[arch-commits] Commit in glibc/repos (12 files)

Allan McRae allan at archlinux.org
Wed Apr 22 12:00:38 UTC 2015


    Date: Wednesday, April 22, 2015 @ 14:00:37
  Author: allan
Revision: 237899

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  glibc/repos/testing-i686/
  glibc/repos/testing-i686/PKGBUILD
    (from rev 237898, glibc/trunk/PKGBUILD)
  glibc/repos/testing-i686/glibc-2.21-roundup.patch
    (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
  glibc/repos/testing-i686/glibc.install
    (from rev 237898, glibc/trunk/glibc.install)
  glibc/repos/testing-i686/locale-gen
    (from rev 237898, glibc/trunk/locale-gen)
  glibc/repos/testing-i686/locale.gen.txt
    (from rev 237898, glibc/trunk/locale.gen.txt)
  glibc/repos/testing-x86_64/
  glibc/repos/testing-x86_64/PKGBUILD
    (from rev 237898, glibc/trunk/PKGBUILD)
  glibc/repos/testing-x86_64/glibc-2.21-roundup.patch
    (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
  glibc/repos/testing-x86_64/glibc.install
    (from rev 237898, glibc/trunk/glibc.install)
  glibc/repos/testing-x86_64/locale-gen
    (from rev 237898, glibc/trunk/locale-gen)
  glibc/repos/testing-x86_64/locale.gen.txt
    (from rev 237898, glibc/trunk/locale.gen.txt)

-----------------------------------------+
 testing-i686/PKGBUILD                   |  150 ++++++++++++++++++++++++++++++
 testing-i686/glibc-2.21-roundup.patch   |   97 +++++++++++++++++++
 testing-i686/glibc.install              |   22 ++++
 testing-i686/locale-gen                 |   42 ++++++++
 testing-i686/locale.gen.txt             |   23 ++++
 testing-x86_64/PKGBUILD                 |  150 ++++++++++++++++++++++++++++++
 testing-x86_64/glibc-2.21-roundup.patch |   97 +++++++++++++++++++
 testing-x86_64/glibc.install            |   22 ++++
 testing-x86_64/locale-gen               |   42 ++++++++
 testing-x86_64/locale.gen.txt           |   23 ++++
 10 files changed, 668 insertions(+)

Copied: glibc/repos/testing-i686/PKGBUILD (from rev 237898, glibc/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,150 @@
+# $Id$
+# Maintainer: Allan McRae <allan at archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+# NOTE: valgrind requires rebuilt with each major glibc version
+
+# NOTE: adjust version in install script when locale files are updated
+
+pkgname=glibc
+pkgver=2.21
+pkgrel=3
+pkgdesc="GNU C Library"
+arch=('i686' 'x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=('base')
+depends=('linux-api-headers>=3.18' 'tzdata' 'filesystem')
+makedepends=('gcc>=4.9')
+backup=(etc/gai.conf
+        etc/locale.gen
+        etc/nscd.conf)
+options=('!strip' 'staticlibs')
+install=glibc.install
+source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
+        glibc-2.21-roundup.patch
+        locale.gen.txt
+        locale-gen)
+md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
+         'SKIP'
+         'feb826d5f4965e9892ee6e851fec43a9'
+         '07ac979b6ab5eeb778d55f041529d623'
+         '476e9113489f93b348b21e144b6a8fcf')
+validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF')  # Carlos O'Donell
+
+prepare() {
+  cd ${srcdir}/glibc-${pkgver}
+
+  # glibc-2.21..01b07c70
+  patch -p1 -i $srcdir/glibc-2.21-roundup.patch
+
+  mkdir ${srcdir}/glibc-build
+}
+
+build() {
+  cd ${srcdir}/glibc-build
+
+  if [[ ${CARCH} = "i686" ]]; then
+    # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+    # TODO: make separate glibc-xen package for i686
+    export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+  fi
+
+  echo "slibdir=/usr/lib" >> configparms
+  echo "rtlddir=/usr/lib" >> configparms
+  echo "sbindir=/usr/bin" >> configparms
+  echo "rootsbindir=/usr/bin" >> configparms
+
+  # remove hardening options for building libraries
+  CFLAGS=${CFLAGS/-fstack-protector-strong/}
+  CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+  ${srcdir}/${pkgname}-${pkgver}/configure --prefix=/usr \
+      --libdir=/usr/lib --libexecdir=/usr/lib \
+      --with-headers=/usr/include \
+      --with-bugurl=https://bugs.archlinux.org/ \
+      --enable-add-ons \
+      --enable-obsolete-rpc \
+      --enable-kernel=2.6.32 \
+      --enable-bind-now --disable-profile \
+      --enable-stackguard-randomization \
+      --enable-lock-elision \
+      --enable-multi-arch \
+      --disable-werror
+
+  # build libraries with hardening disabled
+  echo "build-programs=no" >> configparms
+  make
+
+  # re-enable hardening for programs
+  sed -i "/build-programs=/s#no#yes#" configparms
+  echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+  echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+  make
+
+  # remove harding in preparation to run test-suite
+  sed -i '5,7d' configparms
+}
+
+check() {
+  # the linker commands need to be reordered - fixed in 2.19
+  LDFLAGS=${LDFLAGS/--as-needed,/}
+
+  cd ${srcdir}/glibc-build
+
+  # tst-cleanupx4 failure on i686 is "expected"
+  make check || true
+}
+
+package() {
+  cd ${srcdir}/glibc-build
+
+  install -dm755 ${pkgdir}/etc
+  touch ${pkgdir}/etc/ld.so.conf
+
+  make install_root=${pkgdir} install
+
+  rm -f ${pkgdir}/etc/ld.so.{cache,conf}
+
+  install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}
+
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.service ${pkgdir}/usr/lib/systemd/system
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf
+
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/posix/gai.conf ${pkgdir}/etc/gai.conf
+
+  install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin
+
+  # create /etc/locale.gen
+  install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
+  sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
+    ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
+
+  # remove the static libraries that have a shared counterpart
+  # libc, libdl, libm and libpthread are required for toolchain testsuites
+  # in addition libcrypt appears widely required
+  rm $pkgdir/usr/lib/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
+
+  # Do not strip the following files for improved debugging support
+  # ("improved" as in not breaking gdb and valgrind...):
+  #   ld-${pkgver}.so
+  #   libc-${pkgver}.so
+  #   libpthread-${pkgver}.so
+  #   libthread_db-1.0.so
+
+  cd $pkgdir
+  strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
+                        usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
+                        usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
+                        usr/lib/getconf/*
+  [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4
+
+  strip $STRIP_STATIC usr/lib/*.a
+
+  strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
+                      usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
+                      usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
+                      usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
+                      usr/lib/{audit,gconv}/*.so
+}

Copied: glibc/repos/testing-i686/glibc-2.21-roundup.patch (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
===================================================================
--- testing-i686/glibc-2.21-roundup.patch	                        (rev 0)
+++ testing-i686/glibc-2.21-roundup.patch	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,97 @@
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..26feb07 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,15 @@
++2015-04-21  Arjun Shankar  <arjun.is at lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
++2015-02-10  Evangelos Foutras  <evangelos at foutrelis.com>
++
++	[BZ #17949]
++	* sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
++	jump label.
++
+ 2015-02-06  Carlos O'Donell  <carlos at systemhalted.org>
+ 
+ 	* version.h (RELEASE): Set to "stable".
+@@ -7,6 +19,7 @@
+ 	* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
+ 
+ 2015-02-05  Paul Pluzhnikov  <ppluzhnikov at google.com>
++	    Paul Eggert  <eggert at cs.ucla.edu>
+ 
+ 	[BZ #16618]
+ 	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+diff --git a/NEWS b/NEWS
+index 617cdbb..c9f6b58 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,19 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+ 

++Version 2.21.1
++
++* The following bugs are resolved with this release:
++
++  17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
++

+ Version 2.21
+ 
+ * The following bugs are resolved with this release:
+@@ -21,10 +34,11 @@ Version 2.21
+   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+   17892.
+ 
+-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
+-  memory for the to-be-scanned arguments and overflow the allocated
+-  buffer.  The implementation now correctly computes the required buffer
+-  size when using malloc.
++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
++  too little memory for the to-be-scanned arguments and overflow the
++  allocated buffer.  The implementation now correctly computes the required
++  buffer size when using malloc, and switches to malloc from alloca as
++  intended.
+ 
+ * A new semaphore algorithm has been implemented in generic C code for all
+   machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+     {
+       /* The buffer is too small.  */
+     too_small:
+diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+index 207b648..b6fa202 100644
+--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
+ 	cmpl	$0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
+ 	jne	1f
+ 	call	__init_cpu_features
+-	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
+-1:	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
++1:	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
++	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
+ 	jz	2f
+ 	leal	__mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
+ 	testl	$bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)

Copied: glibc/repos/testing-i686/glibc.install (from rev 237898, glibc/trunk/glibc.install)
===================================================================
--- testing-i686/glibc.install	                        (rev 0)
+++ testing-i686/glibc.install	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,22 @@
+infodir=usr/share/info
+filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11})
+
+post_upgrade() {
+  ldconfig -r .
+  
+  if [[ $(vercmp 2.21-2 $2) = 1 ]]; then
+    locale-gen
+  fi
+  
+  [[ -x usr/bin/install-info ]] || return 0
+  for file in ${filelist[@]}; do
+    install-info $infodir/$file.gz $infodir/dir 2> /dev/null
+  done
+}
+
+pre_remove() {
+  [[ -x usr/bin/install-info ]] || return 0
+  for file in ${filelist[@]}; do
+    install-info --delete $infodir/$file.gz $infodir/dir 2> /dev/null
+  done
+}

Copied: glibc/repos/testing-i686/locale-gen (from rev 237898, glibc/trunk/locale-gen)
===================================================================
--- testing-i686/locale-gen	                        (rev 0)
+++ testing-i686/locale-gen	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+LOCALEGEN=/etc/locale.gen
+LOCALES=/usr/share/i18n/locales
+if [ -n "$POSIXLY_CORRECT" ]; then
+  unset POSIXLY_CORRECT
+fi
+
+
+[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0;
+
+# Remove all old locale dir and locale-archive before generating new
+# locale data.
+rm -rf /usr/lib/locale/* || true
+
+umask 022
+
+is_entry_ok() {
+  if [ -n "$locale" -a -n "$charset" ] ; then
+    true
+  else
+    echo "error: Bad entry '$locale $charset'"
+    false
+  fi
+}
+
+echo "Generating locales..."
+while read locale charset; do \
+	case $locale in \#*) continue;; "") continue;; esac; \
+	is_entry_ok || continue
+	echo -n "  `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \
+	echo -n ".$charset"; \
+	echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \
+	echo -n '...'; \
+        if [ -f $LOCALES/$locale ]; then input=$locale; else \
+        input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \
+	localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \
+	echo ' done'; \
+done < $LOCALEGEN
+echo "Generation complete."

Copied: glibc/repos/testing-i686/locale.gen.txt (from rev 237898, glibc/trunk/locale.gen.txt)
===================================================================
--- testing-i686/locale.gen.txt	                        (rev 0)
+++ testing-i686/locale.gen.txt	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,23 @@
+# Configuration file for locale-gen
+#
+# lists of locales that are to be generated by the locale-gen command.
+#
+# Each line is of the form:
+#
+#     <locale> <charset>
+#
+#  where <locale> is one of the locales given in /usr/share/i18n/locales
+#  and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
+#
+#  Examples:
+#  en_US ISO-8859-1
+#  en_US.UTF-8 UTF-8
+#  de_DE ISO-8859-1
+#  de_DE at euro ISO-8859-15
+#
+#  The locale-gen command will generate all the locales,
+#  placing them in /usr/lib/locale.
+#
+#  A list of supported locales is included in this file.
+#  Uncomment the ones you need.
+#

Copied: glibc/repos/testing-x86_64/PKGBUILD (from rev 237898, glibc/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,150 @@
+# $Id$
+# Maintainer: Allan McRae <allan at archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+# NOTE: valgrind requires rebuilt with each major glibc version
+
+# NOTE: adjust version in install script when locale files are updated
+
+pkgname=glibc
+pkgver=2.21
+pkgrel=3
+pkgdesc="GNU C Library"
+arch=('i686' 'x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=('base')
+depends=('linux-api-headers>=3.18' 'tzdata' 'filesystem')
+makedepends=('gcc>=4.9')
+backup=(etc/gai.conf
+        etc/locale.gen
+        etc/nscd.conf)
+options=('!strip' 'staticlibs')
+install=glibc.install
+source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig}
+        glibc-2.21-roundup.patch
+        locale.gen.txt
+        locale-gen)
+md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
+         'SKIP'
+         'feb826d5f4965e9892ee6e851fec43a9'
+         '07ac979b6ab5eeb778d55f041529d623'
+         '476e9113489f93b348b21e144b6a8fcf')
+validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF')  # Carlos O'Donell
+
+prepare() {
+  cd ${srcdir}/glibc-${pkgver}
+
+  # glibc-2.21..01b07c70
+  patch -p1 -i $srcdir/glibc-2.21-roundup.patch
+
+  mkdir ${srcdir}/glibc-build
+}
+
+build() {
+  cd ${srcdir}/glibc-build
+
+  if [[ ${CARCH} = "i686" ]]; then
+    # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+    # TODO: make separate glibc-xen package for i686
+    export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+  fi
+
+  echo "slibdir=/usr/lib" >> configparms
+  echo "rtlddir=/usr/lib" >> configparms
+  echo "sbindir=/usr/bin" >> configparms
+  echo "rootsbindir=/usr/bin" >> configparms
+
+  # remove hardening options for building libraries
+  CFLAGS=${CFLAGS/-fstack-protector-strong/}
+  CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+  ${srcdir}/${pkgname}-${pkgver}/configure --prefix=/usr \
+      --libdir=/usr/lib --libexecdir=/usr/lib \
+      --with-headers=/usr/include \
+      --with-bugurl=https://bugs.archlinux.org/ \
+      --enable-add-ons \
+      --enable-obsolete-rpc \
+      --enable-kernel=2.6.32 \
+      --enable-bind-now --disable-profile \
+      --enable-stackguard-randomization \
+      --enable-lock-elision \
+      --enable-multi-arch \
+      --disable-werror
+
+  # build libraries with hardening disabled
+  echo "build-programs=no" >> configparms
+  make
+
+  # re-enable hardening for programs
+  sed -i "/build-programs=/s#no#yes#" configparms
+  echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+  echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+  make
+
+  # remove harding in preparation to run test-suite
+  sed -i '5,7d' configparms
+}
+
+check() {
+  # the linker commands need to be reordered - fixed in 2.19
+  LDFLAGS=${LDFLAGS/--as-needed,/}
+
+  cd ${srcdir}/glibc-build
+
+  # tst-cleanupx4 failure on i686 is "expected"
+  make check || true
+}
+
+package() {
+  cd ${srcdir}/glibc-build
+
+  install -dm755 ${pkgdir}/etc
+  touch ${pkgdir}/etc/ld.so.conf
+
+  make install_root=${pkgdir} install
+
+  rm -f ${pkgdir}/etc/ld.so.{cache,conf}
+
+  install -dm755 ${pkgdir}/usr/lib/{locale,systemd/system,tmpfiles.d}
+
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.service ${pkgdir}/usr/lib/systemd/system
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/nscd/nscd.tmpfiles ${pkgdir}/usr/lib/tmpfiles.d/nscd.conf
+
+  install -m644 ${srcdir}/${pkgname}-${pkgver}/posix/gai.conf ${pkgdir}/etc/gai.conf
+
+  install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/bin
+
+  # create /etc/locale.gen
+  install -m644 ${srcdir}/locale.gen.txt ${pkgdir}/etc/locale.gen
+  sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \
+    ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen
+
+  # remove the static libraries that have a shared counterpart
+  # libc, libdl, libm and libpthread are required for toolchain testsuites
+  # in addition libcrypt appears widely required
+  rm $pkgdir/usr/lib/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
+
+  # Do not strip the following files for improved debugging support
+  # ("improved" as in not breaking gdb and valgrind...):
+  #   ld-${pkgver}.so
+  #   libc-${pkgver}.so
+  #   libpthread-${pkgver}.so
+  #   libthread_db-1.0.so
+
+  cd $pkgdir
+  strip $STRIP_BINARIES usr/bin/{gencat,getconf,getent,iconv,iconvconfig} \
+                        usr/bin/{ldconfig,locale,localedef,nscd,makedb} \
+                        usr/bin/{pcprofiledump,pldd,rpcgen,sln,sprof} \
+                        usr/lib/getconf/*
+  [[ $CARCH = "i686" ]] && strip $STRIP_BINARIES usr/bin/lddlibc4
+
+  strip $STRIP_STATIC usr/lib/*.a
+
+  strip $STRIP_SHARED usr/lib/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
+                      usr/lib/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
+                      usr/lib/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
+                      usr/lib/{libmemusage,libpcprofile,libSegFault}.so \
+                      usr/lib/{audit,gconv}/*.so
+}

Copied: glibc/repos/testing-x86_64/glibc-2.21-roundup.patch (from rev 237898, glibc/trunk/glibc-2.21-roundup.patch)
===================================================================
--- testing-x86_64/glibc-2.21-roundup.patch	                        (rev 0)
+++ testing-x86_64/glibc-2.21-roundup.patch	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,97 @@
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..26feb07 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,15 @@
++2015-04-21  Arjun Shankar  <arjun.is at lostca.se>
++
++	[BZ #18287]
++	* resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++	based on padding.  (CVE-2015-1781)
++
++2015-02-10  Evangelos Foutras  <evangelos at foutrelis.com>
++
++	[BZ #17949]
++	* sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
++	jump label.
++
+ 2015-02-06  Carlos O'Donell  <carlos at systemhalted.org>
+ 
+ 	* version.h (RELEASE): Set to "stable".
+@@ -7,6 +19,7 @@
+ 	* sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
+ 
+ 2015-02-05  Paul Pluzhnikov  <ppluzhnikov at google.com>
++	    Paul Eggert  <eggert at cs.ucla.edu>
+ 
+ 	[BZ #16618]
+ 	* stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+diff --git a/NEWS b/NEWS
+index 617cdbb..c9f6b58 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,19 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+ 

++Version 2.21.1
++
++* The following bugs are resolved with this release:
++
++  17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++  requests has been fixed.  If the NSS functions were called with a
++  misaligned buffer, the buffer length change due to pointer alignment was
++  not taken into account.  This could result in application crashes or,
++  potentially arbitrary code execution, using crafted, but syntactically
++  valid DNS responses.  (CVE-2015-1781)
++

+ Version 2.21
+ 
+ * The following bugs are resolved with this release:
+@@ -21,10 +34,11 @@ Version 2.21
+   17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+   17892.
+ 
+-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
+-  memory for the to-be-scanned arguments and overflow the allocated
+-  buffer.  The implementation now correctly computes the required buffer
+-  size when using malloc.
++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
++  too little memory for the to-be-scanned arguments and overflow the
++  allocated buffer.  The implementation now correctly computes the required
++  buffer size when using malloc, and switches to malloc from alloca as
++  intended.
+ 
+ * A new semaphore algorithm has been implemented in generic C code for all
+   machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+   int have_to_map = 0;
+   uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+   buffer += pad;
+-  if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++  buflen = buflen > pad ? buflen - pad : 0;
++  if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+     {
+       /* The buffer is too small.  */
+     too_small:
+diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+index 207b648..b6fa202 100644
+--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
+ 	cmpl	$0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
+ 	jne	1f
+ 	call	__init_cpu_features
+-	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
+-1:	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
++1:	leal	__mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
++	testl	$bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
+ 	jz	2f
+ 	leal	__mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
+ 	testl	$bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)

Copied: glibc/repos/testing-x86_64/glibc.install (from rev 237898, glibc/trunk/glibc.install)
===================================================================
--- testing-x86_64/glibc.install	                        (rev 0)
+++ testing-x86_64/glibc.install	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,22 @@
+infodir=usr/share/info
+filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11})
+
+post_upgrade() {
+  ldconfig -r .
+  
+  if [[ $(vercmp 2.21-2 $2) = 1 ]]; then
+    locale-gen
+  fi
+  
+  [[ -x usr/bin/install-info ]] || return 0
+  for file in ${filelist[@]}; do
+    install-info $infodir/$file.gz $infodir/dir 2> /dev/null
+  done
+}
+
+pre_remove() {
+  [[ -x usr/bin/install-info ]] || return 0
+  for file in ${filelist[@]}; do
+    install-info --delete $infodir/$file.gz $infodir/dir 2> /dev/null
+  done
+}

Copied: glibc/repos/testing-x86_64/locale-gen (from rev 237898, glibc/trunk/locale-gen)
===================================================================
--- testing-x86_64/locale-gen	                        (rev 0)
+++ testing-x86_64/locale-gen	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+set -e
+
+LOCALEGEN=/etc/locale.gen
+LOCALES=/usr/share/i18n/locales
+if [ -n "$POSIXLY_CORRECT" ]; then
+  unset POSIXLY_CORRECT
+fi
+
+
+[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0;
+
+# Remove all old locale dir and locale-archive before generating new
+# locale data.
+rm -rf /usr/lib/locale/* || true
+
+umask 022
+
+is_entry_ok() {
+  if [ -n "$locale" -a -n "$charset" ] ; then
+    true
+  else
+    echo "error: Bad entry '$locale $charset'"
+    false
+  fi
+}
+
+echo "Generating locales..."
+while read locale charset; do \
+	case $locale in \#*) continue;; "") continue;; esac; \
+	is_entry_ok || continue
+	echo -n "  `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \
+	echo -n ".$charset"; \
+	echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \
+	echo -n '...'; \
+        if [ -f $LOCALES/$locale ]; then input=$locale; else \
+        input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \
+	localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \
+	echo ' done'; \
+done < $LOCALEGEN
+echo "Generation complete."

Copied: glibc/repos/testing-x86_64/locale.gen.txt (from rev 237898, glibc/trunk/locale.gen.txt)
===================================================================
--- testing-x86_64/locale.gen.txt	                        (rev 0)
+++ testing-x86_64/locale.gen.txt	2015-04-22 12:00:37 UTC (rev 237899)
@@ -0,0 +1,23 @@
+# Configuration file for locale-gen
+#
+# lists of locales that are to be generated by the locale-gen command.
+#
+# Each line is of the form:
+#
+#     <locale> <charset>
+#
+#  where <locale> is one of the locales given in /usr/share/i18n/locales
+#  and <charset> is one of the character sets listed in /usr/share/i18n/charmaps
+#
+#  Examples:
+#  en_US ISO-8859-1
+#  en_US.UTF-8 UTF-8
+#  de_DE ISO-8859-1
+#  de_DE at euro ISO-8859-15
+#
+#  The locale-gen command will generate all the locales,
+#  placing them in /usr/lib/locale.
+#
+#  A list of supported locales is included in this file.
+#  Uncomment the ones you need.
+#



More information about the arch-commits mailing list