diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2023-10-09 18:10:01 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2023-10-09 20:34:39 +0200 |
commit | b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0 (patch) | |
tree | a385d2645521381c592f464d4376bbf6a82d7449 /source | |
parent | 291a25cd423c9b040a72063e51134d95cdf4184e (diff) | |
download | current-b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0.tar.gz current-b29a454a1a5a87d5016b7d2332fdc30c67b2a5c0.tar.xz |
Mon Oct 9 18:10:01 UTC 202320231009181001
a/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.2009-x86_64-1.txz: Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz: Upgraded.
l/glibc-2.38-x86_64-2.txz: Rebuilt.
These glibc packages are the exact ones that were previously in /testing.
A test mass rebuild was done here finding no new FTBFS, so I think these
are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz: Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz: Upgraded.
n/c-ares-1.20.0-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz: Upgraded.
n/whois-5.5.19-x86_64-1.txz: Upgraded.
Fixed english support for Japanese queries to not add again the /e argument
if it had already been provided by the user. (Closes: #1050171)
Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
.a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
TLD servers.
Upgraded the TLD URLs to HTTPS whenever possible.
Updated the charset for whois.jprs.jp.
Removed 3 new gTLDs which are no longer active.
Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz: Upgraded.
Diffstat (limited to 'source')
-rwxr-xr-x | source/l/desktop-file-utils/desktop-file-utils.SlackBuild | 37 | ||||
-rw-r--r-- | source/l/glibc/doinst.sh-aaa_glibc-solibs | 7 | ||||
-rw-r--r-- | source/l/glibc/doinst.sh-glibc | 6 | ||||
-rwxr-xr-x | source/l/glibc/glibc.SlackBuild | 45 | ||||
-rwxr-xr-x | source/l/glibc/libxcrypt.build | 119 | ||||
-rw-r--r-- | source/l/glibc/libxcrypt.url | 1 | ||||
-rw-r--r-- | source/l/glibc/patches/CVE-2023-25139.patch | 81 | ||||
-rw-r--r-- | source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch | 70 | ||||
-rw-r--r-- | source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch | 695 | ||||
-rw-r--r-- | source/l/glibc/patches/glibc.CVE-2023-4911.patch | 173 | ||||
-rw-r--r-- | source/l/glibc/patches/reenable_DT_HASH.patch | 104 | ||||
-rwxr-xr-x | source/l/shared-mime-info/shared-mime-info.SlackBuild | 5 | ||||
-rw-r--r-- | source/l/shared-mime-info/shared-mime-info.skip_tests.diff | 11 | ||||
-rwxr-xr-x | source/n/libtirpc/libtirpc.SlackBuild | 6 | ||||
-rwxr-xr-x | source/n/proftpd/proftpd.SlackBuild | 6 |
15 files changed, 1088 insertions, 278 deletions
diff --git a/source/l/desktop-file-utils/desktop-file-utils.SlackBuild b/source/l/desktop-file-utils/desktop-file-utils.SlackBuild index db23c76e8..f1e3775b2 100755 --- a/source/l/desktop-file-utils/desktop-file-utils.SlackBuild +++ b/source/l/desktop-file-utils/desktop-file-utils.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2006, 2008, 2009, 2010, 2018, 2020 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2006, 2008, 2009, 2010, 2018, 2020, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=desktop-file-utils VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-3} +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} @@ -76,22 +76,27 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -if [ ! -r configure ]; then - NOCONFIGURE=1 ./autogen.sh -fi - -# Configure: -CFLAGS="$SLKCFLAGS" \ -./configure \ +# Configure, build, and install: +export CFLAGS="$SLKCFLAGS" +export CXXFLAGS="$SLKCFLAGS" +mkdir meson-build +cd meson-build +meson setup \ --prefix=/usr \ + --libdir=lib${LIBDIRSUFFIX} \ + --libexecdir=/usr/libexec \ + --bindir=/usr/bin \ + --sbindir=/usr/sbin \ + --includedir=/usr/include \ + --datadir=/usr/share \ --mandir=/usr/man \ - --docdir=/usr/doc/$PKGNAM-$VERSION \ - --build=$ARCH-slackware-linux \ - --host=$ARCH-slackware-linux - -# Build and install: -make $NUMJOBS || make || exit 1 -make install DESTDIR=$PKG || exit 1 + --sysconfdir=/etc \ + --localstatedir=/var \ + --buildtype=release \ + .. || exit 1 + "${NINJA:=ninja}" $NUMJOBS || exit 1 + DESTDIR=$PKG $NINJA install || exit 1 +cd .. mkdir -p $PKG/var/log/setup cat << EOF > $PKG/var/log/setup/setup.07.update-desktop-database diff --git a/source/l/glibc/doinst.sh-aaa_glibc-solibs b/source/l/glibc/doinst.sh-aaa_glibc-solibs index d5fea2e5f..fe8fc1f37 100644 --- a/source/l/glibc/doinst.sh-aaa_glibc-solibs +++ b/source/l/glibc/doinst.sh-aaa_glibc-solibs @@ -72,6 +72,8 @@ if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly rm -f $LIBRARY done done + # Remove stale versions of libcrypt from Slackware 14.2 or newer: + rm -f libcrypt-{2.23,2.24,2.25,2.26,2.27,2.28,2.29,2.30,2.31,2.32,2.33,2.34,2.35,2.36,2.37}.so ) fi # Finally, rename them and clean up: @@ -136,7 +138,9 @@ if [ ! -x /sbin/ldconfig ]; then ( cd lib ; rm -rf libanl.so.1 ) ( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) ( cd lib ; rm -rf libcrypt.so.1 ) -( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; ln -sf libcrypt1-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; rm -rf libcrypt.so.2 ) +( cd lib ; ln -sf libcrypt2-@@VERSION@@.so libcrypt.so.2 ) ( cd lib ; rm -rf libBrokenLocale.so.1 ) ( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) ( cd lib ; rm -rf ld-linux.so.2 ) @@ -152,4 +156,3 @@ if [ ! -x /sbin/ldconfig ]; then ( cd lib ; rm -rf librt.so.1 ) ( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 ) fi - diff --git a/source/l/glibc/doinst.sh-glibc b/source/l/glibc/doinst.sh-glibc index 2ed07ad03..5fa7d2f86 100644 --- a/source/l/glibc/doinst.sh-glibc +++ b/source/l/glibc/doinst.sh-glibc @@ -72,6 +72,8 @@ if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly rm -f $LIBRARY done done + # Remove stale versions of libcrypt from Slackware 14.2 or newer: + rm -f libcrypt-{2.23,2.24,2.25,2.26,2.27,2.28,2.29,2.30,2.31,2.32,2.33,2.34,2.35,2.36,2.37}.so ) fi # Finally, rename them and clean up: @@ -138,7 +140,9 @@ if [ ! -x /sbin/ldconfig ]; then ( cd lib ; rm -rf libanl.so.1 ) ( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) ( cd lib ; rm -rf libcrypt.so.1 ) -( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; ln -sf libcrypt1-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; rm -rf libcrypt.so.2 ) +( cd lib ; ln -sf libcrypt2-@@VERSION@@.so libcrypt.so.2 ) ( cd lib ; rm -rf libBrokenLocale.so.1 ) ( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) ( cd lib ; rm -rf ld-linux.so.2 ) diff --git a/source/l/glibc/glibc.SlackBuild b/source/l/glibc/glibc.SlackBuild index bac317163..044662fe5 100755 --- a/source/l/glibc/glibc.SlackBuild +++ b/source/l/glibc/glibc.SlackBuild @@ -25,7 +25,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=glibc VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} CHECKOUT=${CHECKOUT:-""} -BUILD=${BUILD:-3} +BUILD=${BUILD:-2} # I was considering disabling NSCD, but MoZes talked me out of it. :) #DISABLE_NSCD=" --disable-nscd " @@ -230,7 +230,7 @@ CFLAGS="-g $OPTIMIZ" \ ../configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ - --enable-kernel=2.6.32 \ + --enable-kernel=4.4 \ --with-headers=/usr/include \ --enable-add-ons \ --enable-profile \ @@ -251,6 +251,11 @@ make $NUMJOBS install install_root=$PKG || exit 1 # completes much faster. :) make $NUMJOBS localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1 +# Build and install libxcrypt: +pushd $CWD +ARCH=$SLACKWARE_ARCH LIBDIRSUFFIX=$LIBDIRSUFFIX SLKCFLAGS=$OPTIMIZ ./libxcrypt.build +popd + # We've always had an sln symlink in /bin, so let's make sure it # remains there so as not to break any scripts that might need it: mkdir -p $PKG/bin @@ -306,8 +311,7 @@ cat nscd/nscd.conf > $PKG/etc/nscd.conf.new # Install docs: ( mkdir -p $PKG/usr/doc/glibc-$VERSION cp -a \ - BUGS CONFORMANCE COPYING* FAQ INSTALL LICENSES NAMESPACE \ - NEWS NOTES PROJECTS README* \ + CONTRIBUTED-BY* COPYING* INSTALL* LICENSES* MAINTAINERS* NEWS* README* SECURITY* SHARED-FILES* \ $PKG/usr/doc/glibc-$VERSION ) @@ -338,9 +342,20 @@ fi find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null ) -# Fix info dir: -rm $PKG/usr/info/dir -gzip -9 $PKG/usr/info/* +# Compress manual pages: +find $PKG/usr/man -type f -exec gzip -9 {} \+ +for i in $( find $PKG/usr/man -type l ) ; do + ln -s $( readlink $i ).gz $i.gz + rm $i +done + +# Compress info files, if any: +if [ -d $PKG/usr/info ]; then + ( cd $PKG/usr/info + rm -f dir + gzip -9 * + ) +fi # This is junk rm $PKG/etc/ld.so.cache @@ -411,6 +426,11 @@ cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX} # have to handle these files differently and so that it's easy to see what # version of glibc is in use at a glance. cd incoming + # First do the new libxcrypt links (a little bit differently): + for cryptlib in libcrypt.so.* ; do + CRYPTSO=$(echo $cryptlib | cut -f 3 -d .) + mv $cryptlib libcrypt${CRYPTSO}-${VERSION}.so + done for library in *.so.* ; do mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so done @@ -465,17 +485,13 @@ find lib${LIBDIRSUFFIX} -type l -exec rm {} \+ mkdir install cp -a $CWD/slack-desc.glibc install/slack-desc cp -a $CWD/doinst.sh-glibc install/doinst.sh -# Fix specific versioning for the symlink creation script. This part of the -# script would only be used in the case where there is no ldconfig on the -# running system that's used to install the package. That should never be the -# case, but we'll leave the code in place anyway just in case. -sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh # Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed: fix_doinst ( cd lib${LIBDIRSUFFIX} mkdir incoming mv *so* incoming mv incoming/libmemusage.so . + #mv incoming/libcrypt* . # Beginning with glibc-2.34, shared objects are using their ABI sonames # directly, which is frankly, a terrible idea. It might help other package # managers, but doesn't do us any favors where we already had a system for @@ -484,6 +500,11 @@ fix_doinst # have to handle these files differently and so that it's easy to see what # version of glibc is in use at a glance. cd incoming + # First do the new libxcrypt links (a little bit differently): + for cryptlib in libcrypt.so.* ; do + CRYPTSO=$(echo $cryptlib | cut -f 3 -d .) + mv $cryptlib libcrypt${CRYPTSO}-${VERSION}.so + done for library in *.so.* ; do mv $library $(echo $library | cut -f 1 -d .)-${VERSION}.so done diff --git a/source/l/glibc/libxcrypt.build b/source/l/glibc/libxcrypt.build new file mode 100755 index 000000000..17bc62ec5 --- /dev/null +++ b/source/l/glibc/libxcrypt.build @@ -0,0 +1,119 @@ +#!/bin/bash + +# Copyright 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=libxcrypt +VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} + +TMP=${TMP:-/tmp} +PKG=$TMP/package-glibc-incoming-tree + +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1 +cd $PKGNAM-$VERSION || exit 1 + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Configure, build, and install: +if [ ! -r configure ]; then + if [ -x ./autogen.sh ]; then + NOCONFIGURE=1 ./autogen.sh + else + autoreconf -vif + fi +fi + +# First, build and install the compat library: +mkdir build-libxcrypt-compat +cd build-libxcrypt-compat +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +../configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --enable-hashes=strong,glibc \ + --enable-obsolete-api=glibc \ + --disable-failure-tokens \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 +cd .. + +# Next, build the next-gen crypt library. We'll see what can link to it. :) +mkdir build-libxcrypt +cd build-libxcrypt +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +../configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --mandir=/usr/man \ + --enable-hashes=strong,glibc \ + --enable-obsolete-api=no \ + --disable-failure-tokens \ + --build=$ARCH-slackware-linux || exit 1 +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 +cd .. + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/libcrypt*.la + +# Strip binaries: +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null + +# Move libraries out of /usr: +mkdir -p $PKG/lib${LIBDIRSUFFIX} +( cd $PKG/usr/lib${LIBDIRSUFFIX} + ## Actually, glibc always had libcrypt.a, so... + ## No static crypt() libraries: + #rm libcrypt*.a + # No .so symlinks (yet): + rm libcrypt*.so + # Move libraries and remaining symlinks: + mv libcrypt*so* ../../lib${LIBDIRSUFFIX} + # Add .so symlinks for libcrypt and libxcrypt: + ln -sf ../../lib${LIBDIRSUFFIX}/libcrypt.so.2 libcrypt.so + ln -sf ../../lib${LIBDIRSUFFIX}/libcrypt.so.2 libxcrypt.so +) + +# Add a documentation directory: +mkdir -p $PKG/usr/doc/${PKGNAM}-$VERSION +cp -a \ + AUTHORS* ChangeLog COPYING* LICENSING* NEWS* README* THANKS* TODO* \ + $PKG/usr/doc/${PKGNAM}-$VERSION + +# If there's a ChangeLog, installing at least part of the recent history +# is useful, but don't let it get totally out of control: +if [ -r ChangeLog ]; then + DOCSDIR=$(echo $PKG/usr/doc/${PKGNAM}-$VERSION) + cat ChangeLog | head -n 1000 > $DOCSDIR/ChangeLog + touch -r ChangeLog $DOCSDIR/ChangeLog +fi diff --git a/source/l/glibc/libxcrypt.url b/source/l/glibc/libxcrypt.url new file mode 100644 index 000000000..4e0d180af --- /dev/null +++ b/source/l/glibc/libxcrypt.url @@ -0,0 +1 @@ +https://github.com/besser82/libxcrypt diff --git a/source/l/glibc/patches/CVE-2023-25139.patch b/source/l/glibc/patches/CVE-2023-25139.patch deleted file mode 100644 index 3361e68fa..000000000 --- a/source/l/glibc/patches/CVE-2023-25139.patch +++ /dev/null @@ -1,81 +0,0 @@ -This is a partial fix for mishandling of grouping when formatting -integers. It properly computes the width in presence of grouping -characteres when the precision is larger than the number of significant -digits. ---- - stdio-common/Makefile | 1 + - stdio-common/tst-grouping3.c | 37 +++++++++++++++++++++++++++++ - stdio-common/vfprintf-process-arg.c | 2 +- - 3 files changed, 39 insertions(+), 1 deletion(-) - create mode 100644 stdio-common/tst-grouping3.c - -diff --git a/stdio-common/Makefile b/stdio-common/Makefile -index 6e9d104524..b46d932a20 100644 ---- a/stdio-common/Makefile -+++ b/stdio-common/Makefile -@@ -195,6 +195,7 @@ tests := \ - tst-gets \ - tst-grouping \ - tst-grouping2 \ -+ tst-grouping3 \ - tst-long-dbl-fphex \ - tst-memstream-string \ - tst-obprintf \ -diff --git a/stdio-common/tst-grouping3.c b/stdio-common/tst-grouping3.c -new file mode 100644 -index 0000000000..0031ad4010 ---- /dev/null -+++ b/stdio-common/tst-grouping3.c -@@ -0,0 +1,37 @@ -+/* Test printf with grouping and padding (bug 23432) -+ Copyright (C) 2023 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ <https://www.gnu.org/licenses/>. */ -+ -+#include <locale.h> -+#include <stdio.h> -+#include <support/check.h> -+#include <support/support.h> -+ -+static int -+do_test (void) -+{ -+ char buf[80]; -+ -+ xsetlocale (LC_NUMERIC, "de_DE.UTF-8"); -+ -+ sprintf (buf, "%+-'13.9d", 1234567); -+ TEST_COMPARE_STRING (buf, "+001.234.567 "); -+ -+ return 0; -+} -+ -+#include <support/test-driver.c> -diff --git a/stdio-common/vfprintf-process-arg.c b/stdio-common/vfprintf-process-arg.c -index 2c651946df..cd3eaf5c0c 100644 ---- a/stdio-common/vfprintf-process-arg.c -+++ b/stdio-common/vfprintf-process-arg.c -@@ -257,7 +257,7 @@ LABEL (unsigned_number): /* Unsigned number of base BASE. */ - width -= 2; - } - -- width -= workend - string + prec; -+ width -= number_length + prec; - - Xprintf_buffer_pad (buf, L_('0'), prec); - --- -2.39.1 diff --git a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch b/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch deleted file mode 100644 index 074317990..000000000 --- a/source/l/glibc/patches/glibc-2.37.CVE-2023-4911.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001 -From: Siddhesh Poyarekar <siddhesh@sourceware.org> -Date: Tue, 19 Sep 2023 18:39:32 -0400 -Subject: [PATCH] tunables: Terminate if end of input is reached - (CVE-2023-4911) - -The string parsing routine may end up writing beyond bounds of tunestr -if the input tunable string is malformed, of the form name=name=val. -This gets processed twice, first as name=name=val and next as name=val, -resulting in tunestr being name=name=val:name=val, thus overflowing -tunestr. - -Terminate the parsing loop at the first instance itself so that tunestr -does not overflow. - -Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> -Reviewed-by: Carlos O'Donell <carlos@redhat.com> ---- - NEWS | 5 +++++ - elf/dl-tunables.c | 17 +++++++++------- - - ---- ./NEWS.orig 2023-01-31 21:27:45.000000000 -0600 -+++ ./NEWS 2023-10-03 15:47:54.560781260 -0500 -@@ -28,6 +28,11 @@ - heap and prints it to the target log file, potentially revealing a - portion of the contents of the heap. - -+ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the -+ environment of a setuid program and NAME is valid, it may result in a -+ buffer overflow, which could be exploited to achieve escalated -+ privileges. This flaw was introduced in glibc 2.34. -+ - The following bugs are resolved with this release: - - [12154] network: Cannot resolve hosts which have wildcard aliases ---- ./elf/dl-tunables.c.orig 2023-01-31 21:27:45.000000000 -0600 -+++ ./elf/dl-tunables.c 2023-10-03 15:47:54.560781260 -0500 -@@ -187,11 +187,7 @@ - /* If we reach the end of the string before getting a valid name-value - pair, bail out. */ - if (p[len] == '\0') -- { -- if (__libc_enable_secure) -- tunestr[off] = '\0'; -- return; -- } -+ break; - - /* We did not find a valid name-value pair before encountering the - colon. */ -@@ -251,9 +247,16 @@ - } - } - -- if (p[len] != '\0') -- p += len + 1; -+ /* We reached the end while processing the tunable string. */ -+ if (p[len] == '\0') -+ break; -+ -+ p += len + 1; - } -+ -+ /* Terminate tunestr before we leave. */ -+ if (__libc_enable_secure) -+ tunestr[off] = '\0'; - } - #endif - diff --git a/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch b/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch new file mode 100644 index 000000000..e111d8aba --- /dev/null +++ b/source/l/glibc/patches/glibc-2.38-upstream_fixes-1.patch @@ -0,0 +1,695 @@ +Submitted By: Xi Ruoyao <xry111 at xry111.site> +Date: 2023-09-13 +Initial Package Version: 2.38 +Upstream Status: Under review +Origin: Upstream & Self + - 1/5: https://sourceware.org/git/?p=glibc.git;a=patch;h=542b11058525 + - 2/5: https://sourceware.org/pipermail/libc-alpha/2023-August/150857.html + - 3/5: Trivial unused code removal + - 4/5: https://sourceware.org/pipermail/libc-alpha/2023-September/151522.html + - 5/5: https://sourceware.org/pipermail/libc-alpha/2023-September/151548.html +Description: Fixes a regression causing posix_memalign() + very slow in certain conditions to avoid + breaking ffmpeg-based applications; + fixes two security vulnerabilities, + CVE-2023-4527 and CVE-2023-4806. + +From fc01478d06658ace8d57e5328c1e717275acfe84 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Fri, 11 Aug 2023 11:18:17 +0200 +Subject: [PATCH 1/3] malloc: Enable merging of remainders in memalign (bug + 30723) + +Previously, calling _int_free from _int_memalign could put remainders +into the tcache or into fastbins, where they are invisible to the +low-level allocator. This results in missed merge opportunities +because once these freed chunks become available to the low-level +allocator, further memalign allocations (even of the same size are) +likely obstructing merges. + +Furthermore, during forwards merging in _int_memalign, do not +completely give up when the remainder is too small to serve as a +chunk on its own. We can still give it back if it can be merged +with the following unused chunk. This makes it more likely that +memalign calls in a loop achieve a compact memory layout, +independently of initial heap layout. + +Drop some useless (unsigned long) casts along the way, and tweak +the style to more closely match GNU on changed lines. + +Reviewed-by: DJ Delorie <dj@redhat.com> +(cherry picked from commit 542b1105852568c3ebc712225ae78b8c8ba31a78) +--- + malloc/malloc.c | 197 +++++++++++++++++++++++++++++------------------- + 1 file changed, 121 insertions(+), 76 deletions(-) + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index e2f1a615a4..948f9759af 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -1086,6 +1086,11 @@ typedef struct malloc_chunk* mchunkptr; + + static void* _int_malloc(mstate, size_t); + static void _int_free(mstate, mchunkptr, int); ++static void _int_free_merge_chunk (mstate, mchunkptr, INTERNAL_SIZE_T); ++static INTERNAL_SIZE_T _int_free_create_chunk (mstate, ++ mchunkptr, INTERNAL_SIZE_T, ++ mchunkptr, INTERNAL_SIZE_T); ++static void _int_free_maybe_consolidate (mstate, INTERNAL_SIZE_T); + static void* _int_realloc(mstate, mchunkptr, INTERNAL_SIZE_T, + INTERNAL_SIZE_T); + static void* _int_memalign(mstate, size_t, size_t); +@@ -4637,31 +4642,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) + if (!have_lock) + __libc_lock_lock (av->mutex); + +- nextchunk = chunk_at_offset(p, size); +- +- /* Lightweight tests: check whether the block is already the +- top block. */ +- if (__glibc_unlikely (p == av->top)) +- malloc_printerr ("double free or corruption (top)"); +- /* Or whether the next chunk is beyond the boundaries of the arena. */ +- if (__builtin_expect (contiguous (av) +- && (char *) nextchunk +- >= ((char *) av->top + chunksize(av->top)), 0)) +- malloc_printerr ("double free or corruption (out)"); +- /* Or whether the block is actually not marked used. */ +- if (__glibc_unlikely (!prev_inuse(nextchunk))) +- malloc_printerr ("double free or corruption (!prev)"); +- +- nextsize = chunksize(nextchunk); +- if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) +- || __builtin_expect (nextsize >= av->system_mem, 0)) +- malloc_printerr ("free(): invalid next size (normal)"); ++ _int_free_merge_chunk (av, p, size); + +- free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); ++ if (!have_lock) ++ __libc_lock_unlock (av->mutex); ++ } ++ /* ++ If the chunk was allocated via mmap, release via munmap(). ++ */ ++ ++ else { ++ munmap_chunk (p); ++ } ++} ++ ++/* Try to merge chunk P of SIZE bytes with its neighbors. Put the ++ resulting chunk on the appropriate bin list. P must not be on a ++ bin list yet, and it can be in use. */ ++static void ++_int_free_merge_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size) ++{ ++ mchunkptr nextchunk = chunk_at_offset(p, size); ++ ++ /* Lightweight tests: check whether the block is already the ++ top block. */ ++ if (__glibc_unlikely (p == av->top)) ++ malloc_printerr ("double free or corruption (top)"); ++ /* Or whether the next chunk is beyond the boundaries of the arena. */ ++ if (__builtin_expect (contiguous (av) ++ && (char *) nextchunk ++ >= ((char *) av->top + chunksize(av->top)), 0)) ++ malloc_printerr ("double free or corruption (out)"); ++ /* Or whether the block is actually not marked used. */ ++ if (__glibc_unlikely (!prev_inuse(nextchunk))) ++ malloc_printerr ("double free or corruption (!prev)"); ++ ++ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); ++ if (__builtin_expect (chunksize_nomask (nextchunk) <= CHUNK_HDR_SZ, 0) ++ || __builtin_expect (nextsize >= av->system_mem, 0)) ++ malloc_printerr ("free(): invalid next size (normal)"); ++ ++ free_perturb (chunk2mem(p), size - CHUNK_HDR_SZ); + +- /* consolidate backward */ +- if (!prev_inuse(p)) { +- prevsize = prev_size (p); ++ /* Consolidate backward. */ ++ if (!prev_inuse(p)) ++ { ++ INTERNAL_SIZE_T prevsize = prev_size (p); + size += prevsize; + p = chunk_at_offset(p, -((long) prevsize)); + if (__glibc_unlikely (chunksize(p) != prevsize)) +@@ -4669,9 +4695,25 @@ _int_free (mstate av, mchunkptr p, int have_lock) + unlink_chunk (av, p); + } + +- if (nextchunk != av->top) { ++ /* Write the chunk header, maybe after merging with the following chunk. */ ++ size = _int_free_create_chunk (av, p, size, nextchunk, nextsize); ++ _int_free_maybe_consolidate (av, size); ++} ++ ++/* Create a chunk at P of SIZE bytes, with SIZE potentially increased ++ to cover the immediately following chunk NEXTCHUNK of NEXTSIZE ++ bytes (if NEXTCHUNK is unused). The chunk at P is not actually ++ read and does not have to be initialized. After creation, it is ++ placed on the appropriate bin list. The function returns the size ++ of the new chunk. */ ++static INTERNAL_SIZE_T ++_int_free_create_chunk (mstate av, mchunkptr p, INTERNAL_SIZE_T size, ++ mchunkptr nextchunk, INTERNAL_SIZE_T nextsize) ++{ ++ if (nextchunk != av->top) ++ { + /* get and clear inuse bit */ +- nextinuse = inuse_bit_at_offset(nextchunk, nextsize); ++ bool nextinuse = inuse_bit_at_offset (nextchunk, nextsize); + + /* consolidate forward */ + if (!nextinuse) { +@@ -4686,8 +4728,8 @@ _int_free (mstate av, mchunkptr p, int have_lock) + been given one chance to be used in malloc. + */ + +- bck = unsorted_chunks(av); +- fwd = bck->fd; ++ mchunkptr bck = unsorted_chunks (av); ++ mchunkptr fwd = bck->fd; + if (__glibc_unlikely (fwd->bk != bck)) + malloc_printerr ("free(): corrupted unsorted chunks"); + p->fd = fwd; +@@ -4706,61 +4748,52 @@ _int_free (mstate av, mchunkptr p, int have_lock) + check_free_chunk(av, p); + } + +- /* +- If the chunk borders the current high end of memory, +- consolidate into top +- */ +- +- else { ++ else ++ { ++ /* If the chunk borders the current high end of memory, ++ consolidate into top. */ + size += nextsize; + set_head(p, size | PREV_INUSE); + av->top = p; + check_chunk(av, p); + } + +- /* +- If freeing a large space, consolidate possibly-surrounding +- chunks. Then, if the total unused topmost memory exceeds trim +- threshold, ask malloc_trim to reduce top. +- +- Unless max_fast is 0, we don't know if there are fastbins +- bordering top, so we cannot tell for sure whether threshold +- has been reached unless fastbins are consolidated. But we +- don't want to consolidate on each free. As a compromise, +- consolidation is performed if FASTBIN_CONSOLIDATION_THRESHOLD +- is reached. +- */ ++ return size; ++} + +- if ((unsigned long)(size) >= FASTBIN_CONSOLIDATION_THRESHOLD) { ++/* If freeing a large space, consolidate possibly-surrounding ++ chunks. Then, if the total unused topmost memory exceeds trim ++ threshold, ask malloc_trim to reduce top. */ ++static void ++_int_free_maybe_consolidate (mstate av, INTERNAL_SIZE_T size) ++{ ++ /* Unless max_fast is 0, we don't know if there are fastbins ++ bordering top, so we cannot tell for sure whether threshold has ++ been reached unless fastbins are consolidated. But we don't want ++ to consolidate on each free. As a compromise, consolidation is ++ performed if FASTBIN_CONSOLIDATION_THRESHOLD is reached. */ ++ if (size >= FASTBIN_CONSOLIDATION_THRESHOLD) ++ { + if (atomic_load_relaxed (&av->have_fastchunks)) + malloc_consolidate(av); + +- if (av == &main_arena) { ++ if (av == &main_arena) ++ { + #ifndef MORECORE_CANNOT_TRIM +- if ((unsigned long)(chunksize(av->top)) >= +- (unsigned long)(mp_.trim_threshold)) +- systrim(mp_.top_pad, av); ++ if (chunksize (av->top) >= mp_.trim_threshold) ++ systrim (mp_.top_pad, av); + #endif +- } else { +- /* Always try heap_trim(), even if the top chunk is not +- large, because the corresponding heap might go away. */ +- heap_info *heap = heap_for_ptr(top(av)); ++ } ++ else ++ { ++ /* Always try heap_trim, even if the top chunk is not large, ++ because the corresponding heap might go away. */ ++ heap_info *heap = heap_for_ptr (top (av)); + +- assert(heap->ar_ptr == av); +- heap_trim(heap, mp_.top_pad); +- } ++ assert (heap->ar_ptr == av); ++ heap_trim (heap, mp_.top_pad); ++ } + } +- +- if (!have_lock) +- __libc_lock_unlock (av->mutex); +- } +- /* +- If the chunk was allocated via mmap, release via munmap(). +- */ +- +- else { +- munmap_chunk (p); +- } + } + + /* +@@ -5221,7 +5254,7 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) + (av != &main_arena ? NON_MAIN_ARENA : 0)); + set_inuse_bit_at_offset (newp, newsize); + set_head_size (p, leadsize | (av != &main_arena ? NON_MAIN_ARENA : 0)); +- _int_free (av, p, 1); ++ _int_free_merge_chunk (av, p, leadsize); + p = newp; + + assert (newsize >= nb && +@@ -5232,15 +5265,27 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) + if (!chunk_is_mmapped (p)) + { + size = chunksize (p); +- if ((unsigned long) (size) > (unsigned long) (nb + MINSIZE)) ++ mchunkptr nextchunk = chunk_at_offset(p, size); ++ INTERNAL_SIZE_T nextsize = chunksize(nextchunk); ++ if (size > nb) + { + remainder_size = size - nb; +- remainder = chunk_at_offset (p, nb); +- set_head (remainder, remainder_size | PREV_INUSE | +- (av != &main_arena ? NON_MAIN_ARENA : 0)); +- set_head_size (p, nb); +- _int_free (av, remainder, 1); +- } ++ if (remainder_size >= MINSIZE ++ || nextchunk == av->top ++ || !inuse_bit_at_offset (nextchunk, nextsize)) ++ { ++ /* We can only give back the tail if it is larger than ++ MINSIZE, or if the following chunk is unused (top ++ chunk or unused in-heap chunk). Otherwise we would ++ create a chunk that is smaller than MINSIZE. */ ++ remainder = chunk_at_offset (p, nb); ++ set_head_size (p, nb); ++ remainder_size = _int_free_create_chunk (av, remainder, ++ remainder_size, ++ nextchunk, nextsize); ++ _int_free_maybe_consolidate (av, remainder_size); ++ } ++ } + } + + check_inuse_chunk (av, p); +-- +2.41.0 + +From b37e836b7cc2dba672e1de1cc7e076ba1c712614 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Fri, 11 Aug 2023 17:48:13 +0200 +Subject: [PATCH 2/3] malloc: Remove bin scanning from memalign (bug 30723) + +On the test workload (mpv --cache=yes with VP9 video decoding), the +bin scanning has a very poor success rate (less than 2%). The tcache +scanning has about 50% success rate, so keep that. + +Update comments in malloc/tst-memalign-2 to indicate the purpose +of the tests. Even with the scanning removed, the additional +merging opportunities since commit 542b1105852568c3ebc712225ae78b +("malloc: Enable merging of remainders in memalign (bug 30723)") +are sufficient to pass the existing large bins test. + +Link: https://sourceware.org/pipermail/libc-alpha/2023-August/150857.html +--- + malloc/malloc.c | 127 ++-------------------------------------- + malloc/tst-memalign-2.c | 7 ++- + 2 files changed, 10 insertions(+), 124 deletions(-) + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index 948f9759af..9c2cab7a59 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -5082,7 +5082,6 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) + mchunkptr remainder; /* spare room at end to split off */ + unsigned long remainder_size; /* its size */ + INTERNAL_SIZE_T size; +- mchunkptr victim; + + nb = checked_request2size (bytes); + if (nb == 0) +@@ -5101,129 +5100,13 @@ _int_memalign (mstate av, size_t alignment, size_t bytes) + we don't find anything in those bins, the common malloc code will + scan starting at 2x. */ + +- /* This will be set if we found a candidate chunk. */ +- victim = NULL; ++ /* Call malloc with worst case padding to hit alignment. */ ++ m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); + +- /* Fast bins are singly-linked, hard to remove a chunk from the middle +- and unlikely to meet our alignment requirements. We have not done +- any experimentation with searching for aligned fastbins. */ ++ if (m == 0) ++ return 0; /* propagate failure */ + +- if (av != NULL) +- { +- int first_bin_index; +- int first_largebin_index; +- int last_bin_index; +- +- if (in_smallbin_range (nb)) +- first_bin_index = smallbin_index (nb); +- else +- first_bin_index = largebin_index (nb); +- +- if (in_smallbin_range (nb * 2)) +- last_bin_index = smallbin_index (nb * 2); +- else +- last_bin_index = largebin_index (nb * 2); +- +- first_largebin_index = largebin_index (MIN_LARGE_SIZE); +- +- int victim_index; /* its bin index */ +- +- for (victim_index = first_bin_index; +- victim_index < last_bin_index; +- victim_index ++) +- { +- victim = NULL; +- +- if (victim_index < first_largebin_index) +- { +- /* Check small bins. Small bin chunks are doubly-linked despite +- being the same size. */ +- +- mchunkptr fwd; /* misc temp for linking */ +- mchunkptr bck; /* misc temp for linking */ +- +- bck = bin_at (av, victim_index); +- fwd = bck->fd; +- while (fwd != bck) +- { +- if (chunk_ok_for_memalign (fwd, alignment, nb) > 0) +- { +- victim = fwd; +- +- /* Unlink it */ +- victim->fd->bk = victim->bk; +- victim->bk->fd = victim->fd; +- break; +- } +- +- fwd = fwd->fd; +- } +- } +- else +- { +- /* Check large bins. */ +- mchunkptr fwd; /* misc temp for linking */ +- mchunkptr bck; /* misc temp for linking */ +- mchunkptr best = NULL; +- size_t best_size = 0; +- +- bck = bin_at (av, victim_index); +- fwd = bck->fd; +- +- while (fwd != bck) +- { +- int extra; +- +- if (chunksize (fwd) < nb) +- break; +- extra = chunk_ok_for_memalign (fwd, alignment, nb); +- if (extra > 0 +- && (extra <= best_size || best == NULL)) +- { +- best = fwd; +- best_size = extra; +- } +- +- fwd = fwd->fd; +- } +- victim = best; +- +- if (victim != NULL) +- { +- unlink_chunk (av, victim); +- break; +- } +- } +- +- if (victim != NULL) +- break; +- } +- } +- +- /* Strategy: find a spot within that chunk that meets the alignment +- request, and then possibly free the leading and trailing space. +- This strategy is incredibly costly and can lead to external +- fragmentation if header and footer chunks are unused. */ +- +- if (victim != NULL) +- { +- p = victim; +- m = chunk2mem (p); +- set_inuse (p); +- if (av != &main_arena) +- set_non_main_arena (p); +- } +- else +- { +- /* Call malloc with worst case padding to hit alignment. */ +- +- m = (char *) (_int_malloc (av, nb + alignment + MINSIZE)); +- +- if (m == 0) +- return 0; /* propagate failure */ +- +- p = mem2chunk (m); +- } ++ p = mem2chunk (m); + + if ((((unsigned long) (m)) % alignment) != 0) /* misaligned */ + { +diff --git a/malloc/tst-memalign-2.c b/malloc/tst-memalign-2.c +index f229283dbf..ecd6fa249e 100644 +--- a/malloc/tst-memalign-2.c ++++ b/malloc/tst-memalign-2.c +@@ -86,7 +86,8 @@ do_test (void) + TEST_VERIFY (tcache_allocs[i].ptr1 == tcache_allocs[i].ptr2); + } + +- /* Test for non-head tcache hits. */ ++ /* Test for non-head tcache hits. This exercises the memalign ++ scanning code to find matching allocations. */ + for (i = 0; i < array_length (ptr); ++ i) + { + if (i == 4) +@@ -113,7 +114,9 @@ do_test (void) + free (p); + TEST_VERIFY (count > 0); + +- /* Large bins test. */ ++ /* Large bins test. This verifies that the over-allocated parts ++ that memalign releases for future allocations can be reused by ++ memalign itself at least in some cases. */ + + for (i = 0; i < LN; ++ i) + { +-- +2.41.0 + +From 26973f7b09c33e67f6bcbc79371796c8dd334528 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao <xry111@xry111.site> +Date: Mon, 14 Aug 2023 11:05:18 +0800 +Subject: [PATCH 3/3] malloc: Remove unused functions and variables + +Remove unused chunk_ok_for_memalign function and unused local variables +in _int_free. + +Signed-off-by: Xi Ruoyao <xry111@xry111.site> +--- + malloc/malloc.c | 42 ------------------------------------------ + 1 file changed, 42 deletions(-) + +diff --git a/malloc/malloc.c b/malloc/malloc.c +index 9c2cab7a59..d0bbbf3710 100644 +--- a/malloc/malloc.c ++++ b/malloc/malloc.c +@@ -4488,12 +4488,6 @@ _int_free (mstate av, mchunkptr p, int have_lock) + { + INTERNAL_SIZE_T size; /* its size */ + mfastbinptr *fb; /* associated fastbin */ +- mchunkptr nextchunk; /* next contiguous chunk */ +- INTERNAL_SIZE_T nextsize; /* its size */ +- int nextinuse; /* true if nextchunk is used */ +- INTERNAL_SIZE_T prevsize; /* size of previous contiguous chunk */ +- mchunkptr bck; /* misc temp for linking */ +- mchunkptr fwd; /* misc temp for linking */ + + size = chunksize (p); + +@@ -5032,42 +5026,6 @@ _int_realloc (mstate av, mchunkptr oldp, INTERNAL_SIZE_T oldsize, + ------------------------------ memalign ------------------------------ + */ + +-/* Returns 0 if the chunk is not and does not contain the requested +- aligned sub-chunk, else returns the amount of "waste" from +- trimming. NB is the *chunk* byte size, not the user byte +- size. */ +-static size_t +-chunk_ok_for_memalign (mchunkptr p, size_t alignment, size_t nb) +-{ +- void *m = chunk2mem (p); +- INTERNAL_SIZE_T size = chunksize (p); +- void *aligned_m = m; +- +- if (__glibc_unlikely (misaligned_chunk (p))) +- malloc_printerr ("_int_memalign(): unaligned chunk detected"); +- +- aligned_m = PTR_ALIGN_UP (m, alignment); +- +- INTERNAL_SIZE_T front_extra = (intptr_t) aligned_m - (intptr_t) m; +- +- /* We can't trim off the front as it's too small. */ +- if (front_extra > 0 && front_extra < MINSIZE) +- return 0; +- +- /* If it's a perfect fit, it's an exception to the return value rule +- (we would return zero waste, which looks like "not usable"), so +- handle it here by returning a small non-zero value instead. */ +- if (size == nb && front_extra == 0) +- return 1; +- +- /* If the block we need fits in the chunk, calculate total waste. */ +- if (size > nb + front_extra) +- return size - nb; +- +- /* Can't use this chunk. */ +- return 0; +-} +- + /* BYTES is user requested bytes, not requested chunksize bytes. */ + static void * + _int_memalign (mstate av, size_t alignment, size_t bytes) +-- +2.41.0 + +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index c8b77bbc35..119dc9f00f 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -427,7 +427,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat, + { + n = __res_context_search (ctx, name, C_IN, T_A, + dns_packet_buffer, sizeof (dns_packet_buffer), +- NULL, NULL, NULL, NULL, NULL); ++ &alt_dns_packet_buffer, NULL, NULL, NULL, NULL); + if (n >= 0) + status = gaih_getanswer_noaaaa (alt_dns_packet_buffer, n, + &abuf, pat, errnop, herrnop, ttlp); + +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 6ae6744fe4..eb5ba59dac 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -120,6 +120,7 @@ struct gaih_result + { + struct gaih_addrtuple *at; + char *canon; ++ char *hname; + bool free_at; + bool got_ipv6; + }; +@@ -165,6 +166,7 @@ gaih_result_reset (struct gaih_result *res) + if (res->free_at) + free (res->at); + free (res->canon); ++ free (res->hname); + memset (res, 0, sizeof (*res)); + } + +@@ -203,9 +205,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + return 0; + } + +-/* Convert struct hostent to a list of struct gaih_addrtuple objects. h_name +- is not copied, and the struct hostent object must not be deallocated +- prematurely. The new addresses are appended to the tuple array in RES. */ ++/* Convert struct hostent to a list of struct gaih_addrtuple objects. The new ++ addresses are appended to the tuple array in RES. */ + static bool + convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + struct hostent *h, struct gaih_result *res) +@@ -238,6 +239,15 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + res->at = array; + res->free_at = true; + ++ /* Duplicate h_name because it may get reclaimed when the underlying storage ++ is freed. */ ++ if (res->hname == NULL) ++ { ++ res->hname = __strdup (h->h_name); ++ if (res->hname == NULL) ++ return false; ++ } ++ + /* Update the next pointers on reallocation. */ + for (size_t i = 0; i < old; i++) + array[i].next = array + i + 1; +@@ -262,7 +272,6 @@ convert_hostent_to_gaih_addrtuple (const struct addrinfo *req, int family, + } + array[i].next = array + i + 1; + } +- array[0].name = h->h_name; + array[count - 1].next = NULL; + + return true; +@@ -324,15 +333,15 @@ gethosts (nss_gethostbyname3_r fct, int family, const char *name, + memory allocation failure. The returned string is allocated on the + heap; the caller has to free it. */ + static char * +-getcanonname (nss_action_list nip, struct gaih_addrtuple *at, const char *name) ++getcanonname (nss_action_list nip, const char *hname, const char *name) + { + nss_getcanonname_r *cfct = __nss_lookup_function (nip, "getcanonname_r"); + char *s = (char *) name; + if (cfct != NULL) + { + char buf[256]; +- if (DL_CALL_FCT (cfct, (at->name ?: name, buf, sizeof (buf), +- &s, &errno, &h_errno)) != NSS_STATUS_SUCCESS) ++ if (DL_CALL_FCT (cfct, (hname ?: name, buf, sizeof (buf), &s, &errno, ++ &h_errno)) != NSS_STATUS_SUCCESS) + /* If the canonical name cannot be determined, use the passed + string. */ + s = (char *) name; +@@ -740,6 +749,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, + } + no_inet6_data = no_data; + inet6_status = status; ++ + } + if (req->ai_family == AF_INET + || req->ai_family == AF_UNSPEC +@@ -771,7 +781,7 @@ get_nss_addresses (const char *name, const struct addrinfo *req, + if ((req->ai_flags & AI_CANONNAME) != 0 + && res->canon == NULL) + { +- char *canonbuf = getcanonname (nip, res->at, name); ++ char *canonbuf = getcanonname (nip, res->hname, name); + if (canonbuf == NULL) + { + __resolv_context_put (res_ctx); diff --git a/source/l/glibc/patches/glibc.CVE-2023-4911.patch b/source/l/glibc/patches/glibc.CVE-2023-4911.patch new file mode 100644 index 000000000..a790a8305 --- /dev/null +++ b/source/l/glibc/patches/glibc.CVE-2023-4911.patch @@ -0,0 +1,173 @@ +From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar <siddhesh@sourceware.org> +Date: Tue, 19 Sep 2023 18:39:32 -0400 +Subject: [PATCH] tunables: Terminate if end of input is reached + (CVE-2023-4911) + +The string parsing routine may end up writing beyond bounds of tunestr +if the input tunable string is malformed, of the form name=name=val. +This gets processed twice, first as name=name=val and next as name=val, +resulting in tunestr being name=name=val:name=val, thus overflowing +tunestr. + +Terminate the parsing loop at the first instance itself so that tunestr +does not overflow. + +This also fixes up tst-env-setuid-tunables to actually handle failures +correct and add new tests to validate the fix for this CVE. + +Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +Reviewed-by: Carlos O'Donell <carlos@redhat.com> +--- + NEWS | 5 +++++ + elf/dl-tunables.c | 17 +++++++++------- + elf/tst-env-setuid-tunables.c | 37 +++++++++++++++++++++++++++-------- + 3 files changed, 44 insertions(+), 15 deletions(-) + +diff --git a/NEWS b/NEWS +index a94650da64..cc4b81f0ac 100644 +--- a/NEWS ++++ b/NEWS +@@ -64,6 +64,11 @@ Security related changes: + an application calls getaddrinfo for AF_INET6 with AI_CANONNAME, + AI_ALL and AI_V4MAPPED flags set. + ++ CVE-2023-4911: If a tunable of the form NAME=NAME=VAL is passed in the ++ environment of a setuid program and NAME is valid, it may result in a ++ buffer overflow, which could be exploited to achieve escalated ++ privileges. This flaw was introduced in glibc 2.34. ++ + The following bugs are resolved with this release: + + [The release manager will add the list generated by +diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c +index 62b7332d95..cae67efa0a 100644 +--- a/elf/dl-tunables.c ++++ b/elf/dl-tunables.c +@@ -180,11 +180,7 @@ parse_tunables (char *tunestr, char *valstring) + /* If we reach the end of the string before getting a valid name-value + pair, bail out. */ + if (p[len] == '\0') +- { +- if (__libc_enable_secure) +- tunestr[off] = '\0'; +- return; +- } ++ break; + + /* We did not find a valid name-value pair before encountering the + colon. */ +@@ -244,9 +240,16 @@ parse_tunables (char *tunestr, char *valstring) + } + } + +- if (p[len] != '\0') +- p += len + 1; ++ /* We reached the end while processing the tunable string. */ ++ if (p[len] == '\0') ++ break; ++ ++ p += len + 1; + } ++ ++ /* Terminate tunestr before we leave. */ ++ if (__libc_enable_secure) ++ tunestr[off] = '\0'; + } + + /* Enable the glibc.malloc.check tunable in SETUID/SETGID programs only when +diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c +index 7dfb0e073a..f0b92c97e7 100644 +--- a/elf/tst-env-setuid-tunables.c ++++ b/elf/tst-env-setuid-tunables.c +@@ -50,6 +50,8 @@ const char *teststrings[] = + "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", + "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096", + "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.check=2", + "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2", + "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096", + ":glibc.malloc.garbage=2:glibc.malloc.check=1", +@@ -68,6 +70,8 @@ const char *resultstrings[] = + "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", + "glibc.malloc.mmap_threshold=4096", + "glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", ++ "", + "", + "", + "", +@@ -81,11 +85,18 @@ test_child (int off) + { + const char *val = getenv ("GLIBC_TUNABLES"); + ++ printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); ++ fflush (stdout); + if (val != NULL && strcmp (val, resultstrings[off]) == 0) + return 0; + + if (val != NULL) +- printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); ++ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", ++ off, val, resultstrings[off]); ++ else ++ printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); ++ ++ fflush (stdout); + + return 1; + } +@@ -106,21 +117,26 @@ do_test (int argc, char **argv) + if (ret != 0) + exit (1); + +- exit (EXIT_SUCCESS); ++ /* Special return code to make sure that the child executed all the way ++ through. */ ++ exit (42); + } + else + { +- int ret = 0; +- + /* Spawn tests. */ + for (int i = 0; i < array_length (teststrings); i++) + { + char buf[INT_BUFSIZE_BOUND (int)]; + +- printf ("Spawned test for %s (%d)\n", teststrings[i], i); ++ printf ("[%d] Spawned test for %s\n", i, teststrings[i]); + snprintf (buf, sizeof (buf), "%d\n", i); ++ fflush (stdout); + if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0) +- exit (1); ++ { ++ printf (" [%d] Failed to set GLIBC_TUNABLES: %m", i); ++ support_record_failure (); ++ continue; ++ } + + int status = support_capture_subprogram_self_sgid (buf); + +@@ -128,9 +144,14 @@ do_test (int argc, char **argv) + if (WEXITSTATUS (status) == EXIT_UNSUPPORTED) + return EXIT_UNSUPPORTED; + +- ret |= status; ++ if (WEXITSTATUS (status) != 42) ++ { ++ printf (" [%d] child failed with status %d\n", i, ++ WEXITSTATUS (status)); ++ support_record_failure (); ++ } + } +- return ret; ++ return 0; + } + } + +-- +2.39.3 + + diff --git a/source/l/glibc/patches/reenable_DT_HASH.patch b/source/l/glibc/patches/reenable_DT_HASH.patch index f828b011b..7b7fe9ee4 100644 --- a/source/l/glibc/patches/reenable_DT_HASH.patch +++ b/source/l/glibc/patches/reenable_DT_HASH.patch @@ -1,27 +1,7 @@ -From e47de5cb2d4dbecb58f569ed241e8e95c568f03c Mon Sep 17 00:00:00 2001 -From: Florian Weimer <fweimer@redhat.com> -Date: Fri, 29 Apr 2022 16:37:51 +0200 -Subject: [PATCH] Do not use --hash-style=both for building glibc shared - objects - -The comment indicates that --hash-style=both was used to maintain -compatibility with static dlopen, but we had many internal ABI -changes since then, so this compatiblity does not add value anymore. - -Reviewed-by: Carlos O'Donell <carlos@redhat.com> ---- - Makeconfig | 9 +++++++++ - Makerules | 7 +++++++ - config.make.in | 1 + - configure | 28 ++++++++++++++++++++++++++++ - configure.ac | 16 ++++++++++++++++ - 5 files changed, 61 insertions(+) - -diff --git b/Makeconfig a/Makeconfig -index 760f14e92f..0aa5fb0099 100644 ---- b/Makeconfig -+++ a/Makeconfig -@@ -362,6 +362,15 @@ relro-LDFLAGS = -Wl,-z,relro +diff -up glibc-2.38/Makeconfig.45~ glibc-2.38/Makeconfig +--- glibc-2.38/Makeconfig.45~ 2023-08-01 01:02:58.246719027 +0200 ++++ glibc-2.38/Makeconfig 2023-08-01 01:02:58.303719582 +0200 +@@ -381,6 +381,15 @@ relro-LDFLAGS = -Wl,-z,relro LDFLAGS.so += $(relro-LDFLAGS) LDFLAGS-rtld += $(relro-LDFLAGS) @@ -34,53 +14,34 @@ index 760f14e92f..0aa5fb0099 100644 +LDFLAGS-rtld += $(hashstyle-LDFLAGS) +endif + - ifeq (no,$(build-pie-default)) - pie-default = $(no-pie-ccflag) - else # build-pie-default -diff --git b/Makerules a/Makerules -index 354528b8c7..428464f092 100644 ---- b/Makerules -+++ a/Makerules -@@ -557,6 +557,13 @@ $(common-objpfx)shlib.lds: $(common-objpfx)config.make $(..)Makerules - -Wl,--verbose 2>/dev/null | \ - sed > $@T \ - -e '/^=========/,/^=========/!d;/^=========/d' \ -+ $(if $(filter yes,$(have-hash-style)), \ -+ -e 's/^.*\.gnu\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ -+ -e '/^[ ]*\.hash[ ]*:.*$$/{h;d;}' \ -+ -e '/DATA_SEGMENT_ALIGN/{H;g}' \ -+ , \ -+ -e 's/^.*\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ -+ ) \ - -e 's/^.*\*(\.dynbss).*$$/& \ - PROVIDE(__start___libc_freeres_ptrs = .); \ - *(__libc_freeres_ptrs) \ -diff --git b/config.make.in a/config.make.in -index fff4c78dd0..bf728c71c0 100644 ---- b/config.make.in -+++ a/config.make.in -@@ -70,6 +70,7 @@ have-libcap = @have_libcap@ + # Linker options to enable and disable DT_RELR. + ifeq ($(have-dt-relr),yes) + dt-relr-ldflag = -Wl,-z,pack-relative-relocs +diff -up glibc-2.38/Makerules.45~ glibc-2.38/Makerules +diff -up glibc-2.38/config.make.in.45~ glibc-2.38/config.make.in +--- glibc-2.38/config.make.in.45~ 2023-08-01 01:02:58.301719562 +0200 ++++ glibc-2.38/config.make.in 2023-08-01 01:03:54.721267748 +0200 +@@ -71,6 +71,7 @@ have-libaudit = @have_libaudit@ + have-libcap = @have_libcap@ have-cc-with-libunwind = @libc_cv_cc_with_libunwind@ - fno-unit-at-a-time = @fno_unit_at_a_time@ bind-now = @bindnow@ +have-hash-style = @libc_cv_hashstyle@ - use-default-link = @use_default_link@ have-cxx-thread_local = @libc_cv_cxx_thread_local@ have-loop-to-function = @libc_cv_cc_loop_to_function@ -diff --git b/configure a/configure -index 716dc041b6..5a730dc5fc 100755 ---- b/configure -+++ a/configure -@@ -622,6 +622,7 @@ libc_cv_cc_nofma + have-textrel_ifunc = @libc_cv_textrel_ifunc@ +diff -up glibc-2.38/configure.45~ glibc-2.38/configure +--- glibc-2.38/configure.45~ 2023-07-31 19:54:16.000000000 +0200 ++++ glibc-2.38/configure 2023-08-01 01:04:54.904850299 +0200 +@@ -655,6 +655,7 @@ libc_cv_cc_submachine + libc_cv_cc_nofma libc_cv_mtls_dialect_gnu2 - fno_unit_at_a_time libc_cv_has_glob_dat +libc_cv_hashstyle libc_cv_fpie libc_cv_z_execstack ASFLAGS_config -@@ -6193,6 +6194,33 @@ $as_echo "$libc_cv_fpie" >&6; } - +@@ -7107,6 +7108,32 @@ fi + printf "%s\n" "$libc_cv_fpie" >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --hash-style option" >&5 @@ -92,8 +53,8 @@ index 716dc041b6..5a730dc5fc 100755 +int _start (void) { return 42; } +EOF +if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp -+ -fPIC -shared -o conftest.so conftest.c -+ -Wl,--hash-style=both -nostdlib 1>&5' ++ -fPIC -shared -o conftest.so conftest.c ++ -Wl,--hash-style=both -nostdlib 1>&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 + (eval $ac_try) 2>&5 + ac_status=$? @@ -109,15 +70,13 @@ index 716dc041b6..5a730dc5fc 100755 +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_hashstyle" >&5 +$as_echo "$libc_cv_hashstyle" >&6; } + -+ - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 - $as_echo_n "checking for GLOB_DAT reloc... " >&6; } - if ${libc_cv_has_glob_dat+:} false; then : -diff --git b/configure.ac a/configure.ac -index d08ad4d64e..a045f6608e 100644 ---- b/configure.ac -+++ a/configure.ac -@@ -1360,6 +1360,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no]) + + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 + printf %s "checking for GLOB_DAT reloc... " >&6; } +diff -up glibc-2.38/configure.ac.45~ glibc-2.38/configure.ac +--- glibc-2.38/configure.ac.45~ 2023-07-31 19:54:16.000000000 +0200 ++++ glibc-2.38/configure.ac 2023-08-01 01:02:58.303719582 +0200 +@@ -1339,6 +1339,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpi AC_SUBST(libc_cv_fpie) @@ -140,6 +99,3 @@ index d08ad4d64e..a045f6608e 100644 AC_CACHE_CHECK(for GLOB_DAT reloc, libc_cv_has_glob_dat, [dnl cat > conftest.c <<EOF --- -2.37.1 - diff --git a/source/l/shared-mime-info/shared-mime-info.SlackBuild b/source/l/shared-mime-info/shared-mime-info.SlackBuild index 9b54b78ef..3db808028 100755 --- a/source/l/shared-mime-info/shared-mime-info.SlackBuild +++ b/source/l/shared-mime-info/shared-mime-info.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2008, 2009, 2010, 2012, 2016, 2018, 2021, 2022 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2012, 2016, 2018, 2021, 2022, 2023 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -78,8 +78,6 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \+ -zcat $CWD/shared-mime-info.skip_tests.diff.gz | patch -p1 --verbose || exit 1 - # Configure, build, and install: export CFLAGS="$SLKCFLAGS" export CXXFLAGS="$SLKCFLAGS" @@ -97,6 +95,7 @@ meson setup \ --sysconfdir=/etc \ --localstatedir=/var \ --buildtype=release \ + -Dbuild-tests=false \ -Dupdate-mimedb=false \ .. || exit 1 # Don't use fdatasync() unless you want it to take 1000x longer diff --git a/source/l/shared-mime-info/shared-mime-info.skip_tests.diff b/source/l/shared-mime-info/shared-mime-info.skip_tests.diff deleted file mode 100644 index a05576053..000000000 --- a/source/l/shared-mime-info/shared-mime-info.skip_tests.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- ./meson.build.orig 2022-03-27 05:19:00.000000000 -0500 -+++ ./meson.build 2022-03-28 13:48:19.290060450 -0500 -@@ -65,7 +65,7 @@ - gio = dependency('gio-2.0', required: false) - subdir('src') - endif --subdir('tests') -+#subdir('tests') - - configure_file( - input: 'shared-mime-info.pc.in', diff --git a/source/n/libtirpc/libtirpc.SlackBuild b/source/n/libtirpc/libtirpc.SlackBuild index f9b63f8c0..c7361bd35 100755 --- a/source/n/libtirpc/libtirpc.SlackBuild +++ b/source/n/libtirpc/libtirpc.SlackBuild @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright 2015, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2015, 2018, 2023 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -21,10 +21,6 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # Thanks to Jan Rafaj for contributing the original reference script. -# Remark: - The GSS support (for secure RPC) is currently not built, as it -# Remark: requires Kerberos 5 libraries. If you need it, install -# Remark: Kerberos 5, remove '--disable-gssapi' from the configure flags -# Remark: below and rebuild. cd $(dirname $0) ; CWD=$(pwd) diff --git a/source/n/proftpd/proftpd.SlackBuild b/source/n/proftpd/proftpd.SlackBuild index 038b4d3b9..bcac2741a 100755 --- a/source/n/proftpd/proftpd.SlackBuild +++ b/source/n/proftpd/proftpd.SlackBuild @@ -23,9 +23,9 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=proftpd -VERSION=1.3.8 -DIRVER=1.3.8 -BUILD=${BUILD:-4} +VERSION=1.3.8a +DIRVER=1.3.8a +BUILD=${BUILD:-1} NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} |