snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

glibc: update to 2.26.

This commit is contained in:
Juan RP 2017-08-05 14:00:56 +02:00
parent a76f6c5610
commit cabef7df18
24 changed files with 3 additions and 3878 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
srcpkgs/glibc/patches/0001-Fix-getting-tunable-values-on-big-endian-BZ-21109.patch
View File

@ -1,113 +0,0 @@
From 58520986c38e34db60e07260c64c563e3efcf353 Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Thu, 9 Feb 2017 17:28:54 +0100
Subject: Fix getting tunable values on big-endian (BZ #21109)
The code to set value passed a tunable_val_t, which when cast to
int32_t on big-endian gives the wrong value. Instead, use
tunable_val_t.numval instead, which can then be safely cast into
int32_t.
(cherry picked from commit 8cbc826c37c0221ada65a7a622fe079b4e89a4b0)
diff --git a/ChangeLog b/ChangeLog
index f140ee67de..c88238e0fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-02-08 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ [BZ #21109]
+ * elf/dl-tunable-types.h (tunable_callback_t): Accept
+ tunable_val_t as argument.
+ * elf/dl-tunables.c (__tunable_set_val): Add comment.
+ * malloc/arena.c (set_mallopt_check): Take tunable_val_t as
+ argument.
+ (DL_TUNABLE_CALLBACK_FNDECL): Likewise.
+
2017-02-05 Siddhesh Poyarekar <siddhesh@sourceware.org>
* version.h (RELEASE): Set to "stable"
diff --git a/NEWS b/NEWS
index ec15dde761..325cac78e4 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,12 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
+Version 2.25.1
+
+The following bugs are resolved with this release:
+
+ [21109] Tunables broken on big-endian
+
Version 2.25
* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
diff --git a/elf/dl-tunable-types.h b/elf/dl-tunable-types.h
index a986f0b593..37a4e8021f 100644
--- a/elf/dl-tunable-types.h
+++ b/elf/dl-tunable-types.h
@@ -21,8 +21,6 @@
# define _TUNABLE_TYPES_H_
#include <stddef.h>
-typedef void (*tunable_callback_t) (void *);
-
typedef enum
{
TUNABLE_TYPE_INT_32,
@@ -43,6 +41,8 @@ typedef union
const char *strval;
} tunable_val_t;
+typedef void (*tunable_callback_t) (tunable_val_t *);
+
/* Security level for tunables. This decides what to do with individual
tunables for AT_SECURE binaries. */
typedef enum
diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c
index a8d53d6a31..e42aa67003 100644
--- a/elf/dl-tunables.c
+++ b/elf/dl-tunables.c
@@ -455,6 +455,8 @@ __tunable_set_val (tunable_id_t id, void *valp, tunable_callback_t callback)
if (cur->strval == NULL)
return;
+ /* Caller does not need the value, just call the callback with our tunable
+ value. */
if (valp == NULL)
goto cb;
diff --git a/malloc/arena.c b/malloc/arena.c
index b91d7d6b16..d49e4a21c8 100644
--- a/malloc/arena.c
+++ b/malloc/arena.c
@@ -212,9 +212,9 @@ __malloc_fork_unlock_child (void)
#if HAVE_TUNABLES
static inline int do_set_mallopt_check (int32_t value);
void
-DL_TUNABLE_CALLBACK (set_mallopt_check) (void *valp)
+DL_TUNABLE_CALLBACK (set_mallopt_check) (tunable_val_t *valp)
{
- int32_t value = *(int32_t *) valp;
+ int32_t value = (int32_t) valp->numval;
do_set_mallopt_check (value);
if (check_action != 0)
__malloc_check_init ();
@@ -223,9 +223,9 @@ DL_TUNABLE_CALLBACK (set_mallopt_check) (void *valp)
# define DL_TUNABLE_CALLBACK_FNDECL(__name, __type) \
static inline int do_ ## __name (__type value); \
void \
-DL_TUNABLE_CALLBACK (__name) (void *valp) \
+DL_TUNABLE_CALLBACK (__name) (tunable_val_t *valp) \
{ \
- __type value = *(__type *) valp; \
+ __type value = (__type) (valp)->numval; \
do_ ## __name (value); \
}
--
2.13.1

151
srcpkgs/glibc/patches/0002-sunrpc-Avoid-use-after-free-read-access-in-clntudp_c.patch
View File

@ -1,151 +0,0 @@
From 045e368799cd253ddbf8bdec42ed92e8ebb3ce67 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Tue, 28 Feb 2017 17:05:46 +0100
Subject: sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115]
After commit bc779a1a5b3035133024b21e2f339fe4219fb11c
(CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call
[BZ #20112]), ancillary data is stored on the heap,
but it is accessed after it has been freed.
The test case must be run under a heap debugger such as valgrind
to observe the invalid access. A malloc implementation which
immediately calls munmap on free would catch this bug as well.
(cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491)
diff --git a/ChangeLog b/ChangeLog
index c88238e0fa..3d781a354a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-02-27 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21115]
+ * sunrpc/clnt_udp.c (clntudp_call): Free ancillary data later.
+ * sunrpc/Makefile (tests): Add tst-udp-error.
+ (tst-udp-error): Link against libc.so explicitly.
+ * sunrpc/tst-udp-error: New file.
+
2017-02-08 Siddhesh Poyarekar <siddhesh@sourceware.org>
[BZ #21109]
diff --git a/NEWS b/NEWS
index 325cac78e4..5ecc565371 100644
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,7 @@ Version 2.25.1
The following bugs are resolved with this release:
[21109] Tunables broken on big-endian
+ [21115] sunrpc: Use-after-free in error path in clntudp_call
Version 2.25
diff --git a/sunrpc/Makefile b/sunrpc/Makefile
index 0c1e6124ff..daf8a28f1a 100644
--- a/sunrpc/Makefile
+++ b/sunrpc/Makefile
@@ -93,7 +93,7 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \
extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
others += rpcgen
-tests = tst-xdrmem tst-xdrmem2 test-rpcent
+tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error
xtests := tst-getmyaddr
ifeq ($(have-thread-library),yes)
@@ -155,6 +155,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
$(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
$(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
$(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
+$(objpfx)tst-udp-error: $(common-objpfx)linkobj/libc.so
$(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
index 4d9acb1e6a..1de25cb771 100644
--- a/sunrpc/clnt_udp.c
+++ b/sunrpc/clnt_udp.c
@@ -421,9 +421,9 @@ send_again:
cmsg = CMSG_NXTHDR (&msg, cmsg))
if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
{
- free (cbuf);
e = (struct sock_extended_err *) CMSG_DATA(cmsg);
cu->cu_error.re_errno = e->ee_errno;
+ free (cbuf);
return (cu->cu_error.re_status = RPC_CANTRECV);
}
free (cbuf);
diff --git a/sunrpc/tst-udp-error.c b/sunrpc/tst-udp-error.c
new file mode 100644
index 0000000000..1efc02f5c6
--- /dev/null
+++ b/sunrpc/tst-udp-error.c
@@ -0,0 +1,62 @@
+/* Check for use-after-free in clntudp_call (bug 21115).
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <netinet/in.h>
+#include <rpc/clnt.h>
+#include <rpc/svc.h>
+#include <support/check.h>
+#include <support/namespace.h>
+#include <support/xsocket.h>
+#include <unistd.h>
+
+static int
+do_test (void)
+{
+ support_become_root ();
+ support_enter_network_namespace ();
+
+ /* Obtain a likely-unused port number. */
+ struct sockaddr_in sin =
+ {
+ .sin_family = AF_INET,
+ .sin_addr.s_addr = htonl (INADDR_LOOPBACK),
+ };
+ {
+ int fd = xsocket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
+ xbind (fd, (struct sockaddr *) &sin, sizeof (sin));
+ socklen_t sinlen = sizeof (sin);
+ xgetsockname (fd, (struct sockaddr *) &sin, &sinlen);
+ /* Close the socket, so that we will receive an error below. */
+ close (fd);
+ }
+
+ int sock = RPC_ANYSOCK;
+ CLIENT *clnt = clntudp_create
+ (&sin, 1, 2, (struct timeval) { 1, 0 }, &sock);
+ TEST_VERIFY_EXIT (clnt != NULL);
+ TEST_VERIFY (clnt_call (clnt, 3,
+ (xdrproc_t) xdr_void, NULL,
+ (xdrproc_t) xdr_void, NULL,
+ ((struct timeval) { 3, 0 }))
+ == RPC_CANTRECV);
+ clnt_destroy (clnt);
+
+ return 0;
+}
+
+#include <support/test-driver.c>
--
2.13.1

1591
srcpkgs/glibc/patches/0003-sunrpc-Improvements-for-UDP-client-timeout-handling-.patch
View File

File diff suppressed because it is too large Load Diff

188
srcpkgs/glibc/patches/0004-Document-and-fix-enable-bind-now-BZ-21015.patch
View File

@ -1,188 +0,0 @@
From 69e0a87cc4c570e3b7218392fc3e743b5bddcce2 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Thu, 2 Mar 2017 20:11:27 +0100
Subject: Document and fix --enable-bind-now [BZ #21015]
(cherry picked from commit 2d6ab5df3b675e96ee587ae6a8c2ce004c6b1ba9)
diff --git a/ChangeLog b/ChangeLog
index 510ca42c2b..8aaf9f825d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,20 @@
+2017-03-02 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21015]
+ * manual/install.texi (Configuring and compiling): Document
+ --enable-bind-now.
+ * Makeconfig [bind-now] (LDFLAGS-lib.so): Set.
+ (build-shlib-helper): Use $(LDFLAGS-lib.so).
+ (format.lds): Likewise.
+ [bind-now] (LDFLAGS-c.so): Remove.
+ * sysdeps/x86_64/localplt.data (libm.so): matherr relocation can
+ be R_X86_64_GLOB_DAT.
+ * sysdeps/unix/sysv/linux/i386/localplt.data (libm.so): matherr
+ relocation can be R_386_GLOB_DAT.
+ * sysdeps/unix/sysv/linux/alpha/localplt.data (libm.so): matherr
+ relocaiton can be R_ALPHA_GLOB_DAT.
+ * iconvdata/Makefile [bind-now] (LDFLAGS.so): Add -Wl,-z,now.
+
2017-02-28 Florian Weimer <fweimer@redhat.com>
[BZ #20257]
diff --git a/INSTALL b/INSTALL
index 3b3fd121b2..e77cb2d4e2 100644
--- a/INSTALL
+++ b/INSTALL
@@ -146,6 +146,12 @@ will be used, and CFLAGS sets optimization options for the compiler.
of routines called directly from assembler are excluded from this
protection.
+'--enable-bind-now'
+ Disable lazy binding for installed shared objects. This provides
+ additional security hardening because it enables full RELRO and a
+ read-only global offset table (GOT), at the cost of slightly
+ increased program load times.
+
'--enable-pt_chown'
The file 'pt_chown' is a helper binary for 'grantpt' (*note
Pseudo-Terminals: Allocation.) that is installed setuid root to fix
diff --git a/Makeconfig b/Makeconfig
index 97a15b569e..1c815113b9 100644
--- a/Makeconfig
+++ b/Makeconfig
@@ -386,6 +386,13 @@ LDFLAGS.so += $(hashstyle-LDFLAGS)
LDFLAGS-rtld += $(hashstyle-LDFLAGS)
endif
+# If lazy relocations are disabled, add the -z now flag. Use
+# LDFLAGS-lib.so instead of LDFLAGS.so, to avoid adding the flag to
+# test modules.
+ifeq ($(bind-now),yes)
+LDFLAGS-lib.so += -Wl,-z,now
+endif
+
# Command to run after every final link (executable or shared object).
# This is invoked with $(call after-link,...), so it should operate on
# the file $1. This can be set to do some sort of post-processing on
diff --git a/Makerules b/Makerules
index e9194e54cf..7f0eef8096 100644
--- a/Makerules
+++ b/Makerules
@@ -588,7 +588,7 @@ $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \
$(extra-B-$(@F:lib%.so=%).so) -B$(csu-objpfx) \
$(extra-B-$(@F:lib%.so=%).so) $(load-map-file) \
-Wl,-soname=lib$(libprefix)$(@F:lib%.so=%).so$($(@F)-version) \
- $(LDFLAGS.so) $(LDFLAGS-$(@F:lib%.so=%).so) \
+ $(LDFLAGS.so) $(LDFLAGS-lib.so) $(LDFLAGS-$(@F:lib%.so=%).so) \
-L$(subst :, -L,$(rpath-link)) -Wl,-rpath-link=$(rpath-link)
endef
@@ -686,10 +686,6 @@ LDFLAGS-c.so = -nostdlib -nostartfiles
LDLIBS-c.so += $(libc.so-gnulib)
# Give libc.so an entry point and make it directly runnable itself.
LDFLAGS-c.so += -e __libc_main
-# If lazy relocation is disabled add the -z now flag.
-ifeq ($(bind-now),yes)
-LDFLAGS-c.so += -Wl,-z,now
-endif
# Pre-link the objects of libc_pic.a so that we can locally resolve
# COMMON symbols before we link against ld.so. This is because ld.so
# contains some of libc_pic.a already, which will prevent the COMMONs
@@ -1104,7 +1100,8 @@ $(common-objpfx)format.lds: $(..)scripts/output-format.sed \
ifneq (unknown,$(output-format))
echo > $@.new 'OUTPUT_FORMAT($(output-format))'
else
- $(LINK.o) -shared $(sysdep-LDFLAGS) $(rtld-LDFLAGS) $(LDFLAGS.so) \
+ $(LINK.o) -shared $(sysdep-LDFLAGS) $(rtld-LDFLAGS) \
+ $(LDFLAGS.so) $(LDFLAGS-lib.so) \
-x c /dev/null -o $@.so -Wl,--verbose -v 2>&1 \
| sed -n -f $< > $@.new
test -s $@.new
diff --git a/NEWS b/NEWS
index e7d6668664..9bf8c10926 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,7 @@ The following bugs are resolved with this release:
[21109] Tunables broken on big-endian
[21115] sunrpc: Use-after-free in error path in clntudp_call
[20257] sunrpc: clntudp_call does not enforce timeout when receiving data
+ [21015] Document and fix --enable-bind-now
Version 2.25
diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index 04157b25c5..e4845871f5 100644
--- a/iconvdata/Makefile
+++ b/iconvdata/Makefile
@@ -63,6 +63,11 @@ modules := ISO8859-1 ISO8859-2 ISO8859-3 ISO8859-4 ISO8859-5 \
MAC-CENTRALEUROPE KOI8-RU ISO8859-9E \
CP770 CP771 CP772 CP773 CP774
+# If lazy binding is disabled, use BIND_NOW for the gconv modules.
+ifeq ($(bind-now),yes)
+LDFLAGS.so += -Wl,-z,now
+endif
+
modules.so := $(addsuffix .so, $(modules))
ifeq (yes,$(build-shared))
diff --git a/manual/install.texi b/manual/install.texi
index 266add8ba9..3398cfab02 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -175,6 +175,12 @@ options to detect stack overruns. Only the dynamic linker and a small
number of routines called directly from assembler are excluded from this
protection.
+@item --enable-bind-now
+Disable lazy binding for installed shared objects. This provides
+additional security hardening because it enables full RELRO and a
+read-only global offset table (GOT), at the cost of slightly increased
+program load times.
+
@pindex pt_chown
@findex grantpt
@item --enable-pt_chown
diff --git a/sysdeps/unix/sysv/linux/alpha/localplt.data b/sysdeps/unix/sysv/linux/alpha/localplt.data
index cca17f1e34..1f0e3b494e 100644
--- a/sysdeps/unix/sysv/linux/alpha/localplt.data
+++ b/sysdeps/unix/sysv/linux/alpha/localplt.data
@@ -20,7 +20,7 @@ libc.so: free + RELA R_ALPHA_GLOB_DAT
libc.so: malloc + RELA R_ALPHA_GLOB_DAT
libc.so: memalign + RELA R_ALPHA_GLOB_DAT
libc.so: realloc + RELA R_ALPHA_GLOB_DAT
-libm.so: matherr
+libm.so: matherr + RELA R_ALPHA_GLOB_DAT
# We used to offer inline functions that used this, so it must be exported.
# Ought to reorg things such that carg isn't thus forced to use a plt.
libm.so: __atan2
diff --git a/sysdeps/unix/sysv/linux/i386/localplt.data b/sysdeps/unix/sysv/linux/i386/localplt.data
index 2c2584956d..8ea4333846 100644
--- a/sysdeps/unix/sysv/linux/i386/localplt.data
+++ b/sysdeps/unix/sysv/linux/i386/localplt.data
@@ -6,7 +6,7 @@ libc.so: free + REL R_386_GLOB_DAT
libc.so: malloc + REL R_386_GLOB_DAT
libc.so: memalign + REL R_386_GLOB_DAT
libc.so: realloc + REL R_386_GLOB_DAT
-libm.so: matherr
+libm.so: matherr + REL R_386_GLOB_DAT
# The main malloc is interposed into the dynamic linker, for
# allocations after the initial link (when dlopen is used).
ld.so: malloc + REL R_386_GLOB_DAT
diff --git a/sysdeps/x86_64/localplt.data b/sysdeps/x86_64/localplt.data
index 014a9f4554..a1840cff31 100644
--- a/sysdeps/x86_64/localplt.data
+++ b/sysdeps/x86_64/localplt.data
@@ -8,7 +8,7 @@ libc.so: free + RELA R_X86_64_GLOB_DAT
libc.so: malloc + RELA R_X86_64_GLOB_DAT
libc.so: memalign + RELA R_X86_64_GLOB_DAT
libc.so: realloc + RELA R_X86_64_GLOB_DAT
-libm.so: matherr
+libm.so: matherr + RELA R_X86_64_GLOB_DAT
# The main malloc is interposed into the dynamic linker, for
# allocations after the initial link (when dlopen is used).
ld.so: malloc + RELA R_X86_64_GLOB_DAT
--
2.13.1

62
srcpkgs/glibc/patches/0005-hppa-Fix-setting-of-__libc_stack_end.patch
View File

@ -1,62 +0,0 @@
From 8b3caa41b9cb82651e72a0c87aa56719c134000e Mon Sep 17 00:00:00 2001
From: John David Anglin <dave.anglin@bell.net>
Date: Mon, 20 Feb 2017 20:31:57 -0500
Subject: hppa: Fix setting of __libc_stack_end
The binutils package was recently changed to fix -z relro support on hppa.
See ld/21000 for details:
https://sourceware.org/bugzilla/show_bug.cgi?id=21000
This exposed a problem with the _dl_start_user function in the RTLD_START
define. We need to set __libc_stack_end before it is made read only. For
this, we need to define DL_STACK_END. The offset of 0x160 gives the same
stack end as the code in _dl_start_user.
A build log with the attached patch is here:
https://buildd.debian.org/status/fetch.php?pkg=glibc&arch=hppa&ver=2.24-9&stamp=1487639205&raw=0
(cherry picked from commit 5d20a49aaccef5ef7adac93d5ca159f6b7ba0105)
diff --git a/ChangeLog b/ChangeLog
index 8aaf9f825d..d8ed2e4d90 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-15 John David Anglin <danglin@gcc.gnu.org>
+
+ * sysdeps/hppa/dl-machine.h (DL_STACK_END): Define.
+ (RTLD_START): Don't record stack end address in _dl_start_user.
+
2017-03-02 Florian Weimer <fweimer@redhat.com>
[BZ #21015]
diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h
index 339c7bb771..787b95f502 100644
--- a/sysdeps/hppa/dl-machine.h
+++ b/sysdeps/hppa/dl-machine.h
@@ -302,6 +302,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
#define ARCH_LA_PLTENTER hppa_gnu_pltenter
#define ARCH_LA_PLTEXIT hppa_gnu_pltexit
+/* Adjust DL_STACK_END to get value we want in __libc_stack_end. */
+#define DL_STACK_END(cookie) \
+ ((void *) (((long) (cookie)) + 0x160))
+
/* Initial entry point code for the dynamic linker.
The C function `_dl_start' is the real entry point;
its return value is the user program's entry point. */
@@ -401,11 +405,6 @@ asm ( \
/* Save the entry point in %r3. */ \
" copy %ret0,%r3\n" \
\
- /* Remember the lowest stack address. */ \
-" addil LT'__libc_stack_end,%r19\n" \
-" ldw RT'__libc_stack_end(%r1),%r20\n" \
-" stw %sp,0(%r20)\n" \
- \
/* See if we were called as a command with the executable file \
name as an extra leading argument. */ \
" addil LT'_dl_skip_args,%r19\n" \
--
2.13.1

47
srcpkgs/glibc/patches/0006-x86_64-fix-static-build-of-__mempcpy_chk-for-compile.patch
View File

@ -1,47 +0,0 @@
From 0889003c67f9c2f520a37281c4b5c3b8a9861f46 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Sun, 12 Mar 2017 15:12:21 -0700
Subject: x86_64: fix static build of __mempcpy_chk for compilers defaulting to
PIC/PIE
When glibc is compiled with gcc 6.2 that has been configured with
to default to PIC/PIE, the static version of __mempcpy_chk is not built,
as the test is done on PIC instead of SHARED. Fix the test to check for
SHARED, like it is done for similar functions like __memcpy_chk.
2017-03-12 Mike Frysinger <vapier@gentoo.org>
* sysdeps/x86_64/mempcpy_chk.S (__mempcpy_chk): Check for SHARED
instead of PIC.
(cherry picked from commit fbe355fbd1973d6e29561084b3eaeb4bfe9d515a)
diff --git a/ChangeLog b/ChangeLog
index d8ed2e4d90..c29a70aa72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-15 Mike Frysinger <vapier@gentoo.org>
+
+ * sysdeps/x86_64/mempcpy_chk.S (__mempcpy_chk): Check for SHARED
+ instead of PIC.
+
2017-03-15 John David Anglin <danglin@gcc.gnu.org>
* sysdeps/hppa/dl-machine.h (DL_STACK_END): Define.
diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S
index f8a9260e6e..f912291576 100644
--- a/sysdeps/x86_64/mempcpy_chk.S
+++ b/sysdeps/x86_64/mempcpy_chk.S
@@ -19,7 +19,7 @@
#include <sysdep.h>
#include "asm-syntax.h"
-#ifndef PIC
+#ifndef SHARED
/* For libc.so this is defined in memcpy.S.
For libc.a, this is a separate source to avoid
mempcpy bringing in __chk_fail and all routines
--
2.13.1

60
srcpkgs/glibc/patches/0007-posix_spawn-fix-stack-setup-on-ia64-BZ-21275.patch
View File

@ -1,60 +0,0 @@
From 27ab0d9518746dfb59ed2ba59daefc981dc10e38 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Mon, 20 Mar 2017 04:47:56 -0400
Subject: posix_spawn: fix stack setup on ia64 [BZ #21275]
The ia64-specific clone2 call expects the base of the stack mapping and
the stack size as sep arguments, not an initial stack value as on other
stack-grows-down architectures. Reuse the stack-grows-up macro so we
pass in the right stack base.
Reported-by: Matt Turner <mattst88@gentoo.org>
(cherry picked from commit ddc3fb333469c2997798742dc0509dc1e3201d91)
diff --git a/ChangeLog b/ChangeLog
index c29a70aa72..ef5388c2c3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-03-20 Mike Frysinger <vapier@gentoo.org>
+
+ [BZ #21275]
+ * sysdeps/unix/sysv/linux/spawni.c [__ia64__] (CLONE): Rename
+ __stack to __stackbase.
+ (STACK): Invert _STACK_GROWS_DOWN and _STACK_GROWS_UP order of
+ checks so we can include defined(__ia64__) first.
+
2017-03-15 Mike Frysinger <vapier@gentoo.org>
* sysdeps/x86_64/mempcpy_chk.S (__mempcpy_chk): Check for SHARED
diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
index 2daf0c5ef0..c96aac889d 100644
--- a/sysdeps/unix/sysv/linux/spawni.c
+++ b/sysdeps/unix/sysv/linux/spawni.c
@@ -61,17 +61,18 @@
#define SPAWN_ERROR 127
#ifdef __ia64__
-# define CLONE(__fn, __stack, __stacksize, __flags, __args) \
- __clone2 (__fn, __stack, __stacksize, __flags, __args, 0, 0, 0)
+# define CLONE(__fn, __stackbase, __stacksize, __flags, __args) \
+ __clone2 (__fn, __stackbase, __stacksize, __flags, __args, 0, 0, 0)
#else
# define CLONE(__fn, __stack, __stacksize, __flags, __args) \
__clone (__fn, __stack, __flags, __args)
#endif
-#if _STACK_GROWS_DOWN
-# define STACK(__stack, __stack_size) (__stack + __stack_size)
-#elif _STACK_GROWS_UP
+/* Since ia64 wants the stackbase w/clone2, re-use the grows-up macro. */
+#if _STACK_GROWS_UP || defined (__ia64__)
# define STACK(__stack, __stack_size) (__stack)
+#elif _STACK_GROWS_DOWN
+# define STACK(__stack, __stack_size) (__stack + __stack_size)
#endif
--
2.13.1

57
srcpkgs/glibc/patches/0008-fts-Fix-symbol-redirect-for-fts_set-BZ-21289.patch
View File

@ -1,57 +0,0 @@
From f035c8d055f25eaf6c93772f308afac10ce31ef2 Mon Sep 17 00:00:00 2001
From: Slava Barinov <v.barinov@samsung.com>
Date: Fri, 31 Mar 2017 08:49:25 +0200
Subject: fts: Fix symbol redirect for fts_set [BZ #21289]
In a 32-bit environment with _FILE_OFFSET_BITS=64, the __REDIRECT macro
combined with __THROW generates an invalid C++ declaration.
(cherry picked from commit ce39613205dc47ceaeea76710d49e7a483b503ab)
diff --git a/ChangeLog b/ChangeLog
index ef5388c2c3..85d6fc6192 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-03-31 Slava Barinov <v.barinov@samsung.com>
+
+ [BZ #21289]
+ * io/fts.h (fts_set): Replace __REDIRECT with __REDIRECT_NTH.
+
2017-03-20 Mike Frysinger <vapier@gentoo.org>
[BZ #21275]
diff --git a/NEWS b/NEWS
index 9bf8c10926..fee1cf8ca8 100644
--- a/NEWS
+++ b/NEWS
@@ -9,10 +9,11 @@ Version 2.25.1
The following bugs are resolved with this release:
- [21109] Tunables broken on big-endian
- [21115] sunrpc: Use-after-free in error path in clntudp_call
[20257] sunrpc: clntudp_call does not enforce timeout when receiving data
[21015] Document and fix --enable-bind-now
+ [21109] Tunables broken on big-endian
+ [21115] sunrpc: Use-after-free in error path in clntudp_call
+ [21289] Fix symbol redirect for fts_set
Version 2.25
diff --git a/io/fts.h b/io/fts.h
index b9cff534e9..ab15567001 100644
--- a/io/fts.h
+++ b/io/fts.h
@@ -193,7 +193,7 @@ FTS *__REDIRECT (fts_open, (char * const *, int,
int (*)(const FTSENT **, const FTSENT **)),
fts64_open);
FTSENT *__REDIRECT (fts_read, (FTS *), fts64_read);
-int __REDIRECT (fts_set, (FTS *, FTSENT *, int), fts64_set) __THROW;
+int __REDIRECT_NTH (fts_set, (FTS *, FTSENT *, int), fts64_set);
# else
# define fts_children fts64_children
# define fts_close fts64_close
--
2.13.1

46
srcpkgs/glibc/patches/0009-Call-the-right-helper-function-when-setting-mallopt-.patch
View File

@ -1,46 +0,0 @@
From 74522eeeaa4a39809a28f44171e71d36a69edb58 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Sat, 1 Apr 2017 12:39:09 +0530
Subject: Call the right helper function when setting mallopt M_ARENA_MAX (BZ
#21338)
Fixes a typo introduced in commit
be7991c0705e35b4d70a419d117addcd6c627319. This caused
mallopt(M_ARENA_MAX) as well as the environment variable
MALLOC_ARENA_MAX to not work as intended because it set the
wrong internal parameter.
[BZ #21338]
* malloc/malloc.c: Call do_set_arena_max for M_ARENA_MAX
instead of incorrect do_set_arena_test
diff --git a/ChangeLog b/ChangeLog
index 85d6fc6192..321bf53191 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-03 Wladimir van der Laan <laanwj@gmail.com>
+
+ [BZ# 21338]
+ * malloc/malloc.c: Call do_set_arena_max for M_ARENA_MAX
+ instead of incorrect do_set_arena_test
+
2017-03-31 Slava Barinov <v.barinov@samsung.com>
[BZ #21289]
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 4885793905..4e076638b0 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4902,7 +4902,7 @@ __libc_mallopt (int param_number, int value)
case M_ARENA_MAX:
if (value > 0)
- do_set_arena_test (value);
+ do_set_arena_max (value);
break;
}
__libc_lock_unlock (av->mutex);
--
2.13.1

65
srcpkgs/glibc/patches/0010-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch
View File

@ -1,65 +0,0 @@
From df29db0bec24211cfc917db52024bf8deecac2c9 Mon Sep 17 00:00:00 2001
From: Mike Frysinger <vapier@gentoo.org>
Date: Wed, 15 Mar 2017 23:59:31 -0700
Subject: posix_spawn: use a larger min stack for -fstack-check [BZ #21253]
When glibc is built with -fstack-check, trying to use posix_spawn can
lead to segfaults due to gcc internally probing stack memory too far.
The new spawn API will allocate a minimum of 1 page, but the stack
checking logic might probe a couple of pages. When it tries to walk
them, everything falls apart.
The gcc internal docs [1] state the default interval checking is one
page. Which means we need two pages (the current one, and the next
probed). No target currently defines it larger.
Further, it mentions that the default minimum stack size needed to
recover from an overflow is 4/8KiB for sjlj or 8/12KiB for others.
But some Linux targets (like mips and ppc) go up to 16KiB (and some
non-Linux targets go up to 24KiB).
Let's create each child with a minimum of 32KiB slack space to support
them all, and give us future breathing room.
No test is added as existing ones crash. Even a simple call is
enough to trigger the problem:
char *argv[] = { "/bin/ls", NULL };
posix_spawn(NULL, "/bin/ls", NULL, NULL, argv, NULL);
[1] https://gcc.gnu.org/onlinedocs/gcc-6.3.0/gccint/Stack-Checking.html
(cherry picked from commit 21f042c804835d1f7a4a8e06f2c93ca35a182042)
diff --git a/ChangeLog b/ChangeLog
index 321bf53191..b37a054bae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2017-04-03 Mike Frysinger <vapier@gentoo.org>
+
+ [BZ #21253]
+ * sysdeps/unix/sysv/linux/spawni.c (__spawnix): Increase argv_size
+ slack space by 32KiB.
+
2017-04-03 Wladimir van der Laan <laanwj@gmail.com>
[BZ# 21338]
diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c
index c96aac889d..29d8f25ab5 100644
--- a/sysdeps/unix/sysv/linux/spawni.c
+++ b/sysdeps/unix/sysv/linux/spawni.c
@@ -319,6 +319,11 @@ __spawnix (pid_t * pid, const char *file,
/* Add a slack area for child's stack. */
size_t argv_size = (argc * sizeof (void *)) + 512;
+ /* We need at least a few pages in case the compiler's stack checking is
+ enabled. In some configs, it is known to use at least 24KiB. We use
+ 32KiB to be "safe" from anything the compiler might do. Besides, the
+ extra pages won't actually be allocated unless they get used. */
+ argv_size += (32 * 1024);
size_t stack_size = ALIGN_UP (argv_size, GLRO(dl_pagesize));
void *stack = __mmap (NULL, stack_size, prot,
MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
--
2.13.1

109
srcpkgs/glibc/patches/0011-x86-64-Improve-branch-predication-in-_dl_runtime_res.patch
View File

@ -1,109 +0,0 @@
From 903b77defb6f2ee2552c06472339f33091e3c7b4 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 21 Mar 2017 10:59:31 -0700
Subject: x86-64: Improve branch predication in _dl_runtime_resolve_avx512_opt
[BZ #21258]
On Skylake server, _dl_runtime_resolve_avx512_opt is used to preserve
the first 8 vector registers. The code layout is
if only %xmm0 - %xmm7 registers are used
preserve %xmm0 - %xmm7 registers
if only %ymm0 - %ymm7 registers are used
preserve %ymm0 - %ymm7 registers
preserve %zmm0 - %zmm7 registers
Branch predication always executes the fallthrough code path to preserve
%zmm0 - %zmm7 registers speculatively, even though only %xmm0 - %xmm7
registers are used. This leads to lower CPU frequency on Skylake
server. This patch changes the fallthrough code path to preserve
%xmm0 - %xmm7 registers instead:
if whole %zmm0 - %zmm7 registers are used
preserve %zmm0 - %zmm7 registers
if only %ymm0 - %ymm7 registers are used
preserve %ymm0 - %ymm7 registers
preserve %xmm0 - %xmm7 registers
Tested on Skylake server.
[BZ #21258]
* sysdeps/x86_64/dl-trampoline.S (_dl_runtime_resolve_opt):
Define only if _dl_runtime_resolve is defined to
_dl_runtime_resolve_sse_vex.
* sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve_opt):
Fallthrough to _dl_runtime_resolve_sse_vex.
(cherry picked from commit c15f8eb50cea7ad1a4ccece6e0982bf426d52c00)
diff --git a/ChangeLog b/ChangeLog
index b37a054bae..8479fba8c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-04-07 H.J. Lu <hongjiu.lu@intel.com>
+
+ [BZ #21258]
+ * sysdeps/x86_64/dl-trampoline.S (_dl_runtime_resolve_opt):
+ Define only if _dl_runtime_resolve is defined to
+ _dl_runtime_resolve_sse_vex.
+ * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve_opt):
+ Fallthrough to _dl_runtime_resolve_sse_vex.
+
2017-04-03 Mike Frysinger <vapier@gentoo.org>
[BZ #21253]
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
index 33d7fcf7d0..c14c61aa58 100644
--- a/sysdeps/x86_64/dl-trampoline.S
+++ b/sysdeps/x86_64/dl-trampoline.S
@@ -87,11 +87,9 @@
#endif
#define VEC(i) zmm##i
#define _dl_runtime_resolve _dl_runtime_resolve_avx512
-#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
#define _dl_runtime_profile _dl_runtime_profile_avx512
#include "dl-trampoline.h"
#undef _dl_runtime_resolve
-#undef _dl_runtime_resolve_opt
#undef _dl_runtime_profile
#undef VEC
#undef VMOV
@@ -145,4 +143,5 @@
# define VMOV vmovdqu
#endif
#define _dl_runtime_resolve _dl_runtime_resolve_sse_vex
+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
#include "dl-trampoline.h"
diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h
index b27fa06974..8db24c16ac 100644
--- a/sysdeps/x86_64/dl-trampoline.h
+++ b/sysdeps/x86_64/dl-trampoline.h
@@ -129,19 +129,20 @@ _dl_runtime_resolve_opt:
# YMM state isn't in use.
PRESERVE_BND_REGS_PREFIX
jz _dl_runtime_resolve_sse_vex
-# elif VEC_SIZE == 64
+# elif VEC_SIZE == 16
# For ZMM registers, check if YMM state and ZMM state are in
# use.
andl $(bit_YMM_state | bit_ZMM0_15_state), %r11d
cmpl $bit_YMM_state, %r11d
- # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if
- # neither YMM state nor ZMM state are in use.
+ # Preserve %zmm0 - %zmm7 registers if ZMM state is in use.
PRESERVE_BND_REGS_PREFIX
- jl _dl_runtime_resolve_sse_vex
+ jg _dl_runtime_resolve_avx512
# Preserve %ymm0 - %ymm7 registers with the zero upper 256 bits if
# ZMM state isn't in use.
PRESERVE_BND_REGS_PREFIX
je _dl_runtime_resolve_avx
+ # Preserve %xmm0 - %xmm7 registers with the zero upper 384 bits if
+ # neither YMM state nor ZMM state are in use.
# else
# error Unsupported VEC_SIZE!
# endif
--
2.13.1

54
srcpkgs/glibc/patches/0012-posix-Add-cleanup-on-the-trap-list-for-globtest.sh.patch
View File

@ -1,54 +0,0 @@
From b30b1c97ccfe72e82b0c95bb55274b5660bc539e Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue, 11 Apr 2017 15:08:02 -0300
Subject: posix: Add cleanup on the trap list for globtest.sh
This patch prevents lingering files for SIGSEGV failures by adding
a cleanup handler on trap handler. Checked on x86_64-linux-gnu.
* posix/globtest.sh: Add cleanup routine on trap 0.
Cherry-pick of 4fee33f.
diff --git a/ChangeLog b/ChangeLog
index 8479fba8c4..4962000b47 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-04-11 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ * posix/globtest.sh: Add cleanup routine on trap 0.
+
2017-04-07 H.J. Lu <hongjiu.lu@intel.com>
[BZ #21258]
diff --git a/posix/globtest.sh b/posix/globtest.sh
index f9cc80b4b5..73f7ae31cc 100755
--- a/posix/globtest.sh
+++ b/posix/globtest.sh
@@ -47,7 +47,12 @@ testout=${common_objpfx}posix/globtest-out
rm -rf $testdir $testout
mkdir $testdir
-trap 'chmod 777 $testdir/noread; rm -fr $testdir $testout' 1 2 3 15
+cleanup() {
+ chmod 777 $testdir/noread
+ rm -fr $testdir $testout
+}
+
+trap cleanup 0 HUP INT QUIT TERM
echo 1 > $testdir/file1
echo 2 > $testdir/file2
@@ -811,8 +816,6 @@ if test $failed -ne 0; then
fi
if test $result -eq 0; then
- chmod 777 $testdir/noread
- rm -fr $testdir $testout
echo "All OK." > $logfile
fi
--
2.13.1

130
srcpkgs/glibc/patches/0013-x86-Set-Prefer_No_VZEROUPPER-if-AVX512ER-is-availabl.patch
View File

@ -1,130 +0,0 @@
From 4c6f97798fe1854a32b1199c42370eac1620eebf Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 28 Apr 2017 10:03:09 -0700
Subject: x86: Set Prefer_No_VZEROUPPER if AVX512ER is available
AVX512ER won't be implemented in any Xeon processors and will be in
all Xeon Phi processors. Don't check CPU model number when setting
Prefer_No_VZEROUPPER for Xeon Phi. Instead, set Prefer_No_VZEROUPPER
if AVX512ER is available. It works with current and future Xeon Phi
and non-Xeon Phi processors.
* sysdeps/x86/cpu-features.c (init_cpu_features): Set
Prefer_No_VZEROUPPER if AVX512ER is available.
* sysdeps/x86/cpu-features.h
(bit_cpu_AVX512PF): New.
(bit_cpu_AVX512ER): Likewise.
(bit_cpu_AVX512CD): Likewise.
(bit_cpu_AVX512BW): Likewise.
(bit_cpu_AVX512VL): Likewise.
(index_cpu_AVX512PF): Likewise.
(index_cpu_AVX512ER): Likewise.
(index_cpu_AVX512CD): Likewise.
(index_cpu_AVX512BW): Likewise.
(index_cpu_AVX512VL): Likewise.
(reg_AVX512PF): Likewise.
(reg_AVX512ER): Likewise.
(reg_AVX512CD): Likewise.
(reg_AVX512BW): Likewise.
(reg_AVX512VL): Likewise.
(cherry picked from commit 1c53cb49de6d82d9469ccbd5aa0c55924502bd8b)
diff --git a/ChangeLog b/ChangeLog
index 4962000b47..dc49c78b8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
+2017-04-28 H.J. Lu <hongjiu.lu@intel.com>
+
+ * sysdeps/x86/cpu-features.c (init_cpu_features): Set
+ Prefer_No_VZEROUPPER if AVX512ER is available.
+ * sysdeps/x86/cpu-features.h
+ (bit_cpu_AVX512PF): New.
+ (bit_cpu_AVX512ER): Likewise.
+ (bit_cpu_AVX512CD): Likewise.
+ (bit_cpu_AVX512BW): Likewise.
+ (bit_cpu_AVX512VL): Likewise.
+ (index_cpu_AVX512PF): Likewise.
+ (index_cpu_AVX512ER): Likewise.
+ (index_cpu_AVX512CD): Likewise.
+ (index_cpu_AVX512BW): Likewise.
+ (index_cpu_AVX512VL): Likewise.
+ (reg_AVX512PF): Likewise.
+ (reg_AVX512ER): Likewise.
+ (reg_AVX512CD): Likewise.
+ (reg_AVX512BW): Likewise.
+ (reg_AVX512VL): Likewise.
+
2017-04-11 Adhemerval Zanella <adhemerval.zanella@linaro.org>
* posix/globtest.sh: Add cleanup routine on trap 0.
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 1c714a4017..41d0be2815 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -139,8 +139,6 @@ init_cpu_features (struct cpu_features *cpu_features)
case 0x57:
/* Knights Landing. Enable Silvermont optimizations. */
- cpu_features->feature[index_arch_Prefer_No_VZEROUPPER]
- |= bit_arch_Prefer_No_VZEROUPPER;
case 0x5c:
case 0x5f:
@@ -226,6 +224,12 @@ init_cpu_features (struct cpu_features *cpu_features)
cpu_features->feature[index_arch_AVX_Fast_Unaligned_Load]
|= bit_arch_AVX_Fast_Unaligned_Load;
+ /* Since AVX512ER is unique to Xeon Phi, set Prefer_No_VZEROUPPER
+ if AVX512ER is available. */
+ if (CPU_FEATURES_CPU_P (cpu_features, AVX512ER))
+ cpu_features->feature[index_arch_Prefer_No_VZEROUPPER]
+ |= bit_arch_Prefer_No_VZEROUPPER;
+
/* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 95f0fcff87..2ee8a0a350 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -62,6 +62,11 @@
#define bit_cpu_AVX2 (1 << 5)
#define bit_cpu_AVX512F (1 << 16)
#define bit_cpu_AVX512DQ (1 << 17)
+#define bit_cpu_AVX512PF (1 << 26)
+#define bit_cpu_AVX512ER (1 << 27)
+#define bit_cpu_AVX512CD (1 << 28)
+#define bit_cpu_AVX512BW (1 << 30)
+#define bit_cpu_AVX512VL (1u << 31)
/* XCR0 Feature flags. */
#define bit_XMM_state (1 << 1)
@@ -236,6 +241,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_cpu_AVX2 COMMON_CPUID_INDEX_7
# define index_cpu_AVX512F COMMON_CPUID_INDEX_7
# define index_cpu_AVX512DQ COMMON_CPUID_INDEX_7
+# define index_cpu_AVX512PF COMMON_CPUID_INDEX_7
+# define index_cpu_AVX512ER COMMON_CPUID_INDEX_7
+# define index_cpu_AVX512CD COMMON_CPUID_INDEX_7
+# define index_cpu_AVX512BW COMMON_CPUID_INDEX_7
+# define index_cpu_AVX512VL COMMON_CPUID_INDEX_7
# define index_cpu_ERMS COMMON_CPUID_INDEX_7
# define index_cpu_RTM COMMON_CPUID_INDEX_7
# define index_cpu_FMA COMMON_CPUID_INDEX_1
@@ -254,6 +264,11 @@ extern const struct cpu_features *__get_cpu_features (void)
# define reg_AVX2 ebx
# define reg_AVX512F ebx
# define reg_AVX512DQ ebx
+# define reg_AVX512PF ebx
+# define reg_AVX512ER ebx
+# define reg_AVX512CD ebx
+# define reg_AVX512BW ebx
+# define reg_AVX512VL ebx
# define reg_ERMS ebx
# define reg_RTM ebx
# define reg_FMA ecx
--
2.13.1

221
srcpkgs/glibc/patches/0014-x86-Use-AVX2-memcpy-memset-on-Skylake-server-BZ-2139.patch
View File

@ -1,221 +0,0 @@
From 06d79808f6faf6025c5a7d4e27d949a8216275cc Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 28 Apr 2017 10:04:15 -0700
Subject: x86: Use AVX2 memcpy/memset on Skylake server [BZ #21396]
On Skylake server, AVX512 load/store instructions in memcpy/memset may
lead to lower CPU turbo frequency in certain situations. Use of AVX2
in memcpy/memset has been observed to have improved overall performance
in many workloads due to the higher frequency.
Since AVX512ER is unique to Xeon Phi, this patch sets Prefer_No_AVX512
if AVX512ER isn't available so that AVX2 versions of memcpy/memset are
used on Skylake server.
[BZ #21396]
* sysdeps/x86/cpu-features.c (init_cpu_features): Set
Prefer_No_AVX512 if AVX512ER isn't available.
* sysdeps/x86/cpu-features.h (bit_arch_Prefer_No_AVX512): New.
(index_arch_Prefer_No_AVX512): Likewise.
* sysdeps/x86_64/multiarch/memcpy.S (__new_memcpy): Don't use
AVX512 version if Prefer_No_AVX512 is set.
* sysdeps/x86_64/multiarch/memcpy_chk.S (__memcpy_chk):
Likewise.
* sysdeps/x86_64/multiarch/memmove.S (__libc_memmove): Likewise.
* sysdeps/x86_64/multiarch/memmove_chk.S (__memmove_chk):
Likewise.
* sysdeps/x86_64/multiarch/mempcpy.S (__mempcpy): Likewise.
* sysdeps/x86_64/multiarch/mempcpy_chk.S (__mempcpy_chk):
Likewise.
* sysdeps/x86_64/multiarch/memset.S (memset): Likewise.
* sysdeps/x86_64/multiarch/memset_chk.S (__memset_chk):
Likewise.
(cherry picked from commit 4cb334c4d6249686653137ec273d081371b3672d)
diff --git a/ChangeLog b/ChangeLog
index dc49c78b8c..adebc03b78 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,26 @@
2017-04-28 H.J. Lu <hongjiu.lu@intel.com>
+ [BZ #21396]
+ * sysdeps/x86/cpu-features.c (init_cpu_features): Set
+ Prefer_No_AVX512 if AVX512ER isn't available.
+ * sysdeps/x86/cpu-features.h (bit_arch_Prefer_No_AVX512): New.
+ (index_arch_Prefer_No_AVX512): Likewise.
+ * sysdeps/x86_64/multiarch/memcpy.S (__new_memcpy): Don't use
+ AVX512 version if Prefer_No_AVX512 is set.
+ * sysdeps/x86_64/multiarch/memcpy_chk.S (__memcpy_chk):
+ Likewise.
+ * sysdeps/x86_64/multiarch/memmove.S (__libc_memmove): Likewise.
+ * sysdeps/x86_64/multiarch/memmove_chk.S (__memmove_chk):
+ Likewise.
+ * sysdeps/x86_64/multiarch/mempcpy.S (__mempcpy): Likewise.
+ * sysdeps/x86_64/multiarch/mempcpy_chk.S (__mempcpy_chk):
+ Likewise.
+ * sysdeps/x86_64/multiarch/memset.S (memset): Likewise.
+ * sysdeps/x86_64/multiarch/memset_chk.S (__memset_chk):
+ Likewise.
+
+2017-04-28 H.J. Lu <hongjiu.lu@intel.com>
+
* sysdeps/x86/cpu-features.c (init_cpu_features): Set
Prefer_No_VZEROUPPER if AVX512ER is available.
* sysdeps/x86/cpu-features.h
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 41d0be2815..9afd74c42e 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -225,10 +225,14 @@ init_cpu_features (struct cpu_features *cpu_features)
|= bit_arch_AVX_Fast_Unaligned_Load;
/* Since AVX512ER is unique to Xeon Phi, set Prefer_No_VZEROUPPER
- if AVX512ER is available. */
+ if AVX512ER is available. Don't use AVX512 to avoid lower CPU
+ frequency if AVX512ER isn't available. */
if (CPU_FEATURES_CPU_P (cpu_features, AVX512ER))
cpu_features->feature[index_arch_Prefer_No_VZEROUPPER]
|= bit_arch_Prefer_No_VZEROUPPER;
+ else
+ cpu_features->feature[index_arch_Prefer_No_AVX512]
+ |= bit_arch_Prefer_No_AVX512;
/* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h
index 2ee8a0a350..a409db67d8 100644
--- a/sysdeps/x86/cpu-features.h
+++ b/sysdeps/x86/cpu-features.h
@@ -39,6 +39,7 @@
#define bit_arch_Prefer_ERMS (1 << 19)
#define bit_arch_Use_dl_runtime_resolve_opt (1 << 20)
#define bit_arch_Use_dl_runtime_resolve_slow (1 << 21)
+#define bit_arch_Prefer_No_AVX512 (1 << 22)
/* CPUID Feature flags. */
@@ -116,6 +117,7 @@
# define index_arch_Prefer_ERMS FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1*FEATURE_SIZE
# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1*FEATURE_SIZE
+# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1*FEATURE_SIZE
# if defined (_LIBC) && !IS_IN (nonlib)
@@ -298,6 +300,7 @@ extern const struct cpu_features *__get_cpu_features (void)
# define index_arch_Prefer_ERMS FEATURE_INDEX_1
# define index_arch_Use_dl_runtime_resolve_opt FEATURE_INDEX_1
# define index_arch_Use_dl_runtime_resolve_slow FEATURE_INDEX_1
+# define index_arch_Prefer_No_AVX512 FEATURE_INDEX_1
#endif /* !__ASSEMBLER__ */
diff --git a/sysdeps/x86_64/multiarch/memcpy.S b/sysdeps/x86_64/multiarch/memcpy.S
index 1f83ee3e84..af2770397c 100644
--- a/sysdeps/x86_64/multiarch/memcpy.S
+++ b/sysdeps/x86_64/multiarch/memcpy.S
@@ -32,6 +32,8 @@ ENTRY(__new_memcpy)
lea __memcpy_erms(%rip), %RAX_LP
HAS_ARCH_FEATURE (Prefer_ERMS)
jnz 2f
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __memcpy_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.S b/sysdeps/x86_64/multiarch/memcpy_chk.S
index 54923420f1..8737fb9755 100644
--- a/sysdeps/x86_64/multiarch/memcpy_chk.S
+++ b/sysdeps/x86_64/multiarch/memcpy_chk.S
@@ -30,6 +30,8 @@
ENTRY(__memcpy_chk)
.type __memcpy_chk, @gnu_indirect_function
LOAD_RTLD_GLOBAL_RO_RDX
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __memcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memmove.S b/sysdeps/x86_64/multiarch/memmove.S
index 2021bfc30c..8c534e83e0 100644
--- a/sysdeps/x86_64/multiarch/memmove.S
+++ b/sysdeps/x86_64/multiarch/memmove.S
@@ -30,6 +30,8 @@ ENTRY(__libc_memmove)
lea __memmove_erms(%rip), %RAX_LP
HAS_ARCH_FEATURE (Prefer_ERMS)
jnz 2f
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __memmove_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memmove_chk.S b/sysdeps/x86_64/multiarch/memmove_chk.S
index 8a252adcae..7870dd0247 100644
--- a/sysdeps/x86_64/multiarch/memmove_chk.S
+++ b/sysdeps/x86_64/multiarch/memmove_chk.S
@@ -29,6 +29,8 @@
ENTRY(__memmove_chk)
.type __memmove_chk, @gnu_indirect_function
LOAD_RTLD_GLOBAL_RO_RDX
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __memmove_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/mempcpy.S b/sysdeps/x86_64/multiarch/mempcpy.S
index 79c840d075..b8b2b28094 100644
--- a/sysdeps/x86_64/multiarch/mempcpy.S
+++ b/sysdeps/x86_64/multiarch/mempcpy.S
@@ -32,6 +32,8 @@ ENTRY(__mempcpy)
lea __mempcpy_erms(%rip), %RAX_LP
HAS_ARCH_FEATURE (Prefer_ERMS)
jnz 2f
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __mempcpy_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.S b/sysdeps/x86_64/multiarch/mempcpy_chk.S
index 6927962e81..072b22c49f 100644
--- a/sysdeps/x86_64/multiarch/mempcpy_chk.S
+++ b/sysdeps/x86_64/multiarch/mempcpy_chk.S
@@ -30,6 +30,8 @@
ENTRY(__mempcpy_chk)
.type __mempcpy_chk, @gnu_indirect_function
LOAD_RTLD_GLOBAL_RO_RDX
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 1f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 1f
lea __mempcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memset.S b/sysdeps/x86_64/multiarch/memset.S
index c958b2f49f..9d33118cf8 100644
--- a/sysdeps/x86_64/multiarch/memset.S
+++ b/sysdeps/x86_64/multiarch/memset.S
@@ -41,6 +41,8 @@ ENTRY(memset)
jnz L(AVX512F)
lea __memset_avx2_unaligned(%rip), %RAX_LP
L(AVX512F):
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 2f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 2f
lea __memset_avx512_no_vzeroupper(%rip), %RAX_LP
diff --git a/sysdeps/x86_64/multiarch/memset_chk.S b/sysdeps/x86_64/multiarch/memset_chk.S
index 79eaa37bb6..7e08311cdf 100644
--- a/sysdeps/x86_64/multiarch/memset_chk.S
+++ b/sysdeps/x86_64/multiarch/memset_chk.S
@@ -38,6 +38,8 @@ ENTRY(__memset_chk)
jnz L(AVX512F)
lea __memset_chk_avx2_unaligned(%rip), %RAX_LP
L(AVX512F):
+ HAS_ARCH_FEATURE (Prefer_No_AVX512)
+ jnz 2f
HAS_ARCH_FEATURE (AVX512F_Usable)
jz 2f
lea __memset_chk_avx512_no_vzeroupper(%rip), %RAX_LP
--
2.13.1

84
srcpkgs/glibc/patches/0015-Fix-i686-memchr-overflow-calculation-BZ-21182.patch
View File

@ -1,84 +0,0 @@
From ccb4fd7a657b0fbc4890c98f4586d58a135fc583 Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Tue, 14 Mar 2017 14:16:13 -0300
Subject: Fix i686 memchr overflow calculation (BZ#21182)
This patch fixes the regression added by 23d2770 for final address
overflow calculation. The subtraction of the considered size (16)
at line 120 is at wrong place, for sizes less than 16 subsequent
overflow check will not take in consideration an invalid size (since
the subtraction will be negative). Also, the lea instruction also
does not raise the carry flag (CF) that is used in subsequent jbe
to check for overflow.
The fix is to follow x86_64 logic from 3daef2c where the overflow
is first check and a sub instruction is issued. In case of resulting
negative size, CF will be set by the sub instruction and a NULL
result will be returned. The patch also add similar tests reported
in bug report.
Checked on i686-linux-gnu and x86_64-linux-gnu.
* string/test-memchr.c (do_test): Add BZ#21182 checks for address
near end of a page.
* sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
overflow calculation.
Cherry-pick of 3abeeec5f46ff036bd9df60bb096e20314ccd078.
diff --git a/ChangeLog b/ChangeLog
index adebc03b78..ac19e98613 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2017-05-01 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ [BZ# 21182]
+ * string/test-memchr.c (do_test): Add BZ#21182 checks for address
+ near end of a page.
+ * sysdeps/i386/i686/multiarch/memchr-sse2.S (__memchr): Fix
+ overflow calculation.
+
2017-04-28 H.J. Lu <hongjiu.lu@intel.com>
[BZ #21396]
diff --git a/string/test-memchr.c b/string/test-memchr.c
index d62889ff8f..6431605c7e 100644
--- a/string/test-memchr.c
+++ b/string/test-memchr.c
@@ -208,6 +208,12 @@ test_main (void)
do_test (0, i, i + 1, i + 1, 0);
}
+ /* BZ#21182 - wrong overflow calculation for i686 implementation
+ with address near end of the page. */
+ for (i = 2; i < 16; ++i)
+ /* page_size is in fact getpagesize() * 2. */
+ do_test (page_size / 2 - i, i, i, 1, 0x9B);
+
do_random_tests ();
return ret;
}
diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S
index 910679cfc0..e41f324a77 100644
--- a/sysdeps/i386/i686/multiarch/memchr-sse2.S
+++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S
@@ -117,7 +117,6 @@ L(crosscache):
# ifndef USE_AS_RAWMEMCHR
jnz L(match_case2_prolog1)
- lea -16(%edx), %edx
/* Calculate the last acceptable address and check for possible
addition overflow by using satured math:
edx = ecx + edx
@@ -125,6 +124,7 @@ L(crosscache):
add %ecx, %edx
sbb %eax, %eax
or %eax, %edx
+ sub $16, %edx
jbe L(return_null)
lea 16(%edi), %edi
# else
--
2.13.1

106
srcpkgs/glibc/patches/0016-Fix-test-math-vector-sincos.h-aliasing.patch
View File

@ -1,106 +0,0 @@
From 34b6f41c14d09fe627c6a6224880d76d0959079e Mon Sep 17 00:00:00 2001
From: Joseph Myers <joseph@codesourcery.com>
Date: Wed, 15 Mar 2017 17:32:46 +0000
Subject: Fix test-math-vector-sincos.h aliasing.
x86_64 libmvec tests have been failing to build lately with GCC
mainline with -Wuninitialized errors, and Markus Trippelsdorf traced
this to an aliasing issue
<https://sourceware.org/ml/libc-alpha/2017-03/msg00169.html>.
This patch fixes the aliasing issue, so that the vectors-of-pointers
are initialized using a union instead of pointer casts. This also
fixes the testsuite build failures with GCC mainline.
Tested for x86_64 (full testsuite with GCC 6; testsuite build with GCC
mainline with build-many-glibcs.py).
* sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
Use a union when storing pointers.
(VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and
cast result when passing to INIT_VEC_PTRS_LOOP.
(VECTOR_WRAPPER_fFF_3): Likewise.
(VECTOR_WRAPPER_fFF_4): Likewise.
(cherry picked from commit ffe308e4fcf2f276c87fd405596569ba52ad0a29)
diff --git a/ChangeLog b/ChangeLog
index ac19e98613..290515a58e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+2017-03-15 Joseph Myers <joseph@codesourcery.com>
+
+ * sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
+ Use a union when storing pointers.
+ (VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and
+ cast result when passing to INIT_VEC_PTRS_LOOP.
+ (VECTOR_WRAPPER_fFF_3): Likewise.
+ (VECTOR_WRAPPER_fFF_4): Likewise.
+
2017-05-01 Adhemerval Zanella <adhemerval.zanella@linaro.org>
[BZ# 21182]
diff --git a/sysdeps/x86/fpu/test-math-vector-sincos.h b/sysdeps/x86/fpu/test-math-vector-sincos.h
index 5043b32563..95282a3ac7 100644
--- a/sysdeps/x86/fpu/test-math-vector-sincos.h
+++ b/sysdeps/x86/fpu/test-math-vector-sincos.h
@@ -17,14 +17,14 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#define INIT_VEC_PTRS_LOOP(vec, val, len) \
- do \
- { \
- for (i = 0; i < len; i++) \
- { \
- vec[i] = &val[i]; \
- } \
- } \
+#define INIT_VEC_PTRS_LOOP(vec, val, len) \
+ do \
+ { \
+ union { VEC_INT_TYPE v; __typeof__ ((val)[0]) *a[(len)]; } u; \
+ for (i = 0; i < len; i++) \
+ u.a[i] = &(val)[i]; \
+ (vec) = u.v; \
+ } \
while (0)
/* Wrapper for vector sincos/sincosf compatible with x86_64 and x32 variants
@@ -40,8 +40,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN); \
vector_func (mx, mr, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN); \
TEST_VEC_LOOP (r1_loc, VEC_LEN); \
@@ -63,8 +63,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/2); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/2); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/2); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/2); \
vector_func (mx, mr, mr, mr1, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN/2); \
TEST_VEC_LOOP (r1_loc, VEC_LEN/2); \
@@ -87,8 +87,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \
VEC_TYPE mx; \
VEC_INT_TYPE mr, mr1; \
INIT_VEC_LOOP (mx, x, VEC_LEN); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/4); \
- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/4); \
+ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/4); \
+ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/4); \
vector_func (mx, mr, mr, mr, mr, mr1, mr1, mr1, mr1); \
TEST_VEC_LOOP (r_loc, VEC_LEN/4); \
TEST_VEC_LOOP (r1_loc, VEC_LEN/4); \
--
2.13.1

70
srcpkgs/glibc/patches/0017-fork-Remove-bogus-parent-PID-assertions-BZ-21386.patch
View File

@ -1,70 +0,0 @@
From b8d2e394a2900cef5bbbe0503f15960f64a943b1 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 9 Jun 2017 13:21:43 +0200
Subject: fork: Remove bogus parent PID assertions [BZ #21386]
(cherry picked from commit 1d2bc2eae969543b89850e35e532f3144122d80a)
diff --git a/ChangeLog b/ChangeLog
index 290515a58e..d44aff0a36 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-05-12 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21386]
+ * sysdeps/nptl/fork.c (__libc_fork): Remove assertions on the
+ parent PID. The assertion in the child is incorrect with PID
+ namespaces.
+
2017-03-15 Joseph Myers <joseph@codesourcery.com>
* sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP):
diff --git a/NEWS b/NEWS
index fee1cf8ca8..d52872323d 100644
--- a/NEWS
+++ b/NEWS
@@ -14,6 +14,7 @@ The following bugs are resolved with this release:
[21109] Tunables broken on big-endian
[21115] sunrpc: Use-after-free in error path in clntudp_call
[21289] Fix symbol redirect for fts_set
+ [21386] Assertion in fork for distinct parent PID is incorrect
Version 2.25
diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c
index db6d721fce..4bb87e2331 100644
--- a/sysdeps/nptl/fork.c
+++ b/sysdeps/nptl/fork.c
@@ -131,10 +131,6 @@ __libc_fork (void)
call_function_static_weak (__malloc_fork_lock_parent);
}
-#ifndef NDEBUG
- pid_t ppid = THREAD_GETMEM (THREAD_SELF, tid);
-#endif
-
#ifdef ARCH_FORK
pid = ARCH_FORK ();
#else
@@ -147,8 +143,6 @@ __libc_fork (void)
{
struct pthread *self = THREAD_SELF;
- assert (THREAD_GETMEM (self, tid) != ppid);
-
/* See __pthread_once. */
if (__fork_generation_pointer != NULL)
*__fork_generation_pointer += __PTHREAD_ONCE_FORK_GEN_INCR;
@@ -230,8 +224,6 @@ __libc_fork (void)
}
else
{
- assert (THREAD_GETMEM (THREAD_SELF, tid) == ppid);
-
/* Release acquired locks in the multi-threaded case. */
if (multiple_threads)
{
--
2.13.1

131
srcpkgs/glibc/patches/0018-Correct-collation-rules-for-Malayalam.patch
View File

@ -1,131 +0,0 @@
From f92b1025980a939645b1ec7e550411a05ac7c76f Mon Sep 17 00:00:00 2001
From: Santhosh Thottingal <santhosh.thottingal@gmail.com>
Date: Sun, 11 Jun 2017 10:08:37 -0400
Subject: Correct collation rules for Malayalam.
[BZ #19922]
* locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF.
[BZ #19919]
* locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37.
diff --git a/localedata/ChangeLog b/localedata/ChangeLog
index 0cdb097ab6..127c1cfb35 100644
--- a/localedata/ChangeLog
+++ b/localedata/ChangeLog
@@ -1,3 +1,11 @@
+2017-06-11 Santhosh Thottingal <santhosh.thottingal@gmail.com>
+
+ [BZ #19922]
+ * locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF.
+
+ [BZ #19919]
+ * locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37.
+
2017-01-01 Joseph Myers <joseph@codesourcery.com>
* All files with FSF copyright notices: Update copyright dates
diff --git a/localedata/locales/iso14651_t1_common b/localedata/locales/iso14651_t1_common
index eef75ba65e..0e64f26a12 100644
--- a/localedata/locales/iso14651_t1_common
+++ b/localedata/locales/iso14651_t1_common
@@ -1042,9 +1042,9 @@ collating-element <ml-bh> from "<U0D2D><U0D4D>"
collating-element <ml-m> from "<U0D2E><U0D4D>"
collating-element <ml-y> from "<U0D2F><U0D4D>"
collating-element <ml-v> from "<U0D35><U0D4D>"
-collating-element <ml-s> from "<U0D38><U0D4D>"
collating-element <ml-ss> from "<U0D36><U0D4D>"
collating-element <ml-sh> from "<U0D37><U0D4D>"
+collating-element <ml-s> from "<U0D38><U0D4D>"
collating-element <ml-h> from "<U0D39><U0D4D>"
collating-element <ml-zh> from "<U0D34><U0D4D>"
collating-element <ml-rr> from "<U0D31><U0D4D>"
@@ -1103,8 +1103,8 @@ collating-symbol <ml-rra>
collating-symbol <ml-la>
collating-symbol <ml-lla>
collating-symbol <ml-va>
-collating-symbol <ml-sha>
collating-symbol <ml-ssa>
+collating-symbol <ml-sha>
collating-symbol <ml-sa>
collating-symbol <ml-ha>
collating-symbol <ml-avagrah>
@@ -1126,6 +1126,12 @@ collating-symbol <mlvs-o>
collating-symbol <mlvs-au>
collating-symbol <ml-visarga>
collating-symbol <ml-virama>
+collating-symbol <ml-atomic-chillu-k>
+collating-symbol <ml-atomic-chillu-n>
+collating-symbol <ml-atomic-chillu-nn>
+collating-symbol <ml-atomic-chillu-l>
+collating-symbol <ml-atomic-chillu-ll>
+collating-symbol <ml-atomic-chillu-r>
#
# <BENGALI>
#
@@ -4552,6 +4558,12 @@ collating-symbol <TIB-subA>
<mlvs-o>
<mlvs-au>
<ml-visarga>
+<ml-atomic-chillu-k>
+<ml-atomic-chillu-n>
+<ml-atomic-chillu-nn>
+<ml-atomic-chillu-l>
+<ml-atomic-chillu-ll>
+<ml-atomic-chillu-r>
#
# <BENGALI>
#
@@ -7252,6 +7264,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<U0D13> <mlvw-o>;<BAS>;<MIN>;IGNORE
<U0D14> <mlvw-au>;<BAS>;<MIN>;IGNORE
<ml-chillu-k> "<ml-ka><ml-virama>";<BAS>;<MIN>;IGNORE
+<U0D7F> "<ml-ka><ml-virama>";<ml-atomic-chillu-k>;<MIN>;IGNORE
<U0D15> "<ml-ka><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-kh> "<ml-kha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D16> "<ml-kha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7280,6 +7293,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-dh> "<ml-dha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D22> "<ml-dha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-nn> "<ml-nna><ml-virama>";<BAS>;<MIN>;IGNORE # ണ്‍ = ണ + ് + zwj
+<U0D7A> "<ml-nna><ml-virama>";<ml-atomic-chillu-nn>;<MIN>;IGNORE
<U0D23> "<ml-nna><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ണ = ണ + ് + അ
<ml-th> "<ml-tha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D24> "<ml-tha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7290,6 +7304,7 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-ddh> "<ml-ddha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D27> "<ml-ddha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-n> "<ml-na><ml-virama>";<BAS>;<MIN>;IGNORE # ന്‍= ന + ് + zwj
+<U0D7B> "<ml-na><ml-virama>";<ml-atomic-chillu-n>;<MIN>;IGNORE
<U0D28> "<ml-na><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE #ന = ന + ് + അ
<ml-p> "<ml-pa><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D2A> "<ml-pa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
@@ -7305,20 +7320,23 @@ order_start <MALAYALAM>;forward;forward;forward;forward,position
<ml-y> "<ml-ya><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D2F> "<ml-ya><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-r> "<ml-ra><ml-virama>";<BAS>;<MIN>;IGNORE # ര = ര + ് + zwj
+<U0D7C> "<ml-ra><ml-virama>";<ml-atomic-chillu-r>;<MIN>;IGNORE
<U0D30> "<ml-ra><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ര = ര + ് + അ
<ml-chillu-l> <ml-la>;<BAS>;<MIN>;IGNORE # ല്‍ = ല + ് + zwj
+<U0D7D> "<ml-la><ml-virama>";<ml-atomic-chillu-l>;<MIN>;IGNORE
<U0D32> "<ml-la><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ല = ല + ് + അ
<ml-v> "<ml-va><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D35> "<ml-va><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-ss> "<ml-ssa><ml-virama>";<BAS>;<MIN>;IGNORE
-<U0D37> "<ml-ssa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
+<U0D36> "<ml-ssa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-sh> "<ml-sha><ml-virama>";<BAS>;<MIN>;IGNORE
-<U0D36> "<ml-sha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
+<U0D37> "<ml-sha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-s> "<ml-sa><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D38> "<ml-sa><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-h> "<ml-ha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D39> "<ml-ha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
<ml-chillu-ll> "<ml-lla><ml-virama>";<BAS>;<MIN>;IGNORE # ള്‍ = ള + ് + zwj
+<U0D7E> "<ml-lla><ml-virama>";<ml-atomic-chillu-ll>;<MIN>;IGNORE
<U0D33> "<ml-lla><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE # ള = ള + ് + അ
<ml-zh> "<ml-zha><ml-virama>";<BAS>;<MIN>;IGNORE
<U0D34> "<ml-zha><ml-virama><mlvw-shorta>";<BAS>;<MIN>;IGNORE
--
2.13.1

58
srcpkgs/glibc/patches/0019-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch
View File

@ -1,58 +0,0 @@
From 3c7cd21290cabdadd72984fb69bc51e64ff1002d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 18:31:27 +0200
Subject: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ
#21624]
LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.
This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.
(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
diff --git a/ChangeLog b/ChangeLog
index d44aff0a36..14ff8b8bb3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
+ [BZ #21624]
+ CVE-2017-1000366
+ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
+ __libc_enable_secure.
+
2017-05-12 Florian Weimer <fweimer@redhat.com>
[BZ #21386]
diff --git a/NEWS b/NEWS
index d52872323d..29079e8586 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,7 @@ The following bugs are resolved with this release:
[21115] sunrpc: Use-after-free in error path in clntudp_call
[21289] Fix symbol redirect for fts_set
[21386] Assertion in fork for distinct parent PID is incorrect
+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
Version 2.25
diff --git a/elf/rtld.c b/elf/rtld.c
index a036ece956..2fc33a6178 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2418,7 +2418,8 @@ process_envvars (enum mode *modep)
case 12:
/* The library search path. */
- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
{
library_path = &envline[13];
break;
--
2.13.1

135
srcpkgs/glibc/patches/0020-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch
View File

@ -1,135 +0,0 @@
From 46703a3995aa3ca2b816814aa4ad05ed524194dd Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 22:31:04 +0200
Subject: ld.so: Reject overly long LD_PRELOAD path elements
(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8)
diff --git a/ChangeLog b/ChangeLog
index 14ff8b8bb3..fbe4db2cf7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
2017-06-19 Florian Weimer <fweimer@redhat.com>
+ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
+ (dso_name_valid_for_suid): New function.
+ (handle_ld_preload): Likewise.
+ (dl_main): Call it. Remove alloca.
+
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
[BZ #21624]
CVE-2017-1000366
* elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
diff --git a/elf/rtld.c b/elf/rtld.c
index 2fc33a6178..4badcf6590 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
#endif
+/* Length limits for names and paths, to protect the dynamic linker,
+ particularly when __libc_enable_secure is active. */
+#ifdef NAME_MAX
+# define SECURE_NAME_LIMIT NAME_MAX
+#else
+# define SECURE_NAME_LIMIT 255
+#endif
+#ifdef PATH_MAX
+# define SECURE_PATH_LIMIT PATH_MAX
+#else
+# define SECURE_PATH_LIMIT 1024
+#endif
+
+/* Check that AT_SECURE=0, or that the passed name does not contain
+ directories and is not overly long. Reject empty names
+ unconditionally. */
+static bool
+dso_name_valid_for_suid (const char *p)
+{
+ if (__glibc_unlikely (__libc_enable_secure))
+ {
+ /* Ignore pathnames with directories for AT_SECURE=1
+ programs, and also skip overlong names. */
+ size_t len = strlen (p);
+ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
+ return false;
+ }
+ return *p != '\0';
+}
/* List of auditing DSOs. */
static struct audit_list
@@ -716,6 +745,42 @@ static const char *preloadlist attribute_relro;
/* Nonzero if information about versions has to be printed. */
static int version_info attribute_relro;
+/* The LD_PRELOAD environment variable gives list of libraries
+ separated by white space or colons that are loaded before the
+ executable's dependencies and prepended to the global scope list.
+ (If the binary is running setuid all elements containing a '/' are
+ ignored since it is insecure.) Return the number of preloads
+ performed. */
+unsigned int
+handle_ld_preload (const char *preloadlist, struct link_map *main_map)
+{
+ unsigned int npreloads = 0;
+ const char *p = preloadlist;
+ char fname[SECURE_PATH_LIMIT];
+
+ while (*p != '\0')
+ {
+ /* Split preload list at space/colon. */
+ size_t len = strcspn (p, " :");
+ if (len > 0 && len < sizeof (fname))
+ {
+ memcpy (fname, p, len);
+ fname[len] = '\0';
+ }
+ else
+ fname[0] = '\0';
+
+ /* Skip over the substring and the following delimiter. */
+ p += len;
+ if (*p != '\0')
+ ++p;
+
+ if (dso_name_valid_for_suid (fname))
+ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
+ }
+ return npreloads;
+}
+
static void
dl_main (const ElfW(Phdr) *phdr,
ElfW(Word) phnum,
@@ -1462,23 +1527,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
if (__glibc_unlikely (preloadlist != NULL))
{
- /* The LD_PRELOAD environment variable gives list of libraries
- separated by white space or colons that are loaded before the
- executable's dependencies and prepended to the global scope
- list. If the binary is running setuid all elements
- containing a '/' are ignored since it is insecure. */
- char *list = strdupa (preloadlist);
- char *p;
-
HP_TIMING_NOW (start);
-
- /* Prevent optimizing strsep. Speed is not important here. */
- while ((p = (strsep) (&list, " :")) != NULL)
- if (p[0] != '\0'
- && (__builtin_expect (! __libc_enable_secure, 1)
- || strchr (p, '/') == NULL))
- npreloads += do_preload (p, main_map, "LD_PRELOAD");
-
+ npreloads += handle_ld_preload (preloadlist, main_map);
HP_TIMING_NOW (stop);
HP_TIMING_DIFF (diff, start, stop);
HP_TIMING_ACCUM_NT (load_time, diff);
--
2.13.1

221
srcpkgs/glibc/patches/0021-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch
View File

@ -1,221 +0,0 @@
From c69d4a0f680a24fdbe323764a50382ad324041e9 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 22:32:12 +0200
Subject: ld.so: Reject overly long LD_AUDIT path elements
Also only process the last LD_AUDIT entry.
(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9)
diff --git a/ChangeLog b/ChangeLog
index fbe4db2cf7..67ce0aa4de 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
2017-06-19 Florian Weimer <fweimer@redhat.com>
+ * elf/rtld.c (audit_list_string): New variable.
+ (audit_list): Update comment.
+ (struct audit_list_iter): Define.
+ (audit_list_iter_init, audit_list_iter_next): New function.
+ (dl_main): Use struct audit_list_iter to process audit modules.
+ (process_dl_audit): Call dso_name_valid_for_suid.
+ (process_envvars): Set audit_list_string instead of calling
+ process_dl_audit.
+
+2017-06-19 Florian Weimer <fweimer@redhat.com>
+
* elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define.
(dso_name_valid_for_suid): New function.
(handle_ld_preload): Likewise.
diff --git a/elf/rtld.c b/elf/rtld.c
index 4badcf6590..369724babe 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
return *p != '\0';
}
-/* List of auditing DSOs. */
+/* LD_AUDIT variable contents. Must be processed before the
+ audit_list below. */
+const char *audit_list_string;
+
+/* Cyclic list of auditing DSOs. audit_list->next is the first
+ element. */
static struct audit_list
{
const char *name;
struct audit_list *next;
} *audit_list;
+/* Iterator for audit_list_string followed by audit_list. */
+struct audit_list_iter
+{
+ /* Tail of audit_list_string still needing processing, or NULL. */
+ const char *audit_list_tail;
+
+ /* The list element returned in the previous iteration. NULL before
+ the first element. */
+ struct audit_list *previous;
+
+ /* Scratch buffer for returning a name which is part of
+ audit_list_string. */
+ char fname[SECURE_NAME_LIMIT];
+};
+
+/* Initialize an audit list iterator. */
+static void
+audit_list_iter_init (struct audit_list_iter *iter)
+{
+ iter->audit_list_tail = audit_list_string;
+ iter->previous = NULL;
+}
+
+/* Iterate through both audit_list_string and audit_list. */
+static const char *
+audit_list_iter_next (struct audit_list_iter *iter)
+{
+ if (iter->audit_list_tail != NULL)
+ {
+ /* First iterate over audit_list_string. */
+ while (*iter->audit_list_tail != '\0')
+ {
+ /* Split audit list at colon. */
+ size_t len = strcspn (iter->audit_list_tail, ":");
+ if (len > 0 && len < sizeof (iter->fname))
+ {
+ memcpy (iter->fname, iter->audit_list_tail, len);
+ iter->fname[len] = '\0';
+ }
+ else
+ /* Do not return this name to the caller. */
+ iter->fname[0] = '\0';
+
+ /* Skip over the substring and the following delimiter. */
+ iter->audit_list_tail += len;
+ if (*iter->audit_list_tail == ':')
+ ++iter->audit_list_tail;
+
+ /* If the name is valid, return it. */
+ if (dso_name_valid_for_suid (iter->fname))
+ return iter->fname;
+ /* Otherwise, wrap around and try the next name. */
+ }
+ /* Fall through to the procesing of audit_list. */
+ }
+
+ if (iter->previous == NULL)
+ {
+ if (audit_list == NULL)
+ /* No pre-parsed audit list. */
+ return NULL;
+ /* Start of audit list. The first list element is at
+ audit_list->next (cyclic list). */
+ iter->previous = audit_list->next;
+ return iter->previous->name;
+ }
+ if (iter->previous == audit_list)
+ /* Cyclic list wrap-around. */
+ return NULL;
+ iter->previous = iter->previous->next;
+ return iter->previous->name;
+}
+
#ifndef HAVE_INLINED_SYSCALLS
/* Set nonzero during loading and initialization of executable and
libraries, cleared before the executable's entry point runs. This
@@ -1303,11 +1381,13 @@ of this helper program; chances are you did not intend to run this program.\n\
GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
/* If we have auditing DSOs to load, do it now. */
- if (__glibc_unlikely (audit_list != NULL))
+ bool need_security_init = true;
+ if (__glibc_unlikely (audit_list != NULL)
+ || __glibc_unlikely (audit_list_string != NULL))
{
- /* Iterate over all entries in the list. The order is important. */
struct audit_ifaces *last_audit = NULL;
- struct audit_list *al = audit_list->next;
+ struct audit_list_iter al_iter;
+ audit_list_iter_init (&al_iter);
/* Since we start using the auditing DSOs right away we need to
initialize the data structures now. */
@@ -1318,9 +1398,14 @@ of this helper program; chances are you did not intend to run this program.\n\
use different values (especially the pointer guard) and will
fail later on. */
security_init ();
+ need_security_init = false;
- do
+ while (true)
{
+ const char *name = audit_list_iter_next (&al_iter);
+ if (name == NULL)
+ break;
+
int tls_idx = GL(dl_tls_max_dtv_idx);
/* Now it is time to determine the layout of the static TLS
@@ -1329,7 +1414,7 @@ of this helper program; chances are you did not intend to run this program.\n\
no DF_STATIC_TLS bit is set. The reason is that we know
glibc will use the static model. */
struct dlmopen_args dlmargs;
- dlmargs.fname = al->name;
+ dlmargs.fname = name;
dlmargs.map = NULL;
const char *objname;
@@ -1342,7 +1427,7 @@ of this helper program; chances are you did not intend to run this program.\n\
not_loaded:
_dl_error_printf ("\
ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
- al->name, err_str);
+ name, err_str);
if (malloced)
free ((char *) err_str);
}
@@ -1446,10 +1531,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
goto not_loaded;
}
}
-
- al = al->next;
}
- while (al != audit_list->next);
/* If we have any auditing modules, announce that we already
have two objects loaded. */
@@ -1713,7 +1795,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
if (tcbp == NULL)
tcbp = init_tls ();
- if (__glibc_likely (audit_list == NULL))
+ if (__glibc_likely (need_security_init))
/* Initialize security features. But only if we have not done it
earlier. */
security_init ();
@@ -2344,9 +2426,7 @@ process_dl_audit (char *str)
char *p;
while ((p = (strsep) (&str, ":")) != NULL)
- if (p[0] != '\0'
- && (__builtin_expect (! __libc_enable_secure, 1)
- || strchr (p, '/') == NULL))
+ if (dso_name_valid_for_suid (p))
{
/* This is using the local malloc, not the system malloc. The
memory can never be freed. */
@@ -2410,7 +2490,7 @@ process_envvars (enum mode *modep)
break;
}
if (memcmp (envline, "AUDIT", 5) == 0)
- process_dl_audit (&envline[6]);
+ audit_list_string = &envline[6];
break;
case 7:
--
2.13.1

126
srcpkgs/glibc/patches/0022-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch
View File

@ -1,126 +0,0 @@
From 3776f38fcd267c127ba5eb222e2c614c191744aa Mon Sep 17 00:00:00 2001
From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Tue, 20 Jun 2017 05:59:17 +0200
Subject: Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209)
The LD_HWCAP_MASK environment variable may alter the selection of
function variants for some architectures. For AT_SECURE process it
means that if an outdated routine has a bug that would otherwise not
affect newer platforms by default, LD_HWCAP_MASK will allow that bug
to be exploited.
To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
binaries.
[BZ #21209]
* elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
AT_SECURE processes.
* sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
* elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
(test_child): Likewise.
* elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)
diff --git a/ChangeLog b/ChangeLog
index 67ce0aa4de..85f1e0a495 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+ * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK.
+ (test_child): Likewise.
+ * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK.
+
2017-06-19 Florian Weimer <fweimer@redhat.com>
* elf/rtld.c (audit_list_string): New variable.
diff --git a/NEWS b/NEWS
index 29079e8586..7be238c404 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,7 @@ The following bugs are resolved with this release:
[21015] Document and fix --enable-bind-now
[21109] Tunables broken on big-endian
[21115] sunrpc: Use-after-free in error path in clntudp_call
+ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
[21289] Fix symbol redirect for fts_set
[21386] Assertion in fork for distinct parent PID is incorrect
[21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
diff --git a/elf/Makefile b/elf/Makefile
index 61abeb59ee..cc4aeb25b6 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -1398,6 +1398,7 @@ $(objpfx)tst-nodelete-dlclose: $(objpfx)tst-nodelete-dlclose-dso.so
$(objpfx)tst-nodelete-dlclose.out: $(objpfx)tst-nodelete-dlclose-dso.so \
$(objpfx)tst-nodelete-dlclose-plugin.so
-tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096
+tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096 \
+ LD_HWCAP_MASK=0xffffffff
tst-env-setuid-tunables-ENV = \
GLIBC_TUNABLES=glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096
diff --git a/elf/rtld.c b/elf/rtld.c
index 369724babe..9362a21e73 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2534,7 +2534,8 @@ process_envvars (enum mode *modep)
case 10:
/* Mask for the important hardware capabilities. */
- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
+ if (!__libc_enable_secure
+ && memcmp (envline, "HWCAP_MASK", 10) == 0)
GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
0, 0);
break;
diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c
index 6ec3fa5874..eec408eb5d 100644
--- a/elf/tst-env-setuid.c
+++ b/elf/tst-env-setuid.c
@@ -213,6 +213,12 @@ test_child (void)
return 1;
}
+ if (getenv ("LD_HWCAP_MASK") != NULL)
+ {
+ printf ("LD_HWCAP_MASK still set\n");
+ return 1;
+ }
+
return 0;
}
#endif
@@ -233,6 +239,12 @@ test_parent (void)
return 1;
}
+ if (getenv ("LD_HWCAP_MASK") == NULL)
+ {
+ printf ("LD_HWCAP_MASK lost\n");
+ return 1;
+ }
+
return 0;
}
#endif
diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
index a74083786e..5ea8a4a259 100644
--- a/sysdeps/generic/unsecvars.h
+++ b/sysdeps/generic/unsecvars.h
@@ -16,6 +16,7 @@
"LD_DEBUG\0" \
"LD_DEBUG_OUTPUT\0" \
"LD_DYNAMIC_WEAK\0" \
+ "LD_HWCAP_MASK\0" \
"LD_LIBRARY_PATH\0" \
"LD_ORIGIN_PATH\0" \
"LD_PRELOAD\0" \
--
2.13.1

50
srcpkgs/glibc/patches/0023-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch
View File

@ -1,50 +0,0 @@
From adc7e06fb412a2a1ee52f8cb788caf436335b9f3 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Wed, 14 Jun 2017 08:11:22 +0200
Subject: i686: Add missing IS_IN (libc) guards to vectorized strcspn
Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile
rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can
no longer be used in ld.so, even if the compiled code never makes it
into the final ld.so link. This commit adds the missing IS_IN (libc)
guard to the SSE 4.2 strcspn implementation, so that it can be used from
ld.so in the future.
(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c)
diff --git a/ChangeLog b/ChangeLog
index 85f1e0a495..73546da9e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2017-06-14 Florian Weimer <fweimer@redhat.com>
+
+ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
+ * sysdeps/i386/i686/multiarch/varshift.c: Likewise.
+
2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
[BZ #21209]
diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
index 6d61e190a8..ec230fb383 100644
--- a/sysdeps/i386/i686/multiarch/strcspn-c.c
+++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
@@ -1,2 +1,4 @@
-#define __strcspn_sse2 __strcspn_ia32
-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
+#if IS_IN (libc)
+# define __strcspn_sse2 __strcspn_ia32
+# include <sysdeps/x86_64/multiarch/strcspn-c.c>
+#endif
diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
index 7760b966e2..6742a35d41 100644
--- a/sysdeps/i386/i686/multiarch/varshift.c
+++ b/sysdeps/i386/i686/multiarch/varshift.c
@@ -1 +1,3 @@
-#include <sysdeps/x86_64/multiarch/varshift.c>
+#if IS_IN (libc)
+# include <sysdeps/x86_64/multiarch/varshift.c>
+#endif
--
2.13.1

6
srcpkgs/glibc/template
View File

@ -1,14 +1,14 @@
# Template file for 'glibc'
pkgname=glibc
version=2.25
revision=6
version=2.26
revision=1
bootstrap=yes
short_desc="The GNU C library"
maintainer="Juan RP <xtraeme@voidlinux.eu>"
homepage="http://www.gnu.org/software/libc"
license="GPL-2, LGPL-2.1, BSD"
distfiles="${GNU_SITE}/glibc/glibc-${version}.tar.xz"
checksum=067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0
checksum=e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd
patch_args="-Np1"
# Do not strip these files, objcopy errors out.
nostrip_files="