1 |
vapier 16/03/30 22:01:25 |
2 |
|
3 |
Modified: README.history |
4 |
Added: |
5 |
00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch |
6 |
00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch |
7 |
00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch |
8 |
00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch |
9 |
00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch |
10 |
00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
11 |
Log: |
12 |
more upstream fixes |
13 |
|
14 |
Revision Changes Path |
15 |
1.4 src/patchsets/glibc/2.23/README.history |
16 |
|
17 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?rev=1.4&view=markup |
18 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?rev=1.4&content-type=text/plain |
19 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/README.history?r1=1.3&r2=1.4 |
20 |
|
21 |
Index: README.history |
22 |
=================================================================== |
23 |
RCS file: /var/cvsroot/gentoo/src/patchsets/glibc/2.23/README.history,v |
24 |
retrieving revision 1.3 |
25 |
retrieving revision 1.4 |
26 |
diff -u -r1.3 -r1.4 |
27 |
--- README.history 8 Mar 2016 21:50:44 -0000 1.3 |
28 |
+++ README.history 30 Mar 2016 22:01:25 -0000 1.4 |
29 |
@@ -1,5 +1,11 @@ |
30 |
-3 [pending] |
31 |
+3 30 Mar 2016 |
32 |
+ 00_all_0013-Add-sys-auxv.h-wrapper-to-include-sys.patch |
33 |
+ + 00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch |
34 |
+ + 00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch |
35 |
+ + 00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch |
36 |
+ + 00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch |
37 |
+ + 00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch |
38 |
+ + 00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
39 |
|
40 |
2 07 Mar 2016 |
41 |
+ 00_all_0010-x86_64-Set-DL_RUNTIME_UNALIGNED_VEC_SIZE-to-8.patch |
42 |
|
43 |
|
44 |
|
45 |
1.1 src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch |
46 |
|
47 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch?rev=1.1&view=markup |
48 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch?rev=1.1&content-type=text/plain |
49 |
|
50 |
Index: 00_all_0014-mips-terminate-the-FDE-before-the-return-trampoline-.patch |
51 |
=================================================================== |
52 |
From 8649aef19cb2edcc5bfa86e5e8b89f2c80401b0f Mon Sep 17 00:00:00 2001 |
53 |
From: Aurelien Jarno <aurelien@×××××××.net> |
54 |
Date: Wed, 9 Mar 2016 00:25:00 +0100 |
55 |
Subject: [PATCH] mips: terminate the FDE before the return trampoline in |
56 |
makecontext |
57 |
|
58 |
In makecontext the FDE needs to be terminated before the return |
59 |
trampoline otherwise backtrace called within a context created by |
60 |
makecontext yields infinite backtrace. |
61 |
|
62 |
This bug has been present for a long time, stdlib/tst-makecontext did |
63 |
not fail until recent commit e535ce25. Tested on mips-linux-gnu and |
64 |
mips64el-linux-gnuabi64 and mips-linux-gnu, no regression. |
65 |
|
66 |
This fixes stdlib/tst-makecontext on MIPS. |
67 |
|
68 |
Changelog: |
69 |
[BZ #19792] |
70 |
* sysdeps/unix/sysv/linux/mips/makecontext.S (__makecontext): |
71 |
Terminate FDE before return label. |
72 |
|
73 |
(cherry picked from commit f8e9c4d30c28b8815e65a391416e8b15d2e7cbb8) |
74 |
(cherry picked from commit 63ed4db4b45cab21cf6f68aac7b9fce2f770fe74) |
75 |
--- |
76 |
sysdeps/unix/sysv/linux/mips/makecontext.S | 7 +++++++ |
77 |
1 file changed, 7 insertions(+) |
78 |
|
79 |
diff --git a/sysdeps/unix/sysv/linux/mips/makecontext.S b/sysdeps/unix/sysv/linux/mips/makecontext.S |
80 |
index 66600c7..3196554 100644 |
81 |
--- a/sysdeps/unix/sysv/linux/mips/makecontext.S |
82 |
+++ b/sysdeps/unix/sysv/linux/mips/makecontext.S |
83 |
@@ -153,6 +153,11 @@ NESTED (__makecontext, FRAMESZ, ra) |
84 |
#endif |
85 |
jr ra |
86 |
|
87 |
+ /* We need to terminate the FDE to stop unwinding if backtrace was |
88 |
+ called within a context created by makecontext. */ |
89 |
+ cfi_endproc |
90 |
+ nop |
91 |
+ |
92 |
99: |
93 |
#ifdef __PIC__ |
94 |
move gp, s1 |
95 |
@@ -186,6 +191,8 @@ NESTED (__makecontext, FRAMESZ, ra) |
96 |
1: |
97 |
lb zero, (zero) |
98 |
b 1b |
99 |
+ |
100 |
+ cfi_startproc |
101 |
PSEUDO_END (__makecontext) |
102 |
|
103 |
weak_alias (__makecontext, makecontext) |
104 |
-- |
105 |
2.7.4 |
106 |
|
107 |
|
108 |
|
109 |
|
110 |
1.1 src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch |
111 |
|
112 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch?rev=1.1&view=markup |
113 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch?rev=1.1&content-type=text/plain |
114 |
|
115 |
Index: 00_all_0015-Use-HAS_ARCH_FEATURE-with-Fast_Rep_String.patch |
116 |
=================================================================== |
117 |
From e62ac4543797b29a8851a43ec03e3718200dd612 Mon Sep 17 00:00:00 2001 |
118 |
From: "H.J. Lu" <hjl.tools@×××××.com> |
119 |
Date: Sun, 6 Mar 2016 08:23:24 -0800 |
120 |
Subject: [PATCH] Use HAS_ARCH_FEATURE with Fast_Rep_String |
121 |
|
122 |
HAS_ARCH_FEATURE, not HAS_CPU_FEATURE, should be used with |
123 |
Fast_Rep_String. |
124 |
|
125 |
[BZ #19762] |
126 |
* sysdeps/i386/i686/multiarch/bcopy.S (bcopy): Use |
127 |
HAS_ARCH_FEATURE with Fast_Rep_String. |
128 |
* sysdeps/i386/i686/multiarch/bzero.S (__bzero): Likewise. |
129 |
* sysdeps/i386/i686/multiarch/memcpy.S (memcpy): Likewise. |
130 |
* sysdeps/i386/i686/multiarch/memcpy_chk.S (__memcpy_chk): |
131 |
Likewise. |
132 |
* sysdeps/i386/i686/multiarch/memmove_chk.S (__memmove_chk): |
133 |
Likewise. |
134 |
* sysdeps/i386/i686/multiarch/mempcpy.S (__mempcpy): Likewise. |
135 |
* sysdeps/i386/i686/multiarch/mempcpy_chk.S (__mempcpy_chk): |
136 |
Likewise. |
137 |
* sysdeps/i386/i686/multiarch/memset.S (memset): Likewise. |
138 |
* sysdeps/i386/i686/multiarch/memset_chk.S (__memset_chk): |
139 |
Likewise. |
140 |
|
141 |
(cherry picked from commit 4e940b2f4b577f3a530e0580373f7c2d569f4d63) |
142 |
(cherry picked from commit 0594fd054623b0ac4c481582ab3664a74aadbf69) |
143 |
--- |
144 |
sysdeps/i386/i686/multiarch/bcopy.S | 2 +- |
145 |
sysdeps/i386/i686/multiarch/bzero.S | 2 +- |
146 |
sysdeps/i386/i686/multiarch/memcpy.S | 2 +- |
147 |
sysdeps/i386/i686/multiarch/memcpy_chk.S | 2 +- |
148 |
sysdeps/i386/i686/multiarch/memmove_chk.S | 2 +- |
149 |
sysdeps/i386/i686/multiarch/mempcpy.S | 2 +- |
150 |
sysdeps/i386/i686/multiarch/mempcpy_chk.S | 2 +- |
151 |
sysdeps/i386/i686/multiarch/memset.S | 2 +- |
152 |
sysdeps/i386/i686/multiarch/memset_chk.S | 2 +- |
153 |
9 files changed, 9 insertions(+), 9 deletions(-) |
154 |
|
155 |
diff --git a/sysdeps/i386/i686/multiarch/bcopy.S b/sysdeps/i386/i686/multiarch/bcopy.S |
156 |
index d5b408d..ce6661b 100644 |
157 |
--- a/sysdeps/i386/i686/multiarch/bcopy.S |
158 |
+++ b/sysdeps/i386/i686/multiarch/bcopy.S |
159 |
@@ -36,7 +36,7 @@ ENTRY(bcopy) |
160 |
HAS_CPU_FEATURE (SSSE3) |
161 |
jz 2f |
162 |
LOAD_FUNC_GOT_EAX (__bcopy_ssse3) |
163 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
164 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
165 |
jz 2f |
166 |
LOAD_FUNC_GOT_EAX (__bcopy_ssse3_rep) |
167 |
2: ret |
168 |
diff --git a/sysdeps/i386/i686/multiarch/bzero.S b/sysdeps/i386/i686/multiarch/bzero.S |
169 |
index 3bad417..738ca69 100644 |
170 |
--- a/sysdeps/i386/i686/multiarch/bzero.S |
171 |
+++ b/sysdeps/i386/i686/multiarch/bzero.S |
172 |
@@ -31,7 +31,7 @@ ENTRY(__bzero) |
173 |
HAS_CPU_FEATURE (SSE2) |
174 |
jz 2f |
175 |
LOAD_FUNC_GOT_EAX ( __bzero_sse2) |
176 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
177 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
178 |
jz 2f |
179 |
LOAD_FUNC_GOT_EAX (__bzero_sse2_rep) |
180 |
2: ret |
181 |
diff --git a/sysdeps/i386/i686/multiarch/memcpy.S b/sysdeps/i386/i686/multiarch/memcpy.S |
182 |
index 27913ea..652b5a2 100644 |
183 |
--- a/sysdeps/i386/i686/multiarch/memcpy.S |
184 |
+++ b/sysdeps/i386/i686/multiarch/memcpy.S |
185 |
@@ -38,7 +38,7 @@ ENTRY(memcpy) |
186 |
HAS_CPU_FEATURE (SSSE3) |
187 |
jz 2f |
188 |
LOAD_FUNC_GOT_EAX (__memcpy_ssse3) |
189 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
190 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
191 |
jz 2f |
192 |
LOAD_FUNC_GOT_EAX (__memcpy_ssse3_rep) |
193 |
2: ret |
194 |
diff --git a/sysdeps/i386/i686/multiarch/memcpy_chk.S b/sysdeps/i386/i686/multiarch/memcpy_chk.S |
195 |
index 39bc3c2..0eee32c 100644 |
196 |
--- a/sysdeps/i386/i686/multiarch/memcpy_chk.S |
197 |
+++ b/sysdeps/i386/i686/multiarch/memcpy_chk.S |
198 |
@@ -39,7 +39,7 @@ ENTRY(__memcpy_chk) |
199 |
HAS_CPU_FEATURE (SSSE3) |
200 |
jz 2f |
201 |
LOAD_FUNC_GOT_EAX (__memcpy_chk_ssse3) |
202 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
203 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
204 |
jz 2f |
205 |
LOAD_FUNC_GOT_EAX (__memcpy_chk_ssse3_rep) |
206 |
2: ret |
207 |
diff --git a/sysdeps/i386/i686/multiarch/memmove_chk.S b/sysdeps/i386/i686/multiarch/memmove_chk.S |
208 |
index c27892d..a29bbc9 100644 |
209 |
--- a/sysdeps/i386/i686/multiarch/memmove_chk.S |
210 |
+++ b/sysdeps/i386/i686/multiarch/memmove_chk.S |
211 |
@@ -36,7 +36,7 @@ ENTRY(__memmove_chk) |
212 |
HAS_CPU_FEATURE (SSSE3) |
213 |
jz 2f |
214 |
LOAD_FUNC_GOT_EAX (__memmove_chk_ssse3) |
215 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
216 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
217 |
jz 2f |
218 |
LOAD_FUNC_GOT_EAX (__memmove_chk_ssse3_rep) |
219 |
2: ret |
220 |
diff --git a/sysdeps/i386/i686/multiarch/mempcpy.S b/sysdeps/i386/i686/multiarch/mempcpy.S |
221 |
index 141ff2e..b46f3fc 100644 |
222 |
--- a/sysdeps/i386/i686/multiarch/mempcpy.S |
223 |
+++ b/sysdeps/i386/i686/multiarch/mempcpy.S |
224 |
@@ -38,7 +38,7 @@ ENTRY(__mempcpy) |
225 |
HAS_CPU_FEATURE (SSSE3) |
226 |
jz 2f |
227 |
LOAD_FUNC_GOT_EAX (__mempcpy_ssse3) |
228 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
229 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
230 |
jz 2f |
231 |
LOAD_FUNC_GOT_EAX (__mempcpy_ssse3_rep) |
232 |
2: ret |
233 |
diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S |
234 |
index 2788b66..30f3629 100644 |
235 |
--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S |
236 |
+++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S |
237 |
@@ -39,7 +39,7 @@ ENTRY(__mempcpy_chk) |
238 |
HAS_CPU_FEATURE (SSSE3) |
239 |
jz 2f |
240 |
LOAD_FUNC_GOT_EAX (__mempcpy_chk_ssse3) |
241 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
242 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
243 |
jz 2f |
244 |
LOAD_FUNC_GOT_EAX (__mempcpy_chk_ssse3_rep) |
245 |
2: ret |
246 |
diff --git a/sysdeps/i386/i686/multiarch/memset.S b/sysdeps/i386/i686/multiarch/memset.S |
247 |
index 268df0c..14180e4 100644 |
248 |
--- a/sysdeps/i386/i686/multiarch/memset.S |
249 |
+++ b/sysdeps/i386/i686/multiarch/memset.S |
250 |
@@ -31,7 +31,7 @@ ENTRY(memset) |
251 |
HAS_CPU_FEATURE (SSE2) |
252 |
jz 2f |
253 |
LOAD_FUNC_GOT_EAX (__memset_sse2) |
254 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
255 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
256 |
jz 2f |
257 |
LOAD_FUNC_GOT_EAX (__memset_sse2_rep) |
258 |
2: ret |
259 |
diff --git a/sysdeps/i386/i686/multiarch/memset_chk.S b/sysdeps/i386/i686/multiarch/memset_chk.S |
260 |
index d18b53f..d73f202 100644 |
261 |
--- a/sysdeps/i386/i686/multiarch/memset_chk.S |
262 |
+++ b/sysdeps/i386/i686/multiarch/memset_chk.S |
263 |
@@ -31,7 +31,7 @@ ENTRY(__memset_chk) |
264 |
HAS_CPU_FEATURE (SSE2) |
265 |
jz 2f |
266 |
LOAD_FUNC_GOT_EAX (__memset_chk_sse2) |
267 |
- HAS_CPU_FEATURE (Fast_Rep_String) |
268 |
+ HAS_ARCH_FEATURE (Fast_Rep_String) |
269 |
jz 2f |
270 |
LOAD_FUNC_GOT_EAX (__memset_chk_sse2_rep) |
271 |
2: ret |
272 |
-- |
273 |
2.7.4 |
274 |
|
275 |
|
276 |
|
277 |
|
278 |
1.1 src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch |
279 |
|
280 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch?rev=1.1&view=markup |
281 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch?rev=1.1&content-type=text/plain |
282 |
|
283 |
Index: 00_all_0016-Define-_HAVE_STRING_ARCH_mempcpy-to-1-for-x86.patch |
284 |
=================================================================== |
285 |
From 4b06de856395d37848fc97bbc032c8c3dce5eb52 Mon Sep 17 00:00:00 2001 |
286 |
From: "H.J. Lu" <hjl.tools@×××××.com> |
287 |
Date: Tue, 8 Mar 2016 10:57:31 -0800 |
288 |
Subject: [PATCH] Define _HAVE_STRING_ARCH_mempcpy to 1 for x86 |
289 |
|
290 |
Since x86 has an optimized mempcpy and GCC can inline mempcpy on x86, |
291 |
define _HAVE_STRING_ARCH_mempcpy to 1 for x86. |
292 |
|
293 |
[BZ #19759] |
294 |
* sysdeps/x86/bits/string.h (_HAVE_STRING_ARCH_mempcpy): New. |
295 |
|
296 |
(cherry picked from commit 2b35e48c0c547b3f6f81996ce7ad7d67e24c7329) |
297 |
(cherry picked from commit b4456470a64a1e4e466a98dca3b51bf63fb5a13c) |
298 |
--- |
299 |
sysdeps/x86/bits/string.h | 3 +++ |
300 |
1 file changed, 3 insertions(+) |
301 |
|
302 |
diff --git a/sysdeps/x86/bits/string.h b/sysdeps/x86/bits/string.h |
303 |
index e4e019f..8dfce05 100644 |
304 |
--- a/sysdeps/x86/bits/string.h |
305 |
+++ b/sysdeps/x86/bits/string.h |
306 |
@@ -23,6 +23,9 @@ |
307 |
/* Use the unaligned string inline ABI. */ |
308 |
#define _STRING_INLINE_unaligned 1 |
309 |
|
310 |
+/* Don't inline mempcpy into memcpy as x86 has an optimized mempcpy. */ |
311 |
+#define _HAVE_STRING_ARCH_mempcpy 1 |
312 |
+ |
313 |
/* Enable inline functions only for i486 or better when compiling for |
314 |
ia32. */ |
315 |
#if !defined __x86_64__ && (defined __i486__ || defined __pentium__ \ |
316 |
-- |
317 |
2.7.4 |
318 |
|
319 |
|
320 |
|
321 |
|
322 |
1.1 src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch |
323 |
|
324 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch?rev=1.1&view=markup |
325 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch?rev=1.1&content-type=text/plain |
326 |
|
327 |
Index: 00_all_0017-Or-bit_Prefer_MAP_32BIT_EXEC-in-EXTRA_LD_ENVVARS.patch |
328 |
=================================================================== |
329 |
From 939f86004862d36b3bba15167b02047135e22e46 Mon Sep 17 00:00:00 2001 |
330 |
From: "H.J. Lu" <hjl.tools@×××××.com> |
331 |
Date: Thu, 3 Mar 2016 14:51:40 -0800 |
332 |
Subject: [PATCH] Or bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS |
333 |
|
334 |
We should turn on bit_Prefer_MAP_32BIT_EXEC in EXTRA_LD_ENVVARS without |
335 |
overriding other bits. |
336 |
|
337 |
[BZ #19758] |
338 |
* sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
339 |
(EXTRA_LD_ENVVARS): Or bit_Prefer_MAP_32BIT_EXEC. |
340 |
|
341 |
(cherry picked from commit 33ab2ad58eba55de05a05f4adb795e1c172024bb) |
342 |
--- |
343 |
sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h | 2 +- |
344 |
1 file changed, 1 insertion(+), 1 deletion(-) |
345 |
|
346 |
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
347 |
index c9db5ea..a759934 100644 |
348 |
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
349 |
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h |
350 |
@@ -33,7 +33,7 @@ |
351 |
case 21: \ |
352 |
if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ |
353 |
GLRO(dl_x86_cpu_features).feature[index_Prefer_MAP_32BIT_EXEC] \ |
354 |
- = bit_Prefer_MAP_32BIT_EXEC; \ |
355 |
+ |= bit_Prefer_MAP_32BIT_EXEC; \ |
356 |
break; |
357 |
|
358 |
/* Extra unsecure variables. The names are all stuffed in a single |
359 |
-- |
360 |
2.7.4 |
361 |
|
362 |
|
363 |
|
364 |
|
365 |
1.1 src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch |
366 |
|
367 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&view=markup |
368 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch?rev=1.1&content-type=text/plain |
369 |
|
370 |
Index: 00_all_0018-Fix-resource-leak-in-resolver-bug-19257.patch |
371 |
=================================================================== |
372 |
From 2e39530c16a949a76d0a273a43d44682d9dbe109 Mon Sep 17 00:00:00 2001 |
373 |
From: Andreas Schwab <schwab@××××.de> |
374 |
Date: Wed, 18 Nov 2015 15:45:59 +0100 |
375 |
Subject: [PATCH] Fix resource leak in resolver (bug 19257) |
376 |
|
377 |
The number of currently defined nameservers is stored in ->nscount, |
378 |
whereas ->_u._ext.nscount is set by __libc_res_nsend only after local |
379 |
initializations. |
380 |
|
381 |
(cherry picked from commit 5e7fdabd7df1fc6c56d104e61390bf5a6b526c38) |
382 |
(cherry picked from commit 317da342ba4417c30d985f5593d78bb1364a62c3) |
383 |
--- |
384 |
resolv/res_init.c | 2 +- |
385 |
1 file changed, 1 insertion(+), 1 deletion(-) |
386 |
|
387 |
diff --git a/resolv/res_init.c b/resolv/res_init.c |
388 |
index e0b6a80..6c951f5 100644 |
389 |
--- a/resolv/res_init.c |
390 |
+++ b/resolv/res_init.c |
391 |
@@ -594,7 +594,7 @@ __res_iclose(res_state statp, bool free_addr) { |
392 |
statp->_vcsock = -1; |
393 |
statp->_flags &= ~(RES_F_VC | RES_F_CONN); |
394 |
} |
395 |
- for (ns = 0; ns < statp->_u._ext.nscount; ns++) |
396 |
+ for (ns = 0; ns < statp->nscount; ns++) |
397 |
if (statp->_u._ext.nsaddrs[ns]) { |
398 |
if (statp->_u._ext.nssocks[ns] != -1) { |
399 |
close_not_cancel_no_status(statp->_u._ext.nssocks[ns]); |
400 |
-- |
401 |
2.7.4 |
402 |
|
403 |
|
404 |
|
405 |
|
406 |
1.1 src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
407 |
|
408 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&view=markup |
409 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo/src/patchsets/glibc/2.23/00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch?rev=1.1&content-type=text/plain |
410 |
|
411 |
Index: 00_all_0019-resolv-Always-set-resplen2-out-parameter-in-send_dg-.patch |
412 |
=================================================================== |
413 |
From c51410d427a863b076443efe7c18b1aef07d3a7b Mon Sep 17 00:00:00 2001 |
414 |
From: Florian Weimer <fweimer@××××××.com> |
415 |
Date: Fri, 25 Mar 2016 11:49:51 +0100 |
416 |
Subject: [PATCH] resolv: Always set *resplen2 out parameter in send_dg [BZ |
417 |
#19791] |
418 |
|
419 |
Since commit 44d20bca52ace85850012b0ead37b360e3ecd96e (Implement |
420 |
second fallback mode for DNS requests), there is a code path which |
421 |
returns early, before *resplen2 is initialized. This happens if the |
422 |
name server address is immediately recognized as invalid (because of |
423 |
lack of protocol support, or if it is a broadcast address such |
424 |
255.255.255.255, or another invalid address). |
425 |
|
426 |
If this happens and *resplen2 was non-zero (which is the case if a |
427 |
previous query resulted in a failure), __libc_res_nquery would reuse |
428 |
an existing second answer buffer. This answer has been previously |
429 |
identified as unusable (for example, it could be an NXDOMAIN |
430 |
response). Due to the presence of a second answer, no name server |
431 |
switching will occur. The result is a name resolution failure, |
432 |
although a successful resolution would have been possible if name |
433 |
servers have been switched and queries had proceeded along the search |
434 |
path. |
435 |
|
436 |
The above paragraph still simplifies the situation. Before glibc |
437 |
2.23, if the second answer needed malloc, the stub resolver would |
438 |
still attempt to reuse the second answer, but this is not possible |
439 |
because __libc_res_nsearch has freed it, after the unsuccessful call |
440 |
to __libc_res_nquerydomain, and set the buffer pointer to NULL. This |
441 |
eventually leads to an assertion failure in __libc_res_nquery: |
442 |
|
443 |
/* Make sure both hp and hp2 are defined */ |
444 |
assert((hp != NULL) && (hp2 != NULL)); |
445 |
|
446 |
If assertions are disabled, the consequence is a NULL pointer |
447 |
dereference on the next line. |
448 |
|
449 |
Starting with glibc 2.23, as a result of commit |
450 |
e9db92d3acfe1822d56d11abcea5bfc4c41cf6ca (CVE-2015-7547: getaddrinfo() |
451 |
stack-based buffer overflow (Bug 18665)), the second answer is always |
452 |
allocated with malloc. This means that the assertion failure happens |
453 |
with small responses as well because there is no buffer to reuse, as |
454 |
soon as there is a name resolution failure which triggers a search for |
455 |
an answer along the search path. |
456 |
|
457 |
This commit addresses the issue by ensuring that *resplen2 is |
458 |
initialized before the send_dg function returns. |
459 |
|
460 |
This commit also addresses a bug where an invalid second reply is |
461 |
incorrectly returned as a valid to the caller. |
462 |
|
463 |
(cherry picked from commit b66d837bb5398795c6b0f651bd5a5d66091d8577) |
464 |
(cherry picked from commit 3a188eb4e641d2df0cfd352fd09232347f28fbe1) |
465 |
--- |
466 |
resolv/res_send.c | 63 +++++++++++++++++++++++++++++++++++-------------------- |
467 |
1 file changed, 40 insertions(+), 23 deletions(-) |
468 |
|
469 |
diff --git a/resolv/res_send.c b/resolv/res_send.c |
470 |
index 25c19f1..b4efcb6 100644 |
471 |
--- a/resolv/res_send.c |
472 |
+++ b/resolv/res_send.c |
473 |
@@ -649,6 +649,18 @@ get_nsaddr (res_state statp, int n) |
474 |
return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; |
475 |
} |
476 |
|
477 |
+/* Close the resolver structure, assign zero to *RESPLEN2 if RESPLEN2 |
478 |
+ is not NULL, and return zero. */ |
479 |
+static int |
480 |
+__attribute__ ((warn_unused_result)) |
481 |
+close_and_return_error (res_state statp, int *resplen2) |
482 |
+{ |
483 |
+ __res_iclose(statp, false); |
484 |
+ if (resplen2 != NULL) |
485 |
+ *resplen2 = 0; |
486 |
+ return 0; |
487 |
+} |
488 |
+ |
489 |
/* The send_vc function is responsible for sending a DNS query over TCP |
490 |
to the nameserver numbered NS from the res_state STATP i.e. |
491 |
EXT(statp).nssocks[ns]. The function supports sending both IPv4 and |
492 |
@@ -1114,7 +1126,11 @@ send_dg(res_state statp, |
493 |
retry_reopen: |
494 |
retval = reopen (statp, terrno, ns); |
495 |
if (retval <= 0) |
496 |
- return retval; |
497 |
+ { |
498 |
+ if (resplen2 != NULL) |
499 |
+ *resplen2 = 0; |
500 |
+ return retval; |
501 |
+ } |
502 |
retry: |
503 |
evNowTime(&now); |
504 |
evConsTime(&timeout, seconds, 0); |
505 |
@@ -1127,8 +1143,6 @@ send_dg(res_state statp, |
506 |
int recvresp2 = buf2 == NULL; |
507 |
pfd[0].fd = EXT(statp).nssocks[ns]; |
508 |
pfd[0].events = POLLOUT; |
509 |
- if (resplen2 != NULL) |
510 |
- *resplen2 = 0; |
511 |
wait: |
512 |
if (need_recompute) { |
513 |
recompute_resend: |
514 |
@@ -1136,9 +1150,7 @@ send_dg(res_state statp, |
515 |
if (evCmpTime(finish, now) <= 0) { |
516 |
poll_err_out: |
517 |
Perror(statp, stderr, "poll", errno); |
518 |
- err_out: |
519 |
- __res_iclose(statp, false); |
520 |
- return (0); |
521 |
+ return close_and_return_error (statp, resplen2); |
522 |
} |
523 |
evSubTime(&timeout, &finish, &now); |
524 |
need_recompute = 0; |
525 |
@@ -1185,7 +1197,9 @@ send_dg(res_state statp, |
526 |
} |
527 |
|
528 |
*gotsomewhere = 1; |
529 |
- return (0); |
530 |
+ if (resplen2 != NULL) |
531 |
+ *resplen2 = 0; |
532 |
+ return 0; |
533 |
} |
534 |
if (n < 0) { |
535 |
if (errno == EINTR) |
536 |
@@ -1253,7 +1267,7 @@ send_dg(res_state statp, |
537 |
|
538 |
fail_sendmmsg: |
539 |
Perror(statp, stderr, "sendmmsg", errno); |
540 |
- goto err_out; |
541 |
+ return close_and_return_error (statp, resplen2); |
542 |
} |
543 |
} |
544 |
else |
545 |
@@ -1271,7 +1285,7 @@ send_dg(res_state statp, |
546 |
if (errno == EINTR || errno == EAGAIN) |
547 |
goto recompute_resend; |
548 |
Perror(statp, stderr, "send", errno); |
549 |
- goto err_out; |
550 |
+ return close_and_return_error (statp, resplen2); |
551 |
} |
552 |
just_one: |
553 |
if (nwritten != 0 || buf2 == NULL || single_request) |
554 |
@@ -1349,7 +1363,7 @@ send_dg(res_state statp, |
555 |
goto wait; |
556 |
} |
557 |
Perror(statp, stderr, "recvfrom", errno); |
558 |
- goto err_out; |
559 |
+ return close_and_return_error (statp, resplen2); |
560 |
} |
561 |
*gotsomewhere = 1; |
562 |
if (__glibc_unlikely (*thisresplenp < HFIXEDSZ)) { |
563 |
@@ -1360,7 +1374,7 @@ send_dg(res_state statp, |
564 |
(stdout, ";; undersized: %d\n", |
565 |
*thisresplenp)); |
566 |
*terrno = EMSGSIZE; |
567 |
- goto err_out; |
568 |
+ return close_and_return_error (statp, resplen2); |
569 |
} |
570 |
if ((recvresp1 || hp->id != anhp->id) |
571 |
&& (recvresp2 || hp2->id != anhp->id)) { |
572 |
@@ -1409,7 +1423,7 @@ send_dg(res_state statp, |
573 |
? *thisanssizp : *thisresplenp); |
574 |
/* record the error */ |
575 |
statp->_flags |= RES_F_EDNS0ERR; |
576 |
- goto err_out; |
577 |
+ return close_and_return_error (statp, resplen2); |
578 |
} |
579 |
#endif |
580 |
if (!(statp->options & RES_INSECURE2) |
581 |
@@ -1461,10 +1475,10 @@ send_dg(res_state statp, |
582 |
goto wait; |
583 |
} |
584 |
|
585 |
- __res_iclose(statp, false); |
586 |
/* don't retry if called from dig */ |
587 |
if (!statp->pfcode) |
588 |
- return (0); |
589 |
+ return close_and_return_error (statp, resplen2); |
590 |
+ __res_iclose(statp, false); |
591 |
} |
592 |
if (anhp->rcode == NOERROR && anhp->ancount == 0 |
593 |
&& anhp->aa == 0 && anhp->ra == 0 && anhp->arcount == 0) { |
594 |
@@ -1486,6 +1500,8 @@ send_dg(res_state statp, |
595 |
__res_iclose(statp, false); |
596 |
// XXX if we have received one reply we could |
597 |
// XXX use it and not repeat it over TCP... |
598 |
+ if (resplen2 != NULL) |
599 |
+ *resplen2 = 0; |
600 |
return (1); |
601 |
} |
602 |
/* Mark which reply we received. */ |
603 |
@@ -1501,21 +1517,22 @@ send_dg(res_state statp, |
604 |
__res_iclose (statp, false); |
605 |
retval = reopen (statp, terrno, ns); |
606 |
if (retval <= 0) |
607 |
- return retval; |
608 |
+ { |
609 |
+ if (resplen2 != NULL) |
610 |
+ *resplen2 = 0; |
611 |
+ return retval; |
612 |
+ } |
613 |
pfd[0].fd = EXT(statp).nssocks[ns]; |
614 |
} |
615 |
} |
616 |
goto wait; |
617 |
} |
618 |
- /* |
619 |
- * All is well, or the error is fatal. Signal that the |
620 |
- * next nameserver ought not be tried. |
621 |
- */ |
622 |
+ /* All is well. We have received both responses (if |
623 |
+ two responses were requested). */ |
624 |
return (resplen); |
625 |
- } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL)) { |
626 |
- /* Something went wrong. We can stop trying. */ |
627 |
- goto err_out; |
628 |
- } |
629 |
+ } else if (pfd[0].revents & (POLLERR | POLLHUP | POLLNVAL)) |
630 |
+ /* Something went wrong. We can stop trying. */ |
631 |
+ return close_and_return_error (statp, resplen2); |
632 |
else { |
633 |
/* poll should not have returned > 0 in this case. */ |
634 |
abort (); |
635 |
-- |
636 |
2.7.4 |