This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via b79c4468c031daad78bb8deeacda65d5948d582f (commit) via 9503e363f5790674ccdaee19751014468f7edee3 (commit) via 3c22c38cfa3bc7991a7bbbfca1903e11aa99d183 (commit) via a95629e4ff0d68637f82cee777de9910d5c584ea (commit) via ee62c3f9f4642d6cb2f62a60608639da733a7efd (commit) via 2576d87312b5a5c35692cd20eff9ae4b31f78277 (commit) from 5039121de711662c9d7668eca4d3cc0fc02e1d0c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b79c4468c031daad78bb8deeacda65d5948d582f Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Mar 30 08:14:15 2016 +0200
libcap: Update to 2.25
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 9503e363f5790674ccdaee19751014468f7edee3 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Mar 30 08:13:32 2016 +0200
libassuan: Update to 2.4.2
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 3c22c38cfa3bc7991a7bbbfca1903e11aa99d183 Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Mar 30 08:12:48 2016 +0200
libapr: Update to 1.5.2
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit a95629e4ff0d68637f82cee777de9910d5c584ea Author: Alexander Marx alexander.marx@ipfire.org Date: Wed Mar 30 07:14:05 2016 +0200
kmod: Update to 22
Signed-off-by: Alexander Marx alexander.marx@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit ee62c3f9f4642d6cb2f62a60608639da733a7efd Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Mar 31 13:59:10 2016 +0100
glibc: Update to version 2.23
Requires Linux kernel 3.2 now.
Security related changes:
* An out-of-bounds value in a broken-out struct tm argument to strftime no longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776)
* The LD_POINTER_GUARD environment variable can no longer be used to disable the pointer guard feature. It is always enabled. Previously, LD_POINTER_GUARD could be used to disable security hardening in binaries running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert. (CVE-2015-8777)
* An integer overflow in hcreate and hcreate_r could lead to an out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778)
* The catopen function no longer has unbounded stack usage. Reported by Max. (CVE-2015-8779)
* The nan, nanf and nanl functions no longer have unbounded stack usage depending on the length of the string passed as an argument to the functions. Reported by Joseph Myers. (CVE-2014-9761)
* A stack-based buffer overflow was found in libresolv when invoked from libnss_dns, allowing specially crafted DNS responses to seize control of execution flow in the DNS client. The buffer overflow occurs in the functions send_dg (send datagram) and send_vc (send TCP) for the NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC family. The use of AF_UNSPEC triggers the low-level resolver code to send out two parallel queries for A and AAAA. A mismanagement of the buffers used for those queries could result in the response of a query writing beyond the alloca allocated buffer created by _nss_dns_gethostbyname4_r. Buffer management is simplified to remove the overflow. Thanks to the Google Security Team and Red Hat for reporting the security impact of this issue, and Robert Holiday of Ciena for reporting the related bug 18665. (CVE-2015-7547)
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 2576d87312b5a5c35692cd20eff9ae4b31f78277 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Mar 29 17:02:43 2016 +0100
glibc: Update to version 2.22
Security fix: A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a misaligned buffer, the buffer length change due to pointer alignment was not taken into account. This could result in application crashes or, potentially arbitrary code execution, using crafted, but syntactically valid DNS responses. (CVE-2015-1781)
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: glibc/glibc.nm | 15 +- .../glibc-2.10.1-localedef_trampoline-1.patch | 64 -------- .../patches/glibc-fedora-localedata-rh61908.patch | 38 ----- .../patches/glibc-fedora-manual-dircategory.patch | 20 --- glibc/patches/glibc-fedora-ppc-unwind.patch | 20 --- glibc/patches/glibc-fedora-pt_chown.patch | 57 ------- glibc/patches/glibc-fedora-streams-rh436349.patch | 28 ---- glibc/patches/glibc-fedora-uname-getrlimit.patch | 50 ------ glibc/patches/glibc-rh1009145.patch | 19 --- glibc/patches/glibc-rh1013801.patch | 90 ----------- glibc/patches/glibc-rh1124987.patch | 32 ---- glibc/patches/glibc-rh697421.patch | 10 -- glibc/patches/glibc-rh741105.patch | 20 --- glibc/patches/glibc-rh757881.patch | 167 --------------------- glibc/patches/glibc-rh825061.patch | 13 -- glibc/patches/glibc-rh827510.patch | 27 ---- glibc/patches/glibc-rh841787.patch | 33 ---- kmod/kmod.nm | 2 +- libapr/libapr.nm | 2 +- libassuan/libassuan.nm | 2 +- libcap/libcap.nm | 6 +- 21 files changed, 16 insertions(+), 699 deletions(-) delete mode 100644 glibc/patches/glibc-2.10.1-localedef_trampoline-1.patch delete mode 100644 glibc/patches/glibc-fedora-localedata-rh61908.patch delete mode 100644 glibc/patches/glibc-fedora-manual-dircategory.patch delete mode 100644 glibc/patches/glibc-fedora-ppc-unwind.patch delete mode 100644 glibc/patches/glibc-fedora-pt_chown.patch delete mode 100644 glibc/patches/glibc-fedora-streams-rh436349.patch delete mode 100644 glibc/patches/glibc-fedora-uname-getrlimit.patch delete mode 100644 glibc/patches/glibc-rh1009145.patch delete mode 100644 glibc/patches/glibc-rh1013801.patch delete mode 100644 glibc/patches/glibc-rh1124987.patch delete mode 100644 glibc/patches/glibc-rh697421.patch delete mode 100644 glibc/patches/glibc-rh741105.patch delete mode 100644 glibc/patches/glibc-rh757881.patch delete mode 100644 glibc/patches/glibc-rh825061.patch delete mode 100644 glibc/patches/glibc-rh827510.patch delete mode 100644 glibc/patches/glibc-rh841787.patch
Difference in files: diff --git a/glibc/glibc.nm b/glibc/glibc.nm index d406aa3..c0af694 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -4,7 +4,7 @@ ###############################################################################
name = glibc -version = 2.21 +version = 2.23 release = 1
maintainer = Michael Tremer michael.tremer@ipfire.org @@ -28,16 +28,18 @@ sources = %{thisapp}.tar.xz
build # Optimize glibc for kernel - OPTIMIZED_KERNEL = 2.6.32 + OPTIMIZED_KERNEL = 3.2
requires audit-devel autoconf automake + gcc >= 4.7 gettext kernel-headers >= %{OPTIMIZED_KERNEL} libcap-devel libselinux-devel + libstdc++-static texinfo end
@@ -67,12 +69,11 @@ build # program interpreter to /bin/bash in case another /bin/sh is installed. sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in
- # We don't install pt_chown(1) on the final system, so why install it to - # $(TOOLS_DIR): + # We don't install pt_chown(1) on the final system sed -e "/^install.*pt_chown/d" -i login/Makefile
# Build nscd with -fstack-protector-all, instead of -fstack-protector: - sed -e "s/fstack-protector/&-all/" -i nscd/Makefile + sed -e "s/fstack-protector/&-strong/" -i nscd/Makefile
# Use gnu hash style sed -i Makeconfig \ @@ -186,6 +187,10 @@ packages provides += ld-linux.so.3(GLIBC_2.4) provides += ld-linux.so.3(GLIBC_PRIVATE) end + + conflicts + kernel < %{OPTIMIZED_KERNEL} + end end
package glibc-common diff --git a/glibc/patches/glibc-2.10.1-localedef_trampoline-1.patch b/glibc/patches/glibc-2.10.1-localedef_trampoline-1.patch deleted file mode 100644 index 4d26016..0000000 --- a/glibc/patches/glibc-2.10.1-localedef_trampoline-1.patch +++ /dev/null @@ -1,64 +0,0 @@ -Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) -Date: 2007-05-05 -Initial Package Version: 2.5 -Upstream Status: Rejected - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3333 -Origin: Fedora's glibc-fedora.patch (via glibc-2.5.90-21) -Description: Avoid segmentation faults, or kills, on PaX and Exe-Shield kernels, - and some non-x86 architectures. - -* Sun Jun 01 2003 Jakub Jelinek jakub@redhat.com 2.3.2-46 - - avoid using trampolines in localedef - -This patch is also known as: -local-localedef-fix-trampoline.diff (Debian) -1040_all_2.3.3-localedef-fix-trampoline.patch (Gentoo) - -Also see: -http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=231438 - -diff -Naur glibc-2.5.orig/locale/programs/3level.h glibc-2.5/locale/programs/3level.h ---- glibc-2.5.orig/locale/programs/3level.h 2005-12-07 05:47:27.000000000 +0000 -+++ glibc-2.5/locale/programs/3level.h 2006-10-11 08:05:00.000000000 +0000 -@@ -202,6 +202,42 @@ - } - } - } -+ -+/* GCC ATM seems to do a poor job with pointers to nested functions passed -+ to inlined functions. Help it a little bit with this hack. */ -+#define wchead_table_iterate(tp, fn) \ -+do \ -+ { \ -+ struct wchead_table *t = (tp); \ -+ uint32_t index1; \ -+ for (index1 = 0; index1 < t->level1_size; index1++) \ -+ { \ -+ uint32_t lookup1 = t->level1[index1]; \ -+ if (lookup1 != ((uint32_t) ~0)) \ -+ { \ -+ uint32_t lookup1_shifted = lookup1 << t->q; \ -+ uint32_t index2; \ -+ for (index2 = 0; index2 < (1 << t->q); index2++) \ -+ { \ -+ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \ -+ if (lookup2 != ((uint32_t) ~0)) \ -+ { \ -+ uint32_t lookup2_shifted = lookup2 << t->p; \ -+ uint32_t index3; \ -+ for (index3 = 0; index3 < (1 << t->p); index3++) \ -+ { \ -+ struct element_t *lookup3 \ -+ = t->level3[index3 + lookup2_shifted]; \ -+ if (lookup3 != NULL) \ -+ fn ((((index1 << t->q) + index2) << t->p) + index3, \ -+ lookup3); \ -+ } \ -+ } \ -+ } \ -+ } \ -+ } \ -+ } while (0) -+ - #endif - - #ifndef NO_FINALIZE diff --git a/glibc/patches/glibc-fedora-localedata-rh61908.patch b/glibc/patches/glibc-fedora-localedata-rh61908.patch deleted file mode 100644 index c8fee0f..0000000 --- a/glibc/patches/glibc-fedora-localedata-rh61908.patch +++ /dev/null @@ -1,38 +0,0 @@ -* Tue Mar 26 2002 Jakub Jelinek jakub@redhat.com 2.2.5-28 -- add a couple of .ISO-8859-15 locales (#61908) - -diff -Nrup a/localedata/SUPPORTED b/localedata/SUPPORTED ---- a/localedata/SUPPORTED 2012-11-25 12:59:31.000000000 -0700 -+++ b/localedata/SUPPORTED 2012-11-26 12:58:43.298223018 -0700 -@@ -89,6 +89,7 @@ cy_GB.UTF-8/UTF-8 \ - cy_GB/ISO-8859-14 \ - da_DK.UTF-8/UTF-8 \ - da_DK/ISO-8859-1 \ -+da_DK.ISO-8859-15/ISO-8859-15 \ - de_AT.UTF-8/UTF-8 \ - de_AT/ISO-8859-1 \ - de_AT@euro/ISO-8859-15 \ -@@ -121,6 +122,7 @@ en_DK.UTF-8/UTF-8 \ - en_DK/ISO-8859-1 \ - en_GB.UTF-8/UTF-8 \ - en_GB/ISO-8859-1 \ -+en_GB.ISO-8859-15/ISO-8859-15 \ - en_HK.UTF-8/UTF-8 \ - en_HK/ISO-8859-1 \ - en_IE.UTF-8/UTF-8 \ -@@ -136,6 +138,7 @@ en_SG.UTF-8/UTF-8 \ - en_SG/ISO-8859-1 \ - en_US.UTF-8/UTF-8 \ - en_US/ISO-8859-1 \ -+en_US.ISO-8859-15/ISO-8859-15 \ - en_ZA.UTF-8/UTF-8 \ - en_ZA/ISO-8859-1 \ - en_ZM/UTF-8 \ -@@ -385,6 +388,7 @@ sv_FI/ISO-8859-1 \ - sv_FI@euro/ISO-8859-15 \ - sv_SE.UTF-8/UTF-8 \ - sv_SE/ISO-8859-1 \ -+sv_SE.ISO-8859-15/ISO-8859-15 \ - sw_KE/UTF-8 \ - sw_TZ/UTF-8 \ - szl_PL/UTF-8 \ diff --git a/glibc/patches/glibc-fedora-manual-dircategory.patch b/glibc/patches/glibc-fedora-manual-dircategory.patch deleted file mode 100644 index f681620..0000000 --- a/glibc/patches/glibc-fedora-manual-dircategory.patch +++ /dev/null @@ -1,20 +0,0 @@ -From 4820b9175535e13df79ce816106016040014916e Mon Sep 17 00:00:00 2001 -From: Jakub Jelinek jakub@redhat.com -Date: Fri, 3 Nov 2006 16:31:21 +0000 -Subject: [PATCH] Change @dircategory. - ---- - manual/libc.texinfo | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - ---- a/manual/libc.texinfo -+++ b/manual/libc.texinfo -@@ -7,7 +7,7 @@ - @include macros.texi - - @comment Tell install-info what to do. --@dircategory Software libraries -+@dircategory Libraries - @direntry - * Libc: (libc). C library. - @end direntry diff --git a/glibc/patches/glibc-fedora-ppc-unwind.patch b/glibc/patches/glibc-fedora-ppc-unwind.patch deleted file mode 100644 index 0a808ec..0000000 --- a/glibc/patches/glibc-fedora-ppc-unwind.patch +++ /dev/null @@ -1,20 +0,0 @@ -glibc-2.3.3-1478-g37582bc - -* Thu Nov 30 2006 Jakub Jelinek jakub@redhat.com 2.5.90-9 -- on ppc64 build __libc_start_main without unwind info, - as it breaks MD_FROB_UPDATE_CONTEXT (#217729, #217775; in the - future that could be fixable just by providing .cfi_undefined r2 - in __libc_start_main instead) - -diff -Nrup a/sysdeps/powerpc/powerpc64/Makefile b/sysdeps/powerpc/powerpc64/Makefile ---- a/sysdeps/powerpc/powerpc64/Makefile 2012-06-05 07:42:49.000000000 -0600 -+++ b/sysdeps/powerpc/powerpc64/Makefile 2012-06-07 12:15:21.828318633 -0600 -@@ -35,6 +35,8 @@ CFLAGS-rtld-memmove.os = $(no-special-re - CFLAGS-rtld-memchr.os = $(no-special-regs) - CFLAGS-rtld-strnlen.os = $(no-special-regs) - -+CFLAGS-libc-start.c += -fno-asynchronous-unwind-tables -+ - ifeq ($(subdir),elf) - # help gcc inline asm code from dl-machine.h - +cflags += -finline-limit=2000 diff --git a/glibc/patches/glibc-fedora-pt_chown.patch b/glibc/patches/glibc-fedora-pt_chown.patch deleted file mode 100644 index f64f449..0000000 --- a/glibc/patches/glibc-fedora-pt_chown.patch +++ /dev/null @@ -1,57 +0,0 @@ -From ee3d4021aaaeacff7cf2addcdaa48859fffba2aa Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@redhat.com -Date: Thu, 3 Feb 2011 15:45:02 +0100 -Subject: [PATCH] Replace setuid by file capabilities - -* login/programs/pt_chown.c (main): Check for valid file -descriptor instead of privileges. Be careful to drop all -capabilities when not needed. - ---- - ChangeLog | 6 ++++++ - login/programs/pt_chown.c | 14 +++++++++----- - 3 files changed, 16 insertions(+), 6 deletions(-) - ---- a/login/programs/pt_chown.c -+++ b/login/programs/pt_chown.c -@@ -28,6 +28,7 @@ - #include <string.h> - #include <sys/stat.h> - #include <unistd.h> -+#include <fcntl.h> - #ifdef HAVE_LIBCAP - # include <sys/capability.h> - # include <sys/prctl.h> -@@ -142,7 +143,7 @@ main (int argc, char *argv[]) - uid_t uid = getuid (); - int remaining; - -- if (argc == 1 && euid == 0) -+ if (argc == 1 && fcntl (PTY_FILENO, F_GETFD) == 0) - { - #ifdef HAVE_LIBCAP - /* Drop privileges. */ -@@ -175,6 +176,13 @@ main (int argc, char *argv[]) - - /* We aren't going to be using privileges, so drop them right now. */ - setuid (uid); -+#ifdef HAVE_LIBCAP -+ cap_t caps = cap_init (); -+ if (caps == NULL) -+ error (1, errno, "cap_init"); -+ cap_set_proc (caps); -+ cap_free (caps); -+#endif - - /* Set locale via LC_ALL. */ - setlocale (LC_ALL, ""); -@@ -194,9 +202,5 @@ main (int argc, char *argv[]) - return EXIT_FAILURE; - } - -- /* Check if we are properly installed. */ -- if (euid != 0) -- error (FAIL_EXEC, 0, gettext ("needs to be installed setuid `root'")); -- - return EXIT_SUCCESS; - } diff --git a/glibc/patches/glibc-fedora-streams-rh436349.patch b/glibc/patches/glibc-fedora-streams-rh436349.patch deleted file mode 100644 index 9334f19..0000000 --- a/glibc/patches/glibc-fedora-streams-rh436349.patch +++ /dev/null @@ -1,28 +0,0 @@ -This is part of commit glibc-2.3.3-1564-gd0b6ac6 - -* Fri Mar 14 2008 Jakub Jelinek jakub@redhat.com 2.7.90-11 -- remove <stropts.h>, define _XOPEN_STREAMS -1 (#436349) - -diff -Nrup a/nptl/sysdeps/unix/sysv/linux/bits/posix_opt.h b/nptl/sysdeps/unix/sysv/linux/bits/posix_opt.h ---- a/sysdeps/unix/sysv/linux/bits/posix_opt.h 2012-06-05 07:42:49.000000000 -0600 -+++ b/sysdeps/unix/sysv/linux/bits/posix_opt.h 2012-06-07 12:15:21.817318674 -0600 -@@ -188,4 +188,7 @@ - /* Typed memory objects are not available. */ - #define _POSIX_TYPED_MEMORY_OBJECTS -1 - -+/* Streams are not available. */ -+#define _XOPEN_STREAMS -1 -+ - #endif /* bits/posix_opt.h */ -diff -Nrup a/streams/Makefile b/streams/Makefile ---- a/streams/Makefile 2012-06-05 07:42:49.000000000 -0600 -+++ b/streams/Makefile 2012-06-07 12:15:21.824318649 -0600 -@@ -20,7 +20,7 @@ - - include ../Makeconfig - --headers = stropts.h sys/stropts.h bits/stropts.h bits/xtitypes.h -+#headers = stropts.h sys/stropts.h bits/stropts.h bits/xtitypes.h - routines = isastream getmsg getpmsg putmsg putpmsg fattach fdetach - - include ../Rules diff --git a/glibc/patches/glibc-fedora-uname-getrlimit.patch b/glibc/patches/glibc-fedora-uname-getrlimit.patch deleted file mode 100644 index dedb836..0000000 --- a/glibc/patches/glibc-fedora-uname-getrlimit.patch +++ /dev/null @@ -1,50 +0,0 @@ -From cde99cd2b7b16a6113acb054e89d490047932a9f Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@redhat.com -Date: Thu, 8 Apr 2010 11:18:26 +0200 -Subject: [PATCH] Don't call uname or getrlimit in libpthread init function - -* sysdeps/unix/sysv/linux/i386/Versions: Export __uname under -GLIBC_PRIVATE. -* nptl/Versions: Export __getrlimit under GLIBC_PRIVATE. -* sysdeps/unix/sysv/linux/i386/smp.h: Call __uname instead of uname. -* nptl/nptl-init.c: Call __getrlimit instead of getrlimit. - ---- - ChangeLog | 8 ++++++++ - nptl/Versions | 1 + - nptl/nptl-init.c | 2 +- - sysdeps/unix/sysv/linux/i386/Versions | 6 ++++++ - sysdeps/unix/sysv/linux/i386/smp.h | 2 +- - 5 files changed, 17 insertions(+), 2 deletions(-) - create mode 100644 sysdeps/unix/sysv/linux/i386/Versions - ---- a/nptl/Version -+++ b/nptl/Versions -@@ -30,6 +30,7 @@ libc { - __libc_pthread_init; - __libc_current_sigrtmin_private; __libc_current_sigrtmax_private; - __libc_allocate_rtsig_private; -+ __getrlimit; - } - } - ---- a/sysdeps/unix/sysv/linux/i386/Versions -+++ b/sysdeps/unix/sysv/linux/i386/Versions -@@ -53,5 +53,6 @@ - } - GLIBC_PRIVATE { - __modify_ldt; -+ __uname; - } - } ---- a/sysdeps/unix/sysv/linux/i386/smp.h -+++ b/sysdeps/unix/sysv/linux/i386/smp.h -@@ -36,7 +36,7 @@ is_smp_system (void) - char *cp; - - /* Try reading the number using `sysctl' first. */ -- if (uname (&u.uts) == 0) -+ if (__uname (&u.uts) == 0) - cp = u.uts.version; - else - { diff --git a/glibc/patches/glibc-rh1009145.patch b/glibc/patches/glibc-rh1009145.patch deleted file mode 100644 index c1af7fa..0000000 --- a/glibc/patches/glibc-rh1009145.patch +++ /dev/null @@ -1,19 +0,0 @@ ---- glibc-2.18-151-g303e567.orig/elf/ldconfig.c 2013-09-25 14:01:01.522446341 -0400 -+++ glibc-2.18-151-g303e567/elf/ldconfig.c 2013-09-25 14:06:31.094218857 -0400 -@@ -959,6 +959,16 @@ - || dlib_ptr->flag == FLAG_ELF_LIBC6) - && flag == FLAG_ELF) - dlib_ptr->flag = flag; -+#ifdef __arm__ -+ /* In Fedora 20 binutils regressed temporarily and failed to -+ mark hard ABI objects with the correct flag. Therefore we -+ must accept unmarked objects that were previously marked -+ hard ABI. We can remove this check once the entire distribution -+ has been rebuilt. */ -+ else if (dlib_ptr->flag & FLAG_ARM_LIBHF && -+ (flag == FLAG_ELF_LIBC6)) -+ ; -+#endif - else - error (0, 0, _("libraries %s and %s in directory %s have same soname but different type."), - dlib_ptr->name, direntry->d_name, diff --git a/glibc/patches/glibc-rh1013801.patch b/glibc/patches/glibc-rh1013801.patch deleted file mode 100644 index ac656b5..0000000 --- a/glibc/patches/glibc-rh1013801.patch +++ /dev/null @@ -1,90 +0,0 @@ -# -# Posted upstream: -# https://sourceware.org/ml/libc-alpha/2013-10/msg00065.html -# -# This is related to bug 1013801 in that it fixes the problem -# by modifying the runtime. In bug 1013801 we have libselinux -# using pthread_atfork which pulls in libpthread, but we don't -# want that, we want libpthread to be pulled in only when -# actually needed by the application. This patch makes it -# possible to avoid requiring libpthread and still use -# pthread_atfork. -# -# The general idea for the design is in the leading comment -# in the source code. -# -diff --git a/nptl/sysdeps/unix/sysv/linux/Makefile b/nptl/sysdeps/unix/sysv/linux/Makefile -index 6078e2d..36fd50b 100644 ---- a/nptl/Makefile -+++ b/nptl/Makefile -@@ -18,7 +18,9 @@ - - routines = alloca_cutoff forward libc-lowlevellock libc-cancellation \ - libc-cleanup libc_pthread_init libc_multiple_threads \ -- register-atfork unregister-atfork -+ register-atfork unregister-atfork libc_pthread_atfork -+ -+static-only-routines += libc_pthread_atfork - shared-only-routines = forward - - libpthread-routines = nptl-init vars events version \ -diff --git a/nptl/libc_pthread_atfork.c b/nptl/libc_pthread_atfork.c -new file mode 100644 -index 0000000..667049a ---- /dev/null -+++ b/nptl/libc_pthread_atfork.c -@@ -0,0 +1,54 @@ -+/* Copyright (C) 2013 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ Contributed by Ulrich Drepper drepper@redhat.com, 2002. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ http://www.gnu.org/licenses/. */ -+ -+/* The standard design pattern for making it optional to link against -+ libpthread is to mark the function weak, test if the function -+ address is non-zero and call the function, otherwise use a fallback. -+ The problem with pthread_atfork is that there is no viable -+ fallback. If you need to do something during fork it has to be done -+ via pthread_atfork. This makes having libpthread optional and using -+ pthread_atfork impossible. We make it possible by providing -+ pthread_atfork in libc_nonshared.a. The real work of pthread_atfork -+ is done by __register_atfork which is already provided in -+ libc_nonshared.a. It's included in libc_nonshared.a because -+ __dso_handle has to be unique to each DSO such that unloading the DSO -+ can unregister the atfork handlers. We build pthread_atfork again -+ under a different file name and include it into libc_nonshared.a and -+ libc.a. We keep pthread_atfork in libpthread_nonshared.a and -+ libpthread.a for compatibility and completeness. -+ -+ Applications that can't rely on a new glibc should use the following -+ code to optionally include libpthread and still register a function -+ via pthread_atfork i.e. use __register_atfork directly: -+ -+ extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden"))); -+ extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *); -+ -+ static int __app_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void)) -+ { -+ return __register_atfork (prepare, parent, child, -+ &__dso_handle == NULL ? NULL : __dso_handle); -+ } -+ -+ This code requires glibc 2.3.2 or newer. Previous to 2.3.2 no such -+ interfaces exist and at that point is is impossible to have an -+ optional libpthread and call pthread_atfork. -+ -+ This code adds no more ABI requirements than already exist since -+ __dso_handle and __register_atfork are already part of the ABI. */ -+#include <pthread_atfork.c> diff --git a/glibc/patches/glibc-rh1124987.patch b/glibc/patches/glibc-rh1124987.patch deleted file mode 100644 index 0b0c3ab..0000000 --- a/glibc/patches/glibc-rh1124987.patch +++ /dev/null @@ -1,32 +0,0 @@ -# -# This is an experimental patch that should go into rawhide and -# Fedora 21 to fix failures where python applications fail to -# load graphics applications because of the slot usages for TLS. -# This should eventually go upstream. -# -# - Carlos O'Donell -# -diff -urN glibc-2.19-886-gdd763fd/sysdeps/generic/ldsodefs.h glibc-2.19-886-gdd763fd.mod/sysdeps/generic/ldsodefs.h ---- glibc-2.19-886-gdd763fd/sysdeps/generic/ldsodefs.h 2014-08-21 01:00:55.000000000 -0400 -+++ glibc-2.19-886-gdd763fd.mod/sysdeps/generic/ldsodefs.h 2014-09-04 19:29:42.929692810 -0400 -@@ -388,8 +388,18 @@ - have to iterate beyond the first element in the slotinfo list. */ - #define TLS_SLOTINFO_SURPLUS (62) - --/* Number of additional slots in the dtv allocated. */ --#define DTV_SURPLUS (14) -+/* Number of additional allocated dtv slots. This was initially -+ 14, but problems with python, MESA, and X11's uses of static TLS meant -+ that most distributions were very close to this limit when they loaded -+ dynamically interpreted languages that used graphics. The simplest -+ solution was to roughly double the number of slots. The actual static -+ image space usage was relatively small, for example in MESA you -+ had only two dispatch pointers for a total of 16 bytes. If we hit up -+ against this limit again we should start a campaign with the -+ distributions to coordinate the usage of static TLS. Any user of this -+ resource is effectively coordinating a global resource since this -+ surplus is allocated for each thread at startup. */ -+#define DTV_SURPLUS (32) - - /* Initial dtv of the main thread, not allocated with normal malloc. */ - EXTERN void *_dl_initial_dtv; diff --git a/glibc/patches/glibc-rh697421.patch b/glibc/patches/glibc-rh697421.patch deleted file mode 100644 index 961c805..0000000 --- a/glibc/patches/glibc-rh697421.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff -rup a/iconvdata/gconv-modules b/iconvdata/gconv-modules ---- a/iconvdata/gconv-modules 2010-05-04 05:27:23.000000000 -0600 -+++ b/iconvdata/gconv-modules 2012-01-26 10:58:24.181895489 -0700 -@@ -1954,3 +1954,6 @@ alias HPGREEK8// HP-GREEK8// - alias OSF10010004// HP-GREEK8// - module HP-GREEK8// INTERNAL HP-GREEK8 1 - module INTERNAL HP-GREEK8// HP-GREEK8 1 -+ -+alias ISO-10646-UCS-2// UNICODE// -+alias ISO-10646-UCS-2// ISO-10646/UTF8/ diff --git a/glibc/patches/glibc-rh741105.patch b/glibc/patches/glibc-rh741105.patch deleted file mode 100644 index 973beb5..0000000 --- a/glibc/patches/glibc-rh741105.patch +++ /dev/null @@ -1,20 +0,0 @@ -diff -rup a/elf/dl-load.c b/elf/dl-load.c ---- a/elf/dl-load.c 2012-02-03 10:59:58.917870716 -0700 -+++ b/elf/dl-load.c 2012-02-03 11:01:01.796580644 -0700 -@@ -1130,6 +1130,16 @@ _dl_map_object_from_fd (const char *name - = N_("ELF load command address/offset not properly aligned"); - goto call_lose; - } -+ if (__glibc_unlikely (ph->p_offset + ph->p_filesz > st.st_size)) -+ { -+ /* If the segment requires zeroing of part of its last -+ page, we'll crash when accessing the unmapped page. -+ There's still a possibility of a race, if the shared -+ object is truncated between the fxstat above and the -+ memset below. */ -+ errstring = N_("ELF load command past end of file"); -+ goto call_lose; -+ } - - struct loadcmd *c = &loadcmds[nloadcmds++]; - c->mapstart = ph->p_vaddr & ~(GLRO(dl_pagesize) - 1); diff --git a/glibc/patches/glibc-rh757881.patch b/glibc/patches/glibc-rh757881.patch deleted file mode 100644 index f633dc5..0000000 --- a/glibc/patches/glibc-rh757881.patch +++ /dev/null @@ -1,167 +0,0 @@ -diff -pruN a/malloc/arena.c b/malloc/arena.c ---- a/malloc/arena.c 2014-01-07 07:07:47.000000000 +0530 -+++ b/malloc/arena.c 2014-01-07 14:11:40.093628218 +0530 -@@ -702,7 +702,7 @@ heap_trim (heap_info *heap, size_t pad) - if (!prev_inuse (p)) /* consolidate backward */ - { - p = prev_chunk (p); -- unlink (p, bck, fwd); -+ unlink (ar_ptr, p, bck, fwd); - } - assert (((unsigned long) ((char *) p + new_size) & (pagesz - 1)) == 0); - assert (((char *) p + new_size) == ((char *) heap + heap->size)); -diff -pruN a/malloc/hooks.c b/malloc/hooks.c ---- a/malloc/hooks.c 2014-01-07 07:07:47.000000000 +0530 -+++ b/malloc/hooks.c 2014-01-07 14:12:41.804625603 +0530 -@@ -237,7 +237,9 @@ top_check (void) - (char *) t + chunksize (t) == mp_.sbrk_base + main_arena.system_mem))) - return 0; - -+ mutex_unlock(&main_arena); - malloc_printerr (check_action, "malloc: top chunk is corrupt", t); -+ mutex_lock(&main_arena); - - /* Try to set up a new top chunk. */ - brk = MORECORE (0); -diff -pruN a/malloc/malloc.c b/malloc/malloc.c ---- a/malloc/malloc.c 2014-01-07 07:07:47.000000000 +0530 -+++ b/malloc/malloc.c 2014-01-07 14:29:53.370581893 +0530 -@@ -1404,11 +1404,15 @@ typedef struct malloc_chunk *mbinptr; - #define last(b) ((b)->bk) - - /* Take a chunk off a bin list */ --#define unlink(P, BK, FD) { \ -+#define unlink(AV, P, BK, FD) { \ - FD = P->fd; \ - BK = P->bk; \ - if (__builtin_expect (FD->bk != P || BK->fd != P, 0)) \ -- malloc_printerr (check_action, "corrupted double-linked list", P); \ -+ { \ -+ mutex_unlock(&(AV)->mutex); \ -+ malloc_printerr (check_action, "corrupted double-linked list", P); \ -+ mutex_lock(&(AV)->mutex); \ -+ } \ - else { \ - FD->bk = BK; \ - BK->fd = FD; \ -@@ -2524,7 +2528,9 @@ sysmalloc (INTERNAL_SIZE_T nb, mstate av - else if (contiguous (av) && old_size && brk < old_end) - { - /* Oops! Someone else killed our space.. Can't touch anything. */ -+ mutex_unlock(&av->mutex); - malloc_printerr (3, "break adjusted to free malloc space", brk); -+ mutex_lock(&av->mutex); - } - - /* -@@ -3353,7 +3359,9 @@ _int_malloc (mstate av, size_t bytes) - { - errstr = "malloc(): memory corruption (fast)"; - errout: -+ mutex_unlock(&av->mutex); - malloc_printerr (check_action, errstr, chunk2mem (victim)); -+ mutex_lock(&av->mutex); - return NULL; - } - check_remalloced_chunk (av, victim, nb); -@@ -3441,8 +3449,12 @@ _int_malloc (mstate av, size_t bytes) - bck = victim->bk; - if (__builtin_expect (victim->size <= 2 * SIZE_SZ, 0) - || __builtin_expect (victim->size > av->system_mem, 0)) -- malloc_printerr (check_action, "malloc(): memory corruption", -- chunk2mem (victim)); -+ { -+ void *p = chunk2mem(victim); -+ mutex_unlock(&av->mutex); -+ malloc_printerr (check_action, "malloc(): memory corruption", p); -+ mutex_lock(&av->mutex); -+ } - size = chunksize (victim); - - /* -@@ -3589,7 +3601,7 @@ _int_malloc (mstate av, size_t bytes) - victim = victim->fd; - - remainder_size = size - nb; -- unlink (victim, bck, fwd); -+ unlink (av, victim, bck, fwd); - - /* Exhaust */ - if (remainder_size < MINSIZE) -@@ -3694,7 +3706,7 @@ _int_malloc (mstate av, size_t bytes) - remainder_size = size - nb; - - /* unlink */ -- unlink (victim, bck, fwd); -+ unlink (av, victim, bck, fwd); - - /* Exhaust */ - if (remainder_size < MINSIZE) -@@ -3832,9 +3844,11 @@ _int_free (mstate av, mchunkptr p, int h - { - errstr = "free(): invalid pointer"; - errout: -- if (!have_lock && locked) -+ if (have_lock || locked) - (void) mutex_unlock (&av->mutex); - malloc_printerr (check_action, errstr, chunk2mem (p)); -+ if (have_lock) -+ mutex_lock(&av->mutex); - return; - } - /* We know that each chunk is at least MINSIZE bytes in size or a -@@ -3981,7 +3995,7 @@ _int_free (mstate av, mchunkptr p, int h - prevsize = p->prev_size; - size += prevsize; - p = chunk_at_offset(p, -((long) prevsize)); -- unlink(p, bck, fwd); -+ unlink(av, p, bck, fwd); - } - - if (nextchunk != av->top) { -@@ -3990,7 +4004,7 @@ _int_free (mstate av, mchunkptr p, int h - - /* consolidate forward */ - if (!nextinuse) { -- unlink(nextchunk, bck, fwd); -+ unlink(av, nextchunk, bck, fwd); - size += nextsize; - } else - clear_inuse_bit_at_offset(nextchunk, 0); -@@ -4151,7 +4165,7 @@ static void malloc_consolidate(mstate av - prevsize = p->prev_size; - size += prevsize; - p = chunk_at_offset(p, -((long) prevsize)); -- unlink(p, bck, fwd); -+ unlink(av, p, bck, fwd); - } - - if (nextchunk != av->top) { -@@ -4159,7 +4173,7 @@ static void malloc_consolidate(mstate av - - if (!nextinuse) { - size += nextsize; -- unlink(nextchunk, bck, fwd); -+ unlink(av, nextchunk, bck, fwd); - } else - clear_inuse_bit_at_offset(nextchunk, 0); - -@@ -4228,7 +4242,9 @@ _int_realloc(mstate av, mchunkptr oldp, - { - errstr = "realloc(): invalid old size"; - errout: -+ mutex_unlock(&av->mutex); - malloc_printerr (check_action, errstr, chunk2mem (oldp)); -+ mutex_lock(&av->mutex); - return NULL; - } - -@@ -4274,7 +4290,7 @@ _int_realloc(mstate av, mchunkptr oldp, - (unsigned long) (nb)) - { - newp = oldp; -- unlink (next, bck, fwd); -+ unlink (av, next, bck, fwd); - } - - /* allocate, copy, free */ diff --git a/glibc/patches/glibc-rh825061.patch b/glibc/patches/glibc-rh825061.patch deleted file mode 100644 index 54fae8b..0000000 --- a/glibc/patches/glibc-rh825061.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -rup a/manual/Makefile b/manual/Makefile ---- a/manual/Makefile 2012-05-20 19:47:38.000000000 -0600 -+++ b/manual/Makefile 2012-05-29 22:23:33.920428631 -0600 -@@ -129,7 +129,8 @@ $(objpfx)%.c.texi: examples/%.c - mv -f $@.new $@ - - $(objpfx)%.info: %.texinfo -- LANGUAGE=C LC_ALL=C $(MAKEINFO) -P $(objpfx) --output=$@ $< -+ LANGUAGE=C LC_ALL=C $(MAKEINFO) -P $(objpfx) --output=`basename $@` $< -+ mv `basename $@`* $(objpfx) - - $(objpfx)%.dvi: %.texinfo - cd $(objpfx);$(TEXI2DVI) -I $(shell cd $(<D) && pwd) --output=$@ \ diff --git a/glibc/patches/glibc-rh827510.patch b/glibc/patches/glibc-rh827510.patch deleted file mode 100644 index f5f024c..0000000 --- a/glibc/patches/glibc-rh827510.patch +++ /dev/null @@ -1,27 +0,0 @@ -2012-06-14 Jeff Law law@redhat.com - - - * locale/loadlocale.c (_nl_load_locale): Delay setting - file->decided until we have successfully loaded the file's - data. - -diff --git a/locale/loadlocale.c b/locale/loadlocale.c -index e3fa187..9fd9216 100644 ---- a/locale/loadlocale.c -+++ b/locale/loadlocale.c -@@ -169,7 +169,6 @@ _nl_load_locale (struct loaded_l10nfile *file, int category) - int save_err; - int alloc = ld_mapped; - -- file->decided = 1; - file->data = NULL; - - fd = open_not_cancel_2 (file->filename, O_RDONLY | O_CLOEXEC); -@@ -278,6 +277,7 @@ _nl_load_locale (struct loaded_l10nfile *file, int category) - newdata->alloc = alloc; - - file->data = newdata; -+ file->decided = 1; - } - - void diff --git a/glibc/patches/glibc-rh841787.patch b/glibc/patches/glibc-rh841787.patch deleted file mode 100644 index 76f85bf..0000000 --- a/glibc/patches/glibc-rh841787.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -rup a/resolv/res_init.c b/resolv/res_init.c ---- a/resolv/res_init.c 2012-07-26 15:10:45.655638776 -0600 -+++ b/resolv/res_init.c 2012-07-26 15:11:27.731423002 -0600 -@@ -314,9 +314,9 @@ __res_vinit(res_state statp, int preinit - cp++; - if ((*cp != '\0') && (*cp != '\n') - && __inet_aton(cp, &a)) { -- statp->nsaddr_list[nservall].sin_addr = a; -- statp->nsaddr_list[nservall].sin_family = AF_INET; -- statp->nsaddr_list[nservall].sin_port = -+ statp->nsaddr_list[nserv].sin_addr = a; -+ statp->nsaddr_list[nserv].sin_family = AF_INET; -+ statp->nsaddr_list[nserv].sin_port = - htons(NAMESERVER_PORT); - nserv++; - #ifdef _LIBC -diff -rup a/resolv/res_send.c b/resolv/res_send.c ---- a/resolv/res_send.c 2010-05-04 05:27:23.000000000 -0600 -+++ b/resolv/res_send.c 2012-07-26 15:34:58.398261659 -0600 -@@ -421,10 +421,10 @@ __libc_res_nsend(res_state statp, const - EXT(statp).nsmap[n] = MAXNS; - } - } -- n = statp->nscount; -- if (statp->nscount > EXT(statp).nscount) -+ n = statp->nscount - EXT(statp).nscount6; -+ if (n > EXT(statp).nscount) - for (n = EXT(statp).nscount, ns = 0; -- n < statp->nscount; n++) { -+ n < statp->nscount - EXT(statp).nscount6; n++) { - while (ns < MAXNS - && EXT(statp).nsmap[ns] != MAXNS) - ns++; diff --git a/kmod/kmod.nm b/kmod/kmod.nm index c78575e..daba803 100644 --- a/kmod/kmod.nm +++ b/kmod/kmod.nm @@ -4,7 +4,7 @@ ###############################################################################
name = kmod -version = 19 +version = 22 release = 1
maintainer = Michael Tremer michael.tremer@ipfire.org diff --git a/libapr/libapr.nm b/libapr/libapr.nm index eb81210..5554b2f 100644 --- a/libapr/libapr.nm +++ b/libapr/libapr.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libapr -version = 1.4.5 +version = 1.5.2 release = 1 thisapp = apr-%{version}
diff --git a/libassuan/libassuan.nm b/libassuan/libassuan.nm index 085b6f7..7901dbd 100644 --- a/libassuan/libassuan.nm +++ b/libassuan/libassuan.nm @@ -4,7 +4,7 @@ ###############################################################################
name = libassuan -version = 2.1.1 +version = 2.4.2 release = 1
groups = System/Libraries diff --git a/libcap/libcap.nm b/libcap/libcap.nm index 6941bda..145cf2f 100644 --- a/libcap/libcap.nm +++ b/libcap/libcap.nm @@ -4,11 +4,11 @@ ###############################################################################
name = libcap -version = 2.22 -release = 3 +version = 2.25 +release = 1
groups = System/Libraries -url = http://ftp.kernel.org/pub/linux/libs/security/linux-privs/kernel-2.6/ +url = http://ftp.kernel.org/pub/linux/libs/security/linux-privs/libcap2/ license = LGPL2+ summary = Library for getting and setting POSIX.1e capabilities.
hooks/post-receive -- IPFire 3.x development tree