mirror of
https://github.com/crosstool-ng/crosstool-ng.git
synced 2025-01-31 00:23:56 +00:00
commit
ef762bfe8e
@ -3,7 +3,7 @@
|
||||
## default y
|
||||
## select CC_SUPPORT_CXX if !LIBC_none
|
||||
## select CC_SUPPORT_FORTRAN
|
||||
## select CC_SUPPORT_JAVA
|
||||
## select CC_SUPPORT_JAVA if !CC_GCC_6_or_later
|
||||
## select CC_SUPPORT_ADA
|
||||
## select CC_SUPPORT_OBJC
|
||||
## select CC_SUPPORT_OBJCXX
|
||||
@ -73,6 +73,11 @@ choice
|
||||
# Don't remove next line
|
||||
# CT_INSERT_VERSION_BELOW
|
||||
|
||||
config CC_GCC_V_7_1_0
|
||||
bool
|
||||
prompt "7.1.0"
|
||||
select CC_GCC_7
|
||||
|
||||
config CC_GCC_V_linaro_6_3
|
||||
bool
|
||||
prompt "linaro-6.3-2017.02"
|
||||
@ -141,25 +146,31 @@ config CC_GCC_4_9_or_later
|
||||
config CC_GCC_5
|
||||
bool
|
||||
select CC_GCC_5_or_later
|
||||
select CC_GCC_HAS_LIBMPX
|
||||
|
||||
config CC_GCC_5_or_later
|
||||
bool
|
||||
select CC_GCC_4_9_or_later
|
||||
select CC_GCC_HAS_LIBMPX
|
||||
|
||||
config CC_GCC_6
|
||||
bool
|
||||
select CC_GCC_6_or_later
|
||||
select CC_GCC_HAS_LIBMPX
|
||||
|
||||
config CC_GCC_6_or_later
|
||||
bool
|
||||
select CC_GCC_5_or_later
|
||||
|
||||
config CC_GCC_latest
|
||||
config CC_GCC_7
|
||||
bool
|
||||
select CC_GCC_7_or_later
|
||||
|
||||
config CC_GCC_7_or_later
|
||||
bool
|
||||
select CC_GCC_6_or_later
|
||||
select CC_GCC_HAS_LIBMPX
|
||||
|
||||
config CC_GCC_latest
|
||||
bool
|
||||
select CC_GCC_7_or_later
|
||||
|
||||
# Only enable gcc's support for plugins if binutils has it as well
|
||||
# They are useful only when doing LTO, but it does no harm enabling
|
||||
@ -185,6 +196,7 @@ config CC_GCC_VERSION
|
||||
string
|
||||
# Don't remove next line
|
||||
# CT_INSERT_VERSION_STRING_BELOW
|
||||
default "7.1.0" if CC_GCC_V_7_1_0
|
||||
default "linaro-6.3-2017.02" if CC_GCC_V_linaro_6_3
|
||||
default "6.3.0" if CC_GCC_V_6_3_0
|
||||
default "linaro-5.4-2017.01" if CC_GCC_V_linaro_5_4
|
||||
|
15
patches/gcc/7.1.0/100-uclibc-conf.patch
Normal file
15
patches/gcc/7.1.0/100-uclibc-conf.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Index: b/contrib/regression/objs-gcc.sh
|
||||
===================================================================
|
||||
--- a/contrib/regression/objs-gcc.sh
|
||||
+++ b/contrib/regression/objs-gcc.sh
|
||||
@@ -106,6 +106,10 @@
|
||||
then
|
||||
make all-gdb all-dejagnu all-ld || exit 1
|
||||
make install-gdb install-dejagnu install-ld || exit 1
|
||||
+elif [ $H_REAL_TARGET = $H_REAL_HOST -a $H_REAL_TARGET = i686-pc-linux-uclibc ]
|
||||
+ then
|
||||
+ make all-gdb all-dejagnu all-ld || exit 1
|
||||
+ make install-gdb install-dejagnu install-ld || exit 1
|
||||
elif [ $H_REAL_TARGET = $H_REAL_HOST ] ; then
|
||||
make bootstrap || exit 1
|
||||
make install || exit 1
|
14
patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch
Normal file
14
patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- gcc-6.2.0/libtool-ldflags 2016-12-20 11:13:12.669668125 -0800
|
||||
+++ gcc-6.2.0/libtool-ldflags 2016-12-20 11:28:34.894826286 -0800
|
||||
@@ -36,6 +36,11 @@
|
||||
for arg
|
||||
do
|
||||
case $arg in
|
||||
+ -framework)
|
||||
+ # libtool handles this option. It should not be prefixed with
|
||||
+ # -Xcompiler, as that would split it from the argument that
|
||||
+ # follows.
|
||||
+ ;;
|
||||
-f*|--*|-static-lib*|-shared-lib*|-B*)
|
||||
# Libtool does not ascribe any special meaning options
|
||||
# that begin with -f or with a double-dash. So, it will
|
@ -0,0 +1,160 @@
|
||||
diff -urN gcc-5.3.0.orig/config/gcc-plugin.m4 gcc-5.3.0/config/gcc-plugin.m4
|
||||
--- gcc-5.3.0.orig/config/gcc-plugin.m4 2015-12-19 14:39:04.120734900 +0000
|
||||
+++ gcc-5.3.0/config/gcc-plugin.m4 2015-12-20 01:28:45.381965300 +0000
|
||||
@@ -20,6 +20,9 @@
|
||||
|
||||
pluginlibs=
|
||||
|
||||
+ PICFLAG="-fPIC"
|
||||
+ UNDEFINEDPREAMBLE="extern int X;"
|
||||
+ UNDEFINEDCODE="return X == 0;"
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
if test x$build = x$host; then
|
||||
@@ -30,6 +33,11 @@
|
||||
export_sym_check=
|
||||
fi
|
||||
;;
|
||||
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
|
||||
+ PICFLAG=""
|
||||
+ UNDEFINEDPREAMBLE=""
|
||||
+ UNDEFINEDCODE=""
|
||||
+ ;;
|
||||
*)
|
||||
if test x$build = x$host; then
|
||||
export_sym_check="objdump${exeext} -T"
|
||||
@@ -81,17 +89,17 @@
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
|
||||
;;
|
||||
*)
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
- LDFLAGS="$LDFLAGS -fPIC -shared"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
|
||||
;;
|
||||
esac
|
||||
- AC_MSG_CHECKING([for -fPIC -shared])
|
||||
+ AC_MSG_CHECKING([for ${PICFLAG} -shared])
|
||||
AC_TRY_LINK(
|
||||
- [extern int X;],[return X == 0;],
|
||||
+ [${UNDEFINEDPREAMBLE}],[${UNDEFINEDCODE}],
|
||||
[AC_MSG_RESULT([yes]); have_pic_shared=yes],
|
||||
[AC_MSG_RESULT([no]); have_pic_shared=no])
|
||||
if test x"$have_pic_shared" != x"yes" -o x"$ac_cv_search_dlopen" = x"no"; then
|
||||
diff -urN gcc-5.3.0.orig/gcc/configure gcc-5.3.0/gcc/configure
|
||||
--- gcc-5.3.0.orig/gcc/configure 2015-12-19 14:40:16.893975900 +0000
|
||||
+++ gcc-5.3.0/gcc/configure 2015-12-20 01:28:45.472476700 +0000
|
||||
@@ -28386,6 +28386,9 @@
|
||||
|
||||
pluginlibs=
|
||||
|
||||
+ PICFLAG="-fPIC"
|
||||
+ UNDEFINEDPREAMBLE="extern int X;"
|
||||
+ UNDEFINEDCODE="return X == 0;"
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
if test x$build = x$host; then
|
||||
@@ -28396,6 +28399,11 @@
|
||||
export_sym_check=
|
||||
fi
|
||||
;;
|
||||
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
|
||||
+ PICFLAG=""
|
||||
+ UNDEFINEDPREAMBLE=""
|
||||
+ UNDEFINEDCODE=""
|
||||
+ ;;
|
||||
*)
|
||||
if test x$build = x$host; then
|
||||
export_sym_check="objdump${exeext} -T"
|
||||
@@ -28508,23 +28516,23 @@
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
|
||||
;;
|
||||
*)
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
- LDFLAGS="$LDFLAGS -fPIC -shared"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
|
||||
;;
|
||||
esac
|
||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5
|
||||
-$as_echo_n "checking for -fPIC -shared... " >&6; }
|
||||
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5
|
||||
+$as_echo_n "checking for ${PICFLAG} -shared... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
-extern int X;
|
||||
+${UNDEFINEDPREAMBLE}
|
||||
int
|
||||
main ()
|
||||
{
|
||||
-return X == 0;
|
||||
+${UNDEFINEDCODE}
|
||||
;
|
||||
return 0;
|
||||
}
|
||||
diff -urN gcc-5.3.0.orig/libcc1/configure gcc-5.3.0/libcc1/configure
|
||||
--- gcc-5.3.0.orig/libcc1/configure 2015-12-19 14:40:20.855979000 +0000
|
||||
+++ gcc-5.3.0/libcc1/configure 2015-12-20 01:28:45.504980900 +0000
|
||||
@@ -14500,6 +14500,9 @@
|
||||
|
||||
pluginlibs=
|
||||
|
||||
+ PICFLAG="-fPIC"
|
||||
+ UNDEFINEDPREAMBLE="extern int X;"
|
||||
+ UNDEFINEDCODE="return X == 0;"
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
if test x$build = x$host; then
|
||||
@@ -14510,6 +14513,11 @@
|
||||
export_sym_check=
|
||||
fi
|
||||
;;
|
||||
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
|
||||
+ PICFLAG=""
|
||||
+ UNDEFINEDPREAMBLE=""
|
||||
+ UNDEFINEDCODE=""
|
||||
+ ;;
|
||||
*)
|
||||
if test x$build = x$host; then
|
||||
export_sym_check="objdump${exeext} -T"
|
||||
@@ -14622,23 +14630,23 @@
|
||||
case "${host}" in
|
||||
*-*-darwin*)
|
||||
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
|
||||
;;
|
||||
*)
|
||||
- CFLAGS="$CFLAGS -fPIC"
|
||||
- LDFLAGS="$LDFLAGS -fPIC -shared"
|
||||
+ CFLAGS="$CFLAGS ${PICFLAG}"
|
||||
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
|
||||
;;
|
||||
esac
|
||||
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5
|
||||
-$as_echo_n "checking for -fPIC -shared... " >&6; }
|
||||
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5
|
||||
+$as_echo_n "checking for ${PICFLAG} -shared... " >&6; }
|
||||
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
|
||||
/* end confdefs.h. */
|
||||
-extern int X;
|
||||
+${UNDEFINEDPREAMBLE}
|
||||
int
|
||||
main ()
|
||||
{
|
||||
-return X == 0;
|
||||
+${UNDEFINEDCODE}
|
||||
;
|
||||
return 0;
|
||||
}
|
@ -0,0 +1,11 @@
|
||||
diff -urN gcc-5.3.0.orig/libcc1/connection.cc gcc-5.3.0/libcc1/connection.cc
|
||||
--- gcc-5.3.0.orig/libcc1/connection.cc 2015-12-19 14:40:20.860479600 +0000
|
||||
+++ gcc-5.3.0/libcc1/connection.cc 2015-12-20 01:31:04.346611500 +0000
|
||||
@@ -21,6 +21,7 @@
|
||||
#include <string>
|
||||
#include <unistd.h>
|
||||
#include <sys/types.h>
|
||||
+#include <sys/select.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
#include "marshall.hh"
|
30
patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch
Normal file
30
patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch
Normal file
@ -0,0 +1,30 @@
|
||||
Index: b/gcc/config/arm/linux-elf.h
|
||||
===================================================================
|
||||
--- a/gcc/config/arm/linux-elf.h
|
||||
+++ b/gcc/config/arm/linux-elf.h
|
||||
@@ -60,7 +60,7 @@
|
||||
%{shared:-lc} \
|
||||
%{!shared:%{profile:-lc_p}%{!profile:-lc}}"
|
||||
|
||||
-#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
|
||||
+#define LIBGCC_SPEC "-lgcc"
|
||||
|
||||
#define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2"
|
||||
|
||||
Index: b/libgcc/config/arm/t-linux
|
||||
===================================================================
|
||||
--- a/libgcc/config/arm/t-linux
|
||||
+++ b/libgcc/config/arm/t-linux
|
||||
@@ -1,6 +1,11 @@
|
||||
LIB1ASMSRC = arm/lib1funcs.S
|
||||
LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx _clzsi2 _clzdi2 \
|
||||
- _ctzsi2 _arm_addsubdf3 _arm_addsubsf3
|
||||
+ _ctzsi2 _arm_addsubdf3 _arm_addsubsf3 \
|
||||
+ _arm_addsubdf3 _arm_addsubsf3 \
|
||||
+ _arm_negdf2 _arm_muldivdf3 _arm_cmpdf2 _arm_unorddf2 \
|
||||
+ _arm_fixdfsi _arm_fixunsdfsi _arm_truncdfsf2 \
|
||||
+ _arm_negsf2 _arm_muldivsf3 _arm_cmpsf2 _arm_unordsf2 \
|
||||
+ _arm_fixsfsi _arm_fixunssfsi
|
||||
|
||||
# Just for these, we omit the frame pointer since it makes such a big
|
||||
# difference.
|
56
patches/gcc/7.1.0/860-cilk-wchar.patch
Normal file
56
patches/gcc/7.1.0/860-cilk-wchar.patch
Normal file
@ -0,0 +1,56 @@
|
||||
[PATCH] cilk: fix build without wchar
|
||||
|
||||
When building against uClibc with wchar support disabled, WCHAR_MIN and
|
||||
WCHAR_MAX are not defined leading to compilation errors.
|
||||
|
||||
Fix it by only including the wchar code if available.
|
||||
|
||||
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
||||
---
|
||||
libcilkrts/include/cilk/reducer_min_max.h | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
Index: b/libcilkrts/include/cilk/reducer_min_max.h
|
||||
===================================================================
|
||||
--- a/libcilkrts/include/cilk/reducer_min_max.h
|
||||
+++ b/libcilkrts/include/cilk/reducer_min_max.h
|
||||
@@ -3154,7 +3154,9 @@
|
||||
CILK_C_REDUCER_MAX_INSTANCE(char, char, CHAR_MIN)
|
||||
CILK_C_REDUCER_MAX_INSTANCE(unsigned char, uchar, 0)
|
||||
CILK_C_REDUCER_MAX_INSTANCE(signed char, schar, SCHAR_MIN)
|
||||
+#ifdef WCHAR_MIN
|
||||
CILK_C_REDUCER_MAX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN)
|
||||
+#endif
|
||||
CILK_C_REDUCER_MAX_INSTANCE(short, short, SHRT_MIN)
|
||||
CILK_C_REDUCER_MAX_INSTANCE(unsigned short, ushort, 0)
|
||||
CILK_C_REDUCER_MAX_INSTANCE(int, int, INT_MIN)
|
||||
@@ -3306,7 +3308,9 @@
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(char, char, CHAR_MIN)
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned char, uchar, 0)
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(signed char, schar, SCHAR_MIN)
|
||||
+#ifdef WCHAR_MIN
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN)
|
||||
+#endif
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(short, short, SHRT_MIN)
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned short, ushort, 0)
|
||||
CILK_C_REDUCER_MAX_INDEX_INSTANCE(int, int, INT_MIN)
|
||||
@@ -3432,7 +3436,9 @@
|
||||
CILK_C_REDUCER_MIN_INSTANCE(char, char, CHAR_MAX)
|
||||
CILK_C_REDUCER_MIN_INSTANCE(unsigned char, uchar, CHAR_MAX)
|
||||
CILK_C_REDUCER_MIN_INSTANCE(signed char, schar, SCHAR_MAX)
|
||||
+#ifdef WCHAR_MAX
|
||||
CILK_C_REDUCER_MIN_INSTANCE(wchar_t, wchar_t, WCHAR_MAX)
|
||||
+#endif
|
||||
CILK_C_REDUCER_MIN_INSTANCE(short, short, SHRT_MAX)
|
||||
CILK_C_REDUCER_MIN_INSTANCE(unsigned short, ushort, USHRT_MAX)
|
||||
CILK_C_REDUCER_MIN_INSTANCE(int, int, INT_MAX)
|
||||
@@ -3584,7 +3590,9 @@
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(char, char, CHAR_MAX)
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned char, uchar, CHAR_MAX)
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(signed char, schar, SCHAR_MAX)
|
||||
+#ifdef WCHAR_MAX
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MAX)
|
||||
+#endif
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(short, short, SHRT_MAX)
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned short, ushort, USHRT_MAX)
|
||||
CILK_C_REDUCER_MIN_INDEX_INSTANCE(int, int, INT_MAX)
|
18
patches/gcc/7.1.0/891-fix-m68k-uclinux.patch
Normal file
18
patches/gcc/7.1.0/891-fix-m68k-uclinux.patch
Normal file
@ -0,0 +1,18 @@
|
||||
avoids internal compiler error while compiling linux-atomic.c
|
||||
See here:
|
||||
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53833
|
||||
|
||||
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
|
||||
|
||||
diff -Nur gcc-5.3.0.orig/libgcc/config.host gcc-5.3.0/libgcc/config.host
|
||||
--- gcc-5.3.0.orig/libgcc/config.host 2015-10-01 14:01:18.000000000 +0200
|
||||
+++ gcc-5.3.0/libgcc/config.host 2016-04-26 21:30:25.353691745 +0200
|
||||
@@ -794,7 +794,7 @@
|
||||
m68k*-*-openbsd*)
|
||||
;;
|
||||
m68k-*-uclinux*) # Motorola m68k/ColdFire running uClinux with uClibc
|
||||
- tmake_file="$tmake_file m68k/t-floatlib m68k/t-linux"
|
||||
+ tmake_file="$tmake_file m68k/t-floatlib"
|
||||
md_unwind_header=m68k/linux-unwind.h
|
||||
;;
|
||||
m68k-*-linux*) # Motorola m68k's running GNU/Linux
|
10
patches/gcc/7.1.0/900-libgfortran-missing-include.patch
Normal file
10
patches/gcc/7.1.0/900-libgfortran-missing-include.patch
Normal file
@ -0,0 +1,10 @@
|
||||
--- gcc-6.3.0/libgfortran/io/close.c.org 2017-01-17 09:43:48.395850000 +0100
|
||||
+++ gcc-6.3.0/libgfortran/io/close.c 2017-01-17 09:21:05.000000000 +0100
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "io.h"
|
||||
#include "unix.h"
|
||||
#include <limits.h>
|
||||
+#include <stdlib.h>
|
||||
|
||||
typedef enum
|
||||
{ CLOSE_DELETE, CLOSE_KEEP, CLOSE_UNSPECIFIED }
|
28
patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch
Normal file
28
patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch
Normal file
@ -0,0 +1,28 @@
|
||||
diff -ur gcc-6.2.0.orig/gcc/config/nios2/nios2.h gcc-6.2.0/gcc/config/nios2/nios2.h
|
||||
--- gcc-6.2.0.orig/gcc/config/nios2/nios2.h 2016-11-29 10:27:50.364479625 -0800
|
||||
+++ gcc-6.2.0/gcc/config/nios2/nios2.h 2016-11-29 10:29:55.069624746 -0800
|
||||
@@ -63,11 +63,11 @@
|
||||
#if TARGET_ENDIAN_DEFAULT == 0
|
||||
# define ASM_SPEC "%{!meb:-EL} %{meb:-EB} %{march=*:-march=%*}"
|
||||
# define LINK_SPEC_ENDIAN "%{!meb:-EL} %{meb:-EB}"
|
||||
-# define MULTILIB_DEFAULTS { "EL" }
|
||||
+# define MULTILIB_DEFAULTS { "mel" }
|
||||
#else
|
||||
# define ASM_SPEC "%{!mel:-EB} %{mel:-EL} %{march=*:-march=%*}"
|
||||
# define LINK_SPEC_ENDIAN "%{!mel:-EB} %{mel:-EL}"
|
||||
-# define MULTILIB_DEFAULTS { "EB" }
|
||||
+# define MULTILIB_DEFAULTS { "meb" }
|
||||
#endif
|
||||
|
||||
#define LINK_SPEC LINK_SPEC_ENDIAN \
|
||||
diff -ur gcc-6.2.0.orig/gcc/config/nios2/t-nios2 gcc-6.2.0/gcc/config/nios2/t-nios2
|
||||
--- gcc-6.2.0.orig/gcc/config/nios2/t-nios2 2016-11-29 10:27:50.364479625 -0800
|
||||
+++ gcc-6.2.0/gcc/config/nios2/t-nios2 2016-11-29 10:29:03.517151014 -0800
|
||||
@@ -22,6 +22,5 @@
|
||||
# MULTILIB_DIRNAMES = nomul mulx fpu-60-1 fpu-60-2
|
||||
# MULTILIB_EXCEPTIONS =
|
||||
|
||||
-# MULTILIB_OPTIONS += EL/EB
|
||||
+# MULTILIB_OPTIONS += mel/meb
|
||||
# MULTILIB_DIRNAMES += le be
|
||||
-# MULTILIB_MATCHES += EL=mel EB=meb
|
@ -0,0 +1,14 @@
|
||||
disable split-stack for non-thread builds
|
||||
|
||||
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
|
||||
|
||||
diff -Nur gcc-5.3.0.orig/libgcc/config/t-stack gcc-5.3.0/libgcc/config/t-stack
|
||||
--- gcc-5.3.0.orig/libgcc/config/t-stack 2010-10-01 21:31:49.000000000 +0200
|
||||
+++ gcc-5.3.0/libgcc/config/t-stack 2016-03-07 03:25:32.000000000 +0100
|
||||
@@ -1,4 +1,6 @@
|
||||
# Makefile fragment to provide generic support for -fsplit-stack.
|
||||
# This should be used in config.host for any host which supports
|
||||
# -fsplit-stack.
|
||||
+ifeq ($(enable_threads),yes)
|
||||
LIB2ADD_ST += $(srcdir)/generic-morestack.c $(srcdir)/generic-morestack-thread.c
|
||||
+endif
|
60
patches/glibc/2.12.1/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.12.1/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.12.1/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.12.1/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.12.2/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.12.2/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.12.2/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.12.2/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.13/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.13/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.13/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.13/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.14.1/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.14.1/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.14.1/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.14.1/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.14/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.14/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.14/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.14/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.15/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.15/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.15/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.15/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.16.0/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.16.0/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.16.0/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.16.0/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.17/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.17/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.17/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.17/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.18/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.18/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
62
patches/glibc/2.18/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.18/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.19/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.19/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.19/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.19/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.19/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.19/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.20/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.20/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.20/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.20/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.20/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.20/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.21/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.21/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.21/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.21/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.21/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.21/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
40
patches/glibc/2.21/950-dlclose-assert.patch
Normal file
40
patches/glibc/2.21/950-dlclose-assert.patch
Normal file
@ -0,0 +1,40 @@
|
||||
commit 2bd2cad9e8a410643e80efa0b15f6f2882e1271b
|
||||
Author: Roland McGrath <roland@hack.frob.com>
|
||||
Date: Fri Apr 17 14:29:40 2015 -0700
|
||||
|
||||
Avoid confusing compiler with dynamically impossible statically invalid dereference in _dl_close_worker.
|
||||
|
||||
diff --git a/elf/dl-close.c b/elf/dl-close.c
|
||||
index cf8f9e0465..412f71d70b 100644
|
||||
--- a/elf/dl-close.c
|
||||
+++ b/elf/dl-close.c
|
||||
@@ -641,9 +641,16 @@ _dl_close_worker (struct link_map *map)
|
||||
DL_UNMAP (imap);
|
||||
|
||||
/* Finally, unlink the data structure and free it. */
|
||||
- if (imap->l_prev != NULL)
|
||||
- imap->l_prev->l_next = imap->l_next;
|
||||
- else
|
||||
+#if DL_NNS == 1
|
||||
+ /* The assert in the (imap->l_prev == NULL) case gives
|
||||
+ the compiler license to warn that NS points outside
|
||||
+ the dl_ns array bounds in that case (as nsid != LM_ID_BASE
|
||||
+ is tantamount to nsid >= DL_NNS). That should be impossible
|
||||
+ in this configuration, so just assert about it instead. */
|
||||
+ assert (nsid == LM_ID_BASE);
|
||||
+ assert (imap->l_prev != NULL);
|
||||
+#else
|
||||
+ if (imap->l_prev == NULL)
|
||||
{
|
||||
assert (nsid != LM_ID_BASE);
|
||||
ns->_ns_loaded = imap->l_next;
|
||||
@@ -652,6 +659,9 @@ _dl_close_worker (struct link_map *map)
|
||||
we leave for debuggers to examine. */
|
||||
r->r_map = (void *) ns->_ns_loaded;
|
||||
}
|
||||
+ else
|
||||
+#endif
|
||||
+ imap->l_prev->l_next = imap->l_next;
|
||||
|
||||
--ns->_ns_nloaded;
|
||||
if (imap->l_next != NULL)
|
60
patches/glibc/2.22/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.22/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.22/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.22/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.22/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.22/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.23/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.23/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.23/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.23/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.23/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.23/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
60
patches/glibc/2.24/920-fix-rpc_parse-format.patch
Normal file
60
patches/glibc/2.24/920-fix-rpc_parse-format.patch
Normal file
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/2.24/930-explicit-boolean.patch
Normal file
33
patches/glibc/2.24/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
62
patches/glibc/2.24/940-nis-bogus-conditional.patch
Normal file
62
patches/glibc/2.24/940-nis-bogus-conditional.patch
Normal file
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
296
patches/glibc/2.25/960-sh4-trap-divdi3.patch
Normal file
296
patches/glibc/2.25/960-sh4-trap-divdi3.patch
Normal file
@ -0,0 +1,296 @@
|
||||
commit db3d848e154b00071f4a5e729d5884efad410109
|
||||
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
Date: Wed Mar 15 15:44:59 2017 -0300
|
||||
|
||||
Build divdi3 only for architecture that required it
|
||||
|
||||
As noted in [1], divdi3 object is only exported in a handful ABIs
|
||||
(i386, m68k, powerpc32, s390-32, and ia64), however it is built
|
||||
for all current architectures regardless.
|
||||
|
||||
This patch refact the make rules for this object to so only the
|
||||
aforementioned architectures that actually require it builds it.
|
||||
|
||||
Also, to avoid internal PLT calls to the exported symbol from the
|
||||
module, glibc uses an internal header (symbol-hacks.h) which is
|
||||
unrequired (and in fact breaks the build for architectures that
|
||||
intend to get symbol definitions from libgcc.a). The patch also
|
||||
changes it to create its own header (divdi3-symbol-hacks.h) and
|
||||
adjust the architectures that require it accordingly.
|
||||
|
||||
I checked the build/check (with run-built-tests=no) on the
|
||||
following architectures (which I think must cover all supported
|
||||
ABI/builds) using GCC 6.3:
|
||||
|
||||
aarch64-linux-gnu
|
||||
alpha-linux-gnu
|
||||
arm-linux-gnueabihf
|
||||
hppa-linux-gnu
|
||||
ia64-linux-gnu
|
||||
m68k-linux-gnu
|
||||
microblaze-linux-gnu
|
||||
mips64-n32-linux-gnu
|
||||
mips-linux-gnu
|
||||
mips64-linux-gnu
|
||||
nios2-linux-gnu
|
||||
powerpc-linux-gnu
|
||||
powerpc-linux-gnu-power4
|
||||
powerpc64-linux-gnu
|
||||
powerpc64le-linux-gnu
|
||||
s390x-linux-gnu
|
||||
s390-linux-gnu
|
||||
sh4-linux-gnu
|
||||
sh4-linux-gnu-soft
|
||||
sparc64-linux-gnu
|
||||
sparcv9-linux-gnu
|
||||
tilegx-linux-gnu
|
||||
tilegx-linux-gnu-32
|
||||
tilepro-linux-gnu
|
||||
x86_64-linux-gnu
|
||||
x86_64-linux-gnu-x32
|
||||
i686-linux-gnu
|
||||
|
||||
I only saw one regression on sparcv9-linux-gnu (extra PLT call to
|
||||
.udiv) which I address in next patch in the set. It also correctly
|
||||
build SH with GCC 7.0.1 (without any regression from c89721e25d).
|
||||
|
||||
[1] https://sourceware.org/ml/libc-alpha/2017-03/msg00243.html
|
||||
|
||||
* sysdeps/i386/symbol-hacks.h: New file.
|
||||
* sysdeps/m68k/symbol-hacks.h: New file.
|
||||
* sysdeps/powerpc/powerpc32/symbol-hacks.h: New file.
|
||||
* sysdeps/s390/s390-32/symbol-hacks.h: New file.
|
||||
* sysdeps/unix/sysv/linux/i386/Makefile
|
||||
[$(subdir) = csu] (sysdep_routines): New rule: divdi3 object.
|
||||
[$(subdir) = csu] (sysdep-only-routines): Likewise.
|
||||
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
|
||||
* sysdeps/unix/sysv/linux/m68k/Makefile
|
||||
[$(subdir) = csu] (sysdep_routines): Likewise.
|
||||
[$(subdir) = csu] (sysdep-only-routines): Likewise.
|
||||
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
|
||||
* sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
|
||||
[$(subdir) = csu] (sysdep_routines): Likewise.
|
||||
[$(subdir) = csu] (sysdep-only-routines): Likewise.
|
||||
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
|
||||
* sysdeps/unix/sysv/linux/s390/s390-32/Makefile
|
||||
[$(subdir) = csu] (sysdep_routines): Likewise.
|
||||
[$(subdir) = csu] (sysdep-only-routines): Likewise.
|
||||
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
|
||||
* sysdeps/wordsize-32/Makefile: Remove file.
|
||||
* sysdeps/wordsize-32/symbol-hacks.h: Definitions move to ...
|
||||
* sysdeps/wordsize-32/divdi3-symbol-hacks.h: ... here.
|
||||
|
||||
diff --git a/sysdeps/i386/symbol-hacks.h b/sysdeps/i386/symbol-hacks.h
|
||||
new file mode 100644
|
||||
index 0000000000..36a13c83f7
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/i386/symbol-hacks.h
|
||||
@@ -0,0 +1,21 @@
|
||||
+/* Hacks needed for symbol manipulation. i386 version.
|
||||
+ Copyright (C) 2017 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
|
||||
+
|
||||
+#include_next "symbol-hacks.h"
|
||||
diff --git a/sysdeps/m68k/symbol-hacks.h b/sysdeps/m68k/symbol-hacks.h
|
||||
new file mode 100644
|
||||
index 0000000000..e449d29810
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/m68k/symbol-hacks.h
|
||||
@@ -0,0 +1,21 @@
|
||||
+/* Hacks needed for symbol manipulation. m68k version.
|
||||
+ Copyright (C) 2017 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
|
||||
+
|
||||
+#include_next "symbol-hacks.h"
|
||||
diff --git a/sysdeps/powerpc/powerpc32/symbol-hacks.h b/sysdeps/powerpc/powerpc32/symbol-hacks.h
|
||||
new file mode 100644
|
||||
index 0000000000..dbb3141621
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/powerpc/powerpc32/symbol-hacks.h
|
||||
@@ -0,0 +1,21 @@
|
||||
+/* Hacks needed for symbol manipulation. powerpc version.
|
||||
+ Copyright (C) 2017 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
|
||||
+
|
||||
+#include_next "symbol-hacks.h"
|
||||
diff --git a/sysdeps/s390/s390-32/symbol-hacks.h b/sysdeps/s390/s390-32/symbol-hacks.h
|
||||
new file mode 100644
|
||||
index 0000000000..585c42365a
|
||||
--- /dev/null
|
||||
+++ b/sysdeps/s390/s390-32/symbol-hacks.h
|
||||
@@ -0,0 +1,21 @@
|
||||
+/* Hacks needed for symbol manipulation. s390 version.
|
||||
+ Copyright (C) 2017 Free Software Foundation, Inc.
|
||||
+ This file is part of the GNU C Library.
|
||||
+
|
||||
+ The GNU C Library is free software; you can redistribute it and/or
|
||||
+ modify it under the terms of the GNU Lesser General Public
|
||||
+ License as published by the Free Software Foundation; either
|
||||
+ version 2.1 of the License, or (at your option) any later version.
|
||||
+
|
||||
+ The GNU C Library is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ Lesser General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU Lesser General Public
|
||||
+ License along with the GNU C Library; if not, see
|
||||
+ <http://www.gnu.org/licenses/>. */
|
||||
+
|
||||
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
|
||||
+
|
||||
+#include_next "symbol-hacks.h"
|
||||
diff --git a/sysdeps/unix/sysv/linux/i386/Makefile b/sysdeps/unix/sysv/linux/i386/Makefile
|
||||
index 6aac0dfe15..4080b8c966 100644
|
||||
--- a/sysdeps/unix/sysv/linux/i386/Makefile
|
||||
+++ b/sysdeps/unix/sysv/linux/i386/Makefile
|
||||
@@ -26,6 +26,11 @@ endif
|
||||
|
||||
ifeq ($(subdir),csu)
|
||||
sysdep-dl-routines += sysdep
|
||||
+ifeq (yes,$(build-shared))
|
||||
+sysdep_routines += divdi3
|
||||
+shared-only-routines += divdi3
|
||||
+CPPFLAGS-divdi3.c = -Din_divdi3_c
|
||||
+endif
|
||||
endif
|
||||
|
||||
ifeq ($(subdir),nptl)
|
||||
diff --git a/sysdeps/unix/sysv/linux/m68k/Makefile b/sysdeps/unix/sysv/linux/m68k/Makefile
|
||||
index 5c50ce6927..ce1f696a6f 100644
|
||||
--- a/sysdeps/unix/sysv/linux/m68k/Makefile
|
||||
+++ b/sysdeps/unix/sysv/linux/m68k/Makefile
|
||||
@@ -4,6 +4,11 @@ m68k-syntax-flag = -DMOTOROLA_SYNTAX
|
||||
|
||||
ifeq ($(subdir),csu)
|
||||
sysdep_routines += m68k-helpers
|
||||
+ifeq (yes,$(build-shared))
|
||||
+sysdep_routines += divdi3
|
||||
+shared-only-routines += divdi3
|
||||
+CPPFLAGS-divdi3.c = -Din_divdi3_c
|
||||
+endif
|
||||
endif
|
||||
|
||||
ifeq ($(subdir),misc)
|
||||
diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
|
||||
index 3d6c150582..1f45659ed1 100644
|
||||
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
|
||||
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
|
||||
@@ -1,2 +1,10 @@
|
||||
# See Makeconfig regarding the use of default-abi.
|
||||
default-abi := 32
|
||||
+
|
||||
+ifeq ($(subdir),csu)
|
||||
+ifeq (yes,$(build-shared))
|
||||
+sysdep_routines += divdi3
|
||||
+shared-only-routines += divdi3
|
||||
+CPPFLAGS-divdi3.c = -Din_divdi3_c
|
||||
+endif
|
||||
+endif
|
||||
diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
|
||||
index da3b3c76b4..fd8cf92633 100644
|
||||
--- a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
|
||||
+++ b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
|
||||
@@ -21,3 +21,11 @@ endif
|
||||
ifeq ($(subdir),stdlib)
|
||||
sysdep_routines += __makecontext_ret
|
||||
endif
|
||||
+
|
||||
+ifeq ($(subdir),csu)
|
||||
+ifeq (yes,$(build-shared))
|
||||
+sysdep_routines += divdi3
|
||||
+shared-only-routines += divdi3
|
||||
+CPPFLAGS-divdi3.c = -Din_divdi3_c
|
||||
+endif
|
||||
+endif
|
||||
diff --git a/sysdeps/wordsize-32/Makefile b/sysdeps/wordsize-32/Makefile
|
||||
deleted file mode 100644
|
||||
index 82beac44ed..0000000000
|
||||
--- a/sysdeps/wordsize-32/Makefile
|
||||
+++ /dev/null
|
||||
@@ -1,7 +0,0 @@
|
||||
-ifeq ($(subdir),csu)
|
||||
-ifeq (yes,$(build-shared))
|
||||
-sysdep_routines += divdi3
|
||||
-shared-only-routines += divdi3
|
||||
-CPPFLAGS-divdi3.c = -Din_divdi3_c
|
||||
-endif
|
||||
-endif
|
||||
diff --git a/sysdeps/wordsize-32/symbol-hacks.h b/sysdeps/wordsize-32/divdi3-symbol-hacks.h
|
||||
similarity index 89%
|
||||
rename from sysdeps/wordsize-32/symbol-hacks.h
|
||||
rename to sysdeps/wordsize-32/divdi3-symbol-hacks.h
|
||||
index 0aec1e0b97..6c90cb796d 100644
|
||||
--- a/sysdeps/wordsize-32/symbol-hacks.h
|
||||
+++ b/sysdeps/wordsize-32/divdi3-symbol-hacks.h
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* Hacks needed for symbol manipulation.
|
||||
+/* Hacks needed for divdi3 symbol manipulation.
|
||||
Copyright (C) 2004-2017 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
@@ -16,13 +16,13 @@
|
||||
License along with the GNU C Library; if not, see
|
||||
<http://www.gnu.org/licenses/>. */
|
||||
|
||||
-#include_next "symbol-hacks.h"
|
||||
-
|
||||
/* A very dirty trick: gcc emits references to __divdi3, __udivdi3,
|
||||
__moddi3, and __umoddi3. These functions are exported and
|
||||
therefore we get PLTs. Unnecessarily so. Changing gcc is a big
|
||||
task which might not be worth it so we play tricks with the
|
||||
- assembler. */
|
||||
+ assembler.
|
||||
+ Note: in_divdi3_c is only used to avoid symbol alias on divdi3
|
||||
+ build itself. */
|
||||
#if !defined __ASSEMBLER__ && !defined in_divdi3_c && IS_IN (libc) && defined SHARED
|
||||
asm ("__divdi3 = __divdi3_internal");
|
||||
asm ("__udivdi3 = __udivdi3_internal");
|
65
patches/glibc/2.25/961-sparc-extra-plt-call.patch
Normal file
65
patches/glibc/2.25/961-sparc-extra-plt-call.patch
Normal file
@ -0,0 +1,65 @@
|
||||
commit bdc543e338281da051b3dc06eae96c330a485ce6
|
||||
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
|
||||
Date: Thu Mar 16 09:15:57 2017 -0300
|
||||
|
||||
sparc: Fix .udiv plt on libc
|
||||
|
||||
With the removal of divdi3 object from sparcv9-linux-gnu build, its
|
||||
definition came from libgcc and its functions internall calls .udiv.
|
||||
Since glibc also exports these symbols for compatibility reasons, it
|
||||
will end up creating PLT calls internally in libc.so.
|
||||
|
||||
To avoid it, this patch uses the linker option --wrap to replace all
|
||||
the internal libc.so .udiv calls to the wrapper __wrap_.udiv. Along
|
||||
with strong alias in the udiv implementations, it makes linker do
|
||||
local calls.
|
||||
|
||||
Checked on sparcv9-linux-gnu.
|
||||
|
||||
* sysdeps/sparc/sparc32/Makefile (libc.so-gnulib): New rule.
|
||||
* sysdeps/sparc/sparc32/sparcv8/udiv.S (.udiv): Make a strong_alias
|
||||
to __wrap_.udiv.
|
||||
* sysdeps/sparc/sparc32/sparcv9/udiv.S (.udiv): Likewise.
|
||||
* sysdeps/sparc/sparc32/udiv.S (.udiv): Likewise.
|
||||
|
||||
diff --git a/sysdeps/sparc/sparc32/Makefile b/sysdeps/sparc/sparc32/Makefile
|
||||
index da205898cf..14d6e03c6f 100644
|
||||
--- a/sysdeps/sparc/sparc32/Makefile
|
||||
+++ b/sysdeps/sparc/sparc32/Makefile
|
||||
@@ -47,3 +47,9 @@ $(divrem:%=$(sysdep_dir)/sparc/sparc32/%.S): $(sysdep_dir)/sparc/sparc32/divrem.
|
||||
mv -f $@-tmp $@
|
||||
|
||||
sysdep-realclean := $(sysdep-realclean) $(divrem:%=sysdeps/sparc/sparc32/%.S)
|
||||
+
|
||||
+# libgcc __divdi3 and __moddi3 uses .udiv and since it is also exported by
|
||||
+# libc.so linker will create PLTs for the symbol. To avoid it we strong alias
|
||||
+# the exported libc one to __wrap_.udiv and use linker option --wrap to make any
|
||||
+# call to .udiv to call the wrapper symbol.
|
||||
+libc.so-gnulib += -Wl,--wrap=.udiv
|
||||
diff --git a/sysdeps/sparc/sparc32/sparcv8/udiv.S b/sysdeps/sparc/sparc32/sparcv8/udiv.S
|
||||
index d71954351e..e9cab4e4ef 100644
|
||||
--- a/sysdeps/sparc/sparc32/sparcv8/udiv.S
|
||||
+++ b/sysdeps/sparc/sparc32/sparcv8/udiv.S
|
||||
@@ -13,3 +13,4 @@ ENTRY(.udiv)
|
||||
udiv %o0, %o1, %o0
|
||||
|
||||
END(.udiv)
|
||||
+strong_alias (.udiv, __wrap_.udiv)
|
||||
diff --git a/sysdeps/sparc/sparc32/sparcv9/udiv.S b/sysdeps/sparc/sparc32/sparcv9/udiv.S
|
||||
index de79899756..368f85ede2 100644
|
||||
--- a/sysdeps/sparc/sparc32/sparcv9/udiv.S
|
||||
+++ b/sysdeps/sparc/sparc32/sparcv9/udiv.S
|
||||
@@ -15,3 +15,4 @@ ENTRY(.udiv)
|
||||
udiv %o0, %o1, %o0
|
||||
|
||||
END(.udiv)
|
||||
+strong_alias (.udiv, __wrap_.udiv)
|
||||
diff --git a/sysdeps/sparc/sparc32/udiv.S b/sysdeps/sparc/sparc32/udiv.S
|
||||
index 8dfff66158..ade0afdf40 100644
|
||||
--- a/sysdeps/sparc/sparc32/udiv.S
|
||||
+++ b/sysdeps/sparc/sparc32/udiv.S
|
||||
@@ -344,3 +344,4 @@ LOC(got_result):
|
||||
mov %o2, %o0
|
||||
|
||||
END(.udiv)
|
||||
+strong_alias (.udiv, __wrap_.udiv)
|
@ -0,0 +1,60 @@
|
||||
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Tue Nov 8 23:44:51 2016 +0000
|
||||
|
||||
Fix rpcgen buffer overrun (bug 20790).
|
||||
|
||||
Building with GCC 7 produces an error building rpcgen:
|
||||
|
||||
rpc_parse.c: In function 'get_prog_declaration':
|
||||
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
~~~~^
|
||||
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
|
||||
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
|
||||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
That buffer overrun is for the case where the .x file declares a
|
||||
program with a million arguments. The strcpy two lines above can
|
||||
generate a buffer overrun much more simply for a long argument name.
|
||||
|
||||
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
|
||||
provides a bound on the buffer size needed, so this patch just changes
|
||||
the buffer size to MAXLINESIZE to avoid both possible buffer
|
||||
overruns. A testcase is added that rpcgen does not crash with a
|
||||
500-character argument name, where it previously crashed.
|
||||
|
||||
It would not at all surprise me if there are many other ways of
|
||||
crashing rpcgen with either valid or invalid input; fuzz testing would
|
||||
likely find various such bugs, though I don't think they are that
|
||||
important to fix (rpcgen is not that likely to be used with untrusted
|
||||
.x files as input). (As well as fuzz-findable bugs there are probably
|
||||
also issues when various int variables get overflowed on very large
|
||||
input.) The test infrastructure for rpcgen-not-crashing tests would
|
||||
need extending if tests are to be added for cases where rpcgen should
|
||||
produce an error, as opposed to cases where it should succeed.
|
||||
|
||||
Tested for x86_64 and x86.
|
||||
|
||||
[BZ #20790]
|
||||
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
|
||||
to MAXLINESIZE.
|
||||
* sunrpc/bug20790.x: New file.
|
||||
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
|
||||
variable.
|
||||
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
|
||||
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
|
||||
|
||||
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
|
||||
index 1a1df6d8c2..505a6554cf 100644
|
||||
--- a/sunrpc/rpc_parse.c
|
||||
+++ b/sunrpc/rpc_parse.c
|
||||
@@ -521,7 +521,7 @@ static void
|
||||
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
|
||||
{
|
||||
token tok;
|
||||
- char name[10]; /* argument name */
|
||||
+ char name[MAXLINESIZE]; /* argument name */
|
||||
|
||||
if (dkind == DEF_PROGRAM)
|
||||
{
|
33
patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch
Normal file
33
patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch
Normal file
@ -0,0 +1,33 @@
|
||||
commit e223d1fe72e820d96f43831412ab267a1ace04d0
|
||||
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
|
||||
Date: Fri Oct 14 12:53:27 2016 -0700
|
||||
|
||||
Fix warnings from latest GCC.
|
||||
|
||||
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
|
||||
boolean.
|
||||
|
||||
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
index 663fa392c2..bd758b5979 100644
|
||||
--- a/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
|
||||
@@ -466,15 +466,15 @@ checkint (double x)
|
||||
return (n & 1) ? -1 : 1; /* odd or even */
|
||||
if (k > 20)
|
||||
{
|
||||
- if (n << (k - 20))
|
||||
+ if (n << (k - 20) != 0)
|
||||
return 0; /* if not integer */
|
||||
- return (n << (k - 21)) ? -1 : 1;
|
||||
+ return (n << (k - 21) != 0) ? -1 : 1;
|
||||
}
|
||||
if (n)
|
||||
return 0; /*if not integer */
|
||||
if (k == 20)
|
||||
return (m & 1) ? -1 : 1;
|
||||
- if (m << (k + 12))
|
||||
+ if (m << (k + 12) != 0)
|
||||
return 0;
|
||||
- return (m << (k + 11)) ? -1 : 1;
|
||||
+ return (m << (k + 11) != 0) ? -1 : 1;
|
||||
}
|
@ -0,0 +1,62 @@
|
||||
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
|
||||
Author: Joseph Myers <joseph@codesourcery.com>
|
||||
Date: Wed Dec 21 23:44:01 2016 +0000
|
||||
|
||||
Fix nss_nisplus build with mainline GCC (bug 20978).
|
||||
|
||||
glibc build with current mainline GCC fails because
|
||||
nis/nss_nisplus/nisplus-alias.c contains code
|
||||
|
||||
if (name != NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
||||
}
|
||||
|
||||
char buf[strlen (name) + 9 + tablename_len];
|
||||
|
||||
producing an error about strlen being called on a pointer that is
|
||||
always NULL (and a subsequent use of that pointer with a %s format in
|
||||
snprintf).
|
||||
|
||||
As Andreas noted, the bogus conditional comes from a 1997 change:
|
||||
|
||||
- if (name == NULL || strlen(name) > 8)
|
||||
- return NSS_STATUS_NOTFOUND;
|
||||
- else
|
||||
+ if (name != NULL || strlen(name) <= 8)
|
||||
|
||||
So the intention is clearly to return an error for NULL name.
|
||||
|
||||
This patch duly inverts the sense of the conditional. It fixes the
|
||||
build with GCC mainline, and passes usual glibc testsuite testing for
|
||||
x86_64. However, I have not tried any actual substantive nisplus
|
||||
testing, do not have an environment for such testing, and do not know
|
||||
whether it is possible that strlen (name) or tablename_len might be
|
||||
large so that the VLA for buf is actually a security issue. However,
|
||||
if it is a security issue, there are plenty of other similar instances
|
||||
in the nisplus code (that haven't been hidden by a bogus comparison
|
||||
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
|
||||
string passed to nis_list, so a local fix in the caller wouldn't
|
||||
suffice anyway (see bug 20987). (Calls to strdupa and other such
|
||||
macros that use alloca must be considered equally questionable
|
||||
regarding stack overflow issues as direct calls to alloca and VLA
|
||||
declarations.)
|
||||
|
||||
[BZ #20978]
|
||||
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
|
||||
Compare name == NULL, not name != NULL.
|
||||
|
||||
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
|
||||
index 7f698b4e6d..cb5acce01d 100644
|
||||
--- a/nis/nss_nisplus/nisplus-alias.c
|
||||
+++ b/nis/nss_nisplus/nisplus-alias.c
|
||||
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
|
||||
return status;
|
||||
}
|
||||
|
||||
- if (name != NULL)
|
||||
+ if (name == NULL)
|
||||
{
|
||||
*errnop = EINVAL;
|
||||
return NSS_STATUS_UNAVAIL;
|
61
patches/uClibc-ng/1.0.20/700-features.h-c11.patch
Normal file
61
patches/uClibc-ng/1.0.20/700-features.h-c11.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
|
||||
From: Waldemar Brodkorb <wbx@openadk.org>
|
||||
Date: Sun, 7 May 2017 16:28:14 +0200
|
||||
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
|
||||
|
||||
---
|
||||
include/features.h | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/features.h b/include/features.h
|
||||
index e76bbba..f982079 100644
|
||||
--- a/include/features.h
|
||||
+++ b/include/features.h
|
||||
@@ -55,6 +55,7 @@
|
||||
These are defined by this file and are used by the
|
||||
header files to decide what to declare or define:
|
||||
|
||||
+ __USE_ISOC11 Define ISO C11 things.
|
||||
__USE_ISOC99 Define ISO C99 things.
|
||||
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
|
||||
__USE_POSIX Define IEEE Std 1003.1 things.
|
||||
@@ -91,6 +92,7 @@
|
||||
|
||||
|
||||
/* Undefine everything, so we get a clean slate. */
|
||||
+#undef __USE_ISOC11
|
||||
#undef __USE_ISOC99
|
||||
#undef __USE_ISOC95
|
||||
#undef __USE_POSIX
|
||||
@@ -151,6 +153,8 @@
|
||||
#ifdef _GNU_SOURCE
|
||||
# undef _ISOC99_SOURCE
|
||||
# define _ISOC99_SOURCE 1
|
||||
+# undef _ISOC11_SOURCE
|
||||
+# define _ISOC11_SOURCE 1
|
||||
# undef _POSIX_SOURCE
|
||||
# define _POSIX_SOURCE 1
|
||||
# undef _POSIX_C_SOURCE
|
||||
@@ -223,11 +227,14 @@
|
||||
# define _SVID_SOURCE 1
|
||||
#endif
|
||||
|
||||
-/* This is to enable the ISO C99 extension. Also recognize the old macro
|
||||
- which was used prior to the standard acceptance. This macro will
|
||||
- eventually go away and the features enabled by default once the ISO C99
|
||||
- standard is widely adopted. */
|
||||
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
|
||||
+/* This is to enable the ISO C11 extension. */
|
||||
+#if (defined _ISOC11_SOURCE \
|
||||
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
|
||||
+# define __USE_ISOC11 1
|
||||
+#endif
|
||||
+
|
||||
+/* This is to enable the ISO C99 extension. */
|
||||
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|
||||
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
|
||||
# define __USE_ISOC99 1
|
||||
#endif
|
||||
--
|
||||
cgit v0.11.2-3-g2eb4
|
||||
|
61
patches/uClibc-ng/1.0.21/700-features.h-c11.patch
Normal file
61
patches/uClibc-ng/1.0.21/700-features.h-c11.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
|
||||
From: Waldemar Brodkorb <wbx@openadk.org>
|
||||
Date: Sun, 7 May 2017 16:28:14 +0200
|
||||
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
|
||||
|
||||
---
|
||||
include/features.h | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/features.h b/include/features.h
|
||||
index e76bbba..f982079 100644
|
||||
--- a/include/features.h
|
||||
+++ b/include/features.h
|
||||
@@ -55,6 +55,7 @@
|
||||
These are defined by this file and are used by the
|
||||
header files to decide what to declare or define:
|
||||
|
||||
+ __USE_ISOC11 Define ISO C11 things.
|
||||
__USE_ISOC99 Define ISO C99 things.
|
||||
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
|
||||
__USE_POSIX Define IEEE Std 1003.1 things.
|
||||
@@ -91,6 +92,7 @@
|
||||
|
||||
|
||||
/* Undefine everything, so we get a clean slate. */
|
||||
+#undef __USE_ISOC11
|
||||
#undef __USE_ISOC99
|
||||
#undef __USE_ISOC95
|
||||
#undef __USE_POSIX
|
||||
@@ -151,6 +153,8 @@
|
||||
#ifdef _GNU_SOURCE
|
||||
# undef _ISOC99_SOURCE
|
||||
# define _ISOC99_SOURCE 1
|
||||
+# undef _ISOC11_SOURCE
|
||||
+# define _ISOC11_SOURCE 1
|
||||
# undef _POSIX_SOURCE
|
||||
# define _POSIX_SOURCE 1
|
||||
# undef _POSIX_C_SOURCE
|
||||
@@ -223,11 +227,14 @@
|
||||
# define _SVID_SOURCE 1
|
||||
#endif
|
||||
|
||||
-/* This is to enable the ISO C99 extension. Also recognize the old macro
|
||||
- which was used prior to the standard acceptance. This macro will
|
||||
- eventually go away and the features enabled by default once the ISO C99
|
||||
- standard is widely adopted. */
|
||||
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
|
||||
+/* This is to enable the ISO C11 extension. */
|
||||
+#if (defined _ISOC11_SOURCE \
|
||||
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
|
||||
+# define __USE_ISOC11 1
|
||||
+#endif
|
||||
+
|
||||
+/* This is to enable the ISO C99 extension. */
|
||||
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|
||||
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
|
||||
# define __USE_ISOC99 1
|
||||
#endif
|
||||
--
|
||||
cgit v0.11.2-3-g2eb4
|
||||
|
61
patches/uClibc-ng/1.0.22/700-features.h-c11.patch
Normal file
61
patches/uClibc-ng/1.0.22/700-features.h-c11.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
|
||||
From: Waldemar Brodkorb <wbx@openadk.org>
|
||||
Date: Sun, 7 May 2017 16:28:14 +0200
|
||||
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
|
||||
|
||||
---
|
||||
include/features.h | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/features.h b/include/features.h
|
||||
index e76bbba..f982079 100644
|
||||
--- a/include/features.h
|
||||
+++ b/include/features.h
|
||||
@@ -55,6 +55,7 @@
|
||||
These are defined by this file and are used by the
|
||||
header files to decide what to declare or define:
|
||||
|
||||
+ __USE_ISOC11 Define ISO C11 things.
|
||||
__USE_ISOC99 Define ISO C99 things.
|
||||
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
|
||||
__USE_POSIX Define IEEE Std 1003.1 things.
|
||||
@@ -91,6 +92,7 @@
|
||||
|
||||
|
||||
/* Undefine everything, so we get a clean slate. */
|
||||
+#undef __USE_ISOC11
|
||||
#undef __USE_ISOC99
|
||||
#undef __USE_ISOC95
|
||||
#undef __USE_POSIX
|
||||
@@ -151,6 +153,8 @@
|
||||
#ifdef _GNU_SOURCE
|
||||
# undef _ISOC99_SOURCE
|
||||
# define _ISOC99_SOURCE 1
|
||||
+# undef _ISOC11_SOURCE
|
||||
+# define _ISOC11_SOURCE 1
|
||||
# undef _POSIX_SOURCE
|
||||
# define _POSIX_SOURCE 1
|
||||
# undef _POSIX_C_SOURCE
|
||||
@@ -223,11 +227,14 @@
|
||||
# define _SVID_SOURCE 1
|
||||
#endif
|
||||
|
||||
-/* This is to enable the ISO C99 extension. Also recognize the old macro
|
||||
- which was used prior to the standard acceptance. This macro will
|
||||
- eventually go away and the features enabled by default once the ISO C99
|
||||
- standard is widely adopted. */
|
||||
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
|
||||
+/* This is to enable the ISO C11 extension. */
|
||||
+#if (defined _ISOC11_SOURCE \
|
||||
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
|
||||
+# define __USE_ISOC11 1
|
||||
+#endif
|
||||
+
|
||||
+/* This is to enable the ISO C99 extension. */
|
||||
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|
||||
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
|
||||
# define __USE_ISOC99 1
|
||||
#endif
|
||||
--
|
||||
cgit v0.11.2-3-g2eb4
|
||||
|
61
patches/uClibc-ng/1.0.23/700-features.h-c11.patch
Normal file
61
patches/uClibc-ng/1.0.23/700-features.h-c11.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
|
||||
From: Waldemar Brodkorb <wbx@openadk.org>
|
||||
Date: Sun, 7 May 2017 16:28:14 +0200
|
||||
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
|
||||
|
||||
---
|
||||
include/features.h | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/features.h b/include/features.h
|
||||
index e76bbba..f982079 100644
|
||||
--- a/include/features.h
|
||||
+++ b/include/features.h
|
||||
@@ -55,6 +55,7 @@
|
||||
These are defined by this file and are used by the
|
||||
header files to decide what to declare or define:
|
||||
|
||||
+ __USE_ISOC11 Define ISO C11 things.
|
||||
__USE_ISOC99 Define ISO C99 things.
|
||||
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
|
||||
__USE_POSIX Define IEEE Std 1003.1 things.
|
||||
@@ -91,6 +92,7 @@
|
||||
|
||||
|
||||
/* Undefine everything, so we get a clean slate. */
|
||||
+#undef __USE_ISOC11
|
||||
#undef __USE_ISOC99
|
||||
#undef __USE_ISOC95
|
||||
#undef __USE_POSIX
|
||||
@@ -151,6 +153,8 @@
|
||||
#ifdef _GNU_SOURCE
|
||||
# undef _ISOC99_SOURCE
|
||||
# define _ISOC99_SOURCE 1
|
||||
+# undef _ISOC11_SOURCE
|
||||
+# define _ISOC11_SOURCE 1
|
||||
# undef _POSIX_SOURCE
|
||||
# define _POSIX_SOURCE 1
|
||||
# undef _POSIX_C_SOURCE
|
||||
@@ -223,11 +227,14 @@
|
||||
# define _SVID_SOURCE 1
|
||||
#endif
|
||||
|
||||
-/* This is to enable the ISO C99 extension. Also recognize the old macro
|
||||
- which was used prior to the standard acceptance. This macro will
|
||||
- eventually go away and the features enabled by default once the ISO C99
|
||||
- standard is widely adopted. */
|
||||
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
|
||||
+/* This is to enable the ISO C11 extension. */
|
||||
+#if (defined _ISOC11_SOURCE \
|
||||
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
|
||||
+# define __USE_ISOC11 1
|
||||
+#endif
|
||||
+
|
||||
+/* This is to enable the ISO C99 extension. */
|
||||
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|
||||
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
|
||||
# define __USE_ISOC99 1
|
||||
#endif
|
||||
--
|
||||
cgit v0.11.2-3-g2eb4
|
||||
|
61
patches/uClibc-ng/1.0.24/700-features.h-c11.patch
Normal file
61
patches/uClibc-ng/1.0.24/700-features.h-c11.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
|
||||
From: Waldemar Brodkorb <wbx@openadk.org>
|
||||
Date: Sun, 7 May 2017 16:28:14 +0200
|
||||
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
|
||||
|
||||
---
|
||||
include/features.h | 17 ++++++++++++-----
|
||||
1 file changed, 12 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/include/features.h b/include/features.h
|
||||
index e76bbba..f982079 100644
|
||||
--- a/include/features.h
|
||||
+++ b/include/features.h
|
||||
@@ -55,6 +55,7 @@
|
||||
These are defined by this file and are used by the
|
||||
header files to decide what to declare or define:
|
||||
|
||||
+ __USE_ISOC11 Define ISO C11 things.
|
||||
__USE_ISOC99 Define ISO C99 things.
|
||||
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
|
||||
__USE_POSIX Define IEEE Std 1003.1 things.
|
||||
@@ -91,6 +92,7 @@
|
||||
|
||||
|
||||
/* Undefine everything, so we get a clean slate. */
|
||||
+#undef __USE_ISOC11
|
||||
#undef __USE_ISOC99
|
||||
#undef __USE_ISOC95
|
||||
#undef __USE_POSIX
|
||||
@@ -151,6 +153,8 @@
|
||||
#ifdef _GNU_SOURCE
|
||||
# undef _ISOC99_SOURCE
|
||||
# define _ISOC99_SOURCE 1
|
||||
+# undef _ISOC11_SOURCE
|
||||
+# define _ISOC11_SOURCE 1
|
||||
# undef _POSIX_SOURCE
|
||||
# define _POSIX_SOURCE 1
|
||||
# undef _POSIX_C_SOURCE
|
||||
@@ -223,11 +227,14 @@
|
||||
# define _SVID_SOURCE 1
|
||||
#endif
|
||||
|
||||
-/* This is to enable the ISO C99 extension. Also recognize the old macro
|
||||
- which was used prior to the standard acceptance. This macro will
|
||||
- eventually go away and the features enabled by default once the ISO C99
|
||||
- standard is widely adopted. */
|
||||
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
|
||||
+/* This is to enable the ISO C11 extension. */
|
||||
+#if (defined _ISOC11_SOURCE \
|
||||
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
|
||||
+# define __USE_ISOC11 1
|
||||
+#endif
|
||||
+
|
||||
+/* This is to enable the ISO C99 extension. */
|
||||
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|
||||
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
|
||||
# define __USE_ISOC99 1
|
||||
#endif
|
||||
--
|
||||
cgit v0.11.2-3-g2eb4
|
||||
|
@ -48,6 +48,17 @@ CT_DoArchUClibcConfig() {
|
||||
CT_KconfigDeleteOption "CONFIG_MIPS_ISA_MIPS64R2" "${cfg}"
|
||||
}
|
||||
|
||||
CT_DoArchUClibcHeaderDir() {
|
||||
local dir_var="${1}"
|
||||
local cflags="${2}"
|
||||
|
||||
# If it is non-default multilib, add a suffix with architecture (reported by gcc)
|
||||
# to the headers installation path.
|
||||
if [ -n "${cflags}" ]; then
|
||||
eval "${dir_var}="$( ${CT_TARGET}-${CT_CC} -print-multiarch ${cflags} )
|
||||
fi
|
||||
}
|
||||
|
||||
CT_DoArchUClibcCflags() {
|
||||
local cfg="${1}"
|
||||
local cflags="${2}"
|
||||
|
Loading…
x
Reference in New Issue
Block a user