[arch-commits] Commit in lib32-glibc/repos (4 files)
Jan Steffens
heftig at archlinux.org
Thu Apr 23 14:08:06 UTC 2015
Date: Thursday, April 23, 2015 @ 16:08:06
Author: heftig
Revision: 132053
archrelease: copy trunk to multilib-staging-x86_64
Added:
lib32-glibc/repos/multilib-staging-x86_64/
lib32-glibc/repos/multilib-staging-x86_64/PKGBUILD
(from rev 132052, lib32-glibc/trunk/PKGBUILD)
lib32-glibc/repos/multilib-staging-x86_64/glibc-2.21-roundup.patch
(from rev 132052, lib32-glibc/trunk/glibc-2.21-roundup.patch)
lib32-glibc/repos/multilib-staging-x86_64/lib32-glibc.conf
(from rev 132052, lib32-glibc/trunk/lib32-glibc.conf)
--------------------------+
PKGBUILD | 147 +++++++++++++++++++++++++++++++++++++++++++++
glibc-2.21-roundup.patch | 97 +++++++++++++++++++++++++++++
lib32-glibc.conf | 1
3 files changed, 245 insertions(+)
Copied: lib32-glibc/repos/multilib-staging-x86_64/PKGBUILD (from rev 132052, lib32-glibc/trunk/PKGBUILD)
===================================================================
--- multilib-staging-x86_64/PKGBUILD (rev 0)
+++ multilib-staging-x86_64/PKGBUILD 2015-04-23 14:08:06 UTC (rev 132053)
@@ -0,0 +1,147 @@
+# $Id$
+# Maintainer: Jan Alexander Steffens (heftig) <jan.steffens at gmail.com>
+# Contributor: Jan de Groot <jgc at archlinux.org>
+# Contributor: Allan McRae <allan at archlinux.org>
+
+# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
+
+_pkgbasename=glibc
+pkgname=lib32-$_pkgbasename
+pkgver=2.21
+pkgrel=4
+pkgdesc="GNU C Library (32-bit)"
+arch=('x86_64')
+url="http://www.gnu.org/software/libc"
+license=('GPL' 'LGPL')
+groups=()
+depends=()
+makedepends=('gcc-multilib>=4.9')
+backup=()
+
+
+options=('!strip' 'staticlibs' '!emptydirs')
+
+source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig}
+ glibc-2.21-roundup.patch
+ lib32-glibc.conf)
+md5sums=('9cb398828e8f84f57d1f7d5588cf40cd'
+ 'SKIP'
+ 'feb826d5f4965e9892ee6e851fec43a9'
+ '6e052f1cb693d5d3203f50f9d4e8c33b')
+validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF') # Carlos O'Donell
+
+prepare() {
+ cd ${srcdir}/glibc-${pkgver}
+
+ # glibc-2.21..01b07c70
+ patch -p1 -i $srcdir/glibc-2.21-roundup.patch
+
+ mkdir ${srcdir}/glibc-build
+}
+
+build() {
+ cd ${srcdir}/glibc-build
+
+ #if [[ ${CARCH} = "i686" ]]; then
+ # Hack to fix NPTL issues with Xen, only required on 32bit platforms
+ # TODO: make separate glibc-xen package for i686
+ export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs"
+ #fi
+
+ echo "slibdir=/usr/lib32" >> configparms
+ echo "rtlddir=/usr/lib32" >> configparms
+ echo "sbindir=/usr/bin" >> configparms
+ echo "rootsbindir=/usr/bin" >> configparms
+
+ export CC="gcc -m32"
+ export CXX="g++ -m32"
+
+ # remove hardening options for building libraries
+ CFLAGS=${CFLAGS/-fstack-protector-strong/}
+ CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/}
+
+ ${srcdir}/${_pkgbasename}-${pkgver}/configure --prefix=/usr \
+ --libdir=/usr/lib32 --libexecdir=/usr/lib32 \
+ --with-headers=/usr/include \
+ --with-bugurl=https://bugs.archlinux.org/ \
+ --enable-add-ons \
+ --enable-obsolete-rpc \
+ --enable-kernel=2.6.32 \
+ --enable-bind-now --disable-profile \
+ --enable-stackguard-randomization \
+ --enable-lock-elision \
+ --enable-multi-arch \
+ --disable-werror \
+ i686-unknown-linux-gnu
+
+ # build libraries with hardening disabled
+ echo "build-programs=no" >> configparms
+ make
+
+ # re-enable hardening for programs
+ sed -i "/build-programs=/s#no#yes#" configparms
+ echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms
+ make
+
+ # remove harding in preparation to run test-suite
+ sed -i '5,7d' configparms
+}
+
+check() {
+ # the linker commands need to be reordered - fixed in 2.19
+ LDFLAGS=${LDFLAGS/--as-needed,/}
+
+ cd ${srcdir}/glibc-build
+
+ # tst-cleanupx4 failure on i686 is "expected"
+ make check || true
+}
+
+package() {
+ cd ${srcdir}/glibc-build
+ make install_root=${pkgdir} install
+
+ rm -rf ${pkgdir}/{etc,sbin,usr/{bin,sbin,share},var}
+
+ # We need one 32 bit specific header file
+ find ${pkgdir}/usr/include -type f -not -name stubs-32.h -delete
+
+
+ # Dynamic linker
+ mkdir ${pkgdir}/usr/lib
+ ln -s ../lib32/ld-linux.so.2 ${pkgdir}/usr/lib/
+
+ # Add lib32 paths to the default library search path
+ install -Dm644 "$srcdir/lib32-glibc.conf" "$pkgdir/etc/ld.so.conf.d/lib32-glibc.conf"
+
+ # Symlink /usr/lib32/locale to /usr/lib/locale
+ ln -s ../lib/locale "$pkgdir/usr/lib32/locale"
+
+ # remove the static libraries that have a shared counterpart
+ # libc, libdl, libm and libpthread are required for toolchain testsuites
+ # in addition libcrypt appears widely required
+ rm $pkgdir/usr/lib32/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a
+
+ # Do not strip the following files for improved debugging support
+ # ("improved" as in not breaking gdb and valgrind...):
+ # ld-${pkgver}.so
+ # libc-${pkgver}.so
+ # libpthread-${pkgver}.so
+ # libthread_db-1.0.so
+
+ cd $pkgdir
+ strip $STRIP_BINARIES \
+ \
+ \
+ usr/lib32/getconf/*
+
+
+ strip $STRIP_STATIC usr/lib32/*.a
+
+ strip $STRIP_SHARED usr/lib32/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \
+ usr/lib32/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \
+ usr/lib32/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \
+ usr/lib32/{libmemusage,libpcprofile,libSegFault}.so \
+ usr/lib32/{audit,gconv}/*.so
+}
Copied: lib32-glibc/repos/multilib-staging-x86_64/glibc-2.21-roundup.patch (from rev 132052, lib32-glibc/trunk/glibc-2.21-roundup.patch)
===================================================================
--- multilib-staging-x86_64/glibc-2.21-roundup.patch (rev 0)
+++ multilib-staging-x86_64/glibc-2.21-roundup.patch 2015-04-23 14:08:06 UTC (rev 132053)
@@ -0,0 +1,97 @@
+diff --git a/ChangeLog b/ChangeLog
+index dc1ed1b..26feb07 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,15 @@
++2015-04-21 Arjun Shankar <arjun.is at lostca.se>
++
++ [BZ #18287]
++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length
++ based on padding. (CVE-2015-1781)
++
++2015-02-10 Evangelos Foutras <evangelos at foutrelis.com>
++
++ [BZ #17949]
++ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of
++ jump label.
++
+ 2015-02-06 Carlos O'Donell <carlos at systemhalted.org>
+
+ * version.h (RELEASE): Set to "stable".
+@@ -7,6 +19,7 @@
+ * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h.
+
+ 2015-02-05 Paul Pluzhnikov <ppluzhnikov at google.com>
++ Paul Eggert <eggert at cs.ucla.edu>
+
+ [BZ #16618]
+ * stdio-common/tst-sscanf.c (main): Test for buffer overflow.
+diff --git a/NEWS b/NEWS
+index 617cdbb..c9f6b58 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,19 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+
++Version 2.21.1
++
++* The following bugs are resolved with this release:
++
++ 17949, 18287.
++
++* A buffer overflow in gethostbyname_r and related functions performing DNS
++ requests has been fixed. If the NSS functions were called with a
++ misaligned buffer, the buffer length change due to pointer alignment was
++ not taken into account. This could result in application crashes or,
++ potentially arbitrary code execution, using crafted, but syntactically
++ valid DNS responses. (CVE-2015-1781)
++
+ Version 2.21
+
+ * The following bugs are resolved with this release:
+@@ -21,10 +34,11 @@ Version 2.21
+ 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885,
+ 17892.
+
+-* CVE-2015-1472 Under certain conditions wscanf can allocate too little
+- memory for the to-be-scanned arguments and overflow the allocated
+- buffer. The implementation now correctly computes the required buffer
+- size when using malloc.
++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate
++ too little memory for the to-be-scanned arguments and overflow the
++ allocated buffer. The implementation now correctly computes the required
++ buffer size when using malloc, and switches to malloc from alloca as
++ intended.
+
+ * A new semaphore algorithm has been implemented in generic C code for all
+ machines. Previous custom assembly implementations of semaphore were
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index f715ab0..40069a7 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype,
+ int have_to_map = 0;
+ uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data);
+ buffer += pad;
+- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad))
++ buflen = buflen > pad ? buflen - pad : 0;
++ if (__glibc_unlikely (buflen < sizeof (struct host_data)))
+ {
+ /* The buffer is too small. */
+ too_small:
+diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+index 207b648..b6fa202 100644
+--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S
++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S
+@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk)
+ cmpl $0, KIND_OFFSET+__cpu_features at GOTOFF(%ebx)
+ jne 1f
+ call __init_cpu_features
+- leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
+-1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
++1: leal __mempcpy_chk_ia32 at GOTOFF(%ebx), %eax
++ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features at GOTOFF(%ebx)
+ jz 2f
+ leal __mempcpy_chk_sse2_unaligned at GOTOFF(%ebx), %eax
+ testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features at GOTOFF(%ebx)
Copied: lib32-glibc/repos/multilib-staging-x86_64/lib32-glibc.conf (from rev 132052, lib32-glibc/trunk/lib32-glibc.conf)
===================================================================
--- multilib-staging-x86_64/lib32-glibc.conf (rev 0)
+++ multilib-staging-x86_64/lib32-glibc.conf 2015-04-23 14:08:06 UTC (rev 132053)
@@ -0,0 +1 @@
+/usr/lib32
More information about the arch-commits
mailing list