[arch-commits] Commit in glibc/repos (12 files)
Allan McRae
allan at archlinux.org
Wed Apr 22 12:00:38 UTC 2015
Date: Wednesday, April 22, 2015 @ 14:00:37
Author: allan
Revision: 237899
archrelease: copy trunk to testing-i686, testing-x86_64
Added:
glibc/repos/testing-i686/
glibc/repos/testing-i686/PKGBUILD
(from rev 237898, glibc/trunk/PKGBUILD)
glibc/repos/testing-i686/glibc-2.21-roundup.patch
(from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
glibc/repos/testing-i686/glibc.install
(from rev 237898, glibc/trunk/glibc.install)
glibc/repos/testing-i686/locale-gen
(from rev 237898, glibc/trunk/locale-gen)
glibc/repos/testing-i686/locale.gen.txt
(from rev 237898, glibc/trunk/locale.gen.txt)
glibc/repos/testing-x86_64/
glibc/repos/testing-x86_64/PKGBUILD
(from rev 237898, glibc/trunk/PKGBUILD)
glibc/repos/testing-x86_64/glibc-2.21-roundup.patch
(from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
glibc/repos/testing-x86_64/glibc.install
(from rev 237898, glibc/trunk/glibc.install)
glibc/repos/testing-x86_64/locale-gen
(from rev 237898, glibc/trunk/locale-gen)
glibc/repos/testing-x86_64/locale.gen.txt
(from rev 237898, glibc/trunk/locale.gen.txt)
-----------------------------------------+
testing-i686/PKGBUILD | 150 ++++++++++++++++++++++++++++++
testing-i686/glibc-2.21-roundup.patch | 97 +++++++++++++++++++
testing-i686/glibc.install | 22 ++++
testing-i686/locale-gen | 42 ++++++++
testing-i686/locale.gen.txt | 23 ++++
testing-x86_64/PKGBUILD | 150 ++++++++++++++++++++++++++++++
testing-x86_64/glibc-2.21-roundup.patch | 97 +++++++++++++++++++
testing-x86_64/glibc.install | 22 ++++
testing-x86_64/locale-gen | 42 ++++++++
testing-x86_64/locale.gen.txt | 23 ++++
10 files changed, 668 insertions(+)
Copied: glibc/repos/testing-i686/PKGBUILD (from rev 237898, glibc/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD (rev 0)
+++ testing-i686/PKGBUILD 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,150 @@
+# $Id$
+# Maintainer: Allan McRae <allan at archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+# NOTE: valgrind requires rebuilt with each major glibc version
+
+# NOTE: adjust version in install script when locale files are updated
+
+pkgname=glibc
+pkgver=2.21
+pkgrel=3
+pkgdesc="GNU C Library"
+arch=('i686' 'x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=('base')
+depends=('linux-api-headers>=3.18' 'tzdata' 'filesystem')
+makedepends=('gcc>=4.9')
+backup=(etc/gai.conf
+ etc/locale.gen
+ etc/nscd.conf)
+options=('!strip' 'staticlibs')
+install=glibc.install
+source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
+ glibc-2.21-roundup.patch
+ locale.gen.txt
+ locale-gen)
+md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
+ 'SKIP'
+ 'feb826d5f4965e9892ee6e851fec43a9'
+ '07ac979b6ab5eeb778d55f041529d623'
+ '476e9113489f93b348b21e144b6a8fcf')
+validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF') # Carlos O'Donell
+
+prepare() {
+ cd ${srcdir}/glibc-${pkgver}
+
+ # glibc-2.21..01b07c70
+ patch -p1 -i $srcdir/glibc-2.21-roundup.patch
+
+ mkdir ${srcdir}/glibc-build
+}
+
+build() {
+ cd ${srcdir}/glibc-build
+
+ if [[ ${CARCH} = "i686" ]]; then
+ # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+ # TODO: make separate glibc-xen package for i686
+ export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+ fi
+
+ echo "slibdir=/usr/lib" >> configparms
+ echo "rtlddir=/usr/lib" >> configparms
+ echo "sbindir=/usr/bin" >> configparms
+ echo "rootsbindir=/usr/bin" >> configparms
+
+ # remove hardening options for building libraries
+ CFLAGS=${CFLAGS/-fstack-protector-strong/}
+ CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+ ${srcdir}/${pkgname}-${pkgver}/configure --prefix=/usr \
+ --libdir=/usr/lib --libexecdir=/usr/lib \
+ --with-headers=/usr/include \
+ --with-bugurl=https://bugs.archlinux.org/ \
+ --enable-add-ons \
+ --enable-obsolete-rpc \
+ --enable-kernel=2.6.32 \
+ --enable-bind-now --disable-profile \
+ --enable-stackguard-randomization \
+ --enable-lock-elision \
+ --enable-multi-arch \
+ --disable-werror
+
+ # build libraries with hardening disabled
+ echo "build-programs=no" >> configparms
+ make
+
+ # re-enable hardening for programs
+ sed -i "/build-programs=/s#no#yes#" configparms
+ echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ make
+
+ # remove harding in preparation to run test-suite
+ sed -i '5,7d' configparms
+}
+
+check() {
+ # the linker commands need to be reordered - fixed in 2.19
+ LDFLAGS=${LDFLAGS/--as-needed,/}
+
+ cd ${srcdir}/glibc-build
+
+ # tst-cleanupx4 failure on i686 is "expected"
+ make check || true
+}
+
+package() {
+ cd ${srcdir}/glibc-build
+
+ install -dm755 ${pkgdir}/etc
+ touch ${pkgdir}/etc/ld.so.conf
+
+ make install_root=${pkgdir} install
+
+ rm -f ${pkgdir}/etc/ld.so.{cache,conf}
+
+ install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}
+
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.service ${pkgdir}/usr/lib/systemd/system
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf
+
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/posix/gai.conf ${pkgdir}/etc/gai.conf
+
+ install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin
+
+ # create /etc/locale.gen
+ install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
+ sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
+ ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
+
+ # remove the static libraries that have a shared counterpart
+ # libc, libdl, libm and libpthread are required for toolchain testsuites
+ # in addition libcrypt appears widely required
+ rm $pkgdir/usr/lib/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
+
+ # Do not strip the following files for improved debugging support
+ # ("improved" as in not breaking gdb and valgrind...):
+ # ld-${pkgver}.so
+ # libc-${pkgver}.so
+ # libpthread-${pkgver}.so
+ # libthread_db-1.0.so
+
+ cd $pkgdir
+ strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
+ usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
+ usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
+ usr/lib/getconf/*
+ [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4
+
+ strip $STRIP_STATIC usr/lib/*.a
+
+ strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
+ usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
+ usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
+ usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
+ usr/lib/{audit,gconv}/*.so
+}
Copied: glibc/repos/testing-i686/glibc-2.21-roundup.patch (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
===================================================================
--- testing-i686/glibc-2.21-roundup.patch (rev 0)
+++ testing-i686/glibc-2.21-roundup.patch 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,97 @@
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..26feb07 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,15 @@
++2015-04-21 Arjun Shankar <arjun.is at lostca.se>
++
++ [BZ #18287]
++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++ based on padding. (CVE-2015-1781)
++
++2015-02-10 Evangelos Foutras <evangelos at foutrelis.com>
++
++ [BZ #17949]
++ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
++ jump label.
++
+ 2015-02-06 Carlos O'Donell <carlos at systemhalted.org>
+
+ * version.h (RELEASE): Set to "stable".
+@@ -7,6 +19,7 @@
+ * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
+
+ 2015-02-05 Paul Pluzhnikov <ppluzhnikov at google.com>
++ Paul Eggert <eggert at cs.ucla.edu>
+
+ [BZ #16618]
+ * stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+diff --git a/NEWS b/NEWS
+index 617cdbb..c9f6b58 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,19 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+
++Version 2.21.1
++
++* The following bugs are resolved with this release:
++
++ 17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++ requests has been fixed. If the NSS functions were called with a
++ misaligned buffer, the buffer length change due to pointer alignment was
++ not taken into account. This could result in application crashes or,
++ potentially arbitrary code execution, using crafted, but syntactically
++ valid DNS responses. (CVE-2015-1781)
++
+ Version 2.21
+
+ * The following bugs are resolved with this release:
+@@ -21,10 +34,11 @@ Version 2.21
+ 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+ 17892.
+
+-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
+- memory for the to-be-scanned arguments and overflow the allocated
+- buffer. The implementation now correctly computes the required buffer
+- size when using malloc.
++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
++ too little memory for the to-be-scanned arguments and overflow the
++ allocated buffer. The implementation now correctly computes the required
++ buffer size when using malloc, and switches to malloc from alloca as
++ intended.
+
+ * A new semaphore algorithm has been implemented in generic C code for all
+ machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+ int have_to_map = 0;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++ buflen = buflen > pad ? buflen - pad : 0;
++ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+ {
+ /* The buffer is too small. */
+ too_small:
+diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+index 207b648..b6fa202 100644
+--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
+ cmpl $0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
+ jne 1f
+ call __init_cpu_features
+- leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
+-1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
++1: leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
++ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
+ jz 2f
+ leal __mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
+ testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)
Copied: glibc/repos/testing-i686/glibc.install (from rev 237898, glibc/trunk/glibc.install)
===================================================================
--- testing-i686/glibc.install (rev 0)
+++ testing-i686/glibc.install 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,22 @@
+infodir=usr/share/info
+filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11})
+
+post_upgrade() {
+ ldconfig -r .
+
+ if [[ $(vercmp 2.21-2 $2) = 1 ]]; then
+ locale-gen
+ fi
+
+ [[ -x usr/bin/install-info ]] || return 0
+ for file in ${filelist[@]}; do
+ install-info $infodir/$file.gz $infodir/dir 2> /dev/null
+ done
+}
+
+pre_remove() {
+ [[ -x usr/bin/install-info ]] || return 0
+ for file in ${filelist[@]}; do
+ install-info --delete $infodir/$file.gz $infodir/dir 2> /dev/null
+ done
+}
Copied: glibc/repos/testing-i686/locale-gen (from rev 237898, glibc/trunk/locale-gen)
===================================================================
--- testing-i686/locale-gen (rev 0)
+++ testing-i686/locale-gen 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+LOCALEGEN=/etc/locale.gen
+LOCALES=/usr/share/i18n/locales
+if [ -n "$POSIXLY_CORRECT" ]; then
+ unset POSIXLY_CORRECT
+fi
+
+
+[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0;
+
+# Remove all old locale dir and locale-archive before generating new
+# locale data.
+rm -rf /usr/lib/locale/* || true
+
+umask 022
+
+is_entry_ok() {
+ if [ -n "$locale" -a -n "$charset" ] ; then
+ true
+ else
+ echo "error: Bad entry '$locale $charset'"
+ false
+ fi
+}
+
+echo "Generating locales..."
+while read locale charset; do \
+ case $locale in \#*) continue;; "") continue;; esac; \
+ is_entry_ok || continue
+ echo -n " `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \
+ echo -n ".$charset"; \
+ echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \
+ echo -n '...'; \
+ if [ -f $LOCALES/$locale ]; then input=$locale; else \
+ input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \
+ localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \
+ echo ' done'; \
+done < $LOCALEGEN
+echo "Generation complete."
Copied: glibc/repos/testing-i686/locale.gen.txt (from rev 237898, glibc/trunk/locale.gen.txt)
===================================================================
--- testing-i686/locale.gen.txt (rev 0)
+++ testing-i686/locale.gen.txt 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,23 @@
+# Configuration file for locale-gen
+#
+# lists of locales that are to be generated by the locale-gen command.
+#
+# Each line is of the form:
+#
+# <locale> <charset>
+#
+# where <locale> is one of the locales given in /usr/share/i18n/locales
+# and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
+#
+# Examples:
+# en_US ISO-8859-1
+# en_US.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE at euro ISO-8859-15
+#
+# The locale-gen command will generate all the locales,
+# placing them in /usr/lib/locale.
+#
+# A list of supported locales is included in this file.
+# Uncomment the ones you need.
+#
Copied: glibc/repos/testing-x86_64/PKGBUILD (from rev 237898, glibc/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD (rev 0)
+++ testing-x86_64/PKGBUILD 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,150 @@
+# $Id$
+# Maintainer: Allan McRae <allan at archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+# NOTE: valgrind requires rebuilt with each major glibc version
+
+# NOTE: adjust version in install script when locale files are updated
+
+pkgname=glibc
+pkgver=2.21
+pkgrel=3
+pkgdesc="GNU C Library"
+arch=('i686' 'x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=('base')
+depends=('linux-api-headers>=3.18' 'tzdata' 'filesystem')
+makedepends=('gcc>=4.9')
+backup=(etc/gai.conf
+ etc/locale.gen
+ etc/nscd.conf)
+options=('!strip' 'staticlibs')
+install=glibc.install
+source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
+ glibc-2.21-roundup.patch
+ locale.gen.txt
+ locale-gen)
+md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
+ 'SKIP'
+ 'feb826d5f4965e9892ee6e851fec43a9'
+ '07ac979b6ab5eeb778d55f041529d623'
+ '476e9113489f93b348b21e144b6a8fcf')
+validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF') # Carlos O'Donell
+
+prepare() {
+ cd ${srcdir}/glibc-${pkgver}
+
+ # glibc-2.21..01b07c70
+ patch -p1 -i $srcdir/glibc-2.21-roundup.patch
+
+ mkdir ${srcdir}/glibc-build
+}
+
+build() {
+ cd ${srcdir}/glibc-build
+
+ if [[ ${CARCH} = "i686" ]]; then
+ # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+ # TODO: make separate glibc-xen package for i686
+ export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+ fi
+
+ echo "slibdir=/usr/lib" >> configparms
+ echo "rtlddir=/usr/lib" >> configparms
+ echo "sbindir=/usr/bin" >> configparms
+ echo "rootsbindir=/usr/bin" >> configparms
+
+ # remove hardening options for building libraries
+ CFLAGS=${CFLAGS/-fstack-protector-strong/}
+ CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+ ${srcdir}/${pkgname}-${pkgver}/configure --prefix=/usr \
+ --libdir=/usr/lib --libexecdir=/usr/lib \
+ --with-headers=/usr/include \
+ --with-bugurl=https://bugs.archlinux.org/ \
+ --enable-add-ons \
+ --enable-obsolete-rpc \
+ --enable-kernel=2.6.32 \
+ --enable-bind-now --disable-profile \
+ --enable-stackguard-randomization \
+ --enable-lock-elision \
+ --enable-multi-arch \
+ --disable-werror
+
+ # build libraries with hardening disabled
+ echo "build-programs=no" >> configparms
+ make
+
+ # re-enable hardening for programs
+ sed -i "/build-programs=/s#no#yes#" configparms
+ echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ make
+
+ # remove harding in preparation to run test-suite
+ sed -i '5,7d' configparms
+}
+
+check() {
+ # the linker commands need to be reordered - fixed in 2.19
+ LDFLAGS=${LDFLAGS/--as-needed,/}
+
+ cd ${srcdir}/glibc-build
+
+ # tst-cleanupx4 failure on i686 is "expected"
+ make check || true
+}
+
+package() {
+ cd ${srcdir}/glibc-build
+
+ install -dm755 ${pkgdir}/etc
+ touch ${pkgdir}/etc/ld.so.conf
+
+ make install_root=${pkgdir} install
+
+ rm -f ${pkgdir}/etc/ld.so.{cache,conf}
+
+ install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}
+
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.service ${pkgdir}/usr/lib/systemd/system
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf
+
+ install -m644 ${srcdir}/${pkgname}-${pkgver}/posix/gai.conf ${pkgdir}/etc/gai.conf
+
+ install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin
+
+ # create /etc/locale.gen
+ install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
+ sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
+ ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
+
+ # remove the static libraries that have a shared counterpart
+ # libc, libdl, libm and libpthread are required for toolchain testsuites
+ # in addition libcrypt appears widely required
+ rm $pkgdir/usr/lib/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
+
+ # Do not strip the following files for improved debugging support
+ # ("improved" as in not breaking gdb and valgrind...):
+ # ld-${pkgver}.so
+ # libc-${pkgver}.so
+ # libpthread-${pkgver}.so
+ # libthread_db-1.0.so
+
+ cd $pkgdir
+ strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
+ usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
+ usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
+ usr/lib/getconf/*
+ [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4
+
+ strip $STRIP_STATIC usr/lib/*.a
+
+ strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
+ usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
+ usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
+ usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
+ usr/lib/{audit,gconv}/*.so
+}
Copied: glibc/repos/testing-x86_64/glibc-2.21-roundup.patch (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
===================================================================
--- testing-x86_64/glibc-2.21-roundup.patch (rev 0)
+++ testing-x86_64/glibc-2.21-roundup.patch 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,97 @@
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..26feb07 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,15 @@
++2015-04-21 Arjun Shankar <arjun.is at lostca.se>
++
++ [BZ #18287]
++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++ based on padding. (CVE-2015-1781)
++
++2015-02-10 Evangelos Foutras <evangelos at foutrelis.com>
++
++ [BZ #17949]
++ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
++ jump label.
++
+ 2015-02-06 Carlos O'Donell <carlos at systemhalted.org>
+
+ * version.h (RELEASE): Set to "stable".
+@@ -7,6 +19,7 @@
+ * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
+
+ 2015-02-05 Paul Pluzhnikov <ppluzhnikov at google.com>
++ Paul Eggert <eggert at cs.ucla.edu>
+
+ [BZ #16618]
+ * stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+diff --git a/NEWS b/NEWS
+index 617cdbb..c9f6b58 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,19 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+
++Version 2.21.1
++
++* The following bugs are resolved with this release:
++
++ 17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++ requests has been fixed. If the NSS functions were called with a
++ misaligned buffer, the buffer length change due to pointer alignment was
++ not taken into account. This could result in application crashes or,
++ potentially arbitrary code execution, using crafted, but syntactically
++ valid DNS responses. (CVE-2015-1781)
++
+ Version 2.21
+
+ * The following bugs are resolved with this release:
+@@ -21,10 +34,11 @@ Version 2.21
+ 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+ 17892.
+
+-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
+- memory for the to-be-scanned arguments and overflow the allocated
+- buffer. The implementation now correctly computes the required buffer
+- size when using malloc.
++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
++ too little memory for the to-be-scanned arguments and overflow the
++ allocated buffer. The implementation now correctly computes the required
++ buffer size when using malloc, and switches to malloc from alloca as
++ intended.
+
+ * A new semaphore algorithm has been implemented in generic C code for all
+ machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+ int have_to_map = 0;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++ buflen = buflen > pad ? buflen - pad : 0;
++ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+ {
+ /* The buffer is too small. */
+ too_small:
+diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+index 207b648..b6fa202 100644
+--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
+ cmpl $0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
+ jne 1f
+ call __init_cpu_features
+- leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
+-1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
++1: leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
++ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
+ jz 2f
+ leal __mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
+ testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)
Copied: glibc/repos/testing-x86_64/glibc.install (from rev 237898, glibc/trunk/glibc.install)
===================================================================
--- testing-x86_64/glibc.install (rev 0)
+++ testing-x86_64/glibc.install 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,22 @@
+infodir=usr/share/info
+filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11})
+
+post_upgrade() {
+ ldconfig -r .
+
+ if [[ $(vercmp 2.21-2 $2) = 1 ]]; then
+ locale-gen
+ fi
+
+ [[ -x usr/bin/install-info ]] || return 0
+ for file in ${filelist[@]}; do
+ install-info $infodir/$file.gz $infodir/dir 2> /dev/null
+ done
+}
+
+pre_remove() {
+ [[ -x usr/bin/install-info ]] || return 0
+ for file in ${filelist[@]}; do
+ install-info --delete $infodir/$file.gz $infodir/dir 2> /dev/null
+ done
+}
Copied: glibc/repos/testing-x86_64/locale-gen (from rev 237898, glibc/trunk/locale-gen)
===================================================================
--- testing-x86_64/locale-gen (rev 0)
+++ testing-x86_64/locale-gen 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+LOCALEGEN=/etc/locale.gen
+LOCALES=/usr/share/i18n/locales
+if [ -n "$POSIXLY_CORRECT" ]; then
+ unset POSIXLY_CORRECT
+fi
+
+
+[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0;
+
+# Remove all old locale dir and locale-archive before generating new
+# locale data.
+rm -rf /usr/lib/locale/* || true
+
+umask 022
+
+is_entry_ok() {
+ if [ -n "$locale" -a -n "$charset" ] ; then
+ true
+ else
+ echo "error: Bad entry '$locale $charset'"
+ false
+ fi
+}
+
+echo "Generating locales..."
+while read locale charset; do \
+ case $locale in \#*) continue;; "") continue;; esac; \
+ is_entry_ok || continue
+ echo -n " `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \
+ echo -n ".$charset"; \
+ echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \
+ echo -n '...'; \
+ if [ -f $LOCALES/$locale ]; then input=$locale; else \
+ input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \
+ localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \
+ echo ' done'; \
+done < $LOCALEGEN
+echo "Generation complete."
Copied: glibc/repos/testing-x86_64/locale.gen.txt (from rev 237898, glibc/trunk/locale.gen.txt)
===================================================================
--- testing-x86_64/locale.gen.txt (rev 0)
+++ testing-x86_64/locale.gen.txt 2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,23 @@
+# Configuration file for locale-gen
+#
+# lists of locales that are to be generated by the locale-gen command.
+#
+# Each line is of the form:
+#
+# <locale> <charset>
+#
+# where <locale> is one of the locales given in /usr/share/i18n/locales
+# and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
+#
+# Examples:
+# en_US ISO-8859-1
+# en_US.UTF-8 UTF-8
+# de_DE ISO-8859-1
+# de_DE at euro ISO-8859-15
+#
+# The locale-gen command will generate all the locales,
+# placing them in /usr/lib/locale.
+#
+# A list of supported locales is included in this file.
+# Uncomment the ones you need.
+#
More information about the arch-commits
mailing list