* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0783042c7f5198944cea34e420c74b8873feb444
@ 2021-09-10 10:46 Arne Fitzenreiter
0 siblings, 0 replies; only message in thread
From: Arne Fitzenreiter @ 2021-09-10 10:46 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 49589 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 0783042c7f5198944cea34e420c74b8873feb444 (commit)
via b9a4368adbd02620bca865707704c6bb75715969 (commit)
via 2664c94463fbfc00939048a527e4a0912f7e3cbf (commit)
via 5a69d4442315ff825d14f5317f19926eaa390b0d (commit)
via dba01cdc8e0875418c5dbbf84ee6f1769d65982f (commit)
via 15db822688a673d426fd76509aeb88895f3af88c (commit)
via 424464c2ad3a2c71f36365b0315e642f9984315d (commit)
via 07e45272a00e65821aae46f10bc61884fd54587a (commit)
via b0e28c2db757fa2943f9705e61b64cc001ce15c4 (commit)
via 233c8b28f5745b59f4b020e0747b271c4a8fcd9c (commit)
via b439abec1cec18d9a5c2ba0ed3e604a23a7434d4 (commit)
via 1212763b87e4a8916ed417dcfff62a32b6e5c839 (commit)
via 0c547778958fa575b078e9afb3c0a66cbcb8bc71 (commit)
from 55cb5e9324dbec88cac9581930aaee4e3a598a9b (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0783042c7f5198944cea34e420c74b8873feb444
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 07:41:42 2021 +0000
core160: add glibc
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b9a4368adbd02620bca865707704c6bb75715969
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Aug 19 12:07:06 2021 +0000
glibc: Fix CVE-2021-33574 and follow-up issue
The mq_notify function has a potential use-after-free issue when using a
notification type of SIGEV_THREAD and a thread attribute with a non-default
affinity mask.
The fix for this introduced a NULL pointer dereference.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 2664c94463fbfc00939048a527e4a0912f7e3cbf
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Tue Aug 17 20:40:28 2021 +0200
mc: Update to 7.8.27
For details see:
http://midnight-commander.org/wiki/NEWS-4.8.27
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 5a69d4442315ff825d14f5317f19926eaa390b0d
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 07:34:35 2021 +0000
core160: add wireless-regdb and remove crda
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit dba01cdc8e0875418c5dbbf84ee6f1769d65982f
Author: Arne Fitzenreiter <arne_f(a)ipfire.org>
Date: Fri Sep 10 07:28:27 2021 +0000
hostapd: bump package to ship updated wlanap.cgi
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 15db822688a673d426fd76509aeb88895f3af88c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:52 2021 +0200
wlanap.cgi: Access db.txt in place of using regdbdump on regulatory.bin
- wlanap.cgi was using regdbdump from crda to create a text based list of the
wireless settings by country database.
- With the removal of crda as part of the removal of python2 this option could not be
used.
- wireless-regdb also has a text based database list in the source tarball and this
patch makes wlanap.cgi read this list into the @countrylist_cmd variable
- This needs to be tested by someone that has an IPFire system with wifi that can access
and evaluate wlanap.cgi to confirm that this change functions as expected.
- This version changes the name of the stored text file from db.txt to regulatorydb.txt
- The command to read the data from regulatorydb.txt into @countrylist_cmd has been
corrected
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 424464c2ad3a2c71f36365b0315e642f9984315d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:51 2021 +0200
wireless-regdb: Use db.txt file for wlanap.cgi
- db.txt is the text file version of the wireless settings by country database
- Using db.txt means that regdbdump from crda is not required by wlanap.cgi
- This patch copies the db.txt file from the source tarball to /lib/firmware/ where
it can be read by wlanap.cgi
- This version of the patch renames the db.txt file to regulatorydb.txt
- Updated rootfile to include regulatorydb.txt
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 07e45272a00e65821aae46f10bc61884fd54587a
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:50 2021 +0200
ipaddr: Removal of this python2 module.
- python3 has this functionality built in with ipaddress.py
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b0e28c2db757fa2943f9705e61b64cc001ce15c4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:49 2021 +0200
python-setuptools: Removal of this python2 module.
- With the removal of python-m2crypto then this module is not longer required as a
dependency.
- python3-setuptools was already released into Core Update 157
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 233c8b28f5745b59f4b020e0747b271c4a8fcd9c
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:48 2021 +0200
python-typing: Removal of this python2 module.
- With the removal of python-m2crypto then python-typing is no longer rerquired as a
dependency.
- The functionality of the python2 typing module is built in to python3.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit b439abec1cec18d9a5c2ba0ed3e604a23a7434d4
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:47 2021 +0200
python-m2crypto: removal of python2 module
- A python3 version of this module is not required as python-m2crypto is only used for
the build of crda.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 1212763b87e4a8916ed417dcfff62a32b6e5c839
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:46 2021 +0200
crda: removal from kernel 4.15 and onwards.
- From kernel 4.15 and onwards the function of what crda does is built into the kernel.
- Tested the removal of crda with kernel 4.14.232 and kernel 5.10.45
Country code set by "iw reg set NL" was recognised with kernel 5.10.45 and set at
the global value of 00 with kernel 4.14.232 confirming the kernel built in option is
working without the prescence of crda
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
commit 0c547778958fa575b078e9afb3c0a66cbcb8bc71
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Thu Aug 5 23:01:45 2021 +0200
make.sh: Remove crda and remaining python2 modules
- crda only works with python2 version of m2crypto
python-m2crypto requires python-setuptools and python-typing
- With Linux kernel 4.15 and later the country code status check that crda did is built
into the kernel.
- So from kernel 4.15, crda can be removed, which allows removal of m2crypto, setuptools
and typing.
- python-typing is built into python3 so no additional python3 module required.
- python3 version of python-setuptools has already been installed.
- python3 version of python-m2crypto is not required. python-m2crypto is only used for the
build of crda.
- ipaddr can be removed as the function of this python2 module is built into python3 with
ipaddress.py
- removal of crda tested with 5.10.45 kernel and the setting of a country code was
recognised. If this test carried out with crda removed and 4.14.232 kernel then country
code stays defined as the global code "00".
- wlanap.cgi uses regdbdump from crda to create a text based list of the
wireless settings by country database. With the removal of crda a modification is
required to wireless-reg to copy the db.txt file to a specific location that wlan.cgi
can then access. db.txt is the text file version of the wireless settings by country
database.
- This series version copies the db.txt file and renames it regulatorydb.txt and places it in
/lib/firmware/
- This series version also corrects the loading command from regulatorydb.txt into the
@countrylist_cmd variable
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/crda | 14 ----
config/rootfiles/common/ipaddr | 2 -
config/rootfiles/common/python-m2crypto | 98 ----------------------
config/rootfiles/common/python-setuptools | 5 --
config/rootfiles/common/python-typing | 3 -
config/rootfiles/common/wireless-regdb | 1 +
.../125 => core/160}/filelists/aarch64/glibc | 0
.../159 => core/160}/filelists/armv6l/glibc | 0
.../{oldcore/100 => core/160}/filelists/i586/glibc | 0
.../131 => core/160}/filelists/wireless-regdb | 0
.../100 => core/160}/filelists/x86_64/glibc | 0
config/rootfiles/core/160/update.sh | 7 ++
config/rootfiles/packages/mc | 1 +
html/cgi-bin/wlanap.cgi | 5 +-
lfs/crda | 78 -----------------
lfs/glibc | 4 +
lfs/hostapd | 4 +-
lfs/ipaddr | 76 -----------------
lfs/mc | 6 +-
lfs/python-m2crypto | 83 ------------------
lfs/python-setuptools | 80 ------------------
lfs/python-typing | 79 -----------------
lfs/wireless-regdb | 1 +
make.sh | 5 --
...rt-fix-null-pointer-dereference-bug-28213.patch | 40 +++++++++
..._pthread_attr_copy-in-mq_notify-bug-27896.patch | 74 ++++++++++++++++
26 files changed, 137 insertions(+), 529 deletions(-)
delete mode 100644 config/rootfiles/common/crda
delete mode 100644 config/rootfiles/common/ipaddr
delete mode 100644 config/rootfiles/common/python-m2crypto
delete mode 100644 config/rootfiles/common/python-setuptools
delete mode 100644 config/rootfiles/common/python-typing
copy config/rootfiles/{oldcore/125 => core/160}/filelists/aarch64/glibc (100%)
copy config/rootfiles/{oldcore/159 => core/160}/filelists/armv6l/glibc (100%)
copy config/rootfiles/{oldcore/100 => core/160}/filelists/i586/glibc (100%)
copy config/rootfiles/{oldcore/131 => core/160}/filelists/wireless-regdb (100%)
copy config/rootfiles/{oldcore/100 => core/160}/filelists/x86_64/glibc (100%)
delete mode 100644 lfs/crda
delete mode 100644 lfs/ipaddr
delete mode 100644 lfs/python-m2crypto
delete mode 100644 lfs/python-setuptools
delete mode 100644 lfs/python-typing
create mode 100644 src/patches/glibc-2.33-librt-fix-null-pointer-dereference-bug-28213.patch
create mode 100644 src/patches/glibc-2.33-use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
Difference in files:
diff --git a/config/rootfiles/common/crda b/config/rootfiles/common/crda
deleted file mode 100644
index 5f93bc254..000000000
--- a/config/rootfiles/common/crda
+++ /dev/null
@@ -1,14 +0,0 @@
-lib/udev/rules.d/85-regulatory.rules
-#root/.python-eggs
-#root/.python-eggs/M2Crypto-0.21.1-py2.7-linux-xxxMACHINExxx.egg-tmp
-#root/.python-eggs/M2Crypto-0.21.1-py2.7-linux-xxxMACHINExxx.egg-tmp/M2Crypto
-#root/.python-eggs/M2Crypto-0.21.1-py2.7-linux-xxxMACHINExxx.egg-tmp/M2Crypto/__m2crypto.so
-sbin/crda
-sbin/regdbdump
-#usr/include/reglib
-#usr/include/reglib/nl80211.h
-#usr/include/reglib/regdb.h
-#usr/include/reglib/reglib.h
-usr/lib/libreg.so
-#usr/share/man/man8/crda.8.gz
-#usr/share/man/man8/regdbdump.8.gz
diff --git a/config/rootfiles/common/ipaddr b/config/rootfiles/common/ipaddr
deleted file mode 100644
index 17998ccc2..000000000
--- a/config/rootfiles/common/ipaddr
+++ /dev/null
@@ -1,2 +0,0 @@
-#usr/lib/python2.7/ipaddr.py
-usr/lib/python2.7/ipaddr.pyc
diff --git a/config/rootfiles/common/python-m2crypto b/config/rootfiles/common/python-m2crypto
deleted file mode 100644
index c5477cda3..000000000
--- a/config/rootfiles/common/python-m2crypto
+++ /dev/null
@@ -1,98 +0,0 @@
-#usr/lib/python2.7/site-packages/M2Crypto
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/PKG-INFO
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/SOURCES.txt
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/dependency_links.txt
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/requires.txt
-#usr/lib/python2.7/site-packages/M2Crypto-0.27.0-py2.7.egg-info/top_level.txt
-#usr/lib/python2.7/site-packages/M2Crypto/ASN1.py
-#usr/lib/python2.7/site-packages/M2Crypto/ASN1.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/AuthCookie.py
-#usr/lib/python2.7/site-packages/M2Crypto/AuthCookie.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/BIO.py
-#usr/lib/python2.7/site-packages/M2Crypto/BIO.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/BN.py
-#usr/lib/python2.7/site-packages/M2Crypto/BN.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/DH.py
-#usr/lib/python2.7/site-packages/M2Crypto/DH.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/DSA.py
-#usr/lib/python2.7/site-packages/M2Crypto/DSA.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/EC.py
-#usr/lib/python2.7/site-packages/M2Crypto/EC.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/EVP.py
-#usr/lib/python2.7/site-packages/M2Crypto/EVP.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/Engine.py
-#usr/lib/python2.7/site-packages/M2Crypto/Engine.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/Err.py
-#usr/lib/python2.7/site-packages/M2Crypto/Err.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKey.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKey.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKeyRing.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/PublicKeyRing.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/RSA.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/RSA.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/__init__.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/__init__.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/constants.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/constants.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/packet.py
-#usr/lib/python2.7/site-packages/M2Crypto/PGP/packet.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/RC4.py
-#usr/lib/python2.7/site-packages/M2Crypto/RC4.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/RSA.py
-#usr/lib/python2.7/site-packages/M2Crypto/RSA.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/Rand.py
-#usr/lib/python2.7/site-packages/M2Crypto/Rand.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SMIME.py
-#usr/lib/python2.7/site-packages/M2Crypto/SMIME.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Checker.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Checker.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Cipher.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Cipher.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Connection.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Connection.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Context.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Context.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/SSLServer.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/SSLServer.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Session.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/Session.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/TwistedProtocolWrapper.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/__init__.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/__init__.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/cb.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/cb.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/ssl_dispatcher.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/ssl_dispatcher.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/timeout.py
-#usr/lib/python2.7/site-packages/M2Crypto/SSL/timeout.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/X509.py
-#usr/lib/python2.7/site-packages/M2Crypto/X509.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/__init__.py
-#usr/lib/python2.7/site-packages/M2Crypto/__init__.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/_m2crypto.so
-#usr/lib/python2.7/site-packages/M2Crypto/callback.py
-#usr/lib/python2.7/site-packages/M2Crypto/callback.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/ftpslib.py
-#usr/lib/python2.7/site-packages/M2Crypto/ftpslib.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/httpslib.py
-#usr/lib/python2.7/site-packages/M2Crypto/httpslib.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/m2.py
-#usr/lib/python2.7/site-packages/M2Crypto/m2.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/m2crypto.py
-#usr/lib/python2.7/site-packages/M2Crypto/m2crypto.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/m2urllib.py
-#usr/lib/python2.7/site-packages/M2Crypto/m2urllib.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/m2urllib2.py
-#usr/lib/python2.7/site-packages/M2Crypto/m2urllib2.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/m2xmlrpclib.py
-#usr/lib/python2.7/site-packages/M2Crypto/m2xmlrpclib.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/six.py
-#usr/lib/python2.7/site-packages/M2Crypto/six.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/threading.py
-#usr/lib/python2.7/site-packages/M2Crypto/threading.pyc
-#usr/lib/python2.7/site-packages/M2Crypto/util.py
-#usr/lib/python2.7/site-packages/M2Crypto/util.pyc
diff --git a/config/rootfiles/common/python-setuptools b/config/rootfiles/common/python-setuptools
deleted file mode 100644
index 15b22ac39..000000000
--- a/config/rootfiles/common/python-setuptools
+++ /dev/null
@@ -1,5 +0,0 @@
-#usr/bin/easy_install
-#usr/bin/easy_install-2.7
-#usr/lib/python2.7/site-packages/easy-install.pth
-#usr/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
-#usr/lib/python2.7/site-packages/setuptools.pth
diff --git a/config/rootfiles/common/python-typing b/config/rootfiles/common/python-typing
deleted file mode 100644
index 519796ca4..000000000
--- a/config/rootfiles/common/python-typing
+++ /dev/null
@@ -1,3 +0,0 @@
-#usr/lib/python2.7/site-packages/typing-3.6.1-py2.7.egg-info
-#usr/lib/python2.7/site-packages/typing.py
-#usr/lib/python2.7/site-packages/typing.pyc
diff --git a/config/rootfiles/common/wireless-regdb b/config/rootfiles/common/wireless-regdb
index 7e830ae1f..12376c6e7 100644
--- a/config/rootfiles/common/wireless-regdb
+++ b/config/rootfiles/common/wireless-regdb
@@ -1,3 +1,4 @@
+lib/firmware/regulatorydb.txt
lib/firmware/regulatory.db
lib/firmware/regulatory.db.p7s
#usr/lib/crda
diff --git a/config/rootfiles/core/160/filelists/aarch64/glibc b/config/rootfiles/core/160/filelists/aarch64/glibc
new file mode 120000
index 000000000..d13849ff9
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/aarch64/glibc
@@ -0,0 +1 @@
+../../../../common/aarch64/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/armv6l/glibc b/config/rootfiles/core/160/filelists/armv6l/glibc
new file mode 120000
index 000000000..262a394f3
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/armv6l/glibc
@@ -0,0 +1 @@
+../../../../common/armv6l/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/i586/glibc b/config/rootfiles/core/160/filelists/i586/glibc
new file mode 120000
index 000000000..943021f19
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/i586/glibc
@@ -0,0 +1 @@
+../../../../common/i586/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/wireless-regdb b/config/rootfiles/core/160/filelists/wireless-regdb
new file mode 120000
index 000000000..c9205b3cf
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/wireless-regdb
@@ -0,0 +1 @@
+../../../common/wireless-regdb
\ No newline at end of file
diff --git a/config/rootfiles/core/160/filelists/x86_64/glibc b/config/rootfiles/core/160/filelists/x86_64/glibc
new file mode 120000
index 000000000..111909966
--- /dev/null
+++ b/config/rootfiles/core/160/filelists/x86_64/glibc
@@ -0,0 +1 @@
+../../../../common/x86_64/glibc
\ No newline at end of file
diff --git a/config/rootfiles/core/160/update.sh b/config/rootfiles/core/160/update.sh
index deaa652d1..d422b24aa 100644
--- a/config/rootfiles/core/160/update.sh
+++ b/config/rootfiles/core/160/update.sh
@@ -32,6 +32,10 @@ for (( i=1; i<=$core; i++ )); do
done
# Remove files
+rm -vf /lib/udev/rules.d/85-regulatory.rules
+rm -vf /sbin/crda
+rm -vf /sbin/regdbdump
+rm -vf /usr/lib/libreg.so
# Stop services
@@ -41,6 +45,9 @@ extract_files
# update linker config
ldconfig
+# restart init (glibc update)
+telinit u
+
# Update Language cache
/usr/local/bin/update-lang-cache
diff --git a/config/rootfiles/packages/mc b/config/rootfiles/packages/mc
index 4c71298a1..1faf7ee76 100644
--- a/config/rootfiles/packages/mc
+++ b/config/rootfiles/packages/mc
@@ -173,6 +173,7 @@ usr/share/mc/syntax/idl.syntax
usr/share/mc/syntax/ini.syntax
usr/share/mc/syntax/j.syntax
usr/share/mc/syntax/jal.syntax
+usr/share/mc/syntax/json.syntax
usr/share/mc/syntax/java.syntax
usr/share/mc/syntax/js.syntax
usr/share/mc/syntax/kotlin.syntax
diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
index eba5fe774..5eb34d651 100644
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -312,8 +312,11 @@ if ( $channel =~ /\d+/ ){push(@temp,$channel + 0);}
push(@channellist, @temp);
}
-my @countrylist_cmd = `regdbdump /usr/lib/crda/regulatory.bin 2>/dev/null`;
# get available country codes
+open(FILE, “</lib/firmware/regulatorydb.txt”);
+my @countrylist_cmd = <FILE>;
+close(FILE);
+
my @temp = "00";
foreach (@countrylist_cmd){
diff --git a/lfs/crda b/lfs/crda
deleted file mode 100644
index bd812942e..000000000
--- a/lfs/crda
+++ /dev/null
@@ -1,78 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 4.14
-
-THISAPP = crda-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = cac7ba8de3e2e6aa46918e0c76df7d67
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && sed -e "s/-Werror//g" -i Makefile
- cd $(DIR_APP) && make $(MAKETUNING)
- cd $(DIR_APP) && make install
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/glibc b/lfs/glibc
index aa7948aed..5dbc386d7 100644
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -109,6 +109,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
@mkdir $(DIR_SRC)/glibc-build
+ # Security Fixes
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.33-use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-2.33-librt-fix-null-pointer-dereference-bug-28213.patch
+
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-localedef-no-archive.patch
ifneq "$(TOOLCHAIN)" "1"
diff --git a/lfs/hostapd b/lfs/hostapd
index 19a4b9340..6bbe5e4b7 100644
--- a/lfs/hostapd
+++ b/lfs/hostapd
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2019 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2021 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/hostap-$(VER)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = hostapd
-PAK_VER = 56
+PAK_VER = 57
DEPS =
diff --git a/lfs/ipaddr b/lfs/ipaddr
deleted file mode 100644
index d5d28229b..000000000
--- a/lfs/ipaddr
+++ /dev/null
@@ -1,76 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 1.2
-
-THISAPP = ipaddr-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 239a3725a3dd6a1d1e369b75144e617e
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && install -m 0644 ipaddr.py /usr/lib/python2*
- /usr/bin/python -c "import ipaddr"
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/mc b/lfs/mc
index b5498ab24..9ef542bac 100644
--- a/lfs/mc
+++ b/lfs/mc
@@ -24,7 +24,7 @@
include Config
-VER = 4.8.26
+VER = 4.8.27
THISAPP = mc-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = mc
-PAK_VER = 21
+PAK_VER = 22
DEPS =
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 3c1f77b71dba1f4eeeedc4276627fed7
+$(DL_FILE)_MD5 = e51cd40a897d9aa01af251d191637ca4
install : $(TARGET)
diff --git a/lfs/python-m2crypto b/lfs/python-m2crypto
deleted file mode 100644
index de004bfd9..000000000
--- a/lfs/python-m2crypto
+++ /dev/null
@@ -1,83 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 0.27.0
-
-THISAPP = M2Crypto-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-#PROG = python-m2crypto
-#PAK_VER = 1
-
-#DEPS =
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 4477bd6b2835560c73982476dba5e515
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-#dist:
-# @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && python setup.py build
- cd $(DIR_APP) && python setup.py install --root=/
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/python-setuptools b/lfs/python-setuptools
deleted file mode 100644
index 1ffcfca18..000000000
--- a/lfs/python-setuptools
+++ /dev/null
@@ -1,80 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 0.6c11
-
-THISAPP = setuptools-$(VER)
-DL_FILE = $(THISAPP)-py2.7.egg
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-PROG = python-setuptools
-PAK_VER = 2
-
-DEPS =
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = fe1f997bc722265116870bc7919059ea
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-dist:
- @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- bash $(DIR_DL)/$(DL_FILE)
- @$(POSTBUILD)
diff --git a/lfs/python-typing b/lfs/python-typing
deleted file mode 100644
index d7bbe412b..000000000
--- a/lfs/python-typing
+++ /dev/null
@@ -1,79 +0,0 @@
-###############################################################################
-# #
-# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> #
-# #
-# This program is free software: you can redistribute it and/or modify #
-# it under the terms of the GNU General Public License as published by #
-# the Free Software Foundation, either version 3 of the License, or #
-# (at your option) any later version. #
-# #
-# This program is distributed in the hope that it will be useful, #
-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
-# GNU General Public License for more details. #
-# #
-# You should have received a copy of the GNU General Public License #
-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
-# #
-###############################################################################
-
-###############################################################################
-# Definitions
-###############################################################################
-
-include Config
-
-VER = 3.6.1
-
-THISAPP = typing-$(VER)
-DL_FILE = $(THISAPP).tar.gz
-DL_FROM = $(URL_IPFIRE)
-DIR_APP = $(DIR_SRC)/$(THISAPP)
-TARGET = $(DIR_INFO)/$(THISAPP)
-
-###############################################################################
-# Top-level Rules
-###############################################################################
-
-objects = $(DL_FILE)
-
-$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-
-$(DL_FILE)_MD5 = 3fec97415bae6f742fb3c3013dedeb89
-
-install : $(TARGET)
-
-check : $(patsubst %,$(DIR_CHK)/%,$(objects))
-
-download :$(patsubst %,$(DIR_DL)/%,$(objects))
-
-md5 : $(subst %,%_MD5,$(objects))
-
-#dist:
-# @$(PAK)
-
-###############################################################################
-# Downloading, checking, md5sum
-###############################################################################
-
-$(patsubst %,$(DIR_CHK)/%,$(objects)) :
- @$(CHECK)
-
-$(patsubst %,$(DIR_DL)/%,$(objects)) :
- @$(LOAD)
-
-$(subst %,%_MD5,$(objects)) :
- @$(MD5)
-
-###############################################################################
-# Installation Details
-###############################################################################
-
-$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
- @$(PREBUILD)
- @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
- cd $(DIR_APP) && python setup.py build
- cd $(DIR_APP) && python setup.py install --skip-build
- @rm -rf $(DIR_APP)
- @$(POSTBUILD)
diff --git a/lfs/wireless-regdb b/lfs/wireless-regdb
index 6cffd34ba..8b89795ae 100644
--- a/lfs/wireless-regdb
+++ b/lfs/wireless-regdb
@@ -72,5 +72,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && make install
+ cp -vf $(DIR_APP)/db.txt /lib/firmware/regulatorydb.txt
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/make.sh b/make.sh
index 0baf2050d..a6d29ca77 100755
--- a/make.sh
+++ b/make.sh
@@ -1296,7 +1296,6 @@ buildipfire() {
lfsmake2 whatmask
lfsmake2 libtirpc
lfsmake2 conntrack-tools
- lfsmake2 ipaddr
lfsmake2 iputils
lfsmake2 l7-protocols
lfsmake2 hwdata
@@ -1333,7 +1332,6 @@ buildipfire() {
lfsmake2 XML-Parser
lfsmake2 Crypt-PasswdMD5
lfsmake2 Net-Telnet
- lfsmake2 python-setuptools
lfsmake2 python3-setuptools
lfsmake2 python3-inotify
lfsmake2 python3-docutils
@@ -1517,10 +1515,7 @@ buildipfire() {
lfsmake2 swig
lfsmake2 u-boot
lfsmake2 u-boot-friendlyarm
- lfsmake2 python-typing
- lfsmake2 python-m2crypto
lfsmake2 wireless-regdb
- lfsmake2 crda
lfsmake2 libsolv
lfsmake2 ddns
lfsmake2 python3-setuptools-scm
diff --git a/src/patches/glibc-2.33-librt-fix-null-pointer-dereference-bug-28213.patch b/src/patches/glibc-2.33-librt-fix-null-pointer-dereference-bug-28213.patch
new file mode 100644
index 000000000..d2083e6e2
--- /dev/null
+++ b/src/patches/glibc-2.33-librt-fix-null-pointer-dereference-bug-28213.patch
@@ -0,0 +1,40 @@
+From 27a78fd712c06748737dfa9638fab96ea362fca9 Mon Sep 17 00:00:00 2001
+From: Nikita Popov <npv1310(a)gmail.com>
+Date: Mon, 9 Aug 2021 20:17:34 +0530
+Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213)
+
+Helper thread frees copied attribute on NOTIFY_REMOVED message
+received from the OS kernel. Unfortunately, it fails to check whether
+copied attribute actually exists (data.attr != NULL). This worked
+earlier because free() checks passed pointer before actually
+attempting to release corresponding memory. But
+__pthread_attr_destroy assumes pointer is not NULL.
+
+So passing NULL pointer to __pthread_attr_destroy will result in
+segmentation fault. This scenario is possible if
+notification->sigev_notify_attributes == NULL (which means default
+thread attributes should be used).
+
+Signed-off-by: Nikita Popov <npv1310(a)gmail.com>
+Reviewed-by: Siddhesh Poyarekar <siddhesh(a)sourceware.org>
+(cherry picked from commit b805aebd42364fe696e417808a700fdb9800c9e8)
+---
+ sysdeps/unix/sysv/linux/mq_notify.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index 6f46d29d1d..1714e1cc5f 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -132,7 +132,7 @@ helper_thread (void *arg)
+ to wait until it is done with it. */
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL)
+ {
+ /* The only state we keep is the copy of the thread attributes. */
+ pthread_attr_destroy (data.attr);
+--
+2.20.1
+
diff --git a/src/patches/glibc-2.33-use-__pthread_attr_copy-in-mq_notify-bug-27896.patch b/src/patches/glibc-2.33-use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
new file mode 100644
index 000000000..f846b37b8
--- /dev/null
+++ b/src/patches/glibc-2.33-use-__pthread_attr_copy-in-mq_notify-bug-27896.patch
@@ -0,0 +1,74 @@
+From 4b6be914bd3920500a67ef6ca1aa7d1c37e5e859 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab(a)linux-m68k.org>
+Date: Thu, 27 May 2021 12:49:47 +0200
+Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896)
+
+Make a deep copy of the pthread attribute object to remove a potential
+use-after-free issue.
+
+(cherry picked from commit 42d359350510506b87101cf77202fefcbfc790cb)
+---
+ NEWS | 6 ++++++
+ sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++-----
+ 2 files changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 0c33a80af9..b9e570b4a4 100644
+--- a/NEWS
++++ b/NEWS
+@@ -13,6 +13,12 @@ Major new features:
+ a dump of information related to IFUNC resolver operation and
+ glibc-hwcaps subdirectory selection.
+
++Security related changes:
++
++ CVE-2021-33574: The mq_notify function has a potential use-after-free
++ issue when using a notification type of SIGEV_THREAD and a thread
++ attribute with a non-default affinity mask.
++
+ The following bugs are resolved with this release:
+
+ [15271] dlfcn function failure after dlmopen terminates process
+diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c
+index cc575a0cdd..f7ddfe5a6c 100644
+--- a/sysdeps/unix/sysv/linux/mq_notify.c
++++ b/sysdeps/unix/sysv/linux/mq_notify.c
+@@ -133,8 +133,11 @@ helper_thread (void *arg)
+ (void) __pthread_barrier_wait (¬ify_barrier);
+ }
+ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED)
+- /* The only state we keep is the copy of the thread attributes. */
+- free (data.attr);
++ {
++ /* The only state we keep is the copy of the thread attributes. */
++ pthread_attr_destroy (data.attr);
++ free (data.attr);
++ }
+ }
+ return NULL;
+ }
+@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+ if (data.attr == NULL)
+ return -1;
+
+- memcpy (data.attr, notification->sigev_notify_attributes,
+- sizeof (pthread_attr_t));
++ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes);
+ }
+
+ /* Construct the new request. */
+@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification)
+
+ /* If it failed, free the allocated memory. */
+ if (__glibc_unlikely (retval != 0))
+- free (data.attr);
++ {
++ pthread_attr_destroy (data.attr);
++ free (data.attr);
++ }
+
+ return retval;
+ }
+--
+2.20.1
+
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-10 10:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-10 10:46 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 0783042c7f5198944cea34e420c74b8873feb444 Arne Fitzenreiter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox