From: Michael Tremer Date: Wed, 7 Feb 2024 15:44:50 +0000 (+0000) Subject: glibc: Update to 2.39 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=28a9825623d5035a303e783bea40391b43ebe3aa;p=people%2Fms%2Fipfire-2.x.git glibc: Update to 2.39 Signed-off-by: Michael Tremer --- diff --git a/config/rootfiles/common/aarch64/glibc b/config/rootfiles/common/aarch64/glibc index f6cd12331b..99481d6b30 100644 --- a/config/rootfiles/common/aarch64/glibc +++ b/config/rootfiles/common/aarch64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/netdb.h #usr/include/bits/param.h #usr/include/bits/poll.h +#usr/include/bits/platform/features.h #usr/include/bits/poll2.h #usr/include/bits/posix1_lim.h #usr/include/bits/posix2_lim.h @@ -168,6 +169,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -176,6 +178,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -417,6 +420,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -808,7 +812,7 @@ usr/lib/gconv #usr/lib/libc_nonshared.a #usr/lib/libdl.a #usr/lib/libg.a -#usr/lib/libm-2.38.a +#usr/lib/libm-2.39.a #usr/lib/libm.a #usr/lib/libm.so #usr/lib/libmcheck.a @@ -880,20 +884,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2126,6 +2116,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4142,6 +4146,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4968,6 +4986,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6662,6 +6694,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6690,6 +6736,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7054,6 +7114,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7502,6 +7576,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7941,7 +8029,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -8004,6 +8091,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8093,6 +8181,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8139,6 +8228,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8232,7 +8322,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8254,6 +8346,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8262,6 +8355,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8291,6 +8385,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8308,6 +8403,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/config/rootfiles/common/riscv64/glibc b/config/rootfiles/common/riscv64/glibc index cf1df065a6..1ee4b92bdb 100644 --- a/config/rootfiles/common/riscv64/glibc +++ b/config/rootfiles/common/riscv64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/param.h #usr/include/bits/poll.h #usr/include/bits/poll2.h +#usr/include/bits/platform/features.h #usr/include/bits/posix1_lim.h #usr/include/bits/posix2_lim.h #usr/include/bits/posix_opt.h @@ -167,6 +168,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -175,6 +177,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -416,6 +419,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -875,20 +879,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2121,6 +2111,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4137,6 +4141,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4963,6 +4981,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6657,6 +6689,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6685,6 +6731,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7049,6 +7109,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7497,6 +7571,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7935,7 +8023,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -7998,6 +8085,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8087,6 +8175,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8133,6 +8222,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8226,7 +8316,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8248,6 +8340,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8256,6 +8349,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8285,6 +8379,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8302,6 +8397,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/config/rootfiles/common/x86_64/glibc b/config/rootfiles/common/x86_64/glibc index 66d310e384..929a8f6609 100644 --- a/config/rootfiles/common/x86_64/glibc +++ b/config/rootfiles/common/x86_64/glibc @@ -124,6 +124,7 @@ usr/bin/locale #usr/include/bits/netdb.h #usr/include/bits/param.h #usr/include/bits/platform +#usr/include/bits/platform/features.h #usr/include/bits/platform/x86.h #usr/include/bits/poll.h #usr/include/bits/poll2.h @@ -170,6 +171,7 @@ usr/bin/locale #usr/include/bits/socket.h #usr/include/bits/socket2.h #usr/include/bits/socket_type.h +#usr/include/bits/spawn_ext.h #usr/include/bits/ss_flags.h #usr/include/bits/stab.def #usr/include/bits/stat.h @@ -178,6 +180,7 @@ usr/bin/locale #usr/include/bits/statx-generic.h #usr/include/bits/statx.h #usr/include/bits/stdint-intn.h +#usr/include/bits/stdint-least.h #usr/include/bits/stdint-uintn.h #usr/include/bits/stdio-ldbl.h #usr/include/bits/stdio.h @@ -419,6 +422,7 @@ usr/bin/locale #usr/include/signal.h #usr/include/spawn.h #usr/include/stab.h +#usr/include/stdbit.h #usr/include/stdc-predef.h #usr/include/stdint.h #usr/include/stdio.h @@ -816,7 +820,7 @@ usr/lib/gconv #usr/lib/libc_nonshared.a #usr/lib/libdl.a #usr/lib/libg.a -#usr/lib/libm-2.38.a +#usr/lib/libm-2.39.a #usr/lib/libm.a #usr/lib/libm.so #usr/lib/libmcheck.a @@ -888,20 +892,6 @@ usr/lib/locale #usr/lib/locale/aa_ER/LC_PAPER #usr/lib/locale/aa_ER/LC_TELEPHONE #usr/lib/locale/aa_ER/LC_TIME -#usr/lib/locale/aa_ER@saaho -#usr/lib/locale/aa_ER@saaho/LC_ADDRESS -#usr/lib/locale/aa_ER@saaho/LC_COLLATE -#usr/lib/locale/aa_ER@saaho/LC_CTYPE -#usr/lib/locale/aa_ER@saaho/LC_IDENTIFICATION -#usr/lib/locale/aa_ER@saaho/LC_MEASUREMENT -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MESSAGES/SYS_LC_MESSAGES -#usr/lib/locale/aa_ER@saaho/LC_MONETARY -#usr/lib/locale/aa_ER@saaho/LC_NAME -#usr/lib/locale/aa_ER@saaho/LC_NUMERIC -#usr/lib/locale/aa_ER@saaho/LC_PAPER -#usr/lib/locale/aa_ER@saaho/LC_TELEPHONE -#usr/lib/locale/aa_ER@saaho/LC_TIME #usr/lib/locale/aa_ET #usr/lib/locale/aa_ET/LC_ADDRESS #usr/lib/locale/aa_ET/LC_COLLATE @@ -2134,6 +2124,20 @@ usr/lib/locale #usr/lib/locale/cmn_TW/LC_PAPER #usr/lib/locale/cmn_TW/LC_TELEPHONE #usr/lib/locale/cmn_TW/LC_TIME +#usr/lib/locale/crh_RU +#usr/lib/locale/crh_RU/LC_ADDRESS +#usr/lib/locale/crh_RU/LC_COLLATE +#usr/lib/locale/crh_RU/LC_CTYPE +#usr/lib/locale/crh_RU/LC_IDENTIFICATION +#usr/lib/locale/crh_RU/LC_MEASUREMENT +#usr/lib/locale/crh_RU/LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/crh_RU/LC_MONETARY +#usr/lib/locale/crh_RU/LC_NAME +#usr/lib/locale/crh_RU/LC_NUMERIC +#usr/lib/locale/crh_RU/LC_PAPER +#usr/lib/locale/crh_RU/LC_TELEPHONE +#usr/lib/locale/crh_RU/LC_TIME #usr/lib/locale/crh_UA #usr/lib/locale/crh_UA/LC_ADDRESS #usr/lib/locale/crh_UA/LC_COLLATE @@ -4150,6 +4154,20 @@ usr/lib/locale #usr/lib/locale/ga_IE@euro/LC_PAPER #usr/lib/locale/ga_IE@euro/LC_TELEPHONE #usr/lib/locale/ga_IE@euro/LC_TIME +#usr/lib/locale/gbm_IN +#usr/lib/locale/gbm_IN/LC_ADDRESS +#usr/lib/locale/gbm_IN/LC_COLLATE +#usr/lib/locale/gbm_IN/LC_CTYPE +#usr/lib/locale/gbm_IN/LC_IDENTIFICATION +#usr/lib/locale/gbm_IN/LC_MEASUREMENT +#usr/lib/locale/gbm_IN/LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/gbm_IN/LC_MONETARY +#usr/lib/locale/gbm_IN/LC_NAME +#usr/lib/locale/gbm_IN/LC_NUMERIC +#usr/lib/locale/gbm_IN/LC_PAPER +#usr/lib/locale/gbm_IN/LC_TELEPHONE +#usr/lib/locale/gbm_IN/LC_TIME #usr/lib/locale/gd_GB #usr/lib/locale/gd_GB.utf8 #usr/lib/locale/gd_GB.utf8/LC_ADDRESS @@ -4976,6 +4994,20 @@ usr/lib/locale #usr/lib/locale/ku_TR/LC_PAPER #usr/lib/locale/ku_TR/LC_TELEPHONE #usr/lib/locale/ku_TR/LC_TIME +#usr/lib/locale/kv_RU +#usr/lib/locale/kv_RU/LC_ADDRESS +#usr/lib/locale/kv_RU/LC_COLLATE +#usr/lib/locale/kv_RU/LC_CTYPE +#usr/lib/locale/kv_RU/LC_IDENTIFICATION +#usr/lib/locale/kv_RU/LC_MEASUREMENT +#usr/lib/locale/kv_RU/LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/kv_RU/LC_MONETARY +#usr/lib/locale/kv_RU/LC_NAME +#usr/lib/locale/kv_RU/LC_NUMERIC +#usr/lib/locale/kv_RU/LC_PAPER +#usr/lib/locale/kv_RU/LC_TELEPHONE +#usr/lib/locale/kv_RU/LC_TIME #usr/lib/locale/kw_GB #usr/lib/locale/kw_GB.utf8 #usr/lib/locale/kw_GB.utf8/LC_ADDRESS @@ -6670,6 +6702,20 @@ usr/lib/locale #usr/lib/locale/ss_ZA/LC_PAPER #usr/lib/locale/ss_ZA/LC_TELEPHONE #usr/lib/locale/ss_ZA/LC_TIME +#usr/lib/locale/ssy_ER +#usr/lib/locale/ssy_ER/LC_ADDRESS +#usr/lib/locale/ssy_ER/LC_COLLATE +#usr/lib/locale/ssy_ER/LC_CTYPE +#usr/lib/locale/ssy_ER/LC_IDENTIFICATION +#usr/lib/locale/ssy_ER/LC_MEASUREMENT +#usr/lib/locale/ssy_ER/LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/ssy_ER/LC_MONETARY +#usr/lib/locale/ssy_ER/LC_NAME +#usr/lib/locale/ssy_ER/LC_NUMERIC +#usr/lib/locale/ssy_ER/LC_PAPER +#usr/lib/locale/ssy_ER/LC_TELEPHONE +#usr/lib/locale/ssy_ER/LC_TIME #usr/lib/locale/st_ZA #usr/lib/locale/st_ZA.utf8 #usr/lib/locale/st_ZA.utf8/LC_ADDRESS @@ -6698,6 +6744,20 @@ usr/lib/locale #usr/lib/locale/st_ZA/LC_PAPER #usr/lib/locale/st_ZA/LC_TELEPHONE #usr/lib/locale/st_ZA/LC_TIME +#usr/lib/locale/su_ID +#usr/lib/locale/su_ID/LC_ADDRESS +#usr/lib/locale/su_ID/LC_COLLATE +#usr/lib/locale/su_ID/LC_CTYPE +#usr/lib/locale/su_ID/LC_IDENTIFICATION +#usr/lib/locale/su_ID/LC_MEASUREMENT +#usr/lib/locale/su_ID/LC_MESSAGES +#usr/lib/locale/su_ID/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/su_ID/LC_MONETARY +#usr/lib/locale/su_ID/LC_NAME +#usr/lib/locale/su_ID/LC_NUMERIC +#usr/lib/locale/su_ID/LC_PAPER +#usr/lib/locale/su_ID/LC_TELEPHONE +#usr/lib/locale/su_ID/LC_TIME #usr/lib/locale/sv_FI #usr/lib/locale/sv_FI.utf8 #usr/lib/locale/sv_FI.utf8/LC_ADDRESS @@ -7062,6 +7122,20 @@ usr/lib/locale #usr/lib/locale/to_TO/LC_PAPER #usr/lib/locale/to_TO/LC_TELEPHONE #usr/lib/locale/to_TO/LC_TIME +#usr/lib/locale/tok +#usr/lib/locale/tok/LC_ADDRESS +#usr/lib/locale/tok/LC_COLLATE +#usr/lib/locale/tok/LC_CTYPE +#usr/lib/locale/tok/LC_IDENTIFICATION +#usr/lib/locale/tok/LC_MEASUREMENT +#usr/lib/locale/tok/LC_MESSAGES +#usr/lib/locale/tok/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/tok/LC_MONETARY +#usr/lib/locale/tok/LC_NAME +#usr/lib/locale/tok/LC_NUMERIC +#usr/lib/locale/tok/LC_PAPER +#usr/lib/locale/tok/LC_TELEPHONE +#usr/lib/locale/tok/LC_TIME #usr/lib/locale/tpi_PG #usr/lib/locale/tpi_PG/LC_ADDRESS #usr/lib/locale/tpi_PG/LC_COLLATE @@ -7510,6 +7584,20 @@ usr/lib/locale #usr/lib/locale/yuw_PG/LC_PAPER #usr/lib/locale/yuw_PG/LC_TELEPHONE #usr/lib/locale/yuw_PG/LC_TIME +#usr/lib/locale/zgh_MA +#usr/lib/locale/zgh_MA/LC_ADDRESS +#usr/lib/locale/zgh_MA/LC_COLLATE +#usr/lib/locale/zgh_MA/LC_CTYPE +#usr/lib/locale/zgh_MA/LC_IDENTIFICATION +#usr/lib/locale/zgh_MA/LC_MEASUREMENT +#usr/lib/locale/zgh_MA/LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MESSAGES/SYS_LC_MESSAGES +#usr/lib/locale/zgh_MA/LC_MONETARY +#usr/lib/locale/zgh_MA/LC_NAME +#usr/lib/locale/zgh_MA/LC_NUMERIC +#usr/lib/locale/zgh_MA/LC_PAPER +#usr/lib/locale/zgh_MA/LC_TELEPHONE +#usr/lib/locale/zgh_MA/LC_TIME #usr/lib/locale/zh_CN #usr/lib/locale/zh_CN.gb18030 #usr/lib/locale/zh_CN.gb18030/LC_ADDRESS @@ -7949,7 +8037,6 @@ usr/lib/locale #usr/share/i18n/locales/POSIX #usr/share/i18n/locales/aa_DJ #usr/share/i18n/locales/aa_ER -#usr/share/i18n/locales/aa_ER@saaho #usr/share/i18n/locales/aa_ET #usr/share/i18n/locales/ab_GE #usr/share/i18n/locales/af_ZA @@ -8012,6 +8099,7 @@ usr/lib/locale #usr/share/i18n/locales/ckb_IQ #usr/share/i18n/locales/cmn_TW #usr/share/i18n/locales/cns11643_stroke +#usr/share/i18n/locales/crh_RU #usr/share/i18n/locales/crh_UA #usr/share/i18n/locales/cs_CZ #usr/share/i18n/locales/csb_PL @@ -8101,6 +8189,7 @@ usr/lib/locale #usr/share/i18n/locales/fy_NL #usr/share/i18n/locales/ga_IE #usr/share/i18n/locales/ga_IE@euro +#usr/share/i18n/locales/gbm_IN #usr/share/i18n/locales/gd_GB #usr/share/i18n/locales/gez_ER #usr/share/i18n/locales/gez_ER@abegede @@ -8147,6 +8236,7 @@ usr/lib/locale #usr/share/i18n/locales/ks_IN #usr/share/i18n/locales/ks_IN@devanagari #usr/share/i18n/locales/ku_TR +#usr/share/i18n/locales/kv_RU #usr/share/i18n/locales/kw_GB #usr/share/i18n/locales/ky_KG #usr/share/i18n/locales/lb_LU @@ -8240,7 +8330,9 @@ usr/lib/locale #usr/share/i18n/locales/sr_RS #usr/share/i18n/locales/sr_RS@latin #usr/share/i18n/locales/ss_ZA +#usr/share/i18n/locales/ssy_ER #usr/share/i18n/locales/st_ZA +#usr/share/i18n/locales/su_ID #usr/share/i18n/locales/sv_FI #usr/share/i18n/locales/sv_FI@euro #usr/share/i18n/locales/sv_SE @@ -8262,6 +8354,7 @@ usr/lib/locale #usr/share/i18n/locales/tl_PH #usr/share/i18n/locales/tn_ZA #usr/share/i18n/locales/to_TO +#usr/share/i18n/locales/tok #usr/share/i18n/locales/tpi_PG #usr/share/i18n/locales/tr_CY #usr/share/i18n/locales/tr_TR @@ -8270,6 +8363,7 @@ usr/lib/locale #usr/share/i18n/locales/translit_cjk_variants #usr/share/i18n/locales/translit_combining #usr/share/i18n/locales/translit_compat +#usr/share/i18n/locales/translit_emojis #usr/share/i18n/locales/translit_font #usr/share/i18n/locales/translit_fraction #usr/share/i18n/locales/translit_hangul @@ -8299,6 +8393,7 @@ usr/lib/locale #usr/share/i18n/locales/yo_NG #usr/share/i18n/locales/yue_HK #usr/share/i18n/locales/yuw_PG +#usr/share/i18n/locales/zgh_MA #usr/share/i18n/locales/zh_CN #usr/share/i18n/locales/zh_HK #usr/share/i18n/locales/zh_SG @@ -8316,6 +8411,7 @@ usr/lib/locale #usr/share/info/libc.info-16 #usr/share/info/libc.info-17 #usr/share/info/libc.info-18 +#usr/share/info/libc.info-19 #usr/share/info/libc.info-2 #usr/share/info/libc.info-3 #usr/share/info/libc.info-4 diff --git a/lfs/glibc b/lfs/glibc index 5c62aaa448..43523e46f5 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -24,7 +24,7 @@ include Config -VER = 2.38 +VER = 2.39 THISAPP = glibc-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -82,7 +82,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = f9b039f0ef98a7dd8e1cba228ed10286b9e4fbe4dd89af4d26fa5c4e4cf266f19c2746b44d797ce54739d86499e74cf334aaf311bcf6e30120fd7748453e653f +$(DL_FILE)_BLAKE2 = 9d98459a2d58401e07c081e0d841935b23998da75a7eb5a7ebd23a1f9ebab99dee623fe166397c1b6c926960c570f62dbca5cb3b5ce84a918adff6b7a15e16bb install : $(TARGET) @@ -114,52 +114,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) @mkdir $(DIR_SRC)/glibc-build - # Patches from upstream - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0016-elf-Remove-unused-l_text_end-field-from-struct-link_.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0030-Revert-elf-Move-l_init_called_next-to-old-place-of-l.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch ifneq "$(TOOLCHAIN)" "1" diff --git a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch b/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch deleted file mode 100644 index b78a5a8844..0000000000 --- a/src/patches/glibc-2.38/0001-stdlib-Improve-tst-realpath-compatibility-with-sourc.patch +++ /dev/null @@ -1,43 +0,0 @@ -From d97cca1e5df812be0e4de1e38091f02bb1e7ec4e Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Tue, 1 Aug 2023 10:27:15 +0200 -Subject: [PATCH 01/44] stdlib: Improve tst-realpath compatibility with source - fortification - -On GCC before 11, IPA can make the fortified realpath aware that the -buffer size is not large enough (8 bytes instead of PATH_MAX bytes). -Fix this by using a buffer that is large enough. - -(cherry picked from commit 510fc20d73de12c85823d9996faac74666e9c2e7) ---- - stdlib/tst-realpath.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/stdlib/tst-realpath.c b/stdlib/tst-realpath.c -index f325c95a44..3694ecd8af 100644 ---- a/stdlib/tst-realpath.c -+++ b/stdlib/tst-realpath.c -@@ -24,6 +24,7 @@ - License along with the GNU C Library; if not, see - . */ - -+#include - #include - #include - #include -@@ -50,7 +51,11 @@ void dealloc (void *p) - - char* alloc (void) - { -- return (char *)malloc (8); -+#ifdef PATH_MAX -+ return (char *)malloc (PATH_MAX); -+#else -+ return (char *)malloc (4096); -+#endif - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch b/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch deleted file mode 100644 index 3b5917d25a..0000000000 --- a/src/patches/glibc-2.38/0002-x86-Fix-for-cache-computation-on-AMD-legacy-cpus.patch +++ /dev/null @@ -1,286 +0,0 @@ -From ced101ed9d3b7cfd12d97ef24940cb00b8658c81 Mon Sep 17 00:00:00 2001 -From: Sajan Karumanchi -Date: Tue, 1 Aug 2023 15:20:55 +0000 -Subject: [PATCH 02/44] x86: Fix for cache computation on AMD legacy cpus. - -Some legacy AMD CPUs and hypervisors have the _cpuid_ '0x8000_001D' -set to Zero, thus resulting in zeroed-out computed cache values. -This patch reintroduces the old way of cache computation as a -fail-safe option to handle these exceptions. -Fixed 'level4_cache_size' value through handle_amd(). - -Reviewed-by: Premachandra Mallappa -Tested-by: Florian Weimer ---- - sysdeps/x86/dl-cacheinfo.h | 226 ++++++++++++++++++++++++++++++++----- - 1 file changed, 199 insertions(+), 27 deletions(-) - -diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h -index cd4d0351ae..285773039f 100644 ---- a/sysdeps/x86/dl-cacheinfo.h -+++ b/sysdeps/x86/dl-cacheinfo.h -@@ -315,40 +315,206 @@ handle_amd (int name) - { - unsigned int eax; - unsigned int ebx; -- unsigned int ecx; -+ unsigned int ecx = 0; - unsigned int edx; -- unsigned int count = 0x1; -+ unsigned int max_cpuid = 0; -+ unsigned int fn = 0; - - /* No level 4 cache (yet). */ - if (name > _SC_LEVEL3_CACHE_LINESIZE) - return 0; - -- if (name >= _SC_LEVEL3_CACHE_SIZE) -- count = 0x3; -- else if (name >= _SC_LEVEL2_CACHE_SIZE) -- count = 0x2; -- else if (name >= _SC_LEVEL1_DCACHE_SIZE) -- count = 0x0; -+ __cpuid (0x80000000, max_cpuid, ebx, ecx, edx); -+ -+ if (max_cpuid >= 0x8000001D) -+ /* Use __cpuid__ '0x8000_001D' to compute cache details. */ -+ { -+ unsigned int count = 0x1; -+ -+ if (name >= _SC_LEVEL3_CACHE_SIZE) -+ count = 0x3; -+ else if (name >= _SC_LEVEL2_CACHE_SIZE) -+ count = 0x2; -+ else if (name >= _SC_LEVEL1_DCACHE_SIZE) -+ count = 0x0; -+ -+ __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx); -+ -+ if (ecx != 0) -+ { -+ switch (name) -+ { -+ case _SC_LEVEL1_ICACHE_ASSOC: -+ case _SC_LEVEL1_DCACHE_ASSOC: -+ case _SC_LEVEL2_CACHE_ASSOC: -+ case _SC_LEVEL3_CACHE_ASSOC: -+ return ((ebx >> 22) & 0x3ff) + 1; -+ case _SC_LEVEL1_ICACHE_LINESIZE: -+ case _SC_LEVEL1_DCACHE_LINESIZE: -+ case _SC_LEVEL2_CACHE_LINESIZE: -+ case _SC_LEVEL3_CACHE_LINESIZE: -+ return (ebx & 0xfff) + 1; -+ case _SC_LEVEL1_ICACHE_SIZE: -+ case _SC_LEVEL1_DCACHE_SIZE: -+ case _SC_LEVEL2_CACHE_SIZE: -+ case _SC_LEVEL3_CACHE_SIZE: -+ return (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1); -+ default: -+ __builtin_unreachable (); -+ } -+ return -1; -+ } -+ } -+ -+ /* Legacy cache computation for CPUs prior to Bulldozer family. -+ This is also a fail-safe mechanism for some hypervisors that -+ accidentally configure __cpuid__ '0x8000_001D' to Zero. */ - -- __cpuid_count (0x8000001D, count, eax, ebx, ecx, edx); -+ fn = 0x80000005 + (name >= _SC_LEVEL2_CACHE_SIZE); -+ -+ if (max_cpuid < fn) -+ return 0; -+ -+ __cpuid (fn, eax, ebx, ecx, edx); -+ -+ if (name < _SC_LEVEL1_DCACHE_SIZE) -+ { -+ name += _SC_LEVEL1_DCACHE_SIZE - _SC_LEVEL1_ICACHE_SIZE; -+ ecx = edx; -+ } - - switch (name) - { -- case _SC_LEVEL1_ICACHE_ASSOC: -- case _SC_LEVEL1_DCACHE_ASSOC: -- case _SC_LEVEL2_CACHE_ASSOC: -+ case _SC_LEVEL1_DCACHE_SIZE: -+ return (ecx >> 14) & 0x3fc00; -+ -+ case _SC_LEVEL1_DCACHE_ASSOC: -+ ecx >>= 16; -+ if ((ecx & 0xff) == 0xff) -+ { -+ /* Fully associative. */ -+ return (ecx << 2) & 0x3fc00; -+ } -+ return ecx & 0xff; -+ -+ case _SC_LEVEL1_DCACHE_LINESIZE: -+ return ecx & 0xff; -+ -+ case _SC_LEVEL2_CACHE_SIZE: -+ return (ecx & 0xf000) == 0 ? 0 : (ecx >> 6) & 0x3fffc00; -+ -+ case _SC_LEVEL2_CACHE_ASSOC: -+ switch ((ecx >> 12) & 0xf) -+ { -+ case 0: -+ case 1: -+ case 2: -+ case 4: -+ return (ecx >> 12) & 0xf; -+ case 6: -+ return 8; -+ case 8: -+ return 16; -+ case 10: -+ return 32; -+ case 11: -+ return 48; -+ case 12: -+ return 64; -+ case 13: -+ return 96; -+ case 14: -+ return 128; -+ case 15: -+ return ((ecx >> 6) & 0x3fffc00) / (ecx & 0xff); -+ default: -+ return 0; -+ } -+ -+ case _SC_LEVEL2_CACHE_LINESIZE: -+ return (ecx & 0xf000) == 0 ? 0 : ecx & 0xff; -+ -+ case _SC_LEVEL3_CACHE_SIZE: -+ { -+ long int total_l3_cache = 0, l3_cache_per_thread = 0; -+ unsigned int threads = 0; -+ const struct cpu_features *cpu_features; -+ -+ if ((edx & 0xf000) == 0) -+ return 0; -+ -+ total_l3_cache = (edx & 0x3ffc0000) << 1; -+ cpu_features = __get_cpu_features (); -+ -+ /* Figure out the number of logical threads that share L3. */ -+ if (max_cpuid >= 0x80000008) -+ { -+ /* Get width of APIC ID. */ -+ __cpuid (0x80000008, eax, ebx, ecx, edx); -+ threads = (ecx & 0xff) + 1; -+ } -+ -+ if (threads == 0) -+ { -+ /* If APIC ID width is not available, use logical -+ processor count. */ -+ __cpuid (0x00000001, eax, ebx, ecx, edx); -+ if ((edx & (1 << 28)) != 0) -+ threads = (ebx >> 16) & 0xff; -+ } -+ -+ /* Cap usage of highest cache level to the number of -+ supported threads. */ -+ if (threads > 0) -+ l3_cache_per_thread = total_l3_cache/threads; -+ -+ /* Get shared cache per ccx for Zen architectures. */ -+ if (cpu_features->basic.family >= 0x17) -+ { -+ long int l3_cache_per_ccx = 0; -+ /* Get number of threads share the L3 cache in CCX. */ -+ __cpuid_count (0x8000001D, 0x3, eax, ebx, ecx, edx); -+ unsigned int threads_per_ccx = ((eax >> 14) & 0xfff) + 1; -+ l3_cache_per_ccx = l3_cache_per_thread * threads_per_ccx; -+ return l3_cache_per_ccx; -+ } -+ else -+ { -+ return l3_cache_per_thread; -+ } -+ } -+ - case _SC_LEVEL3_CACHE_ASSOC: -- return ecx ? ((ebx >> 22) & 0x3ff) + 1 : 0; -- case _SC_LEVEL1_ICACHE_LINESIZE: -- case _SC_LEVEL1_DCACHE_LINESIZE: -- case _SC_LEVEL2_CACHE_LINESIZE: -+ switch ((edx >> 12) & 0xf) -+ { -+ case 0: -+ case 1: -+ case 2: -+ case 4: -+ return (edx >> 12) & 0xf; -+ case 6: -+ return 8; -+ case 8: -+ return 16; -+ case 10: -+ return 32; -+ case 11: -+ return 48; -+ case 12: -+ return 64; -+ case 13: -+ return 96; -+ case 14: -+ return 128; -+ case 15: -+ return ((edx & 0x3ffc0000) << 1) / (edx & 0xff); -+ default: -+ return 0; -+ } -+ - case _SC_LEVEL3_CACHE_LINESIZE: -- return ecx ? (ebx & 0xfff) + 1 : 0; -- case _SC_LEVEL1_ICACHE_SIZE: -- case _SC_LEVEL1_DCACHE_SIZE: -- case _SC_LEVEL2_CACHE_SIZE: -- case _SC_LEVEL3_CACHE_SIZE: -- return ecx ? (((ebx >> 22) & 0x3ff) + 1) * ((ebx & 0xfff) + 1) * (ecx + 1): 0; -+ return (edx & 0xf000) == 0 ? 0 : edx & 0xff; -+ - default: - __builtin_unreachable (); - } -@@ -703,7 +869,6 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) - data = handle_amd (_SC_LEVEL1_DCACHE_SIZE); - core = handle_amd (_SC_LEVEL2_CACHE_SIZE); - shared = handle_amd (_SC_LEVEL3_CACHE_SIZE); -- shared_per_thread = shared; - - level1_icache_size = handle_amd (_SC_LEVEL1_ICACHE_SIZE); - level1_icache_linesize = handle_amd (_SC_LEVEL1_ICACHE_LINESIZE); -@@ -716,13 +881,20 @@ dl_init_cacheinfo (struct cpu_features *cpu_features) - level3_cache_size = shared; - level3_cache_assoc = handle_amd (_SC_LEVEL3_CACHE_ASSOC); - level3_cache_linesize = handle_amd (_SC_LEVEL3_CACHE_LINESIZE); -+ level4_cache_size = handle_amd (_SC_LEVEL4_CACHE_SIZE); - - if (shared <= 0) -- /* No shared L3 cache. All we have is the L2 cache. */ -- shared = core; -+ { -+ /* No shared L3 cache. All we have is the L2 cache. */ -+ shared = core; -+ } -+ else if (cpu_features->basic.family < 0x17) -+ { -+ /* Account for exclusive L2 and L3 caches. */ -+ shared += core; -+ } - -- if (shared_per_thread <= 0) -- shared_per_thread = shared; -+ shared_per_thread = shared; - } - - cpu_features->level1_icache_size = level1_icache_size; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch b/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch deleted file mode 100644 index 22a2cbdeff..0000000000 --- a/src/patches/glibc-2.38/0003-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch +++ /dev/null @@ -1,185 +0,0 @@ -From 6b99458d197ab779ebb6ff632c168e2cbfa4f543 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Fri, 11 Aug 2023 10:10:16 +0200 -Subject: [PATCH 03/44] nscd: Do not rebuild getaddrinfo (bug 30709) - -The nscd daemon caches hosts data from NSS modules verbatim, without -filtering protocol families or sorting them (otherwise separate caches -would be needed for certain ai_flags combinations). The cache -implementation is complete separate from the getaddrinfo code. This -means that rebuilding getaddrinfo is not needed. The only function -actually used is __bump_nl_timestamp from check_pf.c, and this change -moves it into nscd/connections.c. - -Tested on x86_64-linux-gnu with -fexceptions, built with -build-many-glibcs.py. I also backported this patch into a distribution -that still supports nscd and verified manually that caching still works. - -Reviewed-by: Siddhesh Poyarekar -(cherry picked from commit 039ff51ac7e02db1cfc0c23e38ac7bfbb00221d1) ---- - include/ifaddrs.h | 4 --- - inet/check_pf.c | 9 ------ - nscd/Makefile | 2 +- - nscd/connections.c | 11 +++++++ - nscd/gai.c | 50 ------------------------------ - sysdeps/unix/sysv/linux/check_pf.c | 17 +--------- - 6 files changed, 13 insertions(+), 80 deletions(-) - delete mode 100644 nscd/gai.c - -diff --git a/include/ifaddrs.h b/include/ifaddrs.h -index 416118f1b3..19a3afb19f 100644 ---- a/include/ifaddrs.h -+++ b/include/ifaddrs.h -@@ -34,9 +34,5 @@ extern void __check_native (uint32_t a1_index, int *a1_native, - uint32_t a2_index, int *a2_native) - attribute_hidden; - --#if IS_IN (nscd) --extern uint32_t __bump_nl_timestamp (void) attribute_hidden; --#endif -- - # endif /* !_ISOMAC */ - #endif /* ifaddrs.h */ -diff --git a/inet/check_pf.c b/inet/check_pf.c -index 5310c99121..6d1475920f 100644 ---- a/inet/check_pf.c -+++ b/inet/check_pf.c -@@ -60,12 +60,3 @@ __free_in6ai (struct in6addrinfo *in6ai) - { - /* Nothing to do. */ - } -- -- --#if IS_IN (nscd) --uint32_t --__bump_nl_timestamp (void) --{ -- return 0; --} --#endif -diff --git a/nscd/Makefile b/nscd/Makefile -index 2a0489f4cf..16b6460ee9 100644 ---- a/nscd/Makefile -+++ b/nscd/Makefile -@@ -35,7 +35,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \ - getgrnam_r getgrgid_r hstcache gethstbyad_r gethstbynm3_r \ - getsrvbynm_r getsrvbypt_r servicescache \ - dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \ -- xmalloc xstrdup aicache initgrcache gai res_hconf \ -+ xmalloc xstrdup aicache initgrcache res_hconf \ - netgroupcache cachedumper - - ifeq ($(build-nscd)$(have-thread-library),yesyes) -diff --git a/nscd/connections.c b/nscd/connections.c -index a405a44a9b..15693e5090 100644 ---- a/nscd/connections.c -+++ b/nscd/connections.c -@@ -256,6 +256,17 @@ int inotify_fd = -1; - #ifdef HAVE_NETLINK - /* Descriptor for netlink status updates. */ - static int nl_status_fd = -1; -+ -+static uint32_t -+__bump_nl_timestamp (void) -+{ -+ static uint32_t nl_timestamp; -+ -+ if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0) -+ atomic_fetch_add_relaxed (&nl_timestamp, 1); -+ -+ return nl_timestamp; -+} - #endif - - /* Number of times clients had to wait. */ -diff --git a/nscd/gai.c b/nscd/gai.c -deleted file mode 100644 -index e29f3fe583..0000000000 ---- a/nscd/gai.c -+++ /dev/null -@@ -1,50 +0,0 @@ --/* Copyright (C) 2004-2023 Free Software Foundation, Inc. -- This file is part of the GNU C Library. -- -- This program is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published -- by the Free Software Foundation; version 2 of the License, or -- (at your option) any later version. -- -- This program is distributed in the hope that it will be useful, -- but WITHOUT ANY WARRANTY; without even the implied warranty of -- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -- GNU General Public License for more details. -- -- You should have received a copy of the GNU General Public License -- along with this program; if not, see . */ -- --#include --#include -- --/* This file uses the getaddrinfo code but it compiles it without NSCD -- support. We just need a few symbol renames. */ --#define __ioctl ioctl --#define __getsockname getsockname --#define __socket socket --#define __recvmsg recvmsg --#define __bind bind --#define __sendto sendto --#define __strchrnul strchrnul --#define __getline getline --#define __qsort_r qsort_r --/* nscd uses 1MB or 2MB thread stacks. */ --#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF) --#define __getifaddrs getifaddrs --#define __freeifaddrs freeifaddrs --#undef __fstat64 --#define __fstat64 fstat64 --#undef __stat64 --#define __stat64 stat64 -- --/* We are nscd, so we don't want to be talking to ourselves. */ --#undef USE_NSCD -- --#include -- --/* Support code. */ --#include --#include -- --/* Some variables normally defined in libc. */ --nss_action_list __nss_hosts_database attribute_hidden; -diff --git a/sysdeps/unix/sysv/linux/check_pf.c b/sysdeps/unix/sysv/linux/check_pf.c -index 2b0b8b6368..3aa6a00348 100644 ---- a/sysdeps/unix/sysv/linux/check_pf.c -+++ b/sysdeps/unix/sysv/linux/check_pf.c -@@ -66,25 +66,10 @@ static struct cached_data *cache; - __libc_lock_define_initialized (static, lock); - - --#if IS_IN (nscd) --static uint32_t nl_timestamp; -- --uint32_t --__bump_nl_timestamp (void) --{ -- if (atomic_fetch_add_relaxed (&nl_timestamp, 1) + 1 == 0) -- atomic_fetch_add_relaxed (&nl_timestamp, 1); -- -- return nl_timestamp; --} --#endif -- - static inline uint32_t - get_nl_timestamp (void) - { --#if IS_IN (nscd) -- return nl_timestamp; --#elif defined USE_NSCD -+#if defined USE_NSCD - return __nscd_get_nl_timestamp (); - #else - return 0; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch b/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch deleted file mode 100644 index e124662cb2..0000000000 --- a/src/patches/glibc-2.38/0004-x86-Fix-incorrect-scope-of-setting-shared_per_thread.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 5ea70cc02626d9b85f1570153873d8648a47bf95 Mon Sep 17 00:00:00 2001 -From: Noah Goldstein -Date: Thu, 10 Aug 2023 19:28:24 -0500 -Subject: [PATCH 04/44] x86: Fix incorrect scope of setting `shared_per_thread` - [BZ# 30745] - -The: - -``` - if (shared_per_thread > 0 && threads > 0) - shared_per_thread /= threads; -``` - -Code was accidentally moved to inside the else scope. This doesn't -match how it was previously (before af992e7abd). - -This patch fixes that by putting the division after the `else` block. - -(cherry picked from commit 084fb31bc2c5f95ae0b9e6df4d3cf0ff43471ede) ---- - sysdeps/x86/dl-cacheinfo.h | 7 +++---- - 1 file changed, 3 insertions(+), 4 deletions(-) - -diff --git a/sysdeps/x86/dl-cacheinfo.h b/sysdeps/x86/dl-cacheinfo.h -index 285773039f..5ddb35c9d9 100644 ---- a/sysdeps/x86/dl-cacheinfo.h -+++ b/sysdeps/x86/dl-cacheinfo.h -@@ -770,11 +770,10 @@ get_common_cache_info (long int *shared_ptr, long int * shared_per_thread_ptr, u - level. */ - threads = ((cpu_features->features[CPUID_INDEX_1].cpuid.ebx >> 16) - & 0xff); -- -- /* Get per-thread size of highest level cache. */ -- if (shared_per_thread > 0 && threads > 0) -- shared_per_thread /= threads; - } -+ /* Get per-thread size of highest level cache. */ -+ if (shared_per_thread > 0 && threads > 0) -+ shared_per_thread /= threads; - } - - /* Account for non-inclusive L2 and L3 caches. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch b/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch deleted file mode 100644 index 3ee8410ebe..0000000000 --- a/src/patches/glibc-2.38/0005-x86_64-Fix-build-with-disable-multiarch-BZ-30721.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 6135d50e44233d8c89ca788f78c669941ad09fb9 Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella -Date: Tue, 8 Aug 2023 09:27:54 -0300 -Subject: [PATCH 05/44] x86_64: Fix build with --disable-multiarch (BZ 30721) - -With multiarch disabled, the default memmove implementation provides -the fortify routines for memcpy, mempcpy, and memmove. However, it -does not provide the internal hidden definitions used when building -with fortify enabled. The memset has a similar issue. - -Checked on x86_64-linux-gnu building with different options: -default and --disable-multi-arch plus default, --disable-default-pie, ---enable-fortify-source={2,3}, and --enable-fortify-source={2,3} -with --disable-default-pie. -Tested-by: Andreas K. Huettel -Reviewed-by: Siddhesh Poyarekar - -(cherry picked from commit 51cb52214fcd72849c640b12f5099ed3ac776181) ---- - sysdeps/x86_64/memcpy.S | 2 +- - sysdeps/x86_64/memmove.S | 3 +++ - sysdeps/x86_64/memset.S | 1 + - 3 files changed, 5 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/x86_64/memcpy.S b/sysdeps/x86_64/memcpy.S -index d98500a78a..4922cba657 100644 ---- a/sysdeps/x86_64/memcpy.S -+++ b/sysdeps/x86_64/memcpy.S -@@ -1 +1 @@ --/* Implemented in memcpy.S. */ -+/* Implemented in memmove.S. */ -diff --git a/sysdeps/x86_64/memmove.S b/sysdeps/x86_64/memmove.S -index f0b84e3b52..c3c08165e1 100644 ---- a/sysdeps/x86_64/memmove.S -+++ b/sysdeps/x86_64/memmove.S -@@ -46,6 +46,9 @@ weak_alias (__mempcpy, mempcpy) - - #ifndef USE_MULTIARCH - libc_hidden_builtin_def (memmove) -+libc_hidden_builtin_def (__memmove_chk) -+libc_hidden_builtin_def (__memcpy_chk) -+libc_hidden_builtin_def (__mempcpy_chk) - # if defined SHARED && IS_IN (libc) - strong_alias (memmove, __memcpy) - libc_hidden_ver (memmove, memcpy) -diff --git a/sysdeps/x86_64/memset.S b/sysdeps/x86_64/memset.S -index 7c99df36db..c6df24e8de 100644 ---- a/sysdeps/x86_64/memset.S -+++ b/sysdeps/x86_64/memset.S -@@ -32,6 +32,7 @@ - #include "isa-default-impl.h" - - libc_hidden_builtin_def (memset) -+libc_hidden_builtin_def (__memset_chk) - - #if IS_IN (libc) - libc_hidden_def (__wmemset) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch b/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch deleted file mode 100644 index 925a31935a..0000000000 --- a/src/patches/glibc-2.38/0006-i686-Fix-build-with-disable-multiarch.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 7ac405a74c6069b0627dc2d8449a82a621f8ff06 Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella -Date: Tue, 8 Aug 2023 09:27:55 -0300 -Subject: [PATCH 06/44] i686: Fix build with --disable-multiarch - -Since i686 provides the fortified wrappers for memcpy, mempcpy, -memmove, and memset on the same string implementation, the static -build tries to optimized it by not tying the fortified wrappers -to string routine (to avoid pulling the fortify function if -they are not required). - -Checked on i686-linux-gnu building with different option: -default and --disable-multi-arch plus default, --disable-default-pie, ---enable-fortify-source={2,3}, and --enable-fortify-source={2,3} -with --disable-default-pie. -Reviewed-by: Siddhesh Poyarekar - -(cherry picked from commit c73c96a4a1af1326df7f96eec58209e1e04066d8) ---- - sysdeps/i386/i686/memcpy.S | 2 +- - sysdeps/i386/i686/mempcpy.S | 2 +- - sysdeps/i386/i686/multiarch/memcpy_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/memmove_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/mempcpy_chk.c | 2 ++ - sysdeps/i386/i686/multiarch/memset_chk.c | 2 ++ - 6 files changed, 10 insertions(+), 2 deletions(-) - -diff --git a/sysdeps/i386/i686/memcpy.S b/sysdeps/i386/i686/memcpy.S -index 9b48ec0ea1..b86af4aac9 100644 ---- a/sysdeps/i386/i686/memcpy.S -+++ b/sysdeps/i386/i686/memcpy.S -@@ -27,7 +27,7 @@ - #define LEN SRC+4 - - .text --#if defined PIC && IS_IN (libc) -+#if defined SHARED && IS_IN (libc) - ENTRY_CHK (__memcpy_chk) - movl 12(%esp), %eax - cmpl %eax, 16(%esp) -diff --git a/sysdeps/i386/i686/mempcpy.S b/sysdeps/i386/i686/mempcpy.S -index 26f8501e7d..14d9dd681a 100644 ---- a/sysdeps/i386/i686/mempcpy.S -+++ b/sysdeps/i386/i686/mempcpy.S -@@ -27,7 +27,7 @@ - #define LEN SRC+4 - - .text --#if defined PIC && IS_IN (libc) -+#if defined SHARED && IS_IN (libc) - ENTRY_CHK (__mempcpy_chk) - movl 12(%esp), %eax - cmpl %eax, 16(%esp) -diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.c b/sysdeps/i386/i686/multiarch/memcpy_chk.c -index ec945dc91f..c3a8aeaf18 100644 ---- a/sysdeps/i386/i686/multiarch/memcpy_chk.c -+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memcpy_chk, __memcpy_chk, - __hidden_ver1 (__memcpy_chk, __GI___memcpy_chk, __redirect_memcpy_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memcpy_chk); - # endif -+#else -+# include - #endif -diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.c b/sysdeps/i386/i686/multiarch/memmove_chk.c -index 55c7601d5d..070dde083a 100644 ---- a/sysdeps/i386/i686/multiarch/memmove_chk.c -+++ b/sysdeps/i386/i686/multiarch/memmove_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memmove_chk, __memmove_chk, - __hidden_ver1 (__memmove_chk, __GI___memmove_chk, __redirect_memmove_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memmove_chk); - # endif -+#else -+# include - #endif -diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.c b/sysdeps/i386/i686/multiarch/mempcpy_chk.c -index 83569cf9d9..14360f1828 100644 ---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.c -+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_mempcpy_chk, __mempcpy_chk, - __hidden_ver1 (__mempcpy_chk, __GI___mempcpy_chk, __redirect_mempcpy_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__mempcpy_chk); - # endif -+#else -+# include - #endif -diff --git a/sysdeps/i386/i686/multiarch/memset_chk.c b/sysdeps/i386/i686/multiarch/memset_chk.c -index 1a7503858d..8179ef7c0b 100644 ---- a/sysdeps/i386/i686/multiarch/memset_chk.c -+++ b/sysdeps/i386/i686/multiarch/memset_chk.c -@@ -32,4 +32,6 @@ libc_ifunc_redirected (__redirect_memset_chk, __memset_chk, - __hidden_ver1 (__memset_chk, __GI___memset_chk, __redirect_memset_chk) - __attribute__ ((visibility ("hidden"))) __attribute_copy__ (__memset_chk); - # endif -+#else -+# include - #endif --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch b/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch deleted file mode 100644 index fa4a3704ad..0000000000 --- a/src/patches/glibc-2.38/0007-malloc-Enable-merging-of-remainders-in-memalign-bug-.patch +++ /dev/null @@ -1,301 +0,0 @@ -From 98c293c61f770b6b7a22f89a6ea81b711ecb1952 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Fri, 11 Aug 2023 11:18:17 +0200 -Subject: [PATCH 07/44] malloc: Enable merging of remainders in memalign (bug - 30723) - -Previously, calling _int_free from _int_memalign could put remainders -into the tcache or into fastbins, where they are invisible to the -low-level allocator. This results in missed merge opportunities -because once these freed chunks become available to the low-level -allocator, further memalign allocations (even of the same size are) -likely obstructing merges. - -Furthermore, during forwards merging in _int_memalign, do not -completely give up when the remainder is too small to serve as a -chunk on its own. We can still give it back if it can be merged -with the following unused chunk. This makes it more likely that -memalign calls in a loop achieve a compact memory layout, -independently of initial heap layout. - -Drop some useless (unsigned long) casts along the way, and tweak -the style to more closely match GNU on changed lines. - -Reviewed-by: DJ Delorie -(cherry picked from commit 542b1105852568c3ebc712225ae78b8c8ba31a78) ---- - malloc/malloc.c | 197 +++++++++++++++++++++++++++++------------------- - 1 file changed, 121 insertions(+), 76 deletions(-) - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index e2f1a615a4..948f9759af 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -1086,6 +1086,11 @@ typedef struct malloc_chunk* mchunkptr; - - static void* _int_malloc(mstate, size_t); - static void _int_free(mstate, mchunkptr, int); -+static void _int_free_merge_chunk (mstate, mchunkptr, INTERNAL_SIZE_T); -+static INTERNAL_SIZE_T _int_free_create_chunk (mstate, -+ mchunkptr, INTERNAL_SIZE_T, -+ mchunkptr, INTERNAL_SIZE_T); -+static void _int_free_maybe_consolidate (mstate, INTERNAL_SIZE_T); - static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T, - INTERNAL_SIZE_T); - static void* _int_memalign(mstate, size_t, size_t); -@@ -4637,31 +4642,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) - if (!have_lock) - __libc_lock_lock (av->mutex); - -- nextchunk = chunk_at_offset(p, size); -- -- /* Lightweight tests: check whether the block is already the -- top block. */ -- if (__glibc_unlikely (p == av->top)) -- malloc_printerr ("double free or corruption (top)"); -- /* Or whether the next chunk is beyond the boundaries of the arena. */ -- if (__builtin_expect (contiguous (av) -- && (char *) nextchunk -- >= ((char *) av->top + chunksize(av->top)), 0)) -- malloc_printerr ("double free or corruption (out)"); -- /* Or whether the block is actually not marked used. */ -- if (__glibc_unlikely (!prev_inuse(nextchunk))) -- malloc_printerr ("double free or corruption (!prev)"); -- -- nextsize = chunksize(nextchunk); -- if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) -- || __builtin_expect (nextsize >= av->system_mem, 0)) -- malloc_printerr ("free(): invalid next size (normal)"); -+ _int_free_merge_chunk (av, p, size); - -- free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); -+ if (!have_lock) -+ __libc_lock_unlock (av->mutex); -+ } -+ /* -+ If the chunk was allocated via mmap, release via munmap(). -+ */ -+ -+ else { -+ munmap_chunk (p); -+ } -+} -+ -+/* Try to merge chunk P of SIZE bytes with its neighbors. Put the -+ resulting chunk on the appropriate bin list. P must not be on a -+ bin list yet, and it can be in use. */ -+static void -+_int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size) -+{ -+ mchunkptr nextchunk = chunk_at_offset(p, size); -+ -+ /* Lightweight tests: check whether the block is already the -+ top block. */ -+ if (__glibc_unlikely (p == av->top)) -+ malloc_printerr ("double free or corruption (top)"); -+ /* Or whether the next chunk is beyond the boundaries of the arena. */ -+ if (__builtin_expect (contiguous (av) -+ && (char *) nextchunk -+ >= ((char *) av->top + chunksize(av->top)), 0)) -+ malloc_printerr ("double free or corruption (out)"); -+ /* Or whether the block is actually not marked used. */ -+ if (__glibc_unlikely (!prev_inuse(nextchunk))) -+ malloc_printerr ("double free or corruption (!prev)"); -+ -+ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); -+ if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) -+ || __builtin_expect (nextsize >= av->system_mem, 0)) -+ malloc_printerr ("free(): invalid next size (normal)"); -+ -+ free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); - -- /* consolidate backward */ -- if (!prev_inuse(p)) { -- prevsize = prev_size (p); -+ /* Consolidate backward. */ -+ if (!prev_inuse(p)) -+ { -+ INTERNAL_SIZE_T prevsize = prev_size (p); - size += prevsize; - p = chunk_at_offset(p, -((long) prevsize)); - if (__glibc_unlikely (chunksize(p) != prevsize)) -@@ -4669,9 +4695,25 @@ _int_free (mstate av, mchunkptr p, int have_lock) - unlink_chunk (av, p); - } - -- if (nextchunk != av->top) { -+ /* Write the chunk header, maybe after merging with the following chunk. */ -+ size = _int_free_create_chunk (av, p, size, nextchunk, nextsize); -+ _int_free_maybe_consolidate (av, size); -+} -+ -+/* Create a chunk at P of SIZE bytes, with SIZE potentially increased -+ to cover the immediately following chunk NEXTCHUNK of NEXTSIZE -+ bytes (if NEXTCHUNK is unused). The chunk at P is not actually -+ read and does not have to be initialized. After creation, it is -+ placed on the appropriate bin list. The function returns the size -+ of the new chunk. */ -+static INTERNAL_SIZE_T -+_int_free_create_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size, -+ mchunkptr nextchunk, INTERNAL_SIZE_T nextsize) -+{ -+ if (nextchunk != av->top) -+ { - /* get and clear inuse bit */ -- nextinuse = inuse_bit_at_offset(nextchunk, nextsize); -+ bool nextinuse = inuse_bit_at_offset (nextchunk, nextsize); - - /* consolidate forward */ - if (!nextinuse) { -@@ -4686,8 +4728,8 @@ _int_free (mstate av, mchunkptr p, int have_lock) - been given one chance to be used in malloc. - */ - -- bck = unsorted_chunks(av); -- fwd = bck->fd; -+ mchunkptr bck = unsorted_chunks (av); -+ mchunkptr fwd = bck->fd; - if (__glibc_unlikely (fwd->bk != bck)) - malloc_printerr ("free(): corrupted unsorted chunks"); - p->fd = fwd; -@@ -4706,61 +4748,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) - check_free_chunk(av, p); - } - -- /* -- If the chunk borders the current high end of memory, -- consolidate into top -- */ -- -- else { -+ else -+ { -+ /* If the chunk borders the current high end of memory, -+ consolidate into top. */ - size += nextsize; - set_head(p, size | PREV_INUSE); - av->top = p; - check_chunk(av, p); - } - -- /* -- If freeing a large space, consolidate possibly-surrounding -- chunks. Then, if the total unused topmost memory exceeds trim -- threshold, ask malloc_trim to reduce top. -- -- Unless max_fast is 0, we don't know if there are fastbins -- bordering top, so we cannot tell for sure whether threshold -- has been reached unless fastbins are consolidated. But we -- don't want to consolidate on each free. As a compromise, -- consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD -- is reached. -- */ -+ return size; -+} - -- if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) { -+/* If freeing a large space, consolidate possibly-surrounding -+ chunks. Then, if the total unused topmost memory exceeds trim -+ threshold, ask malloc_trim to reduce top. */ -+static void -+_int_free_maybe_consolidate (mstate av, INTERNAL_SIZE_T size) -+{ -+ /* Unless max_fast is 0, we don't know if there are fastbins -+ bordering top, so we cannot tell for sure whether threshold has -+ been reached unless fastbins are consolidated. But we don't want -+ to consolidate on each free. As a compromise, consolidation is -+ performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached. */ -+ if (size >= FASTBIN_CONSOLIDATION_THRESHOLD) -+ { - if (atomic_load_relaxed (&av->have_fastchunks)) - malloc_consolidate(av); - -- if (av == &main_arena) { -+ if (av == &main_arena) -+ { - #ifndef MORECORE_CANNOT_TRIM -- if ((unsigned long)(chunksize(av->top)) >= -- (unsigned long)(mp_.trim_threshold)) -- systrim(mp_.top_pad, av); -+ if (chunksize (av->top) >= mp_.trim_threshold) -+ systrim (mp_.top_pad, av); - #endif -- } else { -- /* Always try heap_trim(), even if the top chunk is not -- large, because the corresponding heap might go away. */ -- heap_info *heap = heap_for_ptr(top(av)); -+ } -+ else -+ { -+ /* Always try heap_trim, even if the top chunk is not large, -+ because the corresponding heap might go away. */ -+ heap_info *heap = heap_for_ptr (top (av)); - -- assert(heap->ar_ptr == av); -- heap_trim(heap, mp_.top_pad); -- } -+ assert (heap->ar_ptr == av); -+ heap_trim (heap, mp_.top_pad); -+ } - } -- -- if (!have_lock) -- __libc_lock_unlock (av->mutex); -- } -- /* -- If the chunk was allocated via mmap, release via munmap(). -- */ -- -- else { -- munmap_chunk (p); -- } - } - - /* -@@ -5221,7 +5254,7 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - (av != &main_arena ? NON_MAIN_ARENA : 0)); - set_inuse_bit_at_offset (newp, newsize); - set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0)); -- _int_free (av, p, 1); -+ _int_free_merge_chunk (av, p, leadsize); - p = newp; - - assert (newsize >= nb && -@@ -5232,15 +5265,27 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - if (!chunk_is_mmapped (p)) - { - size = chunksize (p); -- if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE)) -+ mchunkptr nextchunk = chunk_at_offset(p, size); -+ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); -+ if (size > nb) - { - remainder_size = size - nb; -- remainder = chunk_at_offset (p, nb); -- set_head (remainder, remainder_size | PREV_INUSE | -- (av != &main_arena ? NON_MAIN_ARENA : 0)); -- set_head_size (p, nb); -- _int_free (av, remainder, 1); -- } -+ if (remainder_size >= MINSIZE -+ || nextchunk == av->top -+ || !inuse_bit_at_offset (nextchunk, nextsize)) -+ { -+ /* We can only give back the tail if it is larger than -+ MINSIZE, or if the following chunk is unused (top -+ chunk or unused in-heap chunk). Otherwise we would -+ create a chunk that is smaller than MINSIZE. */ -+ remainder = chunk_at_offset (p, nb); -+ set_head_size (p, nb); -+ remainder_size = _int_free_create_chunk (av, remainder, -+ remainder_size, -+ nextchunk, nextsize); -+ _int_free_maybe_consolidate (av, remainder_size); -+ } -+ } - } - - check_inuse_chunk (av, p); --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch b/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch deleted file mode 100644 index f2b9acb494..0000000000 --- a/src/patches/glibc-2.38/0008-malloc-Remove-bin-scanning-from-memalign-bug-30723.patch +++ /dev/null @@ -1,269 +0,0 @@ -From 2af141bda3cd407abd4bedf615f9e45fe79518e2 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Thu, 10 Aug 2023 19:36:56 +0200 -Subject: [PATCH 08/44] malloc: Remove bin scanning from memalign (bug 30723) - -On the test workload (mpv --cache=yes with VP9 video decoding), the -bin scanning has a very poor success rate (less than 2%). The tcache -scanning has about 50% success rate, so keep that. - -Update comments in malloc/tst-memalign-2 to indicate the purpose -of the tests. Even with the scanning removed, the additional -merging opportunities since commit 542b1105852568c3ebc712225ae78b -("malloc: Enable merging of remainders in memalign (bug 30723)") -are sufficient to pass the existing large bins test. - -Remove leftover variables from _int_free from refactoring in the -same commit. - -Reviewed-by: DJ Delorie -(cherry picked from commit 0dc7fc1cf094406a138e4d1bcf9553e59edcf89d) ---- - NEWS | 1 + - malloc/malloc.c | 169 ++-------------------------------------- - malloc/tst-memalign-2.c | 7 +- - 3 files changed, 11 insertions(+), 166 deletions(-) - -diff --git a/NEWS b/NEWS -index 872bc8907b..c339cb444e 100644 ---- a/NEWS -+++ b/NEWS -@@ -132,6 +132,7 @@ The following bugs are resolved with this release: - [30555] string: strerror can incorrectly return NULL - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval -+ [30723] posix_memalign repeatedly scans long bin lists - - Version 2.37 - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 948f9759af..d0bbbf3710 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -4488,12 +4488,6 @@ _int_free (mstate av, mchunkptr p, int have_lock) - { - INTERNAL_SIZE_T size; /* its size */ - mfastbinptr *fb; /* associated fastbin */ -- mchunkptr nextchunk; /* next contiguous chunk */ -- INTERNAL_SIZE_T nextsize; /* its size */ -- int nextinuse; /* true if nextchunk is used */ -- INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */ -- mchunkptr bck; /* misc temp for linking */ -- mchunkptr fwd; /* misc temp for linking */ - - size = chunksize (p); - -@@ -5032,42 +5026,6 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize, - ------------------------------ memalign ------------------------------ - */ - --/* Returns 0 if the chunk is not and does not contain the requested -- aligned sub-chunk, else returns the amount of "waste" from -- trimming. NB is the *chunk* byte size, not the user byte -- size. */ --static size_t --chunk_ok_for_memalign (mchunkptr p, size_t alignment, size_t nb) --{ -- void *m = chunk2mem (p); -- INTERNAL_SIZE_T size = chunksize (p); -- void *aligned_m = m; -- -- if (__glibc_unlikely (misaligned_chunk (p))) -- malloc_printerr ("_int_memalign(): unaligned chunk detected"); -- -- aligned_m = PTR_ALIGN_UP (m, alignment); -- -- INTERNAL_SIZE_T front_extra = (intptr_t) aligned_m - (intptr_t) m; -- -- /* We can't trim off the front as it's too small. */ -- if (front_extra > 0 && front_extra < MINSIZE) -- return 0; -- -- /* If it's a perfect fit, it's an exception to the return value rule -- (we would return zero waste, which looks like "not usable"), so -- handle it here by returning a small non-zero value instead. */ -- if (size == nb && front_extra == 0) -- return 1; -- -- /* If the block we need fits in the chunk, calculate total waste. */ -- if (size > nb + front_extra) -- return size - nb; -- -- /* Can't use this chunk. */ -- return 0; --} -- - /* BYTES is user requested bytes, not requested chunksize bytes. */ - static void * - _int_memalign (mstate av, size_t alignment, size_t bytes) -@@ -5082,7 +5040,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - mchunkptr remainder; /* spare room at end to split off */ - unsigned long remainder_size; /* its size */ - INTERNAL_SIZE_T size; -- mchunkptr victim; - - nb = checked_request2size (bytes); - if (nb == 0) -@@ -5101,129 +5058,13 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) - we don't find anything in those bins, the common malloc code will - scan starting at 2x. */ - -- /* This will be set if we found a candidate chunk. */ -- victim = NULL; -- -- /* Fast bins are singly-linked, hard to remove a chunk from the middle -- and unlikely to meet our alignment requirements. We have not done -- any experimentation with searching for aligned fastbins. */ -- -- if (av != NULL) -- { -- int first_bin_index; -- int first_largebin_index; -- int last_bin_index; -- -- if (in_smallbin_range (nb)) -- first_bin_index = smallbin_index (nb); -- else -- first_bin_index = largebin_index (nb); -- -- if (in_smallbin_range (nb * 2)) -- last_bin_index = smallbin_index (nb * 2); -- else -- last_bin_index = largebin_index (nb * 2); -- -- first_largebin_index = largebin_index (MIN_LARGE_SIZE); -- -- int victim_index; /* its bin index */ -- -- for (victim_index = first_bin_index; -- victim_index < last_bin_index; -- victim_index ++) -- { -- victim = NULL; -- -- if (victim_index < first_largebin_index) -- { -- /* Check small bins. Small bin chunks are doubly-linked despite -- being the same size. */ -- -- mchunkptr fwd; /* misc temp for linking */ -- mchunkptr bck; /* misc temp for linking */ -- -- bck = bin_at (av, victim_index); -- fwd = bck->fd; -- while (fwd != bck) -- { -- if (chunk_ok_for_memalign (fwd, alignment, nb) > 0) -- { -- victim = fwd; -- -- /* Unlink it */ -- victim->fd->bk = victim->bk; -- victim->bk->fd = victim->fd; -- break; -- } -- -- fwd = fwd->fd; -- } -- } -- else -- { -- /* Check large bins. */ -- mchunkptr fwd; /* misc temp for linking */ -- mchunkptr bck; /* misc temp for linking */ -- mchunkptr best = NULL; -- size_t best_size = 0; -- -- bck = bin_at (av, victim_index); -- fwd = bck->fd; -+ /* Call malloc with worst case padding to hit alignment. */ -+ m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); - -- while (fwd != bck) -- { -- int extra; -- -- if (chunksize (fwd) < nb) -- break; -- extra = chunk_ok_for_memalign (fwd, alignment, nb); -- if (extra > 0 -- && (extra <= best_size || best == NULL)) -- { -- best = fwd; -- best_size = extra; -- } -+ if (m == 0) -+ return 0; /* propagate failure */ - -- fwd = fwd->fd; -- } -- victim = best; -- -- if (victim != NULL) -- { -- unlink_chunk (av, victim); -- break; -- } -- } -- -- if (victim != NULL) -- break; -- } -- } -- -- /* Strategy: find a spot within that chunk that meets the alignment -- request, and then possibly free the leading and trailing space. -- This strategy is incredibly costly and can lead to external -- fragmentation if header and footer chunks are unused. */ -- -- if (victim != NULL) -- { -- p = victim; -- m = chunk2mem (p); -- set_inuse (p); -- if (av != &main_arena) -- set_non_main_arena (p); -- } -- else -- { -- /* Call malloc with worst case padding to hit alignment. */ -- -- m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); -- -- if (m == 0) -- return 0; /* propagate failure */ -- -- p = mem2chunk (m); -- } -+ p = mem2chunk (m); - - if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */ - { -diff --git a/malloc/tst-memalign-2.c b/malloc/tst-memalign-2.c -index f229283dbf..ecd6fa249e 100644 ---- a/malloc/tst-memalign-2.c -+++ b/malloc/tst-memalign-2.c -@@ -86,7 +86,8 @@ do_test (void) - TEST_VERIFY (tcache_allocs[i].ptr1 == tcache_allocs[i].ptr2); - } - -- /* Test for non-head tcache hits. */ -+ /* Test for non-head tcache hits. This exercises the memalign -+ scanning code to find matching allocations. */ - for (i = 0; i < array_length (ptr); ++ i) - { - if (i == 4) -@@ -113,7 +114,9 @@ do_test (void) - free (p); - TEST_VERIFY (count > 0); - -- /* Large bins test. */ -+ /* Large bins test. This verifies that the over-allocated parts -+ that memalign releases for future allocations can be reused by -+ memalign itself at least in some cases. */ - - for (i = 0; i < LN; ++ i) - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch b/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch deleted file mode 100644 index 20b92763f1..0000000000 --- a/src/patches/glibc-2.38/0009-sysdeps-tst-bz21269-fix-test-parameter.patch +++ /dev/null @@ -1,31 +0,0 @@ -From c8ecda6251dd4a0dfe074e0a6011211cadeef742 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Fri, 4 Aug 2023 23:58:27 +0100 -Subject: [PATCH 09/44] sysdeps: tst-bz21269: fix test parameter - -All callers pass 1 or 0x11 anyway (same meaning according to man page), -but still. - -Reviewed-by: DJ Delorie -Signed-off-by: Sam James -(cherry picked from commit e0b712dd9183d527aae4506cd39564c14af3bb28) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index 51d4a1b082..f508ef8f16 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -52,7 +52,7 @@ xset_thread_area (struct user_desc *u_info) - static void - xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - { -- TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, 1, ptr, bytecount) == 0); -+ TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0); - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch b/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch deleted file mode 100644 index 18fd8450f6..0000000000 --- a/src/patches/glibc-2.38/0010-sysdeps-tst-bz21269-handle-ENOSYS-skip-appropriately.patch +++ /dev/null @@ -1,42 +0,0 @@ -From ad9b8399537670a990572c4b0c4da5411e3b68cf Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Sat, 5 Aug 2023 00:04:33 +0100 -Subject: [PATCH 10/44] sysdeps: tst-bz21269: handle ENOSYS & skip - appropriately - -SYS_modify_ldt requires CONFIG_MODIFY_LDT_SYSCALL to be set in the kernel, which -some distributions may disable for hardening. Check if that's the case (unset) -and mark the test as UNSUPPORTED if so. - -Reviewed-by: DJ Delorie -Signed-off-by: Sam James -(cherry picked from commit 652b9fdb77d9fd056d4dd26dad2c14142768ab49) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index f508ef8f16..28f5359bea 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -52,7 +52,16 @@ xset_thread_area (struct user_desc *u_info) - static void - xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - { -- TEST_VERIFY_EXIT (syscall (SYS_modify_ldt, func, ptr, bytecount) == 0); -+ long ret = syscall (SYS_modify_ldt, func, ptr, bytecount); -+ -+ if (ret == -1) -+ { -+ if (errno == ENOSYS) -+ FAIL_UNSUPPORTED ("modify_ldt not supported"); -+ FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno); -+ } -+ -+ return 0; - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch b/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch deleted file mode 100644 index a9681b8f24..0000000000 --- a/src/patches/glibc-2.38/0011-sysdeps-tst-bz21269-fix-Wreturn-type.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 1aed90c9c8f8be9f68b58e96b6e4cd0fc08eb2b1 Mon Sep 17 00:00:00 2001 -From: Sam James -Date: Thu, 17 Aug 2023 09:30:29 +0100 -Subject: [PATCH 11/44] sysdeps: tst-bz21269: fix -Wreturn-type - -Thanks to Andreas Schwab for reporting. - -Fixes: 652b9fdb77d9fd056d4dd26dad2c14142768ab49 -Signed-off-by: Sam James -(cherry picked from commit 369f373057073c307938da91af16922bda3dff6a) ---- - sysdeps/unix/sysv/linux/i386/tst-bz21269.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -index 28f5359bea..822c41fceb 100644 ---- a/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -+++ b/sysdeps/unix/sysv/linux/i386/tst-bz21269.c -@@ -60,8 +60,6 @@ xmodify_ldt (int func, const void *ptr, unsigned long bytecount) - FAIL_UNSUPPORTED ("modify_ldt not supported"); - FAIL_EXIT1 ("modify_ldt failed (errno=%d)", errno); - } -- -- return 0; - } - - static int --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch b/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch deleted file mode 100644 index 4752c800a5..0000000000 --- a/src/patches/glibc-2.38/0012-io-Fix-record-locking-contants-for-powerpc64-with-__.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 5bdef6f27c91f45505ed5444147be4ed0e9bc3c7 Mon Sep 17 00:00:00 2001 -From: Aurelien Jarno -Date: Mon, 28 Aug 2023 23:30:37 +0200 -Subject: [PATCH 12/44] io: Fix record locking contants for powerpc64 with - __USE_FILE_OFFSET64 - -Commit 5f828ff824e3b7cd1 ("io: Fix F_GETLK, F_SETLK, and F_SETLKW for -powerpc64") fixed an issue with the value of the lock constants on -powerpc64 when not using __USE_FILE_OFFSET64, but it ended-up also -changing the value when using __USE_FILE_OFFSET64 causing an API change. - -Fix that by also checking that define, restoring the pre -4d0fe291aed3a476a commit values: - -Default values: -- F_GETLK: 5 -- F_SETLK: 6 -- F_SETLKW: 7 - -With -D_FILE_OFFSET_BITS=64: -- F_GETLK: 12 -- F_SETLK: 13 -- F_SETLKW: 14 - -At the same time, it has been noticed that there was no test for io lock -with __USE_FILE_OFFSET64, so just add one. - -Tested on x86_64-linux-gnu, i686-linux-gnu and -powerpc64le-unknown-linux-gnu. - -Resolves: BZ #30804. -Co-authored-by: Adhemerval Zanella -Signed-off-by: Aurelien Jarno -(cherry picked from commit 434bf72a94de68f0cc7fbf3c44bf38c1911b70cb) ---- - NEWS | 2 ++ - io/Makefile | 1 + - io/tst-fcntl-lock-lfs.c | 2 ++ - sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h | 2 +- - 4 files changed, 6 insertions(+), 1 deletion(-) - create mode 100644 io/tst-fcntl-lock-lfs.c - -diff --git a/NEWS b/NEWS -index c339cb444e..8156572cdf 100644 ---- a/NEWS -+++ b/NEWS -@@ -133,6 +133,8 @@ The following bugs are resolved with this release: - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval - [30723] posix_memalign repeatedly scans long bin lists -+ [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -+ -D_FILE_OFFSET_BITS=64 - - Version 2.37 - -diff --git a/io/Makefile b/io/Makefile -index 6ccc0e8691..8a3c83a3bb 100644 ---- a/io/Makefile -+++ b/io/Makefile -@@ -192,6 +192,7 @@ tests := \ - tst-fchownat \ - tst-fcntl \ - tst-fcntl-lock \ -+ tst-fcntl-lock-lfs \ - tst-fstatat \ - tst-fts \ - tst-fts-lfs \ -diff --git a/io/tst-fcntl-lock-lfs.c b/io/tst-fcntl-lock-lfs.c -new file mode 100644 -index 0000000000..f2a909fb02 ---- /dev/null -+++ b/io/tst-fcntl-lock-lfs.c -@@ -0,0 +1,2 @@ -+#define _FILE_OFFSET_BITS 64 -+#include -diff --git a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -index f7615a447e..d8a291a331 100644 ---- a/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -+++ b/sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h -@@ -33,7 +33,7 @@ - # define __O_LARGEFILE 0200000 - #endif - --#if __WORDSIZE == 64 -+#if __WORDSIZE == 64 && !defined __USE_FILE_OFFSET64 - # define F_GETLK 5 - # define F_SETLK 6 - # define F_SETLKW 7 --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch b/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch deleted file mode 100644 index 5e5520e3d3..0000000000 --- a/src/patches/glibc-2.38/0013-libio-Fix-oversized-__io_vtables.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 92201f16cbcfd9eafe314ef6654be2ea7ba25675 Mon Sep 17 00:00:00 2001 -From: Adam Jackson -Date: Fri, 8 Sep 2023 15:55:19 -0400 -Subject: [PATCH 13/44] libio: Fix oversized __io_vtables - -IO_VTABLES_LEN is the size of the struct array in bytes, not the number -of __IO_jump_t's in the array. Drops just under 384kb from .rodata on -LP64 machines. - -Fixes: 3020f72618e ("libio: Remove the usage of __libc_IO_vtables") -Signed-off-by: Adam Jackson -Reviewed-by: Florian Weimer -Tested-by: Florian Weimer -(cherry picked from commit 8cb69e054386f980f9ff4d93b157861d72b2019e) ---- - libio/vtables.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/libio/vtables.c b/libio/vtables.c -index 1d8ad612e9..34f7e15f1c 100644 ---- a/libio/vtables.c -+++ b/libio/vtables.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - #include - #include - -@@ -88,7 +89,7 @@ - # pragma weak __wprintf_buffer_as_file_xsputn - #endif - --const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro = -+const struct _IO_jump_t __io_vtables[] attribute_relro = - { - /* _IO_str_jumps */ - [IO_STR_JUMPS] = -@@ -485,6 +486,8 @@ const struct _IO_jump_t __io_vtables[IO_VTABLES_LEN] attribute_relro = - }, - #endif - }; -+_Static_assert (array_length (__io_vtables) == IO_VTABLES_NUM, -+ "initializer count"); - - #ifdef SHARED - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch b/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch deleted file mode 100644 index 4a15147da5..0000000000 --- a/src/patches/glibc-2.38/0014-elf-Do-not-run-constructors-for-proxy-objects.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 7ae211a01b085d0bde54bd13b887ce8f9d57c2b4 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Tue, 22 Aug 2023 13:56:25 +0200 -Subject: [PATCH 14/44] elf: Do not run constructors for proxy objects - -Otherwise, the ld.so constructor runs for each audit namespace -and each dlmopen namespace. - -(cherry picked from commit f6c8204fd7fabf0cf4162eaf10ccf23258e4d10e) ---- - elf/dl-init.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/elf/dl-init.c b/elf/dl-init.c -index 5b0732590f..ba4d2fdc85 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -25,10 +25,14 @@ - static void - call_init (struct link_map *l, int argc, char **argv, char **env) - { -+ /* Do not run constructors for proxy objects. */ -+ if (l != l->l_real) -+ return; -+ - /* If the object has not been relocated, this is a bug. The - function pointers are invalid in this case. (Executables do not -- need relocation, and neither do proxy objects.) */ -- assert (l->l_real->l_relocated || l->l_real->l_type == lt_executable); -+ need relocation.) */ -+ assert (l->l_relocated || l->l_type == lt_executable); - - if (l->l_init_called) - /* This object is all done. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch b/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch deleted file mode 100644 index bfc994bc8c..0000000000 --- a/src/patches/glibc-2.38/0015-elf-Always-call-destructors-in-reverse-constructor-o.patch +++ /dev/null @@ -1,669 +0,0 @@ -From a3189f66a5f2fe86568286fa025fa153be04c6c0 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Fri, 8 Sep 2023 12:32:14 +0200 -Subject: [PATCH 15/44] elf: Always call destructors in reverse constructor - order (bug 30785) - -The current implementation of dlclose (and process exit) re-sorts the -link maps before calling ELF destructors. Destructor order is not the -reverse of the constructor order as a result: The second sort takes -relocation dependencies into account, and other differences can result -from ambiguous inputs, such as cycles. (The force_first handling in -_dl_sort_maps is not effective for dlclose.) After the changes in -this commit, there is still a required difference due to -dlopen/dlclose ordering by the application, but the previous -discrepancies went beyond that. - -A new global (namespace-spanning) list of link maps, -_dl_init_called_list, is updated right before ELF constructors are -called from _dl_init. - -In dl_close_worker, the maps variable, an on-stack variable length -array, is eliminated. (VLAs are problematic, and dlclose should not -call malloc because it cannot readily deal with malloc failure.) -Marking still-used objects uses the namespace list directly, with -next and next_idx replacing the done_index variable. - -After marking, _dl_init_called_list is used to call the destructors -of now-unused maps in reverse destructor order. These destructors -can call dlopen. Previously, new objects do not have l_map_used set. -This had to change: There is no copy of the link map list anymore, -so processing would cover newly opened (and unmarked) mappings, -unloading them. Now, _dl_init (indirectly) sets l_map_used, too. -(dlclose is handled by the existing reentrancy guard.) - -After _dl_init_called_list traversal, two more loops follow. The -processing order changes to the original link map order in the -namespace. Previously, dependency order was used. The difference -should not matter because relocation dependencies could already -reorder link maps in the old code. - -The changes to _dl_fini remove the sorting step and replace it with -a traversal of _dl_init_called_list. The l_direct_opencount -decrement outside the loader lock is removed because it appears -incorrect: the counter manipulation could race with other dynamic -loader operations. - -tst-audit23 needs adjustments to the changes in LA_ACT_DELETE -notifications. The new approach for checking la_activity should -make it clearer that la_activty calls come in pairs around namespace -updates. - -The dependency sorting test cases need updates because the destructor -order is always the opposite order of constructor order, even with -relocation dependencies or cycles present. - -There is a future cleanup opportunity to remove the now-constant -force_first and for_fini arguments from the _dl_sort_maps function. - -Fixes commit 1df71d32fe5f5905ffd5d100e5e9ca8ad62 ("elf: Implement -force_first handling in _dl_sort_maps_dfs (bug 28937)"). - -Reviewed-by: DJ Delorie -(cherry picked from commit 6985865bc3ad5b23147ee73466583dd7fdf65892) ---- - NEWS | 7 ++ - elf/dl-close.c | 113 +++++++++++++++++---------- - elf/dl-fini.c | 152 +++++++++++++------------------------ - elf/dl-init.c | 16 ++++ - elf/dso-sort-tests-1.def | 19 ++--- - elf/tst-audit23.c | 44 ++++++----- - include/link.h | 4 + - sysdeps/generic/ldsodefs.h | 4 + - 8 files changed, 186 insertions(+), 173 deletions(-) - -diff --git a/NEWS b/NEWS -index 8156572cdf..f1a14f45dd 100644 ---- a/NEWS -+++ b/NEWS -@@ -4,6 +4,13 @@ See the end for copying conditions. - - Please send GNU C library bug reports via - using `glibc' in the "product" field. -+ -+Version 2.38.1 -+ -+The following bugs are resolved with this release: -+ -+ [30785] Always call destructors in reverse constructor order -+ - - Version 2.38 - -diff --git a/elf/dl-close.c b/elf/dl-close.c -index b887a44888..ea62d0e601 100644 ---- a/elf/dl-close.c -+++ b/elf/dl-close.c -@@ -138,30 +138,31 @@ _dl_close_worker (struct link_map *map, bool force) - - bool any_tls = false; - const unsigned int nloaded = ns->_ns_nloaded; -- struct link_map *maps[nloaded]; - -- /* Run over the list and assign indexes to the link maps and enter -- them into the MAPS array. */ -+ /* Run over the list and assign indexes to the link maps. */ - int idx = 0; - for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next) - { - l->l_map_used = 0; - l->l_map_done = 0; - l->l_idx = idx; -- maps[idx] = l; - ++idx; - } - assert (idx == nloaded); - -- /* Keep track of the lowest index link map we have covered already. */ -- int done_index = -1; -- while (++done_index < nloaded) -+ /* Keep marking link maps until no new link maps are found. */ -+ for (struct link_map *l = ns->_ns_loaded; l != NULL; ) - { -- struct link_map *l = maps[done_index]; -+ /* next is reset to earlier link maps for remarking. */ -+ struct link_map *next = l->l_next; -+ int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */ - - if (l->l_map_done) -- /* Already handled. */ -- continue; -+ { -+ /* Already handled. */ -+ l = next; -+ continue; -+ } - - /* Check whether this object is still used. */ - if (l->l_type == lt_loaded -@@ -171,7 +172,10 @@ _dl_close_worker (struct link_map *map, bool force) - acquire is sufficient and correct. */ - && atomic_load_acquire (&l->l_tls_dtor_count) == 0 - && !l->l_map_used) -- continue; -+ { -+ l = next; -+ continue; -+ } - - /* We need this object and we handle it now. */ - l->l_map_used = 1; -@@ -198,8 +202,11 @@ _dl_close_worker (struct link_map *map, bool force) - already processed it, then we need to go back - and process again from that point forward to - ensure we keep all of its dependencies also. */ -- if ((*lp)->l_idx - 1 < done_index) -- done_index = (*lp)->l_idx - 1; -+ if ((*lp)->l_idx < next_idx) -+ { -+ next = *lp; -+ next_idx = next->l_idx; -+ } - } - } - -@@ -219,44 +226,65 @@ _dl_close_worker (struct link_map *map, bool force) - if (!jmap->l_map_used) - { - jmap->l_map_used = 1; -- if (jmap->l_idx - 1 < done_index) -- done_index = jmap->l_idx - 1; -+ if (jmap->l_idx < next_idx) -+ { -+ next = jmap; -+ next_idx = next->l_idx; -+ } - } - } - } -- } - -- /* Sort the entries. We can skip looking for the binary itself which is -- at the front of the search list for the main namespace. */ -- _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true); -+ l = next; -+ } - -- /* Call all termination functions at once. */ -- bool unload_any = false; -- bool scope_mem_left = false; -- unsigned int unload_global = 0; -- unsigned int first_loaded = ~0; -- for (unsigned int i = 0; i < nloaded; ++i) -+ /* Call the destructors in reverse constructor order, and remove the -+ closed link maps from the list. */ -+ for (struct link_map **init_called_head = &_dl_init_called_list; -+ *init_called_head != NULL; ) - { -- struct link_map *imap = maps[i]; -+ struct link_map *imap = *init_called_head; - -- /* All elements must be in the same namespace. */ -- assert (imap->l_ns == nsid); -- -- if (!imap->l_map_used) -+ /* _dl_init_called_list is global, to produce a global odering. -+ Ignore the other namespaces (and link maps that are still used). */ -+ if (imap->l_ns != nsid || imap->l_map_used) -+ init_called_head = &imap->l_init_called_next; -+ else - { - assert (imap->l_type == lt_loaded && !imap->l_nodelete_active); - -- /* Call its termination function. Do not do it for -- half-cooked objects. Temporarily disable exception -- handling, so that errors are fatal. */ -- if (imap->l_init_called) -+ /* _dl_init_called_list is updated at the same time as -+ l_init_called. */ -+ assert (imap->l_init_called); -+ -+ if (imap->l_info[DT_FINI_ARRAY] != NULL -+ || imap->l_info[DT_FINI] != NULL) - _dl_catch_exception (NULL, _dl_call_fini, imap); - - #ifdef SHARED - /* Auditing checkpoint: we remove an object. */ - _dl_audit_objclose (imap); - #endif -+ /* Unlink this link map. */ -+ *init_called_head = imap->l_init_called_next; -+ } -+ } -+ -+ -+ bool unload_any = false; -+ bool scope_mem_left = false; -+ unsigned int unload_global = 0; -+ -+ /* For skipping un-unloadable link maps in the second loop. */ -+ struct link_map *first_loaded = ns->_ns_loaded; - -+ /* Iterate over the namespace to find objects to unload. Some -+ unloadable objects may not be on _dl_init_called_list due to -+ dlopen failure. */ -+ for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next) -+ { -+ if (!imap->l_map_used) -+ { - /* This object must not be used anymore. */ - imap->l_removed = 1; - -@@ -267,8 +295,8 @@ _dl_close_worker (struct link_map *map, bool force) - ++unload_global; - - /* Remember where the first dynamically loaded object is. */ -- if (i < first_loaded) -- first_loaded = i; -+ if (first_loaded == NULL) -+ first_loaded = imap; - } - /* Else imap->l_map_used. */ - else if (imap->l_type == lt_loaded) -@@ -404,8 +432,8 @@ _dl_close_worker (struct link_map *map, bool force) - imap->l_loader = NULL; - - /* Remember where the first dynamically loaded object is. */ -- if (i < first_loaded) -- first_loaded = i; -+ if (first_loaded == NULL) -+ first_loaded = imap; - } - } - -@@ -476,10 +504,11 @@ _dl_close_worker (struct link_map *map, bool force) - - /* Check each element of the search list to see if all references to - it are gone. */ -- for (unsigned int i = first_loaded; i < nloaded; ++i) -+ for (struct link_map *imap = first_loaded; imap != NULL; ) - { -- struct link_map *imap = maps[i]; -- if (!imap->l_map_used) -+ if (imap->l_map_used) -+ imap = imap->l_next; -+ else - { - assert (imap->l_type == lt_loaded); - -@@ -690,7 +719,9 @@ _dl_close_worker (struct link_map *map, bool force) - if (imap == GL(dl_initfirst)) - GL(dl_initfirst) = NULL; - -+ struct link_map *next = imap->l_next; - free (imap); -+ imap = next; - } - } - -diff --git a/elf/dl-fini.c b/elf/dl-fini.c -index 9acb64f47c..e201d36651 100644 ---- a/elf/dl-fini.c -+++ b/elf/dl-fini.c -@@ -24,116 +24,68 @@ - void - _dl_fini (void) - { -- /* Lots of fun ahead. We have to call the destructors for all still -- loaded objects, in all namespaces. The problem is that the ELF -- specification now demands that dependencies between the modules -- are taken into account. I.e., the destructor for a module is -- called before the ones for any of its dependencies. -- -- To make things more complicated, we cannot simply use the reverse -- order of the constructors. Since the user might have loaded objects -- using `dlopen' there are possibly several other modules with its -- dependencies to be taken into account. Therefore we have to start -- determining the order of the modules once again from the beginning. */ -- -- /* We run the destructors of the main namespaces last. As for the -- other namespaces, we pick run the destructors in them in reverse -- order of the namespace ID. */ --#ifdef SHARED -- int do_audit = 0; -- again: --#endif -- for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns) -- { -- /* Protect against concurrent loads and unloads. */ -- __rtld_lock_lock_recursive (GL(dl_load_lock)); -- -- unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded; -- /* No need to do anything for empty namespaces or those used for -- auditing DSOs. */ -- if (nloaded == 0 --#ifdef SHARED -- || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit --#endif -- ) -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- else -- { -+ /* Call destructors strictly in the reverse order of constructors. -+ This causes fewer surprises than some arbitrary reordering based -+ on new (relocation) dependencies. None of the objects are -+ unmapped, so applications can deal with this if their DSOs remain -+ in a consistent state after destructors have run. */ -+ -+ /* Protect against concurrent loads and unloads. */ -+ __rtld_lock_lock_recursive (GL(dl_load_lock)); -+ -+ /* Ignore objects which are opened during shutdown. */ -+ struct link_map *local_init_called_list = _dl_init_called_list; -+ -+ for (struct link_map *l = local_init_called_list; l != NULL; -+ l = l->l_init_called_next) -+ /* Bump l_direct_opencount of all objects so that they -+ are not dlclose()ed from underneath us. */ -+ ++l->l_direct_opencount; -+ -+ /* After this point, everything linked from local_init_called_list -+ cannot be unloaded because of the reference counter update. */ -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ -+ /* Perform two passes: One for non-audit modules, one for audit -+ modules. This way, audit modules receive unload notifications -+ for non-audit objects, and the destructors for audit modules -+ still run. */ - #ifdef SHARED -- _dl_audit_activity_nsid (ns, LA_ACT_DELETE); -+ int last_pass = GLRO(dl_naudit) > 0; -+ Lmid_t last_ns = -1; -+ for (int do_audit = 0; do_audit <= last_pass; ++do_audit) - #endif -- -- /* Now we can allocate an array to hold all the pointers and -- copy the pointers in. */ -- struct link_map *maps[nloaded]; -- -- unsigned int i; -- struct link_map *l; -- assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL); -- for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next) -- /* Do not handle ld.so in secondary namespaces. */ -- if (l == l->l_real) -- { -- assert (i < nloaded); -- -- maps[i] = l; -- l->l_idx = i; -- ++i; -- -- /* Bump l_direct_opencount of all objects so that they -- are not dlclose()ed from underneath us. */ -- ++l->l_direct_opencount; -- } -- assert (ns != LM_ID_BASE || i == nloaded); -- assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1); -- unsigned int nmaps = i; -- -- /* Now we have to do the sorting. We can skip looking for the -- binary itself which is at the front of the search list for -- the main namespace. */ -- _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true); -- -- /* We do not rely on the linked list of loaded object anymore -- from this point on. We have our own list here (maps). The -- various members of this list cannot vanish since the open -- count is too high and will be decremented in this loop. So -- we release the lock so that some code which might be called -- from a destructor can directly or indirectly access the -- lock. */ -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- -- /* 'maps' now contains the objects in the right order. Now -- call the destructors. We have to process this array from -- the front. */ -- for (i = 0; i < nmaps; ++i) -- { -- struct link_map *l = maps[i]; -- -- if (l->l_init_called) -- { -- _dl_call_fini (l); -+ for (struct link_map *l = local_init_called_list; l != NULL; -+ l = l->l_init_called_next) -+ { - #ifdef SHARED -- /* Auditing checkpoint: another object closed. */ -- _dl_audit_objclose (l); -+ if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit) -+ continue; -+ -+ /* Avoid back-to-back calls of _dl_audit_activity_nsid for the -+ same namespace. */ -+ if (last_ns != l->l_ns) -+ { -+ if (last_ns >= 0) -+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -+ _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE); -+ last_ns = l->l_ns; -+ } - #endif -- } - -- /* Correct the previous increment. */ -- --l->l_direct_opencount; -- } -+ /* There is no need to re-enable exceptions because _dl_fini -+ is not called from a context where exceptions are caught. */ -+ _dl_call_fini (l); - - #ifdef SHARED -- _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT); -+ /* Auditing checkpoint: another object closed. */ -+ _dl_audit_objclose (l); - #endif -- } -- } -+ } - - #ifdef SHARED -- if (! do_audit && GLRO(dl_naudit) > 0) -- { -- do_audit = 1; -- goto again; -- } -+ if (last_ns >= 0) -+ _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); - - if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS)) - _dl_debug_printf ("\nruntime linker statistics:\n" -diff --git a/elf/dl-init.c b/elf/dl-init.c -index ba4d2fdc85..ffd05b7806 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -21,6 +21,7 @@ - #include - #include - -+struct link_map *_dl_init_called_list; - - static void - call_init (struct link_map *l, int argc, char **argv, char **env) -@@ -42,6 +43,21 @@ call_init (struct link_map *l, int argc, char **argv, char **env) - dependency. */ - l->l_init_called = 1; - -+ /* Help an already-running dlclose: The just-loaded object must not -+ be removed during the current pass. (No effect if no dlclose in -+ progress.) */ -+ l->l_map_used = 1; -+ -+ /* Record execution before starting any initializers. This way, if -+ the initializers themselves call dlopen, their ELF destructors -+ will eventually be run before this object is destructed, matching -+ that their ELF constructors have run before this object was -+ constructed. _dl_fini uses this list for audit callbacks, so -+ register objects on the list even if they do not have a -+ constructor. */ -+ l->l_init_called_next = _dl_init_called_list; -+ _dl_init_called_list = l; -+ - /* Check for object which constructors we do not run here. */ - if (__builtin_expect (l->l_name[0], 'a') == '\0' - && l->l_type == lt_executable) -diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def -index 4bf9052db1..61dc54f8ae 100644 ---- a/elf/dso-sort-tests-1.def -+++ b/elf/dso-sort-tests-1.def -@@ -53,21 +53,14 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c - output: b>a>{}b->c->d order). --# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based --# dynamic_sort=2 algorithm does, although it is still arguable whether going --# beyond spec to do this is the right thing to do. --# The below expected outputs are what the two algorithms currently produce --# respectively, for regression testing purposes. -+# relocation(dynamic) dependencies. For both sorting algorithms, the -+# destruction order is the reverse of the construction order, and -+# relocation dependencies are not taken into account. - tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c --output(glibc.rtld.dynamic_sort=1): {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[a1;a->a2;a2->a;b->b1;c->a1;c=>a1 --output(glibc.rtld.dynamic_sort=1): {+a[a2>a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());} -Date: Fri, 8 Sep 2023 13:02:06 +0200 -Subject: [PATCH 16/44] elf: Remove unused l_text_end field from struct - link_map - -It is a left-over from commit 52a01100ad011293197637e42b5be1a479a2 -("elf: Remove ad-hoc restrictions on dlopen callers [BZ #22787]"). - -When backporting commmit 6985865bc3ad5b23147ee73466583dd7fdf65892 -("elf: Always call destructors in reverse constructor order -(bug 30785)"), we can move the l_init_called_next field to this -place, so that the internal GLIBC_PRIVATE ABI does not change. - -Reviewed-by: Carlos O'Donell -Tested-by: Carlos O'Donell -(cherry picked from commit 53df2ce6885da3d0e89e87dca7b095622296014f) ---- - elf/dl-load.c | 2 +- - elf/dl-load.h | 7 ++----- - elf/rtld.c | 6 ------ - elf/setup-vdso.h | 4 ---- - include/link.h | 2 -- - 5 files changed, 3 insertions(+), 18 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 9a87fda9c9..2923b1141d 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, - - /* Now process the load commands and map segments into memory. - This is responsible for filling in: -- l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr -+ l_map_start, l_map_end, l_addr, l_contiguous, l_phdr - */ - errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, - maplength, has_holes, loader); -diff --git a/elf/dl-load.h b/elf/dl-load.h -index ecf6910c68..1d5207694b 100644 ---- a/elf/dl-load.h -+++ b/elf/dl-load.h -@@ -83,14 +83,11 @@ struct loadcmd - - /* This is a subroutine of _dl_map_segments. It should be called for each - load command, some time after L->l_addr has been set correctly. It is -- responsible for setting up the l_text_end and l_phdr fields. */ -+ responsible for setting the l_phdr fields */ - static __always_inline void - _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - const struct loadcmd *c) - { -- if (c->prot & PROT_EXEC) -- l->l_text_end = l->l_addr + c->mapend; -- - if (l->l_phdr == 0 - && c->mapoff <= header->e_phoff - && ((size_t) (c->mapend - c->mapstart + c->mapoff) -@@ -103,7 +100,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - - /* This is a subroutine of _dl_map_object_from_fd. It is responsible - for filling in several fields in *L: l_map_start, l_map_end, l_addr, -- l_contiguous, l_text_end, l_phdr. On successful return, all the -+ l_contiguous, l_phdr. On successful return, all the - segments are mapped (or copied, or whatever) from the file into their - final places in the address space, with the correct page permissions, - and any bss-like regions already zeroed. It returns a null pointer -diff --git a/elf/rtld.c b/elf/rtld.c -index a91e2a4471..5107d16fe3 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -477,7 +477,6 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) - GL(dl_rtld_map).l_real = &GL(dl_rtld_map); - GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; - GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; -- GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext; - /* Copy the TLS related data if necessary. */ - #ifndef DONT_USE_BOOTSTRAP_MAP - # if NO_TLS_OFFSET != 0 -@@ -1119,7 +1118,6 @@ rtld_setup_main_map (struct link_map *main_map) - bool has_interp = false; - - main_map->l_map_end = 0; -- main_map->l_text_end = 0; - /* Perhaps the executable has no PT_LOAD header entries at all. */ - main_map->l_map_start = ~0; - /* And it was opened directly. */ -@@ -1211,8 +1209,6 @@ rtld_setup_main_map (struct link_map *main_map) - allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz; - if (main_map->l_map_end < allocend) - main_map->l_map_end = allocend; -- if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end) -- main_map->l_text_end = allocend; - - /* The next expected address is the page following this load - segment. */ -@@ -1272,8 +1268,6 @@ rtld_setup_main_map (struct link_map *main_map) - = (char *) main_map->l_tls_initimage + main_map->l_addr; - if (! main_map->l_map_end) - main_map->l_map_end = ~0; -- if (! main_map->l_text_end) -- main_map->l_text_end = ~0; - if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name) - { - /* We were invoked directly, so the program might not have a -diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h -index 0079842d1f..d92b12a7aa 100644 ---- a/elf/setup-vdso.h -+++ b/elf/setup-vdso.h -@@ -51,9 +51,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_addr = ph->p_vaddr; - if (ph->p_vaddr + ph->p_memsz >= l->l_map_end) - l->l_map_end = ph->p_vaddr + ph->p_memsz; -- if ((ph->p_flags & PF_X) -- && ph->p_vaddr + ph->p_memsz >= l->l_text_end) -- l->l_text_end = ph->p_vaddr + ph->p_memsz; - } - else - /* There must be no TLS segment. */ -@@ -62,7 +59,6 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso); - l->l_addr = l->l_map_start - l->l_addr; - l->l_map_end += l->l_addr; -- l->l_text_end += l->l_addr; - l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr); - elf_get_dynamic_info (l, false, false); - _dl_setup_hash (l); -diff --git a/include/link.h b/include/link.h -index 69bda3ed17..c6af095d87 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -253,8 +253,6 @@ struct link_map - /* Start and finish of memory map for this object. l_map_start - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; -- /* End of the executable part of the mapping. */ -- ElfW(Addr) l_text_end; - - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch b/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch deleted file mode 100644 index 924bead3e1..0000000000 --- a/src/patches/glibc-2.38/0017-elf-Move-l_init_called_next-to-old-place-of-l_text_e.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d3ba6c1333b10680ce5900a628108507d9d4b844 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Mon, 11 Sep 2023 09:17:52 +0200 -Subject: [PATCH 17/44] elf: Move l_init_called_next to old place of l_text_end - in link map - -This preserves all member offsets and the GLIBC_PRIVATE ABI -for backporting. ---- - include/link.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/link.h b/include/link.h -index c6af095d87..686813f281 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -254,6 +254,10 @@ struct link_map - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; - -+ /* Linked list of objects in reverse ELF constructor execution -+ order. Head of list is stored in _dl_init_called_list. */ -+ struct link_map *l_init_called_next; -+ - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; - /* Size of array allocated for 'l_scope'. */ -@@ -276,10 +280,6 @@ struct link_map - /* List of object in order of the init and fini calls. */ - struct link_map **l_initfini; - -- /* Linked list of objects in reverse ELF constructor execution -- order. Head of list is stored in _dl_init_called_list. */ -- struct link_map *l_init_called_next; -- - /* List of the dependencies introduced through symbol binding. */ - struct link_map_reldeps - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch b/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch deleted file mode 100644 index 655b875031..0000000000 --- a/src/patches/glibc-2.38/0018-NEWS-Add-the-2.38.1-bug-list.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 89da8bc588c2296252543b049bf6d9272321f90d Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Mon, 11 Sep 2023 10:06:15 +0200 -Subject: [PATCH 18/44] NEWS: Add the 2.38.1 bug list - ---- - NEWS | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/NEWS b/NEWS -index f1a14f45dd..64596d5d09 100644 ---- a/NEWS -+++ b/NEWS -@@ -9,7 +9,10 @@ Version 2.38.1 - - The following bugs are resolved with this release: - -+ [30723] posix_memalign repeatedly scans long bin lists - [30785] Always call destructors in reverse constructor order -+ [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -+ -D_FILE_OFFSET_BITS=64 - - - Version 2.38 -@@ -139,9 +142,6 @@ The following bugs are resolved with this release: - [30555] string: strerror can incorrectly return NULL - [30579] malloc: trim_threshold in realloc lead to high memory usage - [30662] nscd: Group and password cache use errno in place of errval -- [30723] posix_memalign repeatedly scans long bin lists -- [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with -- -D_FILE_OFFSET_BITS=64 - - Version 2.37 - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch b/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch deleted file mode 100644 index aa21173939..0000000000 --- a/src/patches/glibc-2.38/0019-CVE-2023-4527-Stack-read-overflow-with-large-TCP-res.patch +++ /dev/null @@ -1,221 +0,0 @@ -From b25508dd774b617f99419bdc3cf2ace4560cd2d6 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 13 Sep 2023 14:10:56 +0200 -Subject: [PATCH 19/44] CVE-2023-4527: Stack read overflow with large TCP - responses in no-aaaa mode - -Without passing alt_dns_packet_buffer, __res_context_search can only -store 2048 bytes (what fits into dns_packet_buffer). However, -the function returns the total packet size, and the subsequent -DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end -of the stack-allocated buffer. - -Fixes commit f282cdbe7f436c75864e5640a4 ("resolv: Implement no-aaaa -stub resolver option") and bug 30842. - -(cherry picked from commit bd77dd7e73e3530203be1c52c8a29d08270cb25d) ---- - NEWS | 9 +++ - resolv/Makefile | 2 + - resolv/nss_dns/dns-host.c | 2 +- - resolv/tst-resolv-noaaaa-vc.c | 129 ++++++++++++++++++++++++++++++++++ - 4 files changed, 141 insertions(+), 1 deletion(-) - create mode 100644 resolv/tst-resolv-noaaaa-vc.c - -diff --git a/NEWS b/NEWS -index 64596d5d09..dfee278a9c 100644 ---- a/NEWS -+++ b/NEWS -@@ -7,12 +7,21 @@ using `glibc' in the "product" field. - - Version 2.38.1 - -+Security related changes: -+ -+ CVE-2023-4527: If the system is configured in no-aaaa mode via -+ /etc/resolv.conf, getaddrinfo is called for the AF_UNSPEC address -+ family, and a DNS response is received over TCP that is larger than -+ 2048 bytes, getaddrinfo may potentially disclose stack contents via -+ the returned address data, or crash. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists - [30785] Always call destructors in reverse constructor order - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 -+ [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - - - Version 2.38 -diff --git a/resolv/Makefile b/resolv/Makefile -index 054b1fa36c..2f99eb3862 100644 ---- a/resolv/Makefile -+++ b/resolv/Makefile -@@ -102,6 +102,7 @@ tests += \ - tst-resolv-invalid-cname \ - tst-resolv-network \ - tst-resolv-noaaaa \ -+ tst-resolv-noaaaa-vc \ - tst-resolv-nondecimal \ - tst-resolv-res_init-multi \ - tst-resolv-search \ -@@ -293,6 +294,7 @@ $(objpfx)tst-resolv-res_init-thread: $(objpfx)libresolv.so \ - $(objpfx)tst-resolv-invalid-cname: $(objpfx)libresolv.so \ - $(shared-thread-library) - $(objpfx)tst-resolv-noaaaa: $(objpfx)libresolv.so $(shared-thread-library) -+$(objpfx)tst-resolv-noaaaa-vc: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) - $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index 1d60c51f5e..5d0ab30de6 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, - { - n = __res_context_search (ctx, name, C_IN, T_A, - dns_packet_buffer, sizeof (dns_packet_buffer), -- NULL, NULL, NULL, NULL, NULL); -+ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL); - if (n >= 0) - status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n, - &abuf, pat, errnop, herrnop, ttlp); -diff --git a/resolv/tst-resolv-noaaaa-vc.c b/resolv/tst-resolv-noaaaa-vc.c -new file mode 100644 -index 0000000000..9f5aebd99f ---- /dev/null -+++ b/resolv/tst-resolv-noaaaa-vc.c -@@ -0,0 +1,129 @@ -+/* Test the RES_NOAAAA resolver option with a large response. -+ Copyright (C) 2022-2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+/* Used to keep track of the number of queries. */ -+static volatile unsigned int queries; -+ -+/* If true, add a large TXT record at the start of the answer section. */ -+static volatile bool stuff_txt; -+ -+static void -+response (const struct resolv_response_context *ctx, -+ struct resolv_response_builder *b, -+ const char *qname, uint16_t qclass, uint16_t qtype) -+{ -+ /* If not using TCP, just force its use. */ -+ if (!ctx->tcp) -+ { -+ struct resolv_response_flags flags = {.tc = true}; -+ resolv_response_init (b, flags); -+ resolv_response_add_question (b, qname, qclass, qtype); -+ return; -+ } -+ -+ /* The test needs to send four queries, the first three are used to -+ grow the NSS buffer via the ERANGE handshake. */ -+ ++queries; -+ TEST_VERIFY (queries <= 4); -+ -+ /* AAAA queries are supposed to be disabled. */ -+ TEST_COMPARE (qtype, T_A); -+ TEST_COMPARE (qclass, C_IN); -+ TEST_COMPARE_STRING (qname, "example.com"); -+ -+ struct resolv_response_flags flags = {}; -+ resolv_response_init (b, flags); -+ resolv_response_add_question (b, qname, qclass, qtype); -+ -+ resolv_response_section (b, ns_s_an); -+ -+ if (stuff_txt) -+ { -+ resolv_response_open_record (b, qname, qclass, T_TXT, 60); -+ int zero = 0; -+ for (int i = 0; i <= 15000; ++i) -+ resolv_response_add_data (b, &zero, sizeof (zero)); -+ resolv_response_close_record (b); -+ } -+ -+ for (int i = 0; i < 200; ++i) -+ { -+ resolv_response_open_record (b, qname, qclass, qtype, 60); -+ char ipv4[4] = {192, 0, 2, i + 1}; -+ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); -+ resolv_response_close_record (b); -+ } -+} -+ -+static int -+do_test (void) -+{ -+ struct resolv_test *obj = resolv_test_start -+ ((struct resolv_redirect_config) -+ { -+ .response_callback = response -+ }); -+ -+ _res.options |= RES_NOAAAA; -+ -+ for (int do_stuff_txt = 0; do_stuff_txt < 2; ++do_stuff_txt) -+ { -+ queries = 0; -+ stuff_txt = do_stuff_txt; -+ -+ struct addrinfo *ai = NULL; -+ int ret; -+ ret = getaddrinfo ("example.com", "80", -+ &(struct addrinfo) -+ { -+ .ai_family = AF_UNSPEC, -+ .ai_socktype = SOCK_STREAM, -+ }, &ai); -+ -+ char *expected_result; -+ { -+ struct xmemstream mem; -+ xopen_memstream (&mem); -+ for (int i = 0; i < 200; ++i) -+ fprintf (mem.out, "address: STREAM/TCP 192.0.2.%d 80\n", i + 1); -+ xfclose_memstream (&mem); -+ expected_result = mem.buffer; -+ } -+ -+ check_addrinfo ("example.com", ai, ret, expected_result); -+ -+ free (expected_result); -+ freeaddrinfo (ai); -+ } -+ -+ resolv_test_end (obj); -+ return 0; -+} -+ -+#include --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch b/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch deleted file mode 100644 index 708e617256..0000000000 --- a/src/patches/glibc-2.38/0020-getaddrinfo-Fix-use-after-free-in-getcanonname-CVE-2.patch +++ /dev/null @@ -1,338 +0,0 @@ -From 00ae4f10b504bc4564e9f22f00907093f1ab9338 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Fri, 15 Sep 2023 13:51:12 -0400 -Subject: [PATCH 20/44] getaddrinfo: Fix use after free in getcanonname - (CVE-2023-4806) - -When an NSS plugin only implements the _gethostbyname2_r and -_getcanonname_r callbacks, getaddrinfo could use memory that was freed -during tmpbuf resizing, through h_name in a previous query response. - -The backing store for res->at->name when doing a query with -gethostbyname3_r or gethostbyname2_r is tmpbuf, which is reallocated in -gethosts during the query. For AF_INET6 lookup with AI_ALL | -AI_V4MAPPED, gethosts gets called twice, once for a v6 lookup and second -for a v4 lookup. In this case, if the first call reallocates tmpbuf -enough number of times, resulting in a malloc, th->h_name (that -res->at->name refers to) ends up on a heap allocated storage in tmpbuf. -Now if the second call to gethosts also causes the plugin callback to -return NSS_STATUS_TRYAGAIN, tmpbuf will get freed, resulting in a UAF -reference in res->at->name. This then gets dereferenced in the -getcanonname_r plugin call, resulting in the use after free. - -Fix this by copying h_name over and freeing it at the end. This -resolves BZ #30843, which is assigned CVE-2023-4806. - -Signed-off-by: Siddhesh Poyarekar -(cherry picked from commit 973fe93a5675c42798b2161c6f29c01b0e243994) ---- - nss/Makefile | 15 ++++- - nss/nss_test_gai_hv2_canonname.c | 56 +++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.c | 63 +++++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.h | 1 + - .../postclean.req | 0 - .../tst-nss-gai-hv2-canonname.script | 2 + - sysdeps/posix/getaddrinfo.c | 25 +++++--- - 7 files changed, 152 insertions(+), 10 deletions(-) - create mode 100644 nss/nss_test_gai_hv2_canonname.c - create mode 100644 nss/tst-nss-gai-hv2-canonname.c - create mode 100644 nss/tst-nss-gai-hv2-canonname.h - create mode 100644 nss/tst-nss-gai-hv2-canonname.root/postclean.req - create mode 100644 nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script - -diff --git a/nss/Makefile b/nss/Makefile -index 06fcdc450f..8a5126ecf3 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -82,6 +82,7 @@ tests-container := \ - tst-nss-test3 \ - tst-reload1 \ - tst-reload2 \ -+ tst-nss-gai-hv2-canonname \ - # tests-container - - # Tests which need libdl -@@ -145,7 +146,8 @@ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes)) - ifeq ($(build-static-nss),yes) - tests-static += tst-nss-static - endif --extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os -+extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ -+ nss_test_gai_hv2_canonname.os - - include ../Rules - -@@ -180,12 +182,16 @@ rtld-tests-LDFLAGS += -Wl,--dynamic-list=nss_test.ver - libof-nss_test1 = extramodules - libof-nss_test2 = extramodules - libof-nss_test_errno = extramodules -+libof-nss_test_gai_hv2_canonname = extramodules - $(objpfx)/libnss_test1.so: $(objpfx)nss_test1.os $(link-libc-deps) - $(build-module) - $(objpfx)/libnss_test2.so: $(objpfx)nss_test2.os $(link-libc-deps) - $(build-module) - $(objpfx)/libnss_test_errno.so: $(objpfx)nss_test_errno.os $(link-libc-deps) - $(build-module) -+$(objpfx)/libnss_test_gai_hv2_canonname.so: \ -+ $(objpfx)nss_test_gai_hv2_canonname.os $(link-libc-deps) -+ $(build-module) - $(objpfx)nss_test2.os : nss_test1.c - # Use the nss_files suffix for these objects as well. - $(objpfx)/libnss_test1.so$(libnss_files.so-version): $(objpfx)/libnss_test1.so -@@ -195,10 +201,14 @@ $(objpfx)/libnss_test2.so$(libnss_files.so-version): $(objpfx)/libnss_test2.so - $(objpfx)/libnss_test_errno.so$(libnss_files.so-version): \ - $(objpfx)/libnss_test_errno.so - $(make-link) -+$(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version): \ -+ $(objpfx)/libnss_test_gai_hv2_canonname.so -+ $(make-link) - $(patsubst %,$(objpfx)%.out,$(tests) $(tests-container)) : \ - $(objpfx)/libnss_test1.so$(libnss_files.so-version) \ - $(objpfx)/libnss_test2.so$(libnss_files.so-version) \ -- $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) -+ $(objpfx)/libnss_test_errno.so$(libnss_files.so-version) \ -+ $(objpfx)/libnss_test_gai_hv2_canonname.so$(libnss_files.so-version) - - ifeq (yes,$(have-thread-library)) - $(objpfx)tst-cancel-getpwuid_r: $(shared-thread-library) -@@ -215,3 +225,4 @@ LDFLAGS-tst-nss-test3 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test4 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test5 = -Wl,--disable-new-dtags - LDFLAGS-tst-nss-test_errno = -Wl,--disable-new-dtags -+LDFLAGS-tst-nss-test_gai_hv2_canonname = -Wl,--disable-new-dtags -diff --git a/nss/nss_test_gai_hv2_canonname.c b/nss/nss_test_gai_hv2_canonname.c -new file mode 100644 -index 0000000000..4439c83c9f ---- /dev/null -+++ b/nss/nss_test_gai_hv2_canonname.c -@@ -0,0 +1,56 @@ -+/* NSS service provider that only provides gethostbyname2_r. -+ Copyright The GNU Toolchain Authors. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include "nss/tst-nss-gai-hv2-canonname.h" -+ -+/* Catch misnamed and functions. */ -+#pragma GCC diagnostic error "-Wmissing-prototypes" -+NSS_DECLARE_MODULE_FUNCTIONS (test_gai_hv2_canonname) -+ -+extern enum nss_status _nss_files_gethostbyname2_r (const char *, int, -+ struct hostent *, char *, -+ size_t, int *, int *); -+ -+enum nss_status -+_nss_test_gai_hv2_canonname_gethostbyname2_r (const char *name, int af, -+ struct hostent *result, -+ char *buffer, size_t buflen, -+ int *errnop, int *herrnop) -+{ -+ return _nss_files_gethostbyname2_r (name, af, result, buffer, buflen, errnop, -+ herrnop); -+} -+ -+enum nss_status -+_nss_test_gai_hv2_canonname_getcanonname_r (const char *name, char *buffer, -+ size_t buflen, char **result, -+ int *errnop, int *h_errnop) -+{ -+ /* We expect QUERYNAME, which is a small enough string that it shouldn't fail -+ the test. */ -+ if (memcmp (QUERYNAME, name, sizeof (QUERYNAME)) -+ || buflen < sizeof (QUERYNAME)) -+ abort (); -+ -+ strncpy (buffer, name, buflen); -+ *result = buffer; -+ return NSS_STATUS_SUCCESS; -+} -diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c -new file mode 100644 -index 0000000000..d5f10c07d6 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.c -@@ -0,0 +1,63 @@ -+/* Test NSS query path for plugins that only implement gethostbyname2 -+ (#30843). -+ Copyright The GNU Toolchain Authors. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include "nss/tst-nss-gai-hv2-canonname.h" -+ -+#define PREPARE do_prepare -+ -+static void do_prepare (int a, char **av) -+{ -+ FILE *hosts = xfopen ("/etc/hosts", "w"); -+ for (unsigned i = 2; i < 255; i++) -+ { -+ fprintf (hosts, "ff01::ff02:ff03:%u:2\ttest.example.com\n", i); -+ fprintf (hosts, "192.168.0.%u\ttest.example.com\n", i); -+ } -+ xfclose (hosts); -+} -+ -+static int -+do_test (void) -+{ -+ __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); -+ -+ struct addrinfo hints = {}; -+ struct addrinfo *result = NULL; -+ -+ hints.ai_family = AF_INET6; -+ hints.ai_flags = AI_ALL | AI_V4MAPPED | AI_CANONNAME; -+ -+ int ret = getaddrinfo (QUERYNAME, NULL, &hints, &result); -+ -+ if (ret != 0) -+ FAIL_EXIT1 ("getaddrinfo failed: %s\n", gai_strerror (ret)); -+ -+ TEST_COMPARE_STRING (result->ai_canonname, QUERYNAME); -+ -+ freeaddrinfo(result); -+ return 0; -+} -+ -+#include -diff --git a/nss/tst-nss-gai-hv2-canonname.h b/nss/tst-nss-gai-hv2-canonname.h -new file mode 100644 -index 0000000000..14f2a9cb08 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.h -@@ -0,0 +1 @@ -+#define QUERYNAME "test.example.com" -diff --git a/nss/tst-nss-gai-hv2-canonname.root/postclean.req b/nss/tst-nss-gai-hv2-canonname.root/postclean.req -new file mode 100644 -index 0000000000..e69de29bb2 -diff --git a/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script -new file mode 100644 -index 0000000000..31848b4a28 ---- /dev/null -+++ b/nss/tst-nss-gai-hv2-canonname.root/tst-nss-gai-hv2-canonname.script -@@ -0,0 +1,2 @@ -+cp $B/nss/libnss_test_gai_hv2_canonname.so $L/libnss_test_gai_hv2_canonname.so.2 -+su -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index 0356b622be..b2236b105c 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -120,6 +120,7 @@ struct gaih_result - { - struct gaih_addrtuple *at; - char *canon; -+ char *h_name; - bool free_at; - bool got_ipv6; - }; -@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) - if (res->free_at) - free (res->at); - free (res->canon); -+ free (res->h_name); - memset (res, 0, sizeof (*res)); - } - -@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - return 0; - } - --/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name -- is not copied, and the struct hostent object must not be deallocated -- prematurely. The new addresses are appended to the tuple array in RES. */ -+/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new -+ addresses are appended to the tuple array in RES. */ - static bool - convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - struct hostent *h, struct gaih_result *res) -@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - res->at = array; - res->free_at = true; - -+ /* Duplicate h_name because it may get reclaimed when the underlying storage -+ is freed. */ -+ if (res->h_name == NULL) -+ { -+ res->h_name = __strdup (h->h_name); -+ if (res->h_name == NULL) -+ return false; -+ } -+ - /* Update the next pointers on reallocation. */ - for (size_t i = 0; i < old; i++) - array[i].next = array + i + 1; -@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, - } - array[i].next = array + i + 1; - } -- array[0].name = h->h_name; - array[count - 1].next = NULL; - - return true; -@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name, - memory allocation failure. The returned string is allocated on the - heap; the caller has to free it. */ - static char * --getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name) -+getcanonname (nss_action_list nip, const char *hname, const char *name) - { - nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r"); - char *s = (char *) name; - if (cfct != NULL) - { - char buf[256]; -- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), -- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) -+ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno, -+ &h_errno)) != NSS_STATUS_SUCCESS) - /* If the canonical name cannot be determined, use the passed - string. */ - s = (char *) name; -@@ -771,7 +780,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, - if ((req->ai_flags & AI_CANONNAME) != 0 - && res->canon == NULL) - { -- char *canonbuf = getcanonname (nip, res->at, name); -+ char *canonbuf = getcanonname (nip, res->h_name, name); - if (canonbuf == NULL) - { - __resolv_context_put (res_ctx); --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch b/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch deleted file mode 100644 index fb86f0f19d..0000000000 --- a/src/patches/glibc-2.38/0021-iconv-restore-verbosity-with-unrecognized-encoding-n.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 63250e9c571314b6daa2c949ea0af335ee766751 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Tue, 1 Aug 2023 17:01:37 +0200 -Subject: [PATCH 21/44] iconv: restore verbosity with unrecognized encoding - names (bug 30694) - -Commit 91927b7c76 ("Rewrite iconv option parsing [BZ #19519]") changed the -iconv program to call __gconv_open directly instead of the iconv_open -wrapper, but the former does not set errno. Update the caller to -interpret the return codes like iconv_open does. - -(cherry picked from commit fc72b6d7d818ab2868920af956d1542d03342a4d) ---- - iconv/iconv_prog.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/iconv/iconv_prog.c b/iconv/iconv_prog.c -index bee898c63c..cf32cf9b44 100644 ---- a/iconv/iconv_prog.c -+++ b/iconv/iconv_prog.c -@@ -187,7 +187,7 @@ main (int argc, char *argv[]) - - if (res != __GCONV_OK) - { -- if (errno == EINVAL) -+ if (res == __GCONV_NOCONV || res == __GCONV_NODB) - { - /* Try to be nice with the user and tell her which of the - two encoding names is wrong. This is possible because --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch b/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch deleted file mode 100644 index 38aec8638d..0000000000 --- a/src/patches/glibc-2.38/0022-string-Fix-tester-build-with-fortify-enable-with-gcc.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d94461bb86ba176b9390c0015bb612a528e22d95 Mon Sep 17 00:00:00 2001 -From: Mahesh Bodapati -Date: Fri, 11 Aug 2023 10:38:25 -0500 -Subject: [PATCH 22/44] string: Fix tester build with fortify enable with gcc < - 12 - -When building with fortify enabled, GCC < 12 issues a warning on the -fortify strncat wrapper might overflow the destination buffer (the -failure is tied to -Werror). - -Checked on ppc64 and x86_64. -Reviewed-by: Adhemerval Zanella - -(cherry picked from commit f1c7ed0859a45929136836341741c7cd70f428cb) ---- - string/tester.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/string/tester.c b/string/tester.c -index f7d4bac5a8..824cf315ff 100644 ---- a/string/tester.c -+++ b/string/tester.c -@@ -34,6 +34,14 @@ - DIAG_IGNORE_NEEDS_COMMENT (8, "-Wstringop-truncation"); - #endif - -+/* When building with fortify enabled, GCC < 12 issues a warning on the -+ fortify strncat wrapper might overflow the destination buffer (the -+ failure is tied to -Werror). -+ Triggered by strncat fortify wrapper when it is enabled. */ -+#if __GNUC_PREREQ (11, 0) -+DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); -+#endif -+ - #include - #include - #include -@@ -52,9 +60,6 @@ DIAG_IGNORE_NEEDS_COMMENT (5.0, "-Wmemset-transposed-args"); - DIAG_IGNORE_NEEDS_COMMENT (9, "-Wrestrict"); - DIAG_IGNORE_NEEDS_COMMENT (7, "-Wstringop-overflow="); - #endif --#if __GNUC_PREREQ (11, 0) --DIAG_IGNORE_NEEDS_COMMENT (11, "-Wstringop-overread"); --#endif - - - #define STREQ(a, b) (strcmp((a), (b)) == 0) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch b/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch deleted file mode 100644 index a103b95882..0000000000 --- a/src/patches/glibc-2.38/0023-manual-jobs.texi-Add-missing-item-EPERM-for-getpgid.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 0e1ef6779a90bc0f8a05bc367796df2793deecaa Mon Sep 17 00:00:00 2001 -From: Mark Wielaard -Date: Thu, 24 Aug 2023 21:36:34 +0200 -Subject: [PATCH 23/44] manual/jobs.texi: Add missing @item EPERM for getpgid - -The missing @item makes it look like errno will be set to ESRCH -if a cross-session getpgid is not permitted. - -Found by ulfvonbelow on irc. - -(cherry picked from commit 5a21cefd5abab1b99eda1fbf84204a9bf41662ab) ---- - manual/job.texi | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/manual/job.texi b/manual/job.texi -index 42cb9fb26d..8157f13a1c 100644 ---- a/manual/job.texi -+++ b/manual/job.texi -@@ -1133,6 +1133,7 @@ following @code{errno} error conditions are defined for this function: - @table @code - @item ESRCH - There is no process with the given process ID @var{pid}. -+@item EPERM - The calling process and the process specified by @var{pid} are in - different sessions, and the implementation doesn't allow to access the - process group ID of the process with ID @var{pid} from the calling --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch b/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch deleted file mode 100644 index 90b01ebdee..0000000000 --- a/src/patches/glibc-2.38/0024-Fix-leak-in-getaddrinfo-introduced-by-the-fix-for-CV.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 5ee59ca371b99984232d7584fe2b1a758b4421d3 Mon Sep 17 00:00:00 2001 -From: Romain Geissler -Date: Mon, 25 Sep 2023 01:21:51 +0100 -Subject: [PATCH 24/44] Fix leak in getaddrinfo introduced by the fix for - CVE-2023-4806 [BZ #30843] - -This patch fixes a very recently added leak in getaddrinfo. - -This was assigned CVE-2023-5156. - -Resolves: BZ #30884 -Related: BZ #30842 - -Reviewed-by: Siddhesh Poyarekar -(cherry picked from commit ec6b95c3303c700eb89eebeda2d7264cc184a796) ---- - nss/Makefile | 20 ++++++++++++++++++++ - nss/tst-nss-gai-hv2-canonname.c | 3 +++ - sysdeps/posix/getaddrinfo.c | 4 +--- - 3 files changed, 24 insertions(+), 3 deletions(-) - -diff --git a/nss/Makefile b/nss/Makefile -index 8a5126ecf3..668ba34b18 100644 ---- a/nss/Makefile -+++ b/nss/Makefile -@@ -149,6 +149,15 @@ endif - extra-test-objs += nss_test1.os nss_test2.os nss_test_errno.os \ - nss_test_gai_hv2_canonname.os - -+ifeq ($(run-built-tests),yes) -+ifneq (no,$(PERL)) -+tests-special += $(objpfx)mtrace-tst-nss-gai-hv2-canonname.out -+endif -+endif -+ -+generated += mtrace-tst-nss-gai-hv2-canonname.out \ -+ tst-nss-gai-hv2-canonname.mtrace -+ - include ../Rules - - ifeq (yes,$(have-selinux)) -@@ -217,6 +226,17 @@ endif - $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so - $(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so - -+tst-nss-gai-hv2-canonname-ENV = \ -+ MALLOC_TRACE=$(objpfx)tst-nss-gai-hv2-canonname.mtrace \ -+ LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so -+$(objpfx)mtrace-tst-nss-gai-hv2-canonname.out: \ -+ $(objpfx)tst-nss-gai-hv2-canonname.out -+ { test -r $(objpfx)tst-nss-gai-hv2-canonname.mtrace \ -+ || ( echo "tst-nss-gai-hv2-canonname.mtrace does not exist"; exit 77; ) \ -+ && $(common-objpfx)malloc/mtrace \ -+ $(objpfx)tst-nss-gai-hv2-canonname.mtrace; } > $@; \ -+ $(evaluate-test) -+ - # Disable DT_RUNPATH on NSS tests so that the glibc internal NSS - # functions can load testing NSS modules via DT_RPATH. - LDFLAGS-tst-nss-test1 = -Wl,--disable-new-dtags -diff --git a/nss/tst-nss-gai-hv2-canonname.c b/nss/tst-nss-gai-hv2-canonname.c -index d5f10c07d6..7db53cf09d 100644 ---- a/nss/tst-nss-gai-hv2-canonname.c -+++ b/nss/tst-nss-gai-hv2-canonname.c -@@ -21,6 +21,7 @@ - #include - #include - #include -+#include - #include - #include - #include "nss/tst-nss-gai-hv2-canonname.h" -@@ -41,6 +42,8 @@ static void do_prepare (int a, char **av) - static int - do_test (void) - { -+ mtrace (); -+ - __nss_configure_lookup ("hosts", "test_gai_hv2_canonname"); - - struct addrinfo hints = {}; -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index b2236b105c..13082305d3 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -1196,9 +1196,7 @@ free_and_return: - if (malloc_name) - free ((char *) name); - free (addrmem); -- if (res.free_at) -- free (res.at); -- free (res.canon); -+ gaih_result_reset (&res); - - return result; - } --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch b/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch deleted file mode 100644 index f2145fd8b5..0000000000 --- a/src/patches/glibc-2.38/0025-Document-CVE-2023-4806-and-CVE-2023-5156-in-NEWS.patch +++ /dev/null @@ -1,36 +0,0 @@ -From f6445dc94da185b3d1ee283f0ca0a34c4e1986cc Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Tue, 26 Sep 2023 07:38:07 -0400 -Subject: [PATCH 25/44] Document CVE-2023-4806 and CVE-2023-5156 in NEWS - -These are tracked in BZ #30884 and BZ #30843. - -Signed-off-by: Siddhesh Poyarekar -(cherry picked from commit fd134feba35fa839018965733b34d28a09a075dd) ---- - NEWS | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/NEWS b/NEWS -index dfee278a9c..f1b1b0a3b4 100644 ---- a/NEWS -+++ b/NEWS -@@ -15,6 +15,15 @@ Security related changes: - 2048 bytes, getaddrinfo may potentially disclose stack contents via - the returned address data, or crash. - -+ CVE-2023-4806: When an NSS plugin only implements the -+ _gethostbyname2_r and _getcanonname_r callbacks, getaddrinfo could use -+ memory that was freed during buffer resizing, potentially causing a -+ crash or read or write to arbitrary memory. -+ -+ CVE-2023-5156: The fix for CVE-2023-4806 introduced a memory leak when -+ an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, -+ AI_ALL and AI_V4MAPPED flags set. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch b/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch deleted file mode 100644 index 18bd1e2f1a..0000000000 --- a/src/patches/glibc-2.38/0026-Propagate-GLIBC_TUNABLES-in-setxid-binaries.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 73e3fcd1a552783e66ff1f65c5f322e2f17a81d1 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Tue, 19 Sep 2023 13:25:40 -0400 -Subject: [PATCH 26/44] Propagate GLIBC_TUNABLES in setxid binaries - -GLIBC_TUNABLES scrubbing happens earlier than envvar scrubbing and some -tunables are required to propagate past setxid boundary, like their -env_alias. Rely on tunable scrubbing to clean out GLIBC_TUNABLES like -before, restoring behaviour in glibc 2.37 and earlier. - -Signed-off-by: Siddhesh Poyarekar -Reviewed-by: Carlos O'Donell -(cherry picked from commit 0d5f9ea97f1b39f2a855756078771673a68497e1) ---- - sysdeps/generic/unsecvars.h | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h -index 81397fb90b..8278c50a84 100644 ---- a/sysdeps/generic/unsecvars.h -+++ b/sysdeps/generic/unsecvars.h -@@ -4,7 +4,6 @@ - #define UNSECURE_ENVVARS \ - "GCONV_PATH\0" \ - "GETCONF_DIR\0" \ -- "GLIBC_TUNABLES\0" \ - "HOSTALIASES\0" \ - "LD_AUDIT\0" \ - "LD_DEBUG\0" \ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch b/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch deleted file mode 100644 index 8f20f6c184..0000000000 --- a/src/patches/glibc-2.38/0027-tunables-Terminate-if-end-of-input-is-reached-CVE-20.patch +++ /dev/null @@ -1,173 +0,0 @@ -From 750a45a783906a19591fb8ff6b7841470f1f5701 Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar -Date: Tue, 19 Sep 2023 18:39:32 -0400 -Subject: [PATCH 27/44] tunables: Terminate if end of input is reached - (CVE-2023-4911) - -The string parsing routine may end up writing beyond bounds of tunestr -if the input tunable string is malformed, of the form name=name=val. -This gets processed twice, first as name=name=val and next as name=val, -resulting in tunestr being name=name=val:name=val, thus overflowing -tunestr. - -Terminate the parsing loop at the first instance itself so that tunestr -does not overflow. - -This also fixes up tst-env-setuid-tunables to actually handle failures -correct and add new tests to validate the fix for this CVE. - -Signed-off-by: Siddhesh Poyarekar -Reviewed-by: Carlos O'Donell -(cherry picked from commit 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa) ---- - NEWS | 5 +++++ - elf/dl-tunables.c | 17 +++++++++------- - elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++-------- - 3 files changed, 44 insertions(+), 15 deletions(-) - -diff --git a/NEWS b/NEWS -index f1b1b0a3b4..bfcd46efa9 100644 ---- a/NEWS -+++ b/NEWS -@@ -24,6 +24,11 @@ Security related changes: - an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, - AI_ALL and AI_V4MAPPED flags set. - -+ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the -+ environment of a setuid program and NAME is valid, it may result in a -+ buffer overflow, which could be exploited to achieve escalated -+ privileges. This flaw was introduced in glibc 2.34. -+ - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c -index 62b7332d95..cae67efa0a 100644 ---- a/elf/dl-tunables.c -+++ b/elf/dl-tunables.c -@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring) - /* If we reach the end of the string before getting a valid name-value - pair, bail out. */ - if (p[len] == '\0') -- { -- if (__libc_enable_secure) -- tunestr[off] = '\0'; -- return; -- } -+ break; - - /* We did not find a valid name-value pair before encountering the - colon. */ -@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring) - } - } - -- if (p[len] != '\0') -- p += len + 1; -+ /* We reached the end while processing the tunable string. */ -+ if (p[len] == '\0') -+ break; -+ -+ p += len + 1; - } -+ -+ /* Terminate tunestr before we leave. */ -+ if (__libc_enable_secure) -+ tunestr[off] = '\0'; - } - - /* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when -diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c -index 7dfb0e073a..f0b92c97e7 100644 ---- a/elf/tst-env-setuid-tunables.c -+++ b/elf/tst-env-setuid-tunables.c -@@ -50,6 +50,8 @@ const char *teststrings[] = - "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", - "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096", - "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.check=2", - "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2", - "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096", - ":glibc.malloc.garbage=2:glibc.malloc.check=1", -@@ -68,6 +70,8 @@ const char *resultstrings[] = - "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", - "glibc.malloc.mmap_threshold=4096", -+ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", -+ "", - "", - "", - "", -@@ -81,11 +85,18 @@ test_child (int off) - { - const char *val = getenv ("GLIBC_TUNABLES"); - -+ printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); -+ fflush (stdout); - if (val != NULL && strcmp (val, resultstrings[off]) == 0) - return 0; - - if (val != NULL) -- printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); -+ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", -+ off, val, resultstrings[off]); -+ else -+ printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); -+ -+ fflush (stdout); - - return 1; - } -@@ -106,21 +117,26 @@ do_test (int argc, char **argv) - if (ret != 0) - exit (1); - -- exit (EXIT_SUCCESS); -+ /* Special return code to make sure that the child executed all the way -+ through. */ -+ exit (42); - } - else - { -- int ret = 0; -- - /* Spawn tests. */ - for (int i = 0; i < array_length (teststrings); i++) - { - char buf[INT_BUFSIZE_BOUND (int)]; - -- printf ("Spawned test for %s (%d)\n", teststrings[i], i); -+ printf ("[%d] Spawned test for %s\n", i, teststrings[i]); - snprintf (buf, sizeof (buf), "%d\n", i); -+ fflush (stdout); - if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0) -- exit (1); -+ { -+ printf (" [%d] Failed to set GLIBC_TUNABLES: %m", i); -+ support_record_failure (); -+ continue; -+ } - - int status = support_capture_subprogram_self_sgid (buf); - -@@ -128,9 +144,14 @@ do_test (int argc, char **argv) - if (WEXITSTATUS (status) == EXIT_UNSUPPORTED) - return EXIT_UNSUPPORTED; - -- ret |= status; -+ if (WEXITSTATUS (status) != 42) -+ { -+ printf (" [%d] child failed with status %d\n", i, -+ WEXITSTATUS (status)); -+ support_record_failure (); -+ } - } -- return ret; -+ return 0; - } - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch b/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch deleted file mode 100644 index 0ebfb5f06a..0000000000 --- a/src/patches/glibc-2.38/0028-Revert-elf-Remove-unused-l_text_end-field-from-struc.patch +++ /dev/null @@ -1,135 +0,0 @@ -From e0b6c9706c91a642c781918eea52588ee8dc9f09 Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 18 Oct 2023 14:22:59 +0200 -Subject: [PATCH 28/44] Revert "elf: Remove unused l_text_end field from struct - link_map" - -This reverts commit 750f19526ae71aac801c77a3f7ef5374890c09b7. - -Reason for revert: Restore ABI after revert of commit a3189f66a5f. ---- - elf/dl-load.c | 2 +- - elf/dl-load.h | 7 +++++-- - elf/rtld.c | 6 ++++++ - elf/setup-vdso.h | 4 ++++ - include/link.h | 2 ++ - 5 files changed, 18 insertions(+), 3 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 2923b1141d..9a87fda9c9 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1253,7 +1253,7 @@ _dl_map_object_from_fd (const char *name, const char *origname, int fd, - - /* Now process the load commands and map segments into memory. - This is responsible for filling in: -- l_map_start, l_map_end, l_addr, l_contiguous, l_phdr -+ l_map_start, l_map_end, l_addr, l_contiguous, l_text_end, l_phdr - */ - errstring = _dl_map_segments (l, fd, header, type, loadcmds, nloadcmds, - maplength, has_holes, loader); -diff --git a/elf/dl-load.h b/elf/dl-load.h -index 1d5207694b..ecf6910c68 100644 ---- a/elf/dl-load.h -+++ b/elf/dl-load.h -@@ -83,11 +83,14 @@ struct loadcmd - - /* This is a subroutine of _dl_map_segments. It should be called for each - load command, some time after L->l_addr has been set correctly. It is -- responsible for setting the l_phdr fields */ -+ responsible for setting up the l_text_end and l_phdr fields. */ - static __always_inline void - _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - const struct loadcmd *c) - { -+ if (c->prot & PROT_EXEC) -+ l->l_text_end = l->l_addr + c->mapend; -+ - if (l->l_phdr == 0 - && c->mapoff <= header->e_phoff - && ((size_t) (c->mapend - c->mapstart + c->mapoff) -@@ -100,7 +103,7 @@ _dl_postprocess_loadcmd (struct link_map *l, const ElfW(Ehdr) *header, - - /* This is a subroutine of _dl_map_object_from_fd. It is responsible - for filling in several fields in *L: l_map_start, l_map_end, l_addr, -- l_contiguous, l_phdr. On successful return, all the -+ l_contiguous, l_text_end, l_phdr. On successful return, all the - segments are mapped (or copied, or whatever) from the file into their - final places in the address space, with the correct page permissions, - and any bss-like regions already zeroed. It returns a null pointer -diff --git a/elf/rtld.c b/elf/rtld.c -index 5107d16fe3..a91e2a4471 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -477,6 +477,7 @@ _dl_start_final (void *arg, struct dl_start_final_info *info) - GL(dl_rtld_map).l_real = &GL(dl_rtld_map); - GL(dl_rtld_map).l_map_start = (ElfW(Addr)) &__ehdr_start; - GL(dl_rtld_map).l_map_end = (ElfW(Addr)) _end; -+ GL(dl_rtld_map).l_text_end = (ElfW(Addr)) _etext; - /* Copy the TLS related data if necessary. */ - #ifndef DONT_USE_BOOTSTRAP_MAP - # if NO_TLS_OFFSET != 0 -@@ -1118,6 +1119,7 @@ rtld_setup_main_map (struct link_map *main_map) - bool has_interp = false; - - main_map->l_map_end = 0; -+ main_map->l_text_end = 0; - /* Perhaps the executable has no PT_LOAD header entries at all. */ - main_map->l_map_start = ~0; - /* And it was opened directly. */ -@@ -1209,6 +1211,8 @@ rtld_setup_main_map (struct link_map *main_map) - allocend = main_map->l_addr + ph->p_vaddr + ph->p_memsz; - if (main_map->l_map_end < allocend) - main_map->l_map_end = allocend; -+ if ((ph->p_flags & PF_X) && allocend > main_map->l_text_end) -+ main_map->l_text_end = allocend; - - /* The next expected address is the page following this load - segment. */ -@@ -1268,6 +1272,8 @@ rtld_setup_main_map (struct link_map *main_map) - = (char *) main_map->l_tls_initimage + main_map->l_addr; - if (! main_map->l_map_end) - main_map->l_map_end = ~0; -+ if (! main_map->l_text_end) -+ main_map->l_text_end = ~0; - if (! GL(dl_rtld_map).l_libname && GL(dl_rtld_map).l_name) - { - /* We were invoked directly, so the program might not have a -diff --git a/elf/setup-vdso.h b/elf/setup-vdso.h -index d92b12a7aa..0079842d1f 100644 ---- a/elf/setup-vdso.h -+++ b/elf/setup-vdso.h -@@ -51,6 +51,9 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_addr = ph->p_vaddr; - if (ph->p_vaddr + ph->p_memsz >= l->l_map_end) - l->l_map_end = ph->p_vaddr + ph->p_memsz; -+ if ((ph->p_flags & PF_X) -+ && ph->p_vaddr + ph->p_memsz >= l->l_text_end) -+ l->l_text_end = ph->p_vaddr + ph->p_memsz; - } - else - /* There must be no TLS segment. */ -@@ -59,6 +62,7 @@ setup_vdso (struct link_map *main_map __attribute__ ((unused)), - l->l_map_start = (ElfW(Addr)) GLRO(dl_sysinfo_dso); - l->l_addr = l->l_map_start - l->l_addr; - l->l_map_end += l->l_addr; -+ l->l_text_end += l->l_addr; - l->l_ld = (void *) ((ElfW(Addr)) l->l_ld + l->l_addr); - elf_get_dynamic_info (l, false, false); - _dl_setup_hash (l); -diff --git a/include/link.h b/include/link.h -index 686813f281..a02d5f2eba 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -253,6 +253,8 @@ struct link_map - /* Start and finish of memory map for this object. l_map_start - need not be the same as l_addr. */ - ElfW(Addr) l_map_start, l_map_end; -+ /* End of the executable part of the mapping. */ -+ ElfW(Addr) l_text_end; - - /* Linked list of objects in reverse ELF constructor execution - order. Head of list is stored in _dl_init_called_list. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch b/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch deleted file mode 100644 index 50e57e82ee..0000000000 --- a/src/patches/glibc-2.38/0029-Revert-elf-Always-call-destructors-in-reverse-constr.patch +++ /dev/null @@ -1,593 +0,0 @@ -From 719866ab2ff0e6d514a04fb47e507d92e70ef7ee Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Wed, 18 Oct 2023 14:25:46 +0200 -Subject: [PATCH 29/44] Revert "elf: Always call destructors in reverse - constructor order (bug 30785)" - -This reverts commit a3189f66a5f2fe86568286fa025fa153be04c6c0. - -Reason for revert: Incompatibility with existing applications. ---- - NEWS | 1 - - elf/dl-close.c | 113 ++++++++++----------------- - elf/dl-fini.c | 152 ++++++++++++++++++++++++------------- - elf/dl-init.c | 16 ---- - elf/dso-sort-tests-1.def | 19 +++-- - elf/tst-audit23.c | 44 +++++------ - sysdeps/generic/ldsodefs.h | 4 - - 7 files changed, 173 insertions(+), 176 deletions(-) - -diff --git a/NEWS b/NEWS -index bfcd46efa9..f117874e34 100644 ---- a/NEWS -+++ b/NEWS -@@ -32,7 +32,6 @@ Security related changes: - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -- [30785] Always call destructors in reverse constructor order - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -diff --git a/elf/dl-close.c b/elf/dl-close.c -index ea62d0e601..b887a44888 100644 ---- a/elf/dl-close.c -+++ b/elf/dl-close.c -@@ -138,31 +138,30 @@ _dl_close_worker (struct link_map *map, bool force) - - bool any_tls = false; - const unsigned int nloaded = ns->_ns_nloaded; -+ struct link_map *maps[nloaded]; - -- /* Run over the list and assign indexes to the link maps. */ -+ /* Run over the list and assign indexes to the link maps and enter -+ them into the MAPS array. */ - int idx = 0; - for (struct link_map *l = ns->_ns_loaded; l != NULL; l = l->l_next) - { - l->l_map_used = 0; - l->l_map_done = 0; - l->l_idx = idx; -+ maps[idx] = l; - ++idx; - } - assert (idx == nloaded); - -- /* Keep marking link maps until no new link maps are found. */ -- for (struct link_map *l = ns->_ns_loaded; l != NULL; ) -+ /* Keep track of the lowest index link map we have covered already. */ -+ int done_index = -1; -+ while (++done_index < nloaded) - { -- /* next is reset to earlier link maps for remarking. */ -- struct link_map *next = l->l_next; -- int next_idx = l->l_idx + 1; /* next->l_idx, but covers next == NULL. */ -+ struct link_map *l = maps[done_index]; - - if (l->l_map_done) -- { -- /* Already handled. */ -- l = next; -- continue; -- } -+ /* Already handled. */ -+ continue; - - /* Check whether this object is still used. */ - if (l->l_type == lt_loaded -@@ -172,10 +171,7 @@ _dl_close_worker (struct link_map *map, bool force) - acquire is sufficient and correct. */ - && atomic_load_acquire (&l->l_tls_dtor_count) == 0 - && !l->l_map_used) -- { -- l = next; -- continue; -- } -+ continue; - - /* We need this object and we handle it now. */ - l->l_map_used = 1; -@@ -202,11 +198,8 @@ _dl_close_worker (struct link_map *map, bool force) - already processed it, then we need to go back - and process again from that point forward to - ensure we keep all of its dependencies also. */ -- if ((*lp)->l_idx < next_idx) -- { -- next = *lp; -- next_idx = next->l_idx; -- } -+ if ((*lp)->l_idx - 1 < done_index) -+ done_index = (*lp)->l_idx - 1; - } - } - -@@ -226,65 +219,44 @@ _dl_close_worker (struct link_map *map, bool force) - if (!jmap->l_map_used) - { - jmap->l_map_used = 1; -- if (jmap->l_idx < next_idx) -- { -- next = jmap; -- next_idx = next->l_idx; -- } -+ if (jmap->l_idx - 1 < done_index) -+ done_index = jmap->l_idx - 1; - } - } - } -- -- l = next; - } - -- /* Call the destructors in reverse constructor order, and remove the -- closed link maps from the list. */ -- for (struct link_map **init_called_head = &_dl_init_called_list; -- *init_called_head != NULL; ) -+ /* Sort the entries. We can skip looking for the binary itself which is -+ at the front of the search list for the main namespace. */ -+ _dl_sort_maps (maps, nloaded, (nsid == LM_ID_BASE), true); -+ -+ /* Call all termination functions at once. */ -+ bool unload_any = false; -+ bool scope_mem_left = false; -+ unsigned int unload_global = 0; -+ unsigned int first_loaded = ~0; -+ for (unsigned int i = 0; i < nloaded; ++i) - { -- struct link_map *imap = *init_called_head; -+ struct link_map *imap = maps[i]; - -- /* _dl_init_called_list is global, to produce a global odering. -- Ignore the other namespaces (and link maps that are still used). */ -- if (imap->l_ns != nsid || imap->l_map_used) -- init_called_head = &imap->l_init_called_next; -- else -+ /* All elements must be in the same namespace. */ -+ assert (imap->l_ns == nsid); -+ -+ if (!imap->l_map_used) - { - assert (imap->l_type == lt_loaded && !imap->l_nodelete_active); - -- /* _dl_init_called_list is updated at the same time as -- l_init_called. */ -- assert (imap->l_init_called); -- -- if (imap->l_info[DT_FINI_ARRAY] != NULL -- || imap->l_info[DT_FINI] != NULL) -+ /* Call its termination function. Do not do it for -+ half-cooked objects. Temporarily disable exception -+ handling, so that errors are fatal. */ -+ if (imap->l_init_called) - _dl_catch_exception (NULL, _dl_call_fini, imap); - - #ifdef SHARED - /* Auditing checkpoint: we remove an object. */ - _dl_audit_objclose (imap); - #endif -- /* Unlink this link map. */ -- *init_called_head = imap->l_init_called_next; -- } -- } -- -- -- bool unload_any = false; -- bool scope_mem_left = false; -- unsigned int unload_global = 0; -- -- /* For skipping un-unloadable link maps in the second loop. */ -- struct link_map *first_loaded = ns->_ns_loaded; - -- /* Iterate over the namespace to find objects to unload. Some -- unloadable objects may not be on _dl_init_called_list due to -- dlopen failure. */ -- for (struct link_map *imap = first_loaded; imap != NULL; imap = imap->l_next) -- { -- if (!imap->l_map_used) -- { - /* This object must not be used anymore. */ - imap->l_removed = 1; - -@@ -295,8 +267,8 @@ _dl_close_worker (struct link_map *map, bool force) - ++unload_global; - - /* Remember where the first dynamically loaded object is. */ -- if (first_loaded == NULL) -- first_loaded = imap; -+ if (i < first_loaded) -+ first_loaded = i; - } - /* Else imap->l_map_used. */ - else if (imap->l_type == lt_loaded) -@@ -432,8 +404,8 @@ _dl_close_worker (struct link_map *map, bool force) - imap->l_loader = NULL; - - /* Remember where the first dynamically loaded object is. */ -- if (first_loaded == NULL) -- first_loaded = imap; -+ if (i < first_loaded) -+ first_loaded = i; - } - } - -@@ -504,11 +476,10 @@ _dl_close_worker (struct link_map *map, bool force) - - /* Check each element of the search list to see if all references to - it are gone. */ -- for (struct link_map *imap = first_loaded; imap != NULL; ) -+ for (unsigned int i = first_loaded; i < nloaded; ++i) - { -- if (imap->l_map_used) -- imap = imap->l_next; -- else -+ struct link_map *imap = maps[i]; -+ if (!imap->l_map_used) - { - assert (imap->l_type == lt_loaded); - -@@ -719,9 +690,7 @@ _dl_close_worker (struct link_map *map, bool force) - if (imap == GL(dl_initfirst)) - GL(dl_initfirst) = NULL; - -- struct link_map *next = imap->l_next; - free (imap); -- imap = next; - } - } - -diff --git a/elf/dl-fini.c b/elf/dl-fini.c -index e201d36651..9acb64f47c 100644 ---- a/elf/dl-fini.c -+++ b/elf/dl-fini.c -@@ -24,68 +24,116 @@ - void - _dl_fini (void) - { -- /* Call destructors strictly in the reverse order of constructors. -- This causes fewer surprises than some arbitrary reordering based -- on new (relocation) dependencies. None of the objects are -- unmapped, so applications can deal with this if their DSOs remain -- in a consistent state after destructors have run. */ -- -- /* Protect against concurrent loads and unloads. */ -- __rtld_lock_lock_recursive (GL(dl_load_lock)); -- -- /* Ignore objects which are opened during shutdown. */ -- struct link_map *local_init_called_list = _dl_init_called_list; -- -- for (struct link_map *l = local_init_called_list; l != NULL; -- l = l->l_init_called_next) -- /* Bump l_direct_opencount of all objects so that they -- are not dlclose()ed from underneath us. */ -- ++l->l_direct_opencount; -- -- /* After this point, everything linked from local_init_called_list -- cannot be unloaded because of the reference counter update. */ -- __rtld_lock_unlock_recursive (GL(dl_load_lock)); -- -- /* Perform two passes: One for non-audit modules, one for audit -- modules. This way, audit modules receive unload notifications -- for non-audit objects, and the destructors for audit modules -- still run. */ -+ /* Lots of fun ahead. We have to call the destructors for all still -+ loaded objects, in all namespaces. The problem is that the ELF -+ specification now demands that dependencies between the modules -+ are taken into account. I.e., the destructor for a module is -+ called before the ones for any of its dependencies. -+ -+ To make things more complicated, we cannot simply use the reverse -+ order of the constructors. Since the user might have loaded objects -+ using `dlopen' there are possibly several other modules with its -+ dependencies to be taken into account. Therefore we have to start -+ determining the order of the modules once again from the beginning. */ -+ -+ /* We run the destructors of the main namespaces last. As for the -+ other namespaces, we pick run the destructors in them in reverse -+ order of the namespace ID. */ -+#ifdef SHARED -+ int do_audit = 0; -+ again: -+#endif -+ for (Lmid_t ns = GL(dl_nns) - 1; ns >= 0; --ns) -+ { -+ /* Protect against concurrent loads and unloads. */ -+ __rtld_lock_lock_recursive (GL(dl_load_lock)); -+ -+ unsigned int nloaded = GL(dl_ns)[ns]._ns_nloaded; -+ /* No need to do anything for empty namespaces or those used for -+ auditing DSOs. */ -+ if (nloaded == 0 -+#ifdef SHARED -+ || GL(dl_ns)[ns]._ns_loaded->l_auditing != do_audit -+#endif -+ ) -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ else -+ { - #ifdef SHARED -- int last_pass = GLRO(dl_naudit) > 0; -- Lmid_t last_ns = -1; -- for (int do_audit = 0; do_audit <= last_pass; ++do_audit) -+ _dl_audit_activity_nsid (ns, LA_ACT_DELETE); - #endif -- for (struct link_map *l = local_init_called_list; l != NULL; -- l = l->l_init_called_next) -- { -+ -+ /* Now we can allocate an array to hold all the pointers and -+ copy the pointers in. */ -+ struct link_map *maps[nloaded]; -+ -+ unsigned int i; -+ struct link_map *l; -+ assert (nloaded != 0 || GL(dl_ns)[ns]._ns_loaded == NULL); -+ for (l = GL(dl_ns)[ns]._ns_loaded, i = 0; l != NULL; l = l->l_next) -+ /* Do not handle ld.so in secondary namespaces. */ -+ if (l == l->l_real) -+ { -+ assert (i < nloaded); -+ -+ maps[i] = l; -+ l->l_idx = i; -+ ++i; -+ -+ /* Bump l_direct_opencount of all objects so that they -+ are not dlclose()ed from underneath us. */ -+ ++l->l_direct_opencount; -+ } -+ assert (ns != LM_ID_BASE || i == nloaded); -+ assert (ns == LM_ID_BASE || i == nloaded || i == nloaded - 1); -+ unsigned int nmaps = i; -+ -+ /* Now we have to do the sorting. We can skip looking for the -+ binary itself which is at the front of the search list for -+ the main namespace. */ -+ _dl_sort_maps (maps, nmaps, (ns == LM_ID_BASE), true); -+ -+ /* We do not rely on the linked list of loaded object anymore -+ from this point on. We have our own list here (maps). The -+ various members of this list cannot vanish since the open -+ count is too high and will be decremented in this loop. So -+ we release the lock so that some code which might be called -+ from a destructor can directly or indirectly access the -+ lock. */ -+ __rtld_lock_unlock_recursive (GL(dl_load_lock)); -+ -+ /* 'maps' now contains the objects in the right order. Now -+ call the destructors. We have to process this array from -+ the front. */ -+ for (i = 0; i < nmaps; ++i) -+ { -+ struct link_map *l = maps[i]; -+ -+ if (l->l_init_called) -+ { -+ _dl_call_fini (l); - #ifdef SHARED -- if (GL(dl_ns)[l->l_ns]._ns_loaded->l_auditing != do_audit) -- continue; -- -- /* Avoid back-to-back calls of _dl_audit_activity_nsid for the -- same namespace. */ -- if (last_ns != l->l_ns) -- { -- if (last_ns >= 0) -- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -- _dl_audit_activity_nsid (l->l_ns, LA_ACT_DELETE); -- last_ns = l->l_ns; -- } -+ /* Auditing checkpoint: another object closed. */ -+ _dl_audit_objclose (l); - #endif -+ } - -- /* There is no need to re-enable exceptions because _dl_fini -- is not called from a context where exceptions are caught. */ -- _dl_call_fini (l); -+ /* Correct the previous increment. */ -+ --l->l_direct_opencount; -+ } - - #ifdef SHARED -- /* Auditing checkpoint: another object closed. */ -- _dl_audit_objclose (l); -+ _dl_audit_activity_nsid (ns, LA_ACT_CONSISTENT); - #endif -- } -+ } -+ } - - #ifdef SHARED -- if (last_ns >= 0) -- _dl_audit_activity_nsid (last_ns, LA_ACT_CONSISTENT); -+ if (! do_audit && GLRO(dl_naudit) > 0) -+ { -+ do_audit = 1; -+ goto again; -+ } - - if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_STATISTICS)) - _dl_debug_printf ("\nruntime linker statistics:\n" -diff --git a/elf/dl-init.c b/elf/dl-init.c -index ffd05b7806..ba4d2fdc85 100644 ---- a/elf/dl-init.c -+++ b/elf/dl-init.c -@@ -21,7 +21,6 @@ - #include - #include - --struct link_map *_dl_init_called_list; - - static void - call_init (struct link_map *l, int argc, char **argv, char **env) -@@ -43,21 +42,6 @@ call_init (struct link_map *l, int argc, char **argv, char **env) - dependency. */ - l->l_init_called = 1; - -- /* Help an already-running dlclose: The just-loaded object must not -- be removed during the current pass. (No effect if no dlclose in -- progress.) */ -- l->l_map_used = 1; -- -- /* Record execution before starting any initializers. This way, if -- the initializers themselves call dlopen, their ELF destructors -- will eventually be run before this object is destructed, matching -- that their ELF constructors have run before this object was -- constructed. _dl_fini uses this list for audit callbacks, so -- register objects on the list even if they do not have a -- constructor. */ -- l->l_init_called_next = _dl_init_called_list; -- _dl_init_called_list = l; -- - /* Check for object which constructors we do not run here. */ - if (__builtin_expect (l->l_name[0], 'a') == '\0' - && l->l_type == lt_executable) -diff --git a/elf/dso-sort-tests-1.def b/elf/dso-sort-tests-1.def -index 61dc54f8ae..4bf9052db1 100644 ---- a/elf/dso-sort-tests-1.def -+++ b/elf/dso-sort-tests-1.def -@@ -53,14 +53,21 @@ tst-dso-ordering10: {}->a->b->c;soname({})=c - output: b>a>{}b->c->d order). -+# The older dynamic_sort=1 algorithm does not achieve this, while the DFS-based -+# dynamic_sort=2 algorithm does, although it is still arguable whether going -+# beyond spec to do this is the right thing to do. -+# The below expected outputs are what the two algorithms currently produce -+# respectively, for regression testing purposes. - tst-bz15311: {+a;+e;+f;+g;+d;%d;-d;-g;-f;-e;-a};a->b->c->d;d=>[ba];c=>a;b=>e=>a;c=>f=>b;d=>g=>c --output: {+a[d>c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[c>b>a>];+e[e>];+f[f>];+g[g>];+d[];%d(b(e(a()))a()g(c(a()f(b(e(a()))))));-d[];-g[];-f[];-e[];-a[a1;a->a2;a2->a;b->b1;c->a1;c=>a1 --output: {+a[a2>a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());}a1>a>];+b[b1>b>];-b[];%c(a1());} -Date: Thu, 19 Oct 2023 09:17:38 +0200 -Subject: [PATCH 30/44] Revert "elf: Move l_init_called_next to old place of - l_text_end in link map" - -This reverts commit d3ba6c1333b10680ce5900a628108507d9d4b844. - -Reason: Preserve internal ABI. ---- - include/link.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/include/link.h b/include/link.h -index a02d5f2eba..69bda3ed17 100644 ---- a/include/link.h -+++ b/include/link.h -@@ -256,10 +256,6 @@ struct link_map - /* End of the executable part of the mapping. */ - ElfW(Addr) l_text_end; - -- /* Linked list of objects in reverse ELF constructor execution -- order. Head of list is stored in _dl_init_called_list. */ -- struct link_map *l_init_called_next; -- - /* Default array for 'l_scope'. */ - struct r_scope_elem *l_scope_mem[4]; - /* Size of array allocated for 'l_scope'. */ -@@ -282,6 +278,10 @@ struct link_map - /* List of object in order of the init and fini calls. */ - struct link_map **l_initfini; - -+ /* Linked list of objects in reverse ELF constructor execution -+ order. Head of list is stored in _dl_init_called_list. */ -+ struct link_map *l_init_called_next; -+ - /* List of the dependencies introduced through symbol binding. */ - struct link_map_reldeps - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch b/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch deleted file mode 100644 index fd6fee261d..0000000000 --- a/src/patches/glibc-2.38/0031-sysdeps-sem_open-Clear-O_CREAT-when-semaphore-file-i.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 63dbbc5c52f9823f86270f32fce20d1e91cdf484 Mon Sep 17 00:00:00 2001 -From: Sergio Durigan Junior -Date: Wed, 1 Nov 2023 18:15:23 -0400 -Subject: [PATCH 31/44] sysdeps: sem_open: Clear O_CREAT when semaphore file is - expected to exist [BZ #30789] - -When invoking sem_open with O_CREAT as one of its flags, we'll end up -in the second part of sem_open's "if ((oflag & O_CREAT) == 0 || (oflag -& O_EXCL) == 0)", which means that we don't expect the semaphore file -to exist. - -In that part, open_flags is initialized as "O_RDWR | O_CREAT | O_EXCL -| O_CLOEXEC" and there's an attempt to open(2) the file, which will -likely fail because it won't exist. After that first (expected) -failure, some cleanup is done and we go back to the label "try_again", -which lives in the first part of the aforementioned "if". - -The problem is that, in that part of the code, we expect the semaphore -file to exist, and as such O_CREAT (this time the flag we pass to -open(2)) needs to be cleaned from open_flags, otherwise we'll see -another failure (this time unexpected) when trying to open the file, -which will lead the call to sem_open to fail as well. - -This can cause very strange bugs, especially with OpenMPI, which makes -extensive use of semaphores. - -Fix the bug by simplifying the logic when choosing open(2) flags and -making sure O_CREAT is not set when the semaphore file is expected to -exist. - -A regression test for this issue would require a complex and cpu time -consuming logic, since to trigger the wrong code path is not -straightforward due the racy condition. There is a somewhat reliable -reproducer in the bug, but it requires using OpenMPI. - -This resolves BZ #30789. - -See also: https://bugs.launchpad.net/ubuntu/+source/h5py/+bug/2031912 - -Signed-off-by: Sergio Durigan Junior -Co-Authored-By: Simon Chopin -Co-Authored-By: Adhemerval Zanella Netto -Fixes: 533deafbdf189f5fbb280c28562dd43ace2f4b0f ("Use O_CLOEXEC in more places (BZ #15722)") -(cherry picked from commit f957f47df75b9fab995754011491edebc6feb147) ---- - NEWS | 2 ++ - sysdeps/pthread/sem_open.c | 10 ++++------ - 2 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/NEWS b/NEWS -index f117874e34..5ac488bf9b 100644 ---- a/NEWS -+++ b/NEWS -@@ -32,6 +32,8 @@ Security related changes: - The following bugs are resolved with this release: - - [30723] posix_memalign repeatedly scans long bin lists -+ [30789] sem_open will fail on multithreaded scenarios when semaphore -+ file doesn't exist (O_CREAT) - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -diff --git a/sysdeps/pthread/sem_open.c b/sysdeps/pthread/sem_open.c -index e5db929d20..0e331a7445 100644 ---- a/sysdeps/pthread/sem_open.c -+++ b/sysdeps/pthread/sem_open.c -@@ -32,11 +32,12 @@ - # define __unlink unlink - #endif - -+#define SEM_OPEN_FLAGS (O_RDWR | O_NOFOLLOW | O_CLOEXEC) -+ - sem_t * - __sem_open (const char *name, int oflag, ...) - { - int fd; -- int open_flags; - sem_t *result; - - /* Check that shared futexes are supported. */ -@@ -65,10 +66,8 @@ __sem_open (const char *name, int oflag, ...) - /* If the semaphore object has to exist simply open it. */ - if ((oflag & O_CREAT) == 0 || (oflag & O_EXCL) == 0) - { -- open_flags = O_RDWR | O_NOFOLLOW | O_CLOEXEC; -- open_flags |= (oflag & ~(O_CREAT|O_ACCMODE)); - try_again: -- fd = __open (dirname.name, open_flags); -+ fd = __open (dirname.name, (oflag & O_EXCL) | SEM_OPEN_FLAGS); - - if (fd == -1) - { -@@ -135,8 +134,7 @@ __sem_open (const char *name, int oflag, ...) - } - - /* Open the file. Make sure we do not overwrite anything. */ -- open_flags = O_RDWR | O_CREAT | O_EXCL | O_CLOEXEC; -- fd = __open (tmpfname, open_flags, mode); -+ fd = __open (tmpfname, O_CREAT | O_EXCL | SEM_OPEN_FLAGS, mode); - if (fd == -1) - { - if (errno == EEXIST) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch b/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch deleted file mode 100644 index 42d3f96399..0000000000 --- a/src/patches/glibc-2.38/0032-elf-Fix-wrong-break-removal-from-8ee878592c.patch +++ /dev/null @@ -1,26 +0,0 @@ -From bf5aa419cbf545d2cd09dc097e518033d6e4df5e Mon Sep 17 00:00:00 2001 -From: Adhemerval Zanella -Date: Thu, 7 Dec 2023 11:17:35 -0300 -Subject: [PATCH 32/44] elf: Fix wrong break removal from 8ee878592c - -Reported-by: Alexander Monakov -(cherry picked from commit 546a1ba664626603660b595662249d524e429013) ---- - elf/readelflib.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/elf/readelflib.c b/elf/readelflib.c -index f5b8c80e38..64f1d662a9 100644 ---- a/elf/readelflib.c -+++ b/elf/readelflib.c -@@ -107,6 +107,7 @@ process_elf_file (const char *file_name, const char *lib, int *flag, - case PT_INTERP: - program_interpreter = (char *) (file_contents + segment->p_offset); - check_ptr (program_interpreter); -+ break; - - case PT_GNU_PROPERTY: - /* The NT_GNU_PROPERTY_TYPE_0 note must be aligned to 4 bytes --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch b/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch deleted file mode 100644 index df64df3fd1..0000000000 --- a/src/patches/glibc-2.38/0033-LoongArch-Delete-excessively-allocated-memory.patch +++ /dev/null @@ -1,109 +0,0 @@ -From 44f757a6364a546359809d48c76b3debd26e77d4 Mon Sep 17 00:00:00 2001 -From: caiyinyu -Date: Thu, 26 Oct 2023 17:27:21 +0800 -Subject: [PATCH 33/44] LoongArch: Delete excessively allocated memory. - -Backported from glibc 2.39 development. ---- - sysdeps/loongarch/dl-trampoline.h | 68 +++++++++++++++---------------- - 1 file changed, 34 insertions(+), 34 deletions(-) - -diff --git a/sysdeps/loongarch/dl-trampoline.h b/sysdeps/loongarch/dl-trampoline.h -index 02375286f8..99fcacab76 100644 ---- a/sysdeps/loongarch/dl-trampoline.h -+++ b/sysdeps/loongarch/dl-trampoline.h -@@ -19,9 +19,9 @@ - /* Assembler veneer called from the PLT header code for lazy loading. - The PLT header passes its own args in t0-t2. */ - #ifdef USE_LASX --# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZXREG) & ALMASK)) -+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZXREG) & ALMASK)) - #elif defined USE_LSX --# define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG - 8 * SZVREG) & ALMASK)) -+# define FRAME_SIZE (-((-9 * SZREG - 8 * SZVREG) & ALMASK)) - #elif !defined __loongarch_soft_float - # define FRAME_SIZE (-((-9 * SZREG - 8 * SZFREG) & ALMASK)) - #else -@@ -44,23 +44,23 @@ ENTRY (_dl_runtime_resolve) - REG_S a7, sp, 8*SZREG - - #ifdef USE_LASX -- xvst xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG -- xvst xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG -- xvst xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG -- xvst xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG -- xvst xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG -- xvst xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG -- xvst xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG -- xvst xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG -+ xvst xr0, sp, 9*SZREG + 0*SZXREG -+ xvst xr1, sp, 9*SZREG + 1*SZXREG -+ xvst xr2, sp, 9*SZREG + 2*SZXREG -+ xvst xr3, sp, 9*SZREG + 3*SZXREG -+ xvst xr4, sp, 9*SZREG + 4*SZXREG -+ xvst xr5, sp, 9*SZREG + 5*SZXREG -+ xvst xr6, sp, 9*SZREG + 6*SZXREG -+ xvst xr7, sp, 9*SZREG + 7*SZXREG - #elif defined USE_LSX -- vst vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG -- vst vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG -- vst vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG -- vst vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG -- vst vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG -- vst vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG -- vst vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG -- vst vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG -+ vst vr0, sp, 9*SZREG + 0*SZVREG -+ vst vr1, sp, 9*SZREG + 1*SZVREG -+ vst vr2, sp, 9*SZREG + 2*SZVREG -+ vst vr3, sp, 9*SZREG + 3*SZVREG -+ vst vr4, sp, 9*SZREG + 4*SZVREG -+ vst vr5, sp, 9*SZREG + 5*SZVREG -+ vst vr6, sp, 9*SZREG + 6*SZVREG -+ vst vr7, sp, 9*SZREG + 7*SZVREG - #elif !defined __loongarch_soft_float - FREG_S fa0, sp, 9*SZREG + 0*SZFREG - FREG_S fa1, sp, 9*SZREG + 1*SZFREG -@@ -92,23 +92,23 @@ ENTRY (_dl_runtime_resolve) - REG_L a7, sp, 8*SZREG - - #ifdef USE_LASX -- xvld xr0, sp, 9*SZREG + 8*SZFREG + 0*SZXREG -- xvld xr1, sp, 9*SZREG + 8*SZFREG + 1*SZXREG -- xvld xr2, sp, 9*SZREG + 8*SZFREG + 2*SZXREG -- xvld xr3, sp, 9*SZREG + 8*SZFREG + 3*SZXREG -- xvld xr4, sp, 9*SZREG + 8*SZFREG + 4*SZXREG -- xvld xr5, sp, 9*SZREG + 8*SZFREG + 5*SZXREG -- xvld xr6, sp, 9*SZREG + 8*SZFREG + 6*SZXREG -- xvld xr7, sp, 9*SZREG + 8*SZFREG + 7*SZXREG -+ xvld xr0, sp, 9*SZREG + 0*SZXREG -+ xvld xr1, sp, 9*SZREG + 1*SZXREG -+ xvld xr2, sp, 9*SZREG + 2*SZXREG -+ xvld xr3, sp, 9*SZREG + 3*SZXREG -+ xvld xr4, sp, 9*SZREG + 4*SZXREG -+ xvld xr5, sp, 9*SZREG + 5*SZXREG -+ xvld xr6, sp, 9*SZREG + 6*SZXREG -+ xvld xr7, sp, 9*SZREG + 7*SZXREG - #elif defined USE_LSX -- vld vr0, sp, 9*SZREG + 8*SZFREG + 0*SZVREG -- vld vr1, sp, 9*SZREG + 8*SZFREG + 1*SZVREG -- vld vr2, sp, 9*SZREG + 8*SZFREG + 2*SZVREG -- vld vr3, sp, 9*SZREG + 8*SZFREG + 3*SZVREG -- vld vr4, sp, 9*SZREG + 8*SZFREG + 4*SZVREG -- vld vr5, sp, 9*SZREG + 8*SZFREG + 5*SZVREG -- vld vr6, sp, 9*SZREG + 8*SZFREG + 6*SZVREG -- vld vr7, sp, 9*SZREG + 8*SZFREG + 7*SZVREG -+ vld vr0, sp, 9*SZREG + 0*SZVREG -+ vld vr1, sp, 9*SZREG + 1*SZVREG -+ vld vr2, sp, 9*SZREG + 2*SZVREG -+ vld vr3, sp, 9*SZREG + 3*SZVREG -+ vld vr4, sp, 9*SZREG + 4*SZVREG -+ vld vr5, sp, 9*SZREG + 5*SZVREG -+ vld vr6, sp, 9*SZREG + 6*SZVREG -+ vld vr7, sp, 9*SZREG + 7*SZVREG - #elif !defined __loongarch_soft_float - FREG_L fa0, sp, 9*SZREG + 0*SZFREG - FREG_L fa1, sp, 9*SZREG + 1*SZFREG --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch b/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch deleted file mode 100644 index 957ccf2b7a..0000000000 --- a/src/patches/glibc-2.38/0034-elf-Fix-TLS-modid-reuse-generation-assignment-BZ-290.patch +++ /dev/null @@ -1,54 +0,0 @@ -From ccdc4cba07684fe1397e1f5f134a0a827af98c04 Mon Sep 17 00:00:00 2001 -From: Hector Martin -Date: Tue, 28 Nov 2023 15:23:07 +0900 -Subject: [PATCH 34/44] elf: Fix TLS modid reuse generation assignment (BZ - 29039) - -_dl_assign_tls_modid() assigns a slotinfo entry for a new module, but -does *not* do anything to the generation counter. The first time this -happens, the generation is zero and map_generation() returns the current -generation to be used during relocation processing. However, if -a slotinfo entry is later reused, it will already have a generation -assigned. If this generation has fallen behind the current global max -generation, then this causes an obsolete generation to be assigned -during relocation processing, as map_generation() returns this -generation if nonzero. _dl_add_to_slotinfo() eventually resets the -generation, but by then it is too late. This causes DTV updates to be -skipped, leading to NULL or broken TLS slot pointers and segfaults. - -Fix this by resetting the generation to zero in _dl_assign_tls_modid(), -so it behaves the same as the first time a slot is assigned. -_dl_add_to_slotinfo() will still assign the correct static generation -later during module load, but relocation processing will no longer use -an obsolete generation. - -Note that slotinfo entry (aka modid) reuse typically happens after a -dlclose and only TLS access via dynamic tlsdesc is affected. Because -tlsdesc is optimized to use the optional part of static TLS, dynamic -tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls -tunable to a large enough value, or by LD_PRELOAD-ing the affected -modules. - -Fixes bug 29039. - -Reviewed-by: Szabolcs Nagy -(cherry picked from commit 3921c5b40f293c57cb326f58713c924b0662ef59) ---- - elf/dl-tls.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/elf/dl-tls.c b/elf/dl-tls.c -index 99b83ca696..1f6f820819 100644 ---- a/elf/dl-tls.c -+++ b/elf/dl-tls.c -@@ -154,6 +154,7 @@ _dl_assign_tls_modid (struct link_map *l) - { - /* Mark the entry as used, so any dependency see it. */ - atomic_store_relaxed (&runp->slotinfo[result - disp].map, l); -+ atomic_store_relaxed (&runp->slotinfo[result - disp].gen, 0); - break; - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch b/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch deleted file mode 100644 index 87b0235a52..0000000000 --- a/src/patches/glibc-2.38/0035-elf-Add-TLS-modid-reuse-test-for-bug-29039.patch +++ /dev/null @@ -1,208 +0,0 @@ -From 0de9082ed8d8f149ca87d569a73692046e236c18 Mon Sep 17 00:00:00 2001 -From: Szabolcs Nagy -Date: Wed, 29 Nov 2023 11:31:37 +0000 -Subject: [PATCH 35/44] elf: Add TLS modid reuse test for bug 29039 - -This is a minimal regression test for bug 29039 which only affects -targets with TLSDESC and a reproducer requires that - -1) Have modid gaps (closed modules) with old generation. -2) Update a DTV to a newer generation (needs a newer dlopen). -3) But do not update the closed gap entry in that DTV. -4) Reuse the modid gap for a new module (another dlopen). -5) Use dynamic TLSDESC in that new module with old generation (bug). -6) Access TLS via this TLSDESC and the now outdated DTV. - -However step (3) in practice rarely happens: during DTV update the -entries for closed modids are initialized to "unallocated" and then -dynamic TLSDESC calls __tls_get_addr independently of its generation. -The only exception to this is DTV setup at thread creation (gaps are -initialized to NULL instead of unallocated) or DTV resize where the -gap entries are outside the previous DTV array (again NULL instead -of unallocated, and this requires loading > DTV_SURPLUS modules). - -So the bug can only cause NULL (+ offset) dereference, not use after -free. And the easiest way to get (3) is via thread creation. - -Note that step (5) requires that the newly loaded module has larger -TLS than the remaining optional static TLS. And for (6) there cannot -be other TLS access or dlopen in the thread that updates the DTV. - -Tested on aarch64-linux-gnu. - -Reviewed-by: Adhemerval Zanella -(cherry picked from commit 980450f12685326729d63ff72e93a996113bf073) ---- - elf/Makefile | 15 +++++++ - elf/tst-tlsgap-mod0.c | 2 + - elf/tst-tlsgap-mod1.c | 2 + - elf/tst-tlsgap-mod2.c | 2 + - elf/tst-tlsgap.c | 92 +++++++++++++++++++++++++++++++++++++++++++ - 5 files changed, 113 insertions(+) - create mode 100644 elf/tst-tlsgap-mod0.c - create mode 100644 elf/tst-tlsgap-mod1.c - create mode 100644 elf/tst-tlsgap-mod2.c - create mode 100644 elf/tst-tlsgap.c - -diff --git a/elf/Makefile b/elf/Makefile -index c00e2ccfc5..1a05a6aaca 100644 ---- a/elf/Makefile -+++ b/elf/Makefile -@@ -459,6 +459,7 @@ tests += \ - tst-tls21 \ - tst-tlsalign \ - tst-tlsalign-extern \ -+ tst-tlsgap \ - tst-unique1 \ - tst-unique2 \ - tst-unwind-ctor \ -@@ -883,6 +884,9 @@ modules-names += \ - tst-tls20mod-bad \ - tst-tls21mod \ - tst-tlsalign-lib \ -+ tst-tlsgap-mod0 \ -+ tst-tlsgap-mod1 \ -+ tst-tlsgap-mod2 \ - tst-tlsmod1 \ - tst-tlsmod10 \ - tst-tlsmod11 \ -@@ -3009,3 +3013,14 @@ LDFLAGS-tst-dlclose-lazy-mod1.so = -Wl,-z,lazy,--no-as-needed - $(objpfx)tst-dlclose-lazy-mod1.so: $(objpfx)tst-dlclose-lazy-mod2.so - $(objpfx)tst-dlclose-lazy.out: \ - $(objpfx)tst-dlclose-lazy-mod1.so $(objpfx)tst-dlclose-lazy-mod2.so -+ -+$(objpfx)tst-tlsgap: $(shared-thread-library) -+$(objpfx)tst-tlsgap.out: \ -+ $(objpfx)tst-tlsgap-mod0.so \ -+ $(objpfx)tst-tlsgap-mod1.so \ -+ $(objpfx)tst-tlsgap-mod2.so -+ifeq (yes,$(have-mtls-dialect-gnu2)) -+CFLAGS-tst-tlsgap-mod0.c += -mtls-dialect=gnu2 -+CFLAGS-tst-tlsgap-mod1.c += -mtls-dialect=gnu2 -+CFLAGS-tst-tlsgap-mod2.c += -mtls-dialect=gnu2 -+endif -diff --git a/elf/tst-tlsgap-mod0.c b/elf/tst-tlsgap-mod0.c -new file mode 100644 -index 0000000000..1478b0beac ---- /dev/null -+++ b/elf/tst-tlsgap-mod0.c -@@ -0,0 +1,2 @@ -+int __thread tls0; -+int *f0(void) { return &tls0; } -diff --git a/elf/tst-tlsgap-mod1.c b/elf/tst-tlsgap-mod1.c -new file mode 100644 -index 0000000000..b10fc3702c ---- /dev/null -+++ b/elf/tst-tlsgap-mod1.c -@@ -0,0 +1,2 @@ -+int __thread tls1[100]; /* Size > glibc.rtld.optional_static_tls / 2. */ -+int *f1(void) { return tls1; } -diff --git a/elf/tst-tlsgap-mod2.c b/elf/tst-tlsgap-mod2.c -new file mode 100644 -index 0000000000..166c27d7f3 ---- /dev/null -+++ b/elf/tst-tlsgap-mod2.c -@@ -0,0 +1,2 @@ -+int __thread tls2; -+int *f2(void) { return &tls2; } -diff --git a/elf/tst-tlsgap.c b/elf/tst-tlsgap.c -new file mode 100644 -index 0000000000..4932885076 ---- /dev/null -+++ b/elf/tst-tlsgap.c -@@ -0,0 +1,92 @@ -+/* TLS modid gap reuse regression test for bug 29039. -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+static void *mod[3]; -+#define MOD(i) "tst-tlsgap-mod" #i ".so" -+static const char *modname[3] = { MOD(0), MOD(1), MOD(2) }; -+#undef MOD -+ -+static void -+open_mod (int i) -+{ -+ mod[i] = xdlopen (modname[i], RTLD_LAZY); -+ printf ("open %s\n", modname[i]); -+} -+ -+static void -+close_mod (int i) -+{ -+ xdlclose (mod[i]); -+ mod[i] = NULL; -+ printf ("close %s\n", modname[i]); -+} -+ -+static void -+access_mod (int i, const char *sym) -+{ -+ int *(*f) (void) = xdlsym (mod[i], sym); -+ int *p = f (); -+ printf ("access %s: %s() = %p\n", modname[i], sym, p); -+ TEST_VERIFY_EXIT (p != NULL); -+ ++*p; -+} -+ -+static void * -+start (void *arg) -+{ -+ /* The DTV generation is at the last dlopen of mod0 and the -+ entry for mod1 is NULL. */ -+ -+ open_mod (1); /* Reuse modid of mod1. Uses dynamic TLS. */ -+ -+ /* DTV is unchanged: dlopen only updates the DTV to the latest -+ generation if static TLS is allocated for a loaded module. -+ -+ With bug 29039, the TLSDESC relocation in mod1 uses the old -+ dlclose generation of mod1 instead of the new dlopen one so -+ DTV is not updated on TLS access. */ -+ -+ access_mod (1, "f1"); -+ -+ return arg; -+} -+ -+static int -+do_test (void) -+{ -+ open_mod (0); -+ open_mod (1); -+ open_mod (2); -+ close_mod (0); -+ close_mod (1); /* Create modid gap at mod1. */ -+ open_mod (0); /* Reuse modid of mod0, bump generation count. */ -+ -+ /* Create a thread where DTV of mod1 is NULL. */ -+ pthread_t t = xpthread_create (NULL, start, NULL); -+ xpthread_join (t); -+ return 0; -+} -+ -+#include --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch b/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch deleted file mode 100644 index af173fbc34..0000000000 --- a/src/patches/glibc-2.38/0036-x86-64-Fix-the-dtv-field-load-for-x32-BZ-31184.patch +++ /dev/null @@ -1,68 +0,0 @@ -From 35ea7549751d4f13a28c732e6ad68204f5e60a06 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Wed, 20 Dec 2023 16:31:43 -0800 -Subject: [PATCH 36/44] x86-64: Fix the dtv field load for x32 [BZ #31184] - -On x32, I got - -FAIL: elf/tst-tlsgap - -$ gdb elf/tst-tlsgap -... -open tst-tlsgap-mod1.so - -Thread 2 "tst-tlsgap" received signal SIGSEGV, Segmentation fault. -[Switching to LWP 2268754] -_dl_tlsdesc_dynamic () at ../sysdeps/x86_64/dl-tlsdesc.S:108 -108 movq (%rsi), %rax -(gdb) p/x $rsi -$4 = 0xf7dbf9005655fb18 -(gdb) - -This is caused by - -_dl_tlsdesc_dynamic: - _CET_ENDBR - /* Preserve call-clobbered registers that we modify. - We need two scratch regs anyway. */ - movq %rsi, -16(%rsp) - movq %fs:DTV_OFFSET, %rsi - -Since the dtv field in TCB is a pointer, %fs:DTV_OFFSET is a 32-bit -location, not 64-bit. Load the dtv field to RSI_LP instead of rsi. -This fixes BZ #31184. - -(cherry picked from commit 3502440397bbb840e2f7223734aa5cc2cc0e29b6) ---- - NEWS | 1 + - sysdeps/x86_64/dl-tlsdesc.S | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index 5ac488bf9b..71057e4793 100644 ---- a/NEWS -+++ b/NEWS -@@ -37,6 +37,7 @@ The following bugs are resolved with this release: - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -+ [31184] FAIL: elf/tst-tlsgap - - - Version 2.38 -diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S -index 5593897e29..c4823547d7 100644 ---- a/sysdeps/x86_64/dl-tlsdesc.S -+++ b/sysdeps/x86_64/dl-tlsdesc.S -@@ -102,7 +102,7 @@ _dl_tlsdesc_dynamic: - /* Preserve call-clobbered registers that we modify. - We need two scratch regs anyway. */ - movq %rsi, -16(%rsp) -- movq %fs:DTV_OFFSET, %rsi -+ mov %fs:DTV_OFFSET, %RSI_LP - movq %rdi, -8(%rsp) - movq TLSDESC_ARG(%rax), %rdi - movq (%rsi), %rax --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch b/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch deleted file mode 100644 index 31959c2753..0000000000 --- a/src/patches/glibc-2.38/0037-x86-64-Fix-the-tcb-field-load-for-x32-BZ-31185.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 968c983d43bc51f719f3e7a0fcb1bb8669b5f7c4 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Wed, 20 Dec 2023 19:42:12 -0800 -Subject: [PATCH 37/44] x86-64: Fix the tcb field load for x32 [BZ #31185] - -_dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic access the thread pointer -via the tcb field in TCB: - -_dl_tlsdesc_undefweak: - _CET_ENDBR - movq 8(%rax), %rax - subq %fs:0, %rax - ret - -_dl_tlsdesc_dynamic: - ... - subq %fs:0, %rax - movq -8(%rsp), %rdi - ret - -Since the tcb field in TCB is a pointer, %fs:0 is a 32-bit location, -not 64-bit. It should use "sub %fs:0, %RAX_LP" instead. Since -_dl_tlsdesc_undefweak returns ptrdiff_t and _dl_make_tlsdesc_dynamic -returns void *, RAX_LP is appropriate here for x32 and x86-64. This -fixes BZ #31185. - -(cherry picked from commit 81be2a61dafc168327c1639e97b6dae128c7ccf3) ---- - NEWS | 1 + - sysdeps/x86_64/dl-tlsdesc.S | 4 ++-- - 2 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/NEWS b/NEWS -index 71057e4793..6fbb8a9e1d 100644 ---- a/NEWS -+++ b/NEWS -@@ -38,6 +38,7 @@ The following bugs are resolved with this release: - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - [31184] FAIL: elf/tst-tlsgap -+ [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - - - Version 2.38 -diff --git a/sysdeps/x86_64/dl-tlsdesc.S b/sysdeps/x86_64/dl-tlsdesc.S -index c4823547d7..4579424bf7 100644 ---- a/sysdeps/x86_64/dl-tlsdesc.S -+++ b/sysdeps/x86_64/dl-tlsdesc.S -@@ -61,7 +61,7 @@ _dl_tlsdesc_return: - _dl_tlsdesc_undefweak: - _CET_ENDBR - movq 8(%rax), %rax -- subq %fs:0, %rax -+ sub %fs:0, %RAX_LP - ret - cfi_endproc - .size _dl_tlsdesc_undefweak, .-_dl_tlsdesc_undefweak -@@ -116,7 +116,7 @@ _dl_tlsdesc_dynamic: - addq TLSDESC_MODOFF(%rdi), %rax - .Lret: - movq -16(%rsp), %rsi -- subq %fs:0, %rax -+ sub %fs:0, %RAX_LP - movq -8(%rsp), %rdi - ret - .Lslow: --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch b/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch deleted file mode 100644 index 84be4a1bf6..0000000000 --- a/src/patches/glibc-2.38/0038-NEWS-Mention-bug-fixes-for-29039-30694-30709-30721.patch +++ /dev/null @@ -1,27 +0,0 @@ -From d25e2c8d5cb0778ae87ad43b1f4c301abe5a932b Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Sat, 23 Dec 2023 06:24:41 -0800 -Subject: [PATCH 38/44] NEWS: Mention bug fixes for 29039/30694/30709/30721 - ---- - NEWS | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/NEWS b/NEWS -index 6fbb8a9e1d..db4d6c8373 100644 ---- a/NEWS -+++ b/NEWS -@@ -31,6 +31,10 @@ Security related changes: - - The following bugs are resolved with this release: - -+ [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS -+ [30694] The iconv program no longer tells the user which given encoding name was wrong -+ [30709] nscd fails to build with cleanup handler if built with -fexceptions -+ [30721] x86_64: Fix build with --disable-multiarch - [30723] posix_memalign repeatedly scans long bin lists - [30789] sem_open will fail on multithreaded scenarios when semaphore - file doesn't exist (O_CREAT) --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch b/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch deleted file mode 100644 index fc306dca2a..0000000000 --- a/src/patches/glibc-2.38/0039-NEWS-Mention-bug-fixes-for-30745-30843.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 27339a3eb8f987eebae72b854af80256c1588ebd Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Sat, 23 Dec 2023 06:27:50 -0800 -Subject: [PATCH 39/44] NEWS: Mention bug fixes for 30745/30843 - ---- - NEWS | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/NEWS b/NEWS -index db4d6c8373..905230b838 100644 ---- a/NEWS -+++ b/NEWS -@@ -36,11 +36,13 @@ The following bugs are resolved with this release: - [30709] nscd fails to build with cleanup handler if built with -fexceptions - [30721] x86_64: Fix build with --disable-multiarch - [30723] posix_memalign repeatedly scans long bin lists -+ [30745] Slight bug in cache info codes for x86 - [30789] sem_open will fail on multithreaded scenarios when semaphore - file doesn't exist (O_CREAT) - [30804] F_GETLK, F_SETLK, and F_SETLKW value change for powerpc64 with - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) -+ [30843] potential use-after-free in getcanonname (CVE-2023-4806) - [31184] FAIL: elf/tst-tlsgap - [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch b/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch deleted file mode 100644 index ce482f7a1a..0000000000 --- a/src/patches/glibc-2.38/0040-getaddrinfo-translate-ENOMEM-to-EAI_MEMORY-bug-31163.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ae1e5217021e43e1f2de443d26e87ea3adfb221c Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Wed, 6 Dec 2023 14:48:22 +0100 -Subject: [PATCH 40/44] getaddrinfo: translate ENOMEM to EAI_MEMORY (bug 31163) - -When __resolv_context_get returns NULL due to out of memory, translate it -to a return value of EAI_MEMORY. - -(cherry picked from commit 5eabdb6a6ac1599d23dd5966a37417215950245f) ---- - sysdeps/posix/getaddrinfo.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index 13082305d3..da573bea24 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -616,7 +616,14 @@ get_nss_addresses (const char *name, const struct addrinfo *req, - function variant. */ - res_ctx = __resolv_context_get (); - if (res_ctx == NULL) -- no_more = 1; -+ { -+ if (errno == ENOMEM) -+ { -+ result = -EAI_MEMORY; -+ goto out; -+ } -+ no_more = 1; -+ } - - while (!no_more) - { --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch b/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch deleted file mode 100644 index b088dba706..0000000000 --- a/src/patches/glibc-2.38/0041-libio-Check-remaining-buffer-size-in-_IO_wdo_write-b.patch +++ /dev/null @@ -1,48 +0,0 @@ -From cfe121910013a46e2477562282c56ae8062089aa Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Tue, 2 Jan 2024 14:36:17 +0100 -Subject: [PATCH 41/44] libio: Check remaining buffer size in _IO_wdo_write - (bug 31183) - -The multibyte character needs to fit into the remaining buffer space, -not the already-written buffer space. Without the fix, we were never -moving the write pointer from the start of the buffer, always using -the single-character fallback buffer. - -Fixes commit 04b76b5aa8b2d1d19066e42dd1 ("Don't error out writing -a multibyte character to an unbuffered stream (bug 17522)"). - -(cherry picked from commit ecc7c3deb9f347649c2078fcc0f94d4cedf92d60) ---- - NEWS | 1 + - libio/wfileops.c | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - -diff --git a/NEWS b/NEWS -index 905230b838..6768c2da6f 100644 ---- a/NEWS -+++ b/NEWS -@@ -43,6 +43,7 @@ The following bugs are resolved with this release: - -D_FILE_OFFSET_BITS=64 - [30842] Stack read overflow in getaddrinfo in no-aaaa mode (CVE-2023-4527) - [30843] potential use-after-free in getcanonname (CVE-2023-4806) -+ [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix - [31184] FAIL: elf/tst-tlsgap - [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic - -diff --git a/libio/wfileops.c b/libio/wfileops.c -index f16f6db1c3..9ab8f2e7f3 100644 ---- a/libio/wfileops.c -+++ b/libio/wfileops.c -@@ -55,7 +55,7 @@ _IO_wdo_write (FILE *fp, const wchar_t *data, size_t to_do) - char mb_buf[MB_LEN_MAX]; - char *write_base, *write_ptr, *buf_end; - -- if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf)) -+ if (fp->_IO_buf_end - fp->_IO_write_ptr < sizeof (mb_buf)) - { - /* Make sure we have room for at least one multibyte - character. */ --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch deleted file mode 100644 index a4229d9ecc..0000000000 --- a/src/patches/glibc-2.38/0042-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch +++ /dev/null @@ -1,181 +0,0 @@ -From 23514c72b780f3da097ecf33a793b7ba9c2070d2 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar -Date: Mon, 15 Jan 2024 17:44:43 +0100 -Subject: [PATCH 42/44] syslog: Fix heap buffer overflow in __vsyslog_internal - (CVE-2023-6246) - -__vsyslog_internal did not handle a case where printing a SYSLOG_HEADER -containing a long program name failed to update the required buffer -size, leading to the allocation and overflow of a too-small buffer on -the heap. This commit fixes that. It also adds a new regression test -that uses glibc.malloc.check. - -Reviewed-by: Adhemerval Zanella -Reviewed-by: Carlos O'Donell -Tested-by: Carlos O'Donell -(cherry picked from commit 6bd0e4efcc78f3c0115e5ea9739a1642807450da) ---- - misc/Makefile | 8 ++- - misc/syslog.c | 50 +++++++++++++------ - misc/tst-syslog-long-progname.c | 39 +++++++++++++++ - .../postclean.req | 0 - 4 files changed, 82 insertions(+), 15 deletions(-) - create mode 100644 misc/tst-syslog-long-progname.c - create mode 100644 misc/tst-syslog-long-progname.root/postclean.req - -diff --git a/misc/Makefile b/misc/Makefile -index fe0d49c1de..90b31952c5 100644 ---- a/misc/Makefile -+++ b/misc/Makefile -@@ -289,7 +289,10 @@ tests-special += $(objpfx)tst-error1-mem.out \ - $(objpfx)tst-allocate_once-mem.out - endif - --tests-container := tst-syslog -+tests-container := \ -+ tst-syslog \ -+ tst-syslog-long-progname \ -+ # tests-container - - CFLAGS-select.c += -fexceptions -fasynchronous-unwind-tables - CFLAGS-tsearch.c += $(uses-callbacks) -@@ -351,6 +354,9 @@ $(objpfx)tst-allocate_once-mem.out: $(objpfx)tst-allocate_once.out - $(common-objpfx)malloc/mtrace $(objpfx)tst-allocate_once.mtrace > $@; \ - $(evaluate-test) - -+tst-syslog-long-progname-ENV = GLIBC_TUNABLES=glibc.malloc.check=3 \ -+ LD_PRELOAD=libc_malloc_debug.so.0 -+ - $(objpfx)tst-select: $(librt) - $(objpfx)tst-select-time64: $(librt) - $(objpfx)tst-pselect: $(librt) -diff --git a/misc/syslog.c b/misc/syslog.c -index 1b8cb722c5..814d224a1e 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -124,8 +124,9 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - { - /* Try to use a static buffer as an optimization. */ - char bufs[1024]; -- char *buf = NULL; -- size_t bufsize = 0; -+ char *buf = bufs; -+ size_t bufsize; -+ - int msgoff; - int saved_errno = errno; - -@@ -177,29 +178,50 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - #define SYSLOG_HEADER_WITHOUT_TS(__pri, __msgoff) \ - "<%d>: %n", __pri, __msgoff - -- int l; -+ int l, vl; - if (has_ts) - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); - else - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ -+ char *pos; -+ size_t len; -+ - if (0 <= l && l < sizeof bufs) - { -- va_list apc; -- va_copy (apc, ap); -+ /* At this point, there is still a chance that we can print the -+ remaining part of the log into bufs and use that. */ -+ pos = bufs + l; -+ len = sizeof (bufs) - l; -+ } -+ else -+ { -+ buf = NULL; -+ /* We already know that bufs is too small to use for this log message. -+ The next vsnprintf into bufs is used only to calculate the total -+ required buffer length. We will discard bufs contents and allocate -+ an appropriately sized buffer later instead. */ -+ pos = bufs; -+ len = sizeof (bufs); -+ } - -- /* Restore errno for %m format. */ -- __set_errno (saved_errno); -+ { -+ va_list apc; -+ va_copy (apc, ap); - -- int vl = __vsnprintf_internal (bufs + l, sizeof bufs - l, fmt, apc, -- mode_flags); -- if (0 <= vl && vl < sizeof bufs - l) -- buf = bufs; -- bufsize = l + vl; -+ /* Restore errno for %m format. */ -+ __set_errno (saved_errno); - -- va_end (apc); -- } -+ vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); -+ -+ if (!(0 <= vl && vl < len)) -+ buf = NULL; -+ -+ bufsize = l + vl; -+ va_end (apc); -+ } - - if (buf == NULL) - { -diff --git a/misc/tst-syslog-long-progname.c b/misc/tst-syslog-long-progname.c -new file mode 100644 -index 0000000000..88f37a8a00 ---- /dev/null -+++ b/misc/tst-syslog-long-progname.c -@@ -0,0 +1,39 @@ -+/* Test heap buffer overflow in syslog with long __progname (CVE-2023-6246) -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+ -+extern char * __progname; -+ -+static int -+do_test (void) -+{ -+ char long_progname[2048]; -+ -+ memset (long_progname, 'X', sizeof (long_progname) - 1); -+ long_progname[sizeof (long_progname) - 1] = '\0'; -+ -+ __progname = long_progname; -+ -+ syslog (LOG_INFO, "Hello, World!"); -+ -+ return 0; -+} -+ -+#include -diff --git a/misc/tst-syslog-long-progname.root/postclean.req b/misc/tst-syslog-long-progname.root/postclean.req -new file mode 100644 -index 0000000000..e69de29bb2 --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch b/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch deleted file mode 100644 index 1ee6993bd5..0000000000 --- a/src/patches/glibc-2.38/0043-syslog-Fix-heap-buffer-overflow-in-__vsyslog_interna.patch +++ /dev/null @@ -1,106 +0,0 @@ -From d0338312aace5bbfef85e03055e1212dd0e49578 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar -Date: Mon, 15 Jan 2024 17:44:44 +0100 -Subject: [PATCH 43/44] syslog: Fix heap buffer overflow in __vsyslog_internal - (CVE-2023-6779) - -__vsyslog_internal used the return value of snprintf/vsnprintf to -calculate buffer sizes for memory allocation. If these functions (for -any reason) failed and returned -1, the resulting buffer would be too -small to hold output. This commit fixes that. - -All snprintf/vsnprintf calls are checked for negative return values and -the function silently returns upon encountering them. - -Reviewed-by: Carlos O'Donell -(cherry picked from commit 7e5a0c286da33159d47d0122007aac016f3e02cd) ---- - misc/syslog.c | 39 ++++++++++++++++++++++++++++----------- - 1 file changed, 28 insertions(+), 11 deletions(-) - -diff --git a/misc/syslog.c b/misc/syslog.c -index 814d224a1e..53440e47ad 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -185,11 +185,13 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - else - l = __snprintf (bufs, sizeof bufs, - SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ if (l < 0) -+ goto out; - - char *pos; - size_t len; - -- if (0 <= l && l < sizeof bufs) -+ if (l < sizeof bufs) - { - /* At this point, there is still a chance that we can print the - remaining part of the log into bufs and use that. */ -@@ -215,12 +217,15 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - __set_errno (saved_errno); - - vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); -+ va_end (apc); -+ -+ if (vl < 0) -+ goto out; - -- if (!(0 <= vl && vl < len)) -+ if (vl >= len) - buf = NULL; - - bufsize = l + vl; -- va_end (apc); - } - - if (buf == NULL) -@@ -231,25 +236,37 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - /* Tell the cancellation handler to free this buffer. */ - clarg.buf = buf; - -+ int cl; - if (has_ts) -- __snprintf (buf, l + 1, -- SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); -+ cl = __snprintf (buf, l + 1, -+ SYSLOG_HEADER (pri, timestamp, &msgoff, pid)); - else -- __snprintf (buf, l + 1, -- SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ cl = __snprintf (buf, l + 1, -+ SYSLOG_HEADER_WITHOUT_TS (pri, &msgoff)); -+ if (cl != l) -+ goto out; - - va_list apc; - va_copy (apc, ap); -- __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, -- mode_flags); -+ cl = __vsnprintf_internal (buf + l, bufsize - l + 1, fmt, apc, -+ mode_flags); - va_end (apc); -+ -+ if (cl != vl) -+ goto out; - } - else - { -+ int bl; - /* Nothing much to do but emit an error message. */ -- bufsize = __snprintf (bufs, sizeof bufs, -- "out of memory[%d]", __getpid ()); -+ bl = __snprintf (bufs, sizeof bufs, -+ "out of memory[%d]", __getpid ()); -+ if (bl < 0 || bl >= sizeof bufs) -+ goto out; -+ -+ bufsize = bl; - buf = bufs; -+ msgoff = 0; - } - } - --- -2.39.2 - diff --git a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch b/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch deleted file mode 100644 index b7ff1f94fe..0000000000 --- a/src/patches/glibc-2.38/0044-syslog-Fix-integer-overflow-in-__vsyslog_internal-CV.patch +++ /dev/null @@ -1,41 +0,0 @@ -From d37c2b20a4787463d192b32041c3406c2bd91de0 Mon Sep 17 00:00:00 2001 -From: Arjun Shankar -Date: Mon, 15 Jan 2024 17:44:45 +0100 -Subject: [PATCH 44/44] syslog: Fix integer overflow in __vsyslog_internal - (CVE-2023-6780) - -__vsyslog_internal calculated a buffer size by adding two integers, but -did not first check if the addition would overflow. This commit fixes -that. - -Reviewed-by: Carlos O'Donell -Tested-by: Carlos O'Donell -(cherry picked from commit ddf542da94caf97ff43cc2875c88749880b7259b) ---- - misc/syslog.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/misc/syslog.c b/misc/syslog.c -index 53440e47ad..4af87f54fd 100644 ---- a/misc/syslog.c -+++ b/misc/syslog.c -@@ -41,6 +41,7 @@ static char sccsid[] = "@(#)syslog.c 8.4 (Berkeley) 3/18/94"; - #include - #include - #include -+#include - - static int LogType = SOCK_DGRAM; /* type of socket connection */ - static int LogFile = -1; /* fd for log */ -@@ -219,7 +220,7 @@ __vsyslog_internal (int pri, const char *fmt, va_list ap, - vl = __vsnprintf_internal (pos, len, fmt, apc, mode_flags); - va_end (apc); - -- if (vl < 0) -+ if (vl < 0 || vl >= INT_MAX - l) - goto out; - - if (vl >= len) --- -2.39.2 -