From: Florian Weimer Date: Mon, 4 Feb 2019 14:47:59 +0000 (+0100) Subject: Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018] X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Ffw%2Fbug20018-backport;p=thirdparty%2Fglibc.git Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018] This commit avoids adding the __inet_aton_exact@GLIBC_PRIVATE symbol. In master, the separately-compiled getaddrinfo implementation in nscd needs it, however such an internal ABI change is not desirable on a release branch if it can be avoided easily. --- diff --git a/ChangeLog b/ChangeLog index 8fb841c0009..d07b83f13d4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,15 @@ +2019-02-04 Florian Weimer + + [BZ #20018] + Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix. + * include/arpa/inet.h (__inet_aton_exact): Declare as hidden. + * resolv/inet_addr.c (__inet_aton_exact): Remove libc_hidden_def. + * resolv/Versions (GLIBC_PRIVATE): Do not export + __inet_aton_exact. + * nscd/nscd-inet_addr.c: New file. Build resolv/inet_addr.c for + nscd, without public symbols. + * nscd/Makefile (nscd-modules): Add it. + 2019-01-21 Florian Weimer [BZ #20018] diff --git a/include/arpa/inet.h b/include/arpa/inet.h index 19aec742750..dce60b49099 100644 --- a/include/arpa/inet.h +++ b/include/arpa/inet.h @@ -2,8 +2,8 @@ #ifndef _ISOMAC /* Variant of inet_aton which rejects trailing garbage. */ -extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp); -libc_hidden_proto (__inet_aton_exact) +extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp) + attribute_hidden; libc_hidden_proto (inet_ntop) libc_hidden_proto (inet_pton) diff --git a/nscd/Makefile b/nscd/Makefile index b713a84c495..eb23c01a396 100644 --- a/nscd/Makefile +++ b/nscd/Makefile @@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \ getsrvbynm_r getsrvbypt_r servicescache \ dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \ xmalloc xstrdup aicache initgrcache gai res_hconf \ - netgroupcache + netgroupcache nscd-inet_addr ifeq ($(build-nscd)$(have-thread-library),yesyes) diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c new file mode 100644 index 00000000000..cfa4ac74628 --- /dev/null +++ b/nscd/nscd-inet_addr.c @@ -0,0 +1,24 @@ +/* Legacy IPv4 text-to-address functions. Version for nscd. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Do not provide definitions of the public symbols exported from + libc. */ +#undef weak_alias +#define weak_alias(from, to) + +#include diff --git a/resolv/Versions b/resolv/Versions index 9a82704af75..b05778d9654 100644 --- a/resolv/Versions +++ b/resolv/Versions @@ -27,7 +27,6 @@ libc { __h_errno; __resp; __res_iclose; - __inet_aton_exact; __inet_pton_length; __resolv_context_get; __resolv_context_get_preinit; diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c index 41b6166a5bd..1bc4a2c4d61 100644 --- a/resolv/inet_addr.c +++ b/resolv/inet_addr.c @@ -192,7 +192,6 @@ __inet_aton_exact (const char *cp, struct in_addr *addr) else return 0; } -libc_hidden_def (__inet_aton_exact) /* inet_aton ignores trailing garbage. */ int