1 |
vapier 16/03/30 21:13:08 |
2 |
|
3 |
Modified: README.history |
4 |
Added: |
5 |
00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch |
6 |
00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch |
7 |
00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch |
8 |
00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
9 |
Log: |
10 |
more upstream fixes |
11 |
|
12 |
Revision Changes Path |
13 |
1.13 src/patchsets/glibc/2.22/README.history |
14 |
|
15 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?rev=1.13&view=markup |
16 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?rev=1.13&content-type=text/plain |
17 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/README.history?r1=1.12&r2=1.13 |
18 |
|
19 |
Index: README.history |
20 |
=================================================================== |
21 |
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.22/README.history,v |
22 |
retrieving revision 1.12 |
23 |
retrieving revision 1.13 |
24 |
diff -u -r1.12 -r1.13 |
25 |
--- README.history 7 Mar 2016 17:59:32 -0000 1.12 |
26 |
+++ README.history 30 Mar 2016 21:13:08 -0000 1.13 |
27 |
@@ -1,3 +1,9 @@ |
28 |
+12 30 Mar 2016 |
29 |
+ + 00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch |
30 |
+ + 00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch |
31 |
+ + 00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch |
32 |
+ + 00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
33 |
+ |
34 |
11 07 Mar 2016 |
35 |
+ 00_all_0041-CVE-2015-7547-getaddrinfo-stack-based-buffer-overflo.patch |
36 |
+ 00_all_0042-powerpc-Enforce-compiler-barriers-on-hardware-transa.patch |
37 |
|
38 |
|
39 |
|
40 |
1.1 src/patchsets/glibc/2.22/00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch |
41 |
|
42 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch?rev=1.1&view=markup |
43 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch?rev=1.1&content-type=text/plain |
44 |
|
45 |
Index: 00_all_0046-Fix-x86_64-fma4-pow-inappropriate-contraction-bug-19.patch |
46 |
=================================================================== |
47 |
From 209606141fb74f9bfa8ad4ca56900077f0cad2b7 Mon Sep 17 00:00:00 2001 |
48 |
From: Joseph Myers <joseph@××××××××××××.com> |
49 |
Date: Thu, 24 Sep 2015 16:48:32 +0000 |
50 |
Subject: [PATCH] Fix x86_64 fma4 pow inappropriate contraction (bug 19003). |
51 |
|
52 |
The x86_64 fma4 version of pow fails to disable contraction of |
53 |
operations other than those explicitly intended to use fma |
54 |
instructions, so resulting in large ulps errors on processors with |
55 |
fma4 instructions, as in bug 18104 (165ulp for the test added for that |
56 |
bug; error originally reported by "blaaa" on #glibc). This patch adds |
57 |
$(config-cflags-nofma) for e_pow-fma4.c, corresponding to the use for |
58 |
e_pow.c in sysdeps/ieee754/dbl-64/Makefile. |
59 |
|
60 |
Tested for x86_64 on a processor with fma4. |
61 |
|
62 |
[BZ #19003] |
63 |
* sysdeps/x86_64/fpu/multiarch/Makefile (CFLAGS-e_pow-fma4.c): Add |
64 |
$(config-cflags-nofma). |
65 |
|
66 |
(cherry picked from commit 51df2605064a2bfd44fa0655ef9815812347de80) |
67 |
(cherry picked from commit c95a56e2a8b16eeb911eed5c1bdc8fd26f337f4d) |
68 |
--- |
69 |
sysdeps/x86_64/fpu/multiarch/Makefile | 2 +- |
70 |
1 file changed, 1 insertion(+), 1 deletion(-) |
71 |
|
72 |
diff --git a/sysdeps/x86_64/fpu/multiarch/Makefile b/sysdeps/x86_64/fpu/multiarch/Makefile |
73 |
index 86ea473..631534a 100644 |
74 |
--- a/sysdeps/x86_64/fpu/multiarch/Makefile |
75 |
+++ b/sysdeps/x86_64/fpu/multiarch/Makefile |
76 |
@@ -16,7 +16,7 @@ CFLAGS-e_asin-fma4.c = -mfma4 |
77 |
CFLAGS-e_atan2-fma4.c = -mfma4 |
78 |
CFLAGS-e_exp-fma4.c = -mfma4 |
79 |
CFLAGS-e_log-fma4.c = -mfma4 |
80 |
-CFLAGS-e_pow-fma4.c = -mfma4 |
81 |
+CFLAGS-e_pow-fma4.c = -mfma4 $(config-cflags-nofma) |
82 |
CFLAGS-halfulp-fma4.c = -mfma4 |
83 |
CFLAGS-mpa-fma4.c = -mfma4 |
84 |
CFLAGS-mpatan-fma4.c = -mfma4 |
85 |
-- |
86 |
2.7.4 |
87 |
|
88 |
|
89 |
|
90 |
|
91 |
1.1 src/patchsets/glibc/2.22/00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch |
92 |
|
93 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch?rev=1.1&view=markup |
94 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch?rev=1.1&content-type=text/plain |
95 |
|
96 |
Index: 00_all_0047-Use-PIC-relocation-in-ALIAS_IMPL.patch |
97 |
=================================================================== |
98 |
From 3ffe1a9e559b88ed2c1096a798cec5fb17194e99 Mon Sep 17 00:00:00 2001 |
99 |
From: Andrew Senkevich <andrew.senkevich@×××××.com> |
100 |
Date: Wed, 17 Feb 2016 14:23:32 -0800 |
101 |
Subject: [PATCH] Use PIC relocation in ALIAS_IMPL |
102 |
|
103 |
Since libmvec_nonshared.a may be linked into shared objects, ALIAS_IMPL |
104 |
should use PIC relocation. |
105 |
|
106 |
[BZ #19590] |
107 |
* sysdeps/x86_64/fpu/svml_finite_alias.S (ALIAS_IMPL): Use PIC |
108 |
relocation. |
109 |
|
110 |
(cherry picked from commit a5df3210a641c175138052037fcdad34298bfa4d) |
111 |
(cherry picked from commit 2b8ab5c3f618e4d9e0a9147c24f8cf6bbf35a1d8) |
112 |
--- |
113 |
sysdeps/x86_64/fpu/svml_finite_alias.S | 3 +-- |
114 |
1 file changed, 1 insertion(+), 2 deletions(-) |
115 |
|
116 |
diff --git a/sysdeps/x86_64/fpu/svml_finite_alias.S b/sysdeps/x86_64/fpu/svml_finite_alias.S |
117 |
index f8bcfeb..aed1661 100644 |
118 |
--- a/sysdeps/x86_64/fpu/svml_finite_alias.S |
119 |
+++ b/sysdeps/x86_64/fpu/svml_finite_alias.S |
120 |
@@ -23,8 +23,7 @@ |
121 |
|
122 |
#define ALIAS_IMPL(alias, target) \ |
123 |
ENTRY (alias); \ |
124 |
- call target; \ |
125 |
- ret; \ |
126 |
+ jmp *target@GOTPCREL(%rip); \ |
127 |
END (alias) |
128 |
|
129 |
.text |
130 |
-- |
131 |
2.7.4 |
132 |
|
133 |
|
134 |
|
135 |
|
136 |
1.1 src/patchsets/glibc/2.22/00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch |
137 |
|
138 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&view=markup |
139 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&content-type=text/plain |
140 |
|
141 |
Index: 00_all_0048-Fix-resource-leak-in-resolver-bug-19257.patch |
142 |
=================================================================== |
143 |
From 066bfd462534b7141aaaac23aadc5c0ec3e4e7f3 Mon Sep 17 00:00:00 2001 |
144 |
From: Andreas Schwab <schwab@××××.de> |
145 |
Date: Wed, 18 Nov 2015 15:45:59 +0100 |
146 |
Subject: [PATCH] Fix resource leak in resolver (bug 19257) |
147 |
|
148 |
The number of currently defined nameservers is stored in ->nscount, |
149 |
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local |
150 |
initializations. |
151 |
|
152 |
(cherry picked from commit 5e7fdabd7df1fc6c56d104e61390bf5a6b526c38) |
153 |
(cherry picked from commit e5d560e0e7f621b5cde4bcbbac424f8b2742395a) |
154 |
--- |
155 |
resolv/res_init.c | 2 +- |
156 |
1 file changed, 1 insertion(+), 1 deletion(-) |
157 |
|
158 |
diff --git a/resolv/res_init.c b/resolv/res_init.c |
159 |
index 66561ff..77873c1 100644 |
160 |
--- a/resolv/res_init.c |
161 |
+++ b/resolv/res_init.c |
162 |
@@ -593,7 +593,7 @@ __res_iclose(res_state statp, bool free_addr) { |
163 |
statp->_vcsock = -1; |
164 |
statp->_flags &= ~(RES_F_VC | RES_F_CONN); |
165 |
} |
166 |
- for (ns = 0; ns < statp->_u._ext.nscount; ns++) |
167 |
+ for (ns = 0; ns < statp->nscount; ns++) |
168 |
if (statp->_u._ext.nsaddrs[ns]) { |
169 |
if (statp->_u._ext.nssocks[ns] != -1) { |
170 |
close_not_cancel_no_status(statp->_u._ext.nssocks[ns]); |
171 |
-- |
172 |
2.7.4 |
173 |
|
174 |
|
175 |
|
176 |
|
177 |
1.1 src/patchsets/glibc/2.22/00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
178 |
|
179 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&view=markup |
180 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.22/00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&content-type=text/plain |
181 |
|
182 |
Index: 00_all_0049-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
183 |
=================================================================== |
184 |
From b286c83dcbd06314859bf86319782611c81e283d Mon Sep 17 00:00:00 2001 |
185 |
From: Florian Weimer <fweimer@××××××.com> |
186 |
Date: Fri, 25 Mar 2016 11:49:51 +0100 |
187 |
Subject: [PATCH] resolv: Always set *resplen2 out parameter in send_dg [BZ |
188 |
#19791] |
189 |
|
190 |
Since commit 44d20bca52ace85850012b0ead37b360e3ecd96e (Implement |
191 |
second fallback mode for DNS requests), there is a code path which |
192 |
returns early, before *resplen2 is initialized. This happens if the |
193 |
name server address is immediately recognized as invalid (because of |
194 |
lack of protocol support, or if it is a broadcast address such |
195 |
255.255.255.255, or another invalid address). |
196 |
|
197 |
If this happens and *resplen2 was non-zero (which is the case if a |
198 |
previous query resulted in a failure), __libc_res_nquery would reuse |
199 |
an existing second answer buffer. This answer has been previously |
200 |
identified as unusable (for example, it could be an NXDOMAIN |
201 |
response). Due to the presence of a second answer, no name server |
202 |
switching will occur. The result is a name resolution failure, |
203 |
although a successful resolution would have been possible if name |
204 |
servers have been switched and queries had proceeded along the search |
205 |
path. |
206 |
|
207 |
The above paragraph still simplifies the situation. Before glibc |
208 |
2.23, if the second answer needed malloc, the stub resolver would |
209 |
still attempt to reuse the second answer, but this is not possible |
210 |
because __libc_res_nsearch has freed it, after the unsuccessful call |
211 |
to __libc_res_nquerydomain, and set the buffer pointer to NULL. This |
212 |
eventually leads to an assertion failure in __libc_res_nquery: |
213 |
|
214 |
/* Make sure both hp and hp2 are defined */ |
215 |
assert((hp != NULL) && (hp2 != NULL)); |
216 |
|
217 |
If assertions are disabled, the consequence is a NULL pointer |
218 |
dereference on the next line. |
219 |
|
220 |
Starting with glibc 2.23, as a result of commit |
221 |
e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca (CVE-2015-7547: getaddrinfo() |
222 |
stack-based buffer overflow (Bug 18665)), the second answer is always |
223 |
allocated with malloc. This means that the assertion failure happens |
224 |
with small responses as well because there is no buffer to reuse, as |
225 |
soon as there is a name resolution failure which triggers a search for |
226 |
an answer along the search path. |
227 |
|
228 |
This commit addresses the issue by ensuring that *resplen2 is |
229 |
initialized before the send_dg function returns. |
230 |
|
231 |
This commit also addresses a bug where an invalid second reply is |
232 |
incorrectly returned as a valid to the caller. |
233 |
|
234 |
(cherry picked from commit b66d837bb5398795c6b0f651bd5a5d66091d8577) |
235 |
(cherry picked from commit 5a1a5f0dd2744044801c91bf2588444c29cda533) |
236 |
--- |
237 |
resolv/res_send.c | 63 +++++++++++++++++++++++++++++++++++-------------------- |
238 |
1 file changed, 40 insertions(+), 23 deletions(-) |
239 |
|
240 |
diff --git a/resolv/res_send.c b/resolv/res_send.c |
241 |
index 6511bb1..0add3d2 100644 |
242 |
--- a/resolv/res_send.c |
243 |
+++ b/resolv/res_send.c |
244 |
@@ -657,6 +657,18 @@ get_nsaddr (res_state statp, int n) |
245 |
return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; |
246 |
} |
247 |
|
248 |
+/* Close the resolver structure, assign zero to *RESPLEN2 if RESPLEN2 |
249 |
+ is not NULL, and return zero. */ |
250 |
+static int |
251 |
+__attribute__ ((warn_unused_result)) |
252 |
+close_and_return_error (res_state statp, int *resplen2) |
253 |
+{ |
254 |
+ __res_iclose(statp, false); |
255 |
+ if (resplen2 != NULL) |
256 |
+ *resplen2 = 0; |
257 |
+ return 0; |
258 |
+} |
259 |
+ |
260 |
/* The send_vc function is responsible for sending a DNS query over TCP |
261 |
to the nameserver numbered NS from the res_state STATP i.e. |
262 |
EXT(statp).nssocks[ns]. The function supports sending both IPv4 and |
263 |
@@ -1159,7 +1171,11 @@ send_dg(res_state statp, |
264 |
retry_reopen: |
265 |
retval = reopen (statp, terrno, ns); |
266 |
if (retval <= 0) |
267 |
- return retval; |
268 |
+ { |
269 |
+ if (resplen2 != NULL) |
270 |
+ *resplen2 = 0; |
271 |
+ return retval; |
272 |
+ } |
273 |
retry: |
274 |
evNowTime(&now); |
275 |
evConsTime(&timeout, seconds, 0); |
276 |
@@ -1172,8 +1188,6 @@ send_dg(res_state statp, |
277 |
int recvresp2 = buf2 == NULL; |
278 |
pfd[0].fd = EXT(statp).nssocks[ns]; |
279 |
pfd[0].events = POLLOUT; |
280 |
- if (resplen2 != NULL) |
281 |
- *resplen2 = 0; |
282 |
wait: |
283 |
if (need_recompute) { |
284 |
recompute_resend: |
285 |
@@ -1181,9 +1195,7 @@ send_dg(res_state statp, |
286 |
if (evCmpTime(finish, now) <= 0) { |
287 |
poll_err_out: |
288 |
Perror(statp, stderr, "poll", errno); |
289 |
- err_out: |
290 |
- __res_iclose(statp, false); |
291 |
- return (0); |
292 |
+ return close_and_return_error (statp, resplen2); |
293 |
} |
294 |
evSubTime(&timeout, &finish, &now); |
295 |
need_recompute = 0; |
296 |
@@ -1230,7 +1242,9 @@ send_dg(res_state statp, |
297 |
} |
298 |
|
299 |
*gotsomewhere = 1; |
300 |
- return (0); |
301 |
+ if (resplen2 != NULL) |
302 |
+ *resplen2 = 0; |
303 |
+ return 0; |
304 |
} |
305 |
if (n < 0) { |
306 |
if (errno == EINTR) |
307 |
@@ -1298,7 +1312,7 @@ send_dg(res_state statp, |
308 |
|
309 |
fail_sendmmsg: |
310 |
Perror(statp, stderr, "sendmmsg", errno); |
311 |
- goto err_out; |
312 |
+ return close_and_return_error (statp, resplen2); |
313 |
} |
314 |
} |
315 |
else |
316 |
@@ -1316,7 +1330,7 @@ send_dg(res_state statp, |
317 |
if (errno == EINTR || errno == EAGAIN) |
318 |
goto recompute_resend; |
319 |
Perror(statp, stderr, "send", errno); |
320 |
- goto err_out; |
321 |
+ return close_and_return_error (statp, resplen2); |
322 |
} |
323 |
just_one: |
324 |
if (nwritten != 0 || buf2 == NULL || single_request) |
325 |
@@ -1394,7 +1408,7 @@ send_dg(res_state statp, |
326 |
goto wait; |
327 |
} |
328 |
Perror(statp, stderr, "recvfrom", errno); |
329 |
- goto err_out; |
330 |
+ return close_and_return_error (statp, resplen2); |
331 |
} |
332 |
*gotsomewhere = 1; |
333 |
if (__glibc_unlikely (*thisresplenp < HFIXEDSZ)) { |
334 |
@@ -1405,7 +1419,7 @@ send_dg(res_state statp, |
335 |
(stdout, ";; undersized: %d\n", |
336 |
*thisresplenp)); |
337 |
*terrno = EMSGSIZE; |
338 |
- goto err_out; |
339 |
+ return close_and_return_error (statp, resplen2); |
340 |
} |
341 |
if ((recvresp1 || hp->id != anhp->id) |
342 |
&& (recvresp2 || hp2->id != anhp->id)) { |
343 |
@@ -1454,7 +1468,7 @@ send_dg(res_state statp, |
344 |
? *thisanssizp : *thisresplenp); |
345 |
/* record the error */ |
346 |
statp->_flags |= RES_F_EDNS0ERR; |
347 |
- goto err_out; |
348 |
+ return close_and_return_error (statp, resplen2); |
349 |
} |
350 |
#endif |
351 |
if (!(statp->options & RES_INSECURE2) |
352 |
@@ -1506,10 +1520,10 @@ send_dg(res_state statp, |
353 |
goto wait; |
354 |
} |
355 |
|
356 |
- __res_iclose(statp, false); |
357 |
/* don't retry if called from dig */ |
358 |
if (!statp->pfcode) |
359 |
- return (0); |
360 |
+ return close_and_return_error (statp, resplen2); |
361 |
+ __res_iclose(statp, false); |
362 |
} |
363 |
if (anhp->rcode == NOERROR && anhp->ancount == 0 |
364 |
&& anhp->aa == 0 && anhp->ra == 0 && anhp->arcount == 0) { |
365 |
@@ -1531,6 +1545,8 @@ send_dg(res_state statp, |
366 |
__res_iclose(statp, false); |
367 |
// XXX if we have received one reply we could |
368 |
// XXX use it and not repeat it over TCP... |
369 |
+ if (resplen2 != NULL) |
370 |
+ *resplen2 = 0; |
371 |
return (1); |
372 |
} |
373 |
/* Mark which reply we received. */ |
374 |
@@ -1546,21 +1562,22 @@ send_dg(res_state statp, |
375 |
__res_iclose (statp, false); |
376 |
retval = reopen (statp, terrno, ns); |
377 |
if (retval <= 0) |
378 |
- return retval; |
379 |
+ { |
380 |
+ if (resplen2 != NULL) |
381 |
+ *resplen2 = 0; |
382 |
+ return retval; |
383 |
+ } |
384 |
pfd[0].fd = EXT(statp).nssocks[ns]; |
385 |
} |
386 |
} |
387 |
goto wait; |
388 |
} |
389 |
- /* |
390 |
- * All is well, or the error is fatal. Signal that the |
391 |
- * next nameserver ought not be tried. |
392 |
- */ |
393 |
+ /* All is well. We have received both responses (if |
394 |
+ two responses were requested). */ |
395 |
return (resplen); |
396 |
- } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { |
397 |
- /* Something went wrong. We can stop trying. */ |
398 |
- goto err_out; |
399 |
- } |
400 |
+ } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL)) |
401 |
+ /* Something went wrong. We can stop trying. */ |
402 |
+ return close_and_return_error (statp, resplen2); |
403 |
else { |
404 |
/* poll should not have returned > 0 in this case. */ |
405 |
abort (); |
406 |
-- |
407 |
2.7.4 |