From db9848cdc33a5dd3198f6b1dd9d19b9c230e6c06 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 1 Jun 2016 08:29:43 +0200 Subject: [PATCH] Sync with upstream master branch Resolves #1326903, #1337140. --- glibc-rh1315108.patch | 246 ------------------------------------------ glibc.spec | 10 +- sources | 2 +- 3 files changed, 9 insertions(+), 249 deletions(-) diff --git a/glibc-rh1315108.patch b/glibc-rh1315108.patch index 1c07ad5..a549c50 100644 --- a/glibc-rh1315108.patch +++ b/glibc-rh1315108.patch @@ -146,21 +146,6 @@ Date: Sun Mar 1 19:14:29 2015 +0100 * sysdeps/unix/sysv/linux/getlogin_r.c (__getlogin_r_loginuid): Use struct scratch_buffer instead of extend_alloca. -commit f414b3f5947f264cb5d114965f284cacb2fb10b5 -Author: Florian Weimer -Date: Sun Mar 1 19:38:42 2015 +0100 - - getaddrinfo: Use struct scratch_buffer instead of extend_alloca - - This results in slightly smaller buffers in some cases, but as the - buffer size is passed to the called functions (and they will request - an increased buffer size with an ERANGE error code), this does not - result in a functional difference. - - [BZ #18023] - * sysdeps/posix/getaddrinfo.c (gaih_inet_serv, gethosts) - (gaih_inet): Use struct scratch_buffer instead of extend_alloca. - commit 488063238ee5c87b66c6982b1b6d508e30e44386 Author: Florian Weimer Date: Sun Mar 1 19:48:31 2015 +0100 @@ -1845,237 +1830,6 @@ Index: b/posix/wordexp.c *offset = i - 1; } return *word ? 0 : WRDE_NOSPACE; -Index: b/sysdeps/posix/getaddrinfo.c -=================================================================== ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -63,6 +63,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBI - #include - #include - #include -+#include - - #ifdef HAVE_LIBIDN - extern int __idna_to_ascii_lz (const char *input, char **output, int flags); -@@ -138,21 +139,22 @@ gaih_inet_serv (const char *servicename, - const struct addrinfo *req, struct gaih_servtuple *st) - { - struct servent *s; -- size_t tmpbuflen = 1024; - struct servent ts; -- char *tmpbuf; - int r; -+ struct scratch_buffer tmpbuf; -+ scratch_buffer_init (&tmpbuf); - - do - { -- tmpbuf = __alloca (tmpbuflen); -- -- r = __getservbyname_r (servicename, tp->name, &ts, tmpbuf, tmpbuflen, -- &s); -+ r = __getservbyname_r (servicename, tp->name, &ts, -+ tmpbuf.data, tmpbuf.length, &s); - if (r != 0 || s == NULL) - { - if (r == ERANGE) -- tmpbuflen *= 2; -+ { -+ if (!scratch_buffer_grow (&tmpbuf)) -+ return -EAI_MEMORY; -+ } - else - return -EAI_SERVICE; - } -@@ -164,7 +166,7 @@ gaih_inet_serv (const char *servicename, - st->protocol = ((tp->protoflag & GAI_PROTO_PROTOANY) - ? req->ai_protocol : tp->protocol); - st->port = s->s_port; -- -+ scratch_buffer_free (&tmpbuf); - return 0; - } - -@@ -227,25 +229,15 @@ convert_hostent_to_gaih_addrtuple (const - no_data = 0; \ - while (1) { \ - rc = 0; \ -- status = DL_CALL_FCT (fct, (name, _family, &th, tmpbuf, tmpbuflen, \ -+ status = DL_CALL_FCT (fct, (name, _family, &th, \ -+ tmpbuf.data, tmpbuf.length, \ - &rc, &herrno, NULL, &localcanon)); \ - if (rc != ERANGE || herrno != NETDB_INTERNAL) \ - break; \ -- if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ -- tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ -- alloca_used); \ -- else \ -+ if (!scratch_buffer_grow (&tmpbuf)) \ - { \ -- char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ -- 2 * tmpbuflen); \ -- if (newp == NULL) \ -- { \ -- result = -EAI_MEMORY; \ -- goto free_and_return; \ -- } \ -- tmpbuf = newp; \ -- malloc_tmpbuf = true; \ -- tmpbuflen = 2 * tmpbuflen; \ -+ result = -EAI_MEMORY; \ -+ goto free_and_return; \ - } \ - } \ - if (status == NSS_STATUS_SUCCESS && rc == 0) \ -@@ -316,7 +308,10 @@ gaih_inet (const char *name, const struc - bool got_ipv6 = false; - const char *canon = NULL; - const char *orig_name = name; -- size_t alloca_used = 0; -+ -+ /* Reserve stack memory for this function's buffer and the one in -+ gaih_inet_serv. */ -+ size_t alloca_used = 2 * sizeof (struct scratch_buffer); - - if (req->ai_protocol || req->ai_socktype) - { -@@ -437,9 +432,10 @@ gaih_inet (const char *name, const struc - struct gaih_addrtuple *addrmem = NULL; - bool malloc_canonbuf = false; - char *canonbuf = NULL; -- bool malloc_tmpbuf = false; -- char *tmpbuf = NULL; - int result = 0; -+ struct scratch_buffer tmpbuf; -+ scratch_buffer_init (&tmpbuf); -+ - if (name != NULL) - { - at = alloca_account (sizeof (struct gaih_addrtuple), alloca_used); -@@ -607,11 +603,8 @@ gaih_inet (const char *name, const struc - if (req->ai_family == AF_INET - && (req->ai_flags & AI_CANONNAME) == 0) - { -- /* Allocate additional room for struct host_data. */ -- size_t tmpbuflen = (512 + MAX_NR_ALIASES * sizeof(char*) -- + 16 * sizeof(char)); -- assert (tmpbuf == NULL); -- tmpbuf = alloca_account (tmpbuflen, alloca_used); -+ /* tmpbuf must not have been used so far. */ -+ assert (tmpbuf.data == tmpbuf.__space); - int rc; - struct hostent th; - struct hostent *h; -@@ -619,28 +612,15 @@ gaih_inet (const char *name, const struc - - while (1) - { -- rc = __gethostbyname2_r (name, AF_INET, &th, tmpbuf, -- tmpbuflen, &h, &herrno); -+ rc = __gethostbyname2_r (name, AF_INET, &th, -+ tmpbuf.data, tmpbuf.length, -+ &h, &herrno); - if (rc != ERANGE || herrno != NETDB_INTERNAL) - break; -- -- if (!malloc_tmpbuf -- && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) -- tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, -- 2 * tmpbuflen, -- alloca_used); -- else -+ if (!scratch_buffer_grow (&tmpbuf)) - { -- char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, -- 2 * tmpbuflen); -- if (newp == NULL) -- { -- result = -EAI_MEMORY; -- goto free_and_return; -- } -- tmpbuf = newp; -- malloc_tmpbuf = true; -- tmpbuflen = 2 * tmpbuflen; -+ result = -EAI_MEMORY; -+ goto free_and_return; - } - } - -@@ -834,21 +814,8 @@ gaih_inet (const char *name, const struc - old_res_options = _res.options; - _res.options &= ~RES_USE_INET6; - -- size_t tmpbuflen = 1024 + sizeof(struct gaih_addrtuple); -- malloc_tmpbuf = !__libc_use_alloca (alloca_used + tmpbuflen); -- assert (tmpbuf == NULL); -- if (!malloc_tmpbuf) -- tmpbuf = alloca_account (tmpbuflen, alloca_used); -- else -- { -- tmpbuf = malloc (tmpbuflen); -- if (tmpbuf == NULL) -- { -- _res.options |= old_res_options & RES_USE_INET6; -- result = -EAI_MEMORY; -- goto free_and_return; -- } -- } -+ /* tmpbuf has not been used yet. */ -+ assert (tmpbuf.data == tmpbuf.__space); - - while (!no_more) - { -@@ -867,8 +834,9 @@ gaih_inet (const char *name, const struc - while (1) - { - rc = 0; -- status = DL_CALL_FCT (fct4, (name, pat, tmpbuf, -- tmpbuflen, &rc, &herrno, -+ status = DL_CALL_FCT (fct4, (name, pat, -+ tmpbuf.data, tmpbuf.length, -+ &rc, &herrno, - NULL)); - if (status == NSS_STATUS_SUCCESS) - break; -@@ -882,24 +850,11 @@ gaih_inet (const char *name, const struc - break; - } - -- if (!malloc_tmpbuf -- && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) -- tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, -- 2 * tmpbuflen, -- alloca_used); -- else -+ if (!scratch_buffer_grow (&tmpbuf)) - { -- char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, -- 2 * tmpbuflen); -- if (newp == NULL) -- { -- _res.options |= old_res_options & RES_USE_INET6; -- result = -EAI_MEMORY; -- goto free_and_return; -- } -- tmpbuf = newp; -- malloc_tmpbuf = true; -- tmpbuflen = 2 * tmpbuflen; -+ _res.options |= old_res_options & RES_USE_INET6; -+ result = -EAI_MEMORY; -+ goto free_and_return; - } - } - -@@ -1286,8 +1241,7 @@ gaih_inet (const char *name, const struc - free (addrmem); - if (malloc_canonbuf) - free (canonbuf); -- if (malloc_tmpbuf) -- free (tmpbuf); -+ scratch_buffer_free (&tmpbuf); - - return result; - } Index: b/sysdeps/unix/sysv/linux/gethostid.c =================================================================== --- a/sysdeps/unix/sysv/linux/gethostid.c diff --git a/glibc.spec b/glibc.spec index c45d03a..9a49c82 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,6 +1,6 @@ -%define glibcsrcdir glibc-2.23-300-gb91a333 +%define glibcsrcdir glibc-2.23-411-gf06f3f0 %define glibcversion 2.23.90 -%define glibcrelease 18%{?dist} +%define glibcrelease 19%{?dist} # Pre-release tarballs are pulled in from git using a command that is # effectively: # @@ -2075,6 +2075,12 @@ rm -f *.filelist* %endif %changelog +* Wed Jun 01 2016 Florian Weimer - 2.23.90-19 +- Auto-sync with upstream master. +- Adjust glibc-rh1315108.patch accordingly. +- Fix fork redirection in libpthread (#1326903) +- CVE-2016-4429: stack overflow in Sun RPC clntudp_call (#1337140) + * Wed May 11 2016 Carlos O'Donell - 2.23.90-18 - Move support for building GCC 2.96 into compat-gcc-296. diff --git a/sources b/sources index 35a8cfd..45ec11e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6591008b546b6849845e06d9b1665943 glibc-2.23-300-gb91a333.tar.gz +72b48c6bef1a5922033118d55cb376d2 glibc-2.23-411-gf06f3f0.tar.gz