diff --git a/srcpkgs/glibc/patches/glibc-upstream-01.patch b/srcpkgs/glibc/patches/0001-Fix-getting-tunable-values-on-big-endian-BZ-21109.patch similarity index 87% rename from srcpkgs/glibc/patches/glibc-upstream-01.patch rename to srcpkgs/glibc/patches/0001-Fix-getting-tunable-values-on-big-endian-BZ-21109.patch index d5a0a4d4078..5d905236110 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-01.patch +++ b/srcpkgs/glibc/patches/0001-Fix-getting-tunable-values-on-big-endian-BZ-21109.patch @@ -1,7 +1,7 @@ From 58520986c38e34db60e07260c64c563e3efcf353 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Thu, 9 Feb 2017 17:28:54 +0100 -Subject: [PATCH 01] Fix getting tunable values on big-endian (BZ #21109) +Subject: Fix getting tunable values on big-endian (BZ #21109) The code to set value passed a tunable_val_t, which when cast to int32_t on big-endian gives the wrong value. Instead, use @@ -9,16 +9,9 @@ tunable_val_t.numval instead, which can then be safely cast into int32_t. (cherry picked from commit 8cbc826c37c0221ada65a7a622fe079b4e89a4b0) ---- - ChangeLog | 10 ++++++++++ - NEWS | 6 ++++++ - elf/dl-tunable-types.h | 4 ++-- - elf/dl-tunables.c | 2 ++ - malloc/arena.c | 8 ++++---- - 5 files changed, 24 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog -index f140ee6..c88238e 100644 +index f140ee67de..c88238e0fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,13 @@ @@ -36,7 +29,7 @@ index f140ee6..c88238e 100644 * version.h (RELEASE): Set to "stable" diff --git a/NEWS b/NEWS -index ec15dde..325cac7 100644 +index ec15dde761..325cac78e4 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,12 @@ See the end for copying conditions. @@ -53,7 +46,7 @@ index ec15dde..325cac7 100644 * The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR diff --git a/elf/dl-tunable-types.h b/elf/dl-tunable-types.h -index a986f0b..37a4e80 100644 +index a986f0b593..37a4e8021f 100644 --- a/elf/dl-tunable-types.h +++ b/elf/dl-tunable-types.h @@ -21,8 +21,6 @@ @@ -75,7 +68,7 @@ index a986f0b..37a4e80 100644 tunables for AT_SECURE binaries. */ typedef enum diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c -index a8d53d6..e42aa67 100644 +index a8d53d6a31..e42aa67003 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -455,6 +455,8 @@ __tunable_set_val (tunable_id_t id, void *valp, tunable_callback_t callback) @@ -88,7 +81,7 @@ index a8d53d6..e42aa67 100644 goto cb; diff --git a/malloc/arena.c b/malloc/arena.c -index b91d7d6..d49e4a2 100644 +index b91d7d6b16..d49e4a21c8 100644 --- a/malloc/arena.c +++ b/malloc/arena.c @@ -212,9 +212,9 @@ __malloc_fork_unlock_child (void) @@ -116,6 +109,5 @@ index b91d7d6..d49e4a2 100644 } -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-02.patch b/srcpkgs/glibc/patches/0002-sunrpc-Avoid-use-after-free-read-access-in-clntudp_c.patch similarity index 89% rename from srcpkgs/glibc/patches/glibc-upstream-02.patch rename to srcpkgs/glibc/patches/0002-sunrpc-Avoid-use-after-free-read-access-in-clntudp_c.patch index 0b07aa3a49c..d7efbacc2bc 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-02.patch +++ b/srcpkgs/glibc/patches/0002-sunrpc-Avoid-use-after-free-read-access-in-clntudp_c.patch @@ -1,8 +1,7 @@ From 045e368799cd253ddbf8bdec42ed92e8ebb3ce67 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 28 Feb 2017 17:05:46 +0100 -Subject: [PATCH 02] sunrpc: Avoid use-after-free read access in - clntudp_call [BZ #21115] +Subject: sunrpc: Avoid use-after-free read access in clntudp_call [BZ #21115] After commit bc779a1a5b3035133024b21e2f339fe4219fb11c (CVE-2016-4429: sunrpc: Do not use alloca in clntudp_call @@ -14,17 +13,9 @@ to observe the invalid access. A malloc implementation which immediately calls munmap on free would catch this bug as well. (cherry picked from commit d42eed4a044e5e10dfb885cf9891c2518a72a491) ---- - ChangeLog | 8 +++++++ - NEWS | 1 + - sunrpc/Makefile | 3 ++- - sunrpc/clnt_udp.c | 2 +- - sunrpc/tst-udp-error.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 74 insertions(+), 2 deletions(-) - create mode 100644 sunrpc/tst-udp-error.c diff --git a/ChangeLog b/ChangeLog -index c88238e..3d781a3 100644 +index c88238e0fa..3d781a354a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ @@ -40,7 +31,7 @@ index c88238e..3d781a3 100644 [BZ #21109] diff --git a/NEWS b/NEWS -index 325cac7..5ecc565 100644 +index 325cac78e4..5ecc565371 100644 --- a/NEWS +++ b/NEWS @@ -10,6 +10,7 @@ Version 2.25.1 @@ -52,7 +43,7 @@ index 325cac7..5ecc565 100644 Version 2.25 diff --git a/sunrpc/Makefile b/sunrpc/Makefile -index 0c1e612..daf8a28 100644 +index 0c1e6124ff..daf8a28f1a 100644 --- a/sunrpc/Makefile +++ b/sunrpc/Makefile @@ -93,7 +93,7 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \ @@ -73,7 +64,7 @@ index 0c1e612..daf8a28 100644 $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs)) diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c -index 4d9acb1..1de25cb 100644 +index 4d9acb1e6a..1de25cb771 100644 --- a/sunrpc/clnt_udp.c +++ b/sunrpc/clnt_udp.c @@ -421,9 +421,9 @@ send_again: @@ -89,7 +80,7 @@ index 4d9acb1..1de25cb 100644 free (cbuf); diff --git a/sunrpc/tst-udp-error.c b/sunrpc/tst-udp-error.c new file mode 100644 -index 0000000..1efc02f +index 0000000000..1efc02f5c6 --- /dev/null +++ b/sunrpc/tst-udp-error.c @@ -0,0 +1,62 @@ @@ -156,6 +147,5 @@ index 0000000..1efc02f + +#include -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-03.patch b/srcpkgs/glibc/patches/0003-sunrpc-Improvements-for-UDP-client-timeout-handling-.patch similarity index 97% rename from srcpkgs/glibc/patches/glibc-upstream-03.patch rename to srcpkgs/glibc/patches/0003-sunrpc-Improvements-for-UDP-client-timeout-handling-.patch index 7c9e367be3b..f0dc6bc35d8 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-03.patch +++ b/srcpkgs/glibc/patches/0003-sunrpc-Improvements-for-UDP-client-timeout-handling-.patch @@ -1,35 +1,16 @@ From 93cf93e06ce123439e41d3d62790601c313134cb Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Tue, 28 Feb 2017 17:36:00 +0100 -Subject: [PATCH 03] sunrpc: Improvements for UDP client timeout handling - [BZ #20257] +Subject: sunrpc: Improvements for UDP client timeout handling [BZ #20257] This commit fixes various aspects in the UDP client timeout handling. Timeouts are now applied in a more consistent fashion. Discarded UDP packets no longer prevent the timeout from happening at all. (cherry picked from commit cf0bd2f73bd65beab613865bba567d7787836888) ---- - ChangeLog | 23 +++ - NEWS | 1 + - inet/Makefile | 8 +- - inet/deadline.c | 122 +++++++++++++ - inet/net-internal.h | 89 ++++++++++ - inet/tst-deadline.c | 188 ++++++++++++++++++++ - sunrpc/Makefile | 10 +- - sunrpc/clnt_udp.c | 127 ++++++++------ - sunrpc/tst-udp-garbage.c | 104 +++++++++++ - sunrpc/tst-udp-nonblocking.c | 333 +++++++++++++++++++++++++++++++++++ - sunrpc/tst-udp-timeout.c | 402 +++++++++++++++++++++++++++++++++++++++++++ - 11 files changed, 1348 insertions(+), 59 deletions(-) - create mode 100644 inet/deadline.c - create mode 100644 inet/tst-deadline.c - create mode 100644 sunrpc/tst-udp-garbage.c - create mode 100644 sunrpc/tst-udp-nonblocking.c - create mode 100644 sunrpc/tst-udp-timeout.c diff --git a/ChangeLog b/ChangeLog -index 3d781a3..510ca42 100644 +index 3d781a354a..510ca42c2b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,26 @@ @@ -60,7 +41,7 @@ index 3d781a3..510ca42 100644 [BZ #21115] diff --git a/NEWS b/NEWS -index 5ecc565..e7d6668 100644 +index 5ecc565371..e7d6668664 100644 --- a/NEWS +++ b/NEWS @@ -11,6 +11,7 @@ The following bugs are resolved with this release: @@ -72,7 +53,7 @@ index 5ecc565..e7d6668 100644 Version 2.25 diff --git a/inet/Makefile b/inet/Makefile -index 010792a..6a7d3e0 100644 +index 010792af8f..6a7d3e0664 100644 --- a/inet/Makefile +++ b/inet/Makefile @@ -45,14 +45,18 @@ routines := htonl htons \ @@ -98,7 +79,7 @@ index 010792a..6a7d3e0 100644 diff --git a/inet/deadline.c b/inet/deadline.c new file mode 100644 -index 0000000..c1fa415 +index 0000000000..c1fa415a39 --- /dev/null +++ b/inet/deadline.c @@ -0,0 +1,122 @@ @@ -225,7 +206,7 @@ index 0000000..c1fa415 + return msec; +} diff --git a/inet/net-internal.h b/inet/net-internal.h -index 087597e..2b2632c 100644 +index 087597ed99..2b2632c7ba 100644 --- a/inet/net-internal.h +++ b/inet/net-internal.h @@ -20,11 +20,100 @@ @@ -331,7 +312,7 @@ index 087597e..2b2632c 100644 #endif /* _NET_INTERNAL_H */ diff --git a/inet/tst-deadline.c b/inet/tst-deadline.c new file mode 100644 -index 0000000..ed04345 +index 0000000000..ed04345c35 --- /dev/null +++ b/inet/tst-deadline.c @@ -0,0 +1,188 @@ @@ -524,7 +505,7 @@ index 0000000..ed04345 + +#include diff --git a/sunrpc/Makefile b/sunrpc/Makefile -index daf8a28..7e5d295 100644 +index daf8a28f1a..7e5d2955a0 100644 --- a/sunrpc/Makefile +++ b/sunrpc/Makefile @@ -93,11 +93,12 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \ @@ -552,7 +533,7 @@ index daf8a28..7e5d295 100644 +$(objpfx)tst-udp-garbage: \ + $(common-objpfx)linkobj/libc.so $(shared-thread-library) diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c -index 1de25cb..6ce16eb 100644 +index 1de25cb771..6ce16eb298 100644 --- a/sunrpc/clnt_udp.c +++ b/sunrpc/clnt_udp.c @@ -55,6 +55,7 @@ @@ -750,7 +731,7 @@ index 1de25cb..6ce16eb 100644 /* diff --git a/sunrpc/tst-udp-garbage.c b/sunrpc/tst-udp-garbage.c new file mode 100644 -index 0000000..4abda93 +index 0000000000..4abda93f08 --- /dev/null +++ b/sunrpc/tst-udp-garbage.c @@ -0,0 +1,104 @@ @@ -860,7 +841,7 @@ index 0000000..4abda93 +#include diff --git a/sunrpc/tst-udp-nonblocking.c b/sunrpc/tst-udp-nonblocking.c new file mode 100644 -index 0000000..1d6a7f4 +index 0000000000..1d6a7f4b56 --- /dev/null +++ b/sunrpc/tst-udp-nonblocking.c @@ -0,0 +1,333 @@ @@ -1199,7 +1180,7 @@ index 0000000..1d6a7f4 +#include diff --git a/sunrpc/tst-udp-timeout.c b/sunrpc/tst-udp-timeout.c new file mode 100644 -index 0000000..db9943a +index 0000000000..db9943a03e --- /dev/null +++ b/sunrpc/tst-udp-timeout.c @@ -0,0 +1,402 @@ @@ -1606,6 +1587,5 @@ index 0000000..db9943a +#define TIMEOUT 25 +#include -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-04.patch b/srcpkgs/glibc/patches/0004-Document-and-fix-enable-bind-now-BZ-21015.patch similarity index 87% rename from srcpkgs/glibc/patches/glibc-upstream-04.patch rename to srcpkgs/glibc/patches/0004-Document-and-fix-enable-bind-now-BZ-21015.patch index 67c135db833..ec2eb958df4 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-04.patch +++ b/srcpkgs/glibc/patches/0004-Document-and-fix-enable-bind-now-BZ-21015.patch @@ -1,24 +1,12 @@ From 69e0a87cc4c570e3b7218392fc3e743b5bddcce2 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Thu, 2 Mar 2017 20:11:27 +0100 -Subject: [PATCH 04] Document and fix --enable-bind-now [BZ #21015] +Subject: Document and fix --enable-bind-now [BZ #21015] (cherry picked from commit 2d6ab5df3b675e96ee587ae6a8c2ce004c6b1ba9) ---- - ChangeLog | 17 +++++++++++++++++ - INSTALL | 6 ++++++ - Makeconfig | 7 +++++++ - Makerules | 9 +++------ - NEWS | 1 + - iconvdata/Makefile | 5 +++++ - manual/install.texi | 6 ++++++ - sysdeps/unix/sysv/linux/alpha/localplt.data | 2 +- - sysdeps/unix/sysv/linux/i386/localplt.data | 2 +- - sysdeps/x86_64/localplt.data | 2 +- - 10 files changed, 48 insertions(+), 9 deletions(-) diff --git a/ChangeLog b/ChangeLog -index 510ca42..8aaf9f8 100644 +index 510ca42c2b..8aaf9f825d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,20 @@ @@ -43,7 +31,7 @@ index 510ca42..8aaf9f8 100644 [BZ #20257] diff --git a/INSTALL b/INSTALL -index 3b3fd12..e77cb2d 100644 +index 3b3fd121b2..e77cb2d4e2 100644 --- a/INSTALL +++ b/INSTALL @@ -146,6 +146,12 @@ will be used, and CFLAGS sets optimization options for the compiler. @@ -60,7 +48,7 @@ index 3b3fd12..e77cb2d 100644 The file 'pt_chown' is a helper binary for 'grantpt' (*note Pseudo-Terminals: Allocation.) that is installed setuid root to fix diff --git a/Makeconfig b/Makeconfig -index 97a15b5..1c81511 100644 +index 97a15b569e..1c815113b9 100644 --- a/Makeconfig +++ b/Makeconfig @@ -386,6 +386,13 @@ LDFLAGS.so += $(hashstyle-LDFLAGS) @@ -78,7 +66,7 @@ index 97a15b5..1c81511 100644 # This is invoked with $(call after-link,...), so it should operate on # the file $1. This can be set to do some sort of post-processing on diff --git a/Makerules b/Makerules -index e9194e5..7f0eef8 100644 +index e9194e54cf..7f0eef8096 100644 --- a/Makerules +++ b/Makerules @@ -588,7 +588,7 @@ $(LINK.o) -shared -static-libgcc -Wl,-O1 $(sysdep-LDFLAGS) \ @@ -112,7 +100,7 @@ index e9194e5..7f0eef8 100644 | sed -n -f $< > $@.new test -s $@.new diff --git a/NEWS b/NEWS -index e7d6668..9bf8c10 100644 +index e7d6668664..9bf8c10926 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,7 @@ The following bugs are resolved with this release: @@ -124,7 +112,7 @@ index e7d6668..9bf8c10 100644 Version 2.25 diff --git a/iconvdata/Makefile b/iconvdata/Makefile -index 04157b2..e484587 100644 +index 04157b25c5..e4845871f5 100644 --- a/iconvdata/Makefile +++ b/iconvdata/Makefile @@ -63,6 +63,11 @@ modules := ISO8859-1 ISO8859-2 ISO8859-3 ISO8859-4 ISO8859-5 \ @@ -140,7 +128,7 @@ index 04157b2..e484587 100644 ifeq (yes,$(build-shared)) diff --git a/manual/install.texi b/manual/install.texi -index 266add8..3398cfa 100644 +index 266add8ba9..3398cfab02 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -175,6 +175,12 @@ options to detect stack overruns. Only the dynamic linker and a small @@ -157,7 +145,7 @@ index 266add8..3398cfa 100644 @findex grantpt @item --enable-pt_chown diff --git a/sysdeps/unix/sysv/linux/alpha/localplt.data b/sysdeps/unix/sysv/linux/alpha/localplt.data -index cca17f1..1f0e3b4 100644 +index cca17f1e34..1f0e3b494e 100644 --- a/sysdeps/unix/sysv/linux/alpha/localplt.data +++ b/sysdeps/unix/sysv/linux/alpha/localplt.data @@ -20,7 +20,7 @@ libc.so: free + RELA R_ALPHA_GLOB_DAT @@ -170,7 +158,7 @@ index cca17f1..1f0e3b4 100644 # Ought to reorg things such that carg isn't thus forced to use a plt. libm.so: __atan2 diff --git a/sysdeps/unix/sysv/linux/i386/localplt.data b/sysdeps/unix/sysv/linux/i386/localplt.data -index 2c25849..8ea4333 100644 +index 2c2584956d..8ea4333846 100644 --- a/sysdeps/unix/sysv/linux/i386/localplt.data +++ b/sysdeps/unix/sysv/linux/i386/localplt.data @@ -6,7 +6,7 @@ libc.so: free + REL R_386_GLOB_DAT @@ -183,7 +171,7 @@ index 2c25849..8ea4333 100644 # allocations after the initial link (when dlopen is used). ld.so: malloc + REL R_386_GLOB_DAT diff --git a/sysdeps/x86_64/localplt.data b/sysdeps/x86_64/localplt.data -index 014a9f4..a1840cf 100644 +index 014a9f4554..a1840cff31 100644 --- a/sysdeps/x86_64/localplt.data +++ b/sysdeps/x86_64/localplt.data @@ -8,7 +8,7 @@ libc.so: free + RELA R_X86_64_GLOB_DAT @@ -196,6 +184,5 @@ index 014a9f4..a1840cf 100644 # allocations after the initial link (when dlopen is used). ld.so: malloc + RELA R_X86_64_GLOB_DAT -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-05.patch b/srcpkgs/glibc/patches/0005-hppa-Fix-setting-of-__libc_stack_end.patch similarity index 89% rename from srcpkgs/glibc/patches/glibc-upstream-05.patch rename to srcpkgs/glibc/patches/0005-hppa-Fix-setting-of-__libc_stack_end.patch index 60784a4b9a8..36961bf3510 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-05.patch +++ b/srcpkgs/glibc/patches/0005-hppa-Fix-setting-of-__libc_stack_end.patch @@ -1,7 +1,7 @@ From 8b3caa41b9cb82651e72a0c87aa56719c134000e Mon Sep 17 00:00:00 2001 From: John David Anglin Date: Mon, 20 Feb 2017 20:31:57 -0500 -Subject: [PATCH 05] hppa: Fix setting of __libc_stack_end +Subject: hppa: Fix setting of __libc_stack_end The binutils package was recently changed to fix -z relro support on hppa. See ld/21000 for details: @@ -16,13 +16,9 @@ A build log with the attached patch is here: https://buildd.debian.org/status/fetch.php?pkg=glibc&arch=hppa&ver=2.24-9&stamp=1487639205&raw=0 (cherry picked from commit 5d20a49aaccef5ef7adac93d5ca159f6b7ba0105) ---- - ChangeLog | 5 +++++ - sysdeps/hppa/dl-machine.h | 9 ++++----- - 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog -index 8aaf9f8..d8ed2e4 100644 +index 8aaf9f825d..d8ed2e4d90 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ @@ -35,7 +31,7 @@ index 8aaf9f8..d8ed2e4 100644 [BZ #21015] diff --git a/sysdeps/hppa/dl-machine.h b/sysdeps/hppa/dl-machine.h -index 339c7bb..787b95f 100644 +index 339c7bb771..787b95f502 100644 --- a/sysdeps/hppa/dl-machine.h +++ b/sysdeps/hppa/dl-machine.h @@ -302,6 +302,10 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile) @@ -62,6 +58,5 @@ index 339c7bb..787b95f 100644 name as an extra leading argument. */ \ " addil LT'_dl_skip_args,%r19\n" \ -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-06.patch b/srcpkgs/glibc/patches/0006-x86_64-fix-static-build-of-__mempcpy_chk-for-compile.patch similarity index 81% rename from srcpkgs/glibc/patches/glibc-upstream-06.patch rename to srcpkgs/glibc/patches/0006-x86_64-fix-static-build-of-__mempcpy_chk-for-compile.patch index c1c31aa3445..06c6933d9a8 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-06.patch +++ b/srcpkgs/glibc/patches/0006-x86_64-fix-static-build-of-__mempcpy_chk-for-compile.patch @@ -1,8 +1,8 @@ From 0889003c67f9c2f520a37281c4b5c3b8a9861f46 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sun, 12 Mar 2017 15:12:21 -0700 -Subject: [PATCH 06] x86_64: fix static build of __mempcpy_chk for compilers - defaulting to PIC/PIE +Subject: x86_64: fix static build of __mempcpy_chk for compilers defaulting to + PIC/PIE When glibc is compiled with gcc 6.2 that has been configured with to default to PIC/PIE, the static version of __mempcpy_chk is not built, @@ -15,13 +15,9 @@ SHARED, like it is done for similar functions like __memcpy_chk. instead of PIC. (cherry picked from commit fbe355fbd1973d6e29561084b3eaeb4bfe9d515a) ---- - ChangeLog | 5 +++++ - sysdeps/x86_64/mempcpy_chk.S | 2 +- - 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog -index d8ed2e4..c29a70a 100644 +index d8ed2e4d90..c29a70aa72 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ @@ -34,7 +30,7 @@ index d8ed2e4..c29a70a 100644 * sysdeps/hppa/dl-machine.h (DL_STACK_END): Define. diff --git a/sysdeps/x86_64/mempcpy_chk.S b/sysdeps/x86_64/mempcpy_chk.S -index f8a9260..f912291 100644 +index f8a9260e6e..f912291576 100644 --- a/sysdeps/x86_64/mempcpy_chk.S +++ b/sysdeps/x86_64/mempcpy_chk.S @@ -19,7 +19,7 @@ @@ -47,6 +43,5 @@ index f8a9260..f912291 100644 For libc.a, this is a separate source to avoid mempcpy bringing in __chk_fail and all routines -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-07.patch b/srcpkgs/glibc/patches/0007-posix_spawn-fix-stack-setup-on-ia64-BZ-21275.patch similarity index 87% rename from srcpkgs/glibc/patches/glibc-upstream-07.patch rename to srcpkgs/glibc/patches/0007-posix_spawn-fix-stack-setup-on-ia64-BZ-21275.patch index 3319eedbb4d..fb7c1e95873 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-07.patch +++ b/srcpkgs/glibc/patches/0007-posix_spawn-fix-stack-setup-on-ia64-BZ-21275.patch @@ -1,7 +1,7 @@ From 27ab0d9518746dfb59ed2ba59daefc981dc10e38 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Mon, 20 Mar 2017 04:47:56 -0400 -Subject: [PATCH 07] posix_spawn: fix stack setup on ia64 [BZ #21275] +Subject: posix_spawn: fix stack setup on ia64 [BZ #21275] The ia64-specific clone2 call expects the base of the stack mapping and the stack size as sep arguments, not an initial stack value as on other @@ -10,13 +10,9 @@ pass in the right stack base. Reported-by: Matt Turner (cherry picked from commit ddc3fb333469c2997798742dc0509dc1e3201d91) ---- - ChangeLog | 8 ++++++++ - sysdeps/unix/sysv/linux/spawni.c | 11 ++++++----- - 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog -index c29a70a..ef5388c 100644 +index c29a70aa72..ef5388c2c3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ @@ -32,7 +28,7 @@ index c29a70a..ef5388c 100644 * sysdeps/x86_64/mempcpy_chk.S (__mempcpy_chk): Check for SHARED diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c -index 2daf0c5..c96aac8 100644 +index 2daf0c5ef0..c96aac889d 100644 --- a/sysdeps/unix/sysv/linux/spawni.c +++ b/sysdeps/unix/sysv/linux/spawni.c @@ -61,17 +61,18 @@ @@ -60,6 +56,5 @@ index 2daf0c5..c96aac8 100644 -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-08.patch b/srcpkgs/glibc/patches/0008-fts-Fix-symbol-redirect-for-fts_set-BZ-21289.patch similarity index 85% rename from srcpkgs/glibc/patches/glibc-upstream-08.patch rename to srcpkgs/glibc/patches/0008-fts-Fix-symbol-redirect-for-fts_set-BZ-21289.patch index ad522a06907..8e18b11335e 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-08.patch +++ b/srcpkgs/glibc/patches/0008-fts-Fix-symbol-redirect-for-fts_set-BZ-21289.patch @@ -1,20 +1,15 @@ From f035c8d055f25eaf6c93772f308afac10ce31ef2 Mon Sep 17 00:00:00 2001 From: Slava Barinov Date: Fri, 31 Mar 2017 08:49:25 +0200 -Subject: [PATCH 08] fts: Fix symbol redirect for fts_set [BZ #21289] +Subject: fts: Fix symbol redirect for fts_set [BZ #21289] In a 32-bit environment with _FILE_OFFSET_BITS=64, the __REDIRECT macro combined with __THROW generates an invalid C++ declaration. (cherry picked from commit ce39613205dc47ceaeea76710d49e7a483b503ab) ---- - ChangeLog | 5 +++++ - NEWS | 5 +++-- - io/fts.h | 2 +- - 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog -index ef5388c..85d6fc6 100644 +index ef5388c2c3..85d6fc6192 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ @@ -27,7 +22,7 @@ index ef5388c..85d6fc6 100644 [BZ #21275] diff --git a/NEWS b/NEWS -index 9bf8c10..fee1cf8 100644 +index 9bf8c10926..fee1cf8ca8 100644 --- a/NEWS +++ b/NEWS @@ -9,10 +9,11 @@ Version 2.25.1 @@ -45,7 +40,7 @@ index 9bf8c10..fee1cf8 100644 Version 2.25 diff --git a/io/fts.h b/io/fts.h -index b9cff53..ab15567 100644 +index b9cff534e9..ab15567001 100644 --- a/io/fts.h +++ b/io/fts.h @@ -193,7 +193,7 @@ FTS *__REDIRECT (fts_open, (char * const *, int, @@ -58,6 +53,5 @@ index b9cff53..ab15567 100644 # define fts_children fts64_children # define fts_close fts64_close -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-09.patch b/srcpkgs/glibc/patches/0009-Call-the-right-helper-function-when-setting-mallopt-.patch similarity index 80% rename from srcpkgs/glibc/patches/glibc-upstream-09.patch rename to srcpkgs/glibc/patches/0009-Call-the-right-helper-function-when-setting-mallopt-.patch index c7ad23ad0b5..ff17fe29fb0 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-09.patch +++ b/srcpkgs/glibc/patches/0009-Call-the-right-helper-function-when-setting-mallopt-.patch @@ -1,8 +1,8 @@ From 74522eeeaa4a39809a28f44171e71d36a69edb58 Mon Sep 17 00:00:00 2001 From: "Wladimir J. van der Laan" Date: Sat, 1 Apr 2017 12:39:09 +0530 -Subject: [PATCH 09] Call the right helper function when setting mallopt - M_ARENA_MAX (BZ #21338) +Subject: Call the right helper function when setting mallopt M_ARENA_MAX (BZ + #21338) Fixes a typo introduced in commit be7991c0705e35b4d70a419d117addcd6c627319. This caused @@ -13,13 +13,9 @@ wrong internal parameter. [BZ #21338] * malloc/malloc.c: Call do_set_arena_max for M_ARENA_MAX instead of incorrect do_set_arena_test ---- - ChangeLog | 6 ++++++ - malloc/malloc.c | 2 +- - 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog -index 85d6fc6..321bf53 100644 +index 85d6fc6192..321bf53191 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ @@ -33,7 +29,7 @@ index 85d6fc6..321bf53 100644 [BZ #21289] diff --git a/malloc/malloc.c b/malloc/malloc.c -index 4885793..4e07663 100644 +index 4885793905..4e076638b0 100644 --- a/malloc/malloc.c +++ b/malloc/malloc.c @@ -4902,7 +4902,7 @@ __libc_mallopt (int param_number, int value) @@ -46,6 +42,5 @@ index 4885793..4e07663 100644 } __libc_lock_unlock (av->mutex); -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-10.patch b/srcpkgs/glibc/patches/0010-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch similarity index 89% rename from srcpkgs/glibc/patches/glibc-upstream-10.patch rename to srcpkgs/glibc/patches/0010-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch index 6bb2645877e..911c5f8edbd 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-10.patch +++ b/srcpkgs/glibc/patches/0010-posix_spawn-use-a-larger-min-stack-for-fstack-check-.patch @@ -1,8 +1,7 @@ From df29db0bec24211cfc917db52024bf8deecac2c9 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Wed, 15 Mar 2017 23:59:31 -0700 -Subject: [PATCH 10] posix_spawn: use a larger min stack for -fstack-check - [BZ #21253] +Subject: posix_spawn: use a larger min stack for -fstack-check [BZ #21253] When glibc is built with -fstack-check, trying to use posix_spawn can lead to segfaults due to gcc internally probing stack memory too far. @@ -30,13 +29,9 @@ enough to trigger the problem: [1] https://gcc.gnu.org/onlinedocs/gcc-6.3.0/gccint/Stack-Checking.html (cherry picked from commit 21f042c804835d1f7a4a8e06f2c93ca35a182042) ---- - ChangeLog | 6 ++++++ - sysdeps/unix/sysv/linux/spawni.c | 5 +++++ - 2 files changed, 11 insertions(+) diff --git a/ChangeLog b/ChangeLog -index 321bf53..b37a054 100644 +index 321bf53191..b37a054bae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ @@ -50,7 +45,7 @@ index 321bf53..b37a054 100644 [BZ# 21338] diff --git a/sysdeps/unix/sysv/linux/spawni.c b/sysdeps/unix/sysv/linux/spawni.c -index c96aac8..29d8f25 100644 +index c96aac889d..29d8f25ab5 100644 --- a/sysdeps/unix/sysv/linux/spawni.c +++ b/sysdeps/unix/sysv/linux/spawni.c @@ -319,6 +319,11 @@ __spawnix (pid_t * pid, const char *file, @@ -66,6 +61,5 @@ index c96aac8..29d8f25 100644 void *stack = __mmap (NULL, stack_size, prot, MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-11.patch b/srcpkgs/glibc/patches/0011-x86-64-Improve-branch-predication-in-_dl_runtime_res.patch similarity index 90% rename from srcpkgs/glibc/patches/glibc-upstream-11.patch rename to srcpkgs/glibc/patches/0011-x86-64-Improve-branch-predication-in-_dl_runtime_res.patch index bb120e82275..3127662be9a 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-11.patch +++ b/srcpkgs/glibc/patches/0011-x86-64-Improve-branch-predication-in-_dl_runtime_res.patch @@ -1,8 +1,8 @@ From 903b77defb6f2ee2552c06472339f33091e3c7b4 Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Tue, 21 Mar 2017 10:59:31 -0700 -Subject: [PATCH 11] x86-64: Improve branch predication in - _dl_runtime_resolve_avx512_opt [BZ #21258] +Subject: x86-64: Improve branch predication in _dl_runtime_resolve_avx512_opt + [BZ #21258] On Skylake server, _dl_runtime_resolve_avx512_opt is used to preserve the first 8 vector registers. The code layout is @@ -35,14 +35,9 @@ Tested on Skylake server. Fallthrough to _dl_runtime_resolve_sse_vex. (cherry picked from commit c15f8eb50cea7ad1a4ccece6e0982bf426d52c00) ---- - ChangeLog | 9 +++++++++ - sysdeps/x86_64/dl-trampoline.S | 3 +-- - sysdeps/x86_64/dl-trampoline.h | 9 +++++---- - 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog -index b37a054..8479fba 100644 +index b37a054bae..8479fba8c4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,12 @@ @@ -59,7 +54,7 @@ index b37a054..8479fba 100644 [BZ #21253] diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S -index 33d7fcf..c14c61a 100644 +index 33d7fcf7d0..c14c61aa58 100644 --- a/sysdeps/x86_64/dl-trampoline.S +++ b/sysdeps/x86_64/dl-trampoline.S @@ -87,11 +87,9 @@ @@ -81,7 +76,7 @@ index 33d7fcf..c14c61a 100644 +#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt #include "dl-trampoline.h" diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h -index b27fa06..8db24c1 100644 +index b27fa06974..8db24c16ac 100644 --- a/sysdeps/x86_64/dl-trampoline.h +++ b/sysdeps/x86_64/dl-trampoline.h @@ -129,19 +129,20 @@ _dl_runtime_resolve_opt: @@ -110,6 +105,5 @@ index b27fa06..8db24c1 100644 # error Unsupported VEC_SIZE! # endif -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-12.patch b/srcpkgs/glibc/patches/0012-posix-Add-cleanup-on-the-trap-list-for-globtest.sh.patch similarity index 83% rename from srcpkgs/glibc/patches/glibc-upstream-12.patch rename to srcpkgs/glibc/patches/0012-posix-Add-cleanup-on-the-trap-list-for-globtest.sh.patch index b64b0287ce8..803cd0dfcd5 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-12.patch +++ b/srcpkgs/glibc/patches/0012-posix-Add-cleanup-on-the-trap-list-for-globtest.sh.patch @@ -1,7 +1,7 @@ From b30b1c97ccfe72e82b0c95bb55274b5660bc539e Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Tue, 11 Apr 2017 15:08:02 -0300 -Subject: [PATCH 12] posix: Add cleanup on the trap list for globtest.sh +Subject: posix: Add cleanup on the trap list for globtest.sh This patch prevents lingering files for SIGSEGV failures by adding a cleanup handler on trap handler. Checked on x86_64-linux-gnu. @@ -9,13 +9,9 @@ a cleanup handler on trap handler. Checked on x86_64-linux-gnu. * posix/globtest.sh: Add cleanup routine on trap 0. Cherry-pick of 4fee33f. ---- - ChangeLog | 4 ++++ - posix/globtest.sh | 9 ++++++--- - 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog -index 8479fba..4962000 100644 +index 8479fba8c4..4962000b47 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ @@ -27,7 +23,7 @@ index 8479fba..4962000 100644 [BZ #21258] diff --git a/posix/globtest.sh b/posix/globtest.sh -index f9cc80b..73f7ae3 100755 +index f9cc80b4b5..73f7ae31cc 100755 --- a/posix/globtest.sh +++ b/posix/globtest.sh @@ -47,7 +47,12 @@ testout=${common_objpfx}posix/globtest-out @@ -54,6 +50,5 @@ index f9cc80b..73f7ae3 100755 fi -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-13.patch b/srcpkgs/glibc/patches/0013-x86-Set-Prefer_No_VZEROUPPER-if-AVX512ER-is-availabl.patch similarity index 92% rename from srcpkgs/glibc/patches/glibc-upstream-13.patch rename to srcpkgs/glibc/patches/0013-x86-Set-Prefer_No_VZEROUPPER-if-AVX512ER-is-availabl.patch index c6385e1dda4..a24154a0277 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-13.patch +++ b/srcpkgs/glibc/patches/0013-x86-Set-Prefer_No_VZEROUPPER-if-AVX512ER-is-availabl.patch @@ -1,7 +1,7 @@ From 4c6f97798fe1854a32b1199c42370eac1620eebf Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Fri, 28 Apr 2017 10:03:09 -0700 -Subject: [PATCH 13] x86: Set Prefer_No_VZEROUPPER if AVX512ER is available +Subject: x86: Set Prefer_No_VZEROUPPER if AVX512ER is available AVX512ER won't be implemented in any Xeon processors and will be in all Xeon Phi processors. Don't check CPU model number when setting @@ -29,14 +29,9 @@ and non-Xeon Phi processors. (reg_AVX512VL): Likewise. (cherry picked from commit 1c53cb49de6d82d9469ccbd5aa0c55924502bd8b) ---- - ChangeLog | 21 +++++++++++++++++++++ - sysdeps/x86/cpu-features.c | 8 ++++++-- - sysdeps/x86/cpu-features.h | 15 +++++++++++++++ - 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog -index 4962000..dc49c78 100644 +index 4962000b47..dc49c78b8c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,24 @@ @@ -65,7 +60,7 @@ index 4962000..dc49c78 100644 * posix/globtest.sh: Add cleanup routine on trap 0. diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c -index 1c714a4..41d0be2 100644 +index 1c714a4017..41d0be2815 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -139,8 +139,6 @@ init_cpu_features (struct cpu_features *cpu_features) @@ -91,7 +86,7 @@ index 1c714a4..41d0be2 100644 If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */ cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow] diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h -index 95f0fcf..2ee8a0a 100644 +index 95f0fcff87..2ee8a0a350 100644 --- a/sysdeps/x86/cpu-features.h +++ b/sysdeps/x86/cpu-features.h @@ -62,6 +62,11 @@ @@ -131,6 +126,5 @@ index 95f0fcf..2ee8a0a 100644 # define reg_RTM ebx # define reg_FMA ecx -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-14.patch b/srcpkgs/glibc/patches/0014-x86-Use-AVX2-memcpy-memset-on-Skylake-server-BZ-2139.patch similarity index 88% rename from srcpkgs/glibc/patches/glibc-upstream-14.patch rename to srcpkgs/glibc/patches/0014-x86-Use-AVX2-memcpy-memset-on-Skylake-server-BZ-2139.patch index 99c0367c005..e986c85cc17 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-14.patch +++ b/srcpkgs/glibc/patches/0014-x86-Use-AVX2-memcpy-memset-on-Skylake-server-BZ-2139.patch @@ -1,8 +1,7 @@ From 06d79808f6faf6025c5a7d4e27d949a8216275cc Mon Sep 17 00:00:00 2001 From: "H.J. Lu" Date: Fri, 28 Apr 2017 10:04:15 -0700 -Subject: [PATCH 14] x86: Use AVX2 memcpy/memset on Skylake server [BZ - #21396] +Subject: x86: Use AVX2 memcpy/memset on Skylake server [BZ #21396] On Skylake server, AVX512 load/store instructions in memcpy/memset may lead to lower CPU turbo frequency in certain situations. Use of AVX2 @@ -33,22 +32,9 @@ used on Skylake server. Likewise. (cherry picked from commit 4cb334c4d6249686653137ec273d081371b3672d) ---- - ChangeLog | 21 +++++++++++++++++++++ - sysdeps/x86/cpu-features.c | 6 +++++- - sysdeps/x86/cpu-features.h | 3 +++ - sysdeps/x86_64/multiarch/memcpy.S | 2 ++ - sysdeps/x86_64/multiarch/memcpy_chk.S | 2 ++ - sysdeps/x86_64/multiarch/memmove.S | 2 ++ - sysdeps/x86_64/multiarch/memmove_chk.S | 2 ++ - sysdeps/x86_64/multiarch/mempcpy.S | 2 ++ - sysdeps/x86_64/multiarch/mempcpy_chk.S | 2 ++ - sysdeps/x86_64/multiarch/memset.S | 2 ++ - sysdeps/x86_64/multiarch/memset_chk.S | 2 ++ - 11 files changed, 45 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog -index dc49c78..adebc03 100644 +index dc49c78b8c..adebc03b78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,26 @@ @@ -79,7 +65,7 @@ index dc49c78..adebc03 100644 Prefer_No_VZEROUPPER if AVX512ER is available. * sysdeps/x86/cpu-features.h diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c -index 41d0be2..9afd74c 100644 +index 41d0be2815..9afd74c42e 100644 --- a/sysdeps/x86/cpu-features.c +++ b/sysdeps/x86/cpu-features.c @@ -225,10 +225,14 @@ init_cpu_features (struct cpu_features *cpu_features) @@ -99,7 +85,7 @@ index 41d0be2..9afd74c 100644 /* To avoid SSE transition penalty, use _dl_runtime_resolve_slow. If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */ diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h -index 2ee8a0a..a409db6 100644 +index 2ee8a0a350..a409db67d8 100644 --- a/sysdeps/x86/cpu-features.h +++ b/sysdeps/x86/cpu-features.h @@ -39,6 +39,7 @@ @@ -127,7 +113,7 @@ index 2ee8a0a..a409db6 100644 #endif /* !__ASSEMBLER__ */ diff --git a/sysdeps/x86_64/multiarch/memcpy.S b/sysdeps/x86_64/multiarch/memcpy.S -index 1f83ee3..af27703 100644 +index 1f83ee3e84..af2770397c 100644 --- a/sysdeps/x86_64/multiarch/memcpy.S +++ b/sysdeps/x86_64/multiarch/memcpy.S @@ -32,6 +32,8 @@ ENTRY(__new_memcpy) @@ -140,7 +126,7 @@ index 1f83ee3..af27703 100644 jz 1f lea __memcpy_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/memcpy_chk.S b/sysdeps/x86_64/multiarch/memcpy_chk.S -index 5492342..8737fb9 100644 +index 54923420f1..8737fb9755 100644 --- a/sysdeps/x86_64/multiarch/memcpy_chk.S +++ b/sysdeps/x86_64/multiarch/memcpy_chk.S @@ -30,6 +30,8 @@ @@ -153,7 +139,7 @@ index 5492342..8737fb9 100644 jz 1f lea __memcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/memmove.S b/sysdeps/x86_64/multiarch/memmove.S -index 2021bfc..8c534e8 100644 +index 2021bfc30c..8c534e83e0 100644 --- a/sysdeps/x86_64/multiarch/memmove.S +++ b/sysdeps/x86_64/multiarch/memmove.S @@ -30,6 +30,8 @@ ENTRY(__libc_memmove) @@ -166,7 +152,7 @@ index 2021bfc..8c534e8 100644 jz 1f lea __memmove_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/memmove_chk.S b/sysdeps/x86_64/multiarch/memmove_chk.S -index 8a252ad..7870dd0 100644 +index 8a252adcae..7870dd0247 100644 --- a/sysdeps/x86_64/multiarch/memmove_chk.S +++ b/sysdeps/x86_64/multiarch/memmove_chk.S @@ -29,6 +29,8 @@ @@ -179,7 +165,7 @@ index 8a252ad..7870dd0 100644 jz 1f lea __memmove_chk_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/mempcpy.S b/sysdeps/x86_64/multiarch/mempcpy.S -index 79c840d..b8b2b28 100644 +index 79c840d075..b8b2b28094 100644 --- a/sysdeps/x86_64/multiarch/mempcpy.S +++ b/sysdeps/x86_64/multiarch/mempcpy.S @@ -32,6 +32,8 @@ ENTRY(__mempcpy) @@ -192,7 +178,7 @@ index 79c840d..b8b2b28 100644 jz 1f lea __mempcpy_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/mempcpy_chk.S b/sysdeps/x86_64/multiarch/mempcpy_chk.S -index 6927962..072b22c 100644 +index 6927962e81..072b22c49f 100644 --- a/sysdeps/x86_64/multiarch/mempcpy_chk.S +++ b/sysdeps/x86_64/multiarch/mempcpy_chk.S @@ -30,6 +30,8 @@ @@ -205,7 +191,7 @@ index 6927962..072b22c 100644 jz 1f lea __mempcpy_chk_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/memset.S b/sysdeps/x86_64/multiarch/memset.S -index c958b2f..9d33118 100644 +index c958b2f49f..9d33118cf8 100644 --- a/sysdeps/x86_64/multiarch/memset.S +++ b/sysdeps/x86_64/multiarch/memset.S @@ -41,6 +41,8 @@ ENTRY(memset) @@ -218,7 +204,7 @@ index c958b2f..9d33118 100644 jz 2f lea __memset_avx512_no_vzeroupper(%rip), %RAX_LP diff --git a/sysdeps/x86_64/multiarch/memset_chk.S b/sysdeps/x86_64/multiarch/memset_chk.S -index 79eaa37..7e08311 100644 +index 79eaa37bb6..7e08311cdf 100644 --- a/sysdeps/x86_64/multiarch/memset_chk.S +++ b/sysdeps/x86_64/multiarch/memset_chk.S @@ -38,6 +38,8 @@ ENTRY(__memset_chk) @@ -231,6 +217,5 @@ index 79eaa37..7e08311 100644 jz 2f lea __memset_chk_avx512_no_vzeroupper(%rip), %RAX_LP -- -2.7.4.GIT - +2.13.1 diff --git a/srcpkgs/glibc/patches/glibc-upstream-15.patch b/srcpkgs/glibc/patches/0015-Fix-i686-memchr-overflow-calculation-BZ-21182.patch similarity index 87% rename from srcpkgs/glibc/patches/glibc-upstream-15.patch rename to srcpkgs/glibc/patches/0015-Fix-i686-memchr-overflow-calculation-BZ-21182.patch index b1f941ac20f..74eac6df134 100644 --- a/srcpkgs/glibc/patches/glibc-upstream-15.patch +++ b/srcpkgs/glibc/patches/0015-Fix-i686-memchr-overflow-calculation-BZ-21182.patch @@ -1,7 +1,7 @@ From ccb4fd7a657b0fbc4890c98f4586d58a135fc583 Mon Sep 17 00:00:00 2001 From: Adhemerval Zanella Date: Tue, 14 Mar 2017 14:16:13 -0300 -Subject: [PATCH 15] Fix i686 memchr overflow calculation (BZ#21182) +Subject: Fix i686 memchr overflow calculation (BZ#21182) This patch fixes the regression added by 23d2770 for final address overflow calculation. The subtraction of the considered size (16) @@ -25,14 +25,9 @@ Checked on i686-linux-gnu and x86_64-linux-gnu. overflow calculation. Cherry-pick of 3abeeec5f46ff036bd9df60bb096e20314ccd078. ---- - ChangeLog | 8 ++++++++ - string/test-memchr.c | 6 ++++++ - sysdeps/i386/i686/multiarch/memchr-sse2.S | 2 +- - 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog -index adebc03..ac19e98 100644 +index adebc03b78..ac19e98613 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ @@ -48,7 +43,7 @@ index adebc03..ac19e98 100644 [BZ #21396] diff --git a/string/test-memchr.c b/string/test-memchr.c -index d62889f..6431605 100644 +index d62889ff8f..6431605c7e 100644 --- a/string/test-memchr.c +++ b/string/test-memchr.c @@ -208,6 +208,12 @@ test_main (void) @@ -65,7 +60,7 @@ index d62889f..6431605 100644 return ret; } diff --git a/sysdeps/i386/i686/multiarch/memchr-sse2.S b/sysdeps/i386/i686/multiarch/memchr-sse2.S -index 910679c..e41f324 100644 +index 910679cfc0..e41f324a77 100644 --- a/sysdeps/i386/i686/multiarch/memchr-sse2.S +++ b/sysdeps/i386/i686/multiarch/memchr-sse2.S @@ -117,7 +117,6 @@ L(crosscache): @@ -85,5 +80,5 @@ index 910679c..e41f324 100644 lea 16(%edi), %edi # else -- -2.7.4.GIT +2.13.1 diff --git a/srcpkgs/glibc/patches/0016-Fix-test-math-vector-sincos.h-aliasing.patch b/srcpkgs/glibc/patches/0016-Fix-test-math-vector-sincos.h-aliasing.patch new file mode 100644 index 00000000000..d656638b62a --- /dev/null +++ b/srcpkgs/glibc/patches/0016-Fix-test-math-vector-sincos.h-aliasing.patch @@ -0,0 +1,106 @@ +From 34b6f41c14d09fe627c6a6224880d76d0959079e Mon Sep 17 00:00:00 2001 +From: Joseph Myers +Date: Wed, 15 Mar 2017 17:32:46 +0000 +Subject: Fix test-math-vector-sincos.h aliasing. + +x86_64 libmvec tests have been failing to build lately with GCC +mainline with -Wuninitialized errors, and Markus Trippelsdorf traced +this to an aliasing issue +. + +This patch fixes the aliasing issue, so that the vectors-of-pointers +are initialized using a union instead of pointer casts. This also +fixes the testsuite build failures with GCC mainline. + +Tested for x86_64 (full testsuite with GCC 6; testsuite build with GCC +mainline with build-many-glibcs.py). + + * sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP): + Use a union when storing pointers. + (VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and + cast result when passing to INIT_VEC_PTRS_LOOP. + (VECTOR_WRAPPER_fFF_3): Likewise. + (VECTOR_WRAPPER_fFF_4): Likewise. + +(cherry picked from commit ffe308e4fcf2f276c87fd405596569ba52ad0a29) + +diff --git a/ChangeLog b/ChangeLog +index ac19e98613..290515a58e 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,12 @@ ++2017-03-15 Joseph Myers ++ ++ * sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP): ++ Use a union when storing pointers. ++ (VECTOR_WRAPPER_fFF_2): Do not take address of integer vector and ++ cast result when passing to INIT_VEC_PTRS_LOOP. ++ (VECTOR_WRAPPER_fFF_3): Likewise. ++ (VECTOR_WRAPPER_fFF_4): Likewise. ++ + 2017-05-01 Adhemerval Zanella + + [BZ# 21182] +diff --git a/sysdeps/x86/fpu/test-math-vector-sincos.h b/sysdeps/x86/fpu/test-math-vector-sincos.h +index 5043b32563..95282a3ac7 100644 +--- a/sysdeps/x86/fpu/test-math-vector-sincos.h ++++ b/sysdeps/x86/fpu/test-math-vector-sincos.h +@@ -17,14 +17,14 @@ + License along with the GNU C Library; if not, see + . */ + +-#define INIT_VEC_PTRS_LOOP(vec, val, len) \ +- do \ +- { \ +- for (i = 0; i < len; i++) \ +- { \ +- vec[i] = &val[i]; \ +- } \ +- } \ ++#define INIT_VEC_PTRS_LOOP(vec, val, len) \ ++ do \ ++ { \ ++ union { VEC_INT_TYPE v; __typeof__ ((val)[0]) *a[(len)]; } u; \ ++ for (i = 0; i < len; i++) \ ++ u.a[i] = &(val)[i]; \ ++ (vec) = u.v; \ ++ } \ + while (0) + + /* Wrapper for vector sincos/sincosf compatible with x86_64 and x32 variants +@@ -40,8 +40,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \ + VEC_TYPE mx; \ + VEC_INT_TYPE mr, mr1; \ + INIT_VEC_LOOP (mx, x, VEC_LEN); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN); \ ++ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN); \ ++ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN); \ + vector_func (mx, mr, mr1); \ + TEST_VEC_LOOP (r_loc, VEC_LEN); \ + TEST_VEC_LOOP (r1_loc, VEC_LEN); \ +@@ -63,8 +63,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \ + VEC_TYPE mx; \ + VEC_INT_TYPE mr, mr1; \ + INIT_VEC_LOOP (mx, x, VEC_LEN); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/2); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/2); \ ++ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/2); \ ++ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/2); \ + vector_func (mx, mr, mr, mr1, mr1); \ + TEST_VEC_LOOP (r_loc, VEC_LEN/2); \ + TEST_VEC_LOOP (r1_loc, VEC_LEN/2); \ +@@ -87,8 +87,8 @@ void scalar_func (FLOAT x, FLOAT * r, FLOAT * r1) \ + VEC_TYPE mx; \ + VEC_INT_TYPE mr, mr1; \ + INIT_VEC_LOOP (mx, x, VEC_LEN); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr), r_loc, VEC_LEN/4); \ +- INIT_VEC_PTRS_LOOP (((FLOAT **) &mr1), r1_loc, VEC_LEN/4); \ ++ INIT_VEC_PTRS_LOOP (mr, r_loc, VEC_LEN/4); \ ++ INIT_VEC_PTRS_LOOP (mr1, r1_loc, VEC_LEN/4); \ + vector_func (mx, mr, mr, mr, mr, mr1, mr1, mr1, mr1); \ + TEST_VEC_LOOP (r_loc, VEC_LEN/4); \ + TEST_VEC_LOOP (r1_loc, VEC_LEN/4); \ +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0017-fork-Remove-bogus-parent-PID-assertions-BZ-21386.patch b/srcpkgs/glibc/patches/0017-fork-Remove-bogus-parent-PID-assertions-BZ-21386.patch new file mode 100644 index 00000000000..953401526c8 --- /dev/null +++ b/srcpkgs/glibc/patches/0017-fork-Remove-bogus-parent-PID-assertions-BZ-21386.patch @@ -0,0 +1,70 @@ +From b8d2e394a2900cef5bbbe0503f15960f64a943b1 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Fri, 9 Jun 2017 13:21:43 +0200 +Subject: fork: Remove bogus parent PID assertions [BZ #21386] + +(cherry picked from commit 1d2bc2eae969543b89850e35e532f3144122d80a) + +diff --git a/ChangeLog b/ChangeLog +index 290515a58e..d44aff0a36 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++2017-05-12 Florian Weimer ++ ++ [BZ #21386] ++ * sysdeps/nptl/fork.c (__libc_fork): Remove assertions on the ++ parent PID. The assertion in the child is incorrect with PID ++ namespaces. ++ + 2017-03-15 Joseph Myers + + * sysdeps/x86/fpu/test-math-vector-sincos.h (INIT_VEC_PTRS_LOOP): +diff --git a/NEWS b/NEWS +index fee1cf8ca8..d52872323d 100644 +--- a/NEWS ++++ b/NEWS +@@ -14,6 +14,7 @@ The following bugs are resolved with this release: + [21109] Tunables broken on big-endian + [21115] sunrpc: Use-after-free in error path in clntudp_call + [21289] Fix symbol redirect for fts_set ++ [21386] Assertion in fork for distinct parent PID is incorrect + + Version 2.25 + +diff --git a/sysdeps/nptl/fork.c b/sysdeps/nptl/fork.c +index db6d721fce..4bb87e2331 100644 +--- a/sysdeps/nptl/fork.c ++++ b/sysdeps/nptl/fork.c +@@ -131,10 +131,6 @@ __libc_fork (void) + call_function_static_weak (__malloc_fork_lock_parent); + } + +-#ifndef NDEBUG +- pid_t ppid = THREAD_GETMEM (THREAD_SELF, tid); +-#endif +- + #ifdef ARCH_FORK + pid = ARCH_FORK (); + #else +@@ -147,8 +143,6 @@ __libc_fork (void) + { + struct pthread *self = THREAD_SELF; + +- assert (THREAD_GETMEM (self, tid) != ppid); +- + /* See __pthread_once. */ + if (__fork_generation_pointer != NULL) + *__fork_generation_pointer += __PTHREAD_ONCE_FORK_GEN_INCR; +@@ -230,8 +224,6 @@ __libc_fork (void) + } + else + { +- assert (THREAD_GETMEM (THREAD_SELF, tid) == ppid); +- + /* Release acquired locks in the multi-threaded case. */ + if (multiple_threads) + { +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0018-Correct-collation-rules-for-Malayalam.patch b/srcpkgs/glibc/patches/0018-Correct-collation-rules-for-Malayalam.patch new file mode 100644 index 00000000000..873a940a888 --- /dev/null +++ b/srcpkgs/glibc/patches/0018-Correct-collation-rules-for-Malayalam.patch @@ -0,0 +1,131 @@ +From f92b1025980a939645b1ec7e550411a05ac7c76f Mon Sep 17 00:00:00 2001 +From: Santhosh Thottingal +Date: Sun, 11 Jun 2017 10:08:37 -0400 +Subject: Correct collation rules for Malayalam. + + [BZ #19922] + * locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF. + + [BZ #19919] + * locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37. + +diff --git a/localedata/ChangeLog b/localedata/ChangeLog +index 0cdb097ab6..127c1cfb35 100644 +--- a/localedata/ChangeLog ++++ b/localedata/ChangeLog +@@ -1,3 +1,11 @@ ++2017-06-11 Santhosh Thottingal ++ ++ [BZ #19922] ++ * locales/iso14651_t1_common: Add collation rules for U+07DA to U+07DF. ++ ++ [BZ #19919] ++ * locales/iso14651_t1_common: Correct collation of U+0D36 and U+0D37. ++ + 2017-01-01 Joseph Myers + + * All files with FSF copyright notices: Update copyright dates +diff --git a/localedata/locales/iso14651_t1_common b/localedata/locales/iso14651_t1_common +index eef75ba65e..0e64f26a12 100644 +--- a/localedata/locales/iso14651_t1_common ++++ b/localedata/locales/iso14651_t1_common +@@ -1042,9 +1042,9 @@ collating-element from "" + collating-element from "" + collating-element from "" + collating-element from "" +-collating-element from "" + collating-element from "" + collating-element from "" ++collating-element from "" + collating-element from "" + collating-element from "" + collating-element from "" +@@ -1103,8 +1103,8 @@ collating-symbol + collating-symbol + collating-symbol + collating-symbol +-collating-symbol + collating-symbol ++collating-symbol + collating-symbol + collating-symbol + collating-symbol +@@ -1126,6 +1126,12 @@ collating-symbol + collating-symbol + collating-symbol + collating-symbol ++collating-symbol ++collating-symbol ++collating-symbol ++collating-symbol ++collating-symbol ++collating-symbol + # + # + # +@@ -4552,6 +4558,12 @@ collating-symbol + + + ++ ++ ++ ++ ++ ++ + # + # + # +@@ -7252,6 +7264,7 @@ order_start ;forward;forward;forward;forward,position + ;;;IGNORE + ;;;IGNORE + "";;;IGNORE ++ "";;;IGNORE + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE +@@ -7280,6 +7293,7 @@ order_start ;forward;forward;forward;forward,position + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE # ണ്‍ = ണ + ് + zwj ++ "";;;IGNORE + "";;;IGNORE # ണ = ണ + ് + അ + "";;;IGNORE + "";;;IGNORE +@@ -7290,6 +7304,7 @@ order_start ;forward;forward;forward;forward,position + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE # ന്‍= ന + ് + zwj ++ "";;;IGNORE + "";;;IGNORE #ന = ന + ് + അ + "";;;IGNORE + "";;;IGNORE +@@ -7305,20 +7320,23 @@ order_start ;forward;forward;forward;forward,position + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE # ര = ര + ് + zwj ++ "";;;IGNORE + "";;;IGNORE # ര = ര + ് + അ + ;;;IGNORE # ല്‍ = ല + ് + zwj ++ "";;;IGNORE + "";;;IGNORE # ല = ല + ് + അ + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE +- "";;;IGNORE ++ "";;;IGNORE + "";;;IGNORE +- "";;;IGNORE ++ "";;;IGNORE + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE + "";;;IGNORE # ള്‍ = ള + ് + zwj ++ "";;;IGNORE + "";;;IGNORE # ള = ള + ് + അ + "";;;IGNORE + "";;;IGNORE +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0019-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch b/srcpkgs/glibc/patches/0019-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch new file mode 100644 index 00000000000..f31f5034dfc --- /dev/null +++ b/srcpkgs/glibc/patches/0019-CVE-2017-1000366-Ignore-LD_LIBRARY_PATH-for-AT_SECUR.patch @@ -0,0 +1,58 @@ +From 3c7cd21290cabdadd72984fb69bc51e64ff1002d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 18:31:27 +0200 +Subject: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ + #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=1 programs. + +(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d) + +diff --git a/ChangeLog b/ChangeLog +index d44aff0a36..14ff8b8bb3 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,10 @@ ++2017-06-19 Florian Weimer ++ ++ [BZ #21624] ++ CVE-2017-1000366 ++ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for ++ __libc_enable_secure. ++ + 2017-05-12 Florian Weimer + + [BZ #21386] +diff --git a/NEWS b/NEWS +index d52872323d..29079e8586 100644 +--- a/NEWS ++++ b/NEWS +@@ -15,6 +15,7 @@ The following bugs are resolved with this release: + [21115] sunrpc: Use-after-free in error path in clntudp_call + [21289] Fix symbol redirect for fts_set + [21386] Assertion in fork for distinct parent PID is incorrect ++ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366) + + Version 2.25 + +diff --git a/elf/rtld.c b/elf/rtld.c +index a036ece956..2fc33a6178 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2418,7 +2418,8 @@ process_envvars (enum mode *modep) + + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) == 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) == 0) + { + library_path = &envline[13]; + break; +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0020-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch b/srcpkgs/glibc/patches/0020-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch new file mode 100644 index 00000000000..0d4fe78ca93 --- /dev/null +++ b/srcpkgs/glibc/patches/0020-ld.so-Reject-overly-long-LD_PRELOAD-path-elements.patch @@ -0,0 +1,135 @@ +From 46703a3995aa3ca2b816814aa4ad05ed524194dd Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:31:04 +0200 +Subject: ld.so: Reject overly long LD_PRELOAD path elements + +(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8) + +diff --git a/ChangeLog b/ChangeLog +index 14ff8b8bb3..fbe4db2cf7 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,12 @@ + 2017-06-19 Florian Weimer + ++ * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define. ++ (dso_name_valid_for_suid): New function. ++ (handle_ld_preload): Likewise. ++ (dl_main): Call it. Remove alloca. ++ ++2017-06-19 Florian Weimer ++ + [BZ #21624] + CVE-2017-1000366 + * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for +diff --git a/elf/rtld.c b/elf/rtld.c +index 2fc33a6178..4badcf6590 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local + strong_alias (__pointer_chk_guard_local, __pointer_chk_guard) + #endif + ++/* Length limits for names and paths, to protect the dynamic linker, ++ particularly when __libc_enable_secure is active. */ ++#ifdef NAME_MAX ++# define SECURE_NAME_LIMIT NAME_MAX ++#else ++# define SECURE_NAME_LIMIT 255 ++#endif ++#ifdef PATH_MAX ++# define SECURE_PATH_LIMIT PATH_MAX ++#else ++# define SECURE_PATH_LIMIT 1024 ++#endif ++ ++/* Check that AT_SECURE=0, or that the passed name does not contain ++ directories and is not overly long. Reject empty names ++ unconditionally. */ ++static bool ++dso_name_valid_for_suid (const char *p) ++{ ++ if (__glibc_unlikely (__libc_enable_secure)) ++ { ++ /* Ignore pathnames with directories for AT_SECURE=1 ++ programs, and also skip overlong names. */ ++ size_t len = strlen (p); ++ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL) ++ return false; ++ } ++ return *p != '\0'; ++} + + /* List of auditing DSOs. */ + static struct audit_list +@@ -716,6 +745,42 @@ static const char *preloadlist attribute_relro; + /* Nonzero if information about versions has to be printed. */ + static int version_info attribute_relro; + ++/* The LD_PRELOAD environment variable gives list of libraries ++ separated by white space or colons that are loaded before the ++ executable's dependencies and prepended to the global scope list. ++ (If the binary is running setuid all elements containing a '/' are ++ ignored since it is insecure.) Return the number of preloads ++ performed. */ ++unsigned int ++handle_ld_preload (const char *preloadlist, struct link_map *main_map) ++{ ++ unsigned int npreloads = 0; ++ const char *p = preloadlist; ++ char fname[SECURE_PATH_LIMIT]; ++ ++ while (*p != '\0') ++ { ++ /* Split preload list at space/colon. */ ++ size_t len = strcspn (p, " :"); ++ if (len > 0 && len < sizeof (fname)) ++ { ++ memcpy (fname, p, len); ++ fname[len] = '\0'; ++ } ++ else ++ fname[0] = '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ p += len; ++ if (*p != '\0') ++ ++p; ++ ++ if (dso_name_valid_for_suid (fname)) ++ npreloads += do_preload (fname, main_map, "LD_PRELOAD"); ++ } ++ return npreloads; ++} ++ + static void + dl_main (const ElfW(Phdr) *phdr, + ElfW(Word) phnum, +@@ -1462,23 +1527,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + + if (__glibc_unlikely (preloadlist != NULL)) + { +- /* The LD_PRELOAD environment variable gives list of libraries +- separated by white space or colons that are loaded before the +- executable's dependencies and prepended to the global scope +- list. If the binary is running setuid all elements +- containing a '/' are ignored since it is insecure. */ +- char *list = strdupa (preloadlist); +- char *p; +- + HP_TIMING_NOW (start); +- +- /* Prevent optimizing strsep. Speed is not important here. */ +- while ((p = (strsep) (&list, " :")) != NULL) +- if (p[0] != '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') == NULL)) +- npreloads += do_preload (p, main_map, "LD_PRELOAD"); +- ++ npreloads += handle_ld_preload (preloadlist, main_map); + HP_TIMING_NOW (stop); + HP_TIMING_DIFF (diff, start, stop); + HP_TIMING_ACCUM_NT (load_time, diff); +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0021-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch b/srcpkgs/glibc/patches/0021-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch new file mode 100644 index 00000000000..3822b2a800a --- /dev/null +++ b/srcpkgs/glibc/patches/0021-ld.so-Reject-overly-long-LD_AUDIT-path-elements.patch @@ -0,0 +1,221 @@ +From c69d4a0f680a24fdbe323764a50382ad324041e9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:32:12 +0200 +Subject: ld.so: Reject overly long LD_AUDIT path elements + +Also only process the last LD_AUDIT entry. + +(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9) + +diff --git a/ChangeLog b/ChangeLog +index fbe4db2cf7..67ce0aa4de 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,5 +1,16 @@ + 2017-06-19 Florian Weimer + ++ * elf/rtld.c (audit_list_string): New variable. ++ (audit_list): Update comment. ++ (struct audit_list_iter): Define. ++ (audit_list_iter_init, audit_list_iter_next): New function. ++ (dl_main): Use struct audit_list_iter to process audit modules. ++ (process_dl_audit): Call dso_name_valid_for_suid. ++ (process_envvars): Set audit_list_string instead of calling ++ process_dl_audit. ++ ++2017-06-19 Florian Weimer ++ + * elf/rtld.c (SECURE_NAME_LIMIT, SECURE_PATH_LIMIT): Define. + (dso_name_valid_for_suid): New function. + (handle_ld_preload): Likewise. +diff --git a/elf/rtld.c b/elf/rtld.c +index 4badcf6590..369724babe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p) + return *p != '\0'; + } + +-/* List of auditing DSOs. */ ++/* LD_AUDIT variable contents. Must be processed before the ++ audit_list below. */ ++const char *audit_list_string; ++ ++/* Cyclic list of auditing DSOs. audit_list->next is the first ++ element. */ + static struct audit_list + { + const char *name; + struct audit_list *next; + } *audit_list; + ++/* Iterator for audit_list_string followed by audit_list. */ ++struct audit_list_iter ++{ ++ /* Tail of audit_list_string still needing processing, or NULL. */ ++ const char *audit_list_tail; ++ ++ /* The list element returned in the previous iteration. NULL before ++ the first element. */ ++ struct audit_list *previous; ++ ++ /* Scratch buffer for returning a name which is part of ++ audit_list_string. */ ++ char fname[SECURE_NAME_LIMIT]; ++}; ++ ++/* Initialize an audit list iterator. */ ++static void ++audit_list_iter_init (struct audit_list_iter *iter) ++{ ++ iter->audit_list_tail = audit_list_string; ++ iter->previous = NULL; ++} ++ ++/* Iterate through both audit_list_string and audit_list. */ ++static const char * ++audit_list_iter_next (struct audit_list_iter *iter) ++{ ++ if (iter->audit_list_tail != NULL) ++ { ++ /* First iterate over audit_list_string. */ ++ while (*iter->audit_list_tail != '\0') ++ { ++ /* Split audit list at colon. */ ++ size_t len = strcspn (iter->audit_list_tail, ":"); ++ if (len > 0 && len < sizeof (iter->fname)) ++ { ++ memcpy (iter->fname, iter->audit_list_tail, len); ++ iter->fname[len] = '\0'; ++ } ++ else ++ /* Do not return this name to the caller. */ ++ iter->fname[0] = '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ iter->audit_list_tail += len; ++ if (*iter->audit_list_tail == ':') ++ ++iter->audit_list_tail; ++ ++ /* If the name is valid, return it. */ ++ if (dso_name_valid_for_suid (iter->fname)) ++ return iter->fname; ++ /* Otherwise, wrap around and try the next name. */ ++ } ++ /* Fall through to the procesing of audit_list. */ ++ } ++ ++ if (iter->previous == NULL) ++ { ++ if (audit_list == NULL) ++ /* No pre-parsed audit list. */ ++ return NULL; ++ /* Start of audit list. The first list element is at ++ audit_list->next (cyclic list). */ ++ iter->previous = audit_list->next; ++ return iter->previous->name; ++ } ++ if (iter->previous == audit_list) ++ /* Cyclic list wrap-around. */ ++ return NULL; ++ iter->previous = iter->previous->next; ++ return iter->previous->name; ++} ++ + #ifndef HAVE_INLINED_SYSCALLS + /* Set nonzero during loading and initialization of executable and + libraries, cleared before the executable's entry point runs. This +@@ -1303,11 +1381,13 @@ of this helper program; chances are you did not intend to run this program.\n\ + GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid (); + + /* If we have auditing DSOs to load, do it now. */ +- if (__glibc_unlikely (audit_list != NULL)) ++ bool need_security_init = true; ++ if (__glibc_unlikely (audit_list != NULL) ++ || __glibc_unlikely (audit_list_string != NULL)) + { +- /* Iterate over all entries in the list. The order is important. */ + struct audit_ifaces *last_audit = NULL; +- struct audit_list *al = audit_list->next; ++ struct audit_list_iter al_iter; ++ audit_list_iter_init (&al_iter); + + /* Since we start using the auditing DSOs right away we need to + initialize the data structures now. */ +@@ -1318,9 +1398,14 @@ of this helper program; chances are you did not intend to run this program.\n\ + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); ++ need_security_init = false; + +- do ++ while (true) + { ++ const char *name = audit_list_iter_next (&al_iter); ++ if (name == NULL) ++ break; ++ + int tls_idx = GL(dl_tls_max_dtv_idx); + + /* Now it is time to determine the layout of the static TLS +@@ -1329,7 +1414,7 @@ of this helper program; chances are you did not intend to run this program.\n\ + no DF_STATIC_TLS bit is set. The reason is that we know + glibc will use the static model. */ + struct dlmopen_args dlmargs; +- dlmargs.fname = al->name; ++ dlmargs.fname = name; + dlmargs.map = NULL; + + const char *objname; +@@ -1342,7 +1427,7 @@ of this helper program; chances are you did not intend to run this program.\n\ + not_loaded: + _dl_error_printf ("\ + ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", +- al->name, err_str); ++ name, err_str); + if (malloced) + free ((char *) err_str); + } +@@ -1446,10 +1531,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + goto not_loaded; + } + } +- +- al = al->next; + } +- while (al != audit_list->next); + + /* If we have any auditing modules, announce that we already + have two objects loaded. */ +@@ -1713,7 +1795,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + if (tcbp == NULL) + tcbp = init_tls (); + +- if (__glibc_likely (audit_list == NULL)) ++ if (__glibc_likely (need_security_init)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); +@@ -2344,9 +2426,7 @@ process_dl_audit (char *str) + char *p; + + while ((p = (strsep) (&str, ":")) != NULL) +- if (p[0] != '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') == NULL)) ++ if (dso_name_valid_for_suid (p)) + { + /* This is using the local malloc, not the system malloc. The + memory can never be freed. */ +@@ -2410,7 +2490,7 @@ process_envvars (enum mode *modep) + break; + } + if (memcmp (envline, "AUDIT", 5) == 0) +- process_dl_audit (&envline[6]); ++ audit_list_string = &envline[6]; + break; + + case 7: +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0022-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch b/srcpkgs/glibc/patches/0022-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch new file mode 100644 index 00000000000..bb522739ef2 --- /dev/null +++ b/srcpkgs/glibc/patches/0022-Ignore-and-remove-LD_HWCAP_MASK-for-AT_SECURE-progra.patch @@ -0,0 +1,126 @@ +From 3776f38fcd267c127ba5eb222e2c614c191744aa Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 20 Jun 2017 05:59:17 +0200 +Subject: Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug #21209) + +The LD_HWCAP_MASK environment variable may alter the selection of +function variants for some architectures. For AT_SECURE process it +means that if an outdated routine has a bug that would otherwise not +affect newer platforms by default, LD_HWCAP_MASK will allow that bug +to be exploited. + +To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid +binaries. + + [BZ #21209] + * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for + AT_SECURE processes. + * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK. + * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK. + (test_child): Likewise. + * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK. + +(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd) + +diff --git a/ChangeLog b/ChangeLog +index 67ce0aa4de..85f1e0a495 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,13 @@ ++2017-03-07 Siddhesh Poyarekar ++ ++ [BZ #21209] ++ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for ++ AT_SECURE processes. ++ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK. ++ * elf/tst-env-setuid.c (test_parent): Test LD_HWCAP_MASK. ++ (test_child): Likewise. ++ * elf/Makefile (tst-env-setuid-ENV): Add LD_HWCAP_MASK. ++ + 2017-06-19 Florian Weimer + + * elf/rtld.c (audit_list_string): New variable. +diff --git a/NEWS b/NEWS +index 29079e8586..7be238c404 100644 +--- a/NEWS ++++ b/NEWS +@@ -13,6 +13,7 @@ The following bugs are resolved with this release: + [21015] Document and fix --enable-bind-now + [21109] Tunables broken on big-endian + [21115] sunrpc: Use-after-free in error path in clntudp_call ++ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs + [21289] Fix symbol redirect for fts_set + [21386] Assertion in fork for distinct parent PID is incorrect + [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366) +diff --git a/elf/Makefile b/elf/Makefile +index 61abeb59ee..cc4aeb25b6 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -1398,6 +1398,7 @@ $(objpfx)tst-nodelete-dlclose: $(objpfx)tst-nodelete-dlclose-dso.so + $(objpfx)tst-nodelete-dlclose.out: $(objpfx)tst-nodelete-dlclose-dso.so \ + $(objpfx)tst-nodelete-dlclose-plugin.so + +-tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096 ++tst-env-setuid-ENV = MALLOC_CHECK_=2 MALLOC_MMAP_THRESHOLD_=4096 \ ++ LD_HWCAP_MASK=0xffffffff + tst-env-setuid-tunables-ENV = \ + GLIBC_TUNABLES=glibc.malloc.check=2:glibc.malloc.mmap_threshold=4096 +diff --git a/elf/rtld.c b/elf/rtld.c +index 369724babe..9362a21e73 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2534,7 +2534,8 @@ process_envvars (enum mode *modep) + + case 10: + /* Mask for the important hardware capabilities. */ +- if (memcmp (envline, "HWCAP_MASK", 10) == 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "HWCAP_MASK", 10) == 0) + GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL, + 0, 0); + break; +diff --git a/elf/tst-env-setuid.c b/elf/tst-env-setuid.c +index 6ec3fa5874..eec408eb5d 100644 +--- a/elf/tst-env-setuid.c ++++ b/elf/tst-env-setuid.c +@@ -213,6 +213,12 @@ test_child (void) + return 1; + } + ++ if (getenv ("LD_HWCAP_MASK") != NULL) ++ { ++ printf ("LD_HWCAP_MASK still set\n"); ++ return 1; ++ } ++ + return 0; + } + #endif +@@ -233,6 +239,12 @@ test_parent (void) + return 1; + } + ++ if (getenv ("LD_HWCAP_MASK") == NULL) ++ { ++ printf ("LD_HWCAP_MASK lost\n"); ++ return 1; ++ } ++ + return 0; + } + #endif +diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h +index a74083786e..5ea8a4a259 100644 +--- a/sysdeps/generic/unsecvars.h ++++ b/sysdeps/generic/unsecvars.h +@@ -16,6 +16,7 @@ + "LD_DEBUG\0" \ + "LD_DEBUG_OUTPUT\0" \ + "LD_DYNAMIC_WEAK\0" \ ++ "LD_HWCAP_MASK\0" \ + "LD_LIBRARY_PATH\0" \ + "LD_ORIGIN_PATH\0" \ + "LD_PRELOAD\0" \ +-- +2.13.1 + diff --git a/srcpkgs/glibc/patches/0023-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch b/srcpkgs/glibc/patches/0023-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch new file mode 100644 index 00000000000..15736192bce --- /dev/null +++ b/srcpkgs/glibc/patches/0023-i686-Add-missing-IS_IN-libc-guards-to-vectorized-str.patch @@ -0,0 +1,50 @@ +From adc7e06fb412a2a1ee52f8cb788caf436335b9f3 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 14 Jun 2017 08:11:22 +0200 +Subject: i686: Add missing IS_IN (libc) guards to vectorized strcspn + +Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile +rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can +no longer be used in ld.so, even if the compiled code never makes it +into the final ld.so link. This commit adds the missing IS_IN (libc) +guard to the SSE 4.2 strcspn implementation, so that it can be used from +ld.so in the future. + +(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c) + +diff --git a/ChangeLog b/ChangeLog +index 85f1e0a495..73546da9e9 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,8 @@ ++2017-06-14 Florian Weimer ++ ++ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard. ++ * sysdeps/i386/i686/multiarch/varshift.c: Likewise. ++ + 2017-03-07 Siddhesh Poyarekar + + [BZ #21209] +diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c +index 6d61e190a8..ec230fb383 100644 +--- a/sysdeps/i386/i686/multiarch/strcspn-c.c ++++ b/sysdeps/i386/i686/multiarch/strcspn-c.c +@@ -1,2 +1,4 @@ +-#define __strcspn_sse2 __strcspn_ia32 +-#include ++#if IS_IN (libc) ++# define __strcspn_sse2 __strcspn_ia32 ++# include ++#endif +diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c +index 7760b966e2..6742a35d41 100644 +--- a/sysdeps/i386/i686/multiarch/varshift.c ++++ b/sysdeps/i386/i686/multiarch/varshift.c +@@ -1 +1,3 @@ +-#include ++#if IS_IN (libc) ++# include ++#endif +-- +2.13.1 + diff --git a/srcpkgs/glibc/template b/srcpkgs/glibc/template index 3218295f3e9..aa2be53a2bb 100644 --- a/srcpkgs/glibc/template +++ b/srcpkgs/glibc/template @@ -1,7 +1,7 @@ # Template file for 'glibc' pkgname=glibc version=2.25 -revision=4 +revision=5 bootstrap=yes short_desc="The GNU C library" maintainer="Juan RP "