glibc: 2.31 -> 2.32

ChangeLog: https://sourceware.org/pipermail/libc-announce/2020/000029.html

Patches removed:

* `rpcgen-path.patch` is obsolete as the support for SunOS RPC has been
  removed in 2.32[1].

* The vulnerabilities CVE-2020-1752[2] & CVE-2020-10029[3] are fixed in
  `glibc-2.32`[4][5], thus applying those manually isn't necessary anymore.

I also added myself as second maintainer as I'm quite regularly doing
`glibc`-related stuff in `nixpkgs`, so let's make this situation
official.

[1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5500cdba4018ddbda7909bc7f4f9718610b43cf0
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-1752
[3] https://nvd.nist.gov/vuln/detail/CVE-2020-10029
[4] Commit 9333498794cde1d5cca518badf79533a24114b6f (CVE-2020-1752)
[5] Commit ddc650e9b3dc916eab417ce9f79e67337b05035c (CVE-2020-10029)
This commit is contained in:
Maximilian Bosch 2020-08-10 11:25:08 +02:00
parent 2e075ba96c
commit 30286ebcc1
No known key found for this signature in database
GPG Key ID: 091DBF4D1FC46B8E
3 changed files with 6 additions and 154 deletions

View File

@ -1,62 +0,0 @@
From: Andreas Schwab <schwab@suse.de>
Date: Wed, 19 Feb 2020 16:21:46 +0000 (+0100)
Subject: Fix use-after-free in glob when expanding ~user (bug 25414)
X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=da97c6b88eb03fb834e92964b0895c2ac8d61f63;hp=dd34bce38c822b67fcc42e73969bf6699d6874b6
Fix use-after-free in glob when expanding ~user (bug 25414)
The value of `end_name' points into the value of `dirname', thus don't
deallocate the latter before the last use of the former.
(cherry picked from commit ddc650e9b3dc916eab417ce9f79e67337b05035c)
---
diff --git a/posix/glob.c b/posix/glob.c
index e73e35c510..c6cbd0eb43 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -827,31 +827,32 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
- char *d;
+ char *d, *newp;
+ bool use_alloca = glob_use_alloca (alloca_used,
+ home_len + rest_len + 1);
- if (__glibc_unlikely (malloc_dirname))
- free (dirname);
- malloc_dirname = 0;
-
- if (glob_use_alloca (alloca_used, home_len + rest_len + 1))
- dirname = alloca_account (home_len + rest_len + 1,
- alloca_used);
+ if (use_alloca)
+ newp = alloca_account (home_len + rest_len + 1, alloca_used);
else
{
- dirname = malloc (home_len + rest_len + 1);
- if (dirname == NULL)
+ newp = malloc (home_len + rest_len + 1);
+ if (newp == NULL)
{
scratch_buffer_free (&pwtmpbuf);
retval = GLOB_NOSPACE;
goto out;
}
- malloc_dirname = 1;
}
- d = mempcpy (dirname, p->pw_dir, home_len);
+ d = mempcpy (newp, p->pw_dir, home_len);
if (end_name != NULL)
d = mempcpy (d, end_name, rest_len);
*d = '\0';
+ if (__glibc_unlikely (malloc_dirname))
+ free (dirname);
+ dirname = newp;
+ malloc_dirname = !use_alloca;
+
dirlen = home_len + rest_len;
dirname_modified = 1;
}

View File

@ -1,79 +0,0 @@
diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
index 995e90d6da..318628aed6 100644
--- a/sysdeps/ieee754/ldbl-96/Makefile
+++ b/sysdeps/ieee754/ldbl-96/Makefile
@@ -17,5 +17,6 @@
# <https://www.gnu.org/licenses/>.
ifeq ($(subdir),math)
-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
+tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
+CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
endif
diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
index 5f742321ae..bcdf20179f 100644
--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
return 0;
}
+ if ((i0 & 0x80000000) == 0)
+ {
+ /* Pseudo-zero and unnormal representations are not valid
+ representations of long double. We need to avoid stack
+ corruption in __kernel_rem_pio2, which expects input in a
+ particular normal form, but those representations do not need
+ to be consistently handled like any particular floating-point
+ value. */
+ y[1] = y[0] = __builtin_nanl ("");
+ return 0;
+ }
+
/* Split the 64 bits of the mantissa into three 24-bit integers
stored in a double array. */
exp = j0 - 23;
--- /dev/null
+++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
@@ -0,0 +1,41 @@
+/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
+ Copyright (C) 2020 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <math.h>
+#include <math_ldbl.h>
+#include <stdint.h>
+
+static int
+do_test (void)
+{
+ for (int i = 0; i < 64; i++)
+ {
+ uint64_t sig = i == 63 ? 0 : 1ULL << i;
+ long double ld;
+ SET_LDOUBLE_WORDS (ld, 0x4141,
+ sig >> 32, sig & 0xffffffffULL);
+ /* The requirement is that no stack overflow occurs when the
+ pseudo-zero or unnormal goes through range reduction. */
+ volatile long double ldr;
+ ldr = sinl (ld);
+ (void) ldr;
+ }
+ return 0;
+}
+
+#include <support/test-driver.c>

View File

@ -41,9 +41,9 @@
} @ args: } @ args:
let let
version = "2.31"; version = "2.32";
patchSuffix = ""; patchSuffix = "";
sha256 = "05zxkyz9bv3j9h0xyid1rhvh3klhsmrpkf3bcs6frvlgyr2gwilj"; sha256 = "0di848ibffrnwq7g2dvgqrnn4xqhj3h96csn69q4da51ymafl9qn";
in in
assert withLinuxHeaders -> linuxHeaders != null; assert withLinuxHeaders -> linuxHeaders != null;
@ -59,9 +59,6 @@ stdenv.mkDerivation ({
patches = patches =
[ [
/* Have rpcgen(1) look for cpp(1) in $PATH. */
./rpcgen-path.patch
/* Allow NixOS and Nix to handle the locale-archive. */ /* Allow NixOS and Nix to handle the locale-archive. */
./nix-locale-archive.patch ./nix-locale-archive.patch
@ -113,8 +110,6 @@ stdenv.mkDerivation ({
}) })
./fix-x64-abi.patch ./fix-x64-abi.patch
./2.30-cve-2020-1752.patch
./2.31-cve-2020-10029.patch
] ]
++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
@ -146,8 +141,6 @@ stdenv.mkDerivation ({
configureFlags = configureFlags =
[ "-C" [ "-C"
"--enable-add-ons" "--enable-add-ons"
"--enable-obsolete-nsl"
"--enable-obsolete-rpc"
"--sysconfdir=/etc" "--sysconfdir=/etc"
"--enable-stackguard-randomization" "--enable-stackguard-randomization"
(lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include") (lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include")
@ -226,7 +219,7 @@ stdenv.mkDerivation ({
doCheck = false; # fails doCheck = false; # fails
meta = { meta = with lib; {
homepage = "https://www.gnu.org/software/libc/"; homepage = "https://www.gnu.org/software/libc/";
description = "The GNU C Library"; description = "The GNU C Library";
@ -239,10 +232,10 @@ stdenv.mkDerivation ({
most systems with the Linux kernel. most systems with the Linux kernel.
''; '';
license = lib.licenses.lgpl2Plus; license = licenses.lgpl2Plus;
maintainers = [ lib.maintainers.eelco ]; maintainers = with maintainers; [ eelco ma27 ];
platforms = lib.platforms.linux; platforms = platforms.linux;
} // meta; } // meta;
} }