-nondecimal.c b/resolv/tst-resolv-nondecimal.c
new file mode 100644
index 0000000000..a0df6f332a
--- /dev/null
+++ b/resolv/tst-resolv-nondecimal.c
@@ -0,0 +1,139 @@
+/* Test name resolution behavior for octal, hexadecimal IPv4 addresses.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <netdb.h>
+#include <stdlib.h>
+#include <support/check.h>
+#include <support/check_nss.h>
+#include <support/resolv_test.h>
+#include <support/support.h>
+
+static void
+response (const struct resolv_response_context *ctx,
+ struct resolv_response_builder *b,
+ const char *qname, uint16_t qclass, uint16_t qtype)
+{
+ /* The tests are not supposed send any DNS queries. */
+ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
+}
+
+static void
+run_query_addrinfo (const char *query, const char *address)
+{
+ char *quoted_query = support_quote_string (query);
+
+ struct addrinfo *ai;
+ struct addrinfo hints =
+ {
+ .ai_socktype = SOCK_STREAM,
+ .ai_protocol = IPPROTO_TCP,
+ };
+
+ char *context = xasprintf ("getaddrinfo \"%s\" AF_INET", quoted_query);
+ char *expected = xasprintf ("address: STREAM/TCP %s 80\n", address);
+ hints.ai_family = AF_INET;
+ int ret = getaddrinfo (query, "80", &hints, &ai);
+ check_addrinfo (context, ai, ret, expected);
+ if (ret == 0)
+ freeaddrinfo (ai);
+ free (context);
+
+ context = xasprintf ("getaddrinfo \"%s\" AF_UNSPEC", quoted_query);
+ hints.ai_family = AF_UNSPEC;
+ ret = getaddrinfo (query, "80", &hints, &ai);
+ check_addrinfo (context, ai, ret, expected);
+ if (ret == 0)
+ freeaddrinfo (ai);
+ free (expected);
+ free (context);
+
+ context = xasprintf ("getaddrinfo \"%s\" AF_INET6", quoted_query);
+ expected = xasprintf ("flags: AI_V4MAPPED\n"
+ "address: STREAM/TCP ::ffff:%s 80\n",
+ address);
+ hints.ai_family = AF_INET6;
+ hints.ai_flags = AI_V4MAPPED;
+ ret = getaddrinfo (query, "80", &hints, &ai);
+ check_addrinfo (context, ai, ret, expected);
+ if (ret == 0)
+ freeaddrinfo (ai);
+ free (expected);
+ free (context);
+
+ free (quoted_query);
+}
+
+static void
+run_query (const char *query, const char *address)
+{
+ char *quoted_query = support_quote_string (query);
+ char *context = xasprintf ("gethostbyname (\"%s\")", quoted_query);
+ char *expected = xasprintf ("name: %s\n"
+ "address: %s\n", query, address);
+ check_hostent (context, gethostbyname (query), expected);
+ free (context);
+
+ context = xasprintf ("gethostbyname_r \"%s\"", quoted_query);
+ struct hostent storage;
+ char buf[4096];
+ struct hostent *e = NULL;
+ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
+ &e, &h_errno), 0);
+ check_hostent (context, e, expected);
+ free (context);
+
+ context = xasprintf ("gethostbyname2 (\"%s\", AF_INET)", quoted_query);
+ check_hostent (context, gethostbyname2 (query, AF_INET), expected);
+ free (context);
+
+ context = xasprintf ("gethostbyname2_r \"%s\" AF_INET", quoted_query);
+ e = NULL;
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET, &storage, buf, sizeof (buf),
+ &e, &h_errno), 0);
+ check_hostent (context, e, expected);
+ free (context);
+ free (expected);
+
+ free (quoted_query);
+
+ /* The gethostbyname tests are always valid for getaddrinfo, but not
+ vice versa. */
+ run_query_addrinfo (query, address);
+}
+
+static int
+do_test (void)
+{
+ struct resolv_test *aux = resolv_test_start
+ ((struct resolv_redirect_config)
+ {
+ .response_callback = response,
+ });
+
+ run_query ("192.000.002.010", "192.0.2.8");
+
+ /* Hexadecimal numbers are not accepted by gethostbyname. */
+ run_query_addrinfo ("0xc0000210", "192.0.2.16");
+ run_query_addrinfo ("192.0x234", "192.0.2.52");
+
+ resolv_test_end (aux);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/resolv/tst-resolv-trailing.c b/resolv/tst-resolv-trailing.c
new file mode 100644
index 0000000000..7504bdae57
--- /dev/null
+++ b/resolv/tst-resolv-trailing.c
@@ -0,0 +1,136 @@
+/* Test name resolution behavior with trailing characters.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <array_length.h>
+#include <netdb.h>
+#include <support/check.h>
+#include <support/check_nss.h>
+#include <support/resolv_test.h>
+#include <support/support.h>
+
+static void
+response (const struct resolv_response_context *ctx,
+ struct resolv_response_builder *b,
+ const char *qname, uint16_t qclass, uint16_t qtype)
+{
+ /* The tests are not supposed send any DNS queries. */
+ FAIL_EXIT1 ("unexpected DNS query for %s/%d/%d", qname, qclass, qtype);
+}
+
+static int
+do_test (void)
+{
+ struct resolv_test *aux = resolv_test_start
+ ((struct resolv_redirect_config)
+ {
+ .response_callback = response,
+ });
+
+ static const char *const queries[] =
+ {
+ "192.0.2.1 ",
+ "192.0.2.2\t",
+ "192.0.2.3\n",
+ "192.0.2.4 X",
+ "192.0.2.5\tY",
+ "192.0.2.6\nZ",
+ "192.0.2. ",
+ "192.0.2.\t",
+ "192.0.2.\n",
+ "192.0.2. X",
+ "192.0.2.\tY",
+ "192.0.2.\nZ",
+ "2001:db8::1 ",
+ "2001:db8::2\t",
+ "2001:db8::3\n",
+ "2001:db8::4 X",
+ "2001:db8::5\tY",
+ "2001:db8::6\nZ",
+ };
+ for (size_t query_idx = 0; query_idx < array_length (queries); ++query_idx)
+ {
+ const char *query = queries[query_idx];
+ struct hostent storage;
+ char buf[4096];
+ struct hostent *e;
+
+ h_errno = 0;
+ TEST_VERIFY (gethostbyname (query) == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ h_errno = 0;
+ e = NULL;
+ TEST_COMPARE (gethostbyname_r (query, &storage, buf, sizeof (buf),
+ &e, &h_errno), 0);
+ TEST_VERIFY (e == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ h_errno = 0;
+ TEST_VERIFY (gethostbyname2 (query, AF_INET) == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ h_errno = 0;
+ e = NULL;
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET,
+ &storage, buf, sizeof (buf),
+ &e, &h_errno), 0);
+ TEST_VERIFY (e == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ h_errno = 0;
+ TEST_VERIFY (gethostbyname2 (query, AF_INET6) == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ h_errno = 0;
+ e = NULL;
+ TEST_COMPARE (gethostbyname2_r (query, AF_INET6,
+ &storage, buf, sizeof (buf),
+ &e, &h_errno), 0);
+ TEST_VERIFY (e == NULL);
+ TEST_COMPARE (h_errno, HOST_NOT_FOUND);
+
+ static const int gai_flags[] =
+ {
+ 0,
+ AI_ADDRCONFIG,
+ AI_NUMERICHOST,
+ AI_IDN,
+ AI_IDN | AI_NUMERICHOST,
+ AI_V4MAPPED,
+ AI_V4MAPPED | AI_NUMERICHOST,
+ };
+ for (size_t gai_flags_idx; gai_flags_idx < array_length (gai_flags);
+ ++gai_flags_idx)
+ {
+ struct addrinfo hints = { .ai_flags = gai_flags[gai_flags_idx], };
+ struct addrinfo *ai;
+ hints.ai_family = AF_INET;
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
+ hints.ai_family = AF_INET6;
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
+ hints.ai_family = AF_UNSPEC;
+ TEST_COMPARE (getaddrinfo (query, "80", &hints, &ai), EAI_NONAME);
+ }
+ };
+
+ resolv_test_end (aux);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
index aa69eb7e54..aa054b620f 100644
--- a/sysdeps/posix/getaddrinfo.c
+++ b/sysdeps/posix/getaddrinfo.c
@@ -488,7 +488,7 @@ gaih_inet (const char *name, const struct gaih_service *service,
malloc_name = true;
}
- if (__inet_aton (name, (struct in_addr *) at->addr) != 0)
+ if (__inet_aton_exact (name, (struct in_addr *) at->addr) != 0)
{
if (req->ai_family == AF_UNSPEC || req->ai_family == AF_INET)
at->family = AF_INET;
--
2.25.1

31
SPECS/glibc/CVE-2019-19126.patch
Просмотреть файл

@ -1,31 +0,0 @@
From 7966ce07e89fa4ccc8fdba00d4439fc652862462 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Marcin=20Ko=C5=9Bcielnicki?= <mwk@0x04.net>
Date: Thu, 21 Nov 2019 00:20:15 +0100
Subject: [PATCH] rtld: Check __libc_enable_secure before honoring
LD_PREFER_MAP_32BIT_EXEC (CVE-2019-19126) [BZ #25204]
The problem was introduced in glibc 2.23, in commit
b9eb92ab05204df772eb4929eccd018637c9f3e9
("Add Prefer_MAP_32BIT_EXEC to map executable pages with MAP_32BIT").
(cherry picked from commit d5dfad4326fc683c813df1e37bbf5cf920591c8e)
---
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
index 194369174d..ac694c032e 100644
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -31,7 +31,8 @@
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
#define EXTRA_LD_ENVVARS \
case 21: \
- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
+ if (!__libc_enable_secure \
+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
break;
--
2.18.4

132
SPECS/glibc/CVE-2019-25013.patch
Просмотреть файл

@ -1,132 +0,0 @@
From ee7a3144c9922808181009b7b3e50e852fb4999b Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Mon, 21 Dec 2020 08:56:43 +0530
Subject: [PATCH] Fix buffer overrun in EUC-KR conversion module (bz #24973)
The byte 0xfe as input to the EUC-KR conversion denotes a user-defined
area and is not allowed. The from_euc_kr function used to skip two bytes
when told to skip over the unknown designation, potentially running over
the buffer end.
---
iconvdata/Makefile | 3 ++-
iconvdata/bug-iconv13.c | 53 +++++++++++++++++++++++++++++++++++++++++
iconvdata/euc-kr.c | 6 +----
iconvdata/ksc5601.h | 6 ++---
4 files changed, 59 insertions(+), 9 deletions(-)
create mode 100644 iconvdata/bug-iconv13.c
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index 4ec2741cdc..85009f3390 100644
--- a/iconvdata/Makefile
+++ b/iconvdata/Makefile
@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules))
ifeq (yes,$(build-shared))
tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
- bug-iconv10 bug-iconv11 bug-iconv12
+ bug-iconv10 bug-iconv11 bug-iconv12 \
+ bug-iconv13
ifeq ($(have-thread-library),yes)
tests += bug-iconv3
endif
diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c
new file mode 100644
index 0000000000..87aaff398e
--- /dev/null
+++ b/iconvdata/bug-iconv13.c
@@ -0,0 +1,53 @@
+/* bug 24973: Test EUC-KR module
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <errno.h>
+#include <iconv.h>
+#include <stdio.h>
+#include <support/check.h>
+
+static int
+do_test (void)
+{
+ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR");
+ TEST_VERIFY_EXIT (cd != (iconv_t) -1);
+
+ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined
+ areas, which are not allowed and should be skipped over due to
+ //IGNORE. The trailing 0xfe also is an incomplete sequence, which
+ should be checked first. */
+ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' };
+ char *inptr = input;
+ size_t insize = sizeof (input);
+ char output[4];
+ char *outptr = output;
+ size_t outsize = sizeof (output);
+
+ /* This used to crash due to buffer overrun. */
+ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1);
+ TEST_VERIFY (errno == EINVAL);
+ /* The conversion should produce one character, the converted null
+ character. */
+ TEST_VERIFY (sizeof (output) - outsize == 1);
+
+ TEST_VERIFY_EXIT (iconv_close (cd) != -1);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c
index b0d56cf3ee..1045bae926 100644
--- a/iconvdata/euc-kr.c
+++ b/iconvdata/euc-kr.c
@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp)
\
if (ch <= 0x9f) \
++inptr; \
- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \
- user-defined areas. */ \
- else if (__builtin_expect (ch == 0xa0, 0) \
- || __builtin_expect (ch > 0xfe, 0) \
- || __builtin_expect (ch == 0xc9, 0)) \
+ else if (__glibc_unlikely (ch == 0xa0)) \
{ \
/* This is illegal. */ \
STANDARD_FROM_LOOP_ERR_HANDLER (1); \
diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h
index d3eb3a4ff8..f5cdc72797 100644
--- a/iconvdata/ksc5601.h
+++ b/iconvdata/ksc5601.h
@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset)
unsigned char ch2;
int idx;
+ if (avail < 2)
+ return 0;
+
/* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */
if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e
|| (ch - offset) == 0x49)
return __UNKNOWN_10646_CHAR;
- if (avail < 2)
- return 0;
-
ch2 = (*s)[1];
if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f)
return __UNKNOWN_10646_CHAR;
--
2.27.0

217
SPECS/glibc/CVE-2019-7309.patch
Просмотреть файл

@ -1,217 +0,0 @@
diff --git a/./ChangeLog b/ChangeLog
index 08b42bd..0e82190 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2019-02-04 H.J. Lu <hongjiu.lu@intel.com>
+
+ [BZ #24155]
+ CVE-2019-7309
+ * NEWS: Updated for CVE-2019-7309.
+ * sysdeps/x86_64/memcmp.S: Use RDX_LP for size. Clear the
+ upper 32 bits of RDX register for x32. Use unsigned Jcc
+ instructions, instead of signed.
+ * sysdeps/x86_64/x32/Makefile (tests): Add tst-size_t-memcmp-2.
+ * sysdeps/x86_64/x32/tst-size_t-memcmp-2.c: New test.
+
2018-08-01 Carlos O'Donel <carlos@redhat.com>
* version.h (RELEASE): Set to "stable".
diff --git a/NEWS b/NEWS
index 154ab22..d254097 100644
--- a/NEWS
+++ b/NEWS
@@ -240,6 +240,14 @@ Security related changes:
architecture could write beyond the target buffer, resulting in a buffer
overflow. Reported by Andreas Schwab.
+ CVE-2019-7309: x86-64 memcmp used signed Jcc instructions to check
+ size. For x86-64, memcmp on an object size larger than SSIZE_MAX
+ has undefined behavior. On x32, the size_t argument may be passed
+ in the lower 32 bits of the 64-bit RDX register with non-zero upper
+ 32 bits. When it happened with the sign bit of RDX register set,
+ memcmp gave the wrong result since it treated the size argument as
+ zero. Reported by H.J. Lu.
+
The following bugs are resolved with this release:
[1190] stdio: fgetc()/fread() behaviour is not POSIX compliant
@@ -422,6 +430,7 @@ The following bugs are resolved with this release:
[23459] libc: COMMON_CPUID_INDEX_80000001 isn't populated for Intel
processors
[23467] dynamic-link: x86/CET: A property note parser bug
+ [24155] x32 memcmp can treat positive length as 0 (if sign bit in RDX is set) (CVE-2019-7309)
Version 2.27
diff --git a/sysdeps/x86_64/memcmp.S b/sysdeps/x86_64/memcmp.S
index bcb4a2e88d..45918d375a 100644
--- a/sysdeps/x86_64/memcmp.S
+++ b/sysdeps/x86_64/memcmp.S
@@ -21,14 +21,18 @@
.text
ENTRY (memcmp)
- test %rdx, %rdx
+#ifdef __ILP32__
+ /* Clear the upper 32 bits. */
+ movl %edx, %edx
+#endif
+ test %RDX_LP, %RDX_LP
jz L(finz)
cmpq $1, %rdx
- jle L(finr1b)
+ jbe L(finr1b)
subq %rdi, %rsi
movq %rdx, %r10
cmpq $32, %r10
- jge L(gt32)
+ jae L(gt32)
/* Handle small chunks and last block of less than 32 bytes. */
L(small):
testq $1, %r10
@@ -156,7 +160,7 @@ L(A32):
movq %r11, %r10
andq $-32, %r10
cmpq %r10, %rdi
- jge L(mt16)
+ jae L(mt16)
/* Pre-unroll to be ready for unrolled 64B loop. */
testq $32, %rdi
jz L(A64)
@@ -178,7 +182,7 @@ L(A64):
movq %r11, %r10
andq $-64, %r10
cmpq %r10, %rdi
- jge L(mt32)
+ jae L(mt32)
L(A64main):
movdqu (%rdi,%rsi), %xmm0
@@ -216,7 +220,7 @@ L(mt32):
movq %r11, %r10
andq $-32, %r10
cmpq %r10, %rdi
- jge L(mt16)
+ jae L(mt16)
L(A32main):
movdqu (%rdi,%rsi), %xmm0
@@ -254,7 +258,7 @@ L(ATR):
movq %r11, %r10
andq $-32, %r10
cmpq %r10, %rdi
- jge L(mt16)
+ jae L(mt16)
testq $16, %rdi
jz L(ATR32)
@@ -325,7 +329,7 @@ L(ATR64main):
movq %r11, %r10
andq $-32, %r10
cmpq %r10, %rdi
- jge L(mt16)
+ jae L(mt16)
L(ATR32res):
movdqa (%rdi,%rsi), %xmm0
diff --git a/sysdeps/x86_64/x32/Makefile b/sysdeps/x86_64/x32/Makefile
index f2ebc24..457c707 100644
--- a/sysdeps/x86_64/x32/Makefile
+++ b/sysdeps/x86_64/x32/Makefile
@@ -4,3 +4,7 @@ ifeq ($(subdir),math)
# 64-bit llround. Add -fno-builtin-lround to silence the compiler.
CFLAGS-s_llround.c += -fno-builtin-lround
endif
+
+ifeq ($(subdir),string)
+ tests += tst-size_t-memcmp-2
+endif
\ No newline at end of file
diff --git a/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
new file mode 100644
index 0000000000..d8ae1a0813
--- /dev/null
+++ b/sysdeps/x86_64/x32/tst-size_t-memcmp-2.c
@@ -0,0 +1,79 @@
+/* Test memcmp with size_t in the lower 32 bits of 64-bit register.
+ Copyright (C) 2019 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#define TEST_MAIN
+#ifdef WIDE
+# define TEST_NAME "wmemcmp"
+#else
+# define TEST_NAME "memcmp"
+#endif
+
+#include "test-size_t.h"
+
+#ifdef WIDE
+# include <inttypes.h>
+# include <wchar.h>
+
+# define MEMCMP wmemcmp
+# define CHAR wchar_t
+#else
+# define MEMCMP memcmp
+# define CHAR char
+#endif
+
+IMPL (MEMCMP, 1)
+
+typedef int (*proto_t) (const CHAR *, const CHAR *, size_t);
+
+static int
+__attribute__ ((noinline, noclone))
+do_memcmp (parameter_t a, parameter_t b)
+{
+ return CALL (&b, a.p, b.p, a.len);
+}
+
+static int
+test_main (void)
+{
+ test_init ();
+
+ parameter_t dest = { { page_size / sizeof (CHAR) }, buf1 };
+ parameter_t src = { { 0 }, buf2 };
+
+ memcpy (buf1, buf2, page_size);
+
+ CHAR *p = (CHAR *) buf1;
+ p[page_size / sizeof (CHAR) - 1] = (CHAR) 1;
+
+ int ret = 0;
+ FOR_EACH_IMPL (impl, 0)
+ {
+ src.fn = impl->fn;
+ int res = do_memcmp (dest, src);
+ if (res >= 0)
+ {
+ error (0, 0, "Wrong result in function %s: %i >= 0",
+ impl->name, res);
+ ret = 1;
+ }
+ }
+
+ return ret ? EXIT_FAILURE : EXIT_SUCCESS;
+}
+
+#include <support/test-driver.c>
--

33
SPECS/glibc/CVE-2019-9169.patch
Просмотреть файл

@ -1,33 +0,0 @@
From 583dd860d5b833037175247230a328f0050dbfe9 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 21 Jan 2019 11:08:13 -0800
Subject: [PATCH] regex: fix read overrun [BZ #24114]
Problem found by AddressSanitizer, reported by Hongxu Chen in:
https://debbugs.gnu.org/34140
* posix/regexec.c (proceed_next_node):
Do not read past end of input buffer.
---
posix/regexec.c | 6 ++++--
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/posix/regexec.c b/posix/regexec.c
index 91d5a79..084b122 100644
--- a/posix/regexec.c
+++ b/posix/regexec.c
@@ -1293,8 +1293,10 @@ proceed_next_node (const re_match_context_t *mctx, Idx nregs, regmatch_t *regs,
else if (naccepted)
{
char *buf = (char *) re_string_get_buffer (&mctx->input);
- if (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
- naccepted) != 0)
+ if (mctx->input.valid_len - *pidx < naccepted
+ || (memcmp (buf + regs[subexp_idx].rm_so, buf + *pidx,
+ naccepted)
+ != 0))
return -1;
}
}
--
2.9.3

126
SPECS/glibc/CVE-2020-10029.patch
Просмотреть файл

@ -1,126 +0,0 @@
From 0474cd5de60448f31d7b872805257092faa626e4 Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Wed, 12 Feb 2020 23:31:56 +0000
Subject: [PATCH] Avoid ldbl-96 stack corruption from range reduction of
pseudo-zero (bug 25487).
Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero
argument (an representation where all the significand bits, including
the explicit high bit, are zero, but the exponent is not zero, which
is not a valid representation for the long double type).
Although this is not a valid long double representation, existing
practice in this area (see bug 4586, originally marked invalid but
subsequently fixed) is that we still seek to avoid invalid memory
accesses as a result, in case of programs that treat arbitrary binary
data as long double representations, although the invalid
representations of the ldbl-96 format do not need to be consistently
handled the same as any particular valid representation.
This patch makes the range reduction detect pseudo-zero and unnormal
representations that would otherwise go to __kernel_rem_pio2, and
returns a NaN for them instead of continuing with the range reduction
process. (Pseudo-zero and unnormal representations whose unbiased
exponent is less than -1 have already been safely returned from the
function before this point without going through the rest of range
reduction.) Pseudo-zero representations would previously result in
the value passed to __kernel_rem_pio2 being all-zero, which is
definitely unsafe; unnormal representations would previously result in
a value passed whose high bit is zero, which might well be unsafe
since that is not a form of input expected by __kernel_rem_pio2.
Tested for x86_64.
(cherry picked from commit 9333498794cde1d5cca518badf79533a24114b6f)
---
sysdeps/ieee754/ldbl-96/Makefile | 3 +-
sysdeps/ieee754/ldbl-96/e_rem_pio2l.c | 12 +++++++
sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c | 41 ++++++++++++++++++++++
3 files changed, 55 insertions(+), 1 deletion(-)
create mode 100644 sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
index b103254214..052c1c7703 100644
--- a/sysdeps/ieee754/ldbl-96/Makefile
+++ b/sysdeps/ieee754/ldbl-96/Makefile
@@ -17,5 +17,6 @@
# <http://www.gnu.org/licenses/>.
ifeq ($(subdir),math)
-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
+tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
+CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
endif
diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
index 805de22d73..1aeccb47d7 100644
--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
return 0;
}
+ if ((i0 & 0x80000000) == 0)
+ {
+ /* Pseudo-zero and unnormal representations are not valid
+ representations of long double. We need to avoid stack
+ corruption in __kernel_rem_pio2, which expects input in a
+ particular normal form, but those representations do not need
+ to be consistently handled like any particular floating-point
+ value. */
+ y[1] = y[0] = __builtin_nanl ("");
+ return 0;
+ }
+
/* Split the 64 bits of the mantissa into three 24-bit integers
stored in a double array. */
exp = j0 - 23;
diff --git a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
new file mode 100644
index 0000000000..f59b97769d
--- /dev/null
+++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
@@ -0,0 +1,41 @@
+/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <math.h>
+#include <math_ldbl.h>
+#include <stdint.h>
+
+static int
+do_test (void)
+{
+ for (int i = 0; i < 64; i++)
+ {
+ uint64_t sig = i == 63 ? 0 : 1ULL << i;
+ long double ld;
+ SET_LDOUBLE_WORDS (ld, 0x4141,
+ sig >> 32, sig & 0xffffffffULL);
+ /* The requirement is that no stack overflow occurs when the
+ pseudo-zero or unnormal goes through range reduction. */
+ volatile long double ldr;
+ ldr = sinl (ld);
+ (void) ldr;
+ }
+ return 0;
+}
+
+#include <support/test-driver.c>
--
2.25.1

65
SPECS/glibc/CVE-2020-1752.patch
Просмотреть файл

@ -1,65 +0,0 @@
From 21344a3d62a29406fddeec069ee4eb3c341369f9 Mon Sep 17 00:00:00 2001
From: Andreas Schwab <schwab@suse.de>
Date: Wed, 19 Feb 2020 17:21:46 +0100
Subject: [PATCH] Fix use-after-free in glob when expanding ~user (bug 25414)
The value of `end_name' points into the value of `dirname', thus don't
deallocate the latter before the last use of the former.
(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c)
---
posix/glob.c | 25 +++++++++++++------------
2 files changed, 17 insertions(+), 12 deletions(-)
diff --git a/posix/glob.c b/posix/glob.c
index 8444b2f79e..1b389d2da1 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
- char *d;
+ char *d, *newp;
+ bool use_alloca = glob_use_alloca (alloca_used,
+ home_len + rest_len + 1);
- if (__glibc_unlikely (malloc_dirname))
- free (dirname);
- malloc_dirname = 0;
-
- if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
- dirname = alloca_account (home_len + rest_len + 1,
- alloca_used);
+ if (use_alloca)
+ newp = alloca_account (home_len + rest_len + 1, alloca_used);
else
{
- dirname = malloc (home_len + rest_len + 1);
- if (dirname == NULL)
+ newp = malloc (home_len + rest_len + 1);
+ if (newp == NULL)
{
scratch_buffer_free (&pwtmpbuf);
retval = GLOB_NOSPACE;
goto out;
}
- malloc_dirname = 1;
}
- d = mempcpy (dirname, p->pw_dir, home_len);
+ d = mempcpy (newp, p->pw_dir, home_len);
if (end_name != NULL)
d = mempcpy (d, end_name, rest_len);
*d = '\0';
+ if (__glibc_unlikely (malloc_dirname))
+ free (dirname);
+ dirname = newp;
+ malloc_dirname = !use_alloca;
+
dirlen = home_len + rest_len;
dirname_modified = 1;
}
--
2.25.1

56
SPECS/glibc/CVE-2020-27618.patch
Просмотреть файл

@ -1,56 +0,0 @@
From 9a99c682144bdbd40792ebf822fe9264e0376fb5 Mon Sep 17 00:00:00 2001
From: Arjun Shankar <arjun@redhat.com>
Date: Wed, 4 Nov 2020 12:19:38 +0100
Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ
#26224]
The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
share converter logic (iconvdata/ibm1364.c) which would reject
redundant shift sequences when processing input in these character
sets. This led to a hang in the iconv program (CVE-2020-27618).
This commit adjusts the converter to ignore redundant shift sequences
and adds test cases for iconv_prog hangs that would be triggered upon
their rejection. This brings the implementation in line with other
converters that also ignore redundant shift sequences (e.g. IBM930
etc., fixed in commit 692de4b3960d).
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
---
iconvdata/ibm1364.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
index 49e7267ab4..521f0825b7 100644
--- a/iconvdata/ibm1364.c
+++ b/iconvdata/ibm1364.c
@@ -158,24 +158,14 @@ enum
\
if (__builtin_expect (ch, 0) == SO) \
{ \
- /* Shift OUT, change to DBCS converter. */ \
- if (curcs == db) \
- { \
- result = __GCONV_ILLEGAL_INPUT; \
- break; \
- } \
+ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \
curcs = db; \
++inptr; \
continue; \
} \
if (__builtin_expect (ch, 0) == SI) \
{ \
- /* Shift IN, change to SBCS converter. */ \
- if (curcs == sb) \
- { \
- result = __GCONV_ILLEGAL_INPUT; \
- break; \
- } \
+ /* Shift IN, change to SBCS converter (redundant escape okay). */ \
curcs = sb; \
++inptr; \
continue; \
--
2.27.0

286
SPECS/glibc/CVE-2021-3326.patch
Просмотреть файл

@ -1,286 +0,0 @@
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 27 Jan 2021 12:36:12 +0000 (+0100)
Subject: gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=e9db7768
gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:
/* We must run out of output buffer space in this
rerun. */
assert (outbuf == outerr);
assert (nstatus == __GCONV_FULL_OUTPUT);
This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).
Reported-by: Tavis Ormandy <taviso@gmail.com>
(cherry picked from commit 7d88c6142c6efc160c0ee5e4f85cde382c072888)
---
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index 06e161d9b8..36dd5d12c3 100644
--- a/iconvdata/Makefile
+++ b/iconvdata/Makefile
@@ -74,7 +74,7 @@ modules.so := $(addsuffix .so, $(modules))
tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \
tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \
bug-iconv10 bug-iconv11 bug-iconv12 \
- bug-iconv13
+ bug-iconv13 bug-iconv14
ifeq ($(have-thread-library),yes)
tests += bug-iconv3
endif
@@ -316,6 +316,8 @@ $(objpfx)bug-iconv10.out: $(objpfx)gconv-modules \
$(addprefix $(objpfx),$(modules.so))
$(objpfx)bug-iconv12.out: $(objpfx)gconv-modules \
$(addprefix $(objpfx),$(modules.so))
+$(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \
+ $(addprefix $(objpfx),$(modules.so))
$(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \
$(addprefix $(objpfx),$(modules.so)) \
diff --git a/iconvdata/bug-iconv14.c b/iconvdata/bug-iconv14.c
new file mode 100644
index 0000000000..902f140fa9
--- /dev/null
+++ b/iconvdata/bug-iconv14.c
@@ -0,0 +1,127 @@
+/* Assertion in ISO-2022-JP-3 due to two-character sequence (bug 27256).
+ Copyright (C) 2021 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <iconv.h>
+#include <string.h>
+#include <errno.h>
+#include <support/check.h>
+
+/* Use an escape sequence to return to the initial state. */
+static void
+with_escape_sequence (void)
+{
+ iconv_t c = iconv_open ("UTF-8", "ISO-2022-JP-3");
+ TEST_VERIFY_EXIT (c != (iconv_t) -1);
+
+ char in[] = "\e$(O+D\e(B";
+ char *inbuf = in;
+ size_t inleft = strlen (in);
+ char out[3]; /* Space for one output character. */
+ char *outbuf;
+ size_t outleft;
+
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t) -1);
+ TEST_COMPARE (errno, E2BIG);
+ TEST_COMPARE (inleft, 3);
+ TEST_COMPARE (inbuf - in, strlen (in) - 3);
+ TEST_COMPARE (outleft, sizeof (out) - 2);
+ TEST_COMPARE (outbuf - out, 2);
+ TEST_COMPARE (out[0] & 0xff, 0xc3);
+ TEST_COMPARE (out[1] & 0xff, 0xa6);
+
+ /* Return to the initial shift state, producing the pending
+ character. */
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), 0);
+ TEST_COMPARE (inleft, 0);
+ TEST_COMPARE (inbuf - in, strlen (in));
+ TEST_COMPARE (outleft, sizeof (out) - 2);
+ TEST_COMPARE (outbuf - out, 2);
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
+ TEST_COMPARE (out[1] & 0xff, 0x80);
+
+ /* Nothing should be flushed the second time. */
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
+ TEST_COMPARE (outleft, sizeof (out));
+ TEST_COMPARE (outbuf - out, 0);
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
+ TEST_COMPARE (out[1] & 0xff, 0x80);
+
+ TEST_COMPARE (iconv_close (c), 0);
+}
+
+/* Use an explicit flush to return to the initial state. */
+static void
+with_flush (void)
+{
+ iconv_t c = iconv_open ("UTF-8", "ISO-2022-JP-3");
+ TEST_VERIFY_EXIT (c != (iconv_t) -1);
+
+ char in[] = "\e$(O+D";
+ char *inbuf = in;
+ size_t inleft = strlen (in);
+ char out[3]; /* Space for one output character. */
+ char *outbuf;
+ size_t outleft;
+
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, &inbuf, &inleft, &outbuf, &outleft), (size_t) -1);
+ TEST_COMPARE (errno, E2BIG);
+ TEST_COMPARE (inleft, 0);
+ TEST_COMPARE (inbuf - in, strlen (in));
+ TEST_COMPARE (outleft, sizeof (out) - 2);
+ TEST_COMPARE (outbuf - out, 2);
+ TEST_COMPARE (out[0] & 0xff, 0xc3);
+ TEST_COMPARE (out[1] & 0xff, 0xa6);
+
+ /* Flush the pending character. */
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
+ TEST_COMPARE (outleft, sizeof (out) - 2);
+ TEST_COMPARE (outbuf - out, 2);
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
+ TEST_COMPARE (out[1] & 0xff, 0x80);
+
+ /* Nothing should be flushed the second time. */
+ outbuf = out;
+ outleft = sizeof (out);
+ TEST_COMPARE (iconv (c, NULL, 0, &outbuf, &outleft), 0);
+ TEST_COMPARE (outleft, sizeof (out));
+ TEST_COMPARE (outbuf - out, 0);
+ TEST_COMPARE (out[0] & 0xff, 0xcc);
+ TEST_COMPARE (out[1] & 0xff, 0x80);
+
+ TEST_COMPARE (iconv_close (c), 0);
+}
+
+static int
+do_test (void)
+{
+ with_escape_sequence ();
+ with_flush ();
+ return 0;
+}
+
+#include <support/test-driver.c>
diff --git a/iconvdata/iso-2022-jp-3.c b/iconvdata/iso-2022-jp-3.c
index de259580c3..047fab8e8d 100644
--- a/iconvdata/iso-2022-jp-3.c
+++ b/iconvdata/iso-2022-jp-3.c
@@ -67,23 +67,34 @@ enum
CURRENT_SEL_MASK = 7 << 3
};
-/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the state
- also contains the last two bytes to be output, shifted by 6 bits, and a
- one-bit indicator whether they must be preceded by the shift sequence,
- in bit 22. */
+/* During UCS-4 to ISO-2022-JP-3 conversion, the COUNT element of the
+ state also contains the last two bytes to be output, shifted by 6
+ bits, and a one-bit indicator whether they must be preceded by the
+ shift sequence, in bit 22. During ISO-2022-JP-3 to UCS-4
+ conversion, COUNT may also contain a non-zero pending wide
+ character, shifted by six bits. This happens for certain inputs in
+ JISX0213_1_2004_set and JISX0213_2_set if the second wide character
+ in a combining sequence cannot be written because the buffer is
+ full. */
/* Since this is a stateful encoding we have to provide code which resets
the output state to the initial state. This has to be done during the
flushing. */
#define EMIT_SHIFT_TO_INIT \
- if ((data->__statep->__count & ~7) != ASCII_set) \
+ if (data->__statep->__count != ASCII_set) \
{ \
if (FROM_DIRECTION) \
{ \
- /* It's easy, we don't have to emit anything, we just reset the \
- state for the input. */ \
- data->__statep->__count &= 7; \
- data->__statep->__count |= ASCII_set; \
+ if (__glibc_likely (outbuf + 4 <= outend)) \
+ { \
+ /* Write out the last character. */ \
+ *((uint32_t *) outbuf) = data->__statep->__count >> 6; \
+ outbuf += sizeof (uint32_t); \
+ data->__statep->__count = ASCII_set; \
+ } \
+ else \
+ /* We don't have enough room in the output buffer. */ \
+ status = __GCONV_FULL_OUTPUT; \
} \
else \
{ \
@@ -151,7 +162,21 @@ enum
#define LOOPFCT FROM_LOOP
#define BODY \
{ \
- uint32_t ch = *inptr; \
+ uint32_t ch; \
+ \
+ /* Output any pending character. */ \
+ ch = set >> 6; \
+ if (__glibc_unlikely (ch != 0)) \
+ { \
+ put32 (outptr, ch); \
+ outptr += 4; \
+ /* Remove the pending character, but preserve state bits. */ \
+ set &= (1 << 6) - 1; \
+ continue; \
+ } \
+ \
+ /* Otherwise read the next input byte. */ \
+ ch = *inptr; \
\
/* Recognize escape sequences. */ \
if (__glibc_unlikely (ch == ESC)) \
@@ -297,21 +322,25 @@ enum
uint32_t u1 = __jisx0213_to_ucs_combining[ch - 1][0]; \
uint32_t u2 = __jisx0213_to_ucs_combining[ch - 1][1]; \
\
+ inptr += 2; \
+ \
+ put32 (outptr, u1); \
+ outptr += 4; \
+ \
/* See whether we have room for two characters. */ \
- if (outptr + 8 <= outend) \
+ if (outptr + 4 <= outend) \
{ \
- inptr += 2; \
- put32 (outptr, u1); \
- outptr += 4; \
put32 (outptr, u2); \
outptr += 4; \
continue; \
} \
- else \
- { \
- result = __GCONV_FULL_OUTPUT; \
- break; \
- } \
+ \
+ /* Otherwise store only the first character now, and \
+ put the second one into the queue. */ \
+ set |= u2 << 6; \
+ /* Tell the caller why we terminate the loop. */ \
+ result = __GCONV_FULL_OUTPUT; \
+ break; \
} \
\
inptr += 2; \

162
SPECS/glibc/glibc-2.24-bindrsvport-blacklist.patch
Просмотреть файл

@ -1,162 +0,0 @@
Patch from the OpenSUSE glibc
---
sunrpc/bindrsvprt.c | 107 ++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 99 insertions(+), 8 deletions(-)
--- a/sunrpc/bindrsvprt.c
+++ b/sunrpc/bindrsvprt.c
@@ -29,34 +29,114 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+#include <stdio.h>
+#include <ctype.h>
#include <errno.h>
+#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <libc-lock.h>
+#define STARTPORT 600
+#define LOWPORT 512
+#define ENDPORT (IPPORT_RESERVED - 1)
+#define NPORTS (ENDPORT - STARTPORT + 1)
+
+/*
+ * Read the file /etc/rpc.blacklisted, so that we don't bind
+ * to this ports.
+ */
+
+static int blacklist_read;
+static int *list;
+static int list_size = 0;
+
+static void
+load_blacklist (void)
+{
+ FILE *fp;
+ char *buf = NULL;
+ size_t buflen = 0;
+ int size = 0, ptr = 0;
+
+ blacklist_read = 1;
+
+ fp = fopen ("/etc/bindresvport.blacklist", "r");
+ if (NULL == fp)
+ return;
+
+ while (!feof_unlocked (fp))
+ {
+ unsigned long port;
+ char *tmp, *cp;
+ ssize_t n = __getline (&buf, &buflen, fp);
+ if (n < 1)
+ break;
+
+ cp = buf;
+ tmp = strchr (cp, '#'); /* remove comments */
+ if (tmp)
+ *tmp = '\0';
+ while (isspace ((int)*cp)) /* remove spaces and tabs */
+ ++cp;
+ if (*cp == '\0') /* ignore empty lines */
+ continue;
+ if (cp[strlen (cp) - 1] == '\n')
+ cp[strlen (cp) - 1] = '\0';
+
+ port = strtoul (cp, &tmp, 0);
+ while (isspace(*tmp))
+ ++tmp;
+ if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
+ continue;
+
+ /* Don't bother with out-of-range ports */
+ if (port < LOWPORT || port > ENDPORT)
+ continue;
+
+ if (ptr >= size)
+ {
+ size += 10;
+ list = realloc (list, size * sizeof (int));
+ if (list == NULL)
+ {
+ free (buf);
+ return;
+ }
+ }
+
+ list[ptr++] = port;
+ }
+
+ fclose (fp);
+
+ if (buf)
+ free (buf);
+
+ list_size = ptr;
+}
+
/*
* Locks the static variables in this file.
*/
__libc_lock_define_initialized (static, lock);
/*
* Bind a socket to a privileged IP port
*/
int
bindresvport (int sd, struct sockaddr_in *sin)
{
+ static short startport = STARTPORT;
static short port;
struct sockaddr_in myaddr;
int i;
-#define STARTPORT 600
-#define LOWPORT 512
-#define ENDPORT (IPPORT_RESERVED - 1)
-#define NPORTS (ENDPORT - STARTPORT + 1)
- static short startport = STARTPORT;
+ if (!blacklist_read)
+ load_blacklist ();
if (sin == (struct sockaddr_in *) 0)
{
@@ -69,6 +149,7 @@
port = (__getpid () % NPORTS) + STARTPORT;
}
+ __set_errno (EADDRINUSE);
/* Initialize to make gcc happy. */
int res = -1;
@@ -77,12 +158,22 @@
again:
for (i = 0; i < nports; ++i)
{
- sin->sin_port = htons (port++);
- if (port > endport)
- port = startport;
+ int j;
+
+ sin->sin_port = htons (port);
+
+ /* Check, if this port is not blacklisted. */
+ for (j = 0; j < list_size; j++)
+ if (port == list[j])
+ goto try_next_port;
+
res = __bind (sd, sin, sizeof (struct sockaddr_in));
if (res >= 0 || errno != EADDRINUSE)
break;
+
+try_next_port:
+ if (++port > endport)
+ port = startport;
}
if (i == nports && startport != LOWPORT)

37
SPECS/glibc/glibc-2.28-CVE-2018-19591.patch
Просмотреть файл

@ -1,37 +0,0 @@
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 27 Nov 2018 15:12:43 +0000 (+0100)
Subject: CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=d527c860f5a3f0ed687bd03f0cb464612dc23408
CVE-2018-19591: if_nametoindex: Fix descriptor for overlong name [BZ #23927]
---
diff --git a/sysdeps/unix/sysv/linux/if_index.c b/sysdeps/unix/sysv/linux/if_index.c
index e3d0898..782fc5e 100644
--- a/sysdeps/unix/sysv/linux/if_index.c
+++ b/sysdeps/unix/sysv/linux/if_index.c
@@ -38,11 +38,6 @@ __if_nametoindex (const char *ifname)
return 0;
#else
struct ifreq ifr;
- int fd = __opensock ();
-
- if (fd < 0)
- return 0;
-
if (strlen (ifname) >= IFNAMSIZ)
{
__set_errno (ENODEV);
@@ -50,6 +45,12 @@ __if_nametoindex (const char *ifname)
}
strncpy (ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
+
+ int fd = __opensock ();
+
+ if (fd < 0)
+ return 0;
+
if (__ioctl (fd, SIOCGIFINDEX, &ifr) < 0)
{
int saved_errno = errno;

0
SPECS/glibc/glibc-2.34-fhs-1.patch → SPECS/glibc/glibc-2.35-fhs-1.patch
Просмотреть файл

2
SPECS/glibc/glibc.signatures.json
Просмотреть файл

@ -1,6 +1,6 @@
{
"Signatures": {
"glibc-2.34.tar.xz": "44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2",
"glibc-2.35.tar.xz": "5123732f6b67ccd319305efd399971d58592122bcc2a6518a1bd2510dd0cf52e",
"locale-gen.conf": "94182ce116a42e38ce783d2a867dca1eaf4d6a347d4bff9aac4d6e61cbbfc8f4",
"locale-gen.sh": "df7169cb9f126875e0a57a4700261e16e6eba2a98312d739f972377150ba9964"
}

33
SPECS/glibc/glibc.spec
Просмотреть файл

@ -6,8 +6,8 @@
Summary: Main C library
Name: glibc
Version: 2.34
Release: 3%{?dist}
Version: 2.35
Release: 1%{?dist}
License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT
Vendor: Microsoft Corporation
Distribution: Mariner
@ -16,30 +16,17 @@ URL: https://www.gnu.org/software/libc
Source0: https://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
Source1: locale-gen.sh
Source2: locale-gen.conf
Patch0: https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.34-fhs-1.patch
#Patch1: glibc-2.24-bindrsvport-blacklist.patch
#Patch2: 0002-malloc-arena-fix.patch
#Patch3: glibc-2.28-CVE-2018-19591.patch
#Patch4: CVE-2019-9169.patch
#Patch5: CVE-2016-10739.patch
#Patch6: CVE-2020-1752.patch
#Patch7: CVE-2020-10029.patch
Patch0: https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.35-fhs-1.patch
# Only applicable on ARMv7 targets.
Patch8: CVE-2020-6096.nopatch
Patch1: CVE-2020-6096.nopatch
# Only applicable on x32 targets.
Patch9: CVE-2019-6488.nopatch
Patch2: CVE-2019-6488.nopatch
# Only applicable on PowerPC targets.
Patch10: CVE-2020-1751.nopatch
Patch3: CVE-2020-1751.nopatch
# Marked by upstream/Ubuntu/Red Hat as not a security bug, no fix available
# Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content
Patch11: CVE-2018-20796.nopatch
#Patch12: CVE-2019-7309.patch
# CVE-2019-19126 patch taken from upstream commit 7966ce07e89fa4ccc8fdba00d4439fc652862462
#Patch13: CVE-2019-19126.patch
#Patch14: CVE-2019-25013.patch
#Patch15: CVE-2021-3326.patch
#Patch16: CVE-2020-27618.patch
Patch17: glibc-2.34_pthread_cond_wait.patch
Patch4: CVE-2018-20796.nopatch
Patch5: glibc-2.34_pthread_cond_wait.patch
BuildRequires: bison
BuildRequires: kernel-headers
@ -312,6 +299,10 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||:
%defattr(-,root,root)
%changelog
* Tue Apr 12 2022 Andrew Phelps <anphel@microsoft.com> - 2.35-1
- Upgrade to version 2.35
- Cleanup old patch files
* Wed Mar 02 2022 Andy Caldwell <andycaldwell@microsoft.com> - 2.34-3
- Add support for building `-static-pie` binaries against `glibc`
- Add additional BuildRequires

5
SPECS/libxcrypt/libxcrypt.spec
Просмотреть файл

@ -47,7 +47,7 @@
# Required for proper ELF symbol versioning support.
%global _ld_strict_symbol_defs 1
# override_glibc and glibcversion are temporary to make libxcrypt install on top of glibc
%define glibcversion 2.34
%define glibcversion 2.35
%bcond_without override_glibc
# Build the static library?
%bcond_with new_api
@ -449,6 +449,9 @@ ln -s %{_libdir}/libcrypt-%{glibcversion}.so %{_libdir}/libcrypt.so.1
%changelog
* Thu Apr 14 2022 Andrew Phelps <anphel@microsoft.com> - 4.4.27-2
- Update glibcversion variable to 2.35
* Wed Jan 27 2022 Henry Li <lihl@microsoft.com> - 4.4.27-1
- Upgrade to version 4.4.27
- Remove patches that no longer apply

4
cgmanifest.json
Просмотреть файл

@ -4440,8 +4440,8 @@
"type": "other",
"other": {
"name": "glibc",
"version": "2.34",
"downloadUrl": "https://ftp.gnu.org/gnu/glibc/glibc-2.34.tar.xz"
"version": "2.35",
"downloadUrl": "https://ftp.gnu.org/gnu/glibc/glibc-2.35.tar.xz"
}
}
},

14
toolkit/resources/manifests/package/pkggen_core_aarch64.txt
Просмотреть файл

@ -1,12 +1,12 @@
filesystem-1.1-8.cm2.aarch64.rpm
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
glibc-2.34-3.cm2.aarch64.rpm
glibc-devel-2.34-3.cm2.aarch64.rpm
glibc-i18n-2.34-3.cm2.aarch64.rpm
glibc-iconv-2.34-3.cm2.aarch64.rpm
glibc-lang-2.34-3.cm2.aarch64.rpm
glibc-nscd-2.34-3.cm2.aarch64.rpm
glibc-tools-2.34-3.cm2.aarch64.rpm
glibc-2.35-1.cm2.aarch64.rpm
glibc-devel-2.35-1.cm2.aarch64.rpm
glibc-i18n-2.35-1.cm2.aarch64.rpm
glibc-iconv-2.35-1.cm2.aarch64.rpm
glibc-lang-2.35-1.cm2.aarch64.rpm
glibc-nscd-2.35-1.cm2.aarch64.rpm
glibc-tools-2.35-1.cm2.aarch64.rpm
zlib-1.2.11-5.cm2.aarch64.rpm
zlib-devel-1.2.11-5.cm2.aarch64.rpm
file-5.40-2.cm2.aarch64.rpm

14
toolkit/resources/manifests/package/pkggen_core_x86_64.txt
Просмотреть файл

@ -1,12 +1,12 @@
filesystem-1.1-8.cm2.x86_64.rpm
kernel-headers-5.15.32.1-1.cm2.noarch.rpm
glibc-2.34-3.cm2.x86_64.rpm
glibc-devel-2.34-3.cm2.x86_64.rpm
glibc-i18n-2.34-3.cm2.x86_64.rpm
glibc-iconv-2.34-3.cm2.x86_64.rpm
glibc-lang-2.34-3.cm2.x86_64.rpm
glibc-nscd-2.34-3.cm2.x86_64.rpm
glibc-tools-2.34-3.cm2.x86_64.rpm
glibc-2.35-1.cm2.x86_64.rpm
glibc-devel-2.35-1.cm2.x86_64.rpm
glibc-i18n-2.35-1.cm2.x86_64.rpm
glibc-iconv-2.35-1.cm2.x86_64.rpm
glibc-lang-2.35-1.cm2.x86_64.rpm
glibc-nscd-2.35-1.cm2.x86_64.rpm
glibc-tools-2.35-1.cm2.x86_64.rpm
zlib-1.2.11-5.cm2.x86_64.rpm
zlib-devel-1.2.11-5.cm2.x86_64.rpm
file-5.40-2.cm2.x86_64.rpm

14
toolkit/resources/manifests/package/toolchain_aarch64.txt
Просмотреть файл

@ -102,13 +102,13 @@ glib-debuginfo-2.71.0-1.cm2.aarch64.rpm
glib-devel-2.71.0-1.cm2.aarch64.rpm
glib-doc-2.71.0-1.cm2.noarch.rpm
glib-schemas-2.71.0-1.cm2.aarch64.rpm
glibc-2.34-3.cm2.aarch64.rpm
glibc-devel-2.34-3.cm2.aarch64.rpm
glibc-i18n-2.34-3.cm2.aarch64.rpm
glibc-iconv-2.34-3.cm2.aarch64.rpm
glibc-lang-2.34-3.cm2.aarch64.rpm
glibc-nscd-2.34-3.cm2.aarch64.rpm
glibc-tools-2.34-3.cm2.aarch64.rpm
glibc-2.35-1.cm2.aarch64.rpm
glibc-devel-2.35-1.cm2.aarch64.rpm
glibc-i18n-2.35-1.cm2.aarch64.rpm
glibc-iconv-2.35-1.cm2.aarch64.rpm
glibc-lang-2.35-1.cm2.aarch64.rpm
glibc-nscd-2.35-1.cm2.aarch64.rpm
glibc-tools-2.35-1.cm2.aarch64.rpm
gmock-1.11.0-2.cm2.aarch64.rpm
gmock-devel-1.11.0-2.cm2.aarch64.rpm
gmp-6.2.1-2.cm2.aarch64.rpm

14
toolkit/resources/manifests/package/toolchain_x86_64.txt
Просмотреть файл

@ -102,13 +102,13 @@ glib-debuginfo-2.71.0-1.cm2.x86_64.rpm
glib-devel-2.71.0-1.cm2.x86_64.rpm
glib-doc-2.71.0-1.cm2.noarch.rpm
glib-schemas-2.71.0-1.cm2.x86_64.rpm
glibc-2.34-3.cm2.x86_64.rpm
glibc-devel-2.34-3.cm2.x86_64.rpm
glibc-i18n-2.34-3.cm2.x86_64.rpm
glibc-iconv-2.34-3.cm2.x86_64.rpm
glibc-lang-2.34-3.cm2.x86_64.rpm
glibc-nscd-2.34-3.cm2.x86_64.rpm
glibc-tools-2.34-3.cm2.x86_64.rpm
glibc-2.35-1.cm2.x86_64.rpm
glibc-devel-2.35-1.cm2.x86_64.rpm
glibc-i18n-2.35-1.cm2.x86_64.rpm
glibc-iconv-2.35-1.cm2.x86_64.rpm
glibc-lang-2.35-1.cm2.x86_64.rpm
glibc-nscd-2.35-1.cm2.x86_64.rpm
glibc-tools-2.35-1.cm2.x86_64.rpm
gmock-1.11.0-2.cm2.x86_64.rpm
gmock-devel-1.11.0-2.cm2.x86_64.rpm
gmp-6.2.1-2.cm2.x86_64.rpm

4
toolkit/scripts/toolchain/container/toolchain-remote-wget-list
Просмотреть файл

@ -33,8 +33,8 @@ https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondeps.s
https://git.centos.org/rpms/python-rpm-generators/raw/c8s/f/SOURCES/pythondistdeps.py
https://www.linuxfromscratch.org/patches/downloads/lua/lua-5.4.3-shared_library-1.patch
https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz
https://ftp.gnu.org/gnu/glibc/glibc-2.34.tar.xz
https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.34-fhs-1.patch
https://ftp.gnu.org/gnu/glibc/glibc-2.35.tar.xz
https://www.linuxfromscratch.org/patches/downloads/glibc/glibc-2.35-fhs-1.patch
https://ftp.gnu.org/gnu/readline/readline-8.1.tar.gz
https://ftp.gnu.org/gnu/tar/tar-1.34.tar.xz
http://ftp.gnu.org/gnu/texinfo/texinfo-6.8.tar.xz

4
toolkit/scripts/toolchain/container/toolchain-sha256sums
Просмотреть файл

@ -19,8 +19,8 @@ cf5fea4ac5665fd5171af4716baab2effc76306a9572988d5ba1078f196382bd gawk-5.1.0.tar
d08edc536b54c372a1010ff6619dd274c0f1603aa49212ba20f7aa2cda36fa8b gcc-11.2.0.tar.xz
b0b7dbdefd798de7ddccdd8edf6693a30494f7789777838042991ef107339cc2 gdbm-1.21.tar.gz
105556dbc5c3fbbc2aa0edb46d22d055748b6f5c7cd7a8d99f8e7eb84e938be4 gettext-0.19.8.1.tar.xz
643552db030e2f2d7ffde4f558e0f5f83d3fabf34a2e0e56ebdb49750ac27b0d glibc-2.34-fhs-1.patch
44d26a1fe20b8853a48f470ead01e4279e869ac149b195dda4e44a195d981ab2 glibc-2.34.tar.xz
643552db030e2f2d7ffde4f558e0f5f83d3fabf34a2e0e56ebdb49750ac27b0d glibc-2.35-fhs-1.patch
5123732f6b67ccd319305efd399971d58592122bcc2a6518a1bd2510dd0cf52e glibc-2.35.tar.xz
fd4829912cddd12f84181c3451cc752be224643e87fac497b69edddadc49b4f2 gmp-6.2.1.tar.xz
588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2 gperf-3.1.tar.gz
5c10da312460aec721984d5d83246d24520ec438dd48d7ab5a05dbc0d6d6823c grep-3.7.tar.xz

10
toolkit/scripts/toolchain/container/toolchain_build_in_chroot.sh
Просмотреть файл

@ -85,10 +85,10 @@ popd
rm -rf man-pages-5.02
touch /logs/status_man_pages_complete
echo glibc-2.34
tar xf glibc-2.34.tar.xz
pushd glibc-2.34
patch -Np1 -i ../glibc-2.34-fhs-1.patch
echo glibc-2.35
tar xf glibc-2.35.tar.xz
pushd glibc-2.35
patch -Np1 -i ../glibc-2.35-fhs-1.patch
ln -sfv /tools/lib/gcc /usr/lib
ls -la /usr/lib/gcc/
case $(uname -m) in
@ -129,7 +129,7 @@ include /etc/ld.so.conf.d/*.conf
EOF
mkdir -pv /etc/ld.so.conf.d
popd
rm -rf glibc-2.34
rm -rf glibc-2.35
touch /logs/status_glibc_complete

9
toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh
Просмотреть файл

@ -125,9 +125,10 @@ rm -rf CBL-Mariner-Linux-Kernel-rolling-lts-mariner-5.15.32.1
touch $LFS/logs/temptoolchain/status_kernel_headers_complete
echo glibc-2.34
tar xf glibc-2.34.tar.xz
pushd glibc-2.34
echo glibc-2.35
tar xf glibc-2.35.tar.xz
pushd glibc-2.35
patch -Np1 -i ../glibc-2.35-fhs-1.patch
mkdir -v build
cd build
../configure \
@ -158,7 +159,7 @@ rm -v dummy.c a.out
set -e
echo End sanity check - temptoolchain - glibc
popd
rm -rf glibc-2.34
rm -rf glibc-2.35
touch $LFS/logs/temptoolchain/status_glibc_complete