diff --git a/backport-Use-O_CLOEXEC-in-sysconf-BZ-26791.patch b/backport-Use-O_CLOEXEC-in-sysconf-BZ-26791.patch new file mode 100644 index 0000000000000000000000000000000000000000..fb913cd7088bf36443912f263c7df9ebce79f659 --- /dev/null +++ b/backport-Use-O_CLOEXEC-in-sysconf-BZ-26791.patch @@ -0,0 +1,27 @@ +From d2d714b9fc02e4710d6dc769d8ec2c9dab0eb69a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maximilian=20Kr=C3=BCger?= +Date: Wed, 11 Nov 2020 11:21:30 +0100 +Subject: [PATCH] Use O_CLOEXEC in sysconf [BZ #26791] + +If sysconf is used in multithreaded processes, various filedescriptors +may leak due to missing O_CLOEXEC. This commit adds the flag. +--- + sysdeps/unix/sysv/linux/sysconf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sysdeps/unix/sysv/linux/sysconf.c b/sysdeps/unix/sysv/linux/sysconf.c +index 7958a74164..9c5a4cb1a4 100644 +--- a/sysdeps/unix/sysv/linux/sysconf.c ++++ b/sysdeps/unix/sysv/linux/sysconf.c +@@ -81,7 +81,7 @@ __sysconf (int name) + + if (procfname != NULL) + { +- int fd = __open_nocancel (procfname, O_RDONLY); ++ int fd = __open_nocancel (procfname, O_RDONLY | O_CLOEXEC); + if (fd != -1) + { + /* This is more than enough, the file contains a single integer. */ +-- +2.19.1 + diff --git a/backport-aarch64-Add-unwind-information-to-_start-bug-26853.patch b/backport-aarch64-Add-unwind-information-to-_start-bug-26853.patch new file mode 100644 index 0000000000000000000000000000000000000000..b3090e74485ea2c5e8a6c6a1dde3d72c6b79f328 --- /dev/null +++ b/backport-aarch64-Add-unwind-information-to-_start-bug-26853.patch @@ -0,0 +1,42 @@ +From 5edf3d9fd6efe06fda37b2a460e60690a90457a4 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 9 Nov 2020 11:31:04 +0100 +Subject: [PATCH] aarch64: Add unwind information to _start (bug 26853) + +This adds CFI directives which communicate that the stack ends +with this function. + +Fixes bug 26853. +--- + sysdeps/aarch64/start.S | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/sysdeps/aarch64/start.S b/sysdeps/aarch64/start.S +index 75393e1c18..108f602721 100644 +--- a/sysdeps/aarch64/start.S ++++ b/sysdeps/aarch64/start.S +@@ -43,11 +43,9 @@ + */ + + .text +- .globl _start +- .type _start,#function +-_start: +- BTI_C ++ENTRY(_start) + /* Create an initial frame with 0 LR and FP */ ++ cfi_undefined (x30) + mov x29, #0 + mov x30, #0 + +@@ -103,6 +101,7 @@ _start: + __wrap_main: + b main + #endif ++END(_start) + + /* Define a symbol for the first piece of initialized data. */ + .data +-- +2.19.1 + diff --git a/glibc.spec b/glibc.spec index 0fa0e027e3a4b102528b064d3acc411adf676ca8..4af215a492a9acab1a781afd40f380c5f0ed3075 100644 --- a/glibc.spec +++ b/glibc.spec @@ -60,7 +60,7 @@ ############################################################################## Name: glibc Version: 2.31 -Release: 7 +Release: 8 Summary: The GNU libc libraries License: %{all_license} URL: http://www.gnu.org/software/glibc/ @@ -93,6 +93,8 @@ Patch6013: Fix-CVE-2020-6096-002.patch Patch6014: Disable-warnings-due-to-deprecated-libselinux-symbol.patch Patch6015: rtld-Avoid-using-up-static-TLS-surplus-for-optimizat.patch Patch6016: Fix-CVE-2020-27618-iconv-Accept-redundant-shift-sequences.patch +Patch6017: backport-Use-O_CLOEXEC-in-sysconf-BZ-26791.patch +Patch6018: backport-aarch64-Add-unwind-information-to-_start-bug-26853.patch Patch9000: delete-no-hard-link-to-avoid-all_language-package-to.patch Patch9001: build-extra-libpthreadcond-so.patch @@ -1190,6 +1192,11 @@ fi %doc hesiod/README.hesiod %changelog +* Tue Dec 1 2020 Qingqing Li - 2.31-8 +- Fix bug 26791, 26853 + https://sourceware.org/bugzilla/show_bug.cgi?id=26791 + https://sourceware.org/bugzilla/show_bug.cgi?id=26853 + * Tue Nov 10 2020 liusirui - 2.31-7 - Fix CVE-2020-27618, iconv accept redundant shift sequences in IBM1364 [BZ #26224] https://sourceware.org/bugzilla/show_bug.cgi?id=26224