diff --git a/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch b/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch new file mode 100644 index 0000000000000000000000000000000000000000..c26139f12fc95d99bf9bec65bd55ab237449124c --- /dev/null +++ b/Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch @@ -0,0 +1,56 @@ +From 9a99c682144bdbd40792ebf822fe9264e0376fb5 Mon Sep 17 00:00:00 2001 +From: Arjun Shankar +Date: Wed, 4 Nov 2020 12:19:38 +0100 +Subject: [PATCH] iconv: Accept redundant shift sequences in IBM1364 [BZ + #26224] + +The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets +share converter logic (iconvdata/ibm1364.c) which would reject +redundant shift sequences when processing input in these character +sets. This led to a hang in the iconv program (CVE-2020-27618). + +This commit adjusts the converter to ignore redundant shift sequences +and adds test cases for iconv_prog hangs that would be triggered upon +their rejection. This brings the implementation in line with other +converters that also ignore redundant shift sequences (e.g. IBM930 +etc., fixed in commit 692de4b3960d). + +Reviewed-by: Carlos O'Donell +--- + iconvdata/ibm1364.c | 14 ++------------ + 1 files changed, 2 insertions(+), 12 deletions(-) + +diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c +index 49e7267ab45..521f0825b7f 100644 +--- a/iconvdata/ibm1364.c ++++ b/iconvdata/ibm1364.c +@@ -158,24 +158,14 @@ enum + \ + if (__builtin_expect (ch, 0) == SO) \ + { \ +- /* Shift OUT, change to DBCS converter. */ \ +- if (curcs == db) \ +- { \ +- result = __GCONV_ILLEGAL_INPUT; \ +- break; \ +- } \ ++ /* Shift OUT, change to DBCS converter (redundant escape okay). */ \ + curcs = db; \ + ++inptr; \ + continue; \ + } \ + if (__builtin_expect (ch, 0) == SI) \ + { \ +- /* Shift IN, change to SBCS converter. */ \ +- if (curcs == sb) \ +- { \ +- result = __GCONV_ILLEGAL_INPUT; \ +- break; \ +- } \ ++ /* Shift IN, change to SBCS converter (redundant escape okay). */ \ + curcs = sb; \ + ++inptr; \ + continue; \ +-- +2.25.1 + diff --git a/Workaround-deprecation-warnings-introduced-in-libselinux-3.1.patch b/Workaround-deprecation-warnings-introduced-in-libselinux-3.1.patch new file mode 100644 index 0000000000000000000000000000000000000000..8bcc95b354a338a4cb389577ab2e3ccbc5a64556 --- /dev/null +++ b/Workaround-deprecation-warnings-introduced-in-libselinux-3.1.patch @@ -0,0 +1,126 @@ +From: Aurelien Jarno +To: libc-alpha@sourceware.org +Subject: [PATCH] Workaround deprecation warnings introduced in libselinux >= 3.1 +Date: Tue, 21 Jul 2020 22:21:18 +0200 +Message-Id: <20200721202118.300350-1-aurelien@aurel32.net> + +------------------------------------------ +glibc doesn't build with libselinux 3.1 that has been released recently +due to new deprecations introduced in that version and the fact that +glibc is built with -Werror by default: + +| makedb.c: In function ‘set_file_creation_context’: +| makedb.c:849:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations] +| 849 | security_context_t ctx; +| | ^~~~~~~~~~~~~~~~~~ +| makedb.c:863:3: error: ‘matchpathcon’ is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations] +| 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL) +| | ^~ +| In file included from makedb.c:50: +| /usr/include/selinux/selinux.h:500:12: note: declared here +| 500 | extern int matchpathcon(const char *path, +| | ^~~~~~~~~~~~ +| cc1: all warnings being treated as errors + +and + +| selinux.c: In function ‘nscd_avc_init’: +| selinux.c:330:3: error: ‘avc_init’ is deprecated: Use avc_open and selinux_set_callback [-Werror=deprecated-declarations] +| 330 | if (avc_init ("avc", NULL, &log_cb, &thread_cb, &lock_cb) < 0) +| | ^~ +| In file included from selinux.c:31: +| /usr/include/selinux/avc.h:199:12: note: declared here +| 199 | extern int avc_init(const char *msgprefix, +| | ^~~~~~~~ +| selinux.c: In function ‘nscd_request_avc_has_perm’: +| selinux.c:355:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations] +| 355 | security_context_t scon = NULL; +| | ^~~~~~~~~~~~~~~~~~ +| selinux.c:356:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations] +| 356 | security_context_t tcon = NULL; +| | ^~~~~~~~~~~~~~~~~~ +| selinux.c:419:5: error: ‘sidput’ is deprecated [-Werror=deprecated-declarations] +| 419 | sidput (ssid); +| | ^~~~~~ +| In file included from selinux.c:31: +| /usr/include/selinux/avc.h:83:12: note: declared here +| 83 | extern int sidput(security_id_t sid) +| | ^~~~~~ +| selinux.c:421:5: error: ‘sidput’ is deprecated [-Werror=deprecated-declarations] +| 421 | sidput (tsid); +| | ^~~~~~ +| In file included from selinux.c:31: +| /usr/include/selinux/avc.h:83:12: note: declared here +| 83 | extern int sidput(security_id_t sid) +| | ^~~~~~ +| cc1: all warnings being treated as errors + +This patch workarounds the issue until the deprecated code is +rewritten. #pragma GCC diagnostic annotations are used to disable +-Wdeprecated-declarations warning in the problematic functions. This is +probably the safest option for stable releases to avoid introducing +regressions. +--- + nscd/selinux.c | 6 ++++++ + nss/makedb.c | 3 +++ + 2 files changed, 9 insertions(+) + +diff --git a/nscd/selinux.c b/nscd/selinux.c +index a4ea8008e20..0411e0f7fdf 100644 +--- a/nscd/selinux.c ++++ b/nscd/selinux.c +@@ -322,6 +322,8 @@ avc_free_lock (void *lock) + + /* Initialize the user space access vector cache (AVC) for NSCD along with + log/thread/lock callbacks. */ ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + void + nscd_avc_init (void) + { +@@ -335,6 +337,7 @@ nscd_avc_init (void) + audit_init (); + #endif + } ++#pragma GCC diagnostic pop + + + /* Check the permission from the caller (via getpeercon) to nscd. +@@ -348,6 +351,8 @@ nscd_avc_init (void) + use security_deny_unknown to determine what to do if selinux-policy* doesn't + have a definition for the the permission or object class we are looking + up. */ ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + int + nscd_request_avc_has_perm (int fd, request_type req) + { +@@ -422,6 +427,7 @@ out: + + return rc; + } ++#pragma GCC diagnostic pop + + + /* Wrapper to get AVC statistics. */ +diff --git a/nss/makedb.c b/nss/makedb.c +index 8e389a16837..7a365894cec 100644 +--- a/nss/makedb.c ++++ b/nss/makedb.c +@@ -842,6 +842,8 @@ print_database (int fd) + + + #ifdef HAVE_SELINUX ++#pragma GCC diagnostic push ++#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + static void + set_file_creation_context (const char *outname, mode_t mode) + { +@@ -883,6 +885,7 @@ set_file_creation_context (const char *outname, mode_t mode) + /* Close the file contexts backend. */ + selabel_close(label_hnd); + } ++#pragma GCC diagnostic pop + + static void + reset_file_creation_context (void) diff --git a/backport-0001-Fix-handling-of-collating-symbols-in-fnmatch-bug-266.patch b/backport-0001-Fix-handling-of-collating-symbols-in-fnmatch-bug-266.patch new file mode 100644 index 0000000000000000000000000000000000000000..bb9b0d78cae0eb5818100ebdd5921454790114c2 --- /dev/null +++ b/backport-0001-Fix-handling-of-collating-symbols-in-fnmatch-bug-266.patch @@ -0,0 +1,104 @@ +From a140ff9162f353e804d6a8c83c8f3c18511850dd Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Wed, 16 Sep 2020 12:41:14 +0200 +Subject: [PATCH] Fix handling of collating symbols in fnmatch (bug 26620) + +The variable idx contains the index into the extra array, whereas wextra +points into the extra array at this index, containing the length of the +following collating sequence in the wide character representation. +--- + posix/Makefile | 3 ++- + posix/fnmatch_loop.c | 4 ++-- + posix/tst-fnmatch6.c | 37 +++++++++++++++++++++++++++++++++++++ + 3 files changed, 41 insertions(+), 3 deletions(-) + create mode 100644 posix/tst-fnmatch6.c + +diff --git a/posix/Makefile b/posix/Makefile +index 605ddbade8..83c4d57231 100644 +--- a/posix/Makefile ++++ b/posix/Makefile +@@ -96,7 +96,7 @@ tests := test-errno tstgetopt testfnm runtests runptests \ + bug-getopt5 tst-getopt_long1 bug-regex34 bug-regex35 \ + tst-pathconf tst-rxspencer-no-utf8 \ + tst-fnmatch3 bug-regex36 \ +- tst-fnmatch4 tst-fnmatch5 \ ++ tst-fnmatch4 tst-fnmatch5 tst-fnmatch6 \ + tst-posix_spawn-fd tst-posix_spawn-setsid \ + tst-posix_fadvise tst-posix_fadvise64 \ + tst-sysconf-empty-chroot tst-glob_symlinks tst-fexecve \ +@@ -197,6 +197,7 @@ $(objpfx)bug-regex35.out: $(gen-locales) + $(objpfx)tst-fnmatch.out: $(gen-locales) + $(objpfx)tst-fnmatch4.out: $(gen-locales) + $(objpfx)tst-fnmatch5.out: $(gen-locales) ++$(objpfx)tst-fnmatch6.out: $(gen-locales) + $(objpfx)tst-regex.out: $(gen-locales) + $(objpfx)tst-regex2.out: $(gen-locales) + $(objpfx)tst-regexloc.out: $(gen-locales) +diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c +index 8ead4dc7b9..0f890d4782 100644 +--- a/posix/fnmatch_loop.c ++++ b/posix/fnmatch_loop.c +@@ -564,7 +564,7 @@ FCT (const CHAR *pattern, const CHAR *string, const CHAR *string_end, + /* Get the collation sequence value. */ + is_seqval = 1; + # if WIDE_CHAR_VERSION +- cold = wextra[1 + wextra[idx]]; ++ cold = wextra[1 + wextra[0]]; + # else + idx += 1 + extra[idx]; + /* Adjust for the alignment. */ +@@ -738,7 +738,7 @@ FCT (const CHAR *pattern, const CHAR *string, const CHAR *string_end, + /* Get the collation sequence value. */ + is_seqval = 1; + # if WIDE_CHAR_VERSION +- cend = wextra[1 + wextra[idx]]; ++ cend = wextra[1 + wextra[0]]; + # else + idx += 1 + extra[idx]; + /* Adjust for the alignment. */ +diff --git a/posix/tst-fnmatch6.c b/posix/tst-fnmatch6.c +new file mode 100644 +index 0000000000..c255702a72 +--- /dev/null ++++ b/posix/tst-fnmatch6.c +@@ -0,0 +1,37 @@ ++/* Test for fnmatch handling of collating symbols (bug 26620) ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ setlocale (LC_ALL, "en_US.UTF-8"); ++ /* From iso14651_t1_common: ++ collating-element from "" ++ % decomposition of LATIN CAPITAL LETTER L WITH MIDDLE DOT */ ++ TEST_VERIFY (fnmatch ("[[.L\xc2\xb7.]]", ".", 0) != 0); ++ TEST_VERIFY (fnmatch ("[[.L\xc2\xb7.]]", "L\xc2\xb7", 0) == 0); ++ ++ return 0; ++} ++ ++#include +-- +2.23.0 + diff --git a/backport-i686-tst-strftime3-fix-printf-warning.patch b/backport-i686-tst-strftime3-fix-printf-warning.patch new file mode 100644 index 0000000000000000000000000000000000000000..ee2e1834039b57018db11a0bd0bf438f36e2775c --- /dev/null +++ b/backport-i686-tst-strftime3-fix-printf-warning.patch @@ -0,0 +1,136 @@ +From 6dd2dae7cfe2077c3af854a6220fe582b6bad999 Mon Sep 17 00:00:00 2001 +From: DJ Delorie +Date: Thu, 15 Oct 2020 16:31:04 +0800 +Subject: [PATCH] Add Reiwa era tests to time/tst-strftime3.c Also fix printf + warning + +--- + time/tst-strftime3.c | 72 +++++++++++++++++++++++++++++++++++++++++-- + 1 files changed, 72 insertions(+), 0 deletions(-) + +diff --git a/time/tst-strftime3.c b/time/tst-strftime3.c +index a4c427b3..0ec14869 100644 +--- a/time/tst-strftime3.c ++++ b/time/tst-strftime3.c +@@ -1,5 +1,5 @@ + /* Data-driven tests for strftime/strptime. +- Copyright (C) 2019 Free Software Foundation, Inc. This file is ++ Copyright (C) 2019-2020 Free Software Foundation, Inc. This file is + part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -14,7 +14,7 @@ + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see +- . */ ++ . */ + + #include + #include +@@ -25,6 +25,7 @@ + + #include + #include ++#include + + /* These exist for the convenience of writing the test data, because + zero-based vs one-based. */ +@@ -291,6 +292,62 @@ const Data data[] = { + 1990, Jan, 1, Mon, 12, 00, 00, "ja_JP.EUC-JP", "%EY", + /* 02 平成02年 */ + "\xca\xbf\xc0\xae""02\xc7\xaf" }, ++ ++ ++ { "Japanese era change, 2019, before transition year", ++ 2018, Dec, 31, Mon, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 30 昭和30年 */ ++ "\xe5\xb9\xb3\xe6\x88\x90""30\xe5\xb9\xb4" }, ++ { "Japanese era change, 2019, start of transition year", ++ 2019, Jan, 1, Tue, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 30 昭和31年 */ ++ "\xe5\xb9\xb3\xe6\x88\x90""31\xe5\xb9\xb4" }, ++ ++ { "Japanese era change, 2019, before transition", ++ 2019, Apr, 30, Tue, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 30 昭和31年 */ ++ "\xe5\xb9\xb3\xe6\x88\x90""31\xe5\xb9\xb4" }, ++ { "Japanese era change, 2019, after transition", ++ 2019, May, 1, Wed, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 令和元年 */ ++ "\xe4\xbb\xa4\xe5\x92\x8c\xe5\x85\x83\xe5\xb9\xb4" }, ++ ++ { "Japanese era change, 2019, end of transition year", ++ 2019, Dec, 31, Tue, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 令和元年 */ ++ "\xe4\xbb\xa4\xe5\x92\x8c\xe5\x85\x83\xe5\xb9\xb4" }, ++ { "Japanese era change, 2019, after transition year", ++ 2020, Jan, 1, Wed, 12, 00, 00, "ja_JP.UTF-8", "%EY", ++ /* 02 令和02年 */ ++ "\xe4\xbb\xa4\xe5\x92\x8c""02\xe5\xb9\xb4" }, ++ ++ ++ { "Japanese era change, 2019, before transition year", ++ 2018, Dec, 31, Mon, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 30 昭和30年 */ ++ "\xca\xbf\xc0\xae""30\xc7\xaf" }, ++ { "Japanese era change, 2019, start of transition year", ++ 2019, Jan, 1, Tue, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 30 昭和31年 */ ++ "\xca\xbf\xc0\xae""31\xc7\xaf" }, ++ ++ { "Japanese era change, 2019, before transition", ++ 2019, Apr, 30, Tue, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 30 昭和31年 */ ++ "\xca\xbf\xc0\xae""31\xc7\xaf" }, ++ { "Japanese era change, 2019, after transition", ++ 2019, May, 1, Wed, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 令和元年 */ ++ "\xce\xe1\xcf\xc2\xb8\xb5\xc7\xaf" }, ++ ++ { "Japanese era change, 2019, end of transition year", ++ 2019, Dec, 31, Tue, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 令和元年 */ ++ "\xce\xe1\xcf\xc2\xb8\xb5\xc7\xaf" }, ++ { "Japanese era change, 2019, after transition year", ++ 2020, Jan, 1, Wed, 12, 00, 00, "ja_JP.EUC-JP", "%EY", ++ /* 02 令和02年 */ ++ "\xce\xe1\xcf\xc2""02\xc7\xaf" }, + }; + + #define NDATA array_length(data) +@@ -348,7 +405,7 @@ print_string_hex (const char *header, const char *str) + if (' ' <= w[i] && w[i] <= '~') + putchar (w[i]); + else +- printf ("", w[i]); ++ printf ("", (int) w[i]); + } + printf ("\n"); + } +@@ -384,6 +441,14 @@ tm_to_printed (struct tm *tm, char *buffer) + sprintf (temp, "%d", tm->tm_wday); + } + ++ DIAG_PUSH_NEEDS_COMMENT; ++#if __GNUC_PREREQ (9, 0) ++ /* GCC 9 warns that strncmp may truncate its output, but that's why ++ we're using it. When it needs to truncate, it got corrupted ++ data, and we only care that the string is different than valid ++ data, which won't truncate. */ ++ DIAG_IGNORE_NEEDS_COMMENT (9, "-Wformat-truncation="); ++#endif + snprintf (buffer, TMBUFLEN, "%04d/%02d/%02d %02d:%02d:%02d %s", + tm->tm_year + 1900, + tm->tm_mon + 1, +@@ -392,6 +457,7 @@ tm_to_printed (struct tm *tm, char *buffer) + tm->tm_min, + tm->tm_sec, + wn); ++ DIAG_POP_NEEDS_COMMENT; + } + + static int +-- +2.23.0 + diff --git a/backport-sysvipc-Fix-SEM_STAT_ANY-kernel-argument-pass-BZ-26637.patch b/backport-sysvipc-Fix-SEM_STAT_ANY-kernel-argument-pass-BZ-26637.patch new file mode 100644 index 0000000000000000000000000000000000000000..38c68d0155a76137c77db38b9a93f15ae08c1d7a --- /dev/null +++ b/backport-sysvipc-Fix-SEM_STAT_ANY-kernel-argument-pass-BZ-26637.patch @@ -0,0 +1,265 @@ +From 574500a108be1d2a6a0dc97a075c9e0a98371aba Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" +Date: Tue, 29 Sep 2020 14:10:20 -0300 +Subject: [PATCH] sysvipc: Fix SEM_STAT_ANY kernel argument pass [BZ #26637] + +Handle SEM_STAT_ANY the same way as SEM_STAT so that the buffer argument +of SEM_STAT_ANY is properly passed to the kernel and back. + +The regression testcase checks for Linux specifix SysV ipc message +control extension. For IPC_INFO/SEM_INFO it tries to match the values +against the tunable /proc values and for SEM_STAT/SEM_STAT_ANY it +check if the create message queue is within the global list returned +by the kernel. + +Checked on x86_64-linux-gnu and on i686-linux-gnu (Linux v5.4 and on +Linux v4.15). + +Co-authored-by: Adhemerval Zanella +--- + sysdeps/unix/sysv/linux/Makefile | 3 +- + sysdeps/unix/sysv/linux/semctl.c | 2 + + sysdeps/unix/sysv/linux/tst-sysvsem-linux.c | 184 ++++++++++++++++++++ + sysvipc/test-sysvsem.c | 1 + + 4 files changed, 189 insertions(+), 1 deletion(-) + create mode 100644 sysdeps/unix/sysv/linux/tst-sysvsem-linux.c + +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index 773aaea0..d8cd107d 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -45,7 +45,8 @@ sysdep_headers += sys/mount.h sys/acct.h sys/sysctl.h \ + tests += tst-clone tst-clone2 tst-clone3 tst-fanotify tst-personality \ + tst-quota tst-sync_file_range tst-sysconf-iov_max tst-ttyname \ + test-errno-linux tst-memfd_create tst-mlock2 tst-pkey \ +- tst-rlimit-infinity tst-ofdlocks ++ tst-rlimit-infinity tst-ofdlocks \ ++ tst-sysvsem-linux + tests-internal += tst-ofdlocks-compat + + +diff --git a/sysdeps/unix/sysv/linux/semctl.c b/sysdeps/unix/sysv/linux/semctl.c +index e2925447..bdf31ca7 100644 +--- a/sysdeps/unix/sysv/linux/semctl.c ++++ b/sysdeps/unix/sysv/linux/semctl.c +@@ -51,6 +51,7 @@ __new_semctl (int semid, int semnum, int cmd, ...) + case IPC_STAT: /* arg.buf */ + case IPC_SET: + case SEM_STAT: ++ case SEM_STAT_ANY: + case IPC_INFO: /* arg.__buf */ + case SEM_INFO: + va_start (ap, cmd); +@@ -90,6 +91,7 @@ __old_semctl (int semid, int semnum, int cmd, ...) + case IPC_STAT: /* arg.buf */ + case IPC_SET: + case SEM_STAT: ++ case SEM_STAT_ANY: + case IPC_INFO: /* arg.__buf */ + case SEM_INFO: + va_start (ap, cmd); +diff --git a/sysdeps/unix/sysv/linux/tst-sysvsem-linux.c b/sysdeps/unix/sysv/linux/tst-sysvsem-linux.c +new file mode 100644 +index 00000000..45f19e2d +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/tst-sysvsem-linux.c +@@ -0,0 +1,184 @@ ++/* Basic tests for Linux SYSV semaphore extensions. ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++/* These are for the temporary file we generate. */ ++static char *name; ++static int semid; ++ ++static void ++remove_sem (void) ++{ ++ /* Enforce message queue removal in case of early test failure. ++ Ignore error since the sem may already have being removed. */ ++ semctl (semid, 0, IPC_RMID, 0); ++} ++ ++static void ++do_prepare (int argc, char *argv[]) ++{ ++ TEST_VERIFY_EXIT (create_temp_file ("tst-sysvsem.", &name) != -1); ++} ++ ++#define PREPARE do_prepare ++ ++#define SEM_MODE 0644 ++ ++union semun ++{ ++ int val; ++ struct semid_ds *buf; ++ unsigned short *array; ++ struct seminfo *__buf; ++}; ++ ++struct test_seminfo ++{ ++ int semmsl; ++ int semmns; ++ int semopm; ++ int semmni; ++}; ++ ++/* It tries to obtain some system-wide SysV semaphore information from /proc ++ to check against IPC_INFO/SEM_INFO. The /proc only returns the tunables ++ value of SEMMSL, SEMMNS, SEMOPM, and SEMMNI. ++ ++ The kernel also returns constant value for SEMVMX, SEMMNU, SEMMAP, SEMUME, ++ and also SEMUSZ and SEMAEM (for IPC_INFO). The issue to check them is they ++ might change over kernel releases. */ ++ ++static void ++read_sem_stat (struct test_seminfo *tseminfo) ++{ ++ FILE *f = fopen ("/proc/sys/kernel/sem", "r"); ++ if (f == NULL) ++ FAIL_UNSUPPORTED ("/proc is not mounted or /proc/sys/kernel/sem is not " ++ "available"); ++ ++ int r = fscanf (f, "%d %d %d %d", ++ &tseminfo->semmsl, &tseminfo->semmns, &tseminfo->semopm, ++ &tseminfo->semmni); ++ TEST_VERIFY_EXIT (r == 4); ++ ++ fclose (f); ++} ++ ++ ++/* Check if the semaphore with IDX (index into the kernel's internal array) ++ matches the one with KEY. The CMD is either SEM_STAT or SEM_STAT_ANY. */ ++ ++static bool ++check_seminfo (int idx, key_t key, int cmd) ++{ ++ struct semid_ds seminfo; ++ int sid = semctl (idx, 0, cmd, (union semun) { .buf = &seminfo }); ++ /* Ignore unused array slot returned by the kernel or information from ++ unknown semaphores. */ ++ if ((sid == -1 && errno == EINVAL) || sid != semid) ++ return false; ++ ++ if (sid == -1) ++ FAIL_EXIT1 ("semctl with SEM_STAT failed (errno=%d)", errno); ++ ++ TEST_COMPARE (seminfo.sem_perm.__key, key); ++ TEST_COMPARE (seminfo.sem_perm.mode, SEM_MODE); ++ TEST_COMPARE (seminfo.sem_nsems, 1); ++ ++ return true; ++} ++ ++static int ++do_test (void) ++{ ++ atexit (remove_sem); ++ ++ key_t key = ftok (name, 'G'); ++ if (key == -1) ++ FAIL_EXIT1 ("ftok failed: %m"); ++ ++ semid = semget (key, 1, IPC_CREAT | IPC_EXCL | SEM_MODE); ++ if (semid == -1) ++ FAIL_EXIT1 ("semget failed: %m"); ++ ++ struct test_seminfo tipcinfo; ++ read_sem_stat (&tipcinfo); ++ ++ int semidx; ++ ++ { ++ struct seminfo ipcinfo; ++ semidx = semctl (semid, 0, IPC_INFO, (union semun) { .__buf = &ipcinfo }); ++ if (semidx == -1) ++ FAIL_EXIT1 ("semctl with IPC_INFO failed: %m"); ++ ++ TEST_COMPARE (ipcinfo.semmsl, tipcinfo.semmsl); ++ TEST_COMPARE (ipcinfo.semmns, tipcinfo.semmns); ++ TEST_COMPARE (ipcinfo.semopm, tipcinfo.semopm); ++ TEST_COMPARE (ipcinfo.semmni, tipcinfo.semmni); ++ } ++ ++ /* Same as before but with SEM_INFO. */ ++ { ++ struct seminfo ipcinfo; ++ semidx = semctl (semid, 0, SEM_INFO, (union semun) { .__buf = &ipcinfo }); ++ if (semidx == -1) ++ FAIL_EXIT1 ("semctl with IPC_INFO failed: %m"); ++ ++ TEST_COMPARE (ipcinfo.semmsl, tipcinfo.semmsl); ++ TEST_COMPARE (ipcinfo.semmns, tipcinfo.semmns); ++ TEST_COMPARE (ipcinfo.semopm, tipcinfo.semopm); ++ TEST_COMPARE (ipcinfo.semmni, tipcinfo.semmni); ++ } ++ ++ /* We check if the created semaphore shows in the system-wide status. */ ++ bool found = false; ++ for (int i = 0; i <= semidx; i++) ++ { ++ /* We can't tell apart if SEM_STAT_ANY is not supported (kernel older ++ than 4.17) or if the index used is invalid. So it just check if ++ value returned from a valid call matches the created semaphore. */ ++ check_seminfo (i, key, SEM_STAT_ANY); ++ ++ if (check_seminfo (i, key, SEM_STAT)) ++ { ++ found = true; ++ break; ++ } ++ } ++ ++ if (!found) ++ FAIL_EXIT1 ("semctl with SEM_STAT/SEM_STAT_ANY could not find the " ++ "created semaphore"); ++ ++ if (semctl (semid, 0, IPC_RMID, 0) == -1) ++ FAIL_EXIT1 ("semctl failed: %m"); ++ ++ return 0; ++} ++ ++#include +diff --git a/sysvipc/test-sysvsem.c b/sysvipc/test-sysvsem.c +index a8e9bff0..d1977729 100644 +--- a/sysvipc/test-sysvsem.c ++++ b/sysvipc/test-sysvsem.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +-- +2.23.0 + diff --git a/glibc.spec b/glibc.spec index fdabe35466410a37f5b82e37cd4c47e531b91e65..048db7ce208371619f46484f37b25d96c1a2b4ec 100644 --- a/glibc.spec +++ b/glibc.spec @@ -59,7 +59,7 @@ ############################################################################## Name: glibc Version: 2.28 -Release: 44 +Release: 47 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -91,6 +91,12 @@ Patch14: Fix-memory-leak-in-__printf_fp_l-bug-26215.patch Patch15: Fix-CVE-2020-6096-001.patch Patch16: Fix-CVE-2020-6096-002.patch Patch17: backport-Correct-locking-and-cancellation-cleanup-in-syslog-functions.patch +Patch18: makedb-fix-build-with-libselinux-3.1.patch +Patch19: Workaround-deprecation-warnings-introduced-in-libselinux-3.1.patch +Patch20: backport-0001-Fix-handling-of-collating-symbols-in-fnmatch-bug-266.patch +Patch21: backport-sysvipc-Fix-SEM_STAT_ANY-kernel-argument-pass-BZ-26637.patch +Patch22: backport-i686-tst-strftime3-fix-printf-warning.patch +Patch23: Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch Provides: ldconfig rtld(GNU_HASH) bundled(gnulib) @@ -1086,6 +1092,21 @@ fi %doc hesiod/README.hesiod %changelog +* Tue Nov 10 2020 liusirui - 2.28-47 +- Fix CVE-2020-27618, iconv accept redundant shift sequences in IBM1364 [BZ #26224] + https://sourceware.org/bugzilla/show_bug.cgi?id=26224 + +* Tue Oct 27 2020 Qingqing Li - 2.28-46 +- fix handling of collating symbols in fnmatch. + upstream link is: https://sourceware.org/bugzilla/show_bug.cgi?id=26620 +- fix SEM_STAT_ANY kernel argument pass. + upstream link is: https://sourceware.org/bugzilla/show_bug.cgi?26637 +- fix i686 test-strftime3.c compile warning. + +* Tue Sep 22 2020 zhaowei - 2.28-45 +- fix bug 965941: fix build with libselinux >= 3.1 +- origin bugzilla link is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965941 + * Tue Sep 12 2020 liqingqing_1229 - 2.28-44 - fix bug 26100: correct locking and cancellation cleanup in syslog functions. - origin bugzilla link is https://sourceware.org/bugzilla/show_bug.cgi?id=26100 diff --git a/makedb-fix-build-with-libselinux-3.1.patch b/makedb-fix-build-with-libselinux-3.1.patch new file mode 100644 index 0000000000000000000000000000000000000000..478dac90d3349f3880b645e1a15dea58e6910892 --- /dev/null +++ b/makedb-fix-build-with-libselinux-3.1.patch @@ -0,0 +1,93 @@ +From: Aurelien Jarno +To: libc-alpha@sourceware.org +Subject: [PATCH] makedb: fix build with libselinux >= 3.1 +Date: Tue, 21 Jul 2020 07:01:16 +0200 +Message-Id: <20200721050115.204181-1-aurelien@aurel32.net> +URL: http://patchwork.sourceware.org/project/glibc/patch/20200721050115.204181-1-aurelien@aurel32.net/ + +-------------------------------------------------------------------- +glibc doesn't build with libselinux 3.1 that has been released recently +due to new deprecations introduced in that version and the fact that +glibc is built with -Werror by default: + +| makedb.c: In function ‘set_file_creation_context’: +| makedb.c:849:3: error: ‘security_context_t’ is deprecated [-Werror=deprecated-declarations] +| 849 | security_context_t ctx; +| | ^~~~~~~~~~~~~~~~~~ +| makedb.c:863:3: error: ‘matchpathcon’ is deprecated: Use selabel_lookup instead [-Werror=deprecated-declarations] +| 863 | if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL) +| | ^~ +| In file included from makedb.c:50: +| /usr/include/selinux/selinux.h:500:12: note: declared here +| 500 | extern int matchpathcon(const char *path, +| | ^~~~~~~~~~~~ +| cc1: all warnings being treated as errors + +This patch is an attempt to fix that. It has only built tested, as I do +not have a system nor the knowledge to test that. I have checked that +the functions used as replacement are available since at least selinux +2.0.96, released more than 10 years ago, so we probably do not need any +version check in the configure script. +--- + nss/makedb.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +I believe this patch is not acceptable for glibc 2.32, I guess we should +just add a #pragma to ignore -Werror=deprecated-declarations in that +file. + +Note: there is the same issue in nscd/selinux.c. I plan to have a look +once we settle on a strategy. + +diff --git a/nss/makedb.c b/nss/makedb.c +index 8e389a16837..a5c4b521172 100644 +--- a/nss/makedb.c ++++ b/nss/makedb.c +@@ -47,6 +47,7 @@ + + /* SELinux support. */ + #ifdef HAVE_SELINUX ++# include + # include + #endif + +@@ -846,7 +847,8 @@ set_file_creation_context (const char *outname, mode_t mode) + { + static int enabled; + static int enforcing; +- security_context_t ctx; ++ struct selabel_handle *label_hnd = NULL; ++ char* ctx; + + /* Check if SELinux is enabled, and remember. */ + if (enabled == 0) +@@ -858,9 +860,16 @@ set_file_creation_context (const char *outname, mode_t mode) + if (enforcing == 0) + enforcing = security_getenforce () ? 1 : -1; + ++ /* Open the file contexts backend. */ ++ label_hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); ++ if (!label_hnd) ++ if (setfscreatecon (ctx) != 0) ++ error (enforcing > 0 ? EXIT_FAILURE : 0, 0, ++ gettext ("cannot initialize SELinux context")); ++ + /* Determine the context which the file should have. */ + ctx = NULL; +- if (matchpathcon (outname, S_IFREG | mode, &ctx) == 0 && ctx != NULL) ++ if (selabel_lookup(label_hnd, &ctx, outname, S_IFREG | mode) == 0 && ctx != NULL) + { + if (setfscreatecon (ctx) != 0) + error (enforcing > 0 ? EXIT_FAILURE : 0, 0, +@@ -868,7 +877,11 @@ set_file_creation_context (const char *outname, mode_t mode) + outname); + + freecon (ctx); ++ selabel_close(label_hnd); + } ++ ++ /* Close the file contexts backend. */ ++ selabel_close(label_hnd); + } + + static void