Author: aurel32 Date: 2015-08-28 21:29:55 +0000 (Fri, 28 Aug 2015) New Revision: 6494
Modified: glibc-package/trunk/debian/changelog glibc-package/trunk/debian/patches/git-updates.diff Log: * Update from upstream stable branch: - Fix pthread_mutex_trylock with lock elision. Closes: #759197, #788999. - Fix gprof entry point on ppc64el. Closes: #794222. - Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781) Closes: #796105. Modified: glibc-package/trunk/debian/changelog =================================================================== --- glibc-package/trunk/debian/changelog 2015-08-28 21:20:54 UTC (rev 6493) +++ glibc-package/trunk/debian/changelog 2015-08-28 21:29:55 UTC (rev 6494) @@ -1,5 +1,6 @@ glibc (2.19-20~0) UNRELEASED; urgency=medium + [ Samuel Thibault ] * patches/hurd-i386/tg-mmap32th_bit.diff: New patch to fix libpciaccess mapping of BARs above 2GiB. Closes: #793543. * rules.d/build.mk: Also install crt0.o in stage1, if any. @@ -16,6 +17,14 @@ build, so that we can pass --with-headers to configure to make the build really self-hosted. + [ Aurelien Jarno ] + * Update from upstream stable branch: + - Fix pthread_mutex_trylock with lock elision. Closes: #759197, + #788999. + - Fix gprof entry point on ppc64el. Closes: #794222. + - Fix a bugger overflow in overflow in getanswer_r (CVE-2015-1781) + Closes: #796105. + -- Samuel Thibault <sthiba...@debian.org> Sun, 09 Aug 2015 20:00:16 +0000 glibc (2.19-19) unstable; urgency=medium Modified: glibc-package/trunk/debian/patches/git-updates.diff =================================================================== --- glibc-package/trunk/debian/patches/git-updates.diff 2015-08-28 21:20:54 UTC (rev 6493) +++ glibc-package/trunk/debian/patches/git-updates.diff 2015-08-28 21:29:55 UTC (rev 6494) @@ -1,10 +1,30 @@ GIT update of git://sourceware.org/git/glibc.git/release/2.19/master from glibc-2.19 diff --git a/ChangeLog b/ChangeLog -index 81c393a..cecd6ec 100644 +index 81c393a..0eb6c3f 100644 --- a/ChangeLog +++ b/ChangeLog -@@ -1,3 +1,321 @@ +@@ -1,3 +1,341 @@ ++2015-04-21 Arjun Shankar <arjun...@lostca.se> ++ ++ [BZ #18287] ++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length ++ based on padding. (CVE-2015-1781) ++ ++2014-12-11 Andreas Schwab <sch...@suse.de> ++ ++ [BZ #16657] ++ * nptl/pthread_mutex_trylock.c (__pthread_mutex_trylock): Use ++ FORCE_ELISION instead of DO_ELISION. ++ * nptl/sysdeps/unix/sysv/linux/x86/force-elision.h (DO_ELISION): ++ Remove. ++ ++2013-07-29 Adhemerval Zanella <azane...@linux.vnet.ibm.com> ++ ++ [BZ #17213] ++ * sysdeps/powerpc/powerpc64/entry.h: Fix TEXT_START definition for ++ powerpc64le. ++ +2014-11-11 Renlin Li <renlin...@arm.com> + + [BZ #17555] @@ -327,10 +347,10 @@ [BZ #16529] diff --git a/NEWS b/NEWS -index 98b479e..d74f4a6 100644 +index 98b479e..7f9388f 100644 --- a/NEWS +++ b/NEWS -@@ -5,6 +5,51 @@ See the end for copying conditions. +@@ -5,6 +5,59 @@ See the end for copying conditions. Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> using `glibc' in the "product" field. @@ -338,9 +358,17 @@ + +* The following bugs are resolved with this release: + -+ 15946, 16545, 16574, 16623, 16695, 16878, 16882, 16885, 16916, 16932, -+ 16943, 16958, 17048, 17069, 17137, 17263, 17325, 17555. ++ 15946, 16545, 16574, 16623, 16657, 16695, 16878, 16882, 16885, 16916, ++ 16932, 16943, 16958, 17048, 17069, 17137, 17213, 17263, 17325, 17555, ++ 18287. + ++* A buffer overflow in gethostbyname_r and related functions performing DNS ++ requests has been fixed. If the NSS functions were called with a ++ misaligned buffer, the buffer length change due to pointer alignment was ++ not taken into account. This could result in application crashes or, ++ potentially arbitrary code execution, using crafted, but syntactically ++ valid DNS responses. (CVE-2015-1781) ++ +* Reverted change of ABI data structures for s390 and s390x: + On s390 and s390x the size of struct ucontext and jmp_buf was increased in + 2.19. This change is reverted in 2.19.1 and 2.20. The introduced 2.19 symbol @@ -1354,6 +1382,40 @@ tst-cond1 tst-cond2 tst-cond3 tst-cond4 tst-cond5 tst-cond6 tst-cond7 \ tst-cond8 tst-cond9 tst-cond10 tst-cond11 tst-cond12 tst-cond13 \ tst-cond14 tst-cond15 tst-cond16 tst-cond17 tst-cond18 tst-cond19 \ +diff --git a/nptl/pthread_mutex_trylock.c b/nptl/pthread_mutex_trylock.c +index 4d5f75d..1157320 100644 +--- a/nptl/pthread_mutex_trylock.c ++++ b/nptl/pthread_mutex_trylock.c +@@ -26,8 +26,8 @@ + #define lll_trylock_elision(a,t) lll_trylock(a) + #endif + +-#ifndef DO_ELISION +-#define DO_ELISION(m) 0 ++#ifndef FORCE_ELISION ++#define FORCE_ELISION(m, s) + #endif + + /* We don't force elision in trylock, because this can lead to inconsistent +@@ -69,7 +69,7 @@ __pthread_mutex_trylock (mutex) + break; + + case PTHREAD_MUTEX_TIMED_ELISION_NP: +- elision: ++ elision: __attribute__((unused)) + if (lll_trylock_elision (mutex->__data.__lock, + mutex->__data.__elision) != 0) + break; +@@ -77,8 +77,7 @@ __pthread_mutex_trylock (mutex) + return 0; + + case PTHREAD_MUTEX_TIMED_NP: +- if (DO_ELISION (mutex)) +- goto elision; ++ FORCE_ELISION (mutex, goto elision); + /*FALL THROUGH*/ + case PTHREAD_MUTEX_ADAPTIVE_NP: + case PTHREAD_MUTEX_ERRORCHECK_NP: diff --git a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S b/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S index ea863d7..3accc69 100644 --- a/nptl/sysdeps/sparc/sparc32/pthread_spin_lock.S @@ -1474,6 +1536,22 @@ +versioned_symbol (libpthread, __v1siglongjmp, siglongjmp, GLIBC_2_0); +compat_symbol (libpthread, __v2siglongjmp, siglongjmp, GLIBC_2_19); +#endif /* defined SHARED && SHLIB_COMPAT (libpthread, GLIBC_2_19, GLIBC_2_20)) */ +diff --git a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h +index 945f886..a767cf1 100644 +--- a/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h ++++ b/nptl/sysdeps/unix/sysv/linux/x86/force-elision.h +@@ -16,11 +16,6 @@ + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +-/* Check for elision on this lock without upgrading. */ +-#define DO_ELISION(m) \ +- (__pthread_force_elision \ +- && (m->__data.__kind & PTHREAD_MUTEX_NO_ELISION_NP) == 0) \ +- + /* Automatically enable elision for existing user lock kinds. */ + #define FORCE_ELISION(m, s) \ + if (__pthread_force_elision \ diff --git a/nptl/tst-spin4.c b/nptl/tst-spin4.c new file mode 100644 index 0000000..5b23a17 @@ -2138,7 +2216,7 @@ { /* We need to decode the response. Just one question record. diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index f8f192e..f0b4b17 100644 +index f8f192e..f36d28b 100644 --- a/resolv/nss_dns/dns-host.c +++ b/resolv/nss_dns/dns-host.c @@ -190,7 +190,7 @@ _nss_dns_gethostbyname3_r (const char *name, int af, struct hostent *result, @@ -2228,6 +2306,16 @@ } if (n < 0) { +@@ -613,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, + int have_to_map = 0; + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; +- if (__builtin_expect (buflen < sizeof (struct host_data) + pad, 0)) ++ buflen = buflen > pad ? buflen - pad : 0; ++ if (__builtin_expect (buflen < sizeof (struct host_data), 0)) + { + /* The buffer is too small. */ + too_small: diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c index 8e80a60..13ad38c 100644 --- a/resolv/nss_dns/dns-network.c @@ -2613,6 +2701,23 @@ res = do_sin (u, y, db, &cor); cor = (cor > 0) ? 1.035 * cor + eps : 1.035 * cor - eps; retval = ((res == res + cor) ? ((m) ? res : -res) +diff --git a/sysdeps/powerpc/powerpc64/entry.h b/sysdeps/powerpc/powerpc64/entry.h +index 76ead1d..30553c1 100644 +--- a/sysdeps/powerpc/powerpc64/entry.h ++++ b/sysdeps/powerpc/powerpc64/entry.h +@@ -23,6 +23,7 @@ extern void _start (void); + + #define ENTRY_POINT _start + ++#if _CALL_ELF != 2 + /* We have to provide a special declaration. */ + #define ENTRY_POINT_DECL(class) class void _start (void); + +@@ -33,3 +34,4 @@ extern void _start (void); + #define TEXT_START \ + ({ extern unsigned long int _start_as_data[] asm ("_start"); \ + _start_as_data[0]; }) ++#endif diff --git a/sysdeps/s390/Makefile b/sysdeps/s390/Makefile deleted file mode 100644 index 42978dc..0000000