[arch-commits] Commit in lib32-glibc/trunk (3 files)
Jan Steffens
heftig at nymeria.archlinux.org
Fri Aug 16 18:20:12 UTC 2013
Date: Friday, August 16, 2013 @ 20:20:12
Author: heftig
Revision: 95774
2.18-2
Added:
lib32-glibc/trunk/glibc-2.18-readdir_r-CVE-2013-4237.patch
lib32-glibc/trunk/glibc-2.18-strstr-hackfix.patch
Modified:
lib32-glibc/trunk/PKGBUILD
------------------------------------------+
PKGBUILD | 27 ++
glibc-2.18-readdir_r-CVE-2013-4237.patch | 281 +++++++++++++++++++++++++++++
glibc-2.18-strstr-hackfix.patch | 13 +
3 files changed, 314 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2013-08-16 17:52:10 UTC (rev 95773)
+++ PKGBUILD 2013-08-16 18:20:12 UTC (rev 95774)
@@ -9,7 +9,7 @@
_pkgbasename=glibc
pkgname=lib32-$_pkgbasename
pkgver=2.18
-pkgrel=1
+pkgrel=2
pkgdesc="GNU C Library for multilib"
arch=('x86_64')
url="http://www.gnu.org/software/libc"
@@ -17,31 +17,44 @@
makedepends=('gcc-multilib>=4.7')
options=('!strip' '!emptydirs')
source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
+ glibc-2.18-readdir_r-CVE-2013-4237.patch
+ glibc-2.18-strstr-hackfix.patch
lib32-glibc.conf)
md5sums=('88fbbceafee809e82efd52efa1e3c58f'
'SKIP'
+ '154da6bf5a5248f42a7bf5bf08e01a47'
+ '4441f6dfe7d75ced1fa75e54dd21d36e'
'6e052f1cb693d5d3203f50f9d4e8c33b')
-build() {
+prepare() {
cd ${srcdir}/${_pkgbasename}-${pkgver}
+
+ # upstream commit 91ce4085
+ patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch
+
+ # hack fix for strstr issues on x86
+ patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch
- cd ${srcdir}
- mkdir glibc-build
- cd glibc-build
+ mkdir ${srcdir}/glibc-build
+}
+build() {
+ cd ${srcdir}/glibc-build
+
#if [[ ${CARCH} = "i686" ]]; then
# Hack to fix NPTL issues with Xen, only required on 32bit platforms
# TODO: make separate glibc-xen package for i686
export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
#fi
- export CC="gcc -m32"
- export CXX="g++ -m32"
echo "slibdir=/usr/lib32" >> configparms
echo "sbindir=/usr/bin" >> configparms
echo "rootsbindir=/usr/bin" >> configparms
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+
# remove hardening options for building libraries
CFLAGS=${CFLAGS/-fstack-protector/}
CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
Added: glibc-2.18-readdir_r-CVE-2013-4237.patch
===================================================================
--- glibc-2.18-readdir_r-CVE-2013-4237.patch (rev 0)
+++ glibc-2.18-readdir_r-CVE-2013-4237.patch 2013-08-16 18:20:12 UTC (rev 95774)
@@ -0,0 +1,281 @@
+diff --git a/manual/conf.texi b/manual/conf.texi
+index 7eb8b36..c720063 100644
+--- a/manual/conf.texi
++++ b/manual/conf.texi
+@@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues}.
+ @deftypevr Macro int NAME_MAX
+ The uniform system limit (if any) for the length of a file name component, not
+ including the terminating null character.
++
++ at strong{Portability Note:} On some systems, @theglibc{} defines
++ at code{NAME_MAX}, but does not actually enforce this limit.
+ @end deftypevr
+
+ @comment limits.h
+@@ -1157,6 +1160,9 @@ including the terminating null character.
+ The uniform system limit (if any) for the length of an entire file name (that
+ is, the argument given to system calls such as @code{open}), including the
+ terminating null character.
++
++ at strong{Portability Note:} @Theglibc{} does not enforce this limit
++even if @code{PATH_MAX} is defined.
+ @end deftypevr
+
+ @cindex limits, pipe buffer size
+@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}.
+ Inquire about the value of @code{POSIX_REC_XFER_ALIGN}.
+ @end table
+
++ at strong{Portability Note:} On some systems, @theglibc{} does not
++enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits.
++
+ @node Utility Limits
+ @section Utility Program Capacity Limits
+
+diff --git a/manual/filesys.texi b/manual/filesys.texi
+index 1df9cf2..814c210 100644
+--- a/manual/filesys.texi
++++ b/manual/filesys.texi
+@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}.
+ @comment POSIX.1
+ @deftypefun {struct dirent *} readdir (DIR *@var{dirstream})
+ This function reads the next entry from the directory. It normally
+-returns a pointer to a structure containing information about the file.
+-This structure is statically allocated and can be rewritten by a
+-subsequent call.
++returns a pointer to a structure containing information about the
++file. This structure is associated with the @var{dirstream} handle
++and can be rewritten by a subsequent call.
+
+ @strong{Portability Note:} On some systems @code{readdir} may not
+ return entries for @file{.} and @file{..}, even though these are always
+@@ -461,19 +461,61 @@ conditions are defined for this function:
+ The @var{dirstream} argument is not valid.
+ @end table
+
+- at code{readdir} is not thread safe. Multiple threads using
+- at code{readdir} on the same @var{dirstream} may overwrite the return
+-value. Use @code{readdir_r} when this is critical.
++To distinguish between an end-of-directory condition or an error, you
++must set @code{errno} to zero before calling @code{readdir}. To avoid
++entering an infinite loop, you should stop reading from the directory
++after the first error.
++
++In POSIX.1-2008, @code{readdir} is not thread-safe. In @theglibc{}
++implementation, it is safe to call @code{readdir} concurrently on
++different @var{dirstream}s, but multiple threads accessing the same
++ at var{dirstream} result in undefined behavior. @code{readdir_r} is a
++fully thread-safe alternative, but suffers from poor portability (see
++below). It is recommended that you use @code{readdir}, with external
++locking if multiple threads access the same @var{dirstream}.
+ @end deftypefun
+
+ @comment dirent.h
+ @comment GNU
+ @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result})
+-This function is the reentrant version of @code{readdir}. Like
+- at code{readdir} it returns the next entry from the directory. But to
+-prevent conflicts between simultaneously running threads the result is
+-not stored in statically allocated memory. Instead the argument
+- at var{entry} points to a place to store the result.
++This function is a version of @code{readdir} which performs internal
++locking. Like @code{readdir} it returns the next entry from the
++directory. To prevent conflicts between simultaneously running
++threads the result is stored inside the @var{entry} object.
++
++ at strong{Portability Note:} It is recommended to use @code{readdir}
++instead of @code{readdir_r} for the following reasons:
++
++ at itemize @bullet
++ at item
++On systems which do not define @code{NAME_MAX}, it may not be possible
++to use @code{readdir_r} safely because the caller does not specify the
++length of the buffer for the directory entry.
++
++ at item
++On some systems, @code{readdir_r} cannot read directory entries with
++very long names. If such a name is encountered, @theglibc{}
++implementation of @code{readdir_r} returns with an error code of
++ at code{ENAMETOOLONG} after the final directory entry has been read. On
++other systems, @code{readdir_r} may return successfully, but the
++ at code{d_name} member may not be NUL-terminated or may be truncated.
++
++ at item
++POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe,
++even when access to the same @var{dirstream} is serialized. But in
++current implementations (including @theglibc{}), it is safe to call
++ at code{readdir} concurrently on different @var{dirstream}s, so there is
++no need to use @code{readdir_r} in most multi-threaded programs. In
++the rare case that multiple threads need to read from the same
++ at var{dirstream}, it is still better to use @code{readdir} and external
++synchronization.
++
++ at item
++It is expected that future versions of POSIX will obsolete
++ at code{readdir_r} and mandate the level of thread safety for
++ at code{readdir} which is provided by @theglibc{} and other
++implementations today.
++ at end itemize
+
+ Normally @code{readdir_r} returns zero and sets @code{*@var{result}}
+ to @var{entry}. If there are no more entries in the directory or an
+@@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets @code{*@var{result}} to a
+ null pointer and returns a nonzero error code, also stored in
+ @code{errno}, as described for @code{readdir}.
+
+- at strong{Portability Note:} On some systems @code{readdir_r} may not
+-return a NUL terminated string for the file name, even when there is no
+- at code{d_reclen} field in @code{struct dirent} and the file
+-name is the maximum allowed size. Modern systems all have the
+- at code{d_reclen} field, and on old systems multi-threading is not
+-critical. In any case there is no such problem with the @code{readdir}
+-function, so that even on systems without the @code{d_reclen} member one
+-could use multiple threads by using external locking.
+-
+ It is also important to look at the definition of the @code{struct
+ dirent} type. Simply passing a pointer to an object of this type for
+ the second parameter of @code{readdir_r} might not be enough. Some
+diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h
+index a7a074d..8e8570d 100644
+--- a/sysdeps/posix/dirstream.h
++++ b/sysdeps/posix/dirstream.h
+@@ -39,6 +39,8 @@ struct __dirstream
+
+ off_t filepos; /* Position of next entry to read. */
+
++ int errcode; /* Delayed error code. */
++
+ /* Directory block. */
+ char data[0] __attribute__ ((aligned (__alignof__ (void*))));
+ };
+diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
+index ddfc3a7..fc05b0f 100644
+--- a/sysdeps/posix/opendir.c
++++ b/sysdeps/posix/opendir.c
+@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
+ dirp->size = 0;
+ dirp->offset = 0;
+ dirp->filepos = 0;
++ dirp->errcode = 0;
+
+ return dirp;
+ }
+diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c
+index b5a8e2e..8ed5c3f 100644
+--- a/sysdeps/posix/readdir_r.c
++++ b/sysdeps/posix/readdir_r.c
+@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+ DIRENT_TYPE *dp;
+ size_t reclen;
+ const int saved_errno = errno;
++ int ret;
+
+ __libc_lock_lock (dirp->lock);
+
+@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+ bytes = 0;
+ __set_errno (saved_errno);
+ }
++ if (bytes < 0)
++ dirp->errcode = errno;
+
+ dp = NULL;
+- /* Reclen != 0 signals that an error occurred. */
+- reclen = bytes != 0;
+ break;
+ }
+ dirp->size = (size_t) bytes;
+@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
+ dirp->filepos += reclen;
+ #endif
+
+- /* Skip deleted files. */
++#ifdef NAME_MAX
++ if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1)
++ {
++ /* The record is very long. It could still fit into the
++ caller-supplied buffer if we can skip padding at the
++ end. */
++ size_t namelen = _D_EXACT_NAMLEN (dp);
++ if (namelen <= NAME_MAX)
++ reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1;
++ else
++ {
++ /* The name is too long. Ignore this file. */
++ dirp->errcode = ENAMETOOLONG;
++ dp->d_ino = 0;
++ continue;
++ }
++ }
++#endif
++
++ /* Skip deleted and ignored files. */
+ }
+ while (dp->d_ino == 0);
+
+ if (dp != NULL)
+ {
+-#ifdef GETDENTS_64BIT_ALIGNED
+- /* The d_reclen value might include padding which is not part of
+- the DIRENT_TYPE data structure. */
+- reclen = MIN (reclen,
+- offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name));
+-#endif
+ *result = memcpy (entry, dp, reclen);
+-#ifdef GETDENTS_64BIT_ALIGNED
++#ifdef _DIRENT_HAVE_D_RECLEN
+ entry->d_reclen = reclen;
+ #endif
++ ret = 0;
+ }
+ else
+- *result = NULL;
++ {
++ *result = NULL;
++ ret = dirp->errcode;
++ }
+
+ __libc_lock_unlock (dirp->lock);
+
+- return dp != NULL ? 0 : reclen ? errno : 0;
++ return ret;
+ }
+
+ #ifdef __READDIR_R_ALIAS
+diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c
+index 2935a8e..d4991ad 100644
+--- a/sysdeps/posix/rewinddir.c
++++ b/sysdeps/posix/rewinddir.c
+@@ -33,6 +33,7 @@ rewinddir (dirp)
+ dirp->filepos = 0;
+ dirp->offset = 0;
+ dirp->size = 0;
++ dirp->errcode = 0;
+ #ifndef NOT_IN_libc
+ __libc_lock_unlock (dirp->lock);
+ #endif
+diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+index 8ebbcfd..a7d114e 100644
+--- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c
++++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
+@@ -18,7 +18,6 @@
+ #define __READDIR_R __readdir64_r
+ #define __GETDENTS __getdents64
+ #define DIRENT_TYPE struct dirent64
+-#define GETDENTS_64BIT_ALIGNED 1
+
+ #include <sysdeps/posix/readdir_r.c>
+
+diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+index 5ed8e95..290f2c8 100644
+--- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
++++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
+@@ -1,5 +1,4 @@
+ #define readdir64_r __no_readdir64_r_decl
+-#define GETDENTS_64BIT_ALIGNED 1
+ #include <sysdeps/posix/readdir_r.c>
+ #undef readdir64_r
+ weak_alias (__readdir_r, readdir64_r)
+--
+1.8.3.4
+
Added: glibc-2.18-strstr-hackfix.patch
===================================================================
--- glibc-2.18-strstr-hackfix.patch (rev 0)
+++ glibc-2.18-strstr-hackfix.patch 2013-08-16 18:20:12 UTC (rev 95774)
@@ -0,0 +1,13 @@
+diff --git a/sysdeps/x86_64/multiarch/strstr.c b/sysdeps/x86_64/multiarch/strstr.c
+index cd63b68..03d8b9a 100644
+--- a/sysdeps/x86_64/multiarch/strstr.c
++++ b/sysdeps/x86_64/multiarch/strstr.c
+@@ -86,7 +86,7 @@
+ /* Simple replacement of movdqu to address 4KB boundary cross issue.
+ If EOS occurs within less than 16B before 4KB boundary, we don't
+ cross to next page. */
+-static __m128i
++static inline __m128i
+ __m128i_strloadu (const unsigned char * p, __m128i zero)
+ {
+ if (__builtin_expect ((int) ((size_t) p & 0xfff) > 0xff0, 0))
More information about the arch-commits
mailing list