From 17829721a0422f4d1ccc22daccb82c77c35f63bb Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Wed, 12 Aug 2015 12:11:11 +0000 Subject: [PATCH] core/glibc to 2.22-1 --- core/glibc/PKGBUILD | 37 ++++++----- core/glibc/glibc-2.21-roundup.patch | 97 ----------------------------- core/glibc/glibc.install | 2 +- 3 files changed, 21 insertions(+), 115 deletions(-) delete mode 100644 core/glibc/glibc-2.21-roundup.patch diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD index 865d2bb3f..bfd4a5e17 100644 --- a/core/glibc/PKGBUILD +++ b/core/glibc/PKGBUILD @@ -15,28 +15,26 @@ noautobuild=1 pkgname=glibc -pkgver=2.21 -pkgrel=4 +pkgver=2.22 +pkgrel=1 pkgdesc="GNU C Library" arch=('i686' 'x86_64') url="http://www.gnu.org/software/libc" license=('GPL' 'LGPL') groups=('base') -depends=('linux-api-headers>=4.0' 'tzdata' 'filesystem') -makedepends=('gcc>=4.9') +depends=('linux-api-headers>=4.1' 'tzdata' 'filesystem') +makedepends=('gcc>=5.2') backup=(etc/gai.conf etc/locale.gen etc/nscd.conf) options=('!strip' 'staticlibs' '!distcc') install=glibc.install source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig} - glibc-2.21-roundup.patch local-soname-hack.diff locale.gen.txt locale-gen) -md5sums=('9cb398828e8f84f57d1f7d5588cf40cd' +md5sums=('e51e02bf552a0a1fbbdc948fb2f5e83c' 'SKIP' - 'feb826d5f4965e9892ee6e851fec43a9' '905370139382428ef2b97b247c0970bf' '07ac979b6ab5eeb778d55f041529d623' '476e9113489f93b348b21e144b6a8fcf') @@ -46,7 +44,7 @@ prepare() { cd ${srcdir}/${pkgname}-${pkgver} # glibc-2.21..01b07c70 - patch -p1 -i $srcdir/glibc-2.21-roundup.patch + #patch -p1 -i $srcdir/glibc-2.21-roundup.patch # ALARM: patch for hard-float ld-linux soname if [[ $CARCH == "armv6h" || $CARCH == "armv7h" ]]; then @@ -106,12 +104,9 @@ build() { } check() { - # the linker commands need to be reordered - fixed in 2.19 - LDFLAGS=${LDFLAGS/--as-needed,/} - cd ${srcdir}/glibc-build - # tst-cleanupx4 failure on i686 is "expected" + # some failures are "expected" make check || true } @@ -144,6 +139,9 @@ package() { # libc, libdl, libm and libpthread are required for toolchain testsuites # in addition libcrypt appears widely required rm $pkgdir/usr/lib/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a + if [[ $CARCH = "x86_64" ]]; then + rm $pkgdir/usr/lib/libmvec.a + fi # ALARM: symlink ld-linux.so.3 for hard-float [[ $CARCH == "armv6h" || $CARCH == "armv7h" ]] && ln -s /lib/ld-${pkgver}.so ${pkgdir}/usr/lib/ld-linux.so.3 @@ -160,13 +158,18 @@ package() { usr/bin/{ldconfig,locale,localedef,nscd,makedb} \ usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \ usr/lib/getconf/* - [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4 + if [[ $CARCH = "i686" ]]; then + strip $STRIP_BINARIES usr/bin/lddlibc4 + fi strip $STRIP_STATIC usr/lib/*.a - strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \ + strip $STRIP_SHARED usr/lib/lib{anl,BrokenLocale,cidn,crypt}-*.so \ usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \ - usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \ - usr/lib/{libmemusage,libpcprofile,libSegFault}.so \ - usr/lib/{audit,gconv}/*.so + usr/lib/lib{dl,m,nsl,resolv,rt,util}-*.so \ + usr/lib/lib{memusage,pcprofile,SegFault}.so \ + usr/lib/{audit,gconv}/*.so || true + if [[ $CARCH = "x86_64" ]]; then + strip $STRIP_SHARED usr/lib/libmvec-*.so + fi } diff --git a/core/glibc/glibc-2.21-roundup.patch b/core/glibc/glibc-2.21-roundup.patch deleted file mode 100644 index 4b1531a6a..000000000 --- a/core/glibc/glibc-2.21-roundup.patch +++ /dev/null @@ -1,97 +0,0 @@ -diff --git a/ChangeLog b/ChangeLog -index dc1ed1b..26feb07 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,3 +1,15 @@ -+2015-04-21 Arjun Shankar -+ -+ [BZ #18287] -+ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length -+ based on padding. (CVE-2015-1781) -+ -+2015-02-10 Evangelos Foutras -+ -+ [BZ #17949] -+ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of -+ jump label. -+ - 2015-02-06 Carlos O'Donell - - * version.h (RELEASE): Set to "stable". -@@ -7,6 +19,7 @@ - * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h. - - 2015-02-05 Paul Pluzhnikov -+ Paul Eggert - - [BZ #16618] - * stdio-common/tst-sscanf.c (main): Test for buffer overflow. -diff --git a/NEWS b/NEWS -index 617cdbb..c9f6b58 100644 ---- a/NEWS -+++ b/NEWS -@@ -5,6 +5,19 @@ See the end for copying conditions. - Please send GNU C library bug reports via - using `glibc' in the "product" field. - -+Version 2.21.1 -+ -+* The following bugs are resolved with this release: -+ -+ 17949, 18287. -+ -+* A buffer overflow in gethostbyname_r and related functions performing DNS -+ requests has been fixed. If the NSS functions were called with a -+ misaligned buffer, the buffer length change due to pointer alignment was -+ not taken into account. This could result in application crashes or, -+ potentially arbitrary code execution, using crafted, but syntactically -+ valid DNS responses. (CVE-2015-1781) -+ - Version 2.21 - - * The following bugs are resolved with this release: -@@ -21,10 +34,11 @@ Version 2.21 - 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, - 17892. - --* CVE-2015-1472 Under certain conditions wscanf can allocate too little -- memory for the to-be-scanned arguments and overflow the allocated -- buffer. The implementation now correctly computes the required buffer -- size when using malloc. -+* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate -+ too little memory for the to-be-scanned arguments and overflow the -+ allocated buffer. The implementation now correctly computes the required -+ buffer size when using malloc, and switches to malloc from alloca as -+ intended. - - * A new semaphore algorithm has been implemented in generic C code for all - machines. Previous custom assembly implementations of semaphore were -diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c -index f715ab0..40069a7 100644 ---- a/resolv/nss_dns/dns-host.c -+++ b/resolv/nss_dns/dns-host.c -@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, - int have_to_map = 0; - uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); - buffer += pad; -- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) -+ buflen = buflen > pad ? buflen - pad : 0; -+ if (__glibc_unlikely (buflen < sizeof (struct host_data))) - { - /* The buffer is too small. */ - too_small: -diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S -index 207b648..b6fa202 100644 ---- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S -+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S -@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk) - cmpl $0, KIND_OFFSET+__cpu_features@GOTOFF(%ebx) - jne 1f - call __init_cpu_features -- leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax --1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) -+1: leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax -+ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) - jz 2f - leal __mempcpy_chk_sse2_unaligned@GOTOFF(%ebx), %eax - testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features@GOTOFF(%ebx) diff --git a/core/glibc/glibc.install b/core/glibc/glibc.install index a2c0c5034..91747a85e 100644 --- a/core/glibc/glibc.install +++ b/core/glibc/glibc.install @@ -4,7 +4,7 @@ filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11}) post_upgrade() { ldconfig -r . - if [[ $(vercmp 2.20-2 $2) = 1 ]]; then + if [[ $(vercmp 2.22-1 $2) = 1 ]]; then locale-gen fi