Hello community, here is the log from the commit of package glibc for openSUSE:Factory checked in at 2020-10-06 17:08:04 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/glibc (Old) and /work/SRC/openSUSE:Factory/.glibc.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc" Tue Oct 6 17:08:04 2020 rev:240 rq:832941 version:2.32 Changes: -------- --- /work/SRC/openSUSE:Factory/glibc/glibc.changes 2020-06-28 23:02:27.538088030 +0200 +++ /work/SRC/openSUSE:Factory/.glibc.new.4249/glibc.changes 2020-10-06 17:09:50.437461480 +0200 @@ -1,0 +2,70 @@ +Tue Sep 8 08:00:33 UTC 2020 - Andreas Schwab <sch...@suse.de> + +- Keep nsswitch.conf in /etc for SLES15 +- syslog-locking.patch: Correct locking and cancellation cleanup in syslog + functions (bsc#1172085, BZ #26100) +- ifunc-fma4.patch: x86-64: Fix FMA4 detection in ifunc (BZ #26534) + +------------------------------------------------------------------- +Thu Aug 6 08:08:04 UTC 2020 - Andreas Schwab <sch...@suse.de> + +- Update to glibc 2.32 + * Unicode 13.0.0 Support + * New locale added: ckb_IQ + * The GNU C Library now loads audit modules listed in the DT_AUDIT and + DT_DEPAUDIT dynamic section entries of the main executable + * powerpc64le supports IEEE128 long double libm/libc redirects when + using the -mabi=ieeelongdouble to compile C code on supported GCC + toolchains + * To help detect buffer overflows and other out-of-bounds accesses + several APIs have been annotated with GCC 'access' attribute + * On Linux, functions the pthread_attr_setsigmask_np and + pthread_attr_getsigmask_np have been added + * The GNU C Library now provides the header file <sys/single_threaded.h> + which declares the variable __libc_single_threaded + * The functions sigabbrev_np and sigdescr_np have been added + * The functions strerrorname_np and strerrordesc_np have been added + * AArch64 now supports standard branch protection security hardening + in glibc when it is built with a GCC that is configured with + --enable-standard-branch-protection (or if -mbranch-protection=standard + flag is passed when building both GCC target libraries and glibc, + in either case a custom GCC is needed) + * The deprecated <sys/sysctl.h> header and the sysctl function have been + removed + * The sstk function is no longer available to newly linked binaries + * The legacy signal handling functions siginterrupt, sigpause, sighold, + sigrelse, sigignore and sigset, and the sigmask macro have been + deprecated + * ldconfig now defaults to the new format for ld.so.cache + * The deprecated arrays sys_siglist, _sys_siglist, and sys_sigabbrev + are no longer available to newly linked binaries, and their declarations + have been removed from <string.h> + * The deprecated symbols sys_errlist, _sys_errlist, sys_nerr, and _sys_nerr + are no longer available to newly linked binaries, and their declarations + have been removed from from <stdio.h> + * Both strerror and strerror_l now share the same internal buffer in the + calling thread, meaning that the returned string pointer may be invalided + or contents might be overwritten on subsequent calls in the same thread or + if the thread is terminated + * Using weak references to libpthread functions such as pthread_create + or pthread_key_create to detect the singled-threaded nature of a + program is an obsolescent feature + * The "files" NSS module no longer supports the "key" database (used for + secure RPC) + * The __morecore and __after_morecore_hook malloc hooks and the default + implementation __default_morecore have been deprecated + * The hesiod NSS module has been deprecated and will be removed in a + future version of glibc + * CVE-2016-10228: An infinite loop has been fixed in the iconv program when + invoked with the -c option and when processing invalid multi-byte input + sequences + * CVE-2020-10029: Trigonometric functions on x86 targets suffered from stack + corruption when they were passed a pseudo-zero argument + * CVE-2020-1752: A use-after-free vulnerability in the glob function when + expanding ~user has been fixed. + * CVE-2020-6096: A signed comparison vulnerability in the ARMv7 memcpy and + memmove functions has been fixed +- riscv-syscall-clobber.patch, ldbl-96-rem-pio2l.patch, + long-double-alias.patch: Removed + +------------------------------------------------------------------- Old: ---- glibc-2.31.tar.xz glibc-2.31.tar.xz.sig ldbl-96-rem-pio2l.patch long-double-alias.patch riscv-syscall-clobber.patch New: ---- glibc-2.32.tar.xz glibc-2.32.tar.xz.sig ifunc-fma4.patch syslog-locking.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.OFg9Hd/_old 2020-10-06 17:09:53.897464469 +0200 +++ /var/tmp/diff_new_pack.OFg9Hd/_new 2020-10-06 17:09:53.905464475 +0200 @@ -131,7 +131,7 @@ %define powerpc_optimize_cpu_power6 0 %define powerpc_optimize_cpu_power7 0 %define powerpc_optimize_cpu_cell 0 -%endif # ppc, ppc64 +%endif # glibc requires at least kernel 3.2 %define enablekernel 3.2 # some architectures need a newer kernel @@ -148,7 +148,7 @@ %define enablekernel 4.15 %endif -Version: 2.31 +Version: 2.32 Release: 0 %if !%{build_snapshot} %define git_id 0a8262a1b2 @@ -259,12 +259,10 @@ ### # Patches from upstream ### -# PATCH-FIX-UPSTREAM riscv: Avoid clobbering register parameters in syscall -Patch1000: riscv-syscall-clobber.patch -# PATCH-FIX-UPSTREAM Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (CVE-2020-10029, BZ #25487) -Patch1001: ldbl-96-rem-pio2l.patch -# PATCH-FIX-UPSTREAM Fix build with GCC 10 when long double = double -Patch1002: long-double-alias.patch +# PATCH-FIX-UPSTREAM Correct locking and cancellation cleanup in syslog functions (BZ #26100) +Patch1000: syslog-locking.patch +# PATCH-FIX-UPSTREAM x86-64: Fix FMA4 detection in ifunc (BZ #26534) +Patch1001: ifunc-fma4.patch ### # Patches awaiting upstream approval @@ -454,7 +452,7 @@ makedb: A program to create a database for nss %lang_package -%endif # main +%endif %prep %setup -n glibc-%{version} -q -a 4 @@ -479,7 +477,6 @@ %patch1000 -p1 %patch1001 -p1 -%patch1002 -p1 %patch2000 -p1 %patch2001 -p1 @@ -689,8 +686,8 @@ %if %{powerpc_optimize_cpu_cell} configure_and_build_glibc ppc-cell-be "$BuildFlags -mcpu=cell" %endif - %endif # %{build_variants} -%endif # optimize_power + %endif +%endif # # Build html documentation @@ -811,7 +808,7 @@ cc-base/elf/ldconfig -vn %{buildroot}/%{_lib}/power6x fi %endif -%endif # optimize_power +%endif # Install locales %if %{build_locales} @@ -842,7 +839,11 @@ # Miscelanna: install -m 644 %{SOURCE7} %{buildroot}/etc +%if %suse_version > 1500 install -D -m 644 %{SOURCE5} %{buildroot}%{_prefix}/etc/nsswitch.conf +%else +install -m 644 %{SOURCE5} %{buildroot}/etc +%endif mkdir -p %{buildroot}/etc/default install -m 644 nis/nss %{buildroot}/etc/default/ @@ -933,7 +934,7 @@ rm -rf %{buildroot}%{_infodir} %{buildroot}%{_prefix}/share/i18n rm -f %{buildroot}%{_bindir}/makedb %{buildroot}/var/lib/misc/Makefile rm -f %{buildroot}%{_sbindir}/nscd -%endif # i686 +%endif %ifnarch i686 # /var/lib/misc is incompatible with transactional updates (bsc#1138726) @@ -942,7 +943,7 @@ ln -s %{_prefix}/share/misc/Makefile.makedb %{buildroot}/var/lib/misc/Makefile %endif -%endif # !utils +%endif # LSB %ifarch %ix86 @@ -964,7 +965,7 @@ ln -sf /%{_lib}/ld64.so.1 $RPM_BUILD_ROOT/%{_lib}/ld-lsb-s390x.so.3 %endif -%else # !main +%else %if %{build_utils} @@ -982,9 +983,9 @@ rm %{buildroot}/%{_lib}/lp64d %{buildroot}%{_libdir}/lp64d %endif -%endif # utils +%endif -%endif # !main +%endif %if %{build_main} @@ -1090,8 +1091,12 @@ %config /etc/ld.so.conf %attr(0644,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /etc/ld.so.cache %config(noreplace) /etc/rpc +%if %suse_version > 1500 %attr(0644,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /etc/nsswitch.conf %{_prefix}/etc/nsswitch.conf +%else +%verify(not md5 size mtime) %config(noreplace) /etc/nsswitch.conf +%endif %attr(0644,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /etc/gai.conf %doc posix/gai.conf %config(noreplace) /etc/default/nss @@ -1211,7 +1216,7 @@ %if %{powerpc_optimize_cpu_cell} %{optimized_libs ppc-cell-be} %endif -%endif # optimize_power +%endif %dir %attr(0700,root,root) /var/cache/ldconfig /sbin/ldconfig %{_bindir}/gencat @@ -1319,7 +1324,7 @@ %attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/nscd/hosts %attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/nscd/services %attr(0600,root,root) %verify(not md5 size mtime) %ghost %config(missingok,noreplace) /var/lib/nscd/netgroup -%endif # !i686 +%endif %if %{build_profile} %files profile @@ -1346,9 +1351,9 @@ /var/lib/misc/Makefile %files lang -f libc.lang -%endif # !i686 +%endif -%endif # main +%endif %if %{build_utils} %files -n glibc-utils @@ -1364,6 +1369,6 @@ %{_bindir}/sotruss %{_bindir}/xtrace %{_bindir}/pldd -%endif # utils +%endif %changelog ++++++ euc-kr-overrun.patch ++++++ --- /var/tmp/diff_new_pack.OFg9Hd/_old 2020-10-06 17:09:54.069464617 +0200 +++ /var/tmp/diff_new_pack.OFg9Hd/_new 2020-10-06 17:09:54.073464621 +0200 @@ -20,23 +20,24 @@ 4 files changed, 58 insertions(+), 9 deletions(-) create mode 100644 iconvdata/bug-iconv13.c -Index: glibc-2.30/iconvdata/Makefile +Index: glibc-2.32/iconvdata/Makefile =================================================================== ---- glibc-2.30.orig/iconvdata/Makefile -+++ glibc-2.30/iconvdata/Makefile -@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules +--- glibc-2.32.orig/iconvdata/Makefile ++++ glibc-2.32/iconvdata/Makefile +@@ -73,7 +73,8 @@ modules.so := $(addsuffix .so, $(modules ifeq (yes,$(build-shared)) tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ -- bug-iconv10 bug-iconv11 bug-iconv12 -+ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 +- bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 ++ bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ ++ bug-iconv13 ifeq ($(have-thread-library),yes) tests += bug-iconv3 endif -Index: glibc-2.30/iconvdata/bug-iconv13.c +Index: glibc-2.32/iconvdata/bug-iconv13.c =================================================================== --- /dev/null -+++ glibc-2.30/iconvdata/bug-iconv13.c ++++ glibc-2.32/iconvdata/bug-iconv13.c @@ -0,0 +1,53 @@ +/* bug 24973: Test EUC-KR module + Copyright (C) 2019 Free Software Foundation, Inc. @@ -91,10 +92,10 @@ +} + +#include <support/test-driver.c> -Index: glibc-2.30/iconvdata/euc-kr.c +Index: glibc-2.32/iconvdata/euc-kr.c =================================================================== ---- glibc-2.30.orig/iconvdata/euc-kr.c -+++ glibc-2.30/iconvdata/euc-kr.c +--- glibc-2.32.orig/iconvdata/euc-kr.c ++++ glibc-2.32/iconvdata/euc-kr.c @@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned c \ if (ch <= 0x9f) \ @@ -108,10 +109,10 @@ { \ /* This is illegal. */ \ STANDARD_FROM_LOOP_ERR_HANDLER (1); \ -Index: glibc-2.30/iconvdata/ksc5601.h +Index: glibc-2.32/iconvdata/ksc5601.h =================================================================== ---- glibc-2.30.orig/iconvdata/ksc5601.h -+++ glibc-2.30/iconvdata/ksc5601.h +--- glibc-2.32.orig/iconvdata/ksc5601.h ++++ glibc-2.32/iconvdata/ksc5601.h @@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s unsigned char ch2; int idx; ++++++ fix-locking-in-_IO_cleanup.patch ++++++ --- /var/tmp/diff_new_pack.OFg9Hd/_old 2020-10-06 17:09:54.089464635 +0200 +++ /var/tmp/diff_new_pack.OFg9Hd/_new 2020-10-06 17:09:54.089464635 +0200 @@ -5,10 +5,10 @@ heap corruption during exit. The test nptl/tst-stdio1 is removed as that was expecting the problematic behaviour. -Index: glibc-2.31/libio/genops.c +Index: glibc-2.32/libio/genops.c =================================================================== ---- glibc-2.31.orig/libio/genops.c -+++ glibc-2.31/libio/genops.c +--- glibc-2.32.orig/libio/genops.c ++++ glibc-2.32/libio/genops.c @@ -682,7 +682,7 @@ _IO_adjust_column (unsigned start, const libc_hidden_def (_IO_adjust_column) @@ -114,10 +114,10 @@ /* We currently don't have a reliable mechanism for making sure that C++ static destructors are executed in the correct order. -Index: glibc-2.31/libio/libioP.h +Index: glibc-2.32/libio/libioP.h =================================================================== ---- glibc-2.31.orig/libio/libioP.h -+++ glibc-2.31/libio/libioP.h +--- glibc-2.32.orig/libio/libioP.h ++++ glibc-2.32/libio/libioP.h @@ -487,7 +487,6 @@ extern int _IO_new_do_write (FILE *, con extern int _IO_old_do_write (FILE *, const char *, size_t); extern int _IO_wdo_write (FILE *, const wchar_t *, size_t); @@ -126,22 +126,22 @@ extern int _IO_flush_all (void); libc_hidden_proto (_IO_flush_all) extern int _IO_cleanup (void); -Index: glibc-2.31/nptl/Makefile +Index: glibc-2.32/sysdeps/pthread/Makefile =================================================================== ---- glibc-2.31.orig/nptl/Makefile -+++ glibc-2.31/nptl/Makefile -@@ -295,7 +295,7 @@ tests = tst-attr1 tst-attr2 tst-attr3 ts - tst-signal6 \ - tst-exec1 tst-exec2 tst-exec3 tst-exec4 tst-exec5 \ - tst-exit1 tst-exit2 tst-exit3 \ -- tst-stdio1 tst-stdio2 \ -+ tst-stdio2 \ - tst-stack1 tst-stack2 tst-stack3 tst-stack4 tst-pthread-getattr \ - tst-pthread-attr-affinity tst-pthread-mutexattr \ - tst-unload \ -Index: glibc-2.31/nptl/tst-stdio1.c +--- glibc-2.32.orig/sysdeps/pthread/Makefile ++++ glibc-2.32/sysdeps/pthread/Makefile +@@ -99,7 +99,7 @@ tests += tst-cnd-basic tst-mtx-trylock t + tst-signal4 tst-signal5 tst-signal6 tst-signal8 \ + tst-spin1 tst-spin2 tst-spin3 tst-spin4 \ + tst-stack1 \ +- tst-stdio1 tst-stdio2 \ ++ tst-stdio2 \ + tst-pt-sysconf \ + tst-pt-tls1 tst-pt-tls2 \ + tst-tsd1 tst-tsd2 tst-tsd5 tst-tsd6 \ +Index: glibc-2.32/sysdeps/pthread/tst-stdio1.c =================================================================== ---- glibc-2.31.orig/nptl/tst-stdio1.c +--- glibc-2.32.orig/sysdeps/pthread/tst-stdio1.c +++ /dev/null @@ -1,56 +0,0 @@ -/* Copyright (C) 2002-2020 Free Software Foundation, Inc. ++++++ glibc-2.31.tar.xz -> glibc-2.32.tar.xz ++++++ /work/SRC/openSUSE:Factory/glibc/glibc-2.31.tar.xz /work/SRC/openSUSE:Factory/.glibc.new.4249/glibc-2.32.tar.xz differ: char 27, line 2 ++++++ glibc-bindresvport-blacklist.diff ++++++ --- /var/tmp/diff_new_pack.OFg9Hd/_old 2020-10-06 17:09:54.165464700 +0200 +++ /var/tmp/diff_new_pack.OFg9Hd/_new 2020-10-06 17:09:54.169464704 +0200 @@ -1,7 +1,7 @@ -Index: glibc-2.27/sunrpc/bindrsvprt.c +Index: glibc-2.32/inet/bindresvport.c =================================================================== ---- glibc-2.27.orig/sunrpc/bindrsvprt.c -+++ glibc-2.27/sunrpc/bindrsvprt.c +--- glibc-2.32.orig/inet/bindresvport.c ++++ glibc-2.32/inet/bindresvport.c @@ -29,6 +29,9 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ ++++++ ifunc-fma4.patch ++++++ >From 23af890b3f04e80da783ba64e6b6d94822e01d54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Ho=C5=A1ek?= <ondra.ho...@gmail.com> Date: Wed, 26 Aug 2020 04:26:50 +0200 Subject: [PATCH] x86-64: Fix FMA4 detection in ifunc [BZ #26534] A typo in commit 107e6a3c2212ba7a3a4ec7cae8d82d73f7c95d0b causes the FMA4 code path to be taken on systems that support FMA, even if they do not support FMA4. Fix this to detect FMA4. --- sysdeps/x86_64/fpu/multiarch/ifunc-fma4.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysdeps/x86_64/fpu/multiarch/ifunc-fma4.h b/sysdeps/x86_64/fpu/multiarch/ifunc-fma4.h index 7659758972..e5fd5ac9cb 100644 --- a/sysdeps/x86_64/fpu/multiarch/ifunc-fma4.h +++ b/sysdeps/x86_64/fpu/multiarch/ifunc-fma4.h @@ -32,7 +32,7 @@ IFUNC_SELECTOR (void) && CPU_FEATURE_USABLE_P (cpu_features, AVX2)) return OPTIMIZE (fma); - if (CPU_FEATURE_USABLE_P (cpu_features, FMA)) + if (CPU_FEATURE_USABLE_P (cpu_features, FMA4)) return OPTIMIZE (fma4); return OPTIMIZE (sse2); -- 2.28.0 ++++++ syslog-locking.patch ++++++ >From 518db378cedc755f0ae311a1bc0487a4264f4bf0 Mon Sep 17 00:00:00 2001 From: Andreas Schwab <sch...@suse.de> Date: Tue, 23 Jun 2020 12:55:49 +0200 Subject: [PATCH] Correct locking and cancellation cleanup in syslog functions (bug 26100) Properly serialize the access to the global state shared between the syslog functions, to avoid races in multithreaded processes. Protect a local allocation in the __vsyslog_internal function from leaking during cancellation. --- misc/syslog.c | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) Index: glibc-2.32/misc/syslog.c =================================================================== --- glibc-2.32.orig/misc/syslog.c +++ glibc-2.32/misc/syslog.c @@ -91,14 +91,20 @@ struct cleanup_arg static void cancel_handler (void *ptr) { -#ifndef NO_SIGPIPE /* Restore the old signal handler. */ struct cleanup_arg *clarg = (struct cleanup_arg *) ptr; - if (clarg != NULL && clarg->oldaction != NULL) - __sigaction (SIGPIPE, clarg->oldaction, NULL); + if (clarg != NULL) + { +#ifndef NO_SIGPIPE + if (clarg->oldaction != NULL) + __sigaction (SIGPIPE, clarg->oldaction, NULL); #endif + /* Free the memstream buffer, */ + free (clarg->buf); + } + /* Free the lock. */ __libc_lock_unlock (syslog_lock); } @@ -169,9 +175,17 @@ __vsyslog_internal(int pri, const char * pri &= LOG_PRIMASK|LOG_FACMASK; } + /* Prepare for multiple users. We have to take care: most + syscalls we are using are cancellation points. */ + struct cleanup_arg clarg; + clarg.buf = NULL; + clarg.oldaction = NULL; + __libc_cleanup_push (cancel_handler, &clarg); + __libc_lock_lock (syslog_lock); + /* Check priority against setlogmask values. */ if ((LOG_MASK (LOG_PRI (pri)) & LogMask) == 0) - return; + goto out; /* Set default facility if none specified. */ if ((pri & LOG_FACMASK) == 0) @@ -235,6 +249,9 @@ __vsyslog_internal(int pri, const char * /* Close the memory stream; this will finalize the data into a malloc'd buffer in BUF. */ fclose (f); + + /* Tell the cancellation handler to free this buffer. */ + clarg.buf = buf; } /* Output to stderr if requested. */ @@ -252,22 +269,10 @@ __vsyslog_internal(int pri, const char * v->iov_len = 1; } - __libc_cleanup_push (free, buf == failbuf ? NULL : buf); - /* writev is a cancellation point. */ (void)__writev(STDERR_FILENO, iov, v - iov + 1); - - __libc_cleanup_pop (0); } - /* Prepare for multiple users. We have to take care: open and - write are cancellation points. */ - struct cleanup_arg clarg; - clarg.buf = buf; - clarg.oldaction = NULL; - __libc_cleanup_push (cancel_handler, &clarg); - __libc_lock_lock (syslog_lock); - #ifndef NO_SIGPIPE /* Prepare for a broken connection. */ memset (&action, 0, sizeof (action)); @@ -320,6 +325,7 @@ __vsyslog_internal(int pri, const char * __sigaction (SIGPIPE, &oldaction, (struct sigaction *) NULL); #endif + out: /* End of critical section. */ __libc_cleanup_pop (0); __libc_lock_unlock (syslog_lock); @@ -430,8 +436,14 @@ setlogmask (int pmask) { int omask; + /* Protect against multiple users. */ + __libc_lock_lock (syslog_lock); + omask = LogMask; if (pmask != 0) LogMask = pmask; + + __libc_lock_unlock (syslog_lock); + return (omask); }