From e90279f3605471b46391b43d9d03c2fa652a85a4 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Sat, 5 Aug 2023 01:10:24 +0000 Subject: [PATCH] core/glibc to 2.38-2 --- core/glibc/PKGBUILD | 9 +- core/glibc/cve-2023-25139.patch | 81 ---------------- core/glibc/reenable_DT_HASH.patch | 149 ++++-------------------------- 3 files changed, 24 insertions(+), 215 deletions(-) delete mode 100644 core/glibc/cve-2023-25139.patch diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD index 2538d64f1..f859eebea 100644 --- a/core/glibc/PKGBUILD +++ b/core/glibc/PKGBUILD @@ -17,7 +17,7 @@ noautobuild=1 pkgname=glibc pkgver=2.38 _commit=36f2487f13e3540be9ee0fb51876b1da72176d3f -pkgrel=1 +pkgrel=2 arch=(x86_64) url='https://www.gnu.org/software/libc' license=(GPL LGPL) @@ -27,6 +27,7 @@ source=(git+https://sourceware.org/git/glibc.git#commit=${_commit} locale.gen.txt locale-gen sdt.h sdt-config.h + reenable_DT_HASH.patch PATCH-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch ) validpgpkeys=(7273542B39962DF7B299931416792B4EA25340F8 # Carlos O'Donell @@ -36,6 +37,7 @@ b2sums=('SKIP' '04fbb3b0b28705f41ccc6c15ed5532faf0105370f22133a2b49867e790df0491f5a1255220ff6ebab91a462f088d0cf299491b3eb8ea53534cb8638a213e46e3' 'a6a5e2f2a627cc0d13d11a82458cfd0aa75ec1c5a3c7647e5d5a3bb1d4c0770887a3909bfda1236803d5bc9801bfd6251e13483e9adf797e4725332cd0d91a0e' '214e995e84b342fe7b2a7704ce011b7c7fc74c2971f98eeb3b4e677b99c860addc0a7d91b8dc0f0b8be7537782ee331999e02ba48f4ccc1c331b60f27d715678' + '35e03ed912e1b0cd23783ab83ce919412885c141344905b8b67bbad4a86c48cf3e893806060e48d5737514ff80cea0b58b0e1f15707c32224579c416dcd810c0' '2a83dad4bcca543a5a85e91ebbe2bbccb4f863044d9e6e65806be0ea43ba70dd4e1e76e1548f9d189e996d4fcda0afc75efebdc9431fe10f2b66d3d2e878615b') prepare() { @@ -44,6 +46,11 @@ prepare() { [[ -d glibc-$pkgver ]] && ln -s glibc-$pkgver glibc cd glibc + # Re-enable `--hash-style=both` for building shared objects due to issues with EPIC's EAC + # which relies on DT_HASH to be present in these libs. + # reconsider 2023-01 + patch -Np1 -i "${srcdir}"/reenable_DT_HASH.patch + patch -Np1 < ../PATCH-nscd-Do-not-rebuild-getaddrinfo-bug-30709.patch } diff --git a/core/glibc/cve-2023-25139.patch b/core/glibc/cve-2023-25139.patch deleted file mode 100644 index 3361e68fa..000000000 --- a/core/glibc/cve-2023-25139.patch +++ /dev/null @@ -1,81 +0,0 @@ -This is a partial fix for mishandling of grouping when formatting -integers. It properly computes the width in presence of grouping -characteres when the precision is larger than the number of significant -digits. ---- - stdio-common/Makefile | 1 + - stdio-common/tst-grouping3.c | 37 +++++++++++++++++++++++++++++ - stdio-common/vfprintf-process-arg.c | 2 +- - 3 files changed, 39 insertions(+), 1 deletion(-) - create mode 100644 stdio-common/tst-grouping3.c - -diff --git a/stdio-common/Makefile b/stdio-common/Makefile -index 6e9d104524..b46d932a20 100644 ---- a/stdio-common/Makefile -+++ b/stdio-common/Makefile -@@ -195,6 +195,7 @@ tests := \ - tst-gets \ - tst-grouping \ - tst-grouping2 \ -+ tst-grouping3 \ - tst-long-dbl-fphex \ - tst-memstream-string \ - tst-obprintf \ -diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c -new file mode 100644 -index 0000000000..0031ad4010 ---- /dev/null -+++ b/stdio-common/tst-grouping3.c -@@ -0,0 +1,37 @@ -+/* Test printf with grouping and padding (bug 23432) -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+#include -+#include -+#include -+#include -+ -+static int -+do_test (void) -+{ -+ char buf[80]; -+ -+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8"); -+ -+ sprintf (buf, "%+-'13.9d", 1234567); -+ TEST_COMPARE_STRING (buf, "+001.234.567 "); -+ -+ return 0; -+} -+ -+#include -diff --git a/stdio-common/vfprintf-process-arg.c b/stdio-common/vfprintf-process-arg.c -index 2c651946df..cd3eaf5c0c 100644 ---- a/stdio-common/vfprintf-process-arg.c -+++ b/stdio-common/vfprintf-process-arg.c -@@ -257,7 +257,7 @@ LABEL (unsigned_number): /* Unsigned number of base BASE. */ - width -= 2; - } - -- width -= workend - string + prec; -+ width -= number_length + prec; - - Xprintf_buffer_pad (buf, L_('0'), prec); - --- -2.39.1 diff --git a/core/glibc/reenable_DT_HASH.patch b/core/glibc/reenable_DT_HASH.patch index f828b011b..87a2329d8 100644 --- a/core/glibc/reenable_DT_HASH.patch +++ b/core/glibc/reenable_DT_HASH.patch @@ -1,145 +1,28 @@ -From e47de5cb2d4dbecb58f569ed241e8e95c568f03c Mon Sep 17 00:00:00 2001 -From: Florian Weimer -Date: Fri, 29 Apr 2022 16:37:51 +0200 -Subject: [PATCH] Do not use --hash-style=both for building glibc shared - objects +From 31915e55f9c34f6137ab1c5ac002375a2d5d4589 Mon Sep 17 00:00:00 2001 +From: Frederik Schwan +Date: Fri, 4 Aug 2023 15:19:57 +0200 +Subject: [PATCH] force --hash-style=both to keep compatibility with old niche + software -The comment indicates that --hash-style=both was used to maintain -compatibility with static dlopen, but we had many internal ABI -changes since then, so this compatiblity does not add value anymore. - -Reviewed-by: Carlos O'Donell --- - Makeconfig | 9 +++++++++ - Makerules | 7 +++++++ - config.make.in | 1 + - configure | 28 ++++++++++++++++++++++++++++ - configure.ac | 16 ++++++++++++++++ - 5 files changed, 61 insertions(+) + Makeconfig | 4 ++++ + 1 file changed, 4 insertions(+) -diff --git b/Makeconfig a/Makeconfig -index 760f14e92f..0aa5fb0099 100644 ---- b/Makeconfig -+++ a/Makeconfig -@@ -362,6 +362,15 @@ relro-LDFLAGS = -Wl,-z,relro +diff --git a/Makeconfig b/Makeconfig +index 77d7fd14df..2ae67c4beb 100644 +--- a/Makeconfig ++++ b/Makeconfig +@@ -378,6 +378,10 @@ relro-LDFLAGS = -Wl,-z,relro LDFLAGS.so += $(relro-LDFLAGS) LDFLAGS-rtld += $(relro-LDFLAGS) -+ifeq (yes,$(have-hash-style)) -+# For the time being we unconditionally use 'both'. At some time we -+# should declare statically linked code as 'out of luck' and compile -+# with --hash-style=gnu only. +hashstyle-LDFLAGS = -Wl,--hash-style=both +LDFLAGS.so += $(hashstyle-LDFLAGS) +LDFLAGS-rtld += $(hashstyle-LDFLAGS) -+endif + - ifeq (no,$(build-pie-default)) - pie-default = $(no-pie-ccflag) - else # build-pie-default -diff --git b/Makerules a/Makerules -index 354528b8c7..428464f092 100644 ---- b/Makerules -+++ a/Makerules -@@ -557,6 +557,13 @@ $(common-objpfx)shlib.lds: $(common-objpfx)config.make $(..)Makerules - -Wl,--verbose 2>/dev/null | \ - sed > $@T \ - -e '/^=========/,/^=========/!d;/^=========/d' \ -+ $(if $(filter yes,$(have-hash-style)), \ -+ -e 's/^.*\.gnu\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ -+ -e '/^[ ]*\.hash[ ]*:.*$$/{h;d;}' \ -+ -e '/DATA_SEGMENT_ALIGN/{H;g}' \ -+ , \ -+ -e 's/^.*\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ -+ ) \ - -e 's/^.*\*(\.dynbss).*$$/& \ - PROVIDE(__start___libc_freeres_ptrs = .); \ - *(__libc_freeres_ptrs) \ -diff --git b/config.make.in a/config.make.in -index fff4c78dd0..bf728c71c0 100644 ---- b/config.make.in -+++ a/config.make.in -@@ -70,6 +70,7 @@ have-libcap = @have_libcap@ - have-cc-with-libunwind = @libc_cv_cc_with_libunwind@ - fno-unit-at-a-time = @fno_unit_at_a_time@ - bind-now = @bindnow@ -+have-hash-style = @libc_cv_hashstyle@ - use-default-link = @use_default_link@ - have-cxx-thread_local = @libc_cv_cxx_thread_local@ - have-loop-to-function = @libc_cv_cc_loop_to_function@ -diff --git b/configure a/configure -index 716dc041b6..5a730dc5fc 100755 ---- b/configure -+++ a/configure -@@ -622,6 +622,7 @@ libc_cv_cc_nofma - libc_cv_mtls_dialect_gnu2 - fno_unit_at_a_time - libc_cv_has_glob_dat -+libc_cv_hashstyle - libc_cv_fpie - libc_cv_z_execstack - ASFLAGS_config -@@ -6193,6 +6194,33 @@ $as_echo "$libc_cv_fpie" >&6; } - - - -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --hash-style option" >&5 -+$as_echo_n "checking for --hash-style option... " >&6; } -+if ${libc_cv_hashstyle+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ cat > conftest.c <&5 -+ (eval $ac_try) 2>&5 -+ ac_status=$? -+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 -+ test $ac_status = 0; }; } -+then -+ libc_cv_hashstyle=yes -+else -+ libc_cv_hashstyle=no -+fi -+rm -f conftest* -+fi -+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_hashstyle" >&5 -+$as_echo "$libc_cv_hashstyle" >&6; } -+ -+ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 - $as_echo_n "checking for GLOB_DAT reloc... " >&6; } - if ${libc_cv_has_glob_dat+:} false; then : -diff --git b/configure.ac a/configure.ac -index d08ad4d64e..a045f6608e 100644 ---- b/configure.ac -+++ a/configure.ac -@@ -1360,6 +1360,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no]) - - AC_SUBST(libc_cv_fpie) - -+AC_CACHE_CHECK(for --hash-style option, -+ libc_cv_hashstyle, [dnl -+cat > conftest.c <&AS_MESSAGE_LOG_FD]) -+then -+ libc_cv_hashstyle=yes -+else -+ libc_cv_hashstyle=no -+fi -+rm -f conftest*]) -+AC_SUBST(libc_cv_hashstyle) -+ - AC_CACHE_CHECK(for GLOB_DAT reloc, - libc_cv_has_glob_dat, [dnl - cat > conftest.c <