diff --git a/packages/glibc/0071-i386-ulp-update-for-SSE2-disable-multi-arch-configur.patch b/packages/glibc/0071-i386-ulp-update-for-SSE2-disable-multi-arch-configur.patch new file mode 100644 index 000000000..9d754ce0f --- /dev/null +++ b/packages/glibc/0071-i386-ulp-update-for-SSE2-disable-multi-arch-configur.patch @@ -0,0 +1,25 @@ +From 29e20bd1222cb69dcc6827e899ce7181090052dc Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 25 Apr 2024 12:56:48 +0200 +Subject: [PATCH] i386: ulp update for SSE2 --disable-multi-arch configurations + +(cherry picked from commit 3a3a4497421422aa854c855cbe5110ca7d598ffc) +--- + sysdeps/i386/fpu/libm-test-ulps | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sysdeps/i386/fpu/libm-test-ulps b/sysdeps/i386/fpu/libm-test-ulps +index 84e6686eba..f2139fc172 100644 +--- a/sysdeps/i386/fpu/libm-test-ulps ++++ b/sysdeps/i386/fpu/libm-test-ulps +@@ -1232,6 +1232,7 @@ ldouble: 6 + + Function: "hypot": + double: 1 ++float: 1 + float128: 1 + ldouble: 1 + +-- +2.45.0 + diff --git a/packages/glibc/0072-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch b/packages/glibc/0072-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch new file mode 100644 index 000000000..637567695 --- /dev/null +++ b/packages/glibc/0072-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch @@ -0,0 +1,38 @@ +From 5968aebb86164034b8f8421b4abab2f837a5bdaf Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 25 Apr 2024 15:00:45 +0200 +Subject: [PATCH] CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup + cache (bug 31677) + +Using alloca matches what other caches do. The request length is +bounded by MAXKEYLEN. + +Reviewed-by: Carlos O'Donell +(cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa) +--- + nscd/netgroupcache.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 06b7d7b6ca..31b721bbee 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -502,12 +502,13 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + = (struct indataset *) mempool_alloc (db, + sizeof (*dataset) + req->key_len, + 1); +- struct indataset dataset_mem; + bool cacheable = true; + if (__glibc_unlikely (dataset == NULL)) + { + cacheable = false; +- dataset = &dataset_mem; ++ /* The alloca is safe because nscd_run_worker verfies that ++ key_len is not larger than MAXKEYLEN. */ ++ dataset = alloca (sizeof (*dataset) + req->key_len); + } + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, +-- +2.45.0 + diff --git a/packages/glibc/0073-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch b/packages/glibc/0073-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch new file mode 100644 index 000000000..eb32e97d8 --- /dev/null +++ b/packages/glibc/0073-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch @@ -0,0 +1,59 @@ +From 541ea5172aa658c4bd5c6c6d6fd13903c3d5bb0a Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 25 Apr 2024 15:01:07 +0200 +Subject: [PATCH] CVE-2024-33600: nscd: Do not send missing not-found response + in addgetnetgrentX (bug 31678) + +If we failed to add a not-found response to the cache, the dataset +point can be null, resulting in a null pointer dereference. + +Reviewed-by: Siddhesh Poyarekar +(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa) +--- + nscd/netgroupcache.c | 14 ++++++-------- + 1 file changed, 6 insertions(+), 8 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 31b721bbee..32c6aef370 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -147,7 +147,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + /* No such service. */ + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + memset (&data, '\0', sizeof (data)); +@@ -348,7 +348,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + { + cacheable = do_notfound (db, fd, req, key, &dataset, &total, &timeout, + &key_copy); +- goto writeout; ++ goto maybe_cache_add; + } + + total = buffilled; +@@ -410,14 +410,12 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + if (he == NULL && fd != -1) +- { +- /* We write the dataset before inserting it to the database +- since while inserting this thread might block and so would +- unnecessarily let the receiver wait. */ +- writeout: ++ /* We write the dataset before inserting it to the database since ++ while inserting this thread might block and so would ++ unnecessarily let the receiver wait. */ + writeall (fd, &dataset->resp, dataset->head.recsize); +- } + ++ maybe_cache_add: + if (cacheable) + { + /* If necessary, we also propagate the data to disk. */ +-- +2.45.0 + diff --git a/packages/glibc/0074-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch b/packages/glibc/0074-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch new file mode 100644 index 000000000..f8d01bc36 --- /dev/null +++ b/packages/glibc/0074-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch @@ -0,0 +1,60 @@ +From 2ae9446c1b7a3064743b4a51c0bbae668ee43e4c Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 25 Apr 2024 15:01:07 +0200 +Subject: [PATCH] CVE-2024-33600: nscd: Avoid null pointer crashes after + notfound response (bug 31678) + +The addgetnetgrentX call in addinnetgrX may have failed to produce +a result, so the result variable in addinnetgrX can be NULL. +Use db->negtimeout as the fallback value if there is no result data; +the timeout is also overwritten below. + +Also avoid sending a second not-found response. (The client +disconnects after receiving the first response, so the data stream did +not go out of sync even without this fix.) It is still beneficial to +add the negative response to the mapping, so that the client can get +it from there in the future, instead of going through the socket. + +Reviewed-by: Siddhesh Poyarekar +(cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2) +--- + nscd/netgroupcache.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index 32c6aef370..c3cd79dec5 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -511,14 +511,15 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + + datahead_init_pos (&dataset->head, sizeof (*dataset) + req->key_len, + sizeof (innetgroup_response_header), +- he == NULL ? 0 : dh->nreloads + 1, result->head.ttl); ++ he == NULL ? 0 : dh->nreloads + 1, ++ result == NULL ? db->negtimeout : result->head.ttl); + /* Set the notfound status and timeout based on the result from + getnetgrent. */ +- dataset->head.notfound = result->head.notfound; ++ dataset->head.notfound = result == NULL || result->head.notfound; + dataset->head.timeout = timeout; + + dataset->resp.version = NSCD_VERSION; +- dataset->resp.found = result->resp.found; ++ dataset->resp.found = result != NULL && result->resp.found; + /* Until we find a matching entry the result is 0. */ + dataset->resp.result = 0; + +@@ -566,7 +567,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + goto out; + } + +- if (he == NULL) ++ /* addgetnetgrentX may have already sent a notfound response. Do ++ not send another one. */ ++ if (he == NULL && dataset->resp.found) + { + /* We write the dataset before inserting it to the database + since while inserting this thread might block and so would +-- +2.45.0 + diff --git a/packages/glibc/0075-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two-.patch b/packages/glibc/0075-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two-.patch new file mode 100644 index 000000000..e8cd7cdb0 --- /dev/null +++ b/packages/glibc/0075-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two-.patch @@ -0,0 +1,390 @@ +From 71af8ca864345d39b746d5cee84b94b430fad5db Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 25 Apr 2024 15:01:07 +0200 +Subject: [PATCH] CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two + buffers in addgetnetgrentX (bug 31680) + +This avoids potential memory corruption when the underlying NSS +callback function does not use the buffer space to store all strings +(e.g., for constant strings). + +Instead of custom buffer management, two scratch buffers are used. +This increases stack usage somewhat. + +Scratch buffer allocation failure is handled by return -1 +(an invalid timeout value) instead of terminating the process. +This fixes bug 31679. + +Reviewed-by: Siddhesh Poyarekar +(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b) +--- + nscd/netgroupcache.c | 219 ++++++++++++++++++++++++------------------- + 1 file changed, 121 insertions(+), 98 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index c3cd79dec5..cc4e270c1f 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include "../inet/netgroup.h" + #include "nscd.h" +@@ -65,6 +66,16 @@ struct dataset + char strdata[0]; + }; + ++/* Send a notfound response to FD. Always returns -1 to indicate an ++ ephemeral error. */ ++static time_t ++send_notfound (int fd) ++{ ++ if (fd != -1) ++ TEMP_FAILURE_RETRY (send (fd, ¬found, sizeof (notfound), MSG_NOSIGNAL)); ++ return -1; ++} ++ + /* Sends a notfound message and prepares a notfound dataset to write to the + cache. Returns true if there was enough memory to allocate the dataset and + returns the dataset in DATASETP, total bytes to write in TOTALP and the +@@ -83,8 +94,7 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + total = sizeof (notfound); + timeout = time (NULL) + db->negtimeout; + +- if (fd != -1) +- TEMP_FAILURE_RETRY (send (fd, ¬found, total, MSG_NOSIGNAL)); ++ send_notfound (fd); + + dataset = mempool_alloc (db, sizeof (struct dataset) + req->key_len, 1); + /* If we cannot permanently store the result, so be it. */ +@@ -109,11 +119,78 @@ do_notfound (struct database_dyn *db, int fd, request_header *req, + return cacheable; + } + ++struct addgetnetgrentX_scratch ++{ ++ /* This is the result that the caller should use. It can be NULL, ++ point into buffer, or it can be in the cache. */ ++ struct dataset *dataset; ++ ++ struct scratch_buffer buffer; ++ ++ /* Used internally in addgetnetgrentX as a staging area. */ ++ struct scratch_buffer tmp; ++ ++ /* Number of bytes in buffer that are actually used. */ ++ size_t buffer_used; ++}; ++ ++static void ++addgetnetgrentX_scratch_init (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch->dataset = NULL; ++ scratch_buffer_init (&scratch->buffer); ++ scratch_buffer_init (&scratch->tmp); ++ ++ /* Reserve space for the header. */ ++ scratch->buffer_used = sizeof (struct dataset); ++ static_assert (sizeof (struct dataset) < sizeof (scratch->tmp.__space), ++ "initial buffer space"); ++ memset (scratch->tmp.data, 0, sizeof (struct dataset)); ++} ++ ++static void ++addgetnetgrentX_scratch_free (struct addgetnetgrentX_scratch *scratch) ++{ ++ scratch_buffer_free (&scratch->buffer); ++ scratch_buffer_free (&scratch->tmp); ++} ++ ++/* Copy LENGTH bytes from S into SCRATCH. Returns NULL if SCRATCH ++ could not be resized, otherwise a pointer to the copy. */ ++static char * ++addgetnetgrentX_append_n (struct addgetnetgrentX_scratch *scratch, ++ const char *s, size_t length) ++{ ++ while (true) ++ { ++ size_t remaining = scratch->buffer.length - scratch->buffer_used; ++ if (remaining >= length) ++ break; ++ if (!scratch_buffer_grow_preserve (&scratch->buffer)) ++ return NULL; ++ } ++ char *copy = scratch->buffer.data + scratch->buffer_used; ++ memcpy (copy, s, length); ++ scratch->buffer_used += length; ++ return copy; ++} ++ ++/* Copy S into SCRATCH, including its null terminator. Returns false ++ if SCRATCH could not be resized. */ ++static bool ++addgetnetgrentX_append (struct addgetnetgrentX_scratch *scratch, const char *s) ++{ ++ if (s == NULL) ++ s = ""; ++ return addgetnetgrentX_append_n (scratch, s, strlen (s) + 1) != NULL; ++} ++ ++/* Caller must initialize and free *SCRATCH. If the return value is ++ negative, this function has sent a notfound response. */ + static time_t + addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, +- struct datahead *dh, struct dataset **resultp, +- void **tofreep) ++ struct datahead *dh, struct addgetnetgrentX_scratch *scratch) + { + if (__glibc_unlikely (debug_level > 0)) + { +@@ -132,14 +209,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + + char *key_copy = NULL; + struct __netgrent data; +- size_t buflen = MAX (1024, sizeof (*dataset) + req->key_len); +- size_t buffilled = sizeof (*dataset); +- char *buffer = NULL; + size_t nentries = 0; + size_t group_len = strlen (key) + 1; + struct name_list *first_needed + = alloca (sizeof (struct name_list) + group_len); +- *tofreep = NULL; + + if (netgroup_database == NULL + && !__nss_database_get (nss_database_netgroup, &netgroup_database)) +@@ -151,8 +224,6 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + memset (&data, '\0', sizeof (data)); +- buffer = xmalloc (buflen); +- *tofreep = buffer; + first_needed->next = first_needed; + memcpy (first_needed->name, key, group_len); + data.needed_groups = first_needed; +@@ -195,8 +266,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + while (1) + { + int e; +- status = getfct.f (&data, buffer + buffilled, +- buflen - buffilled - req->key_len, &e); ++ status = getfct.f (&data, scratch->tmp.data, ++ scratch->tmp.length, &e); + if (status == NSS_STATUS_SUCCESS) + { + if (data.type == triple_val) +@@ -204,68 +275,10 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + const char *nhost = data.val.triple.host; + const char *nuser = data.val.triple.user; + const char *ndomain = data.val.triple.domain; +- +- size_t hostlen = strlen (nhost ?: "") + 1; +- size_t userlen = strlen (nuser ?: "") + 1; +- size_t domainlen = strlen (ndomain ?: "") + 1; +- +- if (nhost == NULL || nuser == NULL || ndomain == NULL +- || nhost > nuser || nuser > ndomain) +- { +- const char *last = nhost; +- if (last == NULL +- || (nuser != NULL && nuser > last)) +- last = nuser; +- if (last == NULL +- || (ndomain != NULL && ndomain > last)) +- last = ndomain; +- +- size_t bufused +- = (last == NULL +- ? buffilled +- : last + strlen (last) + 1 - buffer); +- +- /* We have to make temporary copies. */ +- size_t needed = hostlen + userlen + domainlen; +- +- if (buflen - req->key_len - bufused < needed) +- { +- buflen += MAX (buflen, 2 * needed); +- /* Save offset in the old buffer. We don't +- bother with the NULL check here since +- we'll do that later anyway. */ +- size_t nhostdiff = nhost - buffer; +- size_t nuserdiff = nuser - buffer; +- size_t ndomaindiff = ndomain - buffer; +- +- char *newbuf = xrealloc (buffer, buflen); +- /* Fix up the triplet pointers into the new +- buffer. */ +- nhost = (nhost ? newbuf + nhostdiff +- : NULL); +- nuser = (nuser ? newbuf + nuserdiff +- : NULL); +- ndomain = (ndomain ? newbuf + ndomaindiff +- : NULL); +- *tofreep = buffer = newbuf; +- } +- +- nhost = memcpy (buffer + bufused, +- nhost ?: "", hostlen); +- nuser = memcpy ((char *) nhost + hostlen, +- nuser ?: "", userlen); +- ndomain = memcpy ((char *) nuser + userlen, +- ndomain ?: "", domainlen); +- } +- +- char *wp = buffer + buffilled; +- wp = memmove (wp, nhost ?: "", hostlen); +- wp += hostlen; +- wp = memmove (wp, nuser ?: "", userlen); +- wp += userlen; +- wp = memmove (wp, ndomain ?: "", domainlen); +- wp += domainlen; +- buffilled = wp - buffer; ++ if (!(addgetnetgrentX_append (scratch, nhost) ++ && addgetnetgrentX_append (scratch, nuser) ++ && addgetnetgrentX_append (scratch, ndomain))) ++ return send_notfound (fd); + ++nentries; + } + else +@@ -317,8 +330,8 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + else if (status == NSS_STATUS_TRYAGAIN && e == ERANGE) + { +- buflen *= 2; +- *tofreep = buffer = xrealloc (buffer, buflen); ++ if (!scratch_buffer_grow (&scratch->tmp)) ++ return send_notfound (fd); + } + else if (status == NSS_STATUS_RETURN + || status == NSS_STATUS_NOTFOUND +@@ -351,10 +364,17 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + goto maybe_cache_add; + } + +- total = buffilled; ++ /* Capture the result size without the key appended. */ ++ total = scratch->buffer_used; ++ ++ /* Make a copy of the key. The scratch buffer must not move after ++ this point. */ ++ key_copy = addgetnetgrentX_append_n (scratch, key, req->key_len); ++ if (key_copy == NULL) ++ return send_notfound (fd); + + /* Fill in the dataset. */ +- dataset = (struct dataset *) buffer; ++ dataset = scratch->buffer.data; + timeout = datahead_init_pos (&dataset->head, total + req->key_len, + total - offsetof (struct dataset, resp), + he == NULL ? 0 : dh->nreloads + 1, +@@ -363,11 +383,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + dataset->resp.version = NSCD_VERSION; + dataset->resp.found = 1; + dataset->resp.nresults = nentries; +- dataset->resp.result_len = buffilled - sizeof (*dataset); +- +- assert (buflen - buffilled >= req->key_len); +- key_copy = memcpy (buffer + buffilled, key, req->key_len); +- buffilled += req->key_len; ++ dataset->resp.result_len = total - sizeof (*dataset); + + /* Now we can determine whether on refill we have to create a new + record or not. */ +@@ -398,7 +414,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + if (__glibc_likely (newp != NULL)) + { + /* Adjust pointer into the memory block. */ +- key_copy = (char *) newp + (key_copy - buffer); ++ key_copy = (char *) newp + (key_copy - (char *) dataset); + + dataset = memcpy (newp, dataset, total + req->key_len); + cacheable = true; +@@ -439,7 +455,7 @@ addgetnetgrentX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- *resultp = dataset; ++ scratch->dataset = dataset; + + return timeout; + } +@@ -460,6 +476,9 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + if (user != NULL) + key = strchr (key, '\0') + 1; + const char *domain = *key++ ? key : NULL; ++ struct addgetnetgrentX_scratch scratch; ++ ++ addgetnetgrentX_scratch_init (&scratch); + + if (__glibc_unlikely (debug_level > 0)) + { +@@ -475,12 +494,8 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + group, group_len, + db, uid); + time_t timeout; +- void *tofree; + if (result != NULL) +- { +- timeout = result->head.timeout; +- tofree = NULL; +- } ++ timeout = result->head.timeout; + else + { + request_header req_get = +@@ -489,7 +504,10 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + .key_len = group_len + }; + timeout = addgetnetgrentX (db, -1, &req_get, group, uid, NULL, NULL, +- &result, &tofree); ++ &scratch); ++ result = scratch.dataset; ++ if (timeout < 0) ++ goto out; + } + + struct indataset +@@ -603,7 +621,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req, + } + + out: +- free (tofree); ++ addgetnetgrentX_scratch_free (&scratch); + return timeout; + } + +@@ -613,11 +631,12 @@ addgetnetgrentX_ignore (struct database_dyn *db, int fd, request_header *req, + const char *key, uid_t uid, struct hashentry *he, + struct datahead *dh) + { +- struct dataset *ignore; +- void *tofree; +- time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, +- &ignore, &tofree); +- free (tofree); ++ struct addgetnetgrentX_scratch scratch; ++ addgetnetgrentX_scratch_init (&scratch); ++ time_t timeout = addgetnetgrentX (db, fd, req, key, uid, he, dh, &scratch); ++ addgetnetgrentX_scratch_free (&scratch); ++ if (timeout < 0) ++ timeout = 0; + return timeout; + } + +@@ -661,5 +680,9 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- return addinnetgrX (db, -1, &req, db->data + he->key, he->owner, he, dh); ++ int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); ++ if (timeout < 0) ++ timeout = 0; ++ return timeout; + } +-- +2.45.0 + diff --git a/packages/glibc/0076-elf-Also-compile-dl-misc.os-with-rtld-early-cflags.patch b/packages/glibc/0076-elf-Also-compile-dl-misc.os-with-rtld-early-cflags.patch new file mode 100644 index 000000000..a4cf4dae9 --- /dev/null +++ b/packages/glibc/0076-elf-Also-compile-dl-misc.os-with-rtld-early-cflags.patch @@ -0,0 +1,54 @@ +From e9f05fa1c62c8044ff025963498063f73eb51c5f Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Thu, 25 Apr 2024 08:06:52 -0700 +Subject: [PATCH] elf: Also compile dl-misc.os with $(rtld-early-cflags) + +Also compile dl-misc.os with $(rtld-early-cflags) to avoid + +Program received signal SIGILL, Illegal instruction. +0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 +156 bool positive = true; +(gdb) bt + #0 0x00007ffff7fd36ea in _dl_strtoul (nptr=nptr@entry=0x7fffffffe2c9 "2", + endptr=endptr@entry=0x7fffffffd728) at dl-misc.c:156 + #1 0x00007ffff7fdb1a9 in tunable_initialize ( + cur=cur@entry=0x7ffff7ffbc00 , + strval=strval@entry=0x7fffffffe2c9 "2", len=len@entry=1) + at dl-tunables.c:131 + #2 0x00007ffff7fdb3a2 in parse_tunables (valstring=) + at dl-tunables.c:258 + #3 0x00007ffff7fdb5d9 in __GI___tunables_init (envp=0x7fffffffdd58) + at dl-tunables.c:288 + #4 0x00007ffff7fe44c3 in _dl_sysdep_start ( + start_argptr=start_argptr@entry=0x7fffffffdcb0, + dl_main=dl_main@entry=0x7ffff7fe5f80 ) + at ../sysdeps/unix/sysv/linux/dl-sysdep.c:110 + #5 0x00007ffff7fe5cae in _dl_start_final (arg=0x7fffffffdcb0) at rtld.c:494 + #6 _dl_start (arg=0x7fffffffdcb0) at rtld.c:581 + #7 0x00007ffff7fe4b38 in _start () +(gdb) + +when setting GLIBC_TUNABLES in glibc compiled with APX. +Reviewed-by: Florian Weimer + +(cherry picked from commit 049b7684c912dd32b67b1b15b0f43bf07d5f512e) +--- + elf/Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/elf/Makefile b/elf/Makefile +index 1a05a6aaca..c2af11b92c 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -166,6 +166,7 @@ CFLAGS-.op += $(call elide-stack-protector,.op,$(elide-routines.os)) + CFLAGS-.os += $(call elide-stack-protector,.os,$(all-rtld-routines)) + + # Add the requested compiler flags to the early startup code. ++CFLAGS-dl-misc.os += $(rtld-early-cflags) + CFLAGS-dl-printf.os += $(rtld-early-cflags) + CFLAGS-dl-setup_hash.os += $(rtld-early-cflags) + CFLAGS-dl-sysdep.os += $(rtld-early-cflags) +-- +2.45.0 + diff --git a/packages/glibc/0077-nscd-Use-time_t-for-return-type-of-addgetnetgrentX.patch b/packages/glibc/0077-nscd-Use-time_t-for-return-type-of-addgetnetgrentX.patch new file mode 100644 index 000000000..2fffdae7a --- /dev/null +++ b/packages/glibc/0077-nscd-Use-time_t-for-return-type-of-addgetnetgrentX.patch @@ -0,0 +1,36 @@ +From f510d75ff7f7405328853bd67b75f6847dfe9d31 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 2 May 2024 17:06:19 +0200 +Subject: [PATCH] nscd: Use time_t for return type of addgetnetgrentX + +Using int may give false results for future dates (timeouts after the +year 2028). + +Fixes commit 04a21e050d64a1193a6daab872bca2528bda44b ("CVE-2024-33601, +CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX +(bug 31680)"). + +Reviewed-by: Carlos O'Donell +(cherry picked from commit 4bbca1a44691a6e9adcee5c6798a707b626bc331) +--- + nscd/netgroupcache.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c +index cc4e270c1f..a63b260fdb 100644 +--- a/nscd/netgroupcache.c ++++ b/nscd/netgroupcache.c +@@ -680,8 +680,8 @@ readdinnetgr (struct database_dyn *db, struct hashentry *he, + .key_len = he->len + }; + +- int timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, +- he, dh); ++ time_t timeout = addinnetgrX (db, -1, &req, db->data + he->key, he->owner, ++ he, dh); + if (timeout < 0) + timeout = 0; + return timeout; +-- +2.45.0 + diff --git a/packages/glibc/0078-resolv-Fix-some-unaligned-accesses-in-resolver-BZ-30.patch b/packages/glibc/0078-resolv-Fix-some-unaligned-accesses-in-resolver-BZ-30.patch new file mode 100644 index 000000000..78237ec54 --- /dev/null +++ b/packages/glibc/0078-resolv-Fix-some-unaligned-accesses-in-resolver-BZ-30.patch @@ -0,0 +1,56 @@ +From 5aa4bb67b9cbd334789199c03c9d30b90662a313 Mon Sep 17 00:00:00 2001 +From: John David Anglin +Date: Wed, 13 Sep 2023 11:04:41 +0000 +Subject: [PATCH] resolv: Fix some unaligned accesses in resolver [BZ #30750] + +Signed-off-by: John David Anglin +--- + resolv/res_nameinquery.c | 3 ++- + resolv/res_queriesmatch.c | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/resolv/res_nameinquery.c b/resolv/res_nameinquery.c +index 24172700e1..ca56bc9283 100644 +--- a/resolv/res_nameinquery.c ++++ b/resolv/res_nameinquery.c +@@ -84,6 +84,7 @@ + + #include + #include ++#include + + /* Author: paul vixie, 29may94. */ + int +@@ -91,7 +92,7 @@ __libc_res_nameinquery (const char *name, int type, int class, + const unsigned char *buf, const unsigned char *eom) + { + const unsigned char *cp = buf + HFIXEDSZ; +- int qdcount = ntohs (((HEADER *) buf)->qdcount); ++ int qdcount = ntohs (((UHEADER *) buf)->qdcount); + + while (qdcount-- > 0) + { +diff --git a/resolv/res_queriesmatch.c b/resolv/res_queriesmatch.c +index 13a6936c47..ba1c1d0c0c 100644 +--- a/resolv/res_queriesmatch.c ++++ b/resolv/res_queriesmatch.c +@@ -83,6 +83,7 @@ + */ + + #include ++#include + + /* Author: paul vixie, 29may94. */ + int +@@ -102,7 +103,7 @@ __libc_res_queriesmatch (const unsigned char *buf1, const unsigned char *eom1, + order. We can compare it with the second buffer's QDCOUNT + value without doing this. */ + int qdcount = ((HEADER *) buf1)->qdcount; +- if (qdcount != ((HEADER *) buf2)->qdcount) ++ if (qdcount != ((UHEADER *) buf2)->qdcount) + return 0; + + qdcount = htons (qdcount); +-- +2.45.0 + diff --git a/packages/glibc/0079-Force-DT_RPATH-for-enable-hardcoded-path-in-tests.patch b/packages/glibc/0079-Force-DT_RPATH-for-enable-hardcoded-path-in-tests.patch new file mode 100644 index 000000000..07e9f89c6 --- /dev/null +++ b/packages/glibc/0079-Force-DT_RPATH-for-enable-hardcoded-path-in-tests.patch @@ -0,0 +1,50 @@ +From 249646f12b08f3dbd9a8e8b8021e5c0e3a0b7e1e Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Thu, 9 May 2024 20:07:01 -0700 +Subject: [PATCH] Force DT_RPATH for --enable-hardcoded-path-in-tests + +On Fedora 40/x86-64, linker enables --enable-new-dtags by default which +generates DT_RUNPATH instead of DT_RPATH. Unlike DT_RPATH, DT_RUNPATH +only applies to DT_NEEDED entries in the executable and doesn't applies +to DT_NEEDED entries in shared libraries which are loaded via DT_NEEDED +entries in the executable. Some glibc tests have libstdc++.so.6 in +DT_NEEDED, which has libm.so.6 in DT_NEEDED. When DT_RUNPATH is generated, +/lib64/libm.so.6 is loaded for such tests. If the newly built glibc is +older than glibc 2.36, these tests fail with + +assert/tst-assert-c++: /export/build/gnu/tools-build/glibc-gitlab-release/build-x86_64-linux/libc.so.6: version `GLIBC_2.36' not found (required by /lib64/libm.so.6) +assert/tst-assert-c++: /export/build/gnu/tools-build/glibc-gitlab-release/build-x86_64-linux/libc.so.6: version `GLIBC_ABI_DT_RELR' not found (required by /lib64/libm.so.6) + +Pass -Wl,--disable-new-dtags to linker when building glibc tests with +--enable-hardcoded-path-in-tests. This fixes BZ #31719. + +Signed-off-by: H.J. Lu +(cherry picked from commit 2dcaf70643710e22f92a351e36e3cff8b48c60dc) +--- + Makeconfig | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/Makeconfig b/Makeconfig +index 77d7fd14df..3f8acff459 100644 +--- a/Makeconfig ++++ b/Makeconfig +@@ -586,10 +586,13 @@ link-libc-rpath-link = -Wl,-rpath-link=$(rpath-link) + # before the expansion of LDLIBS-* variables). + + # Tests use -Wl,-rpath instead of -Wl,-rpath-link for +-# build-hardcoded-path-in-tests. ++# build-hardcoded-path-in-tests. Add -Wl,--disable-new-dtags to force ++# DT_RPATH instead of DT_RUNPATH which only applies to DT_NEEDED entries ++# in the executable and doesn't applies to DT_NEEDED entries in shared ++# libraries which are loaded via DT_NEEDED entries in the executable. + ifeq (yes,$(build-hardcoded-path-in-tests)) +-link-libc-tests-rpath-link = $(link-libc-rpath) +-link-test-modules-rpath-link = $(link-libc-rpath) ++link-libc-tests-rpath-link = $(link-libc-rpath) -Wl,--disable-new-dtags ++link-test-modules-rpath-link = $(link-libc-rpath) -Wl,--disable-new-dtags + else + link-libc-tests-rpath-link = $(link-libc-rpath-link) + link-test-modules-rpath-link = +-- +2.45.0 + diff --git a/packages/glibc/0080-i386-Disable-Intel-Xeon-Phi-tests-for-GCC-15-and-abo.patch b/packages/glibc/0080-i386-Disable-Intel-Xeon-Phi-tests-for-GCC-15-and-abo.patch new file mode 100644 index 000000000..30f8d02d0 --- /dev/null +++ b/packages/glibc/0080-i386-Disable-Intel-Xeon-Phi-tests-for-GCC-15-and-abo.patch @@ -0,0 +1,68 @@ +From 697ab62d1176180bea49094130ad0af2b108874d Mon Sep 17 00:00:00 2001 +From: Sunil K Pandey +Date: Mon, 27 May 2024 10:08:18 -0700 +Subject: [PATCH] i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ + 31782) + +This patch disables Intel Xeon Phi tests for GCC 15 and above. + +GCC 15 removed Intel Xeon Phi ISA support. +commit e1a7e2c54d52d0ba374735e285b617af44841ace +Author: Haochen Jiang +Date: Mon May 20 10:43:44 2024 +0800 + + i386: Remove Xeon Phi ISA support + +Fixes BZ 31782. + +Reviewed-by: H.J. Lu +(cherry picked from commit 1b713c9a5349ef3cd1a8ccf9de017c7865713c67) +--- + sysdeps/x86/tst-cpu-features-supports.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/sysdeps/x86/tst-cpu-features-supports.c b/sysdeps/x86/tst-cpu-features-supports.c +index 32daf51053..f85356b589 100644 +--- a/sysdeps/x86/tst-cpu-features-supports.c ++++ b/sysdeps/x86/tst-cpu-features-supports.c +@@ -65,7 +65,7 @@ do_test (int argc, char **argv) + #endif + fails += CHECK_FEATURE_ACTIVE (avx, AVX); + fails += CHECK_FEATURE_ACTIVE (avx2, AVX2); +-#if __GNUC_PREREQ (7, 0) ++#if __GNUC_PREREQ (7, 0) && !__GNUC_PREREQ (15, 0) + fails += CHECK_FEATURE_ACTIVE (avx5124fmaps, AVX512_4FMAPS); + fails += CHECK_FEATURE_ACTIVE (avx5124vnniw, AVX512_4VNNIW); + #endif +@@ -92,14 +92,18 @@ do_test (int argc, char **argv) + #if __GNUC_PREREQ (6, 0) + fails += CHECK_FEATURE_ACTIVE (avx512bw, AVX512BW); + fails += CHECK_FEATURE_ACTIVE (avx512cd, AVX512CD); ++# if !__GNUC_PREREQ (15, 0) + fails += CHECK_FEATURE_ACTIVE (avx512er, AVX512ER); ++# endif + fails += CHECK_FEATURE_ACTIVE (avx512dq, AVX512DQ); + #endif + #if __GNUC_PREREQ (5, 0) + fails += CHECK_FEATURE_ACTIVE (avx512f, AVX512F); + #endif + #if __GNUC_PREREQ (6, 0) ++# if !__GNUC_PREREQ (15, 0) + fails += CHECK_FEATURE_ACTIVE (avx512pf, AVX512PF); ++# endif + fails += CHECK_FEATURE_ACTIVE (avx512vl, AVX512VL); + #endif + #if __GNUC_PREREQ (5, 0) +@@ -148,7 +152,9 @@ do_test (int argc, char **argv) + #endif + fails += CHECK_FEATURE_ACTIVE (popcnt, POPCNT); + #if __GNUC_PREREQ (11, 0) ++# if !__GNUC_PREREQ (15, 0) + fails += CHECK_FEATURE_ACTIVE (prefetchwt1, PREFETCHWT1); ++# endif + fails += CHECK_FEATURE_ACTIVE (ptwrite, PTWRITE); + fails += CHECK_FEATURE_ACTIVE (rdpid, RDPID); + fails += CHECK_FEATURE_ACTIVE (rdrnd, RDRAND); +-- +2.45.0 + diff --git a/packages/glibc/0081-misc-Add-support-for-Linux-uio.h-RWF_NOAPPEND-flag.patch b/packages/glibc/0081-misc-Add-support-for-Linux-uio.h-RWF_NOAPPEND-flag.patch new file mode 100644 index 000000000..091b76728 --- /dev/null +++ b/packages/glibc/0081-misc-Add-support-for-Linux-uio.h-RWF_NOAPPEND-flag.patch @@ -0,0 +1,75 @@ +From c8cb4d2b86ece572793e31a3422ea29e88d77df5 Mon Sep 17 00:00:00 2001 +From: Stafford Horne +Date: Wed, 3 Apr 2024 06:40:37 +0100 +Subject: [PATCH] misc: Add support for Linux uio.h RWF_NOAPPEND flag + +In Linux 6.9 a new flag is added to allow for Per-io operations to +disable append mode even if a file was opened with the flag O_APPEND. +This is done with the new RWF_NOAPPEND flag. + +This caused two test failures as these tests expected the flag 0x00000020 +to be unused. Adding the flag definition now fixes these tests on Linux +6.9 (v6.9-rc1). + + FAIL: misc/tst-preadvwritev2 + FAIL: misc/tst-preadvwritev64v2 + +This patch adds the flag, adjusts the test and adds details to +documentation. + +Link: https://lore.kernel.org/all/20200831153207.GO3265@brightrain.aerifal.cx/ +Reviewed-by: Adhemerval Zanella +(cherry picked from commit 3db9d208dd5f30b12900989c6d2214782b8e2011) +--- + manual/llio.texi | 4 ++++ + misc/tst-preadvwritev2-common.c | 5 ++++- + sysdeps/unix/sysv/linux/bits/uio-ext.h | 1 + + 3 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/manual/llio.texi b/manual/llio.texi +index 0b61d491f5..fae49d1433 100644 +--- a/manual/llio.texi ++++ b/manual/llio.texi +@@ -1339,6 +1339,10 @@ will fail and set @code{errno} to @code{EAGAIN} if the operation would block. + + @item RWF_APPEND + Per-IO synchronization as if the file was opened with @code{O_APPEND} flag. ++ ++@item RWF_NOAPPEND ++This flag allows an offset to be honored, even if the file was opened with ++@code{O_APPEND} flag. + @end vtable + + When the source file is compiled with @code{_FILE_OFFSET_BITS == 64} the +diff --git a/misc/tst-preadvwritev2-common.c b/misc/tst-preadvwritev2-common.c +index 355dbea05c..0d3729eac0 100644 +--- a/misc/tst-preadvwritev2-common.c ++++ b/misc/tst-preadvwritev2-common.c +@@ -34,8 +34,11 @@ + #ifndef RWF_APPEND + # define RWF_APPEND 0 + #endif ++#ifndef RWF_NOAPPEND ++# define RWF_NOAPPEND 0 ++#endif + #define RWF_SUPPORTED (RWF_HIPRI | RWF_DSYNC | RWF_SYNC | RWF_NOWAIT \ +- | RWF_APPEND) ++ | RWF_APPEND | RWF_NOAPPEND) + + /* Generic uio_lim.h does not define IOV_MAX. */ + #ifndef IOV_MAX +diff --git a/sysdeps/unix/sysv/linux/bits/uio-ext.h b/sysdeps/unix/sysv/linux/bits/uio-ext.h +index 311f5b16ce..d641f57b01 100644 +--- a/sysdeps/unix/sysv/linux/bits/uio-ext.h ++++ b/sysdeps/unix/sysv/linux/bits/uio-ext.h +@@ -47,6 +47,7 @@ extern ssize_t process_vm_writev (pid_t __pid, const struct iovec *__lvec, + #define RWF_SYNC 0x00000004 /* per-IO O_SYNC. */ + #define RWF_NOWAIT 0x00000008 /* per-IO nonblocking mode. */ + #define RWF_APPEND 0x00000010 /* per-IO O_APPEND. */ ++#define RWF_NOAPPEND 0x00000020 /* per-IO negation of O_APPEND */ + + __END_DECLS + +-- +2.45.0 + diff --git a/packages/glibc/0082-s390x-Fix-segfault-in-wcsncmp-BZ-31934.patch b/packages/glibc/0082-s390x-Fix-segfault-in-wcsncmp-BZ-31934.patch new file mode 100644 index 000000000..2facbe32d --- /dev/null +++ b/packages/glibc/0082-s390x-Fix-segfault-in-wcsncmp-BZ-31934.patch @@ -0,0 +1,58 @@ +From 712453634c8efd71a9b3ff0122145a9e90e9955c Mon Sep 17 00:00:00 2001 +From: Stefan Liebler +Date: Thu, 11 Jul 2024 11:28:53 +0200 +Subject: [PATCH] s390x: Fix segfault in wcsncmp [BZ #31934] + +The z13/vector-optimized wcsncmp implementation segfaults if n=1 +and there is only one character (equal on both strings) before +the page end. Then it loads and compares one character and misses +to check n again. The following load fails. + +This patch removes the extra load and compare of the first character +and just start with the loop which uses vector-load-to-block-boundary. +This code-path also checks n. + +With this patch both tests are passing: +- the simplified one mentioned in the bugzilla 31934 +- the full one in Florian Weimer's patch: +"manual: Document a GNU extension for strncmp/wcsncmp" +(https://patchwork.sourceware.org/project/glibc/patch/874j9eml6y.fsf@oldenburg.str.redhat.com/): +On s390x-linux-gnu (z16), the new wcsncmp test fails due to bug 31934. +Reviewed-by: Carlos O'Donell + +(cherry picked from commit 9b7651410375ec8848a1944992d663d514db4ba7) +--- + sysdeps/s390/wcsncmp-vx.S | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +diff --git a/sysdeps/s390/wcsncmp-vx.S b/sysdeps/s390/wcsncmp-vx.S +index 1bf769b870..4028d1e624 100644 +--- a/sysdeps/s390/wcsncmp-vx.S ++++ b/sysdeps/s390/wcsncmp-vx.S +@@ -59,14 +59,7 @@ ENTRY(WCSNCMP_Z13) + sllg %r4,%r4,2 /* Convert character-count to byte-count. */ + locgrne %r4,%r1 /* Use max byte-count, if bit 0/1 was one. */ + +- /* Check first character without vector load. */ +- lghi %r5,4 /* current_len = 4 bytes. */ +- /* Check s1/2[0]. */ +- lt %r0,0(%r2) +- l %r1,0(%r3) +- je .Lend_cmp_one_char +- crjne %r0,%r1,.Lend_cmp_one_char +- ++ lghi %r5,0 /* current_len = 0 bytes. */ + .Lloop: + vlbb %v17,0(%r5,%r3),6 /* Load s2 to block boundary. */ + vlbb %v16,0(%r5,%r2),6 /* Load s1 to block boundary. */ +@@ -167,7 +160,6 @@ ENTRY(WCSNCMP_Z13) + srl %r4,2 /* And convert it to character-index. */ + vlgvf %r0,%v16,0(%r4) /* Load character-values. */ + vlgvf %r1,%v17,0(%r4) +-.Lend_cmp_one_char: + cr %r0,%r1 + je .Lend_equal + lghi %r2,1 +-- +2.45.0 + diff --git a/packages/glibc/0083-nptl-fix-potential-merge-of-__rseq_-relro-symbols.patch b/packages/glibc/0083-nptl-fix-potential-merge-of-__rseq_-relro-symbols.patch new file mode 100644 index 000000000..107ca723e --- /dev/null +++ b/packages/glibc/0083-nptl-fix-potential-merge-of-__rseq_-relro-symbols.patch @@ -0,0 +1,161 @@ +From 7bfc35959dae3287e9097a960ebfddb19441bb55 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 3 Jul 2024 12:35:34 -0400 +Subject: [PATCH] nptl: fix potential merge of __rseq_* relro symbols + +While working on a patch to add support for the extensible rseq ABI, we +came across an issue where a new 'const' variable would be merged with +the existing '__rseq_size' variable. We tracked this to the use of +'-fmerge-all-constants' which allows the compiler to merge identical +constant variables. This means that all 'const' variables in a compile +unit that are of the same size and are initialized to the same value can +be merged. + +In this specific case, on 32 bit systems 'unsigned int' and 'ptrdiff_t' +are both 4 bytes and initialized to 0 which should trigger the merge. +However for reasons we haven't delved into when the attribute 'section +(".data.rel.ro")' is added to the mix, only variables of the same exact +types are merged. As far as we know this behavior is not specified +anywhere and could change with a new compiler version, hence this patch. + +Move the definitions of these variables into an assembler file and add +hidden writable aliases for internal use. This has the added bonus of +removing the asm workaround to set the values on rseq registration. + +Tested on Debian 12 with GCC 12.2. + +Signed-off-by: Michael Jeanson +Reviewed-by: Mathieu Desnoyers +Reviewed-by: Florian Weimer +(cherry picked from commit 2b92982e2369d292560793bee8e730f695f48ff3) +--- + elf/Makefile | 1 + + elf/dl-rseq-symbols.S | 64 +++++++++++++++++++++++++++++++++++ + sysdeps/nptl/dl-tls_init_tp.c | 14 ++++---- + 3 files changed, 71 insertions(+), 8 deletions(-) + create mode 100644 elf/dl-rseq-symbols.S + +diff --git a/elf/Makefile b/elf/Makefile +index c2af11b92c..04e1d7ded5 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -74,6 +74,7 @@ dl-routines = \ + dl-printf \ + dl-profile \ + dl-reloc \ ++ dl-rseq-symbols \ + dl-runtime \ + dl-scope \ + dl-setup_hash \ +diff --git a/elf/dl-rseq-symbols.S b/elf/dl-rseq-symbols.S +new file mode 100644 +index 0000000000..b4bba06a99 +--- /dev/null ++++ b/elf/dl-rseq-symbols.S +@@ -0,0 +1,64 @@ ++/* Define symbols used by rseq. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#if __WORDSIZE == 64 ++#define RSEQ_OFFSET_SIZE 8 ++#else ++#define RSEQ_OFFSET_SIZE 4 ++#endif ++ ++/* Some targets define a macro to denote the zero register. */ ++#undef zero ++ ++/* Define 2 symbols: '__rseq_size' is public const and '_rseq_size' (an ++ alias of '__rseq_size') is hidden and writable for internal use by the ++ dynamic linker which will initialize the value both symbols point to ++ before copy relocations take place. */ ++ ++ .globl __rseq_size ++ .type __rseq_size, %object ++ .size __rseq_size, 4 ++ .hidden _rseq_size ++ .globl _rseq_size ++ .type _rseq_size, %object ++ .size _rseq_size, 4 ++ .section .data.rel.ro ++ .balign 4 ++__rseq_size: ++_rseq_size: ++ .zero 4 ++ ++/* Define 2 symbols: '__rseq_offset' is public const and '_rseq_offset' (an ++ alias of '__rseq_offset') is hidden and writable for internal use by the ++ dynamic linker which will initialize the value both symbols point to ++ before copy relocations take place. */ ++ ++ .globl __rseq_offset ++ .type __rseq_offset, %object ++ .size __rseq_offset, RSEQ_OFFSET_SIZE ++ .hidden _rseq_offset ++ .globl _rseq_offset ++ .type _rseq_offset, %object ++ .size _rseq_offset, RSEQ_OFFSET_SIZE ++ .section .data.rel.ro ++ .balign RSEQ_OFFSET_SIZE ++__rseq_offset: ++_rseq_offset: ++ .zero RSEQ_OFFSET_SIZE +diff --git a/sysdeps/nptl/dl-tls_init_tp.c b/sysdeps/nptl/dl-tls_init_tp.c +index 2ed98c5a31..45ae260ceb 100644 +--- a/sysdeps/nptl/dl-tls_init_tp.c ++++ b/sysdeps/nptl/dl-tls_init_tp.c +@@ -45,8 +45,10 @@ rtld_mutex_dummy (pthread_mutex_t *lock) + #endif + + const unsigned int __rseq_flags; +-const unsigned int __rseq_size attribute_relro; +-const ptrdiff_t __rseq_offset attribute_relro; ++ ++/* The variables are in .data.relro but are not yet write-protected. */ ++extern unsigned int _rseq_size attribute_hidden; ++extern ptrdiff_t _rseq_offset attribute_hidden; + + void + __tls_pre_init_tp (void) +@@ -105,10 +107,7 @@ __tls_init_tp (void) + do_rseq = TUNABLE_GET (rseq, int, NULL); + if (rseq_register_current_thread (pd, do_rseq)) + { +- /* We need a writable view of the variables. They are in +- .data.relro and are not yet write-protected. */ +- extern unsigned int size __asm__ ("__rseq_size"); +- size = sizeof (pd->rseq_area); ++ _rseq_size = sizeof (pd->rseq_area); + } + + #ifdef RSEQ_SIG +@@ -117,8 +116,7 @@ __tls_init_tp (void) + all targets support __thread_pointer, so set __rseq_offset only + if the rseq registration may have happened because RSEQ_SIG is + defined. */ +- extern ptrdiff_t offset __asm__ ("__rseq_offset"); +- offset = (char *) &pd->rseq_area - (char *) __thread_pointer (); ++ _rseq_offset = (char *) &pd->rseq_area - (char *) __thread_pointer (); + #endif + } + +-- +2.45.0 + diff --git a/packages/glibc/0084-elf-Make-dl-rseq-symbols-Linux-only.patch b/packages/glibc/0084-elf-Make-dl-rseq-symbols-Linux-only.patch new file mode 100644 index 000000000..48ed57467 --- /dev/null +++ b/packages/glibc/0084-elf-Make-dl-rseq-symbols-Linux-only.patch @@ -0,0 +1,51 @@ +From d9d019d674f95509b5001f4d878ae09e32ea7a10 Mon Sep 17 00:00:00 2001 +From: Adhemerval Zanella +Date: Thu, 4 Jul 2024 10:09:07 -0300 +Subject: [PATCH] elf: Make dl-rseq-symbols Linux only + +And avoid a Hurd build failures. + +Checked on x86_64-linux-gnu. + +(cherry picked from commit 9fc639f654dc004736836613be703e6bed0c36a8) +--- + elf/Makefile | 1 - + sysdeps/unix/sysv/linux/Makefile | 4 ++++ + {elf => sysdeps/unix/sysv/linux}/dl-rseq-symbols.S | 0 + 3 files changed, 4 insertions(+), 1 deletion(-) + rename {elf => sysdeps/unix/sysv/linux}/dl-rseq-symbols.S (100%) + +diff --git a/elf/Makefile b/elf/Makefile +index 04e1d7ded5..c2af11b92c 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -74,7 +74,6 @@ dl-routines = \ + dl-printf \ + dl-profile \ + dl-reloc \ +- dl-rseq-symbols \ + dl-runtime \ + dl-scope \ + dl-setup_hash \ +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index be801e3be4..623a7d4de0 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -587,6 +587,10 @@ tests += \ + endif + + ifeq ($(subdir),elf) ++dl-routines += \ ++ dl-rseq-symbols \ ++ # dl-routines ++ + sysdep-rtld-routines += \ + dl-brk \ + dl-getcwd \ +diff --git a/elf/dl-rseq-symbols.S b/sysdeps/unix/sysv/linux/dl-rseq-symbols.S +similarity index 100% +rename from elf/dl-rseq-symbols.S +rename to sysdeps/unix/sysv/linux/dl-rseq-symbols.S +-- +2.45.0 + diff --git a/packages/glibc/0085-Linux-Make-__rseq_size-useful-for-feature-detection-.patch b/packages/glibc/0085-Linux-Make-__rseq_size-useful-for-feature-detection-.patch new file mode 100644 index 000000000..ee9392302 --- /dev/null +++ b/packages/glibc/0085-Linux-Make-__rseq_size-useful-for-feature-detection-.patch @@ -0,0 +1,171 @@ +From bb30bd21622910715b7b3020b17e6e97a8b4ec80 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 8 Jul 2024 21:14:00 +0200 +Subject: [PATCH] Linux: Make __rseq_size useful for feature detection (bug + 31965) + +The __rseq_size value is now the active area of struct rseq +(so 20 initially), not the full struct size including padding +at the end (32 initially). + +Update misc/tst-rseq to print some additional diagnostics. + +Reviewed-by: Michael Jeanson +Reviewed-by: Mathieu Desnoyers +(cherry picked from commit 2e456ccf0c34a056e3ccafac4a0c7effef14d918) +--- + NEWS | 6 ++++++ + manual/threads.texi | 8 ++++++-- + sysdeps/nptl/dl-tls_init_tp.c | 8 +------- + sysdeps/unix/sysv/linux/rseq-internal.h | 23 +++++++++++++++++++++-- + sysdeps/unix/sysv/linux/tst-rseq.c | 10 +++++++++- + 5 files changed, 43 insertions(+), 12 deletions(-) + +diff --git a/NEWS b/NEWS +index 6768c2da6f..f0a0834496 100644 +--- a/NEWS ++++ b/NEWS +@@ -7,6 +7,11 @@ using `glibc' in the "product" field. + + Version 2.38.1 + ++Deprecated and removed features, and other changes affecting compatibility: ++ ++* __rseq_size now denotes the size of the active rseq area (20 bytes ++ initially), not the size of struct rseq (32 bytes initially). ++ + Security related changes: + + CVE-2023-4527: If the system is configured in no-aaaa mode via +@@ -46,6 +51,7 @@ The following bugs are resolved with this release: + [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix + [31184] FAIL: elf/tst-tlsgap + [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic ++ [31965] rseq extension mechanism does not work as intended + + + Version 2.38 +diff --git a/manual/threads.texi b/manual/threads.texi +index e5544ff3da..25e99c9606 100644 +--- a/manual/threads.texi ++++ b/manual/threads.texi +@@ -1007,8 +1007,12 @@ This variable is either zero (if restartable sequence registration + failed or has been disabled) or the size of the restartable sequence + registration. This can be different from the size of @code{struct rseq} + if the kernel has extended the size of the registration. If +-registration is successful, @code{__rseq_size} is at least 32 (the +-initial size of @code{struct rseq}). ++registration is successful, @code{__rseq_size} is at least 20 (the ++initially active size of @code{struct rseq}). ++ ++Previous versions of @theglibc{} set this to 32 even if the kernel only ++supported the initial area of 20 bytes because the value included unused ++padding at the end of the restartable sequence area. + @end deftypevar + + @deftypevar {unsigned int} __rseq_flags +diff --git a/sysdeps/nptl/dl-tls_init_tp.c b/sysdeps/nptl/dl-tls_init_tp.c +index 45ae260ceb..8f731393c4 100644 +--- a/sysdeps/nptl/dl-tls_init_tp.c ++++ b/sysdeps/nptl/dl-tls_init_tp.c +@@ -46,10 +46,6 @@ rtld_mutex_dummy (pthread_mutex_t *lock) + + const unsigned int __rseq_flags; + +-/* The variables are in .data.relro but are not yet write-protected. */ +-extern unsigned int _rseq_size attribute_hidden; +-extern ptrdiff_t _rseq_offset attribute_hidden; +- + void + __tls_pre_init_tp (void) + { +@@ -106,9 +102,7 @@ __tls_init_tp (void) + bool do_rseq = true; + do_rseq = TUNABLE_GET (rseq, int, NULL); + if (rseq_register_current_thread (pd, do_rseq)) +- { +- _rseq_size = sizeof (pd->rseq_area); +- } ++ _rseq_size = RSEQ_AREA_SIZE_INITIAL_USED; + + #ifdef RSEQ_SIG + /* This should be a compile-time constant, but the current +diff --git a/sysdeps/unix/sysv/linux/rseq-internal.h b/sysdeps/unix/sysv/linux/rseq-internal.h +index 294880c04e..226ba59a24 100644 +--- a/sysdeps/unix/sysv/linux/rseq-internal.h ++++ b/sysdeps/unix/sysv/linux/rseq-internal.h +@@ -25,15 +25,34 @@ + #include + #include + ++/* 32 is the initially required value for the area size. The ++ actually used rseq size may be less (20 bytes initially). */ ++#define RSEQ_AREA_SIZE_INITIAL 32 ++#define RSEQ_AREA_SIZE_INITIAL_USED 20 ++ ++/* The variables are in .data.relro but are not yet write-protected. */ ++extern unsigned int _rseq_size attribute_hidden; ++extern ptrdiff_t _rseq_offset attribute_hidden; ++ + #ifdef RSEQ_SIG + static inline bool + rseq_register_current_thread (struct pthread *self, bool do_rseq) + { + if (do_rseq) + { ++ unsigned int size; ++#if IS_IN (rtld) ++ /* Use the hidden symbol in ld.so. */ ++ size = _rseq_size; ++#else ++ size = __rseq_size; ++#endif ++ if (size < RSEQ_AREA_SIZE_INITIAL) ++ /* The initial implementation used only 20 bytes out of 32, ++ but still expected size 32. */ ++ size = RSEQ_AREA_SIZE_INITIAL; + int ret = INTERNAL_SYSCALL_CALL (rseq, &self->rseq_area, +- sizeof (self->rseq_area), +- 0, RSEQ_SIG); ++ size, 0, RSEQ_SIG); + if (!INTERNAL_SYSCALL_ERROR_P (ret)) + return true; + } +diff --git a/sysdeps/unix/sysv/linux/tst-rseq.c b/sysdeps/unix/sysv/linux/tst-rseq.c +index 16983503b1..9f9aa7eb21 100644 +--- a/sysdeps/unix/sysv/linux/tst-rseq.c ++++ b/sysdeps/unix/sysv/linux/tst-rseq.c +@@ -29,6 +29,7 @@ + # include + # include + # include ++# include + # include + # include + # include "tst-rseq.h" +@@ -42,7 +43,8 @@ do_rseq_main_test (void) + TEST_COMPARE (__rseq_flags, 0); + TEST_VERIFY ((char *) __thread_pointer () + __rseq_offset + == (char *) &pd->rseq_area); +- TEST_COMPARE (__rseq_size, sizeof (pd->rseq_area)); ++ /* The current implementation only supports the initial size. */ ++ TEST_COMPARE (__rseq_size, 20); + } + + static void +@@ -52,6 +54,12 @@ do_rseq_test (void) + { + FAIL_UNSUPPORTED ("kernel does not support rseq, skipping test"); + } ++ printf ("info: __rseq_size: %u\n", __rseq_size); ++ printf ("info: __rseq_offset: %td\n", __rseq_offset); ++ printf ("info: __rseq_flags: %u\n", __rseq_flags); ++ printf ("info: getauxval (AT_RSEQ_FEATURE_SIZE): %ld\n", ++ getauxval (AT_RSEQ_FEATURE_SIZE)); ++ printf ("info: getauxval (AT_RSEQ_ALIGN): %ld\n", getauxval (AT_RSEQ_ALIGN)); + do_rseq_main_test (); + } + #else /* RSEQ_SIG */ +-- +2.45.0 + diff --git a/packages/glibc/0086-resolv-Allow-short-error-responses-to-match-any-quer.patch b/packages/glibc/0086-resolv-Allow-short-error-responses-to-match-any-quer.patch new file mode 100644 index 000000000..b71339436 --- /dev/null +++ b/packages/glibc/0086-resolv-Allow-short-error-responses-to-match-any-quer.patch @@ -0,0 +1,223 @@ +From dc512364e8490facb30f8c23fcc496d21adfc4e4 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 24 Jul 2024 12:06:47 +0200 +Subject: [PATCH] resolv: Allow short error responses to match any query (bug + 31890) + +Reviewed-by: DJ Delorie +(cherry picked from commit 691a3b2e9bfaba842e46a5ccb7f5e6ea144c3ade) +--- + NEWS | 1 + + resolv/Makefile | 3 + + resolv/res_send.c | 29 +++++--- + resolv/tst-resolv-short-response.c | 112 +++++++++++++++++++++++++++++ + 4 files changed, 135 insertions(+), 10 deletions(-) + create mode 100644 resolv/tst-resolv-short-response.c + +diff --git a/NEWS b/NEWS +index f0a0834496..c331604747 100644 +--- a/NEWS ++++ b/NEWS +@@ -51,6 +51,7 @@ The following bugs are resolved with this release: + [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix + [31184] FAIL: elf/tst-tlsgap + [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic ++ [31890] resolv: Allow short error responses to match any DNS query + [31965] rseq extension mechanism does not work as intended + + +diff --git a/resolv/Makefile b/resolv/Makefile +index 2f99eb3862..cca0748f9a 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -106,6 +106,7 @@ tests += \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ ++ tst-resolv-short-response \ + tst-resolv-trailing \ + + # This test calls __res_context_send directly, which is not exported +@@ -299,6 +300,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ ++ $(shared-thread-library) + $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-threads: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-txnid-collision: $(objpfx)libresolv.a \ +diff --git a/resolv/res_send.c b/resolv/res_send.c +index d098eba470..bf4ce67b1d 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1197,19 +1197,30 @@ send_dg(res_state statp, + } + + /* Check for the correct header layout and a matching +- question. */ ++ question. Some recursive resolvers send REFUSED ++ without copying back the question section ++ (producing a response that is only HFIXEDSZ bytes ++ long). Skip query matching in this case. */ ++ bool thisansp_error = (anhp->rcode == SERVFAIL || ++ anhp->rcode == NOTIMP || ++ anhp->rcode == REFUSED); ++ bool skip_query_match = (*thisresplenp == HFIXEDSZ ++ && ntohs (anhp->qdcount) == 0 ++ && thisansp_error); + int matching_query = 0; /* Default to no matching query. */ + if (!recvresp1 + && anhp->id == hp->id +- && __libc_res_queriesmatch (buf, buf + buflen, +- *thisansp, +- *thisansp + *thisanssizp)) ++ && (skip_query_match ++ || __libc_res_queriesmatch (buf, buf + buflen, ++ *thisansp, ++ *thisansp + *thisanssizp))) + matching_query = 1; + if (!recvresp2 + && anhp->id == hp2->id +- && __libc_res_queriesmatch (buf2, buf2 + buflen2, +- *thisansp, +- *thisansp + *thisanssizp)) ++ && (skip_query_match ++ || __libc_res_queriesmatch (buf2, buf2 + buflen2, ++ *thisansp, ++ *thisansp + *thisanssizp))) + matching_query = 2; + if (matching_query == 0) + /* Spurious UDP packet. Drop it and continue +@@ -1219,9 +1230,7 @@ send_dg(res_state statp, + goto wait; + } + +- if (anhp->rcode == SERVFAIL || +- anhp->rcode == NOTIMP || +- anhp->rcode == REFUSED) { ++ if (thisansp_error) { + next_ns: + if (recvresp1 || (buf2 != NULL && recvresp2)) { + *resplen2 = 0; +diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +new file mode 100644 +index 0000000000..cf1e39876f +--- /dev/null ++++ b/resolv/tst-resolv-short-response.c +@@ -0,0 +1,112 @@ ++/* Test for spurious timeouts with short 12-byte responses (bug 31890). ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++/* The rcode in the initial response. */ ++static volatile int rcode; ++ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ switch (ctx->server_index) ++ { ++ case 0: ++ /* First server times out. */ ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ break; ++ case 1: ++ /* Second server sends reply. */ ++ resolv_response_init (b, (struct resolv_response_flags) {}); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ switch (qtype) ++ { ++ case T_A: ++ { ++ char ipv4[4] = {192, 0, 2, 17}; ++ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); ++ } ++ break; ++ case T_AAAA: ++ { ++ char ipv6[16] ++ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; ++ resolv_response_add_data (b, &ipv6, sizeof (ipv6)); ++ } ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected TYPE%d query", qtype); ++ } ++ resolv_response_close_record (b); ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected query to server %d", ctx->server_index); ++ } ++} ++ ++static void ++check_one (void) ++{ ++ ++ /* The buggy 1-second query timeout results in 30 seconds of delay, ++ which triggers a test timeout failure. */ ++ for (int i = 0; i < 10; ++i) ++ { ++ check_hostent ("www.example", gethostbyname ("www.example"), ++ "name: www.example\n" ++ "address: 192.0.2.17\n"); ++ check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), ++ "name: www.example\n" ++ "address: 2001:db8::1\n"); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ struct resolv_test *aux = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response, ++ }); ++ ++ _res.options |= RES_SNGLKUP; ++ ++ rcode = 2; /* SERVFAIL. */ ++ check_one (); ++ ++ rcode = 4; /* NOTIMP. */ ++ check_one (); ++ ++ rcode = 5; /* REFUSED. */ ++ check_one (); ++ ++ resolv_test_end (aux); ++ ++ return 0; ++} ++ ++#include +-- +2.45.0 + diff --git a/packages/glibc/0087-resolv-Do-not-wait-for-non-existing-second-DNS-respo.patch b/packages/glibc/0087-resolv-Do-not-wait-for-non-existing-second-DNS-respo.patch new file mode 100644 index 000000000..45f42c474 --- /dev/null +++ b/packages/glibc/0087-resolv-Do-not-wait-for-non-existing-second-DNS-respo.patch @@ -0,0 +1,232 @@ +From 6cad0f543ccac5abd35a3a617fab72a9c8c64155 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 24 Jul 2024 12:06:47 +0200 +Subject: [PATCH] resolv: Do not wait for non-existing second DNS response + after error (bug 30081) + +In single-request mode, there is no second response after an error +because the second query has not been sent yet. Waiting for it +introduces an unnecessary timeout. + +Reviewed-by: DJ Delorie +(cherry picked from commit af625987d619388a100b153520d3ee308bda9889) +--- + NEWS | 1 + + resolv/Makefile | 3 + + resolv/res_send.c | 2 +- + resolv/tst-resolv-semi-failure.c | 133 +++++++++++++++++++++++++++++ + resolv/tst-resolv-short-response.c | 12 +++ + 5 files changed, 150 insertions(+), 1 deletion(-) + create mode 100644 resolv/tst-resolv-semi-failure.c + +diff --git a/NEWS b/NEWS +index c331604747..4156a017ac 100644 +--- a/NEWS ++++ b/NEWS +@@ -37,6 +37,7 @@ Security related changes: + The following bugs are resolved with this release: + + [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS ++ [30081] resolv: Do not wait for non-existing second DNS response after error + [30694] The iconv program no longer tells the user which given encoding name was wrong + [30709] nscd fails to build with cleanup handler if built with -fexceptions + [30721] x86_64: Fix build with --disable-multiarch +diff --git a/resolv/Makefile b/resolv/Makefile +index cca0748f9a..b53a5fcfdb 100644 +--- a/resolv/Makefile ++++ b/resolv/Makefile +@@ -106,6 +106,7 @@ tests += \ + tst-resolv-nondecimal \ + tst-resolv-res_init-multi \ + tst-resolv-search \ ++ tst-resolv-semi-failure \ + tst-resolv-short-response \ + tst-resolv-trailing \ + +@@ -300,6 +301,8 @@ $(objpfx)tst-resolv-nondecimal: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-rotate: $(objpfx)libresolv.so $(shared-thread-library) + $(objpfx)tst-resolv-search: $(objpfx)libresolv.so $(shared-thread-library) ++$(objpfx)tst-resolv-semi-failure: $(objpfx)libresolv.so \ ++ $(shared-thread-library) + $(objpfx)tst-resolv-short-response: $(objpfx)libresolv.so \ + $(shared-thread-library) + $(objpfx)tst-resolv-trailing: $(objpfx)libresolv.so $(shared-thread-library) +diff --git a/resolv/res_send.c b/resolv/res_send.c +index bf4ce67b1d..b741b42cae 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -1236,7 +1236,7 @@ send_dg(res_state statp, + *resplen2 = 0; + return resplen; + } +- if (buf2 != NULL) ++ if (buf2 != NULL && !single_request) + { + /* No data from the first reply. */ + resplen = 0; +diff --git a/resolv/tst-resolv-semi-failure.c b/resolv/tst-resolv-semi-failure.c +new file mode 100644 +index 0000000000..aa9798b5a7 +--- /dev/null ++++ b/resolv/tst-resolv-semi-failure.c +@@ -0,0 +1,133 @@ ++/* Test parallel failure/success responses (bug 30081). ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++/* The rcode in the initial response. */ ++static volatile int rcode; ++ ++/* Whether to fail the initial A query (!fail_aaaa) or the initial ++ AAAA query (fail_aaaa). */ ++static volatile bool fail_aaaa; ++ ++static void ++response (const struct resolv_response_context *ctx, ++ struct resolv_response_builder *b, ++ const char *qname, uint16_t qclass, uint16_t qtype) ++{ ++ /* Handle the failing query. */ ++ if ((fail_aaaa && qtype == T_AAAA) && ctx->server_index == 0) ++ { ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ return; ++ } ++ ++ /* Otherwise produce a response. */ ++ resolv_response_init (b, (struct resolv_response_flags) {}); ++ resolv_response_add_question (b, qname, qclass, qtype); ++ resolv_response_section (b, ns_s_an); ++ resolv_response_open_record (b, qname, qclass, qtype, 0); ++ switch (qtype) ++ { ++ case T_A: ++ { ++ char ipv4[4] = {192, 0, 2, 17}; ++ resolv_response_add_data (b, &ipv4, sizeof (ipv4)); ++ } ++ break; ++ case T_AAAA: ++ { ++ char ipv6[16] ++ = {0x20, 0x01, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1}; ++ resolv_response_add_data (b, &ipv6, sizeof (ipv6)); ++ } ++ break; ++ default: ++ FAIL_EXIT1 ("unexpected TYPE%d query", qtype); ++ } ++ resolv_response_close_record (b); ++} ++ ++static void ++check_one (void) ++{ ++ ++ /* The buggy 1-second query timeout results in 30 seconds of delay, ++ which triggers are test timeout failure. */ ++ for (int i = 0; i < 30; ++i) ++ { ++ static const struct addrinfo hints = ++ { ++ .ai_family = AF_UNSPEC, ++ .ai_socktype = SOCK_STREAM, ++ }; ++ struct addrinfo *ai; ++ int ret = getaddrinfo ("www.example", "80", &hints, &ai); ++ const char *expected; ++ if (ret == 0 && ai->ai_next != NULL) ++ expected = ("address: STREAM/TCP 192.0.2.17 80\n" ++ "address: STREAM/TCP 2001:db8::1 80\n"); ++ else ++ /* Only one response because the AAAA lookup failure is ++ treated as an ignoreable error. */ ++ expected = "address: STREAM/TCP 192.0.2.17 80\n"; ++ check_addrinfo ("www.example", ai, ret, expected); ++ if (ret == 0) ++ freeaddrinfo (ai); ++ } ++} ++ ++static int ++do_test (void) ++{ ++ for (int do_single_lookup = 0; do_single_lookup < 2; ++do_single_lookup) ++ { ++ struct resolv_test *aux = resolv_test_start ++ ((struct resolv_redirect_config) ++ { ++ .response_callback = response, ++ }); ++ ++ if (do_single_lookup) ++ _res.options |= RES_SNGLKUP; ++ ++ for (int do_fail_aaaa = 0; do_fail_aaaa < 2; ++do_fail_aaaa) ++ { ++ fail_aaaa = do_fail_aaaa; ++ ++ rcode = 2; /* SERVFAIL. */ ++ check_one (); ++ ++ rcode = 4; /* NOTIMP. */ ++ check_one (); ++ ++ rcode = 5; /* REFUSED. */ ++ check_one (); ++ } ++ ++ resolv_test_end (aux); ++ } ++ ++ return 0; ++} ++ ++#include +diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +index cf1e39876f..be354ae1c7 100644 +--- a/resolv/tst-resolv-short-response.c ++++ b/resolv/tst-resolv-short-response.c +@@ -81,6 +81,18 @@ check_one (void) + check_hostent ("www.example", gethostbyname2 ("www.example", AF_INET6), + "name: www.example\n" + "address: 2001:db8::1\n"); ++ static const struct addrinfo hints = ++ { ++ .ai_family = AF_UNSPEC, ++ .ai_socktype = SOCK_STREAM, ++ }; ++ struct addrinfo *ai; ++ int ret = getaddrinfo ("www.example", "80", &hints, &ai); ++ check_addrinfo ("www.example", ai, ret, ++ "address: STREAM/TCP 192.0.2.17 80\n" ++ "address: STREAM/TCP 2001:db8::1 80\n"); ++ if (ret == 0) ++ freeaddrinfo (ai); + } + } + +-- +2.45.0 + diff --git a/packages/glibc/0088-resolv-Track-single-request-fallback-via-_res._flags.patch b/packages/glibc/0088-resolv-Track-single-request-fallback-via-_res._flags.patch new file mode 100644 index 000000000..71914b119 --- /dev/null +++ b/packages/glibc/0088-resolv-Track-single-request-fallback-via-_res._flags.patch @@ -0,0 +1,81 @@ +From 1bed6acf50f6fdedf5a501cbd6a8225e5c13b886 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 13 Jun 2024 18:56:30 +0200 +Subject: [PATCH] resolv: Track single-request fallback via _res._flags (bug + 31476) + +This avoids changing _res.options, which inteferes with change +detection as part of automatic reloading of /etc/resolv.conf. + +Reviewed-by: DJ Delorie +(cherry picked from commit 868ab8923a2ec977faafec97ecafac0c3159c1b2) +--- + NEWS | 1 + + resolv/res_send.c | 12 +++++++----- + resolv/resolv-internal.h | 2 ++ + 3 files changed, 10 insertions(+), 5 deletions(-) + +diff --git a/NEWS b/NEWS +index 4156a017ac..3b252c96b4 100644 +--- a/NEWS ++++ b/NEWS +@@ -52,6 +52,7 @@ The following bugs are resolved with this release: + [31183] Wide stream buffer size reduced MB_LEN_MAX bytes after bug 17522 fix + [31184] FAIL: elf/tst-tlsgap + [31185] Incorrect thread point access in _dl_tlsdesc_undefweak and _dl_tlsdesc_dynamic ++ [31476] resolv: Track single-request fallback via _res._flags + [31890] resolv: Allow short error responses to match any DNS query + [31965] rseq extension mechanism does not work as intended + +diff --git a/resolv/res_send.c b/resolv/res_send.c +index b741b42cae..1b130b4df4 100644 +--- a/resolv/res_send.c ++++ b/resolv/res_send.c +@@ -947,9 +947,11 @@ send_dg(res_state statp, + seconds /= statp->nscount; + if (seconds <= 0) + seconds = 1; +- bool single_request_reopen = (statp->options & RES_SNGLKUPREOP) != 0; +- bool single_request = (((statp->options & RES_SNGLKUP) != 0) +- | single_request_reopen); ++ bool single_request_reopen = ((statp->options & RES_SNGLKUPREOP) ++ || (statp->_flags & RES_F_SNGLKUPREOP)); ++ bool single_request = ((statp->options & RES_SNGLKUP) ++ || (statp->_flags & RES_F_SNGLKUP) ++ || single_request_reopen); + int save_gotsomewhere = *gotsomewhere; + + int retval; +@@ -1006,14 +1008,14 @@ send_dg(res_state statp, + have received the first answer. */ + if (!single_request) + { +- statp->options |= RES_SNGLKUP; ++ statp->_flags |= RES_F_SNGLKUP; + single_request = true; + *gotsomewhere = save_gotsomewhere; + goto retry; + } + else if (!single_request_reopen) + { +- statp->options |= RES_SNGLKUPREOP; ++ statp->_flags |= RES_F_SNGLKUPREOP; + single_request_reopen = true; + *gotsomewhere = save_gotsomewhere; + __res_iclose (statp, false); +diff --git a/resolv/resolv-internal.h b/resolv/resolv-internal.h +index 2b98ac4920..3fa81d784f 100644 +--- a/resolv/resolv-internal.h ++++ b/resolv/resolv-internal.h +@@ -26,6 +26,8 @@ + #define RES_F_VC 0x00000001 /* Socket is TCP. */ + #define RES_F_CONN 0x00000002 /* Socket is connected. */ + #define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors. */ ++#define RES_F_SNGLKUP 0x00200000 /* Private version of RES_SNGLKUP. */ ++#define RES_F_SNGLKUPREOP 0x00400000 /* Private version of RES_SNGLKUPREOP. */ + + /* The structure HEADER is normally aligned on a word boundary. In + some code, we need to access this structure when it may be aligned +-- +2.45.0 + diff --git a/packages/glibc/0089-linux-Update-the-mremap-C-implementation-BZ-31968.patch b/packages/glibc/0089-linux-Update-the-mremap-C-implementation-BZ-31968.patch new file mode 100644 index 000000000..3ebeba4d6 --- /dev/null +++ b/packages/glibc/0089-linux-Update-the-mremap-C-implementation-BZ-31968.patch @@ -0,0 +1,68 @@ +From 0301637b9931766ee389aedf3899cde756b37283 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 24 Jul 2024 14:05:13 -0700 +Subject: [PATCH] linux: Update the mremap C implementation [BZ #31968] + +Update the mremap C implementation to support the optional argument for +MREMAP_DONTUNMAP added in Linux 5.7 since it may not always be correct +to implement a variadic function as a non-variadic function on all Linux +targets. Return MAP_FAILED and set errno to EINVAL for unknown flag bits. +This fixes BZ #31968. + +Note: A test must be added when a new flag bit is introduced. + +Signed-off-by: H.J. Lu +Reviewed-by: Adhemerval Zanella +(cherry picked from commit 6c40cb0e9f893d49dc7caee580a055de53562206) +--- + NEWS | 1 + + sysdeps/unix/sysv/linux/mremap.c | 14 +++++++++++++- + 2 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 3b252c96b4..5172049eb2 100644 +--- a/NEWS ++++ b/NEWS +@@ -55,6 +55,7 @@ The following bugs are resolved with this release: + [31476] resolv: Track single-request fallback via _res._flags + [31890] resolv: Allow short error responses to match any DNS query + [31965] rseq extension mechanism does not work as intended ++ [31968] mremap implementation in C does not handle arguments correctly + + + Version 2.38 +diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c +index 0ad5da86a2..05ed8febfa 100644 +--- a/sysdeps/unix/sysv/linux/mremap.c ++++ b/sysdeps/unix/sysv/linux/mremap.c +@@ -20,6 +20,12 @@ + #include + #include + #include ++#include ++ ++#define MREMAP_KNOWN_BITS \ ++ (MREMAP_MAYMOVE \ ++ | MREMAP_FIXED \ ++ | MREMAP_DONTUNMAP) + + void * + __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...) +@@ -27,7 +33,13 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...) + va_list va; + void *new_addr = NULL; + +- if (flags & MREMAP_FIXED) ++ if (flags & ~(MREMAP_KNOWN_BITS)) ++ { ++ __set_errno (EINVAL); ++ return MAP_FAILED; ++ } ++ ++ if (flags & (MREMAP_FIXED | MREMAP_DONTUNMAP)) + { + va_start (va, flags); + new_addr = va_arg (va, void *); +-- +2.45.0 + diff --git a/packages/glibc/0090-mremap-Update-manual-entry.patch b/packages/glibc/0090-mremap-Update-manual-entry.patch new file mode 100644 index 000000000..96e699c5a --- /dev/null +++ b/packages/glibc/0090-mremap-Update-manual-entry.patch @@ -0,0 +1,88 @@ +From f0e211453546a134ac27e1e54579332534acb349 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 24 Jul 2024 14:05:14 -0700 +Subject: [PATCH] mremap: Update manual entry + +Update mremap manual entry: + +1. Change mremap to variadic. +2. Document MREMAP_FIXED and MREMAP_DONTUNMAP. + +Signed-off-by: H.J. Lu +Reviewed-by: Adhemerval Zanella +(cherry picked from commit cb2dee4eccf46642eef588bee64f9c875c408f1c) +--- + manual/llio.texi | 42 +++++++++++++++++++++++++++++++++++------- + 1 file changed, 35 insertions(+), 7 deletions(-) + +diff --git a/manual/llio.texi b/manual/llio.texi +index fae49d1433..a65230d612 100644 +--- a/manual/llio.texi ++++ b/manual/llio.texi +@@ -1781,7 +1781,7 @@ There is no existing mapping in at least part of the given region. + + @end deftypefun + +-@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag}) ++@deftypefun {void *} mremap (void *@var{address}, size_t @var{length}, size_t @var{new_length}, int @var{flag}, ... /* void *@var{new_address} */) + @standards{GNU, sys/mman.h} + @safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}} + +@@ -1790,12 +1790,40 @@ area. @var{address} and @var{length} must cover a region entirely mapped + in the same @code{mmap} statement. A new mapping with the same + characteristics will be returned with the length @var{new_length}. + +-One option is possible, @code{MREMAP_MAYMOVE}. If it is given in +-@var{flags}, the system may remove the existing mapping and create a new +-one of the desired length in another location. ++Possible flags are + +-The address of the resulting mapping is returned, or @math{-1}. Possible +-error codes include: ++@table @code ++ ++@item MREMAP_MAYMOVE ++If it is given in @var{flags}, the system may remove the existing mapping ++and create a new one of the desired length in another location. ++ ++@item MREMAP_FIXED ++If it is given in @var{flags}, @code{mremap} accepts a fifth argument, ++@code{void *new_address}, which specifies a page-aligned address to ++which the mapping must be moved. Any previous mapping at the address ++range specified by @var{new_address} and @var{new_size} is unmapped. ++ ++@code{MREMAP_FIXED} must be used together with @code{MREMAP_MAYMOVE}. ++ ++@item MREMAP_DONTUNMAP ++If it is given in @var{flags}, @code{mremap} accepts a fifth argument, ++@code{void *new_address}, which specifies a page-aligned address. Any ++previous mapping at the address range specified by @var{new_address} and ++@var{new_size} is unmapped. If @var{new_address} is @code{NULL}, the ++kernel chooses the page-aligned address at which to create the mapping. ++Otherwise, the kernel takes it as a hint about where to place the mapping. ++The mapping at the address range specified by @var{old_address} and ++@var{old_size} isn't unmapped. ++ ++@code{MREMAP_DONTUNMAP} must be used together with @code{MREMAP_MAYMOVE}. ++@var{old_size} must be the same as @var{new_size}. This flag bit is ++Linux-specific. ++ ++@end table ++ ++The address of the resulting mapping is returned, or @code{MAP_FAILED}. ++Possible error codes include: + + @table @code + +@@ -1804,7 +1832,7 @@ There is no existing mapping in at least part of the original region, or + the region covers two or more distinct mappings. + + @item EINVAL +-The address given is misaligned or inappropriate. ++Any arguments are inappropriate, including unknown @var{flags} values. + + @item EAGAIN + The region has pages locked, and if extended it would exceed the +-- +2.45.0 + diff --git a/packages/glibc/0091-Add-mremap-tests.patch b/packages/glibc/0091-Add-mremap-tests.patch new file mode 100644 index 000000000..12c2b882b --- /dev/null +++ b/packages/glibc/0091-Add-mremap-tests.patch @@ -0,0 +1,302 @@ +From 6bb75212e6198cd14ab9d1d538a61fa9cdec31d1 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Wed, 24 Jul 2024 14:05:15 -0700 +Subject: [PATCH] Add mremap tests + +Add tests for MREMAP_MAYMOVE and MREMAP_FIXED. On Linux, also test +MREMAP_DONTUNMAP. + +Signed-off-by: H.J. Lu +Reviewed-by: Adhemerval Zanella +(cherry picked from commit ff0320bec2810192d453c579623482fab87bfa01) +--- + misc/Makefile | 2 + + misc/tst-mremap1.c | 46 +++++++++++++++ + misc/tst-mremap2.c | 54 ++++++++++++++++++ + sysdeps/generic/mremap-failure.h | 25 ++++++++ + sysdeps/unix/sysv/linux/Makefile | 1 + + sysdeps/unix/sysv/linux/mremap-failure.h | 30 ++++++++++ + sysdeps/unix/sysv/linux/tst-linux-mremap1.c | 63 +++++++++++++++++++++ + 7 files changed, 221 insertions(+) + create mode 100644 misc/tst-mremap1.c + create mode 100644 misc/tst-mremap2.c + create mode 100644 sysdeps/generic/mremap-failure.h + create mode 100644 sysdeps/unix/sysv/linux/mremap-failure.h + create mode 100644 sysdeps/unix/sysv/linux/tst-linux-mremap1.c + +diff --git a/misc/Makefile b/misc/Makefile +index 90b31952c5..87778a538a 100644 +--- a/misc/Makefile ++++ b/misc/Makefile +@@ -251,6 +251,8 @@ tests := \ + tst-mntent-blank-passno \ + tst-mntent-escape \ + tst-mntent2 \ ++ tst-mremap1 \ ++ tst-mremap2 \ + tst-preadvwritev \ + tst-preadvwritev2 \ + tst-preadvwritev64 \ +diff --git a/misc/tst-mremap1.c b/misc/tst-mremap1.c +new file mode 100644 +index 0000000000..0469991a6c +--- /dev/null ++++ b/misc/tst-mremap1.c +@@ -0,0 +1,46 @@ ++/* Test mremap with MREMAP_MAYMOVE. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ size_t old_size = getpagesize (); ++ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1); ++ old_addr[0] = 1; ++ old_addr[old_size - 1] = 2; ++ ++ /* Test MREMAP_MAYMOVE. */ ++ size_t new_size = old_size + old_size; ++ char *new_addr = mremap (old_addr, old_size, new_size, MREMAP_MAYMOVE); ++ TEST_VERIFY_EXIT (new_addr != MAP_FAILED); ++ new_addr[0] = 1; ++ new_addr[new_size - 1] = 2; ++ xmunmap (new_addr, new_size); ++ ++ return 0; ++} ++ ++#include +diff --git a/misc/tst-mremap2.c b/misc/tst-mremap2.c +new file mode 100644 +index 0000000000..45be7f0369 +--- /dev/null ++++ b/misc/tst-mremap2.c +@@ -0,0 +1,54 @@ ++/* Test mremap with MREMAP_FIXED. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ size_t old_size = getpagesize (); ++ size_t new_size = old_size + old_size; ++ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1); ++ old_addr[0] = 1; ++ old_addr[old_size - 1] = 2; ++ ++ char *fixed_addr = xmmap (NULL, new_size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1); ++ fixed_addr[0] = 1; ++ fixed_addr[new_size - 1] = 2; ++ ++ /* Test MREMAP_FIXED. */ ++ char *new_addr = mremap (old_addr, old_size, new_size, ++ MREMAP_FIXED | MREMAP_MAYMOVE, ++ fixed_addr); ++ if (new_addr == MAP_FAILED) ++ return mremap_failure_exit (errno); ++ new_addr[0] = 1; ++ new_addr[new_size - 1] = 2; ++ xmunmap (new_addr, new_size); ++ ++ return 0; ++} ++ ++#include +diff --git a/sysdeps/generic/mremap-failure.h b/sysdeps/generic/mremap-failure.h +new file mode 100644 +index 0000000000..bc0d476368 +--- /dev/null ++++ b/sysdeps/generic/mremap-failure.h +@@ -0,0 +1,25 @@ ++/* mremap failure handling. Generic version. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++/* Return exit value on mremap failure with errno ERR. */ ++ ++static int ++mremap_failure_exit (int err) ++{ ++ return EXIT_FAILURE; ++} +diff --git a/sysdeps/unix/sysv/linux/Makefile b/sysdeps/unix/sysv/linux/Makefile +index 623a7d4de0..9b503c8379 100644 +--- a/sysdeps/unix/sysv/linux/Makefile ++++ b/sysdeps/unix/sysv/linux/Makefile +@@ -202,6 +202,7 @@ tests += \ + tst-getauxval \ + tst-gettid \ + tst-gettid-kill \ ++ tst-linux-mremap1 \ + tst-memfd_create \ + tst-misalign-clone \ + tst-mlock2 \ +diff --git a/sysdeps/unix/sysv/linux/mremap-failure.h b/sysdeps/unix/sysv/linux/mremap-failure.h +new file mode 100644 +index 0000000000..c99ab30ca9 +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/mremap-failure.h +@@ -0,0 +1,30 @@ ++/* mremap failure handling. Linux version. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++/* Return exit value on mremap failure with errno ERR. */ ++ ++static int ++mremap_failure_exit (int err) ++{ ++ if (err != EINVAL) ++ return EXIT_FAILURE; ++ ++ return EXIT_UNSUPPORTED; ++} +diff --git a/sysdeps/unix/sysv/linux/tst-linux-mremap1.c b/sysdeps/unix/sysv/linux/tst-linux-mremap1.c +new file mode 100644 +index 0000000000..408e8af2ab +--- /dev/null ++++ b/sysdeps/unix/sysv/linux/tst-linux-mremap1.c +@@ -0,0 +1,63 @@ ++/* Test mremap with MREMAP_DONTUNMAP. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ size_t old_size = getpagesize (); ++ size_t new_size = old_size; ++ char *old_addr = xmmap (NULL, old_size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1); ++ old_addr[0] = 1; ++ old_addr[old_size - 1] = 2; ++ ++ /* Create an available 64-page mmap region. */ ++ size_t fixed_size = old_size * 64; ++ char *fixed_addr = xmmap (NULL, fixed_size, PROT_READ | PROT_WRITE, ++ MAP_PRIVATE | MAP_ANONYMOUS, -1); ++ xmunmap (fixed_addr, fixed_size); ++ ++ /* Add 3 * pagesize. */ ++ fixed_size += 3 * old_size; ++ ++ /* Test MREMAP_DONTUNMAP. It should return FIXED_ADDR created above. */ ++ char *new_addr = mremap (old_addr, old_size, new_size, ++ MREMAP_DONTUNMAP | MREMAP_MAYMOVE, ++ fixed_addr); ++ if (new_addr == MAP_FAILED) ++ return mremap_failure_exit (errno); ++ TEST_VERIFY_EXIT (fixed_addr == new_addr); ++ old_addr[0] = 3; ++ old_addr[old_size - 1] = 4; ++ new_addr[0] = 1; ++ new_addr[new_size - 1] = 2; ++ xmunmap (new_addr, new_size); ++ xmunmap (old_addr, old_size); ++ ++ return 0; ++} ++ ++#include +-- +2.45.0 + diff --git a/packages/glibc/0092-Update-syscall-lists-for-Linux-6.5.patch b/packages/glibc/0092-Update-syscall-lists-for-Linux-6.5.patch new file mode 100644 index 000000000..1dec1d368 --- /dev/null +++ b/packages/glibc/0092-Update-syscall-lists-for-Linux-6.5.patch @@ -0,0 +1,394 @@ +From 3ac7ba61d2d4a914b64a1d793857b84f6a875fa0 Mon Sep 17 00:00:00 2001 +From: Joseph Myers +Date: Tue, 12 Sep 2023 14:08:53 +0000 +Subject: [PATCH] Update syscall lists for Linux 6.5 + +Linux 6.5 has one new syscall, cachestat, and also enables the +cacheflush syscall for hppa. Update syscall-names.list and regenerate +the arch-syscall.h headers with build-many-glibcs.py update-syscalls. + +Tested with build-many-glibcs.py. + +(cherry picked from commit 72511f539cc34681ec61c6a0dc2fe6d684760ffe) +--- + sysdeps/unix/sysv/linux/aarch64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/alpha/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/arc/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/arm/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/csky/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/hppa/arch-syscall.h | 2 ++ + sysdeps/unix/sysv/linux/i386/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/ia64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/loongarch/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/m68k/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/microblaze/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/nios2/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/or1k/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/powerpc/powerpc32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/powerpc/powerpc64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/s390/s390-32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/s390/s390-64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/sh/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/sparc/sparc32/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/sparc/sparc64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/syscall-names.list | 5 +++-- + sysdeps/unix/sysv/linux/x86_64/64/arch-syscall.h | 1 + + sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h | 1 + + 28 files changed, 31 insertions(+), 2 deletions(-) + +diff --git a/sysdeps/unix/sysv/linux/aarch64/arch-syscall.h b/sysdeps/unix/sysv/linux/aarch64/arch-syscall.h +index 4fcb6da80a..8f21ee66a0 100644 +--- a/sysdeps/unix/sysv/linux/aarch64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/aarch64/arch-syscall.h +@@ -7,6 +7,7 @@ + #define __NR_bind 200 + #define __NR_bpf 280 + #define __NR_brk 214 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/alpha/arch-syscall.h b/sysdeps/unix/sysv/linux/alpha/arch-syscall.h +index 0cf74c1a96..c5802a5fec 100644 +--- a/sysdeps/unix/sysv/linux/alpha/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/alpha/arch-syscall.h +@@ -11,6 +11,7 @@ + #define __NR_bind 104 + #define __NR_bpf 515 + #define __NR_brk 17 ++#define __NR_cachestat 561 + #define __NR_capget 368 + #define __NR_capset 369 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/arc/arch-syscall.h b/sysdeps/unix/sysv/linux/arc/arch-syscall.h +index c1207aaa12..f23f9e1154 100644 +--- a/sysdeps/unix/sysv/linux/arc/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/arc/arch-syscall.h +@@ -11,6 +11,7 @@ + #define __NR_bpf 280 + #define __NR_brk 214 + #define __NR_cacheflush 244 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/arm/arch-syscall.h b/sysdeps/unix/sysv/linux/arm/arch-syscall.h +index e7ba04c106..7edf574899 100644 +--- a/sysdeps/unix/sysv/linux/arm/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/arm/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 386 + #define __NR_brk 45 + #define __NR_cacheflush 983042 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/csky/arch-syscall.h b/sysdeps/unix/sysv/linux/csky/arch-syscall.h +index dc9383758e..d74a06e063 100644 +--- a/sysdeps/unix/sysv/linux/csky/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/csky/arch-syscall.h +@@ -8,6 +8,7 @@ + #define __NR_bpf 280 + #define __NR_brk 214 + #define __NR_cacheflush 245 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/hppa/arch-syscall.h b/sysdeps/unix/sysv/linux/hppa/arch-syscall.h +index 767f1287a3..5568b94cd3 100644 +--- a/sysdeps/unix/sysv/linux/hppa/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/hppa/arch-syscall.h +@@ -13,6 +13,8 @@ + #define __NR_bind 22 + #define __NR_bpf 341 + #define __NR_brk 45 ++#define __NR_cacheflush 356 ++#define __NR_cachestat 451 + #define __NR_capget 106 + #define __NR_capset 107 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/i386/arch-syscall.h b/sysdeps/unix/sysv/linux/i386/arch-syscall.h +index 1998f0d76a..3af21a15cb 100644 +--- a/sysdeps/unix/sysv/linux/i386/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/i386/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 357 + #define __NR_break 17 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/ia64/arch-syscall.h b/sysdeps/unix/sysv/linux/ia64/arch-syscall.h +index b2eab1b93d..39b270e642 100644 +--- a/sysdeps/unix/sysv/linux/ia64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/ia64/arch-syscall.h +@@ -11,6 +11,7 @@ + #define __NR_bind 1191 + #define __NR_bpf 1341 + #define __NR_brk 1060 ++#define __NR_cachestat 1475 + #define __NR_capget 1185 + #define __NR_capset 1186 + #define __NR_chdir 1034 +diff --git a/sysdeps/unix/sysv/linux/loongarch/arch-syscall.h b/sysdeps/unix/sysv/linux/loongarch/arch-syscall.h +index 6bb3c8adbc..fdefe8bb6f 100644 +--- a/sysdeps/unix/sysv/linux/loongarch/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/loongarch/arch-syscall.h +@@ -7,6 +7,7 @@ + #define __NR_bind 200 + #define __NR_bpf 280 + #define __NR_brk 214 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/m68k/arch-syscall.h b/sysdeps/unix/sysv/linux/m68k/arch-syscall.h +index 5fc3723772..315e49cd33 100644 +--- a/sysdeps/unix/sysv/linux/m68k/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/m68k/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 354 + #define __NR_brk 45 + #define __NR_cacheflush 123 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/microblaze/arch-syscall.h b/sysdeps/unix/sysv/linux/microblaze/arch-syscall.h +index b6e9b007e4..54af12780c 100644 +--- a/sysdeps/unix/sysv/linux/microblaze/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/microblaze/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 387 + #define __NR_break 17 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h b/sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h +index b3a3871f8a..a2aa1ffa1b 100644 +--- a/sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/mips/mips32/arch-syscall.h +@@ -17,6 +17,7 @@ + #define __NR_brk 4045 + #define __NR_cachectl 4148 + #define __NR_cacheflush 4147 ++#define __NR_cachestat 4451 + #define __NR_capget 4204 + #define __NR_capset 4205 + #define __NR_chdir 4012 +diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h b/sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h +index b462182723..5bec858040 100644 +--- a/sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/mips/mips64/n32/arch-syscall.h +@@ -14,6 +14,7 @@ + #define __NR_brk 6012 + #define __NR_cachectl 6198 + #define __NR_cacheflush 6197 ++#define __NR_cachestat 6451 + #define __NR_capget 6123 + #define __NR_capset 6124 + #define __NR_chdir 6078 +diff --git a/sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h b/sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h +index a9d6b94572..0166371ee2 100644 +--- a/sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/mips/mips64/n64/arch-syscall.h +@@ -14,6 +14,7 @@ + #define __NR_brk 5012 + #define __NR_cachectl 5198 + #define __NR_cacheflush 5197 ++#define __NR_cachestat 5451 + #define __NR_capget 5123 + #define __NR_capset 5124 + #define __NR_chdir 5078 +diff --git a/sysdeps/unix/sysv/linux/nios2/arch-syscall.h b/sysdeps/unix/sysv/linux/nios2/arch-syscall.h +index 809a219ef3..29a4cfa988 100644 +--- a/sysdeps/unix/sysv/linux/nios2/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/nios2/arch-syscall.h +@@ -8,6 +8,7 @@ + #define __NR_bpf 280 + #define __NR_brk 214 + #define __NR_cacheflush 244 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/or1k/arch-syscall.h b/sysdeps/unix/sysv/linux/or1k/arch-syscall.h +index 1364f4cbc0..f5a3729663 100644 +--- a/sysdeps/unix/sysv/linux/or1k/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/or1k/arch-syscall.h +@@ -7,6 +7,7 @@ + #define __NR_bind 200 + #define __NR_bpf 280 + #define __NR_brk 214 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/arch-syscall.h b/sysdeps/unix/sysv/linux/powerpc/powerpc32/arch-syscall.h +index 627831ebae..3a212a0269 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 361 + #define __NR_break 17 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 183 + #define __NR_capset 184 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc64/arch-syscall.h b/sysdeps/unix/sysv/linux/powerpc/powerpc64/arch-syscall.h +index bae597199d..1038ead227 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/arch-syscall.h +@@ -15,6 +15,7 @@ + #define __NR_bpf 361 + #define __NR_break 17 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 183 + #define __NR_capset 184 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h b/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h +index 2416e041c8..57b043ffb5 100644 +--- a/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/riscv/rv32/arch-syscall.h +@@ -6,6 +6,7 @@ + #define __NR_bind 200 + #define __NR_bpf 280 + #define __NR_brk 214 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h b/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h +index a32bc82f60..1041a0f8c9 100644 +--- a/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/riscv/rv64/arch-syscall.h +@@ -7,6 +7,7 @@ + #define __NR_bind 200 + #define __NR_bpf 280 + #define __NR_brk 214 ++#define __NR_cachestat 451 + #define __NR_capget 90 + #define __NR_capset 91 + #define __NR_chdir 49 +diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/arch-syscall.h b/sysdeps/unix/sysv/linux/s390/s390-32/arch-syscall.h +index 2288f20e45..70d4c6782e 100644 +--- a/sysdeps/unix/sysv/linux/s390/s390-32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/s390/s390-32/arch-syscall.h +@@ -13,6 +13,7 @@ + #define __NR_bind 361 + #define __NR_bpf 351 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/s390/s390-64/arch-syscall.h b/sysdeps/unix/sysv/linux/s390/s390-64/arch-syscall.h +index 05e6d8428e..65a8a9e316 100644 +--- a/sysdeps/unix/sysv/linux/s390/s390-64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/s390/s390-64/arch-syscall.h +@@ -11,6 +11,7 @@ + #define __NR_bind 361 + #define __NR_bpf 351 + #define __NR_brk 45 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/sh/arch-syscall.h b/sysdeps/unix/sysv/linux/sh/arch-syscall.h +index d52b522d9c..94aad0f119 100644 +--- a/sysdeps/unix/sysv/linux/sh/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/sh/arch-syscall.h +@@ -14,6 +14,7 @@ + #define __NR_bpf 375 + #define __NR_brk 45 + #define __NR_cacheflush 123 ++#define __NR_cachestat 451 + #define __NR_capget 184 + #define __NR_capset 185 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/sparc/sparc32/arch-syscall.h b/sysdeps/unix/sysv/linux/sparc/sparc32/arch-syscall.h +index d3f4d8aa3e..d630306c75 100644 +--- a/sysdeps/unix/sysv/linux/sparc/sparc32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/sparc/sparc32/arch-syscall.h +@@ -14,6 +14,7 @@ + #define __NR_bind 353 + #define __NR_bpf 349 + #define __NR_brk 17 ++#define __NR_cachestat 451 + #define __NR_capget 21 + #define __NR_capset 22 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/sparc/sparc64/arch-syscall.h b/sysdeps/unix/sysv/linux/sparc/sparc64/arch-syscall.h +index 2cc03d7a24..930f29b4d2 100644 +--- a/sysdeps/unix/sysv/linux/sparc/sparc64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/sparc/sparc64/arch-syscall.h +@@ -14,6 +14,7 @@ + #define __NR_bind 353 + #define __NR_bpf 349 + #define __NR_brk 17 ++#define __NR_cachestat 451 + #define __NR_capget 21 + #define __NR_capset 22 + #define __NR_chdir 12 +diff --git a/sysdeps/unix/sysv/linux/syscall-names.list b/sysdeps/unix/sysv/linux/syscall-names.list +index 5b69106434..cf6f70ecd9 100644 +--- a/sysdeps/unix/sysv/linux/syscall-names.list ++++ b/sysdeps/unix/sysv/linux/syscall-names.list +@@ -21,8 +21,8 @@ + # This file can list all potential system calls. The names are only + # used if the installed kernel headers also provide them. + +-# The list of system calls is current as of Linux 6.4. +-kernel 6.4 ++# The list of system calls is current as of Linux 6.5. ++kernel 6.5 + + FAST_atomic_update + FAST_cmpxchg +@@ -58,6 +58,7 @@ breakpoint + brk + cachectl + cacheflush ++cachestat + capget + capset + chdir +diff --git a/sysdeps/unix/sysv/linux/x86_64/64/arch-syscall.h b/sysdeps/unix/sysv/linux/x86_64/64/arch-syscall.h +index b4ab892ec1..58646cf0bd 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/64/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/x86_64/64/arch-syscall.h +@@ -12,6 +12,7 @@ + #define __NR_bind 49 + #define __NR_bpf 321 + #define __NR_brk 12 ++#define __NR_cachestat 451 + #define __NR_capget 125 + #define __NR_capset 126 + #define __NR_chdir 80 +diff --git a/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h b/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h +index 772559c87b..604bcdfa5b 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h ++++ b/sysdeps/unix/sysv/linux/x86_64/x32/arch-syscall.h +@@ -11,6 +11,7 @@ + #define __NR_bind 1073741873 + #define __NR_bpf 1073742145 + #define __NR_brk 1073741836 ++#define __NR_cachestat 1073742275 + #define __NR_capget 1073741949 + #define __NR_capset 1073741950 + #define __NR_chdir 1073741904 +-- +2.45.0 + diff --git a/packages/glibc/0093-resolv-Fix-tst-resolv-short-response-for-older-GCC-b.patch b/packages/glibc/0093-resolv-Fix-tst-resolv-short-response-for-older-GCC-b.patch new file mode 100644 index 000000000..9d06188fa --- /dev/null +++ b/packages/glibc/0093-resolv-Fix-tst-resolv-short-response-for-older-GCC-b.patch @@ -0,0 +1,35 @@ +From 9184c13681b5de1f9e078538f0e1ee9b8599e1c3 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Thu, 1 Aug 2024 10:46:10 +0200 +Subject: [PATCH] resolv: Fix tst-resolv-short-response for older GCC (bug + 32042) + +Previous GCC versions do not support the C23 change that +allows labels on declarations. + +Reviewed-by: Adhemerval Zanella +(cherry picked from commit ec119972cb2598c04ec7d4219e20506006836f64) +--- + resolv/tst-resolv-short-response.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/resolv/tst-resolv-short-response.c b/resolv/tst-resolv-short-response.c +index be354ae1c7..9b06b0c176 100644 +--- a/resolv/tst-resolv-short-response.c ++++ b/resolv/tst-resolv-short-response.c +@@ -33,8 +33,10 @@ response (const struct resolv_response_context *ctx, + { + case 0: + /* First server times out. */ +- struct resolv_response_flags flags = {.rcode = rcode}; +- resolv_response_init (b, flags); ++ { ++ struct resolv_response_flags flags = {.rcode = rcode}; ++ resolv_response_init (b, flags); ++ } + break; + case 1: + /* Second server sends reply. */ +-- +2.45.0 + diff --git a/packages/glibc/0094-Fix-name-space-violation-in-fortify-wrappers-bug-320.patch b/packages/glibc/0094-Fix-name-space-violation-in-fortify-wrappers-bug-320.patch new file mode 100644 index 000000000..49b6b7cad --- /dev/null +++ b/packages/glibc/0094-Fix-name-space-violation-in-fortify-wrappers-bug-320.patch @@ -0,0 +1,298 @@ +From 059f82c3b9bd929182195c163c6d7f3bbffabf51 Mon Sep 17 00:00:00 2001 +From: Andreas Schwab +Date: Mon, 5 Aug 2024 10:55:51 +0200 +Subject: [PATCH] Fix name space violation in fortify wrappers (bug 32052) + +Rename the identifier sz to __sz everywhere. + +Fixes: a643f60c53 ("Make sure that the fortified function conditionals are constant") +(cherry picked from commit 39ca997ab378990d5ac1aadbaa52aaf1db6d526f) +(redone from scratch because of many conflicts) +--- + NEWS | 2 +- + libio/bits/stdio2.h | 40 +++++++++++++++---------------- + socket/bits/socket2.h | 20 ++++++++-------- + stdlib/bits/stdlib.h | 10 ++++---- + wcsmbs/bits/wchar2.h | 56 +++++++++++++++++++++---------------------- + 5 files changed, 64 insertions(+), 64 deletions(-) + +diff --git a/NEWS b/NEWS +index 5172049eb2..7a9a4b7ea3 100644 +--- a/NEWS ++++ b/NEWS +@@ -56,7 +56,7 @@ The following bugs are resolved with this release: + [31890] resolv: Allow short error responses to match any DNS query + [31965] rseq extension mechanism does not work as intended + [31968] mremap implementation in C does not handle arguments correctly +- ++ [32052] Name space violation in fortify wrappers + + Version 2.38 + +diff --git a/libio/bits/stdio2.h b/libio/bits/stdio2.h +index 71226408ab..6cecd1b956 100644 +--- a/libio/bits/stdio2.h ++++ b/libio/bits/stdio2.h +@@ -194,36 +194,36 @@ gets (char *__str) + __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char * + fgets (char *__restrict __s, int __n, FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize (__s); +- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) ++ size_t __sz = __glibc_objsize (__s); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) + return __fgets_alias (__s, __n, __stream); +- if (__glibc_unsafe_len (__n, sizeof (char), sz)) +- return __fgets_chk_warn (__s, sz, __n, __stream); +- return __fgets_chk (__s, sz, __n, __stream); ++ if (__glibc_unsafe_len (__n, sizeof (char), __sz)) ++ return __fgets_chk_warn (__s, __sz, __n, __stream); ++ return __fgets_chk (__s, __sz, __n, __stream); + } + + __fortify_function __wur size_t + fread (void *__restrict __ptr, size_t __size, size_t __n, + FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize0 (__ptr); +- if (__glibc_safe_or_unknown_len (__n, __size, sz)) ++ size_t __sz = __glibc_objsize0 (__ptr); ++ if (__glibc_safe_or_unknown_len (__n, __size, __sz)) + return __fread_alias (__ptr, __size, __n, __stream); +- if (__glibc_unsafe_len (__n, __size, sz)) +- return __fread_chk_warn (__ptr, sz, __size, __n, __stream); +- return __fread_chk (__ptr, sz, __size, __n, __stream); ++ if (__glibc_unsafe_len (__n, __size, __sz)) ++ return __fread_chk_warn (__ptr, __sz, __size, __n, __stream); ++ return __fread_chk (__ptr, __sz, __size, __n, __stream); + } + + #ifdef __USE_GNU + __fortify_function __wur __fortified_attr_access (__write_only__, 1, 2) char * + fgets_unlocked (char *__restrict __s, int __n, FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize (__s); +- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) ++ size_t __sz = __glibc_objsize (__s); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) + return __fgets_unlocked_alias (__s, __n, __stream); +- if (__glibc_unsafe_len (__n, sizeof (char), sz)) +- return __fgets_unlocked_chk_warn (__s, sz, __n, __stream); +- return __fgets_unlocked_chk (__s, sz, __n, __stream); ++ if (__glibc_unsafe_len (__n, sizeof (char), __sz)) ++ return __fgets_unlocked_chk_warn (__s, __sz, __n, __stream); ++ return __fgets_unlocked_chk (__s, __sz, __n, __stream); + } + #endif + +@@ -233,8 +233,8 @@ __fortify_function __wur size_t + fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, + FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize0 (__ptr); +- if (__glibc_safe_or_unknown_len (__n, __size, sz)) ++ size_t __sz = __glibc_objsize0 (__ptr); ++ if (__glibc_safe_or_unknown_len (__n, __size, __sz)) + { + # ifdef __USE_EXTERN_INLINES + if (__builtin_constant_p (__size) +@@ -259,9 +259,9 @@ fread_unlocked (void *__restrict __ptr, size_t __size, size_t __n, + # endif + return __fread_unlocked_alias (__ptr, __size, __n, __stream); + } +- if (__glibc_unsafe_len (__n, __size, sz)) +- return __fread_unlocked_chk_warn (__ptr, sz, __size, __n, __stream); +- return __fread_unlocked_chk (__ptr, sz, __size, __n, __stream); ++ if (__glibc_unsafe_len (__n, __size, __sz)) ++ return __fread_unlocked_chk_warn (__ptr, __sz, __size, __n, __stream); ++ return __fread_unlocked_chk (__ptr, __sz, __size, __n, __stream); + + } + #endif +diff --git a/socket/bits/socket2.h b/socket/bits/socket2.h +index ffcc671625..5ed2498782 100644 +--- a/socket/bits/socket2.h ++++ b/socket/bits/socket2.h +@@ -33,12 +33,12 @@ extern ssize_t __REDIRECT (__recv_chk_warn, + __fortify_function ssize_t + recv (int __fd, void *__buf, size_t __n, int __flags) + { +- size_t sz = __glibc_objsize0 (__buf); +- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) ++ size_t __sz = __glibc_objsize0 (__buf); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) + return __recv_alias (__fd, __buf, __n, __flags); +- if (__glibc_unsafe_len (__n, sizeof (char), sz)) +- return __recv_chk_warn (__fd, __buf, __n, sz, __flags); +- return __recv_chk (__fd, __buf, __n, sz, __flags); ++ if (__glibc_unsafe_len (__n, sizeof (char), __sz)) ++ return __recv_chk_warn (__fd, __buf, __n, __sz, __flags); ++ return __recv_chk (__fd, __buf, __n, __sz, __flags); + } + + extern ssize_t __recvfrom_chk (int __fd, void *__restrict __buf, size_t __n, +@@ -61,11 +61,11 @@ __fortify_function ssize_t + recvfrom (int __fd, void *__restrict __buf, size_t __n, int __flags, + __SOCKADDR_ARG __addr, socklen_t *__restrict __addr_len) + { +- size_t sz = __glibc_objsize0 (__buf); +- if (__glibc_safe_or_unknown_len (__n, sizeof (char), sz)) ++ size_t __sz = __glibc_objsize0 (__buf); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (char), __sz)) + return __recvfrom_alias (__fd, __buf, __n, __flags, __addr, __addr_len); +- if (__glibc_unsafe_len (__n, sizeof (char), sz)) +- return __recvfrom_chk_warn (__fd, __buf, __n, sz, __flags, __addr, ++ if (__glibc_unsafe_len (__n, sizeof (char), __sz)) ++ return __recvfrom_chk_warn (__fd, __buf, __n, __sz, __flags, __addr, + __addr_len); +- return __recvfrom_chk (__fd, __buf, __n, sz, __flags, __addr, __addr_len); ++ return __recvfrom_chk (__fd, __buf, __n, __sz, __flags, __addr, __addr_len); + } +diff --git a/stdlib/bits/stdlib.h b/stdlib/bits/stdlib.h +index c6c0082ad5..ef33180f10 100644 +--- a/stdlib/bits/stdlib.h ++++ b/stdlib/bits/stdlib.h +@@ -36,16 +36,16 @@ extern char *__REDIRECT_NTH (__realpath_chk_warn, + __fortify_function __wur char * + __NTH (realpath (const char *__restrict __name, char *__restrict __resolved)) + { +- size_t sz = __glibc_objsize (__resolved); ++ size_t __sz = __glibc_objsize (__resolved); + +- if (sz == (size_t) -1) ++ if (__sz == (size_t) -1) + return __realpath_alias (__name, __resolved); + + #if defined _LIBC_LIMITS_H_ && defined PATH_MAX +- if (__glibc_unsafe_len (PATH_MAX, sizeof (char), sz)) +- return __realpath_chk_warn (__name, __resolved, sz); ++ if (__glibc_unsafe_len (PATH_MAX, sizeof (char), __sz)) ++ return __realpath_chk_warn (__name, __resolved, __sz); + #endif +- return __realpath_chk (__name, __resolved, sz); ++ return __realpath_chk (__name, __resolved, __sz); + } + + +diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h +index 6e6234d606..44c1643565 100644 +--- a/wcsmbs/bits/wchar2.h ++++ b/wcsmbs/bits/wchar2.h +@@ -59,18 +59,18 @@ __NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n)) + __fortify_function wchar_t * + __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) + { +- size_t sz = __glibc_objsize (__dest); +- if (sz != (size_t) -1) +- return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t)); ++ size_t __sz = __glibc_objsize (__dest); ++ if (__sz != (size_t) -1) ++ return __wcscpy_chk (__dest, __src, __sz / sizeof (wchar_t)); + return __wcscpy_alias (__dest, __src); + } + + __fortify_function wchar_t * + __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) + { +- size_t sz = __glibc_objsize (__dest); +- if (sz != (size_t) -1) +- return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t)); ++ size_t __sz = __glibc_objsize (__dest); ++ if (__sz != (size_t) -1) ++ return __wcpcpy_chk (__dest, __src, __sz / sizeof (wchar_t)); + return __wcpcpy_alias (__dest, __src); + } + +@@ -95,9 +95,9 @@ __NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, + __fortify_function wchar_t * + __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) + { +- size_t sz = __glibc_objsize (__dest); +- if (sz != (size_t) -1) +- return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t)); ++ size_t __sz = __glibc_objsize (__dest); ++ if (__sz != (size_t) -1) ++ return __wcscat_chk (__dest, __src, __sz / sizeof (wchar_t)); + return __wcscat_alias (__dest, __src); + } + +@@ -105,9 +105,9 @@ __fortify_function wchar_t * + __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, + size_t __n)) + { +- size_t sz = __glibc_objsize (__dest); +- if (sz != (size_t) -1) +- return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t)); ++ size_t __sz = __glibc_objsize (__dest); ++ if (__sz != (size_t) -1) ++ return __wcsncat_chk (__dest, __src, __n, __sz / sizeof (wchar_t)); + return __wcsncat_alias (__dest, __src, __n); + } + +@@ -144,10 +144,10 @@ __fortify_function int + __NTH (swprintf (wchar_t *__restrict __s, size_t __n, + const wchar_t *__restrict __fmt, ...)) + { +- size_t sz = __glibc_objsize (__s); +- if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) ++ size_t __sz = __glibc_objsize (__s); ++ if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, +- sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); ++ __sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); + return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); + } + #elif !defined __cplusplus +@@ -163,10 +163,10 @@ __fortify_function int + __NTH (vswprintf (wchar_t *__restrict __s, size_t __n, + const wchar_t *__restrict __fmt, __gnuc_va_list __ap)) + { +- size_t sz = __glibc_objsize (__s); +- if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) ++ size_t __sz = __glibc_objsize (__s); ++ if (__sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, +- sz / sizeof (wchar_t), __fmt, __ap); ++ __sz / sizeof (wchar_t), __fmt, __ap); + return __vswprintf_alias (__s, __n, __fmt, __ap); + } + +@@ -210,25 +210,25 @@ vfwprintf (__FILE *__restrict __stream, + __fortify_function __wur wchar_t * + fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize (__s); +- if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) ++ size_t __sz = __glibc_objsize (__s); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz)) + return __fgetws_alias (__s, __n, __stream); +- if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) +- return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); +- return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream); ++ if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz)) ++ return __fgetws_chk_warn (__s, __sz / sizeof (wchar_t), __n, __stream); ++ return __fgetws_chk (__s, __sz / sizeof (wchar_t), __n, __stream); + } + + #ifdef __USE_GNU + __fortify_function __wur wchar_t * + fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) + { +- size_t sz = __glibc_objsize (__s); +- if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) ++ size_t __sz = __glibc_objsize (__s); ++ if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), __sz)) + return __fgetws_unlocked_alias (__s, __n, __stream); +- if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) +- return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n, ++ if (__glibc_unsafe_len (__n, sizeof (wchar_t), __sz)) ++ return __fgetws_unlocked_chk_warn (__s, __sz / sizeof (wchar_t), __n, + __stream); +- return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream); ++ return __fgetws_unlocked_chk (__s, __sz / sizeof (wchar_t), __n, __stream); + } + #endif + +-- +2.45.0 + diff --git a/packages/glibc/0095-x86-Fix-bug-in-strchrnul-evex512-BZ-32078.patch b/packages/glibc/0095-x86-Fix-bug-in-strchrnul-evex512-BZ-32078.patch new file mode 100644 index 000000000..b7ca3ed5a --- /dev/null +++ b/packages/glibc/0095-x86-Fix-bug-in-strchrnul-evex512-BZ-32078.patch @@ -0,0 +1,162 @@ +From c005d1bd6f0e88ab4b822844d75d10c8978f5404 Mon Sep 17 00:00:00 2001 +From: Noah Goldstein +Date: Tue, 13 Aug 2024 23:29:14 +0800 +Subject: [PATCH] x86: Fix bug in strchrnul-evex512 [BZ #32078] + +Issue was we were expecting not matches with CHAR before the start of +the string in the page cross case. + +The check code in the page cross case: +``` + and $0xffffffffffffffc0,%rax + vmovdqa64 (%rax),%zmm17 + vpcmpneqb %zmm17,%zmm16,%k1 + vptestmb %zmm17,%zmm17,%k0{%k1} + kmovq %k0,%rax + inc %rax + shr %cl,%rax + je L(continue) +``` + +expects that all characters that neither match null nor CHAR will be +1s in `rax` prior to the `inc`. Then the `inc` will overflow all of +the 1s where no relevant match was found. + +This is incorrect in the page-cross case, as the +`vmovdqa64 (%rax),%zmm17` loads from before the start of the input +string. + +If there are matches with CHAR before the start of the string, `rax` +won't properly overflow. + +The fix is quite simple. Just replace: + +``` + inc %rax + shr %cl,%rax +``` +With: +``` + sar %cl,%rax + inc %rax +``` + +The arithmetic shift will clear any matches prior to the start of the +string while maintaining the signbit so the 1s can properly overflow +to zero in the case of no matches. +Reviewed-by: H.J. Lu + +(cherry picked from commit 7da08862471dfec6fdae731c2a5f351ad485c71f) +--- + string/test-strchr.c | 65 ++++++++++++++++++++- + sysdeps/x86_64/multiarch/strchr-evex-base.S | 8 +-- + 2 files changed, 68 insertions(+), 5 deletions(-) + +diff --git a/string/test-strchr.c b/string/test-strchr.c +index 933fc0bbba..2bfcf901fa 100644 +--- a/string/test-strchr.c ++++ b/string/test-strchr.c +@@ -248,6 +248,69 @@ check1 (void) + check_result (impl, s, c, exp_result); + } + ++static void ++check2 (void) ++{ ++ CHAR *s = (CHAR *) (buf1 + getpagesize () - 4 * sizeof (CHAR)); ++ CHAR *s_begin = (CHAR *) (buf1 + getpagesize () - 64); ++#ifndef USE_FOR_STRCHRNUL ++ CHAR *exp_result = NULL; ++#else ++ CHAR *exp_result = s + 1; ++#endif ++ CHAR val = 0x12; ++ for (; s_begin != s; ++s_begin) ++ *s_begin = val; ++ ++ s[0] = val + 1; ++ s[1] = 0; ++ s[2] = val + 1; ++ s[3] = val + 1; ++ ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++ s[3] = val; ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++ exp_result = s; ++ s[0] = val; ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++ ++ s[3] = val + 1; ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++ ++ s[0] = val + 1; ++ s[1] = val + 1; ++ s[2] = val + 1; ++ s[3] = val + 1; ++ s[4] = val; ++ exp_result = s + 4; ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++ s[4] = 0; ++#ifndef USE_FOR_STRCHRNUL ++ exp_result = NULL; ++#else ++ exp_result = s + 4; ++#endif ++ { ++ FOR_EACH_IMPL (impl, 0) ++ check_result (impl, s, val, exp_result); ++ } ++} ++ + int + test_main (void) + { +@@ -256,7 +319,7 @@ test_main (void) + test_init (); + + check1 (); +- ++ check2 (); + printf ("%20s", ""); + FOR_EACH_IMPL (impl, 0) + printf ("\t%s", impl->name); +diff --git a/sysdeps/x86_64/multiarch/strchr-evex-base.S b/sysdeps/x86_64/multiarch/strchr-evex-base.S +index 7209435caf..da6d0eafbb 100644 +--- a/sysdeps/x86_64/multiarch/strchr-evex-base.S ++++ b/sysdeps/x86_64/multiarch/strchr-evex-base.S +@@ -124,13 +124,13 @@ L(page_cross): + VPCMPNE %VMM(1), %VMM(0), %k1 + VPTEST %VMM(1), %VMM(1), %k0{%k1} + KMOV %k0, %VRAX +-# ifdef USE_AS_WCSCHR ++ sar %cl, %VRAX ++#ifdef USE_AS_WCSCHR + sub $VEC_MATCH_MASK, %VRAX +-# else ++#else + inc %VRAX +-# endif ++#endif + /* Ignore number of character for alignment adjustment. */ +- shr %cl, %VRAX + jz L(align_more) + + bsf %VRAX, %VRAX +-- +2.45.0 + diff --git a/packages/glibc/0096-support-Add-FAIL-test-failure-helper.patch b/packages/glibc/0096-support-Add-FAIL-test-failure-helper.patch new file mode 100644 index 000000000..0bcb77f48 --- /dev/null +++ b/packages/glibc/0096-support-Add-FAIL-test-failure-helper.patch @@ -0,0 +1,201 @@ +From 28f358bc4209ab0425170cdccf65bb1fe861148f Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Fri, 26 Jul 2024 13:21:34 +0100 +Subject: [PATCH] support: Add FAIL test failure helper + +Add a FAIL test failure helper analogous to FAIL_RET, that does not +cause the current function to return, providing a standardized way to +report a test failure with a message supplied while permitting the +caller to continue executing, for further reporting, cleaning up, etc. + +Update existing test cases that provide a conflicting definition of FAIL +by removing the local FAIL definition and then as follows: + +- tst-fortify-syslog: provide a meaningful message in addition to the + file name already added by ; 'support_record_failure' + is already called by 'support_print_failure_impl' invoked by the new + FAIL test failure helper. + +- tst-ctype: no update to FAIL calls required, with the name of the file + and the line number within of the failure site additionally included + by the new FAIL test failure helper, and error counting plus count + reporting upon test program termination also already provided by + 'support_record_failure' and 'support_report_failure' respectively, + called by 'support_print_failure_impl' and 'adjust_exit_status' also + respectively. However in a number of places 'printf' is called and + the error count adjusted by hand, so update these places to make use + of FAIL instead. And last but not least adjust the final summary just + to report completion, with any error count following as reported by + the test driver. + +- test-tgmath2: no update to FAIL calls required, with the name of the + file of the failure site additionally included by the new FAIL test + failure helper. Also there is no need to track the return status by + hand as any call to FAIL will eventually cause the test case to return + an unsuccesful exit status regardless of the return status from the + test function, via a call to 'adjust_exit_status' made by the test + driver. + +Reviewed-by: DJ Delorie +(cherry picked from commit 1b97a9f23bf605ca608162089c94187573fb2a9e) +--- + localedata/tst-ctype.c | 40 +++++++++------------------------------- + math/test-tgmath2.c | 13 +++---------- + support/check.h | 5 +++++ + 3 files changed, 17 insertions(+), 41 deletions(-) + +diff --git a/localedata/tst-ctype.c b/localedata/tst-ctype.c +index 098bf51335..355b666866 100644 +--- a/localedata/tst-ctype.c ++++ b/localedata/tst-ctype.c +@@ -21,6 +21,8 @@ + #include + #include + ++#include ++ + + static const char lower[] = "abcdefghijklmnopqrstuvwxyz"; + static const char upper[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; +@@ -53,19 +55,11 @@ static struct classes + #define nclasses (sizeof (classes) / sizeof (classes[0])) + + +-#define FAIL(str, args...) \ +- { \ +- printf (" " str "\n", ##args); \ +- ++errors; \ +- } +- +- + static int + do_test (void) + { + const char *cp; + const char *cp2; +- int errors = 0; + char *inpline = NULL; + size_t inplinelen = 0; + char *resline = NULL; +@@ -394,11 +388,8 @@ punct = %04x alnum = %04x\n", + { + if (((__ctype_b[(unsigned int) *inp] & classes[n].mask) != 0) + != (*resp != '0')) +- { +- printf (" is%s('%c' = '\\x%02x') %s true\n", inpline, +- *inp, *inp, *resp == '1' ? "not" : "is"); +- ++errors; +- } ++ FAIL (" is%s('%c' = '\\x%02x') %s true\n", inpline, ++ *inp, *inp, *resp == '1' ? "not" : "is"); + ++inp; + ++resp; + } +@@ -408,11 +399,8 @@ punct = %04x alnum = %04x\n", + while (*inp != '\0') + { + if (tolower (*inp) != *resp) +- { +- printf (" tolower('%c' = '\\x%02x') != '%c'\n", +- *inp, *inp, *resp); +- ++errors; +- } ++ FAIL (" tolower('%c' = '\\x%02x') != '%c'\n", ++ *inp, *inp, *resp); + ++inp; + ++resp; + } +@@ -422,11 +410,8 @@ punct = %04x alnum = %04x\n", + while (*inp != '\0') + { + if (toupper (*inp) != *resp) +- { +- printf (" toupper('%c' = '\\x%02x') != '%c'\n", +- *inp, *inp, *resp); +- ++errors; +- } ++ FAIL (" toupper('%c' = '\\x%02x') != '%c'\n", ++ *inp, *inp, *resp); + ++inp; + ++resp; + } +@@ -436,14 +421,7 @@ punct = %04x alnum = %04x\n", + } + + +- if (errors != 0) +- { +- printf (" %d error%s for `%s' locale\n\n\n", errors, +- errors == 1 ? "" : "s", setlocale (LC_ALL, NULL)); +- return 1; +- } +- +- printf (" No errors for `%s' locale\n\n\n", setlocale (LC_ALL, NULL)); ++ printf ("Completed testing for `%s' locale\n\n\n", setlocale (LC_ALL, NULL)); + return 0; + } + +diff --git a/math/test-tgmath2.c b/math/test-tgmath2.c +index 6dd0d64da5..deba439e0c 100644 +--- a/math/test-tgmath2.c ++++ b/math/test-tgmath2.c +@@ -24,6 +24,8 @@ + #include + #include + ++#include ++ + //#define DEBUG + + typedef complex float cfloat; +@@ -87,13 +89,6 @@ enum + int count; + int counts[Tlast][C_last]; + +-#define FAIL(str) \ +- do \ +- { \ +- printf ("%s failure on line %d\n", (str), __LINE__); \ +- result = 1; \ +- } \ +- while (0) + #define TEST_TYPE_ONLY(expr, rettype) \ + do \ + { \ +@@ -133,8 +128,6 @@ int counts[Tlast][C_last]; + int + test_cos (const int Vint4, const long long int Vllong4) + { +- int result = 0; +- + TEST (cos (vfloat1), float, cos); + TEST (cos (vdouble1), double, cos); + TEST (cos (vldouble1), ldouble, cos); +@@ -152,7 +145,7 @@ test_cos (const int Vint4, const long long int Vllong4) + TEST (cos (Vcdouble1), cdouble, cos); + TEST (cos (Vcldouble1), cldouble, cos); + +- return result; ++ return 0; + } + + int +diff --git a/support/check.h b/support/check.h +index e6ae39f1a1..0a9fff484f 100644 +--- a/support/check.h ++++ b/support/check.h +@@ -24,6 +24,11 @@ + + __BEGIN_DECLS + ++/* Record a test failure, print the failure message to standard output ++ and pass the result of 1 through. */ ++#define FAIL(...) \ ++ support_print_failure_impl (__FILE__, __LINE__, __VA_ARGS__) ++ + /* Record a test failure, print the failure message to standard output + and return 1. */ + #define FAIL_RET(...) \ +-- +2.45.0 + diff --git a/packages/glibc/0097-stdio-common-Add-test-for-vfscanf-with-matches-longe.patch b/packages/glibc/0097-stdio-common-Add-test-for-vfscanf-with-matches-longe.patch new file mode 100644 index 000000000..c7438faf5 --- /dev/null +++ b/packages/glibc/0097-stdio-common-Add-test-for-vfscanf-with-matches-longe.patch @@ -0,0 +1,176 @@ +From 99ffa84bdcdc3d81e82f448279f0c8278dd30964 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Fri, 26 Jul 2024 13:21:34 +0100 +Subject: [PATCH] stdio-common: Add test for vfscanf with matches longer than + INT_MAX [BZ #27650] + +Complement commit b03e4d7bd25b ("stdio: fix vfscanf with matches longer +than INT_MAX (bug 27650)") and add a test case for the issue, inspired +by the reproducer provided with the bug report. + +This has been verified to succeed as from the commit referred and fail +beforehand. + +As the test requires 2GiB of data to be passed around its performance +has been evaluated using a choice of systems and the execution time +determined to be respectively in the range of 9s for POWER9@2.166GHz, +24s for FU740@1.2GHz, and 40s for 74Kf@950MHz. As this is on the verge +of and beyond the default timeout it has been increased by the factor of +8. Regardless, following recent practice the test has been added to the +standard rather than extended set. + +Reviewed-by: DJ Delorie +(cherry picked from commit 89cddc8a7096f3d9225868304d2bc0a1aaf07d63) +--- + stdio-common/Makefile | 5 ++ + stdio-common/tst-scanf-bz27650.c | 108 +++++++++++++++++++++++++++++++ + 2 files changed, 113 insertions(+) + create mode 100644 stdio-common/tst-scanf-bz27650.c + +diff --git a/stdio-common/Makefile b/stdio-common/Makefile +index 3866362bae..2bcbaf754a 100644 +--- a/stdio-common/Makefile ++++ b/stdio-common/Makefile +@@ -243,6 +243,7 @@ tests := \ + tst-scanf-binary-c2x \ + tst-scanf-binary-gnu11 \ + tst-scanf-binary-gnu89 \ ++ tst-scanf-bz27650 \ + tst-scanf-round \ + tst-scanf-to_inpunct \ + tst-setvbuf1 \ +@@ -312,6 +313,7 @@ generated += \ + tst-printf-fp-free.mtrace \ + tst-printf-fp-leak-mem.out \ + tst-printf-fp-leak.mtrace \ ++ tst-scanf-bz27650.mtrace \ + tst-vfprintf-width-prec-mem.out \ + tst-vfprintf-width-prec.mtrace \ + # generated +@@ -398,6 +400,9 @@ tst-printf-fp-free-ENV = \ + tst-printf-fp-leak-ENV = \ + MALLOC_TRACE=$(objpfx)tst-printf-fp-leak.mtrace \ + LD_PRELOAD=$(common-objpfx)/malloc/libc_malloc_debug.so ++tst-scanf-bz27650-ENV = \ ++ MALLOC_TRACE=$(objpfx)tst-scanf-bz27650.mtrace \ ++ LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so + + $(objpfx)tst-unbputc.out: tst-unbputc.sh $(objpfx)tst-unbputc + $(SHELL) $< $(common-objpfx) '$(test-program-prefix)'; \ +diff --git a/stdio-common/tst-scanf-bz27650.c b/stdio-common/tst-scanf-bz27650.c +new file mode 100644 +index 0000000000..3a742bc865 +--- /dev/null ++++ b/stdio-common/tst-scanf-bz27650.c +@@ -0,0 +1,108 @@ ++/* Test for BZ #27650, formatted input matching beyond INT_MAX. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++ ++#include ++#include ++ ++/* Produce a stream of more than INT_MAX characters via buffer BUF of ++ size SIZE according to bookkeeping in COOKIE and then return EOF. */ ++ ++static ssize_t ++io_read (void *cookie, char *buf, size_t size) ++{ ++ unsigned int *written = cookie; ++ unsigned int w = *written; ++ ++ if (w > INT_MAX) ++ return 0; ++ ++ memset (buf, 'a', size); ++ *written = w + size; ++ return size; ++} ++ ++/* Consume a stream of more than INT_MAX characters from an artificial ++ input stream of which none is the new line character. The call to ++ fscanf is supposed to complete upon the EOF condition of input, ++ however in the presence of BZ #27650 it will terminate prematurely ++ with characters still outstanding in input. Diagnose the condition ++ and return status accordingly. */ ++ ++int ++do_test (void) ++{ ++ static cookie_io_functions_t io_funcs = { .read = io_read }; ++ unsigned int written = 0; ++ FILE *in; ++ int v; ++ ++ mtrace (); ++ ++ in = fopencookie (&written, "r", io_funcs); ++ if (in == NULL) ++ { ++ FAIL ("fopencookie: %m"); ++ goto out; ++ } ++ ++ v = fscanf (in, "%*[^\n]"); ++ if (ferror (in)) ++ { ++ FAIL ("fscanf: input failure, at %u: %m", written); ++ goto out_close; ++ } ++ else if (v == EOF) ++ { ++ FAIL ("fscanf: unexpected end of file, at %u", written); ++ goto out_close; ++ } ++ ++ if (!feof (in)) ++ { ++ v = fgetc (in); ++ if (ferror (in)) ++ FAIL ("fgetc: input failure: %m"); ++ else if (v == EOF) ++ FAIL ("fgetc: unexpected end of file after missing end of file"); ++ else if (v == '\n') ++ FAIL ("unexpected new line character received"); ++ else ++ FAIL ("character received after end of file expected: \\x%02x", v); ++ } ++ ++out_close: ++ if (fclose (in) != 0) ++ FAIL ("fclose: %m"); ++ ++out: ++ return EXIT_SUCCESS; ++} ++ ++#define TIMEOUT (DEFAULT_TIMEOUT * 8) ++#include +-- +2.45.0 + diff --git a/packages/glibc/0098-Make-tst-ungetc-use-libsupport.patch b/packages/glibc/0098-Make-tst-ungetc-use-libsupport.patch new file mode 100644 index 000000000..a95b42e24 --- /dev/null +++ b/packages/glibc/0098-Make-tst-ungetc-use-libsupport.patch @@ -0,0 +1,147 @@ +From 87a1968a72e4b4e5436f3e2be1ed8a8d5a5862c7 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Wed, 14 Aug 2024 19:20:04 -0400 +Subject: [PATCH] Make tst-ungetc use libsupport + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell +(cherry picked from commit 3f7df7e757f4efec38e45d4068e5492efcac4856) +--- + stdio-common/tst-ungetc.c | 112 +++++++++++++++++++------------------- + 1 file changed, 57 insertions(+), 55 deletions(-) + +diff --git a/stdio-common/tst-ungetc.c b/stdio-common/tst-ungetc.c +index 1344b2b591..5c808f0734 100644 +--- a/stdio-common/tst-ungetc.c ++++ b/stdio-common/tst-ungetc.c +@@ -1,70 +1,72 @@ +-/* Test for ungetc bugs. */ ++/* Test for ungetc bugs. ++ Copyright (C) 1996-2024 Free Software Foundation, Inc. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ + + #include + #include +-#include +- +-#undef assert +-#define assert(x) \ +- if (!(x)) \ +- { \ +- fputs ("test failed: " #x "\n", stderr); \ +- retval = 1; \ +- goto the_end; \ +- } ++#include ++#include ++#include ++#include ++#include + +-int +-main (int argc, char *argv[]) ++static int ++do_test (void) + { +- char name[] = "/tmp/tst-ungetc.XXXXXX"; ++ char *name = NULL; + FILE *fp = NULL; +- int retval = 0; + int c; + char buffer[64]; + +- int fd = mkstemp (name); ++ int fd = create_temp_file ("tst-ungetc.", &name); + if (fd == -1) +- { +- printf ("mkstemp failed: %m\n"); +- return 1; +- } +- close (fd); +- fp = fopen (name, "w"); +- assert (fp != NULL) +- fputs ("bla", fp); +- fclose (fp); +- fp = NULL; ++ FAIL_EXIT1 ("cannot create temporary file: %m"); ++ xclose (fd); + +- fp = fopen (name, "r"); +- assert (fp != NULL); +- assert (ungetc ('z', fp) == 'z'); +- assert (getc (fp) == 'z'); +- assert (getc (fp) == 'b'); +- assert (getc (fp) == 'l'); +- assert (ungetc ('m', fp) == 'm'); +- assert (getc (fp) == 'm'); +- assert ((c = getc (fp)) == 'a'); +- assert (getc (fp) == EOF); +- assert (ungetc (c, fp) == c); +- assert (feof (fp) == 0); +- assert (getc (fp) == c); +- assert (getc (fp) == EOF); +- fclose (fp); +- fp = NULL; ++ fp = xfopen (name, "w"); ++ fputs ("bla", fp); ++ xfclose (fp); + +- fp = fopen (name, "r"); +- assert (fp != NULL); +- assert (getc (fp) == 'b'); +- assert (getc (fp) == 'l'); +- assert (ungetc ('b', fp) == 'b'); +- assert (fread (buffer, 1, 64, fp) == 2); +- assert (buffer[0] == 'b'); +- assert (buffer[1] == 'a'); ++ fp = xfopen (name, "r"); ++ TEST_VERIFY_EXIT (ungetc ('z', fp) == 'z'); ++ TEST_VERIFY_EXIT (getc (fp) == 'z'); ++ TEST_VERIFY_EXIT (getc (fp) == 'b'); ++ TEST_VERIFY_EXIT (getc (fp) == 'l'); ++ TEST_VERIFY_EXIT (ungetc ('m', fp) == 'm'); ++ TEST_VERIFY_EXIT (getc (fp) == 'm'); ++ TEST_VERIFY_EXIT ((c = getc (fp)) == 'a'); ++ TEST_VERIFY_EXIT (getc (fp) == EOF); ++ TEST_VERIFY_EXIT (ungetc (c, fp) == c); ++ TEST_VERIFY_EXIT (feof (fp) == 0); ++ TEST_VERIFY_EXIT (getc (fp) == c); ++ TEST_VERIFY_EXIT (getc (fp) == EOF); ++ xfclose (fp); + +-the_end: +- if (fp != NULL) +- fclose (fp); +- unlink (name); ++ fp = xfopen (name, "r"); ++ TEST_VERIFY_EXIT (getc (fp) == 'b'); ++ TEST_VERIFY_EXIT (getc (fp) == 'l'); ++ TEST_VERIFY_EXIT (ungetc ('b', fp) == 'b'); ++ TEST_VERIFY_EXIT (fread (buffer, 1, 64, fp) == 2); ++ TEST_VERIFY_EXIT (buffer[0] == 'b'); ++ TEST_VERIFY_EXIT (buffer[1] == 'a'); ++ xfclose (fp); + +- return retval; ++ return 0; + } ++ ++#include +-- +2.45.0 + diff --git a/packages/glibc/0099-ungetc-Fix-uninitialized-read-when-putting-into-unus.patch b/packages/glibc/0099-ungetc-Fix-uninitialized-read-when-putting-into-unus.patch new file mode 100644 index 000000000..fa176773e --- /dev/null +++ b/packages/glibc/0099-ungetc-Fix-uninitialized-read-when-putting-into-unus.patch @@ -0,0 +1,78 @@ +From 804d3c8db79db204154dcf5e11a76f14fdddc570 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 13 Aug 2024 21:00:06 -0400 +Subject: [PATCH] ungetc: Fix uninitialized read when putting into unused + streams [BZ #27821] + +When ungetc is called on an unused stream, the backup buffer is +allocated without the main get area being present. This results in +every subsequent ungetc (as the stream remains in the backup area) +checking uninitialized memory in the backup buffer when trying to put a +character back into the stream. + +Avoid comparing the input character with buffer contents when in backup +to avoid this uninitialized read. The uninitialized read is harmless in +this context since the location is promptly overwritten with the input +character, thus fulfilling ungetc functionality. + +Also adjust wording in the manual to drop the paragraph that says glibc +cannot do multiple ungetc back to back since with this change, ungetc +can actually do this. + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell +(cherry picked from commit cdf0f88f97b0aaceb894cc02b21159d148d7065c) +--- + libio/genops.c | 2 +- + manual/stdio.texi | 8 +++----- + stdio-common/tst-ungetc.c | 2 ++ + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/libio/genops.c b/libio/genops.c +index fbd8dd9e75..c673c0acec 100644 +--- a/libio/genops.c ++++ b/libio/genops.c +@@ -635,7 +635,7 @@ _IO_sputbackc (FILE *fp, int c) + { + int result; + +- if (fp->_IO_read_ptr > fp->_IO_read_base ++ if (fp->_IO_read_ptr > fp->_IO_read_base && !_IO_in_backup (fp) + && (unsigned char)fp->_IO_read_ptr[-1] == (unsigned char)c) + { + fp->_IO_read_ptr--; +diff --git a/manual/stdio.texi b/manual/stdio.texi +index 9cf622403f..a54cd369db 100644 +--- a/manual/stdio.texi ++++ b/manual/stdio.texi +@@ -1474,11 +1474,9 @@ program; usually @code{ungetc} is used only to unread a character that + was just read from the same stream. @Theglibc{} supports this + even on files opened in binary mode, but other systems might not. + +-@Theglibc{} only supports one character of pushback---in other +-words, it does not work to call @code{ungetc} twice without doing input +-in between. Other systems might let you push back multiple characters; +-then reading from the stream retrieves the characters in the reverse +-order that they were pushed. ++@Theglibc{} supports pushing back multiple characters; subsequently ++reading from the stream retrieves the characters in the reverse order ++that they were pushed. + + Pushing back characters doesn't alter the file; only the internal + buffering for the stream is affected. If a file positioning function +diff --git a/stdio-common/tst-ungetc.c b/stdio-common/tst-ungetc.c +index 5c808f0734..388b202493 100644 +--- a/stdio-common/tst-ungetc.c ++++ b/stdio-common/tst-ungetc.c +@@ -48,6 +48,8 @@ do_test (void) + TEST_VERIFY_EXIT (getc (fp) == 'b'); + TEST_VERIFY_EXIT (getc (fp) == 'l'); + TEST_VERIFY_EXIT (ungetc ('m', fp) == 'm'); ++ TEST_VERIFY_EXIT (ungetc ('n', fp) == 'n'); ++ TEST_VERIFY_EXIT (getc (fp) == 'n'); + TEST_VERIFY_EXIT (getc (fp) == 'm'); + TEST_VERIFY_EXIT ((c = getc (fp)) == 'a'); + TEST_VERIFY_EXIT (getc (fp) == EOF); +-- +2.45.0 + diff --git a/packages/glibc/0100-ungetc-Fix-backup-buffer-leak-on-program-exit-BZ-278.patch b/packages/glibc/0100-ungetc-Fix-backup-buffer-leak-on-program-exit-BZ-278.patch new file mode 100644 index 000000000..87444a70b --- /dev/null +++ b/packages/glibc/0100-ungetc-Fix-backup-buffer-leak-on-program-exit-BZ-278.patch @@ -0,0 +1,144 @@ +From b9f72bd5de931eac39219018c2fa319a449bb2cf Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 13 Aug 2024 21:08:49 -0400 +Subject: [PATCH] ungetc: Fix backup buffer leak on program exit [BZ #27821] + +If a file descriptor is left unclosed and is cleaned up by _IO_cleanup +on exit, its backup buffer remains unfreed, registering as a leak in +valgrind. This is not strictly an issue since (1) the program should +ideally be closing the stream once it's not in use and (2) the program +is about to exit anyway, so keeping the backup buffer around a wee bit +longer isn't a real problem. Free it anyway to keep valgrind happy +when the streams in question are the standard ones, i.e. stdout, stdin +or stderr. + +Also, the _IO_have_backup macro checks for _IO_save_base, +which is a roundabout way to check for a backup buffer instead of +directly looking for _IO_backup_base. The roundabout check breaks when +the main get area has not been used and user pushes a char into the +backup buffer with ungetc. Fix this to use the _IO_backup_base +directly. + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell +(cherry picked from commit 3e1d8d1d1dca24ae90df2ea826a8916896fc7e77) +--- + libio/genops.c | 6 ++++++ + libio/libioP.h | 4 ++-- + stdio-common/Makefile | 7 +++++++ + stdio-common/tst-ungetc-leak.c | 32 ++++++++++++++++++++++++++++++++ + 4 files changed, 47 insertions(+), 2 deletions(-) + create mode 100644 stdio-common/tst-ungetc-leak.c + +diff --git a/libio/genops.c b/libio/genops.c +index c673c0acec..fb06245467 100644 +--- a/libio/genops.c ++++ b/libio/genops.c +@@ -789,6 +789,12 @@ _IO_unbuffer_all (void) + legacy = 1; + #endif + ++ /* Free up the backup area if it was ever allocated. */ ++ if (_IO_have_backup (fp)) ++ _IO_free_backup_area (fp); ++ if (fp->_mode > 0 && _IO_have_wbackup (fp)) ++ _IO_free_wbackup_area (fp); ++ + if (! (fp->_flags & _IO_UNBUFFERED) + /* Iff stream is un-orientated, it wasn't used. */ + && (legacy || fp->_mode != 0)) +diff --git a/libio/libioP.h b/libio/libioP.h +index 745278e076..e75ee770bc 100644 +--- a/libio/libioP.h ++++ b/libio/libioP.h +@@ -577,8 +577,8 @@ extern void _IO_old_init (FILE *fp, int flags) __THROW; + ((__fp)->_wide_data->_IO_write_base \ + = (__fp)->_wide_data->_IO_write_ptr = __p, \ + (__fp)->_wide_data->_IO_write_end = (__ep)) +-#define _IO_have_backup(fp) ((fp)->_IO_save_base != NULL) +-#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_save_base != NULL) ++#define _IO_have_backup(fp) ((fp)->_IO_backup_base != NULL) ++#define _IO_have_wbackup(fp) ((fp)->_wide_data->_IO_backup_base != NULL) + #define _IO_in_backup(fp) ((fp)->_flags & _IO_IN_BACKUP) + #define _IO_have_markers(fp) ((fp)->_markers != NULL) + #define _IO_blen(fp) ((fp)->_IO_buf_end - (fp)->_IO_buf_base) +diff --git a/stdio-common/Makefile b/stdio-common/Makefile +index 2bcbaf754a..381040570b 100644 +--- a/stdio-common/Makefile ++++ b/stdio-common/Makefile +@@ -256,6 +256,7 @@ tests := \ + tst-swscanf \ + tst-tmpnam \ + tst-ungetc \ ++ tst-ungetc-leak \ + tst-unlockedio \ + tst-vfprintf-mbs-prec \ + tst-vfprintf-user-type \ +@@ -300,6 +301,7 @@ tests-special += \ + $(objpfx)tst-printfsz-islongdouble.out \ + $(objpfx)tst-setvbuf1-cmp.out \ + $(objpfx)tst-unbputc.out \ ++ $(objpfx)tst-ungetc-leak-mem.out \ + $(objpfx)tst-vfprintf-width-prec-mem.out \ + # tests-special + +@@ -314,6 +316,8 @@ generated += \ + tst-printf-fp-leak-mem.out \ + tst-printf-fp-leak.mtrace \ + tst-scanf-bz27650.mtrace \ ++ tst-ungetc-leak-mem.out \ ++ tst-ungetc-leak.mtrace \ + tst-vfprintf-width-prec-mem.out \ + tst-vfprintf-width-prec.mtrace \ + # generated +@@ -403,6 +407,9 @@ tst-printf-fp-leak-ENV = \ + tst-scanf-bz27650-ENV = \ + MALLOC_TRACE=$(objpfx)tst-scanf-bz27650.mtrace \ + LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so ++tst-ungetc-leak-ENV = \ ++ MALLOC_TRACE=$(objpfx)tst-ungetc-leak.mtrace \ ++ LD_PRELOAD=$(common-objpfx)malloc/libc_malloc_debug.so + + $(objpfx)tst-unbputc.out: tst-unbputc.sh $(objpfx)tst-unbputc + $(SHELL) $< $(common-objpfx) '$(test-program-prefix)'; \ +diff --git a/stdio-common/tst-ungetc-leak.c b/stdio-common/tst-ungetc-leak.c +new file mode 100644 +index 0000000000..6c5152b43f +--- /dev/null ++++ b/stdio-common/tst-ungetc-leak.c +@@ -0,0 +1,32 @@ ++/* Test for memory leak with ungetc when stream is unused. ++ Copyright The GNU Toolchain Authors. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ mtrace (); ++ TEST_COMPARE (ungetc('y', stdin), 'y'); ++ return 0; ++} ++ ++#include +-- +2.45.0 + diff --git a/packages/glibc/0101-posix-Use-support-check.h-facilities-in-tst-truncate.patch b/packages/glibc/0101-posix-Use-support-check.h-facilities-in-tst-truncate.patch new file mode 100644 index 000000000..fb4ea12f0 --- /dev/null +++ b/packages/glibc/0101-posix-Use-support-check.h-facilities-in-tst-truncate.patch @@ -0,0 +1,89 @@ +From 15ca66303f7a7ce463bb41a83d88474996e46efd Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Fri, 26 Jul 2024 13:21:34 +0100 +Subject: [PATCH] posix: Use facilities in tst-truncate and + tst-truncate64 + +Remove local FAIL macro in favor to FAIL_RET from , +which provides equivalent reporting, with the name of the file of the +failure site additionally included, for the tst-truncate-common core +shared between the tst-truncate and tst-truncate64 tests. + +Reviewed-by: DJ Delorie +(cherry picked from commit fe47595504a55e7bb992f8928533df154b510383) +--- + posix/tst-truncate-common.c | 25 ++++++++++++------------- + 1 file changed, 12 insertions(+), 13 deletions(-) + +diff --git a/posix/tst-truncate-common.c b/posix/tst-truncate-common.c +index 9a8163fdfe..fd32eb73c5 100644 +--- a/posix/tst-truncate-common.c ++++ b/posix/tst-truncate-common.c +@@ -21,6 +21,8 @@ + #include + #include + ++#include ++ + static void do_prepare (void); + #define PREPARE(argc, argv) do_prepare () + static int do_test (void); +@@ -42,9 +44,6 @@ do_prepare (void) + } + } + +-#define FAIL(str) \ +- do { printf ("error: %s (line %d)\n", str, __LINE__); return 1; } while (0) +- + static int + do_test_with_offset (off_t offset) + { +@@ -54,35 +53,35 @@ do_test_with_offset (off_t offset) + memset (buf, 0xcf, sizeof (buf)); + + if (pwrite (temp_fd, buf, sizeof (buf), offset) != sizeof (buf)) +- FAIL ("write failed"); ++ FAIL_RET ("write failed"); + if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + sizeof (buf))) +- FAIL ("initial size wrong"); ++ FAIL_RET ("initial size wrong"); + + if (ftruncate (temp_fd, offset + 800) < 0) +- FAIL ("size reduction with ftruncate failed"); ++ FAIL_RET ("size reduction with ftruncate failed"); + if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 800)) +- FAIL ("size after reduction with ftruncate is incorrect"); ++ FAIL_RET ("size after reduction with ftruncate is incorrect"); + + /* The following test covers more than POSIX. POSIX does not require + that ftruncate() can increase the file size. But we are testing + Unix systems. */ + if (ftruncate (temp_fd, offset + 1200) < 0) +- FAIL ("size increate with ftruncate failed"); ++ FAIL_RET ("size increate with ftruncate failed"); + if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 1200)) +- FAIL ("size after increase is incorrect"); ++ FAIL_RET ("size after increase is incorrect"); + + if (truncate (temp_filename, offset + 800) < 0) +- FAIL ("size reduction with truncate failed"); ++ FAIL_RET ("size reduction with truncate failed"); + if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 800)) +- FAIL ("size after reduction with truncate incorrect"); ++ FAIL_RET ("size after reduction with truncate incorrect"); + + /* The following test covers more than POSIX. POSIX does not require + that truncate() can increase the file size. But we are testing + Unix systems. */ + if (truncate (temp_filename, (offset + 1200)) < 0) +- FAIL ("size increase with truncate failed"); ++ FAIL_RET ("size increase with truncate failed"); + if (fstat (temp_fd, &st) < 0 || st.st_size != (offset + 1200)) +- FAIL ("size increase with truncate is incorrect"); ++ FAIL_RET ("size increase with truncate is incorrect"); + + return 0; + } +-- +2.45.0 + diff --git a/packages/glibc/0102-nptl-Use-support-check.h-facilities-in-tst-setuid3.patch b/packages/glibc/0102-nptl-Use-support-check.h-facilities-in-tst-setuid3.patch new file mode 100644 index 000000000..42aef9491 --- /dev/null +++ b/packages/glibc/0102-nptl-Use-support-check.h-facilities-in-tst-setuid3.patch @@ -0,0 +1,134 @@ +From f30501ca7557a194a53af22ff5b47b3189c48216 Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Fri, 26 Jul 2024 13:21:34 +0100 +Subject: [PATCH] nptl: Use facilities in tst-setuid3 + +Remove local FAIL macro in favor to FAIL_EXIT1 from , +which provides equivalent reporting, with the name of the file and the +line number within of the failure site additionally included. Remove +FAIL_ERR altogether and include ": %m" explicitly with the format string +supplied to FAIL_EXIT1 as there seems little value to have a separate +macro just for this. + +Reviewed-by: DJ Delorie +(cherry picked from commit 8c98195af6e6f1ce21743fc26c723e0f7e45bcf2) +--- + sysdeps/pthread/tst-setuid3.c | 37 +++++++++++++++-------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +diff --git a/sysdeps/pthread/tst-setuid3.c b/sysdeps/pthread/tst-setuid3.c +index 58b78d3116..d13848a647 100644 +--- a/sysdeps/pthread/tst-setuid3.c ++++ b/sysdeps/pthread/tst-setuid3.c +@@ -15,24 +15,19 @@ + License along with the GNU C Library; if not, see + . */ + +-#include + #include + #include + #include + #include + ++#include ++ + /* The test must run under a non-privileged user ID. */ + static const uid_t test_uid = 1; + + static pthread_barrier_t barrier1; + static pthread_barrier_t barrier2; + +-#define FAIL(fmt, ...) \ +- do { printf ("FAIL: " fmt "\n", __VA_ARGS__); _exit (1); } while (0) +- +-#define FAIL_ERR(fmt, ...) \ +- do { printf ("FAIL: " fmt ": %m\n", __VA_ARGS__); _exit (1); } while (0) +- + /* True if x is not a successful return code from pthread_barrier_wait. */ + static inline bool + is_invalid_barrier_ret (int x) +@@ -45,10 +40,10 @@ thread_func (void *ctx __attribute__ ((unused))) + { + int ret = pthread_barrier_wait (&barrier1); + if (is_invalid_barrier_ret (ret)) +- FAIL ("pthread_barrier_wait (barrier1) (on thread): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_wait (barrier1) (on thread): %d", ret); + ret = pthread_barrier_wait (&barrier2); + if (is_invalid_barrier_ret (ret)) +- FAIL ("pthread_barrier_wait (barrier2) (on thread): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_wait (barrier2) (on thread): %d", ret); + return NULL; + } + +@@ -59,13 +54,13 @@ setuid_failure (int phase) + switch (ret) + { + case 0: +- FAIL ("setuid succeeded unexpectedly in phase %d", phase); ++ FAIL_EXIT1 ("setuid succeeded unexpectedly in phase %d", phase); + case -1: + if (errno != EPERM) +- FAIL_ERR ("setuid phase %d", phase); ++ FAIL_EXIT1 ("setuid phase %d: %m", phase); + break; + default: +- FAIL ("invalid setuid return value in phase %d: %d", phase, ret); ++ FAIL_EXIT1 ("invalid setuid return value in phase %d: %d", phase, ret); + } + } + +@@ -74,42 +69,42 @@ do_test (void) + { + if (getuid () == 0) + if (setuid (test_uid) != 0) +- FAIL_ERR ("setuid (%u)", (unsigned) test_uid); ++ FAIL_EXIT1 ("setuid (%u): %m", (unsigned) test_uid); + if (setuid (getuid ())) +- FAIL_ERR ("setuid (%s)", "getuid ()"); ++ FAIL_EXIT1 ("setuid (%s): %m", "getuid ()"); + setuid_failure (1); + + int ret = pthread_barrier_init (&barrier1, NULL, 2); + if (ret != 0) +- FAIL ("pthread_barrier_init (barrier1): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_init (barrier1): %d", ret); + ret = pthread_barrier_init (&barrier2, NULL, 2); + if (ret != 0) +- FAIL ("pthread_barrier_init (barrier2): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_init (barrier2): %d", ret); + + pthread_t thread; + ret = pthread_create (&thread, NULL, thread_func, NULL); + if (ret != 0) +- FAIL ("pthread_create: %d", ret); ++ FAIL_EXIT1 ("pthread_create: %d", ret); + + /* Ensure that the thread is running properly. */ + ret = pthread_barrier_wait (&barrier1); + if (is_invalid_barrier_ret (ret)) +- FAIL ("pthread_barrier_wait (barrier1): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_wait (barrier1): %d", ret); + + setuid_failure (2); + + /* Check success case. */ + if (setuid (getuid ()) != 0) +- FAIL_ERR ("setuid (%s)", "getuid ()"); ++ FAIL_EXIT1 ("setuid (%s): %m", "getuid ()"); + + /* Shutdown. */ + ret = pthread_barrier_wait (&barrier2); + if (is_invalid_barrier_ret (ret)) +- FAIL ("pthread_barrier_wait (barrier2): %d", ret); ++ FAIL_EXIT1 ("pthread_barrier_wait (barrier2): %d", ret); + + ret = pthread_join (thread, NULL); + if (ret != 0) +- FAIL ("pthread_join: %d", ret); ++ FAIL_EXIT1 ("pthread_join: %d", ret); + + return 0; + } +-- +2.45.0 + diff --git a/packages/glibc/0103-libio-Attempt-wide-backup-free-only-for-non-legacy-c.patch b/packages/glibc/0103-libio-Attempt-wide-backup-free-only-for-non-legacy-c.patch new file mode 100644 index 000000000..3d11d73df --- /dev/null +++ b/packages/glibc/0103-libio-Attempt-wide-backup-free-only-for-non-legacy-c.patch @@ -0,0 +1,54 @@ +From 370be858928c2c537c112859ccd54cd1b0d56715 Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 3 Sep 2024 14:58:33 -0400 +Subject: [PATCH] libio: Attempt wide backup free only for non-legacy code + +_wide_data and _mode are not available in legacy code, so do not attempt +to free the wide backup buffer in legacy code. + +Resolves: BZ #32137 and BZ #27821 + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Florian Weimer +(cherry picked from commit ae4d44b1d501421ad9a3af95279b8f4d1546f1ce) +--- + NEWS | 2 ++ + libio/genops.c | 2 +- + 2 files changed, 3 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index 7a9a4b7ea3..a2adce11ff 100644 +--- a/NEWS ++++ b/NEWS +@@ -36,6 +36,7 @@ Security related changes: + + The following bugs are resolved with this release: + ++ [27821] ungetc: Fix backup buffer leak on program exit + [29039] Corrupt DTV after reuse of a TLS module ID following dlclose with unused TLS + [30081] resolv: Do not wait for non-existing second DNS response after error + [30694] The iconv program no longer tells the user which given encoding name was wrong +@@ -57,6 +58,7 @@ The following bugs are resolved with this release: + [31965] rseq extension mechanism does not work as intended + [31968] mremap implementation in C does not handle arguments correctly + [32052] Name space violation in fortify wrappers ++ [32137] libio: Attempt wide backup free only for non-legacy code + + Version 2.38 + +diff --git a/libio/genops.c b/libio/genops.c +index fb06245467..7b30aab095 100644 +--- a/libio/genops.c ++++ b/libio/genops.c +@@ -792,7 +792,7 @@ _IO_unbuffer_all (void) + /* Free up the backup area if it was ever allocated. */ + if (_IO_have_backup (fp)) + _IO_free_backup_area (fp); +- if (fp->_mode > 0 && _IO_have_wbackup (fp)) ++ if (!legacy && fp->_mode > 0 && _IO_have_wbackup (fp)) + _IO_free_wbackup_area (fp); + + if (! (fp->_flags & _IO_UNBUFFERED) +-- +2.45.0 + diff --git a/packages/glibc/0104-Add-crt1-2.0.o-for-glibc-2.0-compatibility-tests.patch b/packages/glibc/0104-Add-crt1-2.0.o-for-glibc-2.0-compatibility-tests.patch new file mode 100644 index 000000000..3f24aa142 --- /dev/null +++ b/packages/glibc/0104-Add-crt1-2.0.o-for-glibc-2.0-compatibility-tests.patch @@ -0,0 +1,231 @@ +From 4dd8641461463b667b5503ab0ea4abcf261378a9 Mon Sep 17 00:00:00 2001 +From: "H.J. Lu" +Date: Tue, 30 Apr 2024 09:57:12 -0700 +Subject: [PATCH] Add crt1-2.0.o for glibc 2.0 compatibility tests + +Starting from glibc 2.1, crt1.o contains _IO_stdin_used which is checked +by _IO_check_libio to provide binary compatibility for glibc 2.0. Add +crt1-2.0.o for tests against glibc 2.0. Define tests-2.0 for glibc 2.0 +compatibility tests. Add and update glibc 2.0 compatibility tests for +stderr, matherr and pthread_kill. +Reviewed-by: Carlos O'Donell + +(cherry picked from commit 5f245f3bfbe61b2182964dafb94907e38284b806) +--- + Makeconfig | 21 ++++++++++++++++ + Rules | 13 +++++++++- + csu/Makefile | 5 +++- + libio/Makefile | 6 +++++ + libio/tst-stderr-compat.c | 52 +++++++++++++++++++++++++++++++++++++++ + math/Makefile | 3 +++ + sysdeps/pthread/Makefile | 4 +++ + 7 files changed, 102 insertions(+), 2 deletions(-) + create mode 100644 libio/tst-stderr-compat.c + +diff --git a/Makeconfig b/Makeconfig +index 3f8acff459..3a2c864b04 100644 +--- a/Makeconfig ++++ b/Makeconfig +@@ -360,6 +360,8 @@ whole-archive = -Wl,--whole-archive + # Installed name of the startup code. + # The ELF convention is that the startfile is called crt1.o + start-installed-name = crt1.o ++# Similar to crt1.o, but without _IO_stdin_used. ++start-name-2.0 = crt1-2.0.o + # On systems that do not need a special startfile for statically linked + # binaries, simply set it to the normal name. + ifndef static-start-installed-name +@@ -537,6 +539,25 @@ else # build-static + endif # build-shared + endif # +link + ++# Command for linking test programs with crt1.o from glibc 2.0. +++link-2.0-before-inputs = -nostdlib -nostartfiles $(no-pie-ldflag) \ ++ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ ++ $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ ++ $(firstword $(CRT-$(@F)) $(csu-objpfx)$(start-name-2.0)) \ ++ $(+preinit) $(+prector) +++link-2.0-before-libc = -o $@ $(+link-2.0-before-inputs) \ ++ $(filter-out $(addprefix $(csu-objpfx),start.o \ ++ $(start-name-2.0))\ ++ $(+preinit) $(link-extra-libs) \ ++ $(common-objpfx)libc% $(+postinit),$^) \ ++ $(link-extra-libs) +++link-after-libc = $(+postctor) $(+postinit) ++define +link-2.0-tests ++$(CC) $(+link-2.0-before-libc) $(rtld-tests-LDFLAGS) $(link-libc-tests) \ ++ $(+link-after-libc) ++$(call after-link,$@) ++endef ++ + # The pretty printer test programs need to be compiled without optimizations + # so they won't confuse gdb. We could use either the 'GCC optimize' pragma + # or the 'optimize' function attribute to achieve this; however, at least on +diff --git a/Rules b/Rules +index 279ae490ac..e8096cb285 100644 +--- a/Rules ++++ b/Rules +@@ -188,6 +188,7 @@ binaries-all = $(binaries-all-notests) $(binaries-all-tests) + binaries-static-notests = $(others-static) + binaries-static-tests = $(tests-static) $(xtests-static) + binaries-static = $(binaries-static-notests) $(binaries-static-tests) ++binaries-shared-2.0-tests = $(tests-2.0) + ifeq (yesyes,$(have-fpie)$(build-shared)) + binaries-pie-tests = $(tests-pie) $(xtests-pie) + binaries-pie-notests = $(others-pie) +@@ -215,7 +216,8 @@ binaries-malloc-hugetlb2-tests = + endif + + binaries-pie = $(binaries-pie-tests) $(binaries-pie-notests) +-binaries-shared-tests = $(filter-out $(binaries-pie) $(binaries-static), \ ++binaries-shared-tests = $(filter-out $(binaries-pie) $(binaries-static) \ ++ $(binaries-shared-2.0-tests), \ + $(binaries-all-tests)) + binaries-shared-notests = $(filter-out $(binaries-pie) $(binaries-static), \ + $(binaries-all-notests)) +@@ -235,6 +237,15 @@ $(addprefix $(objpfx),$(binaries-shared-tests)): %: %.o \ + $(+link-tests) + endif + ++# Linking test programs with crt1.o from glibc 2.0. ++ifneq "$(strip $(binaries-shared-2.0-tests))" "" ++$(addprefix $(objpfx),$(binaries-shared-2.0-tests)): %: %.o \ ++ $(link-extra-libs-tests) \ ++ $(sort $(filter $(common-objpfx)lib%,$(link-libc))) \ ++ $(addprefix $(csu-objpfx),start.o) $(+preinit) $(+postinit) ++ $(+link-2.0-tests) ++endif ++ + ifneq "$(strip $(binaries-mcheck-tests))" "" + $(addprefix $(objpfx),$(binaries-mcheck-tests)): %-mcheck: %.o \ + $(link-extra-libs-tests) \ +diff --git a/csu/Makefile b/csu/Makefile +index fcd277e6d3..c2b1c4013f 100644 +--- a/csu/Makefile ++++ b/csu/Makefile +@@ -33,7 +33,7 @@ elide-routines.os = libc-tls + csu-dummies = $(filter-out $(start-installed-name),crt1.o Mcrt1.o) + extra-objs = start.o \ + $(start-installed-name) g$(start-installed-name) $(csu-dummies) \ +- S$(start-installed-name) ++ S$(start-installed-name) $(start-name-2.0) + omit-deps = $(patsubst %.o,%,$(start-installed-name) g$(start-installed-name) \ + b$(start-installed-name) $(csu-dummies) \ + S$(start-installed-name) \ +@@ -138,6 +138,9 @@ ifndef start-installed-name-rule + $(objpfx)$(start-installed-name): $(objpfx)start.o $(objpfx)abi-note.o \ + $(objpfx)init.o $(objpfx)static-reloc.o + $(link-relocatable) ++$(objpfx)$(start-name-2.0): $(objpfx)start.o $(objpfx)abi-note.o \ ++ $(objpfx)static-reloc.o ++ $(link-relocatable) + $(objpfx)r$(start-installed-name): $(objpfx)start.o $(objpfx)abi-note.o \ + $(objpfx)init.o + $(link-relocatable) +diff --git a/libio/Makefile b/libio/Makefile +index 287ec11338..8f9f302807 100644 +--- a/libio/Makefile ++++ b/libio/Makefile +@@ -212,6 +212,12 @@ aux := fileops genops stdfiles stdio strops + ifeq ($(build-shared),yes) + generated += tst-bz24228.mtrace tst-bz24228.check + aux += oldfileops oldstdfiles ++tests += \ ++ tst-stderr-compat \ ++# tests ++tests-2.0 += \ ++ tst-stderr-compat \ ++# tests-2.0 + endif + + shared-only-routines = oldiofopen oldiofdopen oldiofclose oldfileops \ +diff --git a/libio/tst-stderr-compat.c b/libio/tst-stderr-compat.c +new file mode 100644 +index 0000000000..8221415cd4 +--- /dev/null ++++ b/libio/tst-stderr-compat.c +@@ -0,0 +1,52 @@ ++/* Test that fclose works on stderr from glibc 2.0. ++ Copyright (C) 2024 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#if TEST_COMPAT (libc, GLIBC_2_0, GLIBC_2_1) ++# define _LIBC ++# define _IO_USE_OLD_IO_FILE ++# include ++# include ++ ++extern FILE _IO_stderr_; ++compat_symbol_reference (libc, _IO_stderr_, _IO_stderr_, GLIBC_2_0); ++compat_symbol_reference (libc, fclose, fclose, GLIBC_2_0); ++ ++__attribute__ ((weak, noclone, noinline)) ++void ++do_fclose (FILE *fp) ++{ ++ TEST_VERIFY_EXIT (fclose (fp) == 0); ++} ++ ++static int ++do_test (void) ++{ ++ do_fclose (&_IO_stderr_); ++ return 0; ++} ++#else ++static int ++do_test (void) ++{ ++ return 0; ++} ++#endif ++ ++#include +diff --git a/math/Makefile b/math/Makefile +index a9daae09de..9730093630 100644 +--- a/math/Makefile ++++ b/math/Makefile +@@ -261,6 +261,9 @@ tests-static = test-fpucw-static test-fpucw-ieee-static \ + # The tested symbols matherr, _LIB_VERSION have been removed in glibc 2.27. + ifeq ($(have-GLIBC_2.26)$(build-shared),yesyes) + tests += test-matherr test-matherr-2 ++tests-2.0 += \ ++ test-matherr-2 \ ++ # tests-2.0 + endif + + # These tests use internal (unexported) GMP functions and are linked +diff --git a/sysdeps/pthread/Makefile b/sysdeps/pthread/Makefile +index 31028406d5..67706433f0 100644 +--- a/sysdeps/pthread/Makefile ++++ b/sysdeps/pthread/Makefile +@@ -282,6 +282,10 @@ tests += \ + tst-vfork2x \ + # tests + ++tests-2.0 += \ ++ tst-pthread_kill-exited ++ # tests-2.0 ++ + tests-time64 += \ + tst-abstime-time64 \ + tst-cnd-timedwait-time64 \ +-- +2.45.0 + diff --git a/packages/glibc/0105-elf-Change-ldconfig-auxcache-magic-number-bug-32231.patch b/packages/glibc/0105-elf-Change-ldconfig-auxcache-magic-number-bug-32231.patch new file mode 100644 index 000000000..829011a09 --- /dev/null +++ b/packages/glibc/0105-elf-Change-ldconfig-auxcache-magic-number-bug-32231.patch @@ -0,0 +1,49 @@ +From fa4ad104063204add2144df8151aa1135fffdd2d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 28 Oct 2024 14:45:30 +0100 +Subject: [PATCH] elf: Change ldconfig auxcache magic number (bug 32231) + +In commit c628c2296392ed3bf2cb8d8470668e64fe53389f (elf: Remove +ldconfig kernel version check), the layout of auxcache entries +changed because the osversion field was removed from +struct aux_cache_file_entry. However, AUX_CACHEMAGIC was not +changed, so existing files are still used, potentially leading +to unintended ldconfig behavior. This commit changes AUX_CACHEMAGIC, +so that the file is regenerated. + +Reported-by: DJ Delorie +Reviewed-by: Adhemerval Zanella +(cherry picked from commit 0a536f6e2f76e3ef581b3fd9af1e5cf4ddc7a5a2) +--- + NEWS | 1 + + elf/cache.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/NEWS b/NEWS +index a2adce11ff..8feb39f1ba 100644 +--- a/NEWS ++++ b/NEWS +@@ -59,6 +59,7 @@ The following bugs are resolved with this release: + [31968] mremap implementation in C does not handle arguments correctly + [32052] Name space violation in fortify wrappers + [32137] libio: Attempt wide backup free only for non-legacy code ++ [32231] elf: Change ldconfig auxcache magic number + + Version 2.38 + +diff --git a/elf/cache.c b/elf/cache.c +index 8149f889ba..5de69ec4ca 100644 +--- a/elf/cache.c ++++ b/elf/cache.c +@@ -823,7 +823,7 @@ struct aux_cache_entry + struct aux_cache_entry *next; + }; + +-#define AUX_CACHEMAGIC "glibc-ld.so.auxcache-1.0" ++#define AUX_CACHEMAGIC "glibc-ld.so.auxcache-2.0" + + struct aux_cache_file_entry + { +-- +2.45.0 + diff --git a/packages/glibc/0106-nptl-initialize-rseq-area-prior-to-registration.patch b/packages/glibc/0106-nptl-initialize-rseq-area-prior-to-registration.patch new file mode 100644 index 000000000..08438f449 --- /dev/null +++ b/packages/glibc/0106-nptl-initialize-rseq-area-prior-to-registration.patch @@ -0,0 +1,61 @@ +From 9423cc5387d93de63be09740bfd86abd01dca7d1 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Thu, 7 Nov 2024 22:23:49 +0100 +Subject: [PATCH] nptl: initialize rseq area prior to registration + +Per the rseq syscall documentation, 3 fields are required to be +initialized by userspace prior to registration, they are 'cpu_id', +'rseq_cs' and 'flags'. Since we have no guarantee that 'struct pthread' +is cleared on all architectures, explicitly set those 3 fields prior to +registration. + +Signed-off-by: Michael Jeanson +Reviewed-by: Florian Weimer +(cherry picked from commit 97f60abd25628425971f07e9b0e7f8eec0741235) +--- + nptl/descr.h | 2 ++ + sysdeps/unix/sysv/linux/rseq-internal.h | 10 ++++++++++ + 2 files changed, 12 insertions(+) + +diff --git a/nptl/descr.h b/nptl/descr.h +index 0171576c23..4ec2df7a26 100644 +--- a/nptl/descr.h ++++ b/nptl/descr.h +@@ -414,6 +414,8 @@ struct pthread + { + uint32_t cpu_id_start; + uint32_t cpu_id; ++ uint64_t rseq_cs; ++ uint32_t flags; + }; + char pad[32]; /* Original rseq area size. */ + } rseq_area __attribute__ ((aligned (32))); +diff --git a/sysdeps/unix/sysv/linux/rseq-internal.h b/sysdeps/unix/sysv/linux/rseq-internal.h +index 226ba59a24..8fd26f335e 100644 +--- a/sysdeps/unix/sysv/linux/rseq-internal.h ++++ b/sysdeps/unix/sysv/linux/rseq-internal.h +@@ -51,11 +51,21 @@ rseq_register_current_thread (struct pthread *self, bool do_rseq) + /* The initial implementation used only 20 bytes out of 32, + but still expected size 32. */ + size = RSEQ_AREA_SIZE_INITIAL; ++ ++ /* Initialize the rseq fields that are read by the kernel on ++ registration, there is no guarantee that struct pthread is ++ cleared on all architectures. */ ++ THREAD_SETMEM (self, rseq_area.cpu_id, RSEQ_CPU_ID_UNINITIALIZED); ++ THREAD_SETMEM (self, rseq_area.rseq_cs, 0); ++ THREAD_SETMEM (self, rseq_area.flags, 0); ++ + int ret = INTERNAL_SYSCALL_CALL (rseq, &self->rseq_area, + size, 0, RSEQ_SIG); + if (!INTERNAL_SYSCALL_ERROR_P (ret)) + return true; + } ++ /* When rseq is disabled by tunables or the registration fails, inform ++ userspace by setting 'cpu_id' to RSEQ_CPU_ID_REGISTRATION_FAILED. */ + THREAD_SETMEM (self, rseq_area.cpu_id, RSEQ_CPU_ID_REGISTRATION_FAILED); + return false; + } +-- +2.45.0 + diff --git a/packages/glibc/0107-nptl-initialize-cpu_id_start-prior-to-rseq-registrat.patch b/packages/glibc/0107-nptl-initialize-cpu_id_start-prior-to-rseq-registrat.patch new file mode 100644 index 000000000..a490ac650 --- /dev/null +++ b/packages/glibc/0107-nptl-initialize-cpu_id_start-prior-to-rseq-registrat.patch @@ -0,0 +1,34 @@ +From 37ded328c4240f5a84c69b8cb803f0652fa68d20 Mon Sep 17 00:00:00 2001 +From: Michael Jeanson +Date: Wed, 20 Nov 2024 14:15:42 -0500 +Subject: [PATCH] nptl: initialize cpu_id_start prior to rseq registration + +When adding explicit initialization of rseq fields prior to +registration, I glossed over the fact that 'cpu_id_start' is also +documented as initialized by user-space. + +While current kernels don't validate the content of this field on +registration, future ones could. + +Signed-off-by: Michael Jeanson +Reviewed-by: Mathieu Desnoyers +(cherry picked from commit d9f40387d3305d97e30a8cf8724218c42a63680a) +--- + sysdeps/unix/sysv/linux/rseq-internal.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sysdeps/unix/sysv/linux/rseq-internal.h b/sysdeps/unix/sysv/linux/rseq-internal.h +index 8fd26f335e..0ad79174bd 100644 +--- a/sysdeps/unix/sysv/linux/rseq-internal.h ++++ b/sysdeps/unix/sysv/linux/rseq-internal.h +@@ -56,6 +56,7 @@ rseq_register_current_thread (struct pthread *self, bool do_rseq) + registration, there is no guarantee that struct pthread is + cleared on all architectures. */ + THREAD_SETMEM (self, rseq_area.cpu_id, RSEQ_CPU_ID_UNINITIALIZED); ++ THREAD_SETMEM (self, rseq_area.cpu_id_start, 0); + THREAD_SETMEM (self, rseq_area.rseq_cs, 0); + THREAD_SETMEM (self, rseq_area.flags, 0); + +-- +2.45.0 + diff --git a/packages/glibc/glibc.spec b/packages/glibc/glibc.spec index 3351d25dd..ad29507fd 100644 --- a/packages/glibc/glibc.spec +++ b/packages/glibc/glibc.spec @@ -90,6 +90,43 @@ Patch0067: 0067-sparc-Remove-64-bit-check-on-sparc32-wordsize-BZ-275.patch Patch0068: 0068-login-Check-default-sizes-of-structs-utmp-utmpx-last.patch Patch0069: 0069-login-structs-utmp-utmpx-lastlog-_TIME_BITS-independ.patch Patch0070: 0070-nptl-Fix-tst-cancel30-on-kernels-without-ppoll_time6.patch +Patch0071: 0071-i386-ulp-update-for-SSE2-disable-multi-arch-configur.patch +Patch0072: 0072-CVE-2024-33599-nscd-Stack-based-buffer-overflow-in-n.patch +Patch0073: 0073-CVE-2024-33600-nscd-Do-not-send-missing-not-found-re.patch +Patch0074: 0074-CVE-2024-33600-nscd-Avoid-null-pointer-crashes-after.patch +Patch0075: 0075-CVE-2024-33601-CVE-2024-33602-nscd-netgroup-Use-two-.patch +Patch0076: 0076-elf-Also-compile-dl-misc.os-with-rtld-early-cflags.patch +Patch0077: 0077-nscd-Use-time_t-for-return-type-of-addgetnetgrentX.patch +Patch0078: 0078-resolv-Fix-some-unaligned-accesses-in-resolver-BZ-30.patch +Patch0079: 0079-Force-DT_RPATH-for-enable-hardcoded-path-in-tests.patch +Patch0080: 0080-i386-Disable-Intel-Xeon-Phi-tests-for-GCC-15-and-abo.patch +Patch0081: 0081-misc-Add-support-for-Linux-uio.h-RWF_NOAPPEND-flag.patch +Patch0082: 0082-s390x-Fix-segfault-in-wcsncmp-BZ-31934.patch +Patch0083: 0083-nptl-fix-potential-merge-of-__rseq_-relro-symbols.patch +Patch0084: 0084-elf-Make-dl-rseq-symbols-Linux-only.patch +Patch0085: 0085-Linux-Make-__rseq_size-useful-for-feature-detection-.patch +Patch0086: 0086-resolv-Allow-short-error-responses-to-match-any-quer.patch +Patch0087: 0087-resolv-Do-not-wait-for-non-existing-second-DNS-respo.patch +Patch0088: 0088-resolv-Track-single-request-fallback-via-_res._flags.patch +Patch0089: 0089-linux-Update-the-mremap-C-implementation-BZ-31968.patch +Patch0090: 0090-mremap-Update-manual-entry.patch +Patch0091: 0091-Add-mremap-tests.patch +Patch0092: 0092-Update-syscall-lists-for-Linux-6.5.patch +Patch0093: 0093-resolv-Fix-tst-resolv-short-response-for-older-GCC-b.patch +Patch0094: 0094-Fix-name-space-violation-in-fortify-wrappers-bug-320.patch +Patch0095: 0095-x86-Fix-bug-in-strchrnul-evex512-BZ-32078.patch +Patch0096: 0096-support-Add-FAIL-test-failure-helper.patch +Patch0097: 0097-stdio-common-Add-test-for-vfscanf-with-matches-longe.patch +Patch0098: 0098-Make-tst-ungetc-use-libsupport.patch +Patch0099: 0099-ungetc-Fix-uninitialized-read-when-putting-into-unus.patch +Patch0100: 0100-ungetc-Fix-backup-buffer-leak-on-program-exit-BZ-278.patch +Patch0101: 0101-posix-Use-support-check.h-facilities-in-tst-truncate.patch +Patch0102: 0102-nptl-Use-support-check.h-facilities-in-tst-setuid3.patch +Patch0103: 0103-libio-Attempt-wide-backup-free-only-for-non-legacy-c.patch +Patch0104: 0104-Add-crt1-2.0.o-for-glibc-2.0-compatibility-tests.patch +Patch0105: 0105-elf-Change-ldconfig-auxcache-magic-number-bug-32231.patch +Patch0106: 0106-nptl-initialize-rseq-area-prior-to-registration.patch +Patch0107: 0107-nptl-initialize-cpu_id_start-prior-to-rseq-registrat.patch # Fedora patches Patch1001: glibc-cs-path.patch