diff options
Diffstat (limited to 'patches/source')
26 files changed, 2399 insertions, 4 deletions
diff --git a/patches/source/bind/caching-example/named.root b/patches/source/bind/caching-example/named.root index 6db8239a2..280ab0668 100644 --- a/patches/source/bind/caching-example/named.root +++ b/patches/source/bind/caching-example/named.root @@ -9,8 +9,8 @@ ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; -; last update: October 24, 2023 -; related version of root zone: 2023102402 +; last update: March 25, 2024 +; related version of root zone: 2024032501 ; ; FORMERLY NS.INTERNIC.NET ; @@ -21,8 +21,8 @@ A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. -B.ROOT-SERVERS.NET. 3600000 A 199.9.14.201 -B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b +B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2 +B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::b ; ; FORMERLY C.PSI.NET ; diff --git a/patches/source/glibc/doinst.sh-aaa_glibc-solibs b/patches/source/glibc/doinst.sh-aaa_glibc-solibs new file mode 100644 index 000000000..d5fea2e5f --- /dev/null +++ b/patches/source/glibc/doinst.sh-aaa_glibc-solibs @@ -0,0 +1,155 @@ +#!/bin/sh +# Copyright (C) 2002, 2005 Slackware Linux, Inc. +# Copyright 2005, 2006, 2011, 2012, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Swap glibc on the fly. +# +# If we're on a running system we have to handle this _very_ carefully. :-) +# The tricks involved here get trickier every time... + +# OK, now we have to be sure of a few things. First, you do have a 2.6 +# kernel running, right? + +if [ -r /proc/ksyms ]; then + echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade" + echo "to this version of glibc." + echo + sleep 999 + exit 1 +fi + +# Next, stop using the /lib/ntpl libraries. These are now obsolete and +# will break the installation if present: +if [ -d lib/tls ]; then + mkdir -p lib/obsolete + mv lib/tls lib/obsolete +fi +if [ -x sbin/ldconfig ]; then + sbin/ldconfig -r . 2> /dev/null +fi + +# Install NPTL glibc libraries: +if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly + # Try to protect with flock against another installpkg/removepkg running + # ldconfig while we're doing the on-the-fly install: + mkdir -p run/lock/pkgtools + ( flock 9 || exit 11 + # First create copies of the incoming libraries: + ( cd lib/incoming + for file in * ; do + if [ ! -r ../${file}.incoming ]; then + cp -a $file ../${file}.incoming + fi + done + ) + # Then switch to them all at once: + /sbin/ldconfig -l lib/*.incoming 2> /dev/null + # Remove old versions of the glibc libraries. If you really don't want to + # do this for some reason, create a file /etc/glibc-nowipe. + if [ ! -r etc/glibc-nowipe ]; then + ( cd lib + for INCOMING in incoming/*-* ; do + LIBPREFIX=$(basename $INCOMING | cut -f 1 -d -) + for LIBRARY in ${LIBPREFIX}-* ; do + # Don't remove the library if it ends in .incoming: + if [ "$(echo $LIBRARY | rev | cut -f 1 -d .)" = "gnimocni" ]; then + continue + fi + # Don't remove symlinks: + if [ -L $LIBRARY ]; then + continue + fi + rm -f $LIBRARY + done + done + ) + fi + # Finally, rename them and clean up: + ( cd lib + for file in *.incoming ; do + rm -f `basename $file .incoming` + cp -a $file `basename $file .incoming` + /sbin/ldconfig -l `basename $file .incoming` 2> /dev/null + rm -f $file + done + ) + ) 9> run/lock/pkgtools/ldconfig.lock +else # no ldconfig? This is a broken situation, but we will do what we can: + ( cd lib/incoming + for file in * ; do + cp -a $file .. + done + ) +fi +# Now, get rid of the temporary directory: +rm -rf lib/incoming +# Done installing NPTL glibc libraries. + +# Handle config files: +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +config etc/profile.d/glibc.csh.new +config etc/profile.d/glibc.sh.new +# Clearly you already decided this issue. :-) +rm -f etc/profile.d/glibc.csh.new +rm -f etc/profile.d/glibc.sh.new + +# This block below *should* be dead code, but it's probably safer to leave it +# here as a fallback. It no longer has complete coverage of all the links +# that would be needed in /lib${LIBDIRSUFFIX}, but it covers enough that if +# we did fall back on this the machine would boot until it reached the boot +# time call to ldconfig, which would then take care of any missing links. +if [ ! -x /sbin/ldconfig ]; then +( cd lib ; rm -rf libm.so.6 ) +( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 ) +( cd lib ; rm -rf libnss_files.so.2 ) +( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 ) +( cd lib ; rm -rf libresolv.so.2 ) +( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 ) +( cd lib ; rm -rf libutil.so.1 ) +( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 ) +( cd lib ; rm -rf libnss_compat.so.2 ) +( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 ) +( cd lib ; rm -rf libthread_db.so.1 ) +( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 ) +( cd lib ; rm -rf libnss_hesiod.so.2 ) +( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 ) +( cd lib ; rm -rf libanl.so.1 ) +( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) +( cd lib ; rm -rf libcrypt.so.1 ) +( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; rm -rf libBrokenLocale.so.1 ) +( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) +( cd lib ; rm -rf ld-linux.so.2 ) +( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 ) +( cd lib ; rm -rf libdl.so.2 ) +( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 ) +( cd lib ; rm -rf libnss_dns.so.2 ) +( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 ) +( cd lib ; rm -rf libpthread.so.0 ) +( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 ) +( cd lib ; rm -rf libc.so.6 ) +( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 ) +( cd lib ; rm -rf librt.so.1 ) +( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 ) +fi + diff --git a/patches/source/glibc/doinst.sh-glibc b/patches/source/glibc/doinst.sh-glibc new file mode 100644 index 000000000..2ed07ad03 --- /dev/null +++ b/patches/source/glibc/doinst.sh-glibc @@ -0,0 +1,158 @@ +#!/bin/sh +# Copyright (C) 2002, 2005 Slackware Linux, Inc. +# Copyright 2005, 2006, 2007, 2011, 2012, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Swap glibc on the fly. +# +# If we're on a running system we have to handle this _very_ carefully. :-) +# The tricks involved here get trickier every time... + +# OK, now we have to be sure of a few things. First, you do have a 2.6 +# kernel running, right? + +if [ -r /proc/ksyms ]; then + echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade" + echo "to this version of glibc." + echo + sleep 999 + exit 1 +fi + +# Next, stop using the /lib/ntpl libraries. These are now obsolete and +# will break the installation if present: +if [ -d lib/tls ]; then + mkdir -p lib/obsolete + mv lib/tls lib/obsolete +fi +if [ -x sbin/ldconfig ]; then + sbin/ldconfig -r . 2> /dev/null +fi + +# Install NPTL glibc libraries: +if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly + # Try to protect with flock against another installpkg/removepkg running + # ldconfig while we're doing the on-the-fly install: + mkdir -p run/lock/pkgtools + ( flock 9 || exit 11 + # First create copies of the incoming libraries: + ( cd lib/incoming + for file in * ; do + if [ ! -r ../${file}.incoming ]; then + cp -a $file ../${file}.incoming + fi + done + ) + # Then switch to them all at once: + /sbin/ldconfig -l lib/*.incoming 2> /dev/null + # Remove old versions of the glibc libraries. If you really don't want to + # do this for some reason, create a file /etc/glibc-nowipe. + if [ ! -r etc/glibc-nowipe ]; then + ( cd lib + for INCOMING in incoming/*-* ; do + LIBPREFIX=$(basename $INCOMING | cut -f 1 -d -) + for LIBRARY in ${LIBPREFIX}-* ; do + # Don't remove the library if it ends in .incoming: + if [ "$(echo $LIBRARY | rev | cut -f 1 -d .)" = "gnimocni" ]; then + continue + fi + # Don't remove symlinks: + if [ -L $LIBRARY ]; then + continue + fi + rm -f $LIBRARY + done + done + ) + fi + # Finally, rename them and clean up: + ( cd lib + for file in *.incoming ; do + rm -f `basename $file .incoming` + cp -a $file `basename $file .incoming` + /sbin/ldconfig -l `basename $file .incoming` 2> /dev/null + rm -f $file + done + ) + ) 9> run/lock/pkgtools/ldconfig.lock +else # no ldconfig? This is a broken situation, but we will do what we can: + ( cd lib/incoming + for file in * ; do + cp -a $file .. + done + ) +fi +# Now, get rid of the temporary directory: +rm -rf lib/incoming +# Done installing NPTL glibc libraries. + +# Handle config files: +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} +config etc/nscd.conf.new +config etc/profile.d/glibc.csh.new +config etc/profile.d/glibc.sh.new +# Clearly you already decided this issue. :-) +rm -f etc/profile.d/glibc.csh.new +rm -f etc/profile.d/glibc.sh.new + +# This block below *should* be dead code, but it's probably safer to leave it +# here as a fallback. It no longer has complete coverage of all the links +# that would be needed in /lib${LIBDIRSUFFIX}, but it covers enough that if +# we did fall back on this the machine would boot until it reached the boot +# time call to ldconfig, which would then take care of any missing links. +# In case there's no ldconfig, make the links manually: +if [ ! -x /sbin/ldconfig ]; then +( cd lib ; rm -rf libm.so.6 ) +( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 ) +( cd lib ; rm -rf libnss_files.so.2 ) +( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 ) +( cd lib ; rm -rf libresolv.so.2 ) +( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 ) +( cd lib ; rm -rf libutil.so.1 ) +( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 ) +( cd lib ; rm -rf libnss_compat.so.2 ) +( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 ) +( cd lib ; rm -rf libthread_db.so.1 ) +( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 ) +( cd lib ; rm -rf libnss_hesiod.so.2 ) +( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 ) +( cd lib ; rm -rf libanl.so.1 ) +( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 ) +( cd lib ; rm -rf libcrypt.so.1 ) +( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 ) +( cd lib ; rm -rf libBrokenLocale.so.1 ) +( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 ) +( cd lib ; rm -rf ld-linux.so.2 ) +( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 ) +( cd lib ; rm -rf libdl.so.2 ) +( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 ) +( cd lib ; rm -rf libnss_dns.so.2 ) +( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 ) +( cd lib ; rm -rf libpthread.so.0 ) +( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 ) +( cd lib ; rm -rf libc.so.6 ) +( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 ) +( cd lib ; rm -rf librt.so.1 ) +( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 ) +fi + +# More links: diff --git a/patches/source/glibc/glibc-2.32.en_US.no.am.pm.date.format.diff b/patches/source/glibc/glibc-2.32.en_US.no.am.pm.date.format.diff new file mode 100644 index 000000000..5ca84bcac --- /dev/null +++ b/patches/source/glibc/glibc-2.32.en_US.no.am.pm.date.format.diff @@ -0,0 +1,14 @@ +--- ./localedata/locales/en_US.orig 2021-01-16 18:40:31.050990981 -0600 ++++ ./localedata/locales/en_US 2021-01-16 18:42:44.784983583 -0600 +@@ -121,7 +121,10 @@ + % different from d_t_fmt for historical reasons and has been different + % since 2000 when date_fmt was added as a GNU extension. At the end + % of 2018 it was adjusted to use 12H time (bug 24046) instead of 24H. +-date_fmt "%a %b %e %r %Z %Y" ++% [ Slackware editor's note - no thank you, US users ++% of UNIX-like systems expect a 24 hour clock, just ++% like users in the vast majority of other locales. ] ++%date_fmt "%a %d %b %Y %r %Z" + % + % Strings for AM/PM + % diff --git a/patches/source/glibc/glibc-c-utf8-locale.patch b/patches/source/glibc/glibc-c-utf8-locale.patch new file mode 100644 index 000000000..7fabf303f --- /dev/null +++ b/patches/source/glibc/glibc-c-utf8-locale.patch @@ -0,0 +1,270 @@ +From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 +From: Mike FABIAN <mfabian@redhat.com> +Date: Mon, 10 Aug 2015 15:58:12 +0200 +Subject: [PATCH] Add a C.UTF-8 locale + +--- + localedata/SUPPORTED | 1 + + localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 2 files changed, 239 insertions(+) + create mode 100644 localedata/locales/C + +diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED +index 8ca023e..2a78391 100644 +--- a/localedata/SUPPORTED ++++ b/localedata/SUPPORTED +@@ -1,6 +1,7 @@ + # This file names the currently supported and somewhat tested locales. + # If you have any additions please file a glibc bug report. + SUPPORTED-LOCALES=\ ++C.UTF-8/UTF-8 \ + aa_DJ.UTF-8/UTF-8 \ + aa_DJ/ISO-8859-1 \ + aa_ER/UTF-8 \ +diff --git a/localedata/locales/C b/localedata/locales/C +new file mode 100644 +index 0000000..fdf460e +--- /dev/null ++++ b/localedata/locales/C +@@ -0,0 +1,238 @@ ++escape_char / ++comment_char % ++% Locale for C locale in UTF-8 ++ ++LC_IDENTIFICATION ++title "C locale" ++source "" ++address "" ++contact "" ++email "mfabian@redhat.com" ++tel "" ++fax "" ++language "C" ++territory "" ++revision "1.0" ++date "2015-08-10" ++% ++category "i18n:2012";LC_IDENTIFICATION ++category "i18n:2012";LC_CTYPE ++category "i18n:2012";LC_COLLATE ++category "i18n:2012";LC_TIME ++category "i18n:2012";LC_NUMERIC ++category "i18n:2012";LC_MONETARY ++category "i18n:2012";LC_MESSAGES ++category "i18n:2012";LC_PAPER ++category "i18n:2012";LC_NAME ++category "i18n:2012";LC_ADDRESS ++category "i18n:2012";LC_TELEPHONE ++category "i18n:2012";LC_MEASUREMENT ++END LC_IDENTIFICATION ++ ++LC_CTYPE ++copy "i18n" ++ ++translit_start ++include "translit_combining";"" ++translit_end ++ ++END LC_CTYPE ++ ++LC_COLLATE ++order_start forward ++<U0000> ++.. ++<UFFFF> ++<U10000> ++.. ++<U1FFFF> ++<U20000> ++.. ++<U2FFFF> ++<UE0000> ++.. ++<UEFFFF> ++<UF0000> ++.. ++<UFFFFF> ++<U100000> ++.. ++<U10FFFF> ++UNDEFINED ++order_end ++END LC_COLLATE ++ ++LC_MONETARY ++% This is the 14652 i18n fdcc-set definition for ++% the LC_MONETARY category ++% (except for the int_curr_symbol and currency_symbol, they are empty in ++% the 14652 i18n fdcc-set definition and also empty in ++% glibc/locale/C-monetary.c. But localedef complains in that case). ++% ++% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? ++% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) ++int_curr_symbol "<U0055><U0053><U0044><U0020>" ++% Using "$" for currency_symbol. But maybe <U00A4> would be better? ++% U+00A4 is the "generic currency symbol" ++% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) ++currency_symbol "<U0024>" ++mon_decimal_point "<U002E>" ++mon_thousands_sep "" ++mon_grouping -1 ++positive_sign "" ++negative_sign "<U002D>" ++int_frac_digits -1 ++frac_digits -1 ++p_cs_precedes -1 ++int_p_sep_by_space -1 ++p_sep_by_space -1 ++n_cs_precedes -1 ++int_n_sep_by_space -1 ++n_sep_by_space -1 ++p_sign_posn -1 ++n_sign_posn -1 ++% ++END LC_MONETARY ++ ++LC_NUMERIC ++% This is the POSIX Locale definition for ++% the LC_NUMERIC category. ++% ++decimal_point "<U002E>" ++thousands_sep "" ++grouping -1 ++END LC_NUMERIC ++ ++LC_TIME ++% This is the POSIX Locale definition for ++% the LC_TIME category. ++% ++% Abbreviated weekday names (%a) ++abday "<U0053><U0075><U006E>";"<U004D><U006F><U006E>";/ ++ "<U0054><U0075><U0065>";"<U0057><U0065><U0064>";/ ++ "<U0054><U0068><U0075>";"<U0046><U0072><U0069>";/ ++ "<U0053><U0061><U0074>" ++ ++% Full weekday names (%A) ++day "<U0053><U0075><U006E><U0064><U0061><U0079>";/ ++ "<U004D><U006F><U006E><U0064><U0061><U0079>";/ ++ "<U0054><U0075><U0065><U0073><U0064><U0061><U0079>";/ ++ "<U0057><U0065><U0064><U006E><U0065><U0073><U0064><U0061><U0079>";/ ++ "<U0054><U0068><U0075><U0072><U0073><U0064><U0061><U0079>";/ ++ "<U0046><U0072><U0069><U0064><U0061><U0079>";/ ++ "<U0053><U0061><U0074><U0075><U0072><U0064><U0061><U0079>" ++ ++% Abbreviated month names (%b) ++abmon "<U004A><U0061><U006E>";"<U0046><U0065><U0062>";/ ++ "<U004D><U0061><U0072>";"<U0041><U0070><U0072>";/ ++ "<U004D><U0061><U0079>";"<U004A><U0075><U006E>";/ ++ "<U004A><U0075><U006C>";"<U0041><U0075><U0067>";/ ++ "<U0053><U0065><U0070>";"<U004F><U0063><U0074>";/ ++ "<U004E><U006F><U0076>";"<U0044><U0065><U0063>" ++ ++% Full month names (%B) ++mon "<U004A><U0061><U006E><U0075><U0061><U0072><U0079>";/ ++ "<U0046><U0065><U0062><U0072><U0075><U0061><U0072><U0079>";/ ++ "<U004D><U0061><U0072><U0063><U0068>";/ ++ "<U0041><U0070><U0072><U0069><U006C>";/ ++ "<U004D><U0061><U0079>";/ ++ "<U004A><U0075><U006E><U0065>";/ ++ "<U004A><U0075><U006C><U0079>";/ ++ "<U0041><U0075><U0067><U0075><U0073><U0074>";/ ++ "<U0053><U0065><U0070><U0074><U0065><U006D><U0062><U0065><U0072>";/ ++ "<U004F><U0063><U0074><U006F><U0062><U0065><U0072>";/ ++ "<U004E><U006F><U0076><U0065><U006D><U0062><U0065><U0072>";/ ++ "<U0044><U0065><U0063><U0065><U006D><U0062><U0065><U0072>" ++ ++% Week description, consists of three fields: ++% 1. Number of days in a week. ++% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). ++% 3. The weekday number to be contained in the first week of the year. ++% ++% ISO 8601 conforming applications should use the values 7, 19971201 (a ++% Monday), and 4 (Thursday), respectively. ++week 7;19971201;4 ++first_weekday 1 ++first_workday 1 ++ ++% Appropriate date and time representation (%c) ++% "%a %b %e %H:%M:%S %Y" ++d_t_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0059>" ++ ++% Appropriate date representation (%x) ++% "%m/%d/%y" ++d_fmt "<U0025><U006D><U002F><U0025><U0064><U002F><U0025><U0079>" ++ ++% Appropriate time representation (%X) ++% "%H:%M:%S" ++t_fmt "<U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053>" ++ ++% Appropriate AM/PM time representation (%r) ++% "%I:%M:%S %p" ++t_fmt_ampm "<U0025><U0049><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0070>" ++ ++% Equivalent of AM/PM (%p) "AM"/"PM" ++% ++am_pm "<U0041><U004D>";"<U0050><U004D>" ++ ++% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" ++date_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U005A><U0020><U0025><U0059>" ++END LC_TIME ++ ++LC_MESSAGES ++% This is the POSIX Locale definition for ++% the LC_NUMERIC category. ++% ++yesexpr "<U005E><U005B><U0079><U0059><U005D>" ++noexpr "<U005E><U005B><U006E><U004E><U005D>" ++yesstr "<U0059><U0065><U0073>" ++nostr "<U004E><U006F>" ++END LC_MESSAGES ++ ++LC_PAPER ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_PAPER category. ++% (A4 paper, this is also used in the built in C/POSIX ++% locale in glibc/locale/C-paper.c) ++height 297 ++width 210 ++END LC_PAPER ++ ++LC_NAME ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_NAME category. ++% "%p%t%g%t%m%t%f" ++% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) ++name_fmt "<U0025><U0070><U0025><U0074><U0025><U0067><U0025><U0074>/ ++<U0025><U006D><U0025><U0074><U0025><U0066>" ++END LC_NAME ++ ++LC_ADDRESS ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_ADDRESS category. ++% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" ++% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) ++postal_fmt "<U0025><U0061><U0025><U004E><U0025><U0066><U0025><U004E>/ ++<U0025><U0064><U0025><U004E><U0025><U0062><U0025><U004E><U0025><U0073>/ ++<U0020><U0025><U0068><U0020><U0025><U0065><U0020><U0025><U0072><U0025>/ ++<U004E><U0025><U0043><U002D><U0025><U007A><U0020><U0025><U0054><U0025>/ ++<U004E><U0025><U0063><U0025><U004E>" ++END LC_ADDRESS ++ ++LC_TELEPHONE ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_TELEPHONE category. ++% "+%c %a %l" ++tel_int_fmt "<U002B><U0025><U0063><U0020><U0025><U0061><U0020><U0025>/ ++<U006C>" ++% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) ++END LC_TELEPHONE ++ ++LC_MEASUREMENT ++% This is the ISO/IEC 14652 "i18n" definition for ++% the LC_MEASUREMENT category. ++% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) ++%metric ++measurement 1 ++END LC_MEASUREMENT ++ +-- +2.4.3 + diff --git a/patches/source/glibc/glibc-cvs-checkout.sh b/patches/source/glibc/glibc-cvs-checkout.sh new file mode 100755 index 000000000..022d0117b --- /dev/null +++ b/patches/source/glibc/glibc-cvs-checkout.sh @@ -0,0 +1,3 @@ +echo "The password below is \"anoncvs\":" +cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc login +cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc co libc diff --git a/patches/source/glibc/glibc.SlackBuild b/patches/source/glibc/glibc.SlackBuild new file mode 100755 index 000000000..f7945abd2 --- /dev/null +++ b/patches/source/glibc/glibc.SlackBuild @@ -0,0 +1,470 @@ +#!/bin/bash + +# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021, 2024 Patrick J. Volkerding, Sebeka, MN, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=glibc +VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} +CHECKOUT=${CHECKOUT:-""} +BUILD=${BUILD:-6_slack15.0} + +# I was considering disabling NSCD, but MoZes talked me out of it. :) +#DISABLE_NSCD=" --disable-nscd " + +# $ARCH may be preset, otherwise i586 compatibility with i686 binary +# structuring is the Slackware default. +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "glibc-$VERSION-$ARCH-$BUILD.txz" + echo "glibc-i18n-$VERSION-$ARCH-$BUILD.txz" + echo "glibc-profile-$VERSION-$ARCH-$BUILD.txz" + echo "aaa_glibc-solibs-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +# Work around -Werror failure with gcc-10.2.0. +# NOTE: Until the next glibc release takes care of this issue, this will +# likely need to be updated with every new gcc release's version. Yes, we +# could pass --disable-werror by default, but I'd rather not just shove a +# stick in it like that. +if [ "$(gcc -dumpversion)" = "10.2.0" ]; then + if [ "$VERSION" = "2.30" ]; then + WERROR="--disable-werror" + fi +fi + +# I'll break this out as an option for fun :-) +case $ARCH in + i386) + OPTIMIZ="-O3 -march=i386 -mcpu=i686" + LIBDIRSUFFIX="" + ;; + i486) + OPTIMIZ="-O3 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" + ;; + i586) + OPTIMIZ="-O3 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" + ;; + i686) + OPTIMIZ="-O3 -march=i686" + LIBDIRSUFFIX="" + ;; + athlon) + OPTIMIZ="-O3 -march=athlon" + LIBDIRSUFFIX="" + ;; + s390) + OPTIMIZ="-O3" + LIBDIRSUFFIX="" + ;; + x86_64) + OPTIMIZ="-O3 -fPIC" + LIBDIRSUFFIX="64" + ;; + *) + OPTIMIZ="-O3" + LIBDIRSUFFIX="" + ;; +esac + +case $ARCH in + x86_64) + TARGET=${TARGET:-x86_64} + ;; + i586) + # This should be i586 for all 32-bit x86 arch: + TARGET=${TARGET:-i586} + ;; +esac + +# Hand off the $ARCH variable to $SLACKWARE_ARCH to avoid confusing glibc: +SLACKWARE_ARCH=$ARCH +unset ARCH + +CVSVER=${VERSION}${CHECKOUT} + +# NOTE!!! glibc needs to be built against the sanitized kernel headers, +# which will be installed under /usr/include by the kernel-headers package. +# Be sure the correct version of the headers package is installed BEFORE +# building glibc! + +TMP=${TMP:-/tmp} +mkdir -p $TMP + +# This function fixes a doinst.sh file for x86_64. +# With thanks to Fred Emmott. +fix_doinst() { + if [ "x$LIBDIRSUFFIX" = "x" ]; then + return; + fi; + # Fix "( cd usr/lib ;" occurrences + sed -i "s#lib ;#lib${LIBDIRSUFFIX} ;#" install/doinst.sh + # Fix "lib/" occurrences + sed -i "s#lib/#lib${LIBDIRSUFFIX}/#g" install/doinst.sh + # Fix "( cd lib" occurrences + sed -i "s#( cd lib\$#( cd lib${LIBDIRSUFFIX}#" install/doinst.sh + + if [ "$SLACKWARE_ARCH" = "x86_64" ]; then + sed -i 's#ld-linux.so.2#ld-linux-x86-64.so.2#' install/doinst.sh + fi +} + +# This is a patch function to put all glibc patches in the build script +# up near the top. +apply_patches() { + # Use old-style locale directories rather than a single (and strangely + # formatted) /usr/lib/locale/locale-archive file: + zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1 + # Support ru_RU.CP1251 locale: + zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1 + # Add a C.UTF-8 locale: + zcat $CWD/glibc-c-utf8-locale.patch.gz | patch -p1 --verbose || exit 1 + # Don't use AM/PM format for date(1). That's just plain crazy. + zcat $CWD/glibc-2.32.en_US.no.am.pm.date.format.diff.gz | patch -p1 --verbose || exit 1 + # Other regression fixes from git: + for git_patch in $CWD/patches/*.patch.gz ; do + zcat $git_patch | patch -p1 --verbose || exit 1 + done +} + +# This is going to be the initial $DESTDIR: +export PKG=$TMP/package-glibc-incoming-tree +PGLIBC=$TMP/package-glibc +PSOLIBS=$TMP/package-aaa_glibc-solibs +PI18N=$TMP/package-glibc-i18n +PPROFILE=$TMP/package-glibc-profile +PDEBUG=$TMP/package-glibc-debug + +# Empty these locations first: +for dir in $PKG $PGLIBC $PSOLIBS $PZONE $PI18N $PPROFILE $PDEBUG ; do + if [ -d $dir ]; then + rm -rf $dir + fi + mkdir -p $dir +done +if [ -d $TMP/glibc-$VERSION ]; then + rm -rf $TMP/glibc-$VERSION +fi + +# Create an incoming directory structure for glibc to be built into: +mkdir -p $PKG/lib${LIBDIRSUFFIX} +mkdir -p $PKG/sbin +mkdir -p $PKG/usr/bin +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX} +mkdir -p $PKG/usr/sbin +mkdir -p $PKG/usr/include +mkdir -p $PKG/usr/doc +mkdir -p $PKG/usr/man +mkdir -p $PKG/usr/share +mkdir -p $PKG/var/db/nscd +mkdir -p $PKG/var/run/nscd + +# Begin extract/compile: +cd $TMP +rm -rf glibc-$CVSVER +tar xvf $CWD/glibc-$CVSVER.tar.xz \ + || tar xvf $CWD/glibc-$CVSVER.tar.lz \ + || tar xvf $CWD/glibc-$CVSVER.tar.bz2 \ + || tar xvf $CWD/glibc-$CVSVER.tar.gz +cd glibc-$CVSVER + +# Apply patches; exit if any fail. +apply_patches +if [ ! $? = 0 ]; then + exit 1 +fi + +# Clean up leftover CVS directories: +find . -type d -name CVS -exec rm -r {} \+ 2> /dev/null + +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +# Make build directory: +mkdir build-glibc-$VERSION +cd build-glibc-$VERSION || exit 1 + +echo "BUILDING DAS NPTL GLIBC" +# We are setting the variable below so that x86 ISA level is not included +# in shared libraries. Without this, glibc compiled with -march= may not +# run on some CPUs that it should be able to support. Needed for glibc-2.33. +# FIXME: revisit this with future glibc releases! +libc_cv_include_x86_isa_level=no \ +CFLAGS="-g $OPTIMIZ" \ +../configure \ + --prefix=/usr \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --enable-kernel=2.6.32 \ + --with-headers=/usr/include \ + --enable-add-ons \ + --enable-profile \ + $DISABLE_NSCD \ + $WERROR \ + --infodir=/usr/info \ + --mandir=/usr/man \ + --with-tls \ + --with-__thread \ + --without-cvs \ + $TARGET-slackware-linux + +make $NUMJOBS || exit 1 +make $NUMJOBS install install_root=$PKG || exit 1 +# Don't use this, as it makes the i18n package WAY bigger: +#make localedata/install-locale-files DESTDIR=$PKG || exit 1 +# This is ugly run in parallel, and seems to hang at the end. But it actually +# completes much faster. :) +make $NUMJOBS localedata/install-locales install_root=$PKG DESTDIR=$PKG || exit 1 + +# We've always had an sln symlink in /bin, so let's make sure it +# remains there so as not to break any scripts that might need it: +mkdir -p $PKG/bin +( cd $PKG/bin ; ln -sf /sbin/sln sln ) + +# This bit was mostly copped from Fedora Rawhide's .spec file. I'm not +# entirely sure how important it is, since I'm not aware of anything +# we ship trying to link libpthread as static. What it does is make sure +# that anything linking libpthread static includes all of the functions +# so that the resulting binary doesn't rely on parts of the library that +# were not linked in. Optimizing actually working over binary size, so +# to speak. +( cd $PKG/usr/lib${LIBDIRSUFFIX} + gcc -r -nostdlib -o libpthread.o -Wl,--whole-archive ./libpthread.a + rm libpthread.a + ar rcs libpthread.a libpthread.o + rm libpthread.o +) + +# The prevailing standard seems to be putting unstripped libraries in +# /usr/lib/debug/ and stripping the debugging symbols from all the other +# libraries. +mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/debug +cp -a $PKG/lib${LIBDIRSUFFIX}/l*.so* $PKG/usr/lib${LIBDIRSUFFIX}/debug +cp -a $PKG/usr/lib${LIBDIRSUFFIX}/*.a $PKG/usr/lib${LIBDIRSUFFIX}/debug +# Don't need debug+profile: +( cd $PKG/usr/lib${LIBDIRSUFFIX}/debug ; rm -f *_p.* ) +# NOTE: Is there really a reason for the glibc-debug package? +# If you're debugging glibc, you can also compile it, right? + +## COMMENTED OUT: There's no reason for profile libs to include -g information. +## Put back unstripped profiling libraries: +#mv $PKG/usr/lib${LIBDIRSUFFIX}/debug/*_p.a $PKG/usr/lib${LIBDIRSUFFIX} +# It might be best to put the unstripped and profiling libraries in glibc-debug and glibc-profile. + +# I don't think "strip -g" causes the pthread problems. It's --strip-unneeded that does. +strip -g $PKG/lib${LIBDIRSUFFIX}/l*.so* +strip -g $PKG/usr/lib${LIBDIRSUFFIX}/l*.so* +strip -g $PKG/usr/lib${LIBDIRSUFFIX}/lib*.a + +# Remove the rquota.x and rquota.h include files, as they are provided by +# the quota package: +rm -f $PKG/usr/include/rpcsvc/rquota.{h,x} + +# Back to the sources dir to add some files/docs: +cd $TMP/glibc-$CVSVER + +# We'll automatically install the config file for the Name Server Cache Daemon. +# Perhaps this should also have some commented-out startup code in rc.inet2... +mkdir -p $PKG/etc +cat nscd/nscd.conf > $PKG/etc/nscd.conf.new + +# Install docs: +( mkdir -p $PKG/usr/doc/glibc-$VERSION + cp -a \ + BUGS CONFORMANCE COPYING* FAQ INSTALL LICENSES NAMESPACE \ + NEWS NOTES PROJECTS README* \ + $PKG/usr/doc/glibc-$VERSION +) + +# Trim the NEWS file to omit ancient history: +if [ -r NEWS ]; then + DOCSDIR=$(echo $PKG/usr/doc/glibc-$VERSION) + cat NEWS | head -n 1000 > $DOCSDIR/NEWS + touch -r NEWS $DOCSDIR/NEWS +fi + +# OK, there are some very old Linux standards that say that any binaries in a /bin or +# /sbin directory (and the directories themselves) should be group bin rather than +# group root, unless a specific group is really needed for some reason. +# +# I can't find any mention of this in more recent standards docs, and always thought +# that it was pretty cosmetic anyway (hey, if there's a reason -- fill me in!), so +# it's possible that this ownership change won't be followed in the near future +# (it's a PITA, and causes many bug reports when the perms change is occasionally +# forgotten). +# +# But, it's hard to get me to break old habits, so we'll continue the tradition here: +# +# No, no we won't. You know how we love to break traditions. + +# Strip most binaries: +( cd $PKG + find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-debug 2> /dev/null + find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null +) + +# Fix info dir: +rm $PKG/usr/info/dir +gzip -9 $PKG/usr/info/* + +# This is junk +rm $PKG/etc/ld.so.cache +( cd $PKG + find . -name "*.orig" -exec rm {} \+ +) + +################################## +# OK, time to make some packages # +################################## + +# glibc-profile: +cd $PPROFILE +mkdir -p usr/lib${LIBDIRSUFFIX} +# Might as well just grab these with 'mv' to simplify things later: +mv $PKG/usr/lib${LIBDIRSUFFIX}/lib*_p.a usr/lib${LIBDIRSUFFIX} +# Profile libs should be stripped. Use the debug libs to debug... +( cd usr/lib${LIBDIRSUFFIX} ; strip -g *.a ) +mkdir install +cp -a $CWD/slack-desc.glibc-profile install/slack-desc +makepkg -l y -c n $TMP/glibc-profile-$VERSION-$SLACKWARE_ARCH-$BUILD.txz + +# THIS IS NO LONGER PACKAGED (or is it? might be better to let it be made, and then ship it or not...) +# glibc-debug: +cd $PDEBUG +mkdir -p usr/lib${LIBDIRSUFFIX} +# Might as well just grab these with 'mv' to simplify things later: +mv $PKG/usr/lib${LIBDIRSUFFIX}/debug usr/lib${LIBDIRSUFFIX} +mkdir install +cp -a $CWD/slack-desc.glibc-debug install/slack-desc +## Don't package this: +#makepkg -l y -c n $TMP/glibc-debug-$VERSION-$SLACKWARE_ARCH-$BUILD.txz +## INSTEAD, NUKE THESE LIBS +#rm -rf $PKG/usr/lib${LIBDIRSUFFIX}/debug + +# glibc-i18n: +cd $PI18N +mkdir -p usr/lib${LIBDIRSUFFIX}/locale +mv $PKG/usr/lib${LIBDIRSUFFIX}/locale/* usr/lib${LIBDIRSUFFIX}/locale +mkdir -p usr/share/{i18n,locale} +mv $PKG/usr/share/i18n/* usr/share/i18n +mv $PKG/usr/share/locale/* usr/share/locale +# Leave copies of the C, POSIX, and en_US locales in the main glibc package: +cp -a usr/lib${LIBDIRSUFFIX}/locale/{C,en_US}* $PKG/usr/lib${LIBDIRSUFFIX}/locale +mkdir -p $PKG/usr/share/i18n/locales +cp -a usr/share/i18n/locales/{C,POSIX,en_US} $PKG/usr/share/i18n/locales +mkdir install +cp -a $CWD/slack-desc.glibc-i18n install/slack-desc +makepkg -l y -c n $TMP/glibc-i18n-$VERSION-$SLACKWARE_ARCH-$BUILD.txz + +# aaa_glibc-solibs: +cd $PSOLIBS +mkdir -p etc/profile.d +cp -a $CWD/profile.d/* etc/profile.d +chown -R root:root etc +chmod 755 etc/profile.d/* +mkdir -p lib${LIBDIRSUFFIX} +cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX} +( cd lib${LIBDIRSUFFIX} + mkdir incoming + mv *so* incoming + mv incoming/libSegFault.so . +) +mkdir -p usr +cp -a $PKG/usr/bin usr +mv usr/bin/ldd . +rm usr/bin/* +mv ldd usr/bin +mkdir -p usr/lib${LIBDIRSUFFIX} +# The gconv directory has a lot of stuff, but including it here will save some problems. +# Seems standard elsewhere. +cp -a $PKG/usr/lib${LIBDIRSUFFIX}/gconv usr/lib${LIBDIRSUFFIX} +mkdir -p usr/libexec +cp -a $PKG/usr/libexec/pt_chown usr/libexec +# Same usr.bin deal: +cp -a $PKG/sbin . +mv sbin/ldconfig . +rm sbin/* +mv ldconfig sbin +mkdir install +cp -a $CWD/slack-desc.aaa_glibc-solibs install/slack-desc +cp -a $CWD/doinst.sh-aaa_glibc-solibs install/doinst.sh +# Fix specific versioning for the symlink creation script. This part of the +# script would only be used in the case where there is no ldconfig on the +# running system that's used to install the package. That should never be the +# case, but we'll leave the code in place anyway just in case. +sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh +# Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed: +fix_doinst +# Only scrub the links in /lib{,64} that will be created by ldconfig: +find lib${LIBDIRSUFFIX} -type l -exec rm {} \+ +# Build the package: +makepkg -l y -c n $TMP/aaa_glibc-solibs-$VERSION-$SLACKWARE_ARCH-$BUILD.txz + +# And finally, the complete "all-in-one" glibc package is created +# from whatever was leftover: +cd $PGLIBC +mv $PKG/* . +mkdir -p etc/profile.d +cp -a $CWD/profile.d/* etc/profile.d +chown -R root:root etc +chmod 755 etc/profile.d/* +# Only scrub the links in /lib{,64} that will be created by ldconfig: +find lib${LIBDIRSUFFIX} -type l -exec rm {} \+ +mkdir install +cp -a $CWD/slack-desc.glibc install/slack-desc +cp -a $CWD/doinst.sh-glibc install/doinst.sh +# Fix specific versioning for the symlink creation script. This part of the +# script would only be used in the case where there is no ldconfig on the +# running system that's used to install the package. That should never be the +# case, but we'll leave the code in place anyway just in case. +sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh +# Call the function to fix doinst.sh where $LIBDIRSUFFIX is needed: +fix_doinst +( cd lib${LIBDIRSUFFIX} + mkdir incoming + mv *so* incoming + mv incoming/libSegFault.so . +) +# Build the package: +/sbin/makepkg -l y -c n $TMP/glibc-$VERSION-$SLACKWARE_ARCH-$BUILD.txz + +# Done! +echo +echo "glibc packages built in $TMP!" diff --git a/patches/source/glibc/glibc.locale.no-archive.diff b/patches/source/glibc/glibc.locale.no-archive.diff new file mode 100644 index 000000000..173bafc72 --- /dev/null +++ b/patches/source/glibc/glibc.locale.no-archive.diff @@ -0,0 +1,10 @@ +--- ./localedata/Makefile.orig 2019-02-16 14:05:01.794154302 -0600 ++++ ./localedata/Makefile 2019-02-16 14:06:25.744146460 -0600 +@@ -413,6 +413,7 @@ + echo -n '...'; \ + input=`echo $$locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; \ + $(LOCALEDEF) $$flags --alias-file=../intl/locale.alias \ ++ --no-archive \ + -i locales/$$input -f charmaps/$$charset \ + $(addprefix --prefix=,$(install_root)) $$locale \ + && echo ' done'; diff --git a/patches/source/glibc/glibc.ru_RU.CP1251.diff b/patches/source/glibc/glibc.ru_RU.CP1251.diff new file mode 100644 index 000000000..376cf76a7 --- /dev/null +++ b/patches/source/glibc/glibc.ru_RU.CP1251.diff @@ -0,0 +1,10 @@ +--- ./localedata/SUPPORTED.orig 2005-07-17 20:50:35.000000000 -0500 ++++ ./localedata/SUPPORTED 2006-08-22 01:33:09.000000000 -0500 +@@ -270,6 +270,7 @@ + ro_RO/ISO-8859-2 \ + ru_RU.KOI8-R/KOI8-R \ + ru_RU.UTF-8/UTF-8 \ ++ru_RU.CP1251/CP1251 \ + ru_RU/ISO-8859-5 \ + ru_UA.UTF-8/UTF-8 \ + ru_UA/KOI8-U \ diff --git a/patches/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch b/patches/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch new file mode 100644 index 000000000..458369251 --- /dev/null +++ b/patches/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch @@ -0,0 +1,47 @@ +From c3479fb7939898ec22c655c383454d6e8b982a67 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyfox@gentoo.org> +Date: Fri, 5 Feb 2021 07:32:18 +0000 +Subject: [PATCH] nsswitch: return result when nss database is locked [BZ + #27343] + +Before the change nss_database_check_reload_and_get() did not populate +the '*result' value when it returned success in a case of chroot +detection. This caused initgroups() to use garage pointer in the +following test (extracted from unbound): + +``` + +int main() { + // load some NSS modules + struct passwd * pw = getpwnam("root"); + + chdir("/tmp"); + chroot("/tmp"); + chdir("/"); + // access nsswitch.conf in a chroot + initgroups("root", 0); +} +``` + +Reviewed-by: DJ Delorie <dj@redhat.com> +--- + nss/nss_database.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/nss/nss_database.c b/nss/nss_database.c +index cf0306adc4..e1bef6bd75 100644 +--- a/nss/nss_database.c ++++ b/nss/nss_database.c +@@ -398,8 +398,9 @@ nss_database_check_reload_and_get (struct nss_database_state *local, + && (str.st_ino != local->root_ino + || str.st_dev != local->root_dev))) + { +- /* Change detected; disable reloading. */ ++ /* Change detected; disable reloading and return current state. */ + atomic_store_release (&local->data.reload_disabled, 1); ++ *result = local->data.services[database_index]; + __libc_lock_unlock (local->lock); + __nss_module_disable_loading (); + return true; +-- +2.27.0 diff --git a/patches/source/glibc/patches/CVE-2021-27645.patch b/patches/source/glibc/patches/CVE-2021-27645.patch new file mode 100644 index 000000000..c568dd16b --- /dev/null +++ b/patches/source/glibc/patches/CVE-2021-27645.patch @@ -0,0 +1,20 @@ +--- ./nscd/netgroupcache.c.orig 2021-08-07 13:20:02.459057859 -0500 ++++ ./nscd/netgroupcache.c 2021-08-07 13:22:08.983060689 -0500 +@@ -248,7 +248,7 @@ + : NULL); + ndomain = (ndomain ? newbuf + ndomaindiff + : NULL); +- buffer = newbuf; ++ *tofreep = buffer = newbuf; + } + + nhost = memcpy (buffer + bufused, +@@ -319,7 +319,7 @@ + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { + buflen *= 2; +- buffer = xrealloc (buffer, buflen); ++ *tofreep = buffer = xrealloc (buffer, buflen); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND diff --git a/patches/source/glibc/patches/CVE-2021-33574_1.patch b/patches/source/glibc/patches/CVE-2021-33574_1.patch new file mode 100644 index 000000000..20f1889ce --- /dev/null +++ b/patches/source/glibc/patches/CVE-2021-33574_1.patch @@ -0,0 +1,71 @@ +From 42d359350510506b87101cf77202fefcbfc790cb Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Thu, 27 May 2021 12:49:47 +0200 +Subject: [PATCH] Use __pthread_attr_copy in mq_notify (bug 27896) + +Make a deep copy of the pthread attribute object to remove a potential +use-after-free issue. +--- + NEWS | 4 ++++ + sysdeps/unix/sysv/linux/mq_notify.c | 15 ++++++++++----- + 2 files changed, 14 insertions(+), 5 deletions(-) + +diff --git a/NEWS b/NEWS +index 6f4d325d55..1bf3daa502 100644 +--- a/NEWS ++++ b/NEWS +@@ -62,6 +62,10 @@ Security related changes: + potentially resulting in degraded service or Denial of Service on the + local system. Reported by Chris Schanzle. + ++ CVE-2021-33574: The mq_notify function has a potential use-after-free ++ issue when using a notification type of SIGEV_THREAD and a thread ++ attribute with a non-default affinity mask. ++ + The following bugs are resolved with this release: + + [The release manager will add the list generated by +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index cc575a0cdd..f7ddfe5a6c 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -133,8 +133,11 @@ helper_thread (void *arg) + (void) __pthread_barrier_wait (¬ify_barrier); + } + else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) +- /* The only state we keep is the copy of the thread attributes. */ +- free (data.attr); ++ { ++ /* The only state we keep is the copy of the thread attributes. */ ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + } + return NULL; + } +@@ -255,8 +258,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + if (data.attr == NULL) + return -1; + +- memcpy (data.attr, notification->sigev_notify_attributes, +- sizeof (pthread_attr_t)); ++ __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); + } + + /* Construct the new request. */ +@@ -270,7 +272,10 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + + /* If it failed, free the allocated memory. */ + if (__glibc_unlikely (retval != 0)) +- free (data.attr); ++ { ++ pthread_attr_destroy (data.attr); ++ free (data.attr); ++ } + + return retval; + } +-- +2.27.0 + + diff --git a/patches/source/glibc/patches/CVE-2021-33574_2.patch b/patches/source/glibc/patches/CVE-2021-33574_2.patch new file mode 100644 index 000000000..608dbfdc5 --- /dev/null +++ b/patches/source/glibc/patches/CVE-2021-33574_2.patch @@ -0,0 +1,53 @@ +From 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fweimer@redhat.com> +Date: Tue, 1 Jun 2021 17:51:41 +0200 +Subject: [PATCH] Fix use of __pthread_attr_copy in mq_notify (bug 27896) + +__pthread_attr_copy can fail and does not initialize the attribute +structure in that case. + +If __pthread_attr_copy is never called and there is no allocated +attribute, pthread_attr_destroy should not be called, otherwise +there is a null pointer dereference in rt/tst-mqueue6. + +Fixes commit 42d359350510506b87101cf77202fefcbfc790cb +("Use __pthread_attr_copy in mq_notify (bug 27896)"). + +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +--- + sysdeps/unix/sysv/linux/mq_notify.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index f7ddfe5a6c..6f46d29d1d 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -258,7 +258,14 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + if (data.attr == NULL) + return -1; + +- __pthread_attr_copy (data.attr, notification->sigev_notify_attributes); ++ int ret = __pthread_attr_copy (data.attr, ++ notification->sigev_notify_attributes); ++ if (ret != 0) ++ { ++ free (data.attr); ++ __set_errno (ret); ++ return -1; ++ } + } + + /* Construct the new request. */ +@@ -271,7 +278,7 @@ mq_notify (mqd_t mqdes, const struct sigevent *notification) + int retval = INLINE_SYSCALL (mq_notify, 2, mqdes, &se); + + /* If it failed, free the allocated memory. */ +- if (__glibc_unlikely (retval != 0)) ++ if (retval != 0 && data.attr != NULL) + { + pthread_attr_destroy (data.attr); + free (data.attr); +-- +2.27.0 + + diff --git a/patches/source/glibc/patches/CVE-2021-35942.patch b/patches/source/glibc/patches/CVE-2021-35942.patch new file mode 100644 index 000000000..fde0fbdb3 --- /dev/null +++ b/patches/source/glibc/patches/CVE-2021-35942.patch @@ -0,0 +1,41 @@ +From 5adda61f62b77384718b4c0d8336ade8f2b4b35c Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Fri, 25 Jun 2021 15:02:47 +0200 +Subject: [PATCH] wordexp: handle overflow in positional parameter number (bug + 28011) + +Use strtoul instead of atoi so that overflow can be detected. +--- + posix/wordexp-test.c | 1 + + posix/wordexp.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index f93a546d7e..9df02dbbb3 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -183,6 +183,7 @@ struct test_case_struct + { 0, NULL, "$var", 0, 0, { NULL, }, IFS }, + { 0, NULL, "\"\\n\"", 0, 1, { "\\n", }, IFS }, + { 0, NULL, "", 0, 0, { NULL, }, IFS }, ++ { 0, NULL, "${1234567890123456789012}", 0, 0, { NULL, }, IFS }, + + /* Flags not already covered (testit() has special handling for these) */ + { 0, NULL, "one two", WRDE_DOOFFS, 2, { "one", "two", }, IFS }, +diff --git a/posix/wordexp.c b/posix/wordexp.c +index bcbe96e48d..1f3b09f721 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -1399,7 +1399,7 @@ envsubst: + /* Is it a numeric parameter? */ + else if (isdigit (env[0])) + { +- int n = atoi (env); ++ unsigned long n = strtoul (env, NULL, 10); + + if (n >= __libc_argc) + /* Substitute NULL. */ +-- +2.27.0 + + diff --git a/patches/source/glibc/patches/CVE-2021-38604.patch b/patches/source/glibc/patches/CVE-2021-38604.patch new file mode 100644 index 000000000..ad0a81588 --- /dev/null +++ b/patches/source/glibc/patches/CVE-2021-38604.patch @@ -0,0 +1,40 @@ +From b805aebd42364fe696e417808a700fdb9800c9e8 Mon Sep 17 00:00:00 2001 +From: Nikita Popov <npv1310@gmail.com> +Date: Mon, 9 Aug 2021 20:17:34 +0530 +Subject: [PATCH] librt: fix NULL pointer dereference (bug 28213) + +Helper thread frees copied attribute on NOTIFY_REMOVED message +received from the OS kernel. Unfortunately, it fails to check whether +copied attribute actually exists (data.attr != NULL). This worked +earlier because free() checks passed pointer before actually +attempting to release corresponding memory. But +__pthread_attr_destroy assumes pointer is not NULL. + +So passing NULL pointer to __pthread_attr_destroy will result in +segmentation fault. This scenario is possible if +notification->sigev_notify_attributes == NULL (which means default +thread attributes should be used). + +Signed-off-by: Nikita Popov <npv1310@gmail.com> +Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +--- + sysdeps/unix/sysv/linux/mq_notify.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysdeps/unix/sysv/linux/mq_notify.c b/sysdeps/unix/sysv/linux/mq_notify.c +index 9799dcdaa4..eccae2e4c6 100644 +--- a/sysdeps/unix/sysv/linux/mq_notify.c ++++ b/sysdeps/unix/sysv/linux/mq_notify.c +@@ -131,7 +131,7 @@ helper_thread (void *arg) + to wait until it is done with it. */ + (void) __pthread_barrier_wait (¬ify_barrier); + } +- else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED) ++ else if (data.raw[NOTIFY_COOKIE_LEN - 1] == NOTIFY_REMOVED && data.attr != NULL) + { + /* The only state we keep is the copy of the thread attributes. */ + __pthread_attr_destroy (data.attr); +-- +2.27.0 + + diff --git a/patches/source/glibc/patches/CVE-2024-2961_glibc2.33.patch b/patches/source/glibc/patches/CVE-2024-2961_glibc2.33.patch new file mode 100644 index 000000000..211bd38c7 --- /dev/null +++ b/patches/source/glibc/patches/CVE-2024-2961_glibc2.33.patch @@ -0,0 +1,205 @@ +From ed4f16ff6bed3037266f1fa682ebd32a18fce29c Mon Sep 17 00:00:00 2001 +From: Charles Fol <folcharles@gmail.com> +Date: Thu, 28 Mar 2024 12:25:38 -0300 +Subject: [PATCH] iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing + escape sequence (CVE-2024-2961) + +ISO-2022-CN-EXT uses escape sequences to indicate character set changes +(as specified by RFC 1922). While the SOdesignation has the expected +bounds checks, neither SS2designation nor SS3designation have its; +allowing a write overflow of 1, 2, or 3 bytes with fixed values: +'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. + +Checked on aarch64-linux-gnu. + +Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Reviewed-by: Carlos O'Donell <carlos@redhat.com> +Tested-by: Carlos O'Donell <carlos@redhat.com> + +(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada) +--- + iconvdata/Makefile | 5 +- + iconvdata/iso-2022-cn-ext.c | 12 +++ + iconvdata/tst-iconv-iso-2022-cn-ext.c | 128 ++++++++++++++++++++++++++ + 3 files changed, 144 insertions(+), 1 deletion(-) + create mode 100644 iconvdata/tst-iconv-iso-2022-cn-ext.c + +--- ./iconvdata/iso-2022-cn-ext.c.orig 2021-02-01 11:15:33.000000000 -0600 ++++ ./iconvdata/iso-2022-cn-ext.c 2024-04-18 13:10:47.597086361 -0500 +@@ -575,6 +575,12 @@ + { \ + const char *escseq; \ + \ ++ if (outptr + 4 > outend) \ ++ { \ ++ result = __GCONV_FULL_OUTPUT; \ ++ break; \ ++ } \ ++ \ + assert (used == CNS11643_2_set); /* XXX */ \ + escseq = "*H"; \ + *outptr++ = ESC; \ +@@ -588,6 +594,12 @@ + { \ + const char *escseq; \ + \ ++ if (outptr + 4 > outend) \ ++ { \ ++ result = __GCONV_FULL_OUTPUT; \ ++ break; \ ++ } \ ++ \ + assert ((used >> 5) >= 3 && (used >> 5) <= 7); \ + escseq = "+I+J+K+L+M" + ((used >> 5) - 3) * 2; \ + *outptr++ = ESC; \ +--- ./iconvdata/tst-iconv-iso-2022-cn-ext.c.orig 2024-04-18 13:10:47.597086361 -0500 ++++ ./iconvdata/tst-iconv-iso-2022-cn-ext.c 2024-04-18 13:10:47.597086361 -0500 +@@ -0,0 +1,128 @@ ++/* Verify ISO-2022-CN-EXT does not write out of the bounds. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <stdio.h> ++#include <string.h> ++ ++#include <errno.h> ++#include <iconv.h> ++#include <sys/mman.h> ++ ++#include <support/xunistd.h> ++#include <support/check.h> ++#include <support/support.h> ++ ++/* The test sets up a two memory page buffer with the second page marked ++ PROT_NONE to trigger a fault if the conversion writes beyond the exact ++ expected amount. Then we carry out various conversions and precisely ++ place the start of the output buffer in order to trigger a SIGSEGV if the ++ process writes anywhere between 1 and page sized bytes more (only one ++ PROT_NONE page is setup as a canary) than expected. These tests exercise ++ all three of the cases in ISO-2022-CN-EXT where the converter must switch ++ character sets and may run out of buffer space while doing the ++ operation. */ ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("ISO-2022-CN-EXT", "UTF-8"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ char *ntf; ++ size_t ntfsize; ++ char *outbufbase; ++ { ++ int pgz = getpagesize (); ++ TEST_VERIFY_EXIT (pgz > 0); ++ ntfsize = 2 * pgz; ++ ++ ntf = xmmap (NULL, ntfsize, PROT_READ | PROT_WRITE, MAP_PRIVATE ++ | MAP_ANONYMOUS, -1); ++ xmprotect (ntf + pgz, pgz, PROT_NONE); ++ ++ outbufbase = ntf + pgz; ++ } ++ ++ /* Check if SOdesignation escape sequence does not trigger an OOB write. */ ++ { ++ char inbuf[] = "\xe4\xba\xa4\xe6\x8d\xa2"; ++ ++ for (int i = 0; i < 9; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ /* Same as before for SS2designation. */ ++ { ++ char inbuf[] = "ã´½ \xe3\xb4\xbd"; ++ ++ for (int i = 0; i < 14; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ /* Same as before for SS3designation. */ ++ { ++ char inbuf[] = "å \xe5\x8a\x84"; ++ ++ for (int i = 0; i < 14; i++) ++ { ++ char *inp = inbuf; ++ size_t inleft = sizeof (inbuf) - 1; ++ ++ char *outp = outbufbase - i; ++ size_t outleft = i; ++ ++ TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) ++ == (size_t) -1); ++ TEST_COMPARE (errno, E2BIG); ++ ++ TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); ++ } ++ } ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ xmunmap (ntf, ntfsize); ++ ++ return 0; ++} ++ ++#include <support/test-driver.c> +--- ./iconvdata/Makefile.orig 2021-02-01 11:15:33.000000000 -0600 ++++ ./iconvdata/Makefile 2024-04-18 13:12:59.503089312 -0500 +@@ -74,7 +74,7 @@ + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ + bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ +- bug-iconv13 bug-iconv14 ++ bug-iconv13 bug-iconv14 tst-iconv-iso-2022-cn-ext + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +@@ -324,6 +324,8 @@ + $(addprefix $(objpfx),$(modules.so)) + $(objpfx)bug-iconv14.out: $(objpfx)gconv-modules \ + $(addprefix $(objpfx),$(modules.so)) ++$(objpfx)tst-iconv-iso-2022-cn-ext.out: $(addprefix $(objpfx), $(gconv-modules)) \ ++ $(addprefix $(objpfx),$(modules.so)) + + $(objpfx)iconv-test.out: run-iconv-test.sh $(objpfx)gconv-modules \ + $(addprefix $(objpfx),$(modules.so)) \ diff --git a/patches/source/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch b/patches/source/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch new file mode 100644 index 000000000..96f56ce73 --- /dev/null +++ b/patches/source/glibc/patches/cdc31409bd4f878577059e70dbd52a28643ec609.patch @@ -0,0 +1,237 @@ +From cdc31409bd4f878577059e70dbd52a28643ec609 Mon Sep 17 00:00:00 2001 +From: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Date: Wed, 31 Mar 2021 13:53:34 -0300 +Subject: [PATCH] linux: Normalize and return timeout on select (BZ #27651) + +The commit 2433d39b697, which added time64 support to select, changed +the function to use __NR_pselect6 (or __NR_pelect6_time64) on all +architectures. However, on architectures where the symbol was +implemented with __NR_select the kernel normalizes the passed timeout +instead of return EINVAL. For instance, the input timeval +{ 0, 5000000 } is interpreted as { 5, 0 }. + +And as indicated by BZ #27651, this semantic seems to be expected +and changing it results in some performance issues (most likely +the program does not check the return code and keeps issuing +select with unormalized tv_usec argument). + +To avoid a different semantic depending whether which syscall the +architecture used to issue, select now always normalize the timeout +input. This is a slight change for some ABIs (for instance aarch64). + +Checked on x86_64-linux-gnu and i686-linux-gnu. +--- + include/time.h | 5 +++ + sunrpc/svcauth_des.c | 1 - + support/Makefile | 2 ++ + support/support.h | 8 +++++ + support/support_select_modify_timeout.c | 29 ++++++++++++++++ + support/support_select_normalize_timeout.c | 29 ++++++++++++++++ + sysdeps/unix/sysv/linux/select.c | 40 ++++++++++++++++++---- + 8 files changed, 123 insertions(+), 8 deletions(-) + create mode 100644 support/support_select_modify_timeout.c + create mode 100644 support/support_select_normalize_timeout.c + +diff --git a/include/time.h b/include/time.h +index caf2af5e74..e0636132a6 100644 +--- a/include/time.h ++++ b/include/time.h +@@ -502,6 +502,11 @@ time_now (void) + __clock_gettime (TIME_CLOCK_GETTIME_CLOCKID, &ts); + return ts.tv_sec; + } ++ ++#define NSEC_PER_SEC 1000000000L /* Nanoseconds per second. */ ++#define USEC_PER_SEC 1000000L /* Microseconds per second. */ ++#define NSEC_PER_USEC 1000L /* Nanoseconds per microsecond. */ ++ + #endif + + #endif +diff --git a/sunrpc/svcauth_des.c b/sunrpc/svcauth_des.c +index 7607abc818..25a85c9097 100644 +--- a/sunrpc/svcauth_des.c ++++ b/sunrpc/svcauth_des.c +@@ -58,7 +58,6 @@ + + #define debug(msg) /*printf("svcauth_des: %s\n", msg) */ + +-#define USEC_PER_SEC ((uint32_t) 1000000L) + #define BEFORE(t1, t2) timercmp(t1, t2, <) + + /* +diff --git a/support/Makefile b/support/Makefile +index 900e17f94f..1e2fc97ee6 100644 +--- a/support/Makefile ++++ b/support/Makefile +@@ -68,6 +68,8 @@ libsupport-routines = \ + support_quote_string \ + support_record_failure \ + support_run_diff \ ++ support_select_modify_timeout \ ++ support_select_normalize_timeout \ + support_set_small_thread_stack_size \ + support_shared_allocate \ + support_small_stack_thread_attribute \ +diff --git a/support/support.h b/support/support.h +index e023d00857..f983783d64 100644 +--- a/support/support.h ++++ b/support/support.h +@@ -144,6 +144,14 @@ static __inline bool support_path_support_time64 (const char *path) + /* Return true if stat supports nanoseconds resolution. */ + extern bool support_stat_nanoseconds (const char *path); + ++/* Return true if select modify the timeout to reflect the amount of time ++ no slept. */ ++extern bool support_select_modify_timeout (void); ++ ++/* Return true if select normalize the timeout input by taking in account ++ tv_usec larger than 1000000. */ ++extern bool support_select_normalize_timeout (void); ++ + __END_DECLS + + #endif /* SUPPORT_H */ +diff --git a/support/support_select_modify_timeout.c b/support/support_select_modify_timeout.c +new file mode 100644 +index 0000000000..d70a5a5068 +--- /dev/null ++++ b/support/support_select_modify_timeout.c +@@ -0,0 +1,29 @@ ++/* Return whether select modify the timeout. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <stdbool.h> ++ ++bool ++support_select_modify_timeout (void) ++{ ++#ifdef __linux__ ++ return true; ++#else ++ return false; ++#endif ++} +diff --git a/support/support_select_normalize_timeout.c b/support/support_select_normalize_timeout.c +new file mode 100644 +index 0000000000..447e3ec3e3 +--- /dev/null ++++ b/support/support_select_normalize_timeout.c +@@ -0,0 +1,29 @@ ++/* Return whether select normalize the timeout. ++ Copyright (C) 2021 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <stdbool.h> ++ ++bool ++support_select_normalize_timeout (void) ++{ ++#ifdef __linux__ ++ return true; ++#else ++ return false; ++#endif ++} +diff --git a/sysdeps/unix/sysv/linux/select.c b/sysdeps/unix/sysv/linux/select.c +index 415aa87d3c..d075270ff4 100644 +--- a/sysdeps/unix/sysv/linux/select.c ++++ b/sysdeps/unix/sysv/linux/select.c +@@ -33,12 +33,34 @@ int + __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, + struct __timeval64 *timeout) + { +- struct __timespec64 ts64, *pts64 = NULL; +- if (timeout != NULL) ++ __time64_t s = timeout != NULL ? timeout->tv_sec : 0; ++ int32_t us = timeout != NULL ? timeout->tv_usec : 0; ++ int32_t ns; ++ ++ if (s < 0 || us < 0) ++ return INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL); ++ ++ /* Normalize the timeout, as legacy Linux __NR_select and __NR__newselect. ++ Different than syscall, it also handle possible overflow. */ ++ if (us / USEC_PER_SEC > INT64_MAX - s) + { +- ts64 = timeval64_to_timespec64 (*timeout); +- pts64 = &ts64; ++ s = INT64_MAX; ++ ns = NSEC_PER_SEC - 1; + } ++ else ++ { ++ s += us / USEC_PER_SEC; ++ us = us % USEC_PER_SEC; ++ ns = us * NSEC_PER_USEC; ++ } ++ ++ struct __timespec64 ts64, *pts64 = NULL; ++ if (timeout != NULL) ++ { ++ ts64.tv_sec = s; ++ ts64.tv_nsec = ns; ++ pts64 = &ts64; ++ } + + #ifndef __NR_pselect6_time64 + # define __NR_pselect6_time64 __NR_pselect6 +@@ -52,10 +74,13 @@ __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, + (though the pselect() glibc call suppresses this behavior). + Since select() on Linux has the same behavior as the pselect6 + syscall, we update the timeout here. */ +- if (r == 0 || errno != ENOSYS) ++ if (r >= 0 || errno != ENOSYS) + { + if (timeout != NULL) +- TIMEVAL_TO_TIMESPEC (timeout, &ts64); ++ { ++ timeout->tv_sec = ts64.tv_sec; ++ timeout->tv_usec = ts64.tv_nsec / NSEC_PER_USEC; ++ } + return r; + } + +@@ -71,7 +96,8 @@ __select64 (int nfds, fd_set *readfds, fd_set *writefds, fd_set *exceptfds, + __set_errno (EINVAL); + return -1; + } +- ts32 = valid_timespec64_to_timespec (ts64); ++ ts32.tv_sec = s; ++ ts32.tv_nsec = ns; + pts32 = &ts32; + } + # ifndef __ASSUME_PSELECT +-- +2.27.0 + + diff --git a/patches/source/glibc/patches/glibc.CVE-2021-3998.patch b/patches/source/glibc/patches/glibc.CVE-2021-3998.patch new file mode 100644 index 000000000..45602d050 --- /dev/null +++ b/patches/source/glibc/patches/glibc.CVE-2021-3998.patch @@ -0,0 +1,123 @@ +From f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar <siddhesh@sourceware.org> +Date: Thu, 13 Jan 2022 11:28:36 +0530 +Subject: [PATCH] realpath: Set errno to ENAMETOOLONG for result larger than + PATH_MAX [BZ #28770] + +realpath returns an allocated string when the result exceeds PATH_MAX, +which is unexpected when its second argument is not NULL. This results +in the second argument (resolved) being uninitialized and also results +in a memory leak since the caller expects resolved to be the same as the +returned value. + +Return NULL and set errno to ENAMETOOLONG if the result exceeds +PATH_MAX. This fixes [BZ #28770], which is CVE-2021-3998. + +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +(cherry picked from commit ee8d5e33adb284601c00c94687bc907e10aec9bb) +--- + NEWS | 4 +++ + stdlib/Makefile | 1 + + stdlib/canonicalize.c | 12 +++++++-- + stdlib/tst-realpath-toolong.c | 49 +++++++++++++++++++++++++++++++++++ + 4 files changed, 64 insertions(+), 2 deletions(-) + create mode 100644 stdlib/tst-realpath-toolong.c + +--- ./NEWS.orig 2021-02-01 11:15:33.000000000 -0600 ++++ ./NEWS 2022-01-24 13:32:24.268678228 -0600 +@@ -118,6 +118,10 @@ + CVE-2019-25013: A buffer overflow has been fixed in the iconv function when + invoked with EUC-KR input containing invalid multibyte input sequences. + ++ CVE-2021-3998: Passing a path longer than PATH_MAX to the realpath ++ function could result in a memory leak and potential access of ++ uninitialized memory. Reported by Qualys. ++ + The following bugs are resolved with this release: + + [10635] libc: realpath portability patches +--- ./stdlib/canonicalize.c.orig 2021-02-01 11:15:33.000000000 -0600 ++++ ./stdlib/canonicalize.c 2022-01-24 13:32:24.268678228 -0600 +@@ -400,8 +400,16 @@ + + error: + *dest++ = '\0'; +- if (resolved != NULL && dest - rname <= get_path_max ()) +- rname = strcpy (resolved, rname); ++ if (resolved != NULL) ++ { ++ if (dest - rname <= get_path_max ()) ++ rname = strcpy (resolved, rname); ++ else ++ { ++ failed = true; ++ __set_errno (ENAMETOOLONG); ++ } ++ } + + error_nomem: + scratch_buffer_free (&extra_buffer); +--- ./stdlib/Makefile.orig 2022-01-24 13:32:24.268678228 -0600 ++++ ./stdlib/Makefile 2022-01-24 13:32:59.968676254 -0600 +@@ -86,7 +86,7 @@ + tst-makecontext-align test-bz22786 tst-strtod-nan-sign \ + tst-swapcontext1 tst-setcontext4 tst-setcontext5 \ + tst-setcontext6 tst-setcontext7 tst-setcontext8 \ +- tst-setcontext9 tst-bz20544 tst-canon-bz26341 ++ tst-setcontext9 tst-bz20544 tst-canon-bz26341 tst-realpath-toolong + + tests-internal := tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \ + tst-tls-atexit tst-tls-atexit-nodelete +--- ./stdlib/tst-realpath-toolong.c.orig 2022-01-24 13:32:24.268678228 -0600 ++++ ./stdlib/tst-realpath-toolong.c 2022-01-24 13:32:24.268678228 -0600 +@@ -0,0 +1,49 @@ ++/* Verify that realpath returns NULL with ENAMETOOLONG if the result exceeds ++ NAME_MAX. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <errno.h> ++#include <limits.h> ++#include <stdlib.h> ++#include <string.h> ++#include <unistd.h> ++#include <support/check.h> ++#include <support/temp_file.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++ ++#define BASENAME "tst-realpath-toolong." ++ ++int ++do_test (void) ++{ ++ char *base = support_create_and_chdir_toolong_temp_directory (BASENAME); ++ ++ char buf[PATH_MAX + 1]; ++ const char *res = realpath (".", buf); ++ ++ /* canonicalize.c states that if the real path is >= PATH_MAX, then ++ realpath returns NULL and sets ENAMETOOLONG. */ ++ TEST_VERIFY (res == NULL); ++ TEST_VERIFY (errno == ENAMETOOLONG); ++ ++ free (base); ++ return 0; ++} ++ ++#include <support/test-driver.c> diff --git a/patches/source/glibc/patches/glibc.CVE-2021-3999.patch b/patches/source/glibc/patches/glibc.CVE-2021-3999.patch new file mode 100644 index 000000000..0644f798a --- /dev/null +++ b/patches/source/glibc/patches/glibc.CVE-2021-3999.patch @@ -0,0 +1,356 @@ +From 472e799a5f2102bc0c3206dbd5a801765fceb39c Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar <siddhesh@sourceware.org> +Date: Fri, 21 Jan 2022 23:32:56 +0530 +Subject: [PATCH] getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999) + +No valid path returned by getcwd would fit into 1 byte, so reject the +size early and return NULL with errno set to ERANGE. This change is +prompted by CVE-2021-3999, which describes a single byte buffer +underflow and overflow when all of the following conditions are met: + +- The buffer size (i.e. the second argument of getcwd) is 1 byte +- The current working directory is too long +- '/' is also mounted on the current working directory + +Sequence of events: + +- In sysdeps/unix/sysv/linux/getcwd.c, the syscall returns ENAMETOOLONG + because the linux kernel checks for name length before it checks + buffer size + +- The code falls back to the generic getcwd in sysdeps/posix + +- In the generic func, the buf[0] is set to '\0' on line 250 + +- this while loop on line 262 is bypassed: + + while (!(thisdev == rootdev && thisino == rootino)) + + since the rootfs (/) is bind mounted onto the directory and the flow + goes on to line 449, where it puts a '/' in the byte before the + buffer. + +- Finally on line 458, it moves 2 bytes (the underflowed byte and the + '\0') to the buf[0] and buf[1], resulting in a 1 byte buffer overflow. + +- buf is returned on line 469 and errno is not set. + +This resolves BZ #28769. + +Reviewed-by: Andreas Schwab <schwab@linux-m68k.org> +Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> +Signed-off-by: Qualys Security Advisory <qsa@qualys.com> +Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> +(cherry picked from commit 23e0e8f5f1fb5ed150253d986ecccdc90c2dcd5e) +--- + NEWS | 6 + + sysdeps/posix/getcwd.c | 7 + + sysdeps/unix/sysv/linux/Makefile | 7 +- + .../unix/sysv/linux/tst-getcwd-smallbuff.c | 241 ++++++++++++++++++ + 4 files changed, 260 insertions(+), 1 deletion(-) + create mode 100644 sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c + +diff --git a/NEWS b/NEWS +index b4f81c2668..8d7467d2c1 100644 +--- a/NEWS ++++ b/NEWS +@@ -20,6 +20,12 @@ Security related changes: + function could result in a memory leak and potential access of + uninitialized memory. Reported by Qualys. + ++ CVE-2021-3999: Passing a buffer of size exactly 1 byte to the getcwd ++ function may result in an off-by-one buffer underflow and overflow ++ when the current working directory is longer than PATH_MAX and also ++ corresponds to the / directory through an unprivileged mount ++ namespace. Reported by Qualys. ++ + The following bugs are resolved with this release: + + [12889] nptl: Fix race between pthread_kill and thread exit +diff --git a/sysdeps/posix/getcwd.c b/sysdeps/posix/getcwd.c +index 13680026ff..b6984a382c 100644 +--- a/sysdeps/posix/getcwd.c ++++ b/sysdeps/posix/getcwd.c +@@ -187,6 +187,13 @@ __getcwd_generic (char *buf, size_t size) + size_t allocated = size; + size_t used; + ++ /* A size of 1 byte is never useful. */ ++ if (allocated == 1) ++ { ++ __set_errno (ERANGE); ++ return NULL; ++ } ++ + #if HAVE_MINIMALLY_WORKING_GETCWD + /* If AT_FDCWD is not defined, the algorithm below is O(N**2) and + this is much slower than the system getcwd (at least on +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index 76ad06361c..9380d3848d 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -331,7 +331,12 @@ sysdep_routines += xstatconv internal_statvfs \ + + sysdep_headers += bits/fcntl-linux.h + +-tests += tst-fallocate tst-fallocate64 tst-o_path-locks ++tests += \ ++ tst-fallocate \ ++ tst-fallocate64 \ ++ tst-getcwd-smallbuff \ ++ tst-o_path-locks \ ++# tests + endif + + ifeq ($(subdir),elf) +diff --git a/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +new file mode 100644 +index 0000000000..d460d6e766 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/tst-getcwd-smallbuff.c +@@ -0,0 +1,241 @@ ++/* Verify that getcwd returns ERANGE for size 1 byte and does not underflow ++ buffer when the CWD is too long and is also a mount target of /. See bug ++ #28769 or CVE-2021-3999 for more context. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <errno.h> ++#include <fcntl.h> ++#include <intprops.h> ++#include <limits.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <sys/mount.h> ++#include <sys/stat.h> ++#include <sys/types.h> ++#include <sys/wait.h> ++ ++#include <sys/socket.h> ++#include <sys/un.h> ++#include <support/check.h> ++#include <support/temp_file.h> ++#include <support/xsched.h> ++#include <support/xunistd.h> ++ ++static char *base; ++#define BASENAME "tst-getcwd-smallbuff" ++#define MOUNT_NAME "mpoint" ++static int sockfd[2]; ++ ++static void ++do_cleanup (void) ++{ ++ support_chdir_toolong_temp_directory (base); ++ TEST_VERIFY_EXIT (rmdir (MOUNT_NAME) == 0); ++ free (base); ++} ++ ++static void ++send_fd (const int sock, const int fd) ++{ ++ struct msghdr msg = {0}; ++ union ++ { ++ struct cmsghdr hdr; ++ char buf[CMSG_SPACE (sizeof (int))]; ++ } cmsgbuf = {0}; ++ struct cmsghdr *cmsg; ++ struct iovec vec; ++ char ch = 'A'; ++ ssize_t n; ++ ++ msg.msg_control = &cmsgbuf.buf; ++ msg.msg_controllen = sizeof (cmsgbuf.buf); ++ ++ cmsg = CMSG_FIRSTHDR (&msg); ++ cmsg->cmsg_len = CMSG_LEN (sizeof (int)); ++ cmsg->cmsg_level = SOL_SOCKET; ++ cmsg->cmsg_type = SCM_RIGHTS; ++ memcpy (CMSG_DATA (cmsg), &fd, sizeof (fd)); ++ ++ vec.iov_base = &ch; ++ vec.iov_len = 1; ++ msg.msg_iov = &vec; ++ msg.msg_iovlen = 1; ++ ++ while ((n = sendmsg (sock, &msg, 0)) == -1 && errno == EINTR); ++ ++ TEST_VERIFY_EXIT (n == 1); ++} ++ ++static int ++recv_fd (const int sock) ++{ ++ struct msghdr msg = {0}; ++ union ++ { ++ struct cmsghdr hdr; ++ char buf[CMSG_SPACE(sizeof(int))]; ++ } cmsgbuf = {0}; ++ struct cmsghdr *cmsg; ++ struct iovec vec; ++ ssize_t n; ++ char ch = '\0'; ++ int fd = -1; ++ ++ vec.iov_base = &ch; ++ vec.iov_len = 1; ++ msg.msg_iov = &vec; ++ msg.msg_iovlen = 1; ++ ++ msg.msg_control = &cmsgbuf.buf; ++ msg.msg_controllen = sizeof (cmsgbuf.buf); ++ ++ while ((n = recvmsg (sock, &msg, 0)) == -1 && errno == EINTR); ++ if (n != 1 || ch != 'A') ++ return -1; ++ ++ cmsg = CMSG_FIRSTHDR (&msg); ++ if (cmsg == NULL) ++ return -1; ++ if (cmsg->cmsg_type != SCM_RIGHTS) ++ return -1; ++ memcpy (&fd, CMSG_DATA (cmsg), sizeof (fd)); ++ if (fd < 0) ++ return -1; ++ return fd; ++} ++ ++static int ++child_func (void * const arg) ++{ ++ xclose (sockfd[0]); ++ const int sock = sockfd[1]; ++ char ch; ++ ++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1); ++ TEST_VERIFY_EXIT (ch == '1'); ++ ++ if (mount ("/", MOUNT_NAME, NULL, MS_BIND | MS_REC, NULL)) ++ FAIL_EXIT1 ("mount failed: %m\n"); ++ const int fd = xopen ("mpoint", ++ O_RDONLY | O_PATH | O_DIRECTORY | O_NOFOLLOW, 0); ++ ++ send_fd (sock, fd); ++ xclose (fd); ++ ++ TEST_VERIFY_EXIT (read (sock, &ch, 1) == 1); ++ TEST_VERIFY_EXIT (ch == 'a'); ++ ++ xclose (sock); ++ return 0; ++} ++ ++static void ++update_map (char * const mapping, const char * const map_file) ++{ ++ const size_t map_len = strlen (mapping); ++ ++ const int fd = xopen (map_file, O_WRONLY, 0); ++ xwrite (fd, mapping, map_len); ++ xclose (fd); ++} ++ ++static void ++proc_setgroups_write (const long child_pid, const char * const str) ++{ ++ const size_t str_len = strlen(str); ++ ++ char setgroups_path[sizeof ("/proc//setgroups") + INT_STRLEN_BOUND (long)]; ++ ++ snprintf (setgroups_path, sizeof (setgroups_path), ++ "/proc/%ld/setgroups", child_pid); ++ ++ const int fd = open (setgroups_path, O_WRONLY); ++ ++ if (fd < 0) ++ { ++ TEST_VERIFY_EXIT (errno == ENOENT); ++ FAIL_UNSUPPORTED ("/proc/%ld/setgroups not found\n", child_pid); ++ } ++ ++ xwrite (fd, str, str_len); ++ xclose(fd); ++} ++ ++static char child_stack[1024 * 1024]; ++ ++int ++do_test (void) ++{ ++ base = support_create_and_chdir_toolong_temp_directory (BASENAME); ++ ++ xmkdir (MOUNT_NAME, S_IRWXU); ++ atexit (do_cleanup); ++ ++ TEST_VERIFY_EXIT (socketpair (AF_UNIX, SOCK_STREAM, 0, sockfd) == 0); ++ pid_t child_pid = xclone (child_func, NULL, child_stack, ++ sizeof (child_stack), ++ CLONE_NEWUSER | CLONE_NEWNS | SIGCHLD); ++ ++ xclose (sockfd[1]); ++ const int sock = sockfd[0]; ++ ++ char map_path[sizeof ("/proc//uid_map") + INT_STRLEN_BOUND (long)]; ++ char map_buf[sizeof ("0 1") + INT_STRLEN_BOUND (long)]; ++ ++ snprintf (map_path, sizeof (map_path), "/proc/%ld/uid_map", ++ (long) child_pid); ++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getuid()); ++ update_map (map_buf, map_path); ++ ++ proc_setgroups_write ((long) child_pid, "deny"); ++ snprintf (map_path, sizeof (map_path), "/proc/%ld/gid_map", ++ (long) child_pid); ++ snprintf (map_buf, sizeof (map_buf), "0 %ld 1", (long) getgid()); ++ update_map (map_buf, map_path); ++ ++ TEST_VERIFY_EXIT (send (sock, "1", 1, MSG_NOSIGNAL) == 1); ++ const int fd = recv_fd (sock); ++ TEST_VERIFY_EXIT (fd >= 0); ++ TEST_VERIFY_EXIT (fchdir (fd) == 0); ++ ++ static char buf[2 * 10 + 1]; ++ memset (buf, 'A', sizeof (buf)); ++ ++ /* Finally, call getcwd and check if it resulted in a buffer underflow. */ ++ char * cwd = getcwd (buf + sizeof (buf) / 2, 1); ++ TEST_VERIFY (cwd == NULL); ++ TEST_VERIFY (errno == ERANGE); ++ ++ for (int i = 0; i < sizeof (buf); i++) ++ if (buf[i] != 'A') ++ { ++ printf ("buf[%d] = %02x\n", i, (unsigned int) buf[i]); ++ support_record_failure (); ++ } ++ ++ TEST_VERIFY_EXIT (send (sock, "a", 1, MSG_NOSIGNAL) == 1); ++ xclose (sock); ++ TEST_VERIFY_EXIT (xwaitpid (child_pid, NULL, 0) == child_pid); ++ ++ return 0; ++} ++ ++#define CLEANUP_HANDLER do_cleanup ++#include <support/test-driver.c> +-- +2.27.0 + + diff --git a/patches/source/glibc/profile.d/glibc.csh.new b/patches/source/glibc/profile.d/glibc.csh.new new file mode 100755 index 000000000..1f33e9663 --- /dev/null +++ b/patches/source/glibc/profile.d/glibc.csh.new @@ -0,0 +1,9 @@ +#!/bin/csh +# Set more relaxed (glibc-2.3.5 like) malloc() checking. +# +# This relaxes the default paranoia level so that it reports +# bugs, but does not kill the questionable process. You can +# get away with running broken programs with this setting, +# but at a possible performance and security cost. +# +#setenv MALLOC_CHECK_ 1 diff --git a/patches/source/glibc/profile.d/glibc.sh.new b/patches/source/glibc/profile.d/glibc.sh.new new file mode 100755 index 000000000..979f4879e --- /dev/null +++ b/patches/source/glibc/profile.d/glibc.sh.new @@ -0,0 +1,8 @@ +#!/bin/sh +# Set more relaxed (glibc-2.3.5 like) malloc() checking. +# +# This relaxes the default paranoia level so that it reports +# bugs, but does not kill the questionable process. You can +# get away with running broken programs with this setting, +# but at a possible performance and security cost. +#export MALLOC_CHECK_=1 diff --git a/patches/source/glibc/slack-desc.aaa_glibc-solibs b/patches/source/glibc/slack-desc.aaa_glibc-solibs new file mode 100644 index 000000000..1604bace9 --- /dev/null +++ b/patches/source/glibc/slack-desc.aaa_glibc-solibs @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +aaa_glibc-solibs: aaa_glibc-solibs (shared GNU C libraries) +aaa_glibc-solibs: +aaa_glibc-solibs: This package contains the shared libraries, binaries, and support +aaa_glibc-solibs: files required to run most Linux applications linked with glibc. +aaa_glibc-solibs: +aaa_glibc-solibs: +aaa_glibc-solibs: +aaa_glibc-solibs: +aaa_glibc-solibs: +aaa_glibc-solibs: +aaa_glibc-solibs: diff --git a/patches/source/glibc/slack-desc.glibc b/patches/source/glibc/slack-desc.glibc new file mode 100644 index 000000000..63992d6b4 --- /dev/null +++ b/patches/source/glibc/slack-desc.glibc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +glibc: glibc (GNU C libraries) +glibc: +glibc: This package contains the GNU C libraries and header files. You'll +glibc: need this package to compile programs. +glibc: +glibc: The GNU C library was originally authored by Roland McGrath. +glibc: +glibc: Homepage: https://www.gnu.org/software/libc/ +glibc: +glibc: +glibc: diff --git a/patches/source/glibc/slack-desc.glibc-debug b/patches/source/glibc/slack-desc.glibc-debug new file mode 100644 index 000000000..8cb64d59a --- /dev/null +++ b/patches/source/glibc/slack-desc.glibc-debug @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +glibc-debug: glibc-debug (GNU C libraries with debugging symbols) +glibc-debug: +glibc-debug: This package contains versions of the GNU C libraries with debugging +glibc-debug: information. These are needed only if you wish to be able to step +glibc-debug: through C library routines while debugging programs. Most debugging +glibc-debug: efforts will not require these. +glibc-debug: To use these libraries, set LD_LIBRARY_PATH when calling the debugger: +glibc-debug: LD_LIBRARY_PATH=/usr/lib/debug gdb <executable> +glibc-debug: +glibc-debug: Or, use this approach if you need to debug a setuid binary: +glibc-debug: su user -c "LD_LIBRARY_PATH=/usr/lib/debug gdb <executable>" diff --git a/patches/source/glibc/slack-desc.glibc-i18n b/patches/source/glibc/slack-desc.glibc-i18n new file mode 100644 index 000000000..a697bc3db --- /dev/null +++ b/patches/source/glibc/slack-desc.glibc-i18n @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +glibc-i18n: glibc-i18n (locale files from glibc) +glibc-i18n: +glibc-i18n: These files go in /usr/lib/locale, /usr/share/i18n/, and +glibc-i18n: /usr/share/locale/ to provide internationalization support. +glibc-i18n: You'll need this package unless you will be using US English only. +glibc-i18n: +glibc-i18n: +glibc-i18n: +glibc-i18n: +glibc-i18n: +glibc-i18n: diff --git a/patches/source/glibc/slack-desc.glibc-profile b/patches/source/glibc/slack-desc.glibc-profile new file mode 100644 index 000000000..4b4100e08 --- /dev/null +++ b/patches/source/glibc/slack-desc.glibc-profile @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +glibc-profile: glibc-profile (GNU C libraries with profiling support) +glibc-profile: +glibc-profile: This package contains static versions of the GNU C libraries with +glibc-profile: support for profiling binaries using gprof. gprof calculates how +glibc-profile: much time a program spends in each routine which can suggest where +glibc-profile: to concentrate efforts to improve performance. +glibc-profile: +glibc-profile: See the gprof man page for more details. +glibc-profile: +glibc-profile: +glibc-profile: |