ExternalVendorCode/crosstool-ng
1
0
Fork 0
mirror of https://github.com/crosstool-ng/crosstool-ng.git synced 2025-01-31 08:25:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #716 from stilor/gcc7

Browse Source 
Add GCC 7.1.0
This commit is contained in:
Alexey Neyman 2017-05-14 09:51:28 -07:00 committed by GitHub
commit ef762bfe8e
59 changed files with 3273 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
config/cc/gcc.in
View File

@ -3,7 +3,7 @@
## default y
## select CC_SUPPORT_CXX if !LIBC_none
## select CC_SUPPORT_FORTRAN
## select CC_SUPPORT_JAVA
## select CC_SUPPORT_JAVA if !CC_GCC_6_or_later
## select CC_SUPPORT_ADA
## select CC_SUPPORT_OBJC
## select CC_SUPPORT_OBJCXX
@ -73,6 +73,11 @@ choice
# Don't remove next line
# CT_INSERT_VERSION_BELOW
config CC_GCC_V_7_1_0
bool
prompt "7.1.0"
select CC_GCC_7
config CC_GCC_V_linaro_6_3
bool
prompt "linaro-6.3-2017.02"
@ -141,25 +146,31 @@ config CC_GCC_4_9_or_later
config CC_GCC_5
bool
select CC_GCC_5_or_later
select CC_GCC_HAS_LIBMPX
config CC_GCC_5_or_later
bool
select CC_GCC_4_9_or_later
select CC_GCC_HAS_LIBMPX
config CC_GCC_6
bool
select CC_GCC_6_or_later
select CC_GCC_HAS_LIBMPX
config CC_GCC_6_or_later
bool
select CC_GCC_5_or_later
config CC_GCC_latest
config CC_GCC_7
bool
select CC_GCC_7_or_later
config CC_GCC_7_or_later
bool
select CC_GCC_6_or_later
select CC_GCC_HAS_LIBMPX
config CC_GCC_latest
bool
select CC_GCC_7_or_later
# Only enable gcc's support for plugins if binutils has it as well
# They are useful only when doing LTO, but it does no harm enabling
@ -185,6 +196,7 @@ config CC_GCC_VERSION
string
# Don't remove next line
# CT_INSERT_VERSION_STRING_BELOW
default "7.1.0" if CC_GCC_V_7_1_0
default "linaro-6.3-2017.02" if CC_GCC_V_linaro_6_3
default "6.3.0" if CC_GCC_V_6_3_0
default "linaro-5.4-2017.01" if CC_GCC_V_linaro_5_4

15
patches/gcc/7.1.0/100-uclibc-conf.patch Normal file
View File

@ -0,0 +1,15 @@
Index: b/contrib/regression/objs-gcc.sh
===================================================================
--- a/contrib/regression/objs-gcc.sh
+++ b/contrib/regression/objs-gcc.sh
@@ -106,6 +106,10 @@
then
make all-gdb all-dejagnu all-ld || exit 1
make install-gdb install-dejagnu install-ld || exit 1
+elif [ $H_REAL_TARGET = $H_REAL_HOST -a $H_REAL_TARGET = i686-pc-linux-uclibc ]
+ then
+ make all-gdb all-dejagnu all-ld || exit 1
+ make install-gdb install-dejagnu install-ld || exit 1
elif [ $H_REAL_TARGET = $H_REAL_HOST ] ; then
make bootstrap || exit 1
make install || exit 1

14
patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch Normal file
View File

@ -0,0 +1,14 @@
--- gcc-6.2.0/libtool-ldflags 2016-12-20 11:13:12.669668125 -0800
+++ gcc-6.2.0/libtool-ldflags 2016-12-20 11:28:34.894826286 -0800
@@ -36,6 +36,11 @@
for arg
do
case $arg in
+ -framework)
+ # libtool handles this option. It should not be prefixed with
+ # -Xcompiler, as that would split it from the argument that
+ # follows.
+ ;;
-f*|--*|-static-lib*|-shared-lib*|-B*)
# Libtool does not ascribe any special meaning options
# that begin with -f or with a double-dash. So, it will

160
patches/gcc/7.1.0/370-gcc-plugin-Win-Dont-need-undefined-extern-var-refs-nor-fpic.patch Normal file
View File

@ -0,0 +1,160 @@
diff -urN gcc-5.3.0.orig/config/gcc-plugin.m4 gcc-5.3.0/config/gcc-plugin.m4
--- gcc-5.3.0.orig/config/gcc-plugin.m4 2015-12-19 14:39:04.120734900 +0000
+++ gcc-5.3.0/config/gcc-plugin.m4 2015-12-20 01:28:45.381965300 +0000
@@ -20,6 +20,9 @@
pluginlibs=
+ PICFLAG="-fPIC"
+ UNDEFINEDPREAMBLE="extern int X;"
+ UNDEFINEDCODE="return X == 0;"
case "${host}" in
*-*-darwin*)
if test x$build = x$host; then
@@ -30,6 +33,11 @@
export_sym_check=
fi
;;
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
+ PICFLAG=""
+ UNDEFINEDPREAMBLE=""
+ UNDEFINEDCODE=""
+ ;;
*)
if test x$build = x$host; then
export_sym_check="objdump${exeext} -T"
@@ -81,17 +89,17 @@
case "${host}" in
*-*-darwin*)
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
- CFLAGS="$CFLAGS -fPIC"
+ CFLAGS="$CFLAGS ${PICFLAG}"
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
;;
*)
- CFLAGS="$CFLAGS -fPIC"
- LDFLAGS="$LDFLAGS -fPIC -shared"
+ CFLAGS="$CFLAGS ${PICFLAG}"
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
;;
esac
- AC_MSG_CHECKING([for -fPIC -shared])
+ AC_MSG_CHECKING([for ${PICFLAG} -shared])
AC_TRY_LINK(
- [extern int X;],[return X == 0;],
+ [${UNDEFINEDPREAMBLE}],[${UNDEFINEDCODE}],
[AC_MSG_RESULT([yes]); have_pic_shared=yes],
[AC_MSG_RESULT([no]); have_pic_shared=no])
if test x"$have_pic_shared" != x"yes" -o x"$ac_cv_search_dlopen" = x"no"; then
diff -urN gcc-5.3.0.orig/gcc/configure gcc-5.3.0/gcc/configure
--- gcc-5.3.0.orig/gcc/configure 2015-12-19 14:40:16.893975900 +0000
+++ gcc-5.3.0/gcc/configure 2015-12-20 01:28:45.472476700 +0000
@@ -28386,6 +28386,9 @@
pluginlibs=
+ PICFLAG="-fPIC"
+ UNDEFINEDPREAMBLE="extern int X;"
+ UNDEFINEDCODE="return X == 0;"
case "${host}" in
*-*-darwin*)
if test x$build = x$host; then
@@ -28396,6 +28399,11 @@
export_sym_check=
fi
;;
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
+ PICFLAG=""
+ UNDEFINEDPREAMBLE=""
+ UNDEFINEDCODE=""
+ ;;
*)
if test x$build = x$host; then
export_sym_check="objdump${exeext} -T"
@@ -28508,23 +28516,23 @@
case "${host}" in
*-*-darwin*)
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
- CFLAGS="$CFLAGS -fPIC"
+ CFLAGS="$CFLAGS ${PICFLAG}"
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
;;
*)
- CFLAGS="$CFLAGS -fPIC"
- LDFLAGS="$LDFLAGS -fPIC -shared"
+ CFLAGS="$CFLAGS ${PICFLAG}"
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5
-$as_echo_n "checking for -fPIC -shared... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5
+$as_echo_n "checking for ${PICFLAG} -shared... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-extern int X;
+${UNDEFINEDPREAMBLE}
int
main ()
{
-return X == 0;
+${UNDEFINEDCODE}
;
return 0;
}
diff -urN gcc-5.3.0.orig/libcc1/configure gcc-5.3.0/libcc1/configure
--- gcc-5.3.0.orig/libcc1/configure 2015-12-19 14:40:20.855979000 +0000
+++ gcc-5.3.0/libcc1/configure 2015-12-20 01:28:45.504980900 +0000
@@ -14500,6 +14500,9 @@
pluginlibs=
+ PICFLAG="-fPIC"
+ UNDEFINEDPREAMBLE="extern int X;"
+ UNDEFINEDCODE="return X == 0;"
case "${host}" in
*-*-darwin*)
if test x$build = x$host; then
@@ -14510,6 +14513,11 @@
export_sym_check=
fi
;;
+ *-*-mingw*|*-*-cygwin*|*-*-msys*)
+ PICFLAG=""
+ UNDEFINEDPREAMBLE=""
+ UNDEFINEDCODE=""
+ ;;
*)
if test x$build = x$host; then
export_sym_check="objdump${exeext} -T"
@@ -14622,23 +14630,23 @@
case "${host}" in
*-*-darwin*)
CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g`
- CFLAGS="$CFLAGS -fPIC"
+ CFLAGS="$CFLAGS ${PICFLAG}"
LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup"
;;
*)
- CFLAGS="$CFLAGS -fPIC"
- LDFLAGS="$LDFLAGS -fPIC -shared"
+ CFLAGS="$CFLAGS ${PICFLAG}"
+ LDFLAGS="$LDFLAGS ${PICFLAG} -shared"
;;
esac
- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5
-$as_echo_n "checking for -fPIC -shared... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5
+$as_echo_n "checking for ${PICFLAG} -shared... " >&6; }
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
-extern int X;
+${UNDEFINEDPREAMBLE}
int
main ()
{
-return X == 0;
+${UNDEFINEDCODE}
;
return 0;
}

11
patches/gcc/7.1.0/380-gcc-plugin-POSIX-include-sys-select-h.patch Normal file
View File

@ -0,0 +1,11 @@
diff -urN gcc-5.3.0.orig/libcc1/connection.cc gcc-5.3.0/libcc1/connection.cc
--- gcc-5.3.0.orig/libcc1/connection.cc 2015-12-19 14:40:20.860479600 +0000
+++ gcc-5.3.0/libcc1/connection.cc 2015-12-20 01:31:04.346611500 +0000
@@ -21,6 +21,7 @@
#include <string>
#include <unistd.h>
#include <sys/types.h>
+#include <sys/select.h>
#include <string.h>
#include <errno.h>
#include "marshall.hh"

30
patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch Normal file
View File

@ -0,0 +1,30 @@
Index: b/gcc/config/arm/linux-elf.h
===================================================================
--- a/gcc/config/arm/linux-elf.h
+++ b/gcc/config/arm/linux-elf.h
@@ -60,7 +60,7 @@
%{shared:-lc} \
%{!shared:%{profile:-lc_p}%{!profile:-lc}}"
-#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc"
+#define LIBGCC_SPEC "-lgcc"
#define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2"
Index: b/libgcc/config/arm/t-linux
===================================================================
--- a/libgcc/config/arm/t-linux
+++ b/libgcc/config/arm/t-linux
@@ -1,6 +1,11 @@
LIB1ASMSRC = arm/lib1funcs.S
LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx _clzsi2 _clzdi2 \
- _ctzsi2 _arm_addsubdf3 _arm_addsubsf3
+ _ctzsi2 _arm_addsubdf3 _arm_addsubsf3 \
+ _arm_addsubdf3 _arm_addsubsf3 \
+ _arm_negdf2 _arm_muldivdf3 _arm_cmpdf2 _arm_unorddf2 \
+ _arm_fixdfsi _arm_fixunsdfsi _arm_truncdfsf2 \
+ _arm_negsf2 _arm_muldivsf3 _arm_cmpsf2 _arm_unordsf2 \
+ _arm_fixsfsi _arm_fixunssfsi
# Just for these, we omit the frame pointer since it makes such a big
# difference.

56
patches/gcc/7.1.0/860-cilk-wchar.patch Normal file
View File

@ -0,0 +1,56 @@
[PATCH] cilk: fix build without wchar
When building against uClibc with wchar support disabled, WCHAR_MIN and
WCHAR_MAX are not defined leading to compilation errors.
Fix it by only including the wchar code if available.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
libcilkrts/include/cilk/reducer_min_max.h | 8 ++++++++
1 file changed, 8 insertions(+)
Index: b/libcilkrts/include/cilk/reducer_min_max.h
===================================================================
--- a/libcilkrts/include/cilk/reducer_min_max.h
+++ b/libcilkrts/include/cilk/reducer_min_max.h
@@ -3154,7 +3154,9 @@
CILK_C_REDUCER_MAX_INSTANCE(char, char, CHAR_MIN)
CILK_C_REDUCER_MAX_INSTANCE(unsigned char, uchar, 0)
CILK_C_REDUCER_MAX_INSTANCE(signed char, schar, SCHAR_MIN)
+#ifdef WCHAR_MIN
CILK_C_REDUCER_MAX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN)
+#endif
CILK_C_REDUCER_MAX_INSTANCE(short, short, SHRT_MIN)
CILK_C_REDUCER_MAX_INSTANCE(unsigned short, ushort, 0)
CILK_C_REDUCER_MAX_INSTANCE(int, int, INT_MIN)
@@ -3306,7 +3308,9 @@
CILK_C_REDUCER_MAX_INDEX_INSTANCE(char, char, CHAR_MIN)
CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned char, uchar, 0)
CILK_C_REDUCER_MAX_INDEX_INSTANCE(signed char, schar, SCHAR_MIN)
+#ifdef WCHAR_MIN
CILK_C_REDUCER_MAX_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN)
+#endif
CILK_C_REDUCER_MAX_INDEX_INSTANCE(short, short, SHRT_MIN)
CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned short, ushort, 0)
CILK_C_REDUCER_MAX_INDEX_INSTANCE(int, int, INT_MIN)
@@ -3432,7 +3436,9 @@
CILK_C_REDUCER_MIN_INSTANCE(char, char, CHAR_MAX)
CILK_C_REDUCER_MIN_INSTANCE(unsigned char, uchar, CHAR_MAX)
CILK_C_REDUCER_MIN_INSTANCE(signed char, schar, SCHAR_MAX)
+#ifdef WCHAR_MAX
CILK_C_REDUCER_MIN_INSTANCE(wchar_t, wchar_t, WCHAR_MAX)
+#endif
CILK_C_REDUCER_MIN_INSTANCE(short, short, SHRT_MAX)
CILK_C_REDUCER_MIN_INSTANCE(unsigned short, ushort, USHRT_MAX)
CILK_C_REDUCER_MIN_INSTANCE(int, int, INT_MAX)
@@ -3584,7 +3590,9 @@
CILK_C_REDUCER_MIN_INDEX_INSTANCE(char, char, CHAR_MAX)
CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned char, uchar, CHAR_MAX)
CILK_C_REDUCER_MIN_INDEX_INSTANCE(signed char, schar, SCHAR_MAX)
+#ifdef WCHAR_MAX
CILK_C_REDUCER_MIN_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MAX)
+#endif
CILK_C_REDUCER_MIN_INDEX_INSTANCE(short, short, SHRT_MAX)
CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned short, ushort, USHRT_MAX)
CILK_C_REDUCER_MIN_INDEX_INSTANCE(int, int, INT_MAX)

18
patches/gcc/7.1.0/891-fix-m68k-uclinux.patch Normal file
View File

@ -0,0 +1,18 @@
avoids internal compiler error while compiling linux-atomic.c
See here:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53833
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
diff -Nur gcc-5.3.0.orig/libgcc/config.host gcc-5.3.0/libgcc/config.host
--- gcc-5.3.0.orig/libgcc/config.host 2015-10-01 14:01:18.000000000 +0200
+++ gcc-5.3.0/libgcc/config.host 2016-04-26 21:30:25.353691745 +0200
@@ -794,7 +794,7 @@
m68k*-*-openbsd*)
;;
m68k-*-uclinux*) # Motorola m68k/ColdFire running uClinux with uClibc
- tmake_file="$tmake_file m68k/t-floatlib m68k/t-linux"
+ tmake_file="$tmake_file m68k/t-floatlib"
md_unwind_header=m68k/linux-unwind.h
;;
m68k-*-linux*) # Motorola m68k's running GNU/Linux

10
patches/gcc/7.1.0/900-libgfortran-missing-include.patch Normal file
View File

@ -0,0 +1,10 @@
--- gcc-6.3.0/libgfortran/io/close.c.org 2017-01-17 09:43:48.395850000 +0100
+++ gcc-6.3.0/libgfortran/io/close.c 2017-01-17 09:21:05.000000000 +0100
@@ -25,6 +25,7 @@
#include "io.h"
#include "unix.h"
#include <limits.h>
+#include <stdlib.h>
typedef enum
{ CLOSE_DELETE, CLOSE_KEEP, CLOSE_UNSPECIFIED }

28
patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch Normal file
View File

@ -0,0 +1,28 @@
diff -ur gcc-6.2.0.orig/gcc/config/nios2/nios2.h gcc-6.2.0/gcc/config/nios2/nios2.h
--- gcc-6.2.0.orig/gcc/config/nios2/nios2.h 2016-11-29 10:27:50.364479625 -0800
+++ gcc-6.2.0/gcc/config/nios2/nios2.h 2016-11-29 10:29:55.069624746 -0800
@@ -63,11 +63,11 @@
#if TARGET_ENDIAN_DEFAULT == 0
# define ASM_SPEC "%{!meb:-EL} %{meb:-EB} %{march=*:-march=%*}"
# define LINK_SPEC_ENDIAN "%{!meb:-EL} %{meb:-EB}"
-# define MULTILIB_DEFAULTS { "EL" }
+# define MULTILIB_DEFAULTS { "mel" }
#else
# define ASM_SPEC "%{!mel:-EB} %{mel:-EL} %{march=*:-march=%*}"
# define LINK_SPEC_ENDIAN "%{!mel:-EB} %{mel:-EL}"
-# define MULTILIB_DEFAULTS { "EB" }
+# define MULTILIB_DEFAULTS { "meb" }
#endif
#define LINK_SPEC LINK_SPEC_ENDIAN \
diff -ur gcc-6.2.0.orig/gcc/config/nios2/t-nios2 gcc-6.2.0/gcc/config/nios2/t-nios2
--- gcc-6.2.0.orig/gcc/config/nios2/t-nios2 2016-11-29 10:27:50.364479625 -0800
+++ gcc-6.2.0/gcc/config/nios2/t-nios2 2016-11-29 10:29:03.517151014 -0800
@@ -22,6 +22,5 @@
# MULTILIB_DIRNAMES = nomul mulx fpu-60-1 fpu-60-2
# MULTILIB_EXCEPTIONS =
-# MULTILIB_OPTIONS += EL/EB
+# MULTILIB_OPTIONS += mel/meb
# MULTILIB_DIRNAMES += le be
-# MULTILIB_MATCHES += EL=mel EB=meb

14
patches/gcc/7.1.0/930-libgcc-disable-split-stack-nothreads.patch Normal file
View File

@ -0,0 +1,14 @@
disable split-stack for non-thread builds
Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
diff -Nur gcc-5.3.0.orig/libgcc/config/t-stack gcc-5.3.0/libgcc/config/t-stack
--- gcc-5.3.0.orig/libgcc/config/t-stack 2010-10-01 21:31:49.000000000 +0200
+++ gcc-5.3.0/libgcc/config/t-stack 2016-03-07 03:25:32.000000000 +0100
@@ -1,4 +1,6 @@
# Makefile fragment to provide generic support for -fsplit-stack.
# This should be used in config.host for any host which supports
# -fsplit-stack.
+ifeq ($(enable_threads),yes)
LIB2ADD_ST += $(srcdir)/generic-morestack.c $(srcdir)/generic-morestack-thread.c
+endif

60
patches/glibc/2.12.1/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.12.1/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.12.2/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.12.2/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.13/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.13/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.14.1/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.14.1/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.14/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.14/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.15/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.15/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.16.0/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.16.0/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.17/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.17/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.18/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

62
patches/glibc/2.18/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.19/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.19/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.19/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.20/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.20/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.20/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.21/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.21/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.21/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

40
patches/glibc/2.21/950-dlclose-assert.patch Normal file
View File

@ -0,0 +1,40 @@
commit 2bd2cad9e8a410643e80efa0b15f6f2882e1271b
Author: Roland McGrath <roland@hack.frob.com>
Date: Fri Apr 17 14:29:40 2015 -0700
Avoid confusing compiler with dynamically impossible statically invalid dereference in _dl_close_worker.
diff --git a/elf/dl-close.c b/elf/dl-close.c
index cf8f9e0465..412f71d70b 100644
--- a/elf/dl-close.c
+++ b/elf/dl-close.c
@@ -641,9 +641,16 @@ _dl_close_worker (struct link_map *map)
DL_UNMAP (imap);
/* Finally, unlink the data structure and free it. */
- if (imap->l_prev != NULL)
- imap->l_prev->l_next = imap->l_next;
- else
+#if DL_NNS == 1
+ /* The assert in the (imap->l_prev == NULL) case gives
+ the compiler license to warn that NS points outside
+ the dl_ns array bounds in that case (as nsid != LM_ID_BASE
+ is tantamount to nsid >= DL_NNS). That should be impossible
+ in this configuration, so just assert about it instead. */
+ assert (nsid == LM_ID_BASE);
+ assert (imap->l_prev != NULL);
+#else
+ if (imap->l_prev == NULL)
{
assert (nsid != LM_ID_BASE);
ns->_ns_loaded = imap->l_next;
@@ -652,6 +659,9 @@ _dl_close_worker (struct link_map *map)
we leave for debuggers to examine. */
r->r_map = (void *) ns->_ns_loaded;
}
+ else
+#endif
+ imap->l_prev->l_next = imap->l_next;
--ns->_ns_nloaded;
if (imap->l_next != NULL)

60
patches/glibc/2.22/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.22/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.22/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.23/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.23/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.23/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

60
patches/glibc/2.24/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/2.24/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/2.24/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

296
patches/glibc/2.25/960-sh4-trap-divdi3.patch Normal file
View File

@ -0,0 +1,296 @@
commit db3d848e154b00071f4a5e729d5884efad410109
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Wed Mar 15 15:44:59 2017 -0300
Build divdi3 only for architecture that required it
As noted in [1], divdi3 object is only exported in a handful ABIs
(i386, m68k, powerpc32, s390-32, and ia64), however it is built
for all current architectures regardless.
This patch refact the make rules for this object to so only the
aforementioned architectures that actually require it builds it.
Also, to avoid internal PLT calls to the exported symbol from the
module, glibc uses an internal header (symbol-hacks.h) which is
unrequired (and in fact breaks the build for architectures that
intend to get symbol definitions from libgcc.a). The patch also
changes it to create its own header (divdi3-symbol-hacks.h) and
adjust the architectures that require it accordingly.
I checked the build/check (with run-built-tests=no) on the
following architectures (which I think must cover all supported
ABI/builds) using GCC 6.3:
aarch64-linux-gnu
alpha-linux-gnu
arm-linux-gnueabihf
hppa-linux-gnu
ia64-linux-gnu
m68k-linux-gnu
microblaze-linux-gnu
mips64-n32-linux-gnu
mips-linux-gnu
mips64-linux-gnu
nios2-linux-gnu
powerpc-linux-gnu
powerpc-linux-gnu-power4
powerpc64-linux-gnu
powerpc64le-linux-gnu
s390x-linux-gnu
s390-linux-gnu
sh4-linux-gnu
sh4-linux-gnu-soft
sparc64-linux-gnu
sparcv9-linux-gnu
tilegx-linux-gnu
tilegx-linux-gnu-32
tilepro-linux-gnu
x86_64-linux-gnu
x86_64-linux-gnu-x32
i686-linux-gnu
I only saw one regression on sparcv9-linux-gnu (extra PLT call to
.udiv) which I address in next patch in the set. It also correctly
build SH with GCC 7.0.1 (without any regression from c89721e25d).
[1] https://sourceware.org/ml/libc-alpha/2017-03/msg00243.html
* sysdeps/i386/symbol-hacks.h: New file.
* sysdeps/m68k/symbol-hacks.h: New file.
* sysdeps/powerpc/powerpc32/symbol-hacks.h: New file.
* sysdeps/s390/s390-32/symbol-hacks.h: New file.
* sysdeps/unix/sysv/linux/i386/Makefile
[$(subdir) = csu] (sysdep_routines): New rule: divdi3 object.
[$(subdir) = csu] (sysdep-only-routines): Likewise.
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
* sysdeps/unix/sysv/linux/m68k/Makefile
[$(subdir) = csu] (sysdep_routines): Likewise.
[$(subdir) = csu] (sysdep-only-routines): Likewise.
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
* sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
[$(subdir) = csu] (sysdep_routines): Likewise.
[$(subdir) = csu] (sysdep-only-routines): Likewise.
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
* sysdeps/unix/sysv/linux/s390/s390-32/Makefile
[$(subdir) = csu] (sysdep_routines): Likewise.
[$(subdir) = csu] (sysdep-only-routines): Likewise.
[$(subdir) = csu] (CFLAGS-divdi3.c): Likewise.
* sysdeps/wordsize-32/Makefile: Remove file.
* sysdeps/wordsize-32/symbol-hacks.h: Definitions move to ...
* sysdeps/wordsize-32/divdi3-symbol-hacks.h: ... here.
diff --git a/sysdeps/i386/symbol-hacks.h b/sysdeps/i386/symbol-hacks.h
new file mode 100644
index 0000000000..36a13c83f7
--- /dev/null
+++ b/sysdeps/i386/symbol-hacks.h
@@ -0,0 +1,21 @@
+/* Hacks needed for symbol manipulation. i386 version.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
+
+#include_next "symbol-hacks.h"
diff --git a/sysdeps/m68k/symbol-hacks.h b/sysdeps/m68k/symbol-hacks.h
new file mode 100644
index 0000000000..e449d29810
--- /dev/null
+++ b/sysdeps/m68k/symbol-hacks.h
@@ -0,0 +1,21 @@
+/* Hacks needed for symbol manipulation. m68k version.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
+
+#include_next "symbol-hacks.h"
diff --git a/sysdeps/powerpc/powerpc32/symbol-hacks.h b/sysdeps/powerpc/powerpc32/symbol-hacks.h
new file mode 100644
index 0000000000..dbb3141621
--- /dev/null
+++ b/sysdeps/powerpc/powerpc32/symbol-hacks.h
@@ -0,0 +1,21 @@
+/* Hacks needed for symbol manipulation. powerpc version.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
+
+#include_next "symbol-hacks.h"
diff --git a/sysdeps/s390/s390-32/symbol-hacks.h b/sysdeps/s390/s390-32/symbol-hacks.h
new file mode 100644
index 0000000000..585c42365a
--- /dev/null
+++ b/sysdeps/s390/s390-32/symbol-hacks.h
@@ -0,0 +1,21 @@
+/* Hacks needed for symbol manipulation. s390 version.
+ Copyright (C) 2017 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
+#include <sysdeps/wordsize-32/divdi3-symbol-hacks.h>
+
+#include_next "symbol-hacks.h"
diff --git a/sysdeps/unix/sysv/linux/i386/Makefile b/sysdeps/unix/sysv/linux/i386/Makefile
index 6aac0dfe15..4080b8c966 100644
--- a/sysdeps/unix/sysv/linux/i386/Makefile
+++ b/sysdeps/unix/sysv/linux/i386/Makefile
@@ -26,6 +26,11 @@ endif
ifeq ($(subdir),csu)
sysdep-dl-routines += sysdep
+ifeq (yes,$(build-shared))
+sysdep_routines += divdi3
+shared-only-routines += divdi3
+CPPFLAGS-divdi3.c = -Din_divdi3_c
+endif
endif
ifeq ($(subdir),nptl)
diff --git a/sysdeps/unix/sysv/linux/m68k/Makefile b/sysdeps/unix/sysv/linux/m68k/Makefile
index 5c50ce6927..ce1f696a6f 100644
--- a/sysdeps/unix/sysv/linux/m68k/Makefile
+++ b/sysdeps/unix/sysv/linux/m68k/Makefile
@@ -4,6 +4,11 @@ m68k-syntax-flag = -DMOTOROLA_SYNTAX
ifeq ($(subdir),csu)
sysdep_routines += m68k-helpers
+ifeq (yes,$(build-shared))
+sysdep_routines += divdi3
+shared-only-routines += divdi3
+CPPFLAGS-divdi3.c = -Din_divdi3_c
+endif
endif
ifeq ($(subdir),misc)
diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
index 3d6c150582..1f45659ed1 100644
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile
@@ -1,2 +1,10 @@
# See Makeconfig regarding the use of default-abi.
default-abi := 32
+
+ifeq ($(subdir),csu)
+ifeq (yes,$(build-shared))
+sysdep_routines += divdi3
+shared-only-routines += divdi3
+CPPFLAGS-divdi3.c = -Din_divdi3_c
+endif
+endif
diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
index da3b3c76b4..fd8cf92633 100644
--- a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
+++ b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile
@@ -21,3 +21,11 @@ endif
ifeq ($(subdir),stdlib)
sysdep_routines += __makecontext_ret
endif
+
+ifeq ($(subdir),csu)
+ifeq (yes,$(build-shared))
+sysdep_routines += divdi3
+shared-only-routines += divdi3
+CPPFLAGS-divdi3.c = -Din_divdi3_c
+endif
+endif
diff --git a/sysdeps/wordsize-32/Makefile b/sysdeps/wordsize-32/Makefile
deleted file mode 100644
index 82beac44ed..0000000000
--- a/sysdeps/wordsize-32/Makefile
+++ /dev/null
@@ -1,7 +0,0 @@
-ifeq ($(subdir),csu)
-ifeq (yes,$(build-shared))
-sysdep_routines += divdi3
-shared-only-routines += divdi3
-CPPFLAGS-divdi3.c = -Din_divdi3_c
-endif
-endif
diff --git a/sysdeps/wordsize-32/symbol-hacks.h b/sysdeps/wordsize-32/divdi3-symbol-hacks.h
similarity index 89%
rename from sysdeps/wordsize-32/symbol-hacks.h
rename to sysdeps/wordsize-32/divdi3-symbol-hacks.h
index 0aec1e0b97..6c90cb796d 100644
--- a/sysdeps/wordsize-32/symbol-hacks.h
+++ b/sysdeps/wordsize-32/divdi3-symbol-hacks.h
@@ -1,4 +1,4 @@
-/* Hacks needed for symbol manipulation.
+/* Hacks needed for divdi3 symbol manipulation.
Copyright (C) 2004-2017 Free Software Foundation, Inc.
This file is part of the GNU C Library.
@@ -16,13 +16,13 @@
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
-#include_next "symbol-hacks.h"
-
/* A very dirty trick: gcc emits references to __divdi3, __udivdi3,
__moddi3, and __umoddi3. These functions are exported and
therefore we get PLTs. Unnecessarily so. Changing gcc is a big
task which might not be worth it so we play tricks with the
- assembler. */
+ assembler.
+ Note: in_divdi3_c is only used to avoid symbol alias on divdi3
+ build itself. */
#if !defined __ASSEMBLER__ && !defined in_divdi3_c && IS_IN (libc) && defined SHARED
asm ("__divdi3 = __divdi3_internal");
asm ("__udivdi3 = __udivdi3_internal");

65
patches/glibc/2.25/961-sparc-extra-plt-call.patch Normal file
View File

@ -0,0 +1,65 @@
commit bdc543e338281da051b3dc06eae96c330a485ce6
Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Date: Thu Mar 16 09:15:57 2017 -0300
sparc: Fix .udiv plt on libc
With the removal of divdi3 object from sparcv9-linux-gnu build, its
definition came from libgcc and its functions internall calls .udiv.
Since glibc also exports these symbols for compatibility reasons, it
will end up creating PLT calls internally in libc.so.
To avoid it, this patch uses the linker option --wrap to replace all
the internal libc.so .udiv calls to the wrapper __wrap_.udiv. Along
with strong alias in the udiv implementations, it makes linker do
local calls.
Checked on sparcv9-linux-gnu.
* sysdeps/sparc/sparc32/Makefile (libc.so-gnulib): New rule.
* sysdeps/sparc/sparc32/sparcv8/udiv.S (.udiv): Make a strong_alias
to __wrap_.udiv.
* sysdeps/sparc/sparc32/sparcv9/udiv.S (.udiv): Likewise.
* sysdeps/sparc/sparc32/udiv.S (.udiv): Likewise.
diff --git a/sysdeps/sparc/sparc32/Makefile b/sysdeps/sparc/sparc32/Makefile
index da205898cf..14d6e03c6f 100644
--- a/sysdeps/sparc/sparc32/Makefile
+++ b/sysdeps/sparc/sparc32/Makefile
@@ -47,3 +47,9 @@ $(divrem:%=$(sysdep_dir)/sparc/sparc32/%.S): $(sysdep_dir)/sparc/sparc32/divrem.
mv -f $@-tmp $@
sysdep-realclean := $(sysdep-realclean) $(divrem:%=sysdeps/sparc/sparc32/%.S)
+
+# libgcc __divdi3 and __moddi3 uses .udiv and since it is also exported by
+# libc.so linker will create PLTs for the symbol. To avoid it we strong alias
+# the exported libc one to __wrap_.udiv and use linker option --wrap to make any
+# call to .udiv to call the wrapper symbol.
+libc.so-gnulib += -Wl,--wrap=.udiv
diff --git a/sysdeps/sparc/sparc32/sparcv8/udiv.S b/sysdeps/sparc/sparc32/sparcv8/udiv.S
index d71954351e..e9cab4e4ef 100644
--- a/sysdeps/sparc/sparc32/sparcv8/udiv.S
+++ b/sysdeps/sparc/sparc32/sparcv8/udiv.S
@@ -13,3 +13,4 @@ ENTRY(.udiv)
udiv %o0, %o1, %o0
END(.udiv)
+strong_alias (.udiv, __wrap_.udiv)
diff --git a/sysdeps/sparc/sparc32/sparcv9/udiv.S b/sysdeps/sparc/sparc32/sparcv9/udiv.S
index de79899756..368f85ede2 100644
--- a/sysdeps/sparc/sparc32/sparcv9/udiv.S
+++ b/sysdeps/sparc/sparc32/sparcv9/udiv.S
@@ -15,3 +15,4 @@ ENTRY(.udiv)
udiv %o0, %o1, %o0
END(.udiv)
+strong_alias (.udiv, __wrap_.udiv)
diff --git a/sysdeps/sparc/sparc32/udiv.S b/sysdeps/sparc/sparc32/udiv.S
index 8dfff66158..ade0afdf40 100644
--- a/sysdeps/sparc/sparc32/udiv.S
+++ b/sysdeps/sparc/sparc32/udiv.S
@@ -344,3 +344,4 @@ LOC(got_result):
mov %o2, %o0
END(.udiv)
+strong_alias (.udiv, __wrap_.udiv)

60
patches/glibc/linaro-2.20-2014.11/920-fix-rpc_parse-format.patch Normal file
View File

@ -0,0 +1,60 @@
commit 5874510faaf3cbd0bb112aaacab9f225002beed1
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Nov 8 23:44:51 2016 +0000
Fix rpcgen buffer overrun (bug 20790).
Building with GCC 7 produces an error building rpcgen:
rpc_parse.c: In function 'get_prog_declaration':
rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=]
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
~~~~^
rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10
sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
That buffer overrun is for the case where the .x file declares a
program with a million arguments. The strcpy two lines above can
generate a buffer overrun much more simply for a long argument name.
The limit on length of line read by rpcgen (MAXLINESIZE == 1024)
provides a bound on the buffer size needed, so this patch just changes
the buffer size to MAXLINESIZE to avoid both possible buffer
overruns. A testcase is added that rpcgen does not crash with a
500-character argument name, where it previously crashed.
It would not at all surprise me if there are many other ways of
crashing rpcgen with either valid or invalid input; fuzz testing would
likely find various such bugs, though I don't think they are that
important to fix (rpcgen is not that likely to be used with untrusted
.x files as input). (As well as fuzz-findable bugs there are probably
also issues when various int variables get overflowed on very large
input.) The test infrastructure for rpcgen-not-crashing tests would
need extending if tests are to be added for cases where rpcgen should
produce an error, as opposed to cases where it should succeed.
Tested for x86_64 and x86.
[BZ #20790]
* sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
to MAXLINESIZE.
* sunrpc/bug20790.x: New file.
* sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
variable.
[$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
[$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
index 1a1df6d8c2..505a6554cf 100644
--- a/sunrpc/rpc_parse.c
+++ b/sunrpc/rpc_parse.c
@@ -521,7 +521,7 @@ static void
get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
{
token tok;
- char name[10]; /* argument name */
+ char name[MAXLINESIZE]; /* argument name */
if (dkind == DEF_PROGRAM)
{

33
patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch Normal file
View File

@ -0,0 +1,33 @@
commit e223d1fe72e820d96f43831412ab267a1ace04d0
Author: steve ellcey-CA Eng-Software <sellcey@sellcey-thinkpad.caveonetworks.com>
Date: Fri Oct 14 12:53:27 2016 -0700
Fix warnings from latest GCC.
* sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
boolean.
diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
index 663fa392c2..bd758b5979 100644
--- a/sysdeps/ieee754/dbl-64/e_pow.c
+++ b/sysdeps/ieee754/dbl-64/e_pow.c
@@ -466,15 +466,15 @@ checkint (double x)
return (n & 1) ? -1 : 1; /* odd or even */
if (k > 20)
{
- if (n << (k - 20))
+ if (n << (k - 20) != 0)
return 0; /* if not integer */
- return (n << (k - 21)) ? -1 : 1;
+ return (n << (k - 21) != 0) ? -1 : 1;
}
if (n)
return 0; /*if not integer */
if (k == 20)
return (m & 1) ? -1 : 1;
- if (m << (k + 12))
+ if (m << (k + 12) != 0)
return 0;
- return (m << (k + 11)) ? -1 : 1;
+ return (m << (k + 11) != 0) ? -1 : 1;
}

62
patches/glibc/linaro-2.20-2014.11/940-nis-bogus-conditional.patch Normal file
View File

@ -0,0 +1,62 @@
commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3
Author: Joseph Myers <joseph@codesourcery.com>
Date: Wed Dec 21 23:44:01 2016 +0000
Fix nss_nisplus build with mainline GCC (bug 20978).
glibc build with current mainline GCC fails because
nis/nss_nisplus/nisplus-alias.c contains code
if (name != NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;
}
char buf[strlen (name) + 9 + tablename_len];
producing an error about strlen being called on a pointer that is
always NULL (and a subsequent use of that pointer with a %s format in
snprintf).
As Andreas noted, the bogus conditional comes from a 1997 change:
- if (name == NULL || strlen(name) > 8)
- return NSS_STATUS_NOTFOUND;
- else
+ if (name != NULL || strlen(name) <= 8)
So the intention is clearly to return an error for NULL name.
This patch duly inverts the sense of the conditional. It fixes the
build with GCC mainline, and passes usual glibc testsuite testing for
x86_64. However, I have not tried any actual substantive nisplus
testing, do not have an environment for such testing, and do not know
whether it is possible that strlen (name) or tablename_len might be
large so that the VLA for buf is actually a security issue. However,
if it is a security issue, there are plenty of other similar instances
in the nisplus code (that haven't been hidden by a bogus comparison
with NULL) - and nis_table.c:__create_ib_request uses strdupa on the
string passed to nis_list, so a local fix in the caller wouldn't
suffice anyway (see bug 20987). (Calls to strdupa and other such
macros that use alloca must be considered equally questionable
regarding stack overflow issues as direct calls to alloca and VLA
declarations.)
[BZ #20978]
* nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
Compare name == NULL, not name != NULL.
diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
index 7f698b4e6d..cb5acce01d 100644
--- a/nis/nss_nisplus/nisplus-alias.c
+++ b/nis/nss_nisplus/nisplus-alias.c
@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
return status;
}
- if (name != NULL)
+ if (name == NULL)
{
*errnop = EINVAL;
return NSS_STATUS_UNAVAIL;

61
patches/uClibc-ng/1.0.20/700-features.h-c11.patch Normal file
View File

@ -0,0 +1,61 @@
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 7 May 2017 16:28:14 +0200
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
---
include/features.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/include/features.h b/include/features.h
index e76bbba..f982079 100644
--- a/include/features.h
+++ b/include/features.h
@@ -55,6 +55,7 @@
These are defined by this file and are used by the
header files to decide what to declare or define:
+ __USE_ISOC11 Define ISO C11 things.
__USE_ISOC99 Define ISO C99 things.
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
__USE_POSIX Define IEEE Std 1003.1 things.
@@ -91,6 +92,7 @@
/* Undefine everything, so we get a clean slate. */
+#undef __USE_ISOC11
#undef __USE_ISOC99
#undef __USE_ISOC95
#undef __USE_POSIX
@@ -151,6 +153,8 @@
#ifdef _GNU_SOURCE
# undef _ISOC99_SOURCE
# define _ISOC99_SOURCE 1
+# undef _ISOC11_SOURCE
+# define _ISOC11_SOURCE 1
# undef _POSIX_SOURCE
# define _POSIX_SOURCE 1
# undef _POSIX_C_SOURCE
@@ -223,11 +227,14 @@
# define _SVID_SOURCE 1
#endif
-/* This is to enable the ISO C99 extension. Also recognize the old macro
- which was used prior to the standard acceptance. This macro will
- eventually go away and the features enabled by default once the ISO C99
- standard is widely adopted. */
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
+/* This is to enable the ISO C11 extension. */
+#if (defined _ISOC11_SOURCE \
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
+# define __USE_ISOC11 1
+#endif
+
+/* This is to enable the ISO C99 extension. */
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
# define __USE_ISOC99 1
#endif
--
cgit v0.11.2-3-g2eb4

61
patches/uClibc-ng/1.0.21/700-features.h-c11.patch Normal file
View File

@ -0,0 +1,61 @@
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 7 May 2017 16:28:14 +0200
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
---
include/features.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/include/features.h b/include/features.h
index e76bbba..f982079 100644
--- a/include/features.h
+++ b/include/features.h
@@ -55,6 +55,7 @@
These are defined by this file and are used by the
header files to decide what to declare or define:
+ __USE_ISOC11 Define ISO C11 things.
__USE_ISOC99 Define ISO C99 things.
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
__USE_POSIX Define IEEE Std 1003.1 things.
@@ -91,6 +92,7 @@
/* Undefine everything, so we get a clean slate. */
+#undef __USE_ISOC11
#undef __USE_ISOC99
#undef __USE_ISOC95
#undef __USE_POSIX
@@ -151,6 +153,8 @@
#ifdef _GNU_SOURCE
# undef _ISOC99_SOURCE
# define _ISOC99_SOURCE 1
+# undef _ISOC11_SOURCE
+# define _ISOC11_SOURCE 1
# undef _POSIX_SOURCE
# define _POSIX_SOURCE 1
# undef _POSIX_C_SOURCE
@@ -223,11 +227,14 @@
# define _SVID_SOURCE 1
#endif
-/* This is to enable the ISO C99 extension. Also recognize the old macro
- which was used prior to the standard acceptance. This macro will
- eventually go away and the features enabled by default once the ISO C99
- standard is widely adopted. */
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
+/* This is to enable the ISO C11 extension. */
+#if (defined _ISOC11_SOURCE \
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
+# define __USE_ISOC11 1
+#endif
+
+/* This is to enable the ISO C99 extension. */
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
# define __USE_ISOC99 1
#endif
--
cgit v0.11.2-3-g2eb4

61
patches/uClibc-ng/1.0.22/700-features.h-c11.patch Normal file
View File

@ -0,0 +1,61 @@
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 7 May 2017 16:28:14 +0200
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
---
include/features.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/include/features.h b/include/features.h
index e76bbba..f982079 100644
--- a/include/features.h
+++ b/include/features.h
@@ -55,6 +55,7 @@
These are defined by this file and are used by the
header files to decide what to declare or define:
+ __USE_ISOC11 Define ISO C11 things.
__USE_ISOC99 Define ISO C99 things.
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
__USE_POSIX Define IEEE Std 1003.1 things.
@@ -91,6 +92,7 @@
/* Undefine everything, so we get a clean slate. */
+#undef __USE_ISOC11
#undef __USE_ISOC99
#undef __USE_ISOC95
#undef __USE_POSIX
@@ -151,6 +153,8 @@
#ifdef _GNU_SOURCE
# undef _ISOC99_SOURCE
# define _ISOC99_SOURCE 1
+# undef _ISOC11_SOURCE
+# define _ISOC11_SOURCE 1
# undef _POSIX_SOURCE
# define _POSIX_SOURCE 1
# undef _POSIX_C_SOURCE
@@ -223,11 +227,14 @@
# define _SVID_SOURCE 1
#endif
-/* This is to enable the ISO C99 extension. Also recognize the old macro
- which was used prior to the standard acceptance. This macro will
- eventually go away and the features enabled by default once the ISO C99
- standard is widely adopted. */
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
+/* This is to enable the ISO C11 extension. */
+#if (defined _ISOC11_SOURCE \
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
+# define __USE_ISOC11 1
+#endif
+
+/* This is to enable the ISO C99 extension. */
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
# define __USE_ISOC99 1
#endif
--
cgit v0.11.2-3-g2eb4

61
patches/uClibc-ng/1.0.23/700-features.h-c11.patch Normal file
View File

@ -0,0 +1,61 @@
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 7 May 2017 16:28:14 +0200
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
---
include/features.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/include/features.h b/include/features.h
index e76bbba..f982079 100644
--- a/include/features.h
+++ b/include/features.h
@@ -55,6 +55,7 @@
These are defined by this file and are used by the
header files to decide what to declare or define:
+ __USE_ISOC11 Define ISO C11 things.
__USE_ISOC99 Define ISO C99 things.
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
__USE_POSIX Define IEEE Std 1003.1 things.
@@ -91,6 +92,7 @@
/* Undefine everything, so we get a clean slate. */
+#undef __USE_ISOC11
#undef __USE_ISOC99
#undef __USE_ISOC95
#undef __USE_POSIX
@@ -151,6 +153,8 @@
#ifdef _GNU_SOURCE
# undef _ISOC99_SOURCE
# define _ISOC99_SOURCE 1
+# undef _ISOC11_SOURCE
+# define _ISOC11_SOURCE 1
# undef _POSIX_SOURCE
# define _POSIX_SOURCE 1
# undef _POSIX_C_SOURCE
@@ -223,11 +227,14 @@
# define _SVID_SOURCE 1
#endif
-/* This is to enable the ISO C99 extension. Also recognize the old macro
- which was used prior to the standard acceptance. This macro will
- eventually go away and the features enabled by default once the ISO C99
- standard is widely adopted. */
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
+/* This is to enable the ISO C11 extension. */
+#if (defined _ISOC11_SOURCE \
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
+# define __USE_ISOC11 1
+#endif
+
+/* This is to enable the ISO C99 extension. */
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
# define __USE_ISOC99 1
#endif
--
cgit v0.11.2-3-g2eb4

61
patches/uClibc-ng/1.0.24/700-features.h-c11.patch Normal file
View File

@ -0,0 +1,61 @@
From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001
From: Waldemar Brodkorb <wbx@openadk.org>
Date: Sun, 7 May 2017 16:28:14 +0200
Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation
---
include/features.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/include/features.h b/include/features.h
index e76bbba..f982079 100644
--- a/include/features.h
+++ b/include/features.h
@@ -55,6 +55,7 @@
These are defined by this file and are used by the
header files to decide what to declare or define:
+ __USE_ISOC11 Define ISO C11 things.
__USE_ISOC99 Define ISO C99 things.
__USE_ISOC95 Define ISO C90 AMD1 (C95) things.
__USE_POSIX Define IEEE Std 1003.1 things.
@@ -91,6 +92,7 @@
/* Undefine everything, so we get a clean slate. */
+#undef __USE_ISOC11
#undef __USE_ISOC99
#undef __USE_ISOC95
#undef __USE_POSIX
@@ -151,6 +153,8 @@
#ifdef _GNU_SOURCE
# undef _ISOC99_SOURCE
# define _ISOC99_SOURCE 1
+# undef _ISOC11_SOURCE
+# define _ISOC11_SOURCE 1
# undef _POSIX_SOURCE
# define _POSIX_SOURCE 1
# undef _POSIX_C_SOURCE
@@ -223,11 +227,14 @@
# define _SVID_SOURCE 1
#endif
-/* This is to enable the ISO C99 extension. Also recognize the old macro
- which was used prior to the standard acceptance. This macro will
- eventually go away and the features enabled by default once the ISO C99
- standard is widely adopted. */
-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
+/* This is to enable the ISO C11 extension. */
+#if (defined _ISOC11_SOURCE \
+ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L))
+# define __USE_ISOC11 1
+#endif
+
+/* This is to enable the ISO C99 extension. */
+#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \
|| (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L))
# define __USE_ISOC99 1
#endif
--
cgit v0.11.2-3-g2eb4

11
scripts/build/arch/mips.sh
View File

@ -48,6 +48,17 @@ CT_DoArchUClibcConfig() {
CT_KconfigDeleteOption "CONFIG_MIPS_ISA_MIPS64R2" "${cfg}"
}
CT_DoArchUClibcHeaderDir() {
local dir_var="${1}"
local cflags="${2}"
# If it is non-default multilib, add a suffix with architecture (reported by gcc)
# to the headers installation path.
if [ -n "${cflags}" ]; then
eval "${dir_var}="$( ${CT_TARGET}-${CT_CC} -print-multiarch ${cflags} )
fi
}
CT_DoArchUClibcCflags() {
local cfg="${1}"
local cflags="${2}"