mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2025-01-01 08:25:55 +03:00
glibc: 2.31 -> 2.32
ChangeLog: https://sourceware.org/pipermail/libc-announce/2020/000029.html Patches removed: * `rpcgen-path.patch` is obsolete as the support for SunOS RPC has been removed in 2.32[1]. * The vulnerabilities CVE-2020-1752[2] & CVE-2020-10029[3] are fixed in `glibc-2.32`[4][5], thus applying those manually isn't necessary anymore. I also added myself as second maintainer as I'm quite regularly doing `glibc`-related stuff in `nixpkgs`, so let's make this situation official. [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5500cdba4018ddbda7909bc7f4f9718610b43cf0 [2] https://nvd.nist.gov/vuln/detail/CVE-2020-1752 [3] https://nvd.nist.gov/vuln/detail/CVE-2020-10029 [4] Commit 9333498794cde1d5cca518badf79533a24114b6f (CVE-2020-1752) [5] Commit ddc650e9b3dc916eab417ce9f79e67337b05035c (CVE-2020-10029)
This commit is contained in:
parent
2e075ba96c
commit
30286ebcc1
@ -1,62 +0,0 @@
|
|||||||
From: Andreas Schwab <schwab@suse.de>
|
|
||||||
Date: Wed, 19 Feb 2020 16:21:46 +0000 (+0100)
|
|
||||||
Subject: Fix use-after-free in glob when expanding ~user (bug 25414)
|
|
||||||
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=da97c6b88eb03fb834e92964b0895c2ac8d61f63;hp=dd34bce38c822b67fcc42e73969bf6699d6874b6
|
|
||||||
|
|
||||||
Fix use-after-free in glob when expanding ~user (bug 25414)
|
|
||||||
|
|
||||||
The value of `end_name' points into the value of `dirname', thus don't
|
|
||||||
deallocate the latter before the last use of the former.
|
|
||||||
|
|
||||||
(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c)
|
|
||||||
---
|
|
||||||
|
|
||||||
diff --git a/posix/glob.c b/posix/glob.c
|
|
||||||
index e73e35c510..c6cbd0eb43 100644
|
|
||||||
--- a/posix/glob.c
|
|
||||||
+++ b/posix/glob.c
|
|
||||||
@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
|
|
||||||
{
|
|
||||||
size_t home_len = strlen (p->pw_dir);
|
|
||||||
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
|
|
||||||
- char *d;
|
|
||||||
+ char *d, *newp;
|
|
||||||
+ bool use_alloca = glob_use_alloca (alloca_used,
|
|
||||||
+ home_len + rest_len + 1);
|
|
||||||
|
|
||||||
- if (__glibc_unlikely (malloc_dirname))
|
|
||||||
- free (dirname);
|
|
||||||
- malloc_dirname = 0;
|
|
||||||
-
|
|
||||||
- if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
|
|
||||||
- dirname = alloca_account (home_len + rest_len + 1,
|
|
||||||
- alloca_used);
|
|
||||||
+ if (use_alloca)
|
|
||||||
+ newp = alloca_account (home_len + rest_len + 1, alloca_used);
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- dirname = malloc (home_len + rest_len + 1);
|
|
||||||
- if (dirname == NULL)
|
|
||||||
+ newp = malloc (home_len + rest_len + 1);
|
|
||||||
+ if (newp == NULL)
|
|
||||||
{
|
|
||||||
scratch_buffer_free (&pwtmpbuf);
|
|
||||||
retval = GLOB_NOSPACE;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
- malloc_dirname = 1;
|
|
||||||
}
|
|
||||||
- d = mempcpy (dirname, p->pw_dir, home_len);
|
|
||||||
+ d = mempcpy (newp, p->pw_dir, home_len);
|
|
||||||
if (end_name != NULL)
|
|
||||||
d = mempcpy (d, end_name, rest_len);
|
|
||||||
*d = '\0';
|
|
||||||
|
|
||||||
+ if (__glibc_unlikely (malloc_dirname))
|
|
||||||
+ free (dirname);
|
|
||||||
+ dirname = newp;
|
|
||||||
+ malloc_dirname = !use_alloca;
|
|
||||||
+
|
|
||||||
dirlen = home_len + rest_len;
|
|
||||||
dirname_modified = 1;
|
|
||||||
}
|
|
@ -1,79 +0,0 @@
|
|||||||
diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
index 995e90d6da..318628aed6 100644
|
|
||||||
--- a/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/Makefile
|
|
||||||
@@ -17,5 +17,6 @@
|
|
||||||
# <https://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
ifeq ($(subdir),math)
|
|
||||||
-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
|
|
||||||
+tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
|
|
||||||
+CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
|
|
||||||
endif
|
|
||||||
diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
index 5f742321ae..bcdf20179f 100644
|
|
||||||
--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
|
|
||||||
@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if ((i0 & 0x80000000) == 0)
|
|
||||||
+ {
|
|
||||||
+ /* Pseudo-zero and unnormal representations are not valid
|
|
||||||
+ representations of long double. We need to avoid stack
|
|
||||||
+ corruption in __kernel_rem_pio2, which expects input in a
|
|
||||||
+ particular normal form, but those representations do not need
|
|
||||||
+ to be consistently handled like any particular floating-point
|
|
||||||
+ value. */
|
|
||||||
+ y[1] = y[0] = __builtin_nanl ("");
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Split the 64 bits of the mantissa into three 24-bit integers
|
|
||||||
stored in a double array. */
|
|
||||||
exp = j0 - 23;
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
|
|
||||||
@@ -0,0 +1,41 @@
|
|
||||||
+/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
|
|
||||||
+ Copyright (C) 2020 Free Software Foundation, Inc.
|
|
||||||
+ This file is part of the GNU C Library.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is free software; you can redistribute it and/or
|
|
||||||
+ modify it under the terms of the GNU Lesser General Public
|
|
||||||
+ License as published by the Free Software Foundation; either
|
|
||||||
+ version 2.1 of the License, or (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
||||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ Lesser General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU Lesser General Public
|
|
||||||
+ License along with the GNU C Library; if not, see
|
|
||||||
+ <https://www.gnu.org/licenses/>. */
|
|
||||||
+
|
|
||||||
+#include <math.h>
|
|
||||||
+#include <math_ldbl.h>
|
|
||||||
+#include <stdint.h>
|
|
||||||
+
|
|
||||||
+static int
|
|
||||||
+do_test (void)
|
|
||||||
+{
|
|
||||||
+ for (int i = 0; i < 64; i++)
|
|
||||||
+ {
|
|
||||||
+ uint64_t sig = i == 63 ? 0 : 1ULL << i;
|
|
||||||
+ long double ld;
|
|
||||||
+ SET_LDOUBLE_WORDS (ld, 0x4141,
|
|
||||||
+ sig >> 32, sig & 0xffffffffULL);
|
|
||||||
+ /* The requirement is that no stack overflow occurs when the
|
|
||||||
+ pseudo-zero or unnormal goes through range reduction. */
|
|
||||||
+ volatile long double ldr;
|
|
||||||
+ ldr = sinl (ld);
|
|
||||||
+ (void) ldr;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#include <support/test-driver.c>
|
|
@ -41,9 +41,9 @@
|
|||||||
} @ args:
|
} @ args:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "2.31";
|
version = "2.32";
|
||||||
patchSuffix = "";
|
patchSuffix = "";
|
||||||
sha256 = "05zxkyz9bv3j9h0xyid1rhvh3klhsmrpkf3bcs6frvlgyr2gwilj";
|
sha256 = "0di848ibffrnwq7g2dvgqrnn4xqhj3h96csn69q4da51ymafl9qn";
|
||||||
in
|
in
|
||||||
|
|
||||||
assert withLinuxHeaders -> linuxHeaders != null;
|
assert withLinuxHeaders -> linuxHeaders != null;
|
||||||
@ -59,9 +59,6 @@ stdenv.mkDerivation ({
|
|||||||
|
|
||||||
patches =
|
patches =
|
||||||
[
|
[
|
||||||
/* Have rpcgen(1) look for cpp(1) in $PATH. */
|
|
||||||
./rpcgen-path.patch
|
|
||||||
|
|
||||||
/* Allow NixOS and Nix to handle the locale-archive. */
|
/* Allow NixOS and Nix to handle the locale-archive. */
|
||||||
./nix-locale-archive.patch
|
./nix-locale-archive.patch
|
||||||
|
|
||||||
@ -113,8 +110,6 @@ stdenv.mkDerivation ({
|
|||||||
})
|
})
|
||||||
|
|
||||||
./fix-x64-abi.patch
|
./fix-x64-abi.patch
|
||||||
./2.30-cve-2020-1752.patch
|
|
||||||
./2.31-cve-2020-10029.patch
|
|
||||||
]
|
]
|
||||||
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
|
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
|
||||||
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
|
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
|
||||||
@ -146,8 +141,6 @@ stdenv.mkDerivation ({
|
|||||||
configureFlags =
|
configureFlags =
|
||||||
[ "-C"
|
[ "-C"
|
||||||
"--enable-add-ons"
|
"--enable-add-ons"
|
||||||
"--enable-obsolete-nsl"
|
|
||||||
"--enable-obsolete-rpc"
|
|
||||||
"--sysconfdir=/etc"
|
"--sysconfdir=/etc"
|
||||||
"--enable-stackguard-randomization"
|
"--enable-stackguard-randomization"
|
||||||
(lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include")
|
(lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include")
|
||||||
@ -226,7 +219,7 @@ stdenv.mkDerivation ({
|
|||||||
|
|
||||||
doCheck = false; # fails
|
doCheck = false; # fails
|
||||||
|
|
||||||
meta = {
|
meta = with lib; {
|
||||||
homepage = "https://www.gnu.org/software/libc/";
|
homepage = "https://www.gnu.org/software/libc/";
|
||||||
description = "The GNU C Library";
|
description = "The GNU C Library";
|
||||||
|
|
||||||
@ -239,10 +232,10 @@ stdenv.mkDerivation ({
|
|||||||
most systems with the Linux kernel.
|
most systems with the Linux kernel.
|
||||||
'';
|
'';
|
||||||
|
|
||||||
license = lib.licenses.lgpl2Plus;
|
license = licenses.lgpl2Plus;
|
||||||
|
|
||||||
maintainers = [ lib.maintainers.eelco ];
|
maintainers = with maintainers; [ eelco ma27 ];
|
||||||
platforms = lib.platforms.linux;
|
platforms = platforms.linux;
|
||||||
} // meta;
|
} // meta;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user