This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via b8e1d265670a5592c1a0fcfd8e1bf265434c72a9 (commit) from 62d3a8e711a32d1b169b0e30270b33817c720fd5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b8e1d265670a5592c1a0fcfd8e1bf265434c72a9 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Feb 16 12:22:31 2014 +0100
glibc: Update to 2.19.
-----------------------------------------------------------------------
Summary of changes: glibc/glibc-stack_chk_fail.c | 321 ------------------- glibc/glibc.nm | 9 +- ...libc-2.10.1-hardened-configure-picdefault.patch | 29 -- .../glibc-2.10.1-hardened-inittls-nosysenter.patch | 273 ---------------- glibc/patches/glibc-2.10.1-strlcpy_strlcat-1.patch | 349 --------------------- .../glibc-2.17-endless-loop-stdc-predef.h.patch | 58 ---- glibc/patches/glibc-fedora-elf-ORIGIN.patch | 98 ------ glibc/patches/glibc-fedora-gai-canonical.patch | 128 -------- glibc/patches/glibc-fedora-regcomp-sw11561.patch | 147 --------- 9 files changed, 4 insertions(+), 1408 deletions(-) delete mode 100644 glibc/glibc-stack_chk_fail.c delete mode 100644 glibc/patches/glibc-2.10.1-hardened-configure-picdefault.patch delete mode 100644 glibc/patches/glibc-2.10.1-hardened-inittls-nosysenter.patch delete mode 100644 glibc/patches/glibc-2.10.1-strlcpy_strlcat-1.patch delete mode 100644 glibc/patches/glibc-2.17-endless-loop-stdc-predef.h.patch delete mode 100644 glibc/patches/glibc-fedora-elf-ORIGIN.patch delete mode 100644 glibc/patches/glibc-fedora-gai-canonical.patch delete mode 100644 glibc/patches/glibc-fedora-regcomp-sw11561.patch
Difference in files: diff --git a/glibc/glibc-stack_chk_fail.c b/glibc/glibc-stack_chk_fail.c deleted file mode 100644 index 217bf1a..0000000 --- a/glibc/glibc-stack_chk_fail.c +++ /dev/null @@ -1,321 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2007 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - <kevquinn[@]gentoo.org> - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - <solar[@]gentoo.org> - * Alexander Gabert - <pappy[@]gentoo.org> - * The PaX Team - <pageexec[@]freemail.hu> - * Peter S. Mazinger - <ps.m[@]gmx.net> - * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> - * Robert Connolly - <robert[@]linuxfromscratch.org> - * Cory Visi <cory[@]visi.name> - * Mike Frysinger <vapier[@]gentoo.org> - */ - -#include <errno.h> -#include <stdlib.h> -#include <unistd.h> -#include <signal.h> - -#include <sys/types.h> - -#include <sysdep-cancel.h> -#include <sys/syscall.h> -#include <bp-checks.h> - -#include <kernel-features.h> - -#include <alloca.h> -/* from sysdeps */ -#include <socketcall.h> -/* for the stuff in bits/socket.h */ -#include <sys/socket.h> -#include <sys/un.h> - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = "<rtld>"; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/%5Cn"; - static const char msg_unknown[] = "<unknown>"; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/glibc/glibc.nm b/glibc/glibc.nm index d85f4dd..90a55bc 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -4,8 +4,8 @@ ###############################################################################
name = glibc -version = 2.17 -release = 4 +version = 2.19 +release = 1
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Base @@ -74,8 +74,6 @@ build # Build nscd with -fstack-protector-all, instead of -fstack-protector: sed -e "s/fstack-protector/&-all/" -i nscd/Makefile
- cat %{DIR_SOURCE}/glibc-stack_chk_fail.c > debug/stack_chk_fail.c - # Use gnu hash style sed -i Makeconfig \ -e "s/-Wl,--hash-style=both/-Wl,--hash-style=gnu -Wl,-O1/" @@ -95,7 +93,8 @@ build --disable-werror \ --enable-bind-now \ --enable-obsolete-rpc \ - --with-bugurl=http://bugtracker.ipfire.org + --with-bugurl=http://bugtracker.ipfire.org \ + --enable-lock-elision
if "%{DISTRO_ARCH}" == "armv5tel" # Disable hardware FP for ARM. diff --git a/glibc/patches/glibc-2.10.1-hardened-configure-picdefault.patch b/glibc/patches/glibc-2.10.1-hardened-configure-picdefault.patch deleted file mode 100644 index 19f2544..0000000 --- a/glibc/patches/glibc-2.10.1-hardened-configure-picdefault.patch +++ /dev/null @@ -1,29 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn kevquinn@gentoo.org - ---- glibc-2.10.1/configure.in -+++ glibc-2.10.1/configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- glibc-2.10.1/configure -+++ glibc-2.10.1/configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/glibc/patches/glibc-2.10.1-hardened-inittls-nosysenter.patch b/glibc/patches/glibc-2.10.1-hardened-inittls-nosysenter.patch deleted file mode 100644 index ce9c907..0000000 --- a/glibc/patches/glibc-2.10.1-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,273 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn kevquinn@gentoo.org - ---- glibc-2.10.1/csu/libc-start.c -+++ glibc-2.10.1/csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include <tls.h> -+#include <sysdep.h> - #ifndef SHARED - # include <dl-osinfo.h> - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- glibc-2.10.1/csu/libc-tls.c -+++ glibc-2.10.1/csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include <unistd.h> - #include <stdio.h> - #include <sys/param.h> -+#include <sysdep.h> - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- glibc-2.10.1/misc/sbrk.c -+++ glibc-2.10.1/misc/sbrk.c -@@ -18,6 +18,7 @@ - - #include <stdint.h> - #include <unistd.h> -+#include <sysdep.h> - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- glibc-2.10.1/sysdeps/unix/sysv/linux/i386/brk.c -+++ glibc-2.10.1/sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- glibc-2.10.1/sysdeps/unix/sysv/linux/i386/sysdep.h -+++ glibc-2.10.1/sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/glibc/patches/glibc-2.10.1-strlcpy_strlcat-1.patch b/glibc/patches/glibc-2.10.1-strlcpy_strlcat-1.patch deleted file mode 100644 index 5cbacbf..0000000 --- a/glibc/patches/glibc-2.10.1-strlcpy_strlcat-1.patch +++ /dev/null @@ -1,349 +0,0 @@ -diff -Naur glibc-2.7.orig/manual/strlcpy.3 glibc-2.7/manual/strlcpy.3 ---- glibc-2.7.orig/manual/strlcpy.3 1970-01-01 00:00:00.000000000 +0000 -+++ glibc-2.7/manual/strlcpy.3 2008-01-19 23:13:56.000000000 +0000 -@@ -0,0 +1,186 @@ -+." $OpenBSD: strlcpy.3,v 1.18 2005/08/06 03:24:19 jaredy Exp $ -+." -+." Copyright (c) 1998, 2000 Todd C. Miller Todd.Miller@courtesan.com -+." -+." Permission to use, copy, modify, and distribute this software for any -+." purpose with or without fee is hereby granted, provided that the above -+." copyright notice and this permission notice appear in all copies. -+." -+." THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+." WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+." MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+." ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+." WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+." ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+." OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+." -+.Dd June 22, 1998 -+.Dt STRLCPY 3 -+.Os -+.Sh NAME -+.Nm strlcpy , -+.Nm strlcat -+.Nd size-bounded string copying and concatenation -+.Sh SYNOPSIS -+.Fd #include <string.h> -+.Ft size_t -+.Fn strlcpy "char *dst" "const char *src" "size_t size" -+.Ft size_t -+.Fn strlcat "char *dst" "const char *src" "size_t size" -+.Sh DESCRIPTION -+The -+.Fn strlcpy -+and -+.Fn strlcat -+functions copy and concatenate strings respectively. -+They are designed -+to be safer, more consistent, and less error prone replacements for -+.Xr strncpy 3 -+and -+.Xr strncat 3 . -+Unlike those functions, -+.Fn strlcpy -+and -+.Fn strlcat -+take the full size of the buffer (not just the length) and guarantee to -+NUL-terminate the result (as long as -+.Fa size -+is larger than 0 or, in the case of -+.Fn strlcat , -+as long as there is at least one byte free in -+.Fa dst ) . -+Note that a byte for the NUL should be included in -+.Fa size . -+Also note that -+.Fn strlcpy -+and -+.Fn strlcat -+only operate on true -+.Dq C -+strings. -+This means that for -+.Fn strlcpy -+.Fa src -+must be NUL-terminated and for -+.Fn strlcat -+both -+.Fa src -+and -+.Fa dst -+must be NUL-terminated. -+.Pp -+The -+.Fn strlcpy -+function copies up to -+.Fa size -+- 1 characters from the NUL-terminated string -+.Fa src -+to -+.Fa dst , -+NUL-terminating the result. -+.Pp -+The -+.Fn strlcat -+function appends the NUL-terminated string -+.Fa src -+to the end of -+.Fa dst . -+It will append at most -+.Fa size -+- strlen(dst) - 1 bytes, NUL-terminating the result. -+.Sh RETURN VALUES -+The -+.Fn strlcpy -+and -+.Fn strlcat -+functions return the total length of the string they tried to create. -+For -+.Fn strlcpy -+that means the length of -+.Fa src . -+For -+.Fn strlcat -+that means the initial length of -+.Fa dst -+plus -+the length of -+.Fa src . -+While this may seem somewhat confusing, it was done to make -+truncation detection simple. -+.Pp -+Note, however, that if -+.Fn strlcat -+traverses -+.Fa size -+characters without finding a NUL, the length of the string is considered -+to be -+.Fa size -+and the destination string will not be NUL-terminated (since there was -+no space for the NUL). -+This keeps -+.Fn strlcat -+from running off the end of a string. -+In practice this should not happen (as it means that either -+.Fa size -+is incorrect or that -+.Fa dst -+is not a proper -+.Dq C -+string). -+The check exists to prevent potential security problems in incorrect code. -+.Sh EXAMPLES -+The following code fragment illustrates the simple case: -+.Bd -literal -offset indent -+char *s, *p, buf[BUFSIZ]; -+ -+&... -+ -+(void)strlcpy(buf, s, sizeof(buf)); -+(void)strlcat(buf, p, sizeof(buf)); -+.Ed -+.Pp -+To detect truncation, perhaps while building a pathname, something -+like the following might be used: -+.Bd -literal -offset indent -+char *dir, *file, pname[MAXPATHLEN]; -+ -+&... -+ -+if (strlcpy(pname, dir, sizeof(pname)) >= sizeof(pname)) -+ goto toolong; -+if (strlcat(pname, file, sizeof(pname)) >= sizeof(pname)) -+ goto toolong; -+.Ed -+.Pp -+Since it is known how many characters were copied the first time, things -+can be sped up a bit by using a copy instead of an append: -+.Bd -literal -offset indent -+char *dir, *file, pname[MAXPATHLEN]; -+size_t n; -+ -+&... -+ -+n = strlcpy(pname, dir, sizeof(pname)); -+if (n >= sizeof(pname)) -+ goto toolong; -+if (strlcpy(pname + n, file, sizeof(pname) - n) >= sizeof(pname) - n) -+ goto toolong; -+.Ed -+.Pp -+However, one may question the validity of such optimizations, as they -+defeat the whole purpose of -+.Fn strlcpy -+and -+.Fn strlcat . -+As a matter of fact, the first version of this manual page got it wrong. -+.Sh SEE ALSO -+.Xr snprintf 3 , -+.Xr strncat 3 , -+.Xr strncpy 3 -+.Sh HISTORY -+The -+.Fn strlcpy -+and -+.Fn strlcat -+functions first appeared in -+.Ox 2.4 . -diff -Naur glibc-2.7.orig/string/Makefile glibc-2.7/string/Makefile ---- glibc-2.7.orig/string/Makefile 2007-02-01 16:10:11.000000000 +0000 -+++ glibc-2.7/string/Makefile 2008-01-19 23:14:48.000000000 +0000 -@@ -40,7 +40,12 @@ - addsep replace) \ - envz basename \ - strcoll_l strxfrm_l string-inlines memrchr \ -- xpg-strerror strerror_l -+ xpg-strerror strerror_l strlcat strlcpy -+ -+# These routines will be omitted from the libc shared object. -+# Instead the static object files will be included in a special archive -+# linked against when the shared library will be used. -+static-only-routines = strlcat strlcpy - - # Gcc internally generates calls to unbounded memcpy and memset - # for -fbounded-pointer compiles. Glibc uses memchr for explicit checks. -diff -Naur glibc-2.7.orig/string/string.h glibc-2.7/string/string.h ---- glibc-2.7.orig/string/string.h 2007-09-15 02:35:08.000000000 +0000 -+++ glibc-2.7/string/string.h 2008-01-19 23:13:56.000000000 +0000 -@@ -354,6 +354,24 @@ - extern char *strsep (char **__restrict __stringp, - __const char *__restrict __delim) - __THROW __nonnull ((1, 2)); -+ -+/* -+ * Appends __src to string __dst of size __n (unlike strncat, __n is the -+ * full size of __dst, not space left). At most __n-1 characters -+ * will be copied. Always NUL terminates (unless __n <= strlen(__dst)). -+ * Returns strlen(__src) + MIN(__n, strlen(initial __dst)). -+ * If retval >= __n, truncation occurred. -+ */ -+extern size_t strlcat (char *__dst, __const char *__src, size_t __n) -+ __THROW __nonnull ((1, 2)); -+ -+/* -+ * Copy __src to string __dst of size __n. At most __n-1 characters -+ * will be copied. Always NUL terminates (unless __n == 0). -+ * Returns strlen(__src); if retval >= __n, truncation occurred. -+ */ -+extern size_t strlcpy (char *__dst, __const char *__src, size_t __n) -+ __THROW __nonnull ((1, 2)); - #endif - - #ifdef __USE_GNU -diff -Naur glibc-2.7.orig/string/strlcat.c glibc-2.7/string/strlcat.c ---- glibc-2.7.orig/string/strlcat.c 1970-01-01 00:00:00.000000000 +0000 -+++ glibc-2.7/string/strlcat.c 2008-01-19 23:13:56.000000000 +0000 -@@ -0,0 +1,55 @@ -+/* $OpenBSD: strlcat.c,v 1.13 2005/08/08 08:05:37 espie Exp $ */ -+ -+/* -+ * Copyright (c) 1998 Todd C. Miller Todd.Miller@courtesan.com -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include <sys/types.h> -+#include <string.h> -+ -+/* -+ * Appends src to string dst of size siz (unlike strncat, siz is the -+ * full size of dst, not space left). At most siz-1 characters -+ * will be copied. Always NUL terminates (unless siz <= strlen(dst)). -+ * Returns strlen(src) + MIN(siz, strlen(initial dst)). -+ * If retval >= siz, truncation occurred. -+ */ -+size_t -+strlcat(char *dst, const char *src, size_t siz) -+{ -+ char *d = dst; -+ const char *s = src; -+ size_t n = siz; -+ size_t dlen; -+ -+ /* Find the end of dst and adjust bytes left but don't go past end */ -+ while (n-- != 0 && *d != '\0') -+ d++; -+ dlen = d - dst; -+ n = siz - dlen; -+ -+ if (n == 0) -+ return(dlen + strlen(s)); -+ while (*s != '\0') { -+ if (n != 1) { -+ *d++ = *s; -+ n--; -+ } -+ s++; -+ } -+ *d = '\0'; -+ -+ return(dlen + (s - src)); /* count does not include NUL */ -+} -diff -Naur glibc-2.7.orig/string/strlcpy.c glibc-2.7/string/strlcpy.c ---- glibc-2.7.orig/string/strlcpy.c 1970-01-01 00:00:00.000000000 +0000 -+++ glibc-2.7/string/strlcpy.c 2008-01-19 23:13:56.000000000 +0000 -@@ -0,0 +1,51 @@ -+/* $OpenBSD: strlcpy.c,v 1.11 2006/05/05 15:27:38 millert Exp $ */ -+ -+/* -+ * Copyright (c) 1998 Todd C. Miller Todd.Miller@courtesan.com -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+#include <sys/types.h> -+#include <string.h> -+ -+/* -+ * Copy src to string dst of size siz. At most siz-1 characters -+ * will be copied. Always NUL terminates (unless siz == 0). -+ * Returns strlen(src); if retval >= siz, truncation occurred. -+ */ -+size_t -+strlcpy(char *dst, const char *src, size_t siz) -+{ -+ char *d = dst; -+ const char *s = src; -+ size_t n = siz; -+ -+ /* Copy as many bytes as will fit */ -+ if (n != 0) { -+ while (--n != 0) { -+ if ((*d++ = *s++) == '\0') -+ break; -+ } -+ } -+ -+ /* Not enough room in dst, add NUL and traverse rest of src */ -+ if (n == 0) { -+ if (siz != 0) -+ *d = '\0'; /* NUL-terminate dst */ -+ while (*s++) -+ ; -+ } -+ -+ return(s - src - 1); /* count does not include NUL */ -+} diff --git a/glibc/patches/glibc-2.17-endless-loop-stdc-predef.h.patch b/glibc/patches/glibc-2.17-endless-loop-stdc-predef.h.patch deleted file mode 100644 index 4dc7ae1..0000000 --- a/glibc/patches/glibc-2.17-endless-loop-stdc-predef.h.patch +++ /dev/null @@ -1,58 +0,0 @@ -commit d7e06450b9d730d7b62ba52f611585810fa902df -Author: Carlos O'Donell carlos@redhat.com -Date: Tue Jul 16 17:55:43 2013 -0400 - - BZ #15711: Avoid circular dependency for syscall.h - - The generated header is compiled with `-ffreestanding' to avoid any - circular dependencies against the installed implementation headers. - Such a dependency would require the implementation header to be - installed before the generated header could be built (See bug 15711). - In current practice the generated header dependencies do not include - any of the implementation headers removed by the use of `-ffreestanding'. - - --- - - 2013-07-15 Carlos O'Donell carlos@redhat.com - - [BZ #15711] - * sysdeps/unix/sysv/linux/Makefile ($(objpfx)bits/syscall%h): - Avoid system header dependency with -ffreestanding. - ($(objpfx)bits/syscall%d): Likewise. - -diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile -index f580635..94916a2 100644 ---- a/sysdeps/unix/sysv/linux/Makefile -+++ b/sysdeps/unix/sysv/linux/Makefile -@@ -50,6 +50,13 @@ tests += tst-clone - # be the condition for those options to use in a C #if condition. - # abi-includes may be defined to a list of headers to include - # in the generated header, if the default does not suffice. -+# -+# The generated header is compiled with `-ffreestanding' to avoid any -+# circular dependencies against the installed implementation headers. -+# Such a dependency would require the implementation header to be -+# installed before the generated header could be built (See bug 15711). -+# In current practice the generated header dependencies do not include -+# any of the implementation headers removed by the use of `-ffreestanding'. - - $(objpfx)bits/syscall%h $(objpfx)bits/syscall%d: ../sysdeps/unix/sysv/linux/sys/syscall.h - $(make-target-directory) -@@ -64,7 +71,7 @@ $(objpfx)bits/syscall%h $(objpfx)bits/syscall%d: ../sysdeps/unix/sysv/linux/sys/ - echo ''; \ - $(if $(abi-variants), \ - $(foreach v,$(abi-variants),\ -- $(CC) -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \ -+ $(CC) -ffreestanding -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \ - -x c $(sysincludes) $< $(abi-$(v)-options) \ - -D_LIBC -dM | \ - sed -n 's@^#define __NR_([^ ]*) .*$$@#define SYS_\1 __NR_\1@p' | \ -@@ -75,7 +82,7 @@ $(objpfx)bits/syscall%h $(objpfx)bits/syscall%d: ../sysdeps/unix/sysv/linux/sys/ - $(if $(abi-$(v)-condition),echo '#endif';) \ - rm -f $(@:.d=.h).new$(v); \ - ), \ -- $(CC) -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \ -+ $(CC) -ffreestanding -E -MD -MP -MF $(@:.h=.d)-t$(v) -MT '$(@:.d=.h) $(@:.h=.d)' \ - -x c $(sysincludes) $< \ - -D_LIBC -dM | \ - sed -n 's@^#define __NR_([^ ]*) .*$$@#define SYS_\1 __NR_\1@p' | \ diff --git a/glibc/patches/glibc-fedora-elf-ORIGIN.patch b/glibc/patches/glibc-fedora-elf-ORIGIN.patch deleted file mode 100644 index bfaff83..0000000 --- a/glibc/patches/glibc-fedora-elf-ORIGIN.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@redhat.com -Date: Mon, 9 May 2011 10:55:58 +0200 -Subject: [PATCH] Never leave $ORIGIN unexpanded - -* elf/dl-load.c (is_dst): Remove parameter secure, all callers -changed. Move check for valid use of $ORIGIN ... -(_dl_dst_substitute): ... here. Reset check_for_trusted when a -path element is skipped. - ---- - ChangeLog | 7 +++++++ - elf/dl-load.c | 34 ++++++++++++++++------------------ - 2 files changed, 23 insertions(+), 18 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 18a83d2..6e16a9a 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -249,8 +249,7 @@ is_trusted_path_normalize (const char *path, size_t len) - - - static size_t --is_dst (const char *start, const char *name, const char *str, -- int is_path, int secure) -+is_dst (const char *start, const char *name, const char *str, int is_path) - { - size_t len; - bool is_curly = false; -@@ -279,12 +278,6 @@ is_dst (const char *start, const char *name, const char *str, - && (!is_path || name[len] != ':')) - return 0; - -- if (__builtin_expect (secure, 0) -- && ((name[len] != '\0' && name[len] != '/' -- && (!is_path || name[len] != ':')) -- || (name != start + 1 && (!is_path || name[-2] != ':')))) -- return 0; -- - return len; - } - -@@ -299,13 +292,10 @@ _dl_dst_count (const char *name, int is_path) - { - size_t len; - -- /* $ORIGIN is not expanded for SUID/GUID programs (except if it -- is $ORIGIN alone) and it must always appear first in path. */ - ++name; -- if ((len = is_dst (start, name, "ORIGIN", is_path, -- INTUSE(__libc_enable_secure))) != 0 -- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0 -- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0) -+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0 -+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0 -+ || (len = is_dst (start, name, "LIB", is_path)) != 0) - ++cnt; - - name = strchr (name + len, '$'); -@@ -338,9 +328,16 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, - size_t len; - - ++name; -- if ((len = is_dst (start, name, "ORIGIN", is_path, -- INTUSE(__libc_enable_secure))) != 0) -+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0) - { -+ /* For SUID/GUID programs $ORIGIN must always appear -+ first in a path element. */ -+ if (__builtin_expect (INTUSE(__libc_enable_secure), 0) -+ && ((name[len] != '\0' && name[len] != '/' -+ && (!is_path || name[len] != ':')) -+ || (name != start + 1 && (!is_path || name[-2] != ':')))) -+ repl = (const char *) -1; -+ else - #ifndef SHARED - if (l == NULL) - repl = _dl_get_origin (); -@@ -351,9 +348,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, - check_for_trusted = (INTUSE(__libc_enable_secure) - && l->l_type == lt_executable); - } -- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) -+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0) - repl = GLRO(dl_platform); -- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0) -+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0) - repl = DL_DST_LIB; - - if (repl != NULL && repl != (const char *) -1) -@@ -373,6 +370,7 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, - element, but keep an empty element at the end. */ - if (wp == result && is_path && *name == ':' && name[1] != '\0') - ++name; -+ check_for_trusted = false; - } - else - /* No DST we recognize. */ diff --git a/glibc/patches/glibc-fedora-gai-canonical.patch b/glibc/patches/glibc-fedora-gai-canonical.patch deleted file mode 100644 index c058ecf..0000000 --- a/glibc/patches/glibc-fedora-gai-canonical.patch +++ /dev/null @@ -1,128 +0,0 @@ -From bf18f175afdb59cdcd1016995b351e2bbb1d6ba7 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@redhat.com -Date: Tue, 21 Jun 2011 17:28:57 +0200 -Subject: [PATCH] Don't use gethostbyaddr to determine canonical name - -* sysdeps/posix/getaddrinfo.c (gaih_inet): Don't use gethostbyaddr -to determine canonical name. - ---- - ChangeLog | 5 +++ - sysdeps/posix/getaddrinfo.c | 77 +++---------------------------------------- - 2 files changed, 10 insertions(+), 72 deletions(-) - ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -565,8 +565,8 @@ gaih_inet (const char *name, const struct gaih_service *service, - - /* If we do not have to look for IPv6 addresses, use - the simple, old functions, which do not support -- IPv6 scope ids. */ -- if (req->ai_family == AF_INET) -+ IPv6 scope ids, nor retrieving the canonical name. */ -+ if (req->ai_family == AF_INET && (req->ai_flags & AI_CANONNAME) == 0) - { - /* Allocate additional room for struct host_data. */ - size_t tmpbuflen = (512 + MAX_NR_ALIASES * sizeof(char*) -@@ -1107,70 +1107,10 @@ gaih_inet (const char *name, const struct gaih_service *service, - /* Only the first entry gets the canonical name. */ - if (at2 == at && (req->ai_flags & AI_CANONNAME) != 0) - { -- char *tmpbuf2 = NULL; -- bool malloc_tmpbuf2 = false; -- - if (canon == NULL) -- { -- struct hostent *h = NULL; -- int herrno; -- struct hostent th; -- /* Add room for struct host_data. */ -- size_t tmpbuf2len = (512 + (MAX_NR_ALIASES+MAX_NR_ADDRS+1) -- * sizeof(char*) + 16 * sizeof(char)); -- -- do -- { -- if (__libc_use_alloca (alloca_used + 2 * tmpbuf2len)) -- tmpbuf2 = extend_alloca_account (tmpbuf2, tmpbuf2len, -- tmpbuf2len * 2, -- alloca_used); -- else -- { -- char *newp = realloc (malloc_tmpbuf2 ? tmpbuf2 : NULL, -- 2 * tmpbuf2len); -- if (newp == NULL) -- { -- if (malloc_tmpbuf2) -- free (tmpbuf2); -- result = -EAI_MEMORY; -- goto free_and_return; -- } -- -- tmpbuf2 = newp; -- tmpbuf2len = 2 * tmpbuf2len; -- malloc_tmpbuf2 = true; -- } -- -- rc = __gethostbyaddr_r (at2->addr, -- ((at2->family == AF_INET6) -- ? sizeof (struct in6_addr) -- : sizeof (struct in_addr)), -- at2->family, &th, tmpbuf2, -- tmpbuf2len, &h, &herrno); -- } -- while (rc == ERANGE && herrno == NETDB_INTERNAL); -- -- if (rc != 0 && herrno == NETDB_INTERNAL) -- { -- if (malloc_tmpbuf2) -- free (tmpbuf2); -- -- __set_h_errno (herrno); -- result = -EAI_SYSTEM; -- goto free_and_return; -- } -- -- if (h != NULL) -- canon = h->h_name; -- else -- { -- assert (orig_name != NULL); -- /* If the canonical name cannot be determined, use -- the passed in string. */ -- canon = orig_name; -- } -- } -+ /* If the canonical name cannot be determined, use -+ the passed in string. */ -+ canon = orig_name; - - #ifdef HAVE_LIBIDN - if (req->ai_flags & AI_CANONIDN) -@@ -1185,9 +1125,6 @@ gaih_inet (const char *name, const struct gaih_service *service, - int rc = __idna_to_unicode_lzlz (canon, &out, idn_flags); - if (rc != IDNA_SUCCESS) - { -- if (malloc_tmpbuf2) -- free (tmpbuf2); -- - if (rc == IDNA_MALLOC_ERROR) - result = -EAI_MEMORY; - else if (rc == IDNA_DLOPEN_ERROR) -@@ -1217,17 +1154,11 @@ gaih_inet (const char *name, const struct gaih_service *service, - canon = strdup (canon); - if (canon == NULL) - { -- if (malloc_tmpbuf2) -- free (tmpbuf2); -- - result = -EAI_MEMORY; - goto free_and_return; - } - } - } -- -- if (malloc_tmpbuf2) -- free (tmpbuf2); - } - - family = at2->family; diff --git a/glibc/patches/glibc-fedora-regcomp-sw11561.patch b/glibc/patches/glibc-fedora-regcomp-sw11561.patch deleted file mode 100644 index 0edc04f..0000000 --- a/glibc/patches/glibc-fedora-regcomp-sw11561.patch +++ /dev/null @@ -1,147 +0,0 @@ -From c1b97d6d896b1f22fdf5d28471ef7859ec840a57 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab schwab@redhat.com -Date: Wed, 1 Sep 2010 17:26:15 +0200 -Subject: [PATCH] Fix handling of collating symbols in regexps - -[BZ #11561] -* posix/regcomp.c (parse_bracket_exp): When looking up collating -elements compare against the byte sequence of it, not its name. - ---- - ChangeLog | 4 +++ - posix/regcomp.c | 72 ++++++++++++++++++++---------------------------------- - 2 files changed, 31 insertions(+), 45 deletions(-) - ---- a/posix/regcomp.c -+++ b/posix/regcomp.c -@@ -2772,40 +2772,29 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - - /* Local function for parse_bracket_exp used in _LIBC environement. - Seek the collating symbol entry correspondings to NAME. -- Return the index of the symbol in the SYMB_TABLE. */ -+ Return the index of the symbol in the SYMB_TABLE, -+ or -1 if not found. */ - - auto inline int32_t - __attribute ((always_inline)) -- seek_collating_symbol_entry (name, name_len) -- const unsigned char *name; -- size_t name_len; -+ seek_collating_symbol_entry (const unsigned char *name, size_t name_len) - { -- int32_t hash = elem_hash ((const char *) name, name_len); -- int32_t elem = hash % table_size; -- if (symb_table[2 * elem] != 0) -- { -- int32_t second = hash % (table_size - 2) + 1; -- -- do -- { -- /* First compare the hashing value. */ -- if (symb_table[2 * elem] == hash -- /* Compare the length of the name. */ -- && name_len == extra[symb_table[2 * elem + 1]] -- /* Compare the name. */ -- && memcmp (name, &extra[symb_table[2 * elem + 1] + 1], -- name_len) == 0) -- { -- /* Yep, this is the entry. */ -- break; -- } -+ int32_t elem; - -- /* Next entry. */ -- elem += second; -- } -- while (symb_table[2 * elem] != 0); -- } -- return elem; -+ for (elem = 0; elem < table_size; elem++) -+ if (symb_table[2 * elem] != 0) -+ { -+ int32_t idx = symb_table[2 * elem + 1]; -+ /* Skip the name of collating element name. */ -+ idx += 1 + extra[idx]; -+ if (/* Compare the length of the name. */ -+ name_len == extra[idx] -+ /* Compare the name. */ -+ && memcmp (name, &extra[idx + 1], name_len) == 0) -+ /* Yep, this is the entry. */ -+ return elem; -+ } -+ return -1; - } - - /* Local function for parse_bracket_exp used in _LIBC environment. -@@ -2814,8 +2803,7 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - - auto inline unsigned int - __attribute ((always_inline)) -- lookup_collation_sequence_value (br_elem) -- bracket_elem_t *br_elem; -+ lookup_collation_sequence_value (bracket_elem_t *br_elem) - { - if (br_elem->type == SB_CHAR) - { -@@ -2843,7 +2831,7 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - int32_t elem, idx; - elem = seek_collating_symbol_entry (br_elem->opr.name, - sym_name_len); -- if (symb_table[2 * elem] != 0) -+ if (elem != -1) - { - /* We found the entry. */ - idx = symb_table[2 * elem + 1]; -@@ -2861,7 +2849,7 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - /* Return the collation sequence value. */ - return *(unsigned int *) (extra + idx); - } -- else if (symb_table[2 * elem] == 0 && sym_name_len == 1) -+ else if (sym_name_len == 1) - { - /* No valid character. Match it as a single byte - character. */ -@@ -2883,11 +2871,8 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - - auto inline reg_errcode_t - __attribute ((always_inline)) -- build_range_exp (sbcset, mbcset, range_alloc, start_elem, end_elem) -- re_charset_t *mbcset; -- int *range_alloc; -- bitset_t sbcset; -- bracket_elem_t *start_elem, *end_elem; -+ build_range_exp (bitset_t sbcset, re_charset_t *mbcset, int *range_alloc, -+ bracket_elem_t *start_elem, bracket_elem_t *end_elem) - { - unsigned int ch; - uint32_t start_collseq; -@@ -2966,25 +2951,22 @@ parse_bracket_exp (re_string_t *regexp, re_dfa_t *dfa, re_token_t *token, - - auto inline reg_errcode_t - __attribute ((always_inline)) -- build_collating_symbol (sbcset, mbcset, coll_sym_alloc, name) -- re_charset_t *mbcset; -- int *coll_sym_alloc; -- bitset_t sbcset; -- const unsigned char *name; -+ build_collating_symbol (bitset_t sbcset, re_charset_t *mbcset, -+ int *coll_sym_alloc, const unsigned char *name) - { - int32_t elem, idx; - size_t name_len = strlen ((const char *) name); - if (nrules != 0) - { - elem = seek_collating_symbol_entry (name, name_len); -- if (symb_table[2 * elem] != 0) -+ if (elem != -1) - { - /* We found the entry. */ - idx = symb_table[2 * elem + 1]; - /* Skip the name of collating element name. */ - idx += 1 + extra[idx]; - } -- else if (symb_table[2 * elem] == 0 && name_len == 1) -+ else if (name_len == 1) - { - /* No valid character, treat it as a normal - character. */
hooks/post-receive -- IPFire 3.x development tree