[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Tuesday, May 3, 2016 @ 23:52:29 Author: heftig Revision: 173612 2.23-2 Modified: lib32-glibc/trunk/PKGBUILD Deleted: lib32-glibc/trunk/glibc-2.22-CVE-2015-7547.patch lib32-glibc/trunk/glibc-2.22-roundup.patch + PKGBUILD |6 glibc-2.22-CVE-2015-7547.patch | 572 glibc-2.22-roundup.patch | 2747 --- 3 files changed, 3 insertions(+), 3322 deletions(-) The diff is longer than the limit of 200KB. Use svn diff -r 173611:173612 to see the changes.
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Tuesday, September 9, 2014 @ 23:13:09 Author: heftig Revision: 118723 remove obsolete patches Deleted: lib32-glibc/trunk/glibc-2.19-fix-sign-in-bsloww1-input.patch lib32-glibc/trunk/glibc-2.19-tzselect-default.patch lib32-glibc/trunk/glibc-2.19-xattr_header.patch + glibc-2.19-fix-sign-in-bsloww1-input.patch | 71 --- glibc-2.19-tzselect-default.patch | 13 glibc-2.19-xattr_header.patch | 42 --- 3 files changed, 126 deletions(-) Deleted: glibc-2.19-fix-sign-in-bsloww1-input.patch === --- glibc-2.19-fix-sign-in-bsloww1-input.patch 2014-09-09 21:08:46 UTC (rev 118722) +++ glibc-2.19-fix-sign-in-bsloww1-input.patch 2014-09-09 21:13:09 UTC (rev 118723) @@ -1,71 +0,0 @@ -From ffe768a90912f9bce43b70a82576b3dc99e3121c Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Thu, 27 Feb 2014 21:29:16 +0530 -Subject: [PATCH] Fix sign of input to bsloww1 (BZ #16623) - -In 84ba214c, I removed some redundant sign computations and in the -process, I incorrectly got rid of a temporary variable, thus passing -the absolute value of the input to bsloww1. This caused #16623. - -This fix undoes the incorrect change. - sysdeps/ieee754/dbl-64/s_sin.c | 16 ++-- - 3 files changed, 18 insertions(+), 7 deletions(-) - -diff --git a/sysdeps/ieee754/dbl-64/s_sin.c b/sysdeps/ieee754/dbl-64/s_sin.c -index 6105e9f..50109b8 100644 a/sysdeps/ieee754/dbl-64/s_sin.c -+++ b/sysdeps/ieee754/dbl-64/s_sin.c -@@ -447,19 +447,21 @@ __sin (double x) - } - else - { -+double t; - if (a > 0) - { - m = 1; -+t = a; - db = da; - } - else - { - m = 0; --a = -a; -+t = -a; - db = -da; - } --u.x = big + a; --y = a - (u.x - big); -+u.x = big + t; -+y = t - (u.x - big); - res = do_sin (u, y, db, &cor); - cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps; - retval = ((res == res + cor) ? ((m) ? res : -res) -@@ -671,19 +673,21 @@ __cos (double x) - } - else - { -+double t; - if (a > 0) - { - m = 1; -+t = a; - db = da; - } - else - { - m = 0; --a = -a; -+t = -a; - db = -da; - } --u.x = big + a; --y = a - (u.x - big); -+u.x = big + t; -+y = t - (u.x - big); - res = do_sin (u, y, db, &cor); - cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps; - retval = ((res == res + cor) ? ((m) ? res : -res) --- -1.9.0 - Deleted: glibc-2.19-tzselect-default.patch === --- glibc-2.19-tzselect-default.patch 2014-09-09 21:08:46 UTC (rev 118722) +++ glibc-2.19-tzselect-default.patch 2014-09-09 21:13:09 UTC (rev 118723) @@ -1,13 +0,0 @@ -diff --git a/timezone/Makefile b/timezone/Makefile -index 998cd14..d5f647c 100644 a/timezone/Makefile -+++ b/timezone/Makefile -@@ -118,7 +118,7 @@ $(testdata)/Asia/Tokyo: asia $(zic-deps) - - $(objpfx)tzselect: tzselect.ksh $(common-objpfx)config.make - sed -e 's|/bin/bash|$(KSH)|g' \ -- -e '/TZDIR=/s|\$$(pwd)|$(zonedir)|' \ -+ -e 's|TZDIR=[^}]*|TZDIR=$(zonedir)|' \ - -e '/TZVERSION=/s|see_Makefile|"$(version)"|' \ - -e '/PKGVERSION=/s|=.*|="$(PKGVERSION)"|' \ - -e '/REPORT_BUGS_TO=/s|=.*|="$(REPORT_BUGS_TO)"|' \ Deleted: glibc-2.19-xattr_header.patch === --- glibc-2.19-xattr_header.patch 2014-09-09 21:08:46 UTC (rev 118722) +++ glibc-2.19-xattr_header.patch 2014-09-09 21:13:09 UTC (rev 118723) @@ -1,42 +0,0 @@ -From: Serge Hallyn -Date: Tue, 11 Mar 2014 04:17:07 + (-0500) -Subject: misc/sys/xattr.h: guard against linux uapi header inclusion -X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=fdbe8eae;hp=fede7a5ffa188c22c3789135bd5cf82e487dd3d0 - -misc/sys/xattr.h: guard against linux uapi header inclusion - -If the glibc xattr.h header is included after the uapi header, -compilation fails due to an enum re-using a #define from the -uapi header. Protect against this by guarding the define and -enum inclusions against each other. - -(A corresponding kernel patch has been sent here: -http://lkml.org/lkml/2014/3/7/331 ) - -(See https://lists.debian.org/debian-glibc/2014/03/msg00029.html -and https://sourceware.org/glibc/wiki/Synchronizing_Headers -for more informatio
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Wednesday, April 23, 2014 @ 16:15:04 Author: heftig Revision: 110036 gcc 4.9 Added: lib32-glibc/trunk/glibc-2.19-xattr_header.patch Modified: lib32-glibc/trunk/PKGBUILD Deleted: lib32-glibc/trunk/glibc-2.18-xattr-compat-hack.patch + PKGBUILD | 15 +++- glibc-2.18-xattr-compat-hack.patch | 19 --- glibc-2.19-xattr_header.patch | 42 +++ 3 files changed, 51 insertions(+), 25 deletions(-) Modified: PKGBUILD === --- PKGBUILD2014-04-23 13:58:04 UTC (rev 110035) +++ PKGBUILD2014-04-23 14:15:04 UTC (rev 110036) @@ -9,7 +9,7 @@ _pkgbasename=glibc pkgname=lib32-$_pkgbasename pkgver=2.19 -pkgrel=3 +pkgrel=4 pkgdesc="GNU C Library for multilib" arch=('x86_64') url="http://www.gnu.org/software/libc"; @@ -17,12 +17,12 @@ makedepends=('gcc-multilib>=4.7') options=('!strip' '!emptydirs' 'staticlibs') source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig} -glibc-2.18-xattr-compat-hack.patch +glibc-2.19-xattr_header.patch glibc-2.19-fix-sign-in-bsloww1-input.patch lib32-glibc.conf) md5sums=('e26b8cc666b162f999404b03970f14e4' 'SKIP' - '7ca96c68a37f2a4ab91792bfa0160a24' + '39a4876837789e07746f1d84cd8cb46a' '755a1a9d7844a5e338eddaa9a5d974cd' '6e052f1cb693d5d3203f50f9d4e8c33b') @@ -29,8 +29,8 @@ prepare() { cd ${srcdir}/${_pkgbasename}-${pkgver} - # hack fix for {linux,sys}/xattr.h incompatibility - patch -p1 -i $srcdir/glibc-2.18-xattr-compat-hack.patch + # fix for {linux,sys}/xattr.h incompatibility - commit fdbe8eae + patch -p1 -i $srcdir/glibc-2.19-xattr_header.patch # fix issues in sin/cos slow path calculation - commit ffe768a9 patch -p1 -i $srcdir/glibc-2.19-fix-sign-in-bsloww1-input.patch @@ -89,7 +89,10 @@ LDFLAGS=${LDFLAGS/--as-needed,/} cd ${srcdir}/glibc-build - make check + + # only acceptable testsuite error is some small libm ulp failures on i686 with gcc-4.9 + # TODO: fix upstream and provide patch + make -k check || true } package() { Deleted: glibc-2.18-xattr-compat-hack.patch === --- glibc-2.18-xattr-compat-hack.patch 2014-04-23 13:58:04 UTC (rev 110035) +++ glibc-2.18-xattr-compat-hack.patch 2014-04-23 14:15:04 UTC (rev 110036) @@ -1,19 +0,0 @@ -diff -Naur glibc-2.18-orig/misc/sys/xattr.h glibc-2.18/misc/sys/xattr.h glibc-2.18-orig/misc/sys/xattr.h 2013-08-11 08:52:55.0 +1000 -+++ glibc-2.18/misc/sys/xattr.h2014-01-07 15:45:50.533969040 +1000 -@@ -26,13 +26,8 @@ - - /* The following constants should be used for the fifth parameter of -`*setxattr'. */ --enum --{ -- XATTR_CREATE = 1, /* set value, fail if attr already exists. */ --#define XATTR_CREATE XATTR_CREATE -- XATTR_REPLACE = 2 /* set value, fail if attr does not exist. */ --#define XATTR_REPLACE XATTR_REPLACE --}; -+#define XATTR_CREATE 1 -+#define XATTR_REPLACE 2 - - /* Set the attribute NAME of the file pointed to by PATH to VALUE (which -is SIZE bytes long). Return 0 on success, -1 for errors. */ Added: glibc-2.19-xattr_header.patch === --- glibc-2.19-xattr_header.patch (rev 0) +++ glibc-2.19-xattr_header.patch 2014-04-23 14:15:04 UTC (rev 110036) @@ -0,0 +1,42 @@ +From: Serge Hallyn +Date: Tue, 11 Mar 2014 04:17:07 + (-0500) +Subject: misc/sys/xattr.h: guard against linux uapi header inclusion +X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=fdbe8eae;hp=fede7a5ffa188c22c3789135bd5cf82e487dd3d0 + +misc/sys/xattr.h: guard against linux uapi header inclusion + +If the glibc xattr.h header is included after the uapi header, +compilation fails due to an enum re-using a #define from the +uapi header. Protect against this by guarding the define and +enum inclusions against each other. + +(A corresponding kernel patch has been sent here: +http://lkml.org/lkml/2014/3/7/331 ) + +(See https://lists.debian.org/debian-glibc/2014/03/msg00029.html +and https://sourceware.org/glibc/wiki/Synchronizing_Headers +for more information.) + +Signed-off-by: Serge Hallyn +--- + +diff --git a/misc/sys/xattr.h b/misc/sys/xattr.h +index 929cd87..796df90 100644 +--- a/misc/sys/xattr.h b/misc/sys/xattr.h +@@ -26,6 +26,7 @@ __BEGIN_DECLS + + /* The following constants should be used for the fifth parameter of +`*setxattr'. */ ++#ifndef __USE_KERNEL_XATTR_DEFS + enum + { + XATTR_CREATE = 1, /* set value, fail if attr already exists. */ +@@ -33,6 +34,7 @@ enum + XATTR_REPLACE = 2 /* set value, fail if attr does not exist. */ + #define XATTR_REPLACE XATTR_REPLACE + }; ++#endif + + /* Set the attribute NAME of the file pointed to by PATH to VALUE (which +
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Saturday, October 26, 2013 @ 21:57:23 Author: heftig Revision: 99311 2.18-9 Added: lib32-glibc/trunk/glibc-2.18-getaddrinfo-CVE-2013-4458.patch lib32-glibc/trunk/glibc-2.18-getaddrinfo-assertion.patch Modified: lib32-glibc/trunk/PKGBUILD + PKGBUILD | 17 +++ glibc-2.18-getaddrinfo-CVE-2013-4458.patch | 41 +++ glibc-2.18-getaddrinfo-assertion.patch | 39 + 3 files changed, 92 insertions(+), 5 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-10-26 19:51:38 UTC (rev 99310) +++ PKGBUILD2013-10-26 19:57:23 UTC (rev 99311) @@ -9,7 +9,7 @@ _pkgbasename=glibc pkgname=lib32-$_pkgbasename pkgver=2.18 -pkgrel=8 +pkgrel=9 pkgdesc="GNU C Library for multilib" arch=('x86_64') url="http://www.gnu.org/software/libc"; @@ -22,6 +22,8 @@ glibc-2.18-malloc-corrupt-CVE-2013-4332.patch glibc-2.18-strcoll-CVE-2012-4412+4424.patch glibc-2.18-ptr-mangle-CVE-2013-4788.patch +glibc-2.18-getaddrinfo-CVE-2013-4458.patch +glibc-2.18-getaddrinfo-assertion.patch glibc-2.18-strstr-hackfix.patch lib32-glibc.conf) md5sums=('88fbbceafee809e82efd52efa1e3c58f' @@ -31,6 +33,8 @@ 'b79561ab9dce900e9bbeaf0d49927c2b' 'c7264b99d0f7e51922a4d3126182c40a' '9749ba386b08a8fe53e7ecede9bf2dfb' + '71329fccb8eb583fb0d67b55f1e8df68' + 'd4d86add33f22125777e0ecff06bc9bb' '4441f6dfe7d75ced1fa75e54dd21d36e' '6e052f1cb693d5d3203f50f9d4e8c33b') @@ -47,13 +51,17 @@ patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch # upstream commits 1326ba1a, 141f3a77 and 303e567a - # https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html - # https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch # upstream commits c61b4d41 and 0b1f8e35 patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch + # upstream commit 7cbcdb36 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch + + # upstream commit 894f3f10 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch + # hack fix for strstr issues on x86 patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch @@ -135,9 +143,8 @@ ln -s ../lib/locale "$pkgdir/usr/lib32/locale" # remove the static libraries that have a shared counterpart - cd $pkgdir/usr/lib32 # note: keep libc, libdl, libm, libpthread for binutils testsuite - rm lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a + rm $pkgdir/usr/lib32/lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a # Do not strip the following files for improved debugging support # ("improved" as in not breaking gdb and valgrind...): Added: glibc-2.18-getaddrinfo-CVE-2013-4458.patch === --- glibc-2.18-getaddrinfo-CVE-2013-4458.patch (rev 0) +++ glibc-2.18-getaddrinfo-CVE-2013-4458.patch 2013-10-26 19:57:23 UTC (rev 99311) @@ -0,0 +1,41 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index e6ce4cf..8ff74b4 100644 +--- a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + &rc, &herrno, NULL, &localcanon));\ + if (rc != ERANGE || herrno != NETDB_INTERNAL) \ + break;\ +-tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ ++if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ ++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ ++alloca_used); \ ++else\ ++ { \ ++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ ++2 * tmpbuflen); \ ++ if (newp == NULL) \ ++{ \ ++ result = -EAI_MEMORY; \ ++ goto free_and_return; \ ++} \ ++ tmpbuf = newp;\ ++ malloc_tmpbuf = true; \ ++ tmpbuflen = 2 * tmpbuflen;
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Sunday, September 15, 2013 @ 23:11:02 Author: heftig Revision: 97253 2.18-4 Added: lib32-glibc/trunk/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch lib32-glibc/trunk/glibc-2.18-strcoll-CVE-2012-4412+4424.patch Modified: lib32-glibc/trunk/PKGBUILD ---+ PKGBUILD | 21 glibc-2.18-malloc-corrupt-CVE-2013-4332.patch | 54 + glibc-2.18-strcoll-CVE-2012-4412+4424.patch | 1004 3 files changed, 1074 insertions(+), 5 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-09-15 20:57:59 UTC (rev 97252) +++ PKGBUILD2013-09-15 21:11:02 UTC (rev 97253) @@ -9,7 +9,7 @@ _pkgbasename=glibc pkgname=lib32-$_pkgbasename pkgver=2.18 -pkgrel=3 +pkgrel=4 pkgdesc="GNU C Library for multilib" arch=('x86_64') url="http://www.gnu.org/software/libc"; @@ -18,21 +18,32 @@ options=('!strip' '!emptydirs') source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig} glibc-2.18-readdir_r-CVE-2013-4237.patch +glibc-2.18-malloc-corrupt-CVE-2013-4332.patch +glibc-2.18-strcoll-CVE-2012-4412+4424.patch glibc-2.18-strstr-hackfix.patch lib32-glibc.conf) md5sums=('88fbbceafee809e82efd52efa1e3c58f' 'SKIP' '154da6bf5a5248f42a7bf5bf08e01a47' + 'b79561ab9dce900e9bbeaf0d49927c2b' + 'c7264b99d0f7e51922a4d3126182c40a' '4441f6dfe7d75ced1fa75e54dd21d36e' '6e052f1cb693d5d3203f50f9d4e8c33b') - prepare() { cd ${srcdir}/${_pkgbasename}-${pkgver} - + # upstream commit 91ce4085 patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch - + + # upstream commits 1159a193, 55e17aad and b73ed247 + patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch + + # upstream commit 1326ba1a and two not yet committed patches + # https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html + # https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html + patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch + # hack fix for strstr issues on x86 patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch @@ -74,7 +85,7 @@ # build libraries with hardening disabled echo "build-programs=no" >> configparms make - + # re-enable hardening for programs sed -i "/build-programs=/s#no#yes#" configparms echo "CC += -fstack-protector -D_FORTIFY_SOURCE=2" >> configparms Added: glibc-2.18-malloc-corrupt-CVE-2013-4332.patch === --- glibc-2.18-malloc-corrupt-CVE-2013-4332.patch (rev 0) +++ glibc-2.18-malloc-corrupt-CVE-2013-4332.patch 2013-09-15 21:11:02 UTC (rev 97253) @@ -0,0 +1,54 @@ +diff --git a/malloc/malloc.c b/malloc/malloc.c +index dd295f5..7f43ba3 100644 +--- a/malloc/malloc.c b/malloc/malloc.c +@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes) + size_t page_mask = GLRO(dl_pagesize) - 1; + size_t rounded_bytes = (bytes + page_mask) & ~(page_mask); + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE) ++{ ++ __set_errno (ENOMEM); ++ return 0; ++} ++ + void *(*hook) (size_t, size_t, const void *) = + force_reg (__memalign_hook); + if (__builtin_expect (hook != NULL, 0)) +diff --git a/malloc/malloc.c b/malloc/malloc.c +index 7f43ba3..3148c5f 100644 +--- a/malloc/malloc.c b/malloc/malloc.c +@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes) + + size_t pagesz = GLRO(dl_pagesize); + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - pagesz - MINSIZE) ++{ ++ __set_errno (ENOMEM); ++ return 0; ++} ++ + void *(*hook) (size_t, size_t, const void *) = + force_reg (__memalign_hook); + if (__builtin_expect (hook != NULL, 0)) +diff --git a/malloc/malloc.c b/malloc/malloc.c +index 3148c5f..f7718a9 100644 +--- a/malloc/malloc.c b/malloc/malloc.c +@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes) + /* Otherwise, ensure that it is at least a minimum chunk size */ + if (alignment < MINSIZE) alignment = MINSIZE; + ++ /* Check for overflow. */ ++ if (bytes > SIZE_MAX - alignment - MINSIZE) ++{ ++ __set_errno (ENOMEM); ++ return 0; ++} ++ + arena_get(ar_ptr, bytes + alignment + MINSIZE); + if(!ar_ptr) + return 0; Added: glibc-2.18-strcoll-CVE-2012-4412+4424.patch === --- glibc-2.18-strcoll-CVE-2012-4412+4424.patch (rev 0) +++ glibc-2.18-strcoll-CVE-2012-4412+4424.patch 2013-09-15 21:11:02 UTC (rev 97253) @@ -0,0 +1,1004 @@ +diff --git a/string/strcoll_l.c b/string/strcoll_l.c +index ecda08f..bb34a72 100644 +--- a/string/strcoll_l.c b/string/strcoll_l.c +@@ -41,11 +41,434 @@ + + #include "../locale/localeinfo.h" + ++/* Track status while looking for sequences
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Friday, August 16, 2013 @ 20:20:12 Author: heftig Revision: 95774 2.18-2 Added: lib32-glibc/trunk/glibc-2.18-readdir_r-CVE-2013-4237.patch lib32-glibc/trunk/glibc-2.18-strstr-hackfix.patch Modified: lib32-glibc/trunk/PKGBUILD --+ PKGBUILD | 27 ++ glibc-2.18-readdir_r-CVE-2013-4237.patch | 281 + glibc-2.18-strstr-hackfix.patch | 13 + 3 files changed, 314 insertions(+), 7 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-08-16 17:52:10 UTC (rev 95773) +++ PKGBUILD2013-08-16 18:20:12 UTC (rev 95774) @@ -9,7 +9,7 @@ _pkgbasename=glibc pkgname=lib32-$_pkgbasename pkgver=2.18 -pkgrel=1 +pkgrel=2 pkgdesc="GNU C Library for multilib" arch=('x86_64') url="http://www.gnu.org/software/libc"; @@ -17,31 +17,44 @@ makedepends=('gcc-multilib>=4.7') options=('!strip' '!emptydirs') source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig} +glibc-2.18-readdir_r-CVE-2013-4237.patch +glibc-2.18-strstr-hackfix.patch lib32-glibc.conf) md5sums=('88fbbceafee809e82efd52efa1e3c58f' 'SKIP' + '154da6bf5a5248f42a7bf5bf08e01a47' + '4441f6dfe7d75ced1fa75e54dd21d36e' '6e052f1cb693d5d3203f50f9d4e8c33b') -build() { +prepare() { cd ${srcdir}/${_pkgbasename}-${pkgver} + + # upstream commit 91ce4085 + patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch + + # hack fix for strstr issues on x86 + patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch - cd ${srcdir} - mkdir glibc-build - cd glibc-build + mkdir ${srcdir}/glibc-build +} +build() { + cd ${srcdir}/glibc-build + #if [[ ${CARCH} = "i686" ]]; then # Hack to fix NPTL issues with Xen, only required on 32bit platforms # TODO: make separate glibc-xen package for i686 export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs" #fi - export CC="gcc -m32" - export CXX="g++ -m32" echo "slibdir=/usr/lib32" >> configparms echo "sbindir=/usr/bin" >> configparms echo "rootsbindir=/usr/bin" >> configparms + export CC="gcc -m32" + export CXX="g++ -m32" + # remove hardening options for building libraries CFLAGS=${CFLAGS/-fstack-protector/} CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/} Added: glibc-2.18-readdir_r-CVE-2013-4237.patch === --- glibc-2.18-readdir_r-CVE-2013-4237.patch(rev 0) +++ glibc-2.18-readdir_r-CVE-2013-4237.patch2013-08-16 18:20:12 UTC (rev 95774) @@ -0,0 +1,281 @@ +diff --git a/manual/conf.texi b/manual/conf.texi +index 7eb8b36..c720063 100644 +--- a/manual/conf.texi b/manual/conf.texi +@@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues}. + @deftypevr Macro int NAME_MAX + The uniform system limit (if any) for the length of a file name component, not + including the terminating null character. ++ ++@strong{Portability Note:} On some systems, @theglibc{} defines ++@code{NAME_MAX}, but does not actually enforce this limit. + @end deftypevr + + @comment limits.h +@@ -1157,6 +1160,9 @@ including the terminating null character. + The uniform system limit (if any) for the length of an entire file name (that + is, the argument given to system calls such as @code{open}), including the + terminating null character. ++ ++@strong{Portability Note:} @Theglibc{} does not enforce this limit ++even if @code{PATH_MAX} is defined. + @end deftypevr + + @cindex limits, pipe buffer size +@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}. + Inquire about the value of @code{POSIX_REC_XFER_ALIGN}. + @end table + ++@strong{Portability Note:} On some systems, @theglibc{} does not ++enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits. ++ + @node Utility Limits + @section Utility Program Capacity Limits + +diff --git a/manual/filesys.texi b/manual/filesys.texi +index 1df9cf2..814c210 100644 +--- a/manual/filesys.texi b/manual/filesys.texi +@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}. + @comment POSIX.1 + @deftypefun {struct dirent *} readdir (DIR *@var{dirstream}) + This function reads the next entry from the directory. It normally +-returns a pointer to a structure containing information about the file. +-This structure is statically allocated and can be rewritten by a +-subsequent call. ++returns a pointer to a structure containing information about the ++file. This structure is associated with the @var{dirstream} handle ++and can be rewritten by a subsequent call. + + @strong{Portability Note:} On some systems @code{readdir} may not + return entries for @file{.} and @file{..}, even though these are always +@@ -461,19 +461,61 @@ conditions are defined for this function: + The @var{dirstream} argument is not valid. + @end table + +-@code{readdir} is not
[arch-commits] Commit in lib32-glibc/trunk (3 files)
Date: Wednesday, April 10, 2013 @ 21:23:27 Author: heftig Revision: 88065 2.17-5 Added: lib32-glibc/trunk/glibc-2.17-getaddrinfo-stack-overflow.patch lib32-glibc/trunk/glibc-2.17-regexp-matcher-overrun.patch Modified: lib32-glibc/trunk/PKGBUILD -+ PKGBUILD| 18 ++- glibc-2.17-getaddrinfo-stack-overflow.patch | 47 glibc-2.17-regexp-matcher-overrun.patch | 137 ++ 3 files changed, 198 insertions(+), 4 deletions(-) Modified: PKGBUILD === --- PKGBUILD2013-04-10 19:21:49 UTC (rev 88064) +++ PKGBUILD2013-04-10 19:23:27 UTC (rev 88065) @@ -9,7 +9,7 @@ _pkgbasename=glibc pkgname=lib32-$_pkgbasename pkgver=2.17 -pkgrel=4 +pkgrel=5 pkgdesc="GNU C Library for multilib" arch=('x86_64') url="http://www.gnu.org/software/libc"; @@ -18,10 +18,14 @@ options=('!strip' '!emptydirs') source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig} glibc-2.17-sync-with-linux37.patch +glibc-2.17-getaddrinfo-stack-overflow.patch +glibc-2.17-regexp-matcher-overrun.patch lib32-glibc.conf) md5sums=('87bf675c8ee523ebda4803e8e1cec638' - '6db4d1661cf34282755dc90330465f6d' + 'SKIP' 'fb99380d94598cc76d793deebf630022' + '56d5f2c09503a348281a20ae404b7de3' + '200acc05961b084ee00dde919e64f82d' '6e052f1cb693d5d3203f50f9d4e8c33b') build() { @@ -30,6 +34,12 @@ # combination of upstream commits 318cd0b, b540704 and fc1abbe patch -p1 -i ${srcdir}/glibc-2.17-sync-with-linux37.patch + # CVE-2013-1914 - upstream commit 1cef1b19 + patch -p1 -i ${srcdir}/glibc-2.17-getaddrinfo-stack-overflow.patch + + # CVE-2013-0242 - upstream commit a445af0b + patch -p1 -i ${srcdir}/glibc-2.17-regexp-matcher-overrun.patch + cd ${srcdir} mkdir glibc-build cd glibc-build @@ -44,9 +54,9 @@ export CXX="g++ -m32" echo "slibdir=/usr/lib32" >> configparms - # remove hardening options from CFLAGS for building libraries + # remove hardening options for building libraries CFLAGS=${CFLAGS/-fstack-protector/} - CFLAGS=${CFLAGS/-D_FORTIFY_SOURCE=2/} + CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/} ${srcdir}/${_pkgbasename}-${pkgver}/configure --prefix=/usr \ --libdir=/usr/lib32 --libexecdir=/usr/lib32 \ Added: glibc-2.17-getaddrinfo-stack-overflow.patch === --- glibc-2.17-getaddrinfo-stack-overflow.patch (rev 0) +++ glibc-2.17-getaddrinfo-stack-overflow.patch 2013-04-10 19:23:27 UTC (rev 88065) @@ -0,0 +1,47 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index d95c2d1..2309281 100644 +--- a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +@@ -2489,11 +2489,27 @@ getaddrinfo (const char *name, const char *service, + __typeof (once) old_once = once; + __libc_once (once, gaiconf_init); + /* Sort results according to RFC 3484. */ +- struct sort_result results[nresults]; +- size_t order[nresults]; ++ struct sort_result *results; ++ size_t *order; + struct addrinfo *q; + struct addrinfo *last = NULL; + char *canonname = NULL; ++ bool malloc_results; ++ ++ malloc_results ++ = !__libc_use_alloca (nresults * (sizeof (*results) + sizeof (size_t))); ++ if (malloc_results) ++ { ++results = malloc (nresults * (sizeof (*results) + sizeof (size_t))); ++if (results == NULL) ++ { ++__free_in6ai (in6ai); ++return EAI_MEMORY; ++ } ++ } ++ else ++ results = alloca (nresults * (sizeof (*results) + sizeof (size_t))); ++ order = (size_t *) (results + nresults); + + /* Now we definitely need the interface information. */ + if (! check_pf_called) +@@ -2664,6 +2680,9 @@ getaddrinfo (const char *name, const char *service, + + /* Fill in the canonical name into the new first entry. */ + p->ai_canonname = canonname; ++ ++ if (malloc_results) ++ free (results); + } + + __free_in6ai (in6ai); +-- +1.7.1 + Added: glibc-2.17-regexp-matcher-overrun.patch === --- glibc-2.17-regexp-matcher-overrun.patch (rev 0) +++ glibc-2.17-regexp-matcher-overrun.patch 2013-04-10 19:23:27 UTC (rev 88065) @@ -0,0 +1,137 @@ +diff --git a/posix/Makefile b/posix/Makefile +index 88d409f..2cacd21 100644 +--- a/posix/Makefile b/posix/Makefile +@@ -86,7 +86,7 @@ tests:= tstgetopt testfnm runtests runptests \ + tst-rfc3484-3 \ + tst-getaddrinfo3 tst-fnmatch2 tst-cpucount tst-cpuset \ + bug-getopt1 bug-getopt2 bug-getopt3 bug-getopt4 \ +- bug-getopt5 tst-getop