Stefan Schantl [Thu, 22 Jan 2015 20:53:16 +0000 (21:53 +0100)]
util-linux: Update to version 2.25.2.
This is a major update to the latest stable version of the util-linux
software suite.
* Update project URL.
* Enable the "runuser" binary and add pam files.
* Force libmount python bindings to be build for python3.
* Add new subpackages for libsmartcols and libsmartcols-devel and
python3-libmount.
Michael Tremer [Mon, 22 Dec 2014 16:29:35 +0000 (17:29 +0100)]
ntp: Update to 4.2.8
CVE-2014-9293 ntp: automatic generation of weak default key in config_auth()
CVE-2014-9294 ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys
CVE-2014-9295 ntp: Multiple buffer overflows via specially-crafted packets
CVE-2014-9296 ntp: receive() missing return on error
Michael Tremer [Tue, 16 Sep 2014 14:39:14 +0000 (16:39 +0200)]
cloog-ppl: Move to compat-cloog-ppl
GCC 4.9 uses ISL as a backend for cloog. Therefore, we move
the cloog-ppl library into the compat section so that older
versions of GCC can still be used.
* Reverted change of ABI data structures for s390 and s390x:
On s390 and s390x the size of struct ucontext and jmp_buf was increased in
2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions
of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp
are preserved pointing straight to the same implementation as the old ones.
Given that, new callers will simply provide a too-big buffer to these
functions. Any applications/libraries out there that embed jmp_buf or
ucontext_t in an ABI-relevant data structure that have already been rebuilt
against 2.19 headers will have to rebuilt again. This is necessary in any
case to revert the breakage in their ABI caused by the glibc change.
* Support for file description locks is added to systems running the
Linux kernel. The standard file locking interfaces are extended to
operate on file descriptions, not file descriptors, via the use of
F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks
are associated with an open file instead of a process.
* Optimized strchr implementation for AArch64. Contributed by ARM Ltd.
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 2.6.32.
* Running the testsuite no longer terminates as soon as a test fails.
Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
with PASS or FAIL lines for individual tests. A summary of the results is
printed, including a list of failing lists, and "make check" exits with
error status if there were any unexpected failures. "make check
stop-on-test-failure=y" may be used to keep the old behavior.
* The am33 port, which had not worked for several years, has been removed
from ports.
* The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that
conflicted with POSIX (support for which was removed in 2.19), the
interfaces those macros enabled remain available when compiling with
_GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
test macros defined.
* Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd.
* Added support for TX lock elision of pthread mutexes on s390 and s390x.
This may improve lock scaling of existing programs on TX capable systems.
The lock elision code is only built with --enable-lock-elision=yes and
then requires a GCC version supporting the TX builtins. With lock elision
default mutexes are elided via __builtin_tbegin, if the cpu supports
transactions. By default lock elision is not enabled and the elision code
is not built.
* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
copy the path argument. This allowed programs to cause posix_spawn to
deference a dangling pointer, or use an unexpected pathname argument if
the string was modified after the posix_spawn_file_actions_addopen
invocation.
* All supported architectures now use the main glibc sysdeps directory
instead of some being in a separate "ports" directory (which was
distributed separately before glibc 2.17).
* The NPTL implementation of POSIX pthreads is no longer an "add-on".
On configurations that support it (all Linux configurations), it's now
used regardless of the --enable-add-ons switch to configure. It is no
longer possible to build such configurations without pthreads support.
* Locale names, including those obtained from environment variables (LANG
and the LC_* variables), are more tightly checked for proper syntax.
setlocale will now fail (with EINVAL) for locale names that are overly
long, contain slashes without starting with a slash, or contain ".." path
components. (CVE-2014-0475) Previously, some valid locale names were
silently replaced with the "C" locale when running in AT_SECURE mode
(e.g., in a SUID program). This is no longer necessary because of the
additional checks.
* On x86-64, the dynamic linker's lazy-binding support is now compatible
with application code using Intel MPX instructions. (With all previous
versions, the MPX register state could be clobbered when making calls
into or out of a shared library.) Note that while the new dynamic
linker is compatible with all known x86 hardware whether or not it
supports Intel MPX, some x86 instruction-set emulators might fail to
handle the new instruction encodings. This is known to affect Valgrind
versions up through 3.9 (but will be fixed in the forthcoming 3.10
release), and might affect other tools that do instruction emulation.
* Support for loadable gconv transliteration modules has been removed.
The support for transliteration modules has been non-functional for
over a decade, and the removal is prompted by security defects. The
normal gconv conversion modules are still supported. Transliteration
with //TRANSLIT is still possible, and the //IGNORE specifier
continues to be supported. (CVE-2014-5119)
* Decoding a crafted input sequence in the character sets IBM933, IBM935,
IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
resulting a denial-of-service security vulnerability in applications which
use functions related to iconv. (CVE-2014-6040)