diff options
Diffstat (limited to 'core/glibc')
-rw-r--r-- | core/glibc/PKGBUILD | 41 | ||||
-rw-r--r-- | core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch | 41 | ||||
-rw-r--r-- | core/glibc/glibc-2.18-getaddrinfo-assertion.patch | 39 | ||||
-rw-r--r-- | core/glibc/glibc-2.18-make-4.patch | 45 | ||||
-rw-r--r-- | core/glibc/glibc.install | 5 | ||||
-rwxr-xr-x | core/glibc/locale-gen | 60 |
6 files changed, 196 insertions, 35 deletions
diff --git a/core/glibc/PKGBUILD b/core/glibc/PKGBUILD index b77a6eaa5..76c4f5859 100644 --- a/core/glibc/PKGBUILD +++ b/core/glibc/PKGBUILD @@ -1,12 +1,14 @@ -# $Id: PKGBUILD 195163 2013-09-26 03:20:58Z allan $ +# $Id: PKGBUILD 197798 2013-10-30 10:37:54Z allan $ # Maintainer: Allan McRae <allan@archlinux.org> # toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc # NOTE: valgrind requires rebuilt with each major glibc version +# NOTE: adjust version in install script when locale files are updated + pkgname=glibc pkgver=2.18 -pkgrel=5 +pkgrel=9 pkgdesc="GNU C Library" arch=('i686' 'x86_64' 'mips64el') url="http://www.gnu.org/software/libc" @@ -17,13 +19,16 @@ makedepends=('gcc>=4.7') backup=(etc/gai.conf etc/locale.gen etc/nscd.conf) -options=('!strip') +options=('!strip' 'staticlibs') install=glibc.install source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig} + glibc-2.18-make-4.patch glibc-2.18-readdir_r-CVE-2013-4237.patch - glibc-2.18-malloc-corrupt-CVE-2013-4332.patch - glibc-2.18-strcoll-CVE-2012-4412+4424.patch - glibc-2.18-ptr-mangle-CVE-2013-4788.patch + glibc-2.18-malloc-corrupt-CVE-2013-4332.patch + glibc-2.18-strcoll-CVE-2012-4412+4424.patch + glibc-2.18-ptr-mangle-CVE-2013-4788.patch + glibc-2.18-getaddrinfo-CVE-2013-4458.patch + glibc-2.18-getaddrinfo-assertion.patch glibc-2.18-strstr-hackfix.patch nscd.service nscd.tmpfiles @@ -31,19 +36,25 @@ source=(http://ftp.gnu.org/gnu/libc/${pkgname}-${pkgver}.tar.xz{,.sig} locale-gen) md5sums=('88fbbceafee809e82efd52efa1e3c58f' 'SKIP' + 'e1883c2d1b01ff73650db5f5bb5a5a52' '154da6bf5a5248f42a7bf5bf08e01a47' 'b79561ab9dce900e9bbeaf0d49927c2b' 'c7264b99d0f7e51922a4d3126182c40a' '9749ba386b08a8fe53e7ecede9bf2dfb' + '71329fccb8eb583fb0d67b55f1e8df68' + 'd4d86add33f22125777e0ecff06bc9bb' '4441f6dfe7d75ced1fa75e54dd21d36e' 'd5fab2cd3abea65aa5ae696ea4a47d6b' 'da662ca76e7c8d7efbc7986ab7acea2d' '07ac979b6ab5eeb778d55f041529d623' - '476e9113489f93b348b21e144b6a8fcf') + 'b5fd017036fb91199ee76f670da8c15b') prepare() { cd ${srcdir}/${pkgname}-${pkgver} - + + # compatibility with make-4.0 (submitted upstream) + patch -p1 -i $srcdir/glibc-2.18-make-4.patch + # upstream commit 91ce4085 patch -p1 -i $srcdir/glibc-2.18-readdir_r-CVE-2013-4237.patch @@ -51,13 +62,17 @@ prepare() { patch -p1 -i $srcdir/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch # upstream commits 1326ba1a, 141f3a77 and 303e567a - # https://sourceware.org/ml/libc-alpha/2013-08/msg00394.html - # https://sourceware.org/ml/libc-alpha/2013-08/msg00462.html patch -p1 -i $srcdir/glibc-2.18-strcoll-CVE-2012-4412+4424.patch # upstream commits c61b4d41 and 0b1f8e35 patch -p1 -i $srcdir/glibc-2.18-ptr-mangle-CVE-2013-4788.patch + # upstream commit 7cbcdb36 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-CVE-2013-4458.patch + + # upstream commit 894f3f10 + patch -p1 -i $srcdir/glibc-2.18-getaddrinfo-assertion.patch + # hack fix for strstr issues on x86 patch -p1 -i $srcdir/glibc-2.18-strstr-hackfix.patch @@ -118,7 +133,7 @@ build() { check() { # Known to fail on mips64el. if [ "$CARCH" != "mips64el" ]; then - # bug to file - the linker commands need to be reordered + # the linker commands need to be reordered - fixed in 2.19 LDFLAGS=${LDFLAGS/--as-needed,/} cd ${srcdir}/glibc-build @@ -151,6 +166,10 @@ package() { sed -e '1,3d' -e 's|/| |g' -e 's|\\| |g' -e 's|^|#|g' \ ${srcdir}/glibc-${pkgver}/localedata/SUPPORTED >> ${pkgdir}/etc/locale.gen + # remove the static libraries that have a shared counterpart + # note: keep libc, libdl, libm, libpthread for binutils testsuite + rm $pkgdir/usr/lib/lib{anl,BrokenLocale,crypt,nsl,resolv,rt,util}.a + # Do not strip the following files for improved debugging support # ("improved" as in not breaking gdb and valgrind...): # ld-${pkgver}.so diff --git a/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch new file mode 100644 index 000000000..a7bc67c6f --- /dev/null +++ b/core/glibc/glibc-2.18-getaddrinfo-CVE-2013-4458.patch @@ -0,0 +1,41 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index e6ce4cf..8ff74b4 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + &rc, &herrno, NULL, &localcanon)); \ + if (rc != ERANGE || herrno != NETDB_INTERNAL) \ + break; \ +- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ ++ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ ++ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ ++ alloca_used); \ ++ else \ ++ { \ ++ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ ++ 2 * tmpbuflen); \ ++ if (newp == NULL) \ ++ { \ ++ result = -EAI_MEMORY; \ ++ goto free_and_return; \ ++ } \ ++ tmpbuf = newp; \ ++ malloc_tmpbuf = true; \ ++ tmpbuflen = 2 * tmpbuflen; \ ++ } \ + } \ + if (status == NSS_STATUS_SUCCESS && rc == 0) \ + h = &th; \ +@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, + { \ + __set_h_errno (herrno); \ + _res.options |= old_res_options & RES_USE_INET6; \ +- return -EAI_SYSTEM; \ ++ result = -EAI_SYSTEM; \ ++ goto free_and_return; \ + } \ + if (herrno == TRY_AGAIN) \ + no_data = EAI_AGAIN; \ +-- +1.8.4.1 + diff --git a/core/glibc/glibc-2.18-getaddrinfo-assertion.patch b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch new file mode 100644 index 000000000..2f1f7c694 --- /dev/null +++ b/core/glibc/glibc-2.18-getaddrinfo-assertion.patch @@ -0,0 +1,39 @@ +diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c +index 0f4b885..e6ce4cf 100644 +--- a/sysdeps/posix/getaddrinfo.c ++++ b/sysdeps/posix/getaddrinfo.c +@@ -1666,13 +1666,13 @@ rfc3484_sort (const void *p1, const void *p2, void *arg) + + /* Fill in the results in all the records. */ + for (int i = 0; i < src->nresults; ++i) +- if (src->results[i].index == a1_index) ++ if (a1_index != -1 && src->results[i].index == a1_index) + { + assert (src->results[i].native == -1 + || src->results[i].native == a1_native); + src->results[i].native = a1_native; + } +- else if (src->results[i].index == a2_index) ++ else if (a2_index != -1 && src->results[i].index == a2_index) + { + assert (src->results[i].native == -1 + || src->results[i].native == a2_native); +@@ -2532,7 +2532,14 @@ getaddrinfo (const char *name, const char *service, + tmp.addr[0] = 0; + tmp.addr[1] = 0; + tmp.addr[2] = htonl (0xffff); +- tmp.addr[3] = sinp->sin_addr.s_addr; ++ /* Special case for lo interface, the source address ++ being possibly different than the interface ++ address. */ ++ if ((ntohl(sinp->sin_addr.s_addr) & 0xff000000) ++ == 0x7f000000) ++ tmp.addr[3] = htonl(0x7f000001); ++ else ++ tmp.addr[3] = sinp->sin_addr.s_addr; + } + else + { +-- +1.8.4.1 + diff --git a/core/glibc/glibc-2.18-make-4.patch b/core/glibc/glibc-2.18-make-4.patch new file mode 100644 index 000000000..374933464 --- /dev/null +++ b/core/glibc/glibc-2.18-make-4.patch @@ -0,0 +1,45 @@ +From dc76f0c32dae689a08aa21a1d206d4cd62adb278 Mon Sep 17 00:00:00 2001 +From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> +Date: Thu, 10 Oct 2013 14:26:12 +0900 +Subject: [PATCH] configure: allow building with GNU Make 4 + +Currently, configure errors telling make 4 is too old +since it does not match our regexp. + +configure.in: allow GNU Make 4.* + +Signed-off-by: Marc-Antoine Perennou <Marc-Antoine@Perennou.com> +--- + configure | 2 +- + configure.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure b/configure +index 5e2f4d0..e139bf0 100755 +--- a/configure ++++ b/configure +@@ -4761,7 +4761,7 @@ $as_echo_n "checking version of $MAKE... " >&6; } + ac_prog_version=`$MAKE --version 2>&1 | sed -n 's/^.*GNU Make[^0-9]*\([0-9][0-9.]*\).*$/\1/p'` + case $ac_prog_version in + '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;; +- 3.79* | 3.[89]*) ++ 3.79* | 3.[89]* | 4.*) + ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;; + *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;; + +diff --git a/configure.in b/configure.in +index a7f9881..95c36b6 100644 +--- a/configure.in ++++ b/configure.in +@@ -984,7 +984,7 @@ AC_CHECK_PROG_VER(CC, ${ac_tool_prefix}gcc ${ac_tool_prefix}cc, -v, + critic_missing="$critic_missing gcc") + AC_CHECK_PROG_VER(MAKE, gnumake gmake make, --version, + [GNU Make[^0-9]*\([0-9][0-9.]*\)], +- [3.79* | 3.[89]*], critic_missing="$critic_missing make") ++ [3.79* | 3.[89]* | 4.*], critic_missing="$critic_missing make") + + AC_CHECK_PROG_VER(MSGFMT, gnumsgfmt gmsgfmt msgfmt, --version, + [GNU gettext.* \([0-9]*\.[0-9.]*\)], +-- +1.8.4.1 + diff --git a/core/glibc/glibc.install b/core/glibc/glibc.install index f8147a6cf..6b405486e 100644 --- a/core/glibc/glibc.install +++ b/core/glibc/glibc.install @@ -3,7 +3,10 @@ filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11}) post_upgrade() { ldconfig -r . - locale-gen + + if [[ $(vercmp 2.18 $2) = 1 ]]; then + locale-gen + fi [[ -x usr/bin/install-info ]] || return 0 for file in ${filelist[@]}; do diff --git a/core/glibc/locale-gen b/core/glibc/locale-gen index 5aff344c4..51191f810 100755 --- a/core/glibc/locale-gen +++ b/core/glibc/locale-gen @@ -4,39 +4,53 @@ set -e LOCALEGEN=/etc/locale.gen LOCALES=/usr/share/i18n/locales -if [ -n "$POSIXLY_CORRECT" ]; then - unset POSIXLY_CORRECT -fi +unset POSIXLY_CORRECT - -[ -f $LOCALEGEN -a -s $LOCALEGEN ] || exit 0; +[ -s "$LOCALEGEN" ] || exit 0 # Remove all old locale dir and locale-archive before generating new # locale data. -rm -rf /usr/lib/locale/* || true +rm -rf /usr/lib/locale/* umask 022 -is_entry_ok() { - if [ -n "$locale" -a -n "$charset" ] ; then - true - else - echo "error: Bad entry '$locale $charset'" - false - fi +gen() { + local locale=$1 + local charset=$2 + local input= + + if [ -z "$locale" ] || [ -z "$charset" ]; then + echo "error: Bad entry '$locale $charset'" + return + fi + + printf ' %s.%s\n' "$(echo "$locale" | sed 's/\([^.\@]*\).*/\1/')" "$charset" + + if [ -f "$LOCALES/$locale" ]; then + input=$locale + else + input=$(echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/') + fi + + localedef -i "$input" -c -f "$charset" -A /usr/share/locale/locale.alias "$locale" } +maxjobs=$(grep -c processor /proc/cpuinfo 2>/dev/null || echo 1) echo "Generating locales..." while read locale charset; do \ - case $locale in \#*) continue;; "") continue;; esac; \ - is_entry_ok || continue - echo -n " `echo $locale | sed 's/\([^.\@]*\).*/\1/'`"; \ - echo -n ".$charset"; \ - echo -n `echo $locale | sed 's/\([^\@]*\)\(\@.*\)*/\2/'`; \ - echo -n '...'; \ - if [ -f $LOCALES/$locale ]; then input=$locale; else \ - input=`echo $locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; fi; \ - localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale; \ - echo ' done'; \ + case $locale in + \#*|'') + continue + ;; + esac + gen "$locale" "$charset" & + + # keep no more than $maxjobs jobs in flight + while [ $(jobs | wc -l) -ge $maxjobs ]; do + sleep 0.25 + jobs >/dev/null + done done < $LOCALEGEN +wait + echo "Generation complete." |