From a5ea0a3f50c9f9d2d8ee7280fdebe0c23f8c351c Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Fri, 14 Feb 2014 16:01:47 +0100 Subject: [PATCH] glibc: Update to 2.19 --- .../libraries/glibc/2.19/common.nix | 20 +- .../glibc/2.19/cve-2012-4412+4424.patch | 1006 ----------------- .../libraries/glibc/2.19/cve-2013-4237.patch | 302 ----- .../libraries/glibc/2.19/cve-2013-4332.patch | 56 - .../libraries/glibc/2.19/cve-2013-4458.patch | 50 - .../libraries/glibc/2.19/cve-2013-4788.patch | 222 ---- .../libraries/glibc/2.19/glibc-rh739743.patch | 55 - .../libraries/glibc/2.19/scanf.patch | 21 - .../glibc/2.19/strstr-sse42-hack.patch | 14 - 9 files changed, 2 insertions(+), 1744 deletions(-) delete mode 100644 pkgs/development/libraries/glibc/2.19/cve-2012-4412+4424.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/cve-2013-4237.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/cve-2013-4332.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/cve-2013-4458.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/cve-2013-4788.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/glibc-rh739743.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/scanf.patch delete mode 100644 pkgs/development/libraries/glibc/2.19/strstr-sse42-hack.patch diff --git a/pkgs/development/libraries/glibc/2.19/common.nix b/pkgs/development/libraries/glibc/2.19/common.nix index 518615b1739a..07baefa92810 100644 --- a/pkgs/development/libraries/glibc/2.19/common.nix +++ b/pkgs/development/libraries/glibc/2.19/common.nix @@ -13,7 +13,7 @@ cross: let - version = "2.18"; + version = "2.19"; in @@ -49,26 +49,10 @@ stdenv.mkDerivation ({ to default to blowfish). */ ./glibc-crypt-blowfish.patch - /* Fix for random "./sysdeps/posix/getaddrinfo.c:1467: - rfc3484_sort: Assertion `src->results[i].native == -1 || - src->results[i].native == a2_native' failed." crashes. */ - ./glibc-rh739743.patch - - ./scanf.patch - /* The command "getconf CS_PATH" returns the default search path "/bin:/usr/bin", which is inappropriate on NixOS machines. This patch extends the search path by "/run/current-system/sw/bin". */ ./fix_path_attribute_in_getconf.patch - - - ./cve-2012-4412+4424.patch - ./cve-2013-4237.patch - ./cve-2013-4332.patch - ./cve-2013-4458.patch - ./cve-2013-4788.patch - - ./strstr-sse42-hack.patch ]; postPatch = '' @@ -152,7 +136,7 @@ stdenv.mkDerivation ({ } else fetchurl { url = "mirror://gnu/glibc/glibc-${version}.tar.gz"; - sha256 = "0d3pnh6kg5r48ga5rg4lhwlc1062brr6fiqs4j23327gzssjgry8"; + sha256 = "15n7x9mmzhd7w6s5hd9srx0h23b32gwb306x98k9ss940yvnvb8q"; }; # Remove absolute paths from `configure' & co.; build out-of-tree. diff --git a/pkgs/development/libraries/glibc/2.19/cve-2012-4412+4424.patch b/pkgs/development/libraries/glibc/2.19/cve-2012-4412+4424.patch deleted file mode 100644 index 67ffbbc217b6..000000000000 --- a/pkgs/development/libraries/glibc/2.19/cve-2012-4412+4424.patch +++ /dev/null @@ -1,1006 +0,0 @@ -https://projects.archlinux.org/svntogit/packages.git/tree/trunk/glibc-2.18-strcoll-CVE-2012-4412+4424.patch?h=packages/glibc - -diff --git a/string/strcoll_l.c b/string/strcoll_l.c -index ecda08f..bb34a72 100644 ---- a/string/strcoll_l.c -+++ b/string/strcoll_l.c -@@ -41,11 +41,434 @@ - - #include "../locale/localeinfo.h" - -+/* Track status while looking for sequences in a string. */ -+typedef struct -+{ -+ int len; /* Length of the current sequence. */ -+ size_t val; /* Position of the sequence relative to the -+ previous non-ignored sequence. */ -+ size_t idxnow; /* Current index in sequences. */ -+ size_t idxmax; /* Maximum index in sequences. */ -+ size_t idxcnt; /* Current count of indices. */ -+ size_t backw; /* Current Backward sequence index. */ -+ size_t backw_stop; /* Index where the backward sequences stop. */ -+ const USTRING_TYPE *us; /* The string. */ -+ int32_t *idxarr; /* Array to cache weight indices. */ -+ unsigned char *rulearr; /* Array to cache rules. */ -+ unsigned char rule; /* Saved rule for the first sequence. */ -+ int32_t idx; /* Index to weight of the current sequence. */ -+ int32_t save_idx; /* Save looked up index of a forward -+ sequence after the last backward -+ sequence. */ -+ const USTRING_TYPE *back_us; /* Beginning of the backward sequence. */ -+} coll_seq; -+ -+/* Get next sequence. The weight indices are cached, so we don't need to -+ traverse the string. */ -+static void -+get_next_seq_cached (coll_seq *seq, int nrules, int pass, -+ const unsigned char *rulesets, -+ const USTRING_TYPE *weights) -+{ -+ size_t val = seq->val = 0; -+ int len = seq->len; -+ size_t backw_stop = seq->backw_stop; -+ size_t backw = seq->backw; -+ size_t idxcnt = seq->idxcnt; -+ size_t idxmax = seq->idxmax; -+ size_t idxnow = seq->idxnow; -+ unsigned char *rulearr = seq->rulearr; -+ int32_t *idxarr = seq->idxarr; -+ -+ while (len == 0) -+ { -+ ++val; -+ if (backw_stop != ~0ul) -+ { -+ /* There is something pushed. */ -+ if (backw == backw_stop) -+ { -+ /* The last pushed character was handled. Continue -+ with forward characters. */ -+ if (idxcnt < idxmax) -+ { -+ idxnow = idxcnt; -+ backw_stop = ~0ul; -+ } -+ else -+ { -+ /* Nothing any more. The backward sequence -+ ended with the last sequence in the string. */ -+ idxnow = ~0ul; -+ break; -+ } -+ } -+ else -+ idxnow = --backw; -+ } -+ else -+ { -+ backw_stop = idxcnt; -+ -+ while (idxcnt < idxmax) -+ { -+ if ((rulesets[rulearr[idxcnt] * nrules + pass] -+ & sort_backward) == 0) -+ /* No more backward characters to push. */ -+ break; -+ ++idxcnt; -+ } -+ -+ if (backw_stop == idxcnt) -+ { -+ /* No sequence at all or just one. */ -+ if (idxcnt == idxmax) -+ /* Note that LEN is still zero. */ -+ break; -+ -+ backw_stop = ~0ul; -+ idxnow = idxcnt++; -+ } -+ else -+ /* We pushed backward sequences. */ -+ idxnow = backw = idxcnt - 1; -+ } -+ len = weights[idxarr[idxnow]++]; -+ } -+ -+ /* Update the structure. */ -+ seq->val = val; -+ seq->len = len; -+ seq->backw_stop = backw_stop; -+ seq->backw = backw; -+ seq->idxcnt = idxcnt; -+ seq->idxnow = idxnow; -+} -+ -+/* Get next sequence. Traverse the string as required. */ -+static void -+get_next_seq (coll_seq *seq, int nrules, const unsigned char *rulesets, -+ const USTRING_TYPE *weights, const int32_t *table, -+ const USTRING_TYPE *extra, const int32_t *indirect) -+{ -+#include WEIGHT_H -+ size_t val = seq->val = 0; -+ int len = seq->len; -+ size_t backw_stop = seq->backw_stop; -+ size_t backw = seq->backw; -+ size_t idxcnt = seq->idxcnt; -+ size_t idxmax = seq->idxmax; -+ size_t idxnow = seq->idxnow; -+ unsigned char *rulearr = seq->rulearr; -+ int32_t *idxarr = seq->idxarr; -+ const USTRING_TYPE *us = seq->us; -+ -+ while (len == 0) -+ { -+ ++val; -+ if (backw_stop != ~0ul) -+ { -+ /* There is something pushed. */ -+ if (backw == backw_stop) -+ { -+ /* The last pushed character was handled. Continue -+ with forward characters. */ -+ if (idxcnt < idxmax) -+ { -+ idxnow = idxcnt; -+ backw_stop = ~0ul; -+ } -+ else -+ /* Nothing any more. The backward sequence ended with -+ the last sequence in the string. Note that LEN -+ is still zero. */ -+ break; -+ } -+ else -+ idxnow = --backw; -+ } -+ else -+ { -+ backw_stop = idxmax; -+ -+ while (*us != L('\0')) -+ { -+ int32_t tmp = findidx (&us, -1); -+ rulearr[idxmax] = tmp >> 24; -+ idxarr[idxmax] = tmp & 0xffffff; -+ idxcnt = idxmax++; -+ -+ if ((rulesets[rulearr[idxcnt] * nrules] -+ & sort_backward) == 0) -+ /* No more backward characters to push. */ -+ break; -+ ++idxcnt; -+ } -+ -+ if (backw_stop >= idxcnt) -+ { -+ /* No sequence at all or just one. */ -+ if (idxcnt == idxmax || backw_stop > idxcnt) -+ /* Note that LEN is still zero. */ -+ break; -+ -+ backw_stop = ~0ul; -+ idxnow = idxcnt; -+ } -+ else -+ /* We pushed backward sequences. */ -+ idxnow = backw = idxcnt - 1; -+ } -+ len = weights[idxarr[idxnow]++]; -+ } -+ -+ /* Update the structure. */ -+ seq->val = val; -+ seq->len = len; -+ seq->backw_stop = backw_stop; -+ seq->backw = backw; -+ seq->idxcnt = idxcnt; -+ seq->idxmax = idxmax; -+ seq->idxnow = idxnow; -+ seq->us = us; -+} -+ -+/* Get next sequence. Traverse the string as required. This function does not -+ set or use any index or rule cache. */ -+static void -+get_next_seq_nocache (coll_seq *seq, int nrules, const unsigned char *rulesets, -+ const USTRING_TYPE *weights, const int32_t *table, -+ const USTRING_TYPE *extra, const int32_t *indirect, -+ int pass) -+{ -+#include WEIGHT_H -+ size_t val = seq->val = 0; -+ int len = seq->len; -+ size_t backw_stop = seq->backw_stop; -+ size_t backw = seq->backw; -+ size_t idxcnt = seq->idxcnt; -+ size_t idxmax = seq->idxmax; -+ int32_t idx = seq->idx; -+ const USTRING_TYPE *us = seq->us; -+ -+ while (len == 0) -+ { -+ ++val; -+ if (backw_stop != ~0ul) -+ { -+ /* There is something pushed. */ -+ if (backw == backw_stop) -+ { -+ /* The last pushed character was handled. Continue -+ with forward characters. */ -+ if (idxcnt < idxmax) -+ { -+ idx = seq->save_idx; -+ backw_stop = ~0ul; -+ } -+ else -+ { -+ /* Nothing anymore. The backward sequence ended with -+ the last sequence in the string. Note that len is -+ still zero. */ -+ idx = 0; -+ break; -+ } -+ } -+ else -+ { -+ /* XXX Traverse BACKW sequences from the beginning of -+ BACKW_STOP to get the next sequence. Is ther a quicker way -+ to do this? */ -+ size_t i = backw_stop; -+ us = seq->back_us; -+ while (i < backw) -+ { -+ int32_t tmp = findidx (&us, -1); -+ idx = tmp & 0xffffff; -+ i++; -+ } -+ --backw; -+ us = seq->us; -+ } -+ } -+ else -+ { -+ backw_stop = idxmax; -+ int32_t prev_idx = idx; -+ -+ while (*us != L('\0')) -+ { -+ int32_t tmp = findidx (&us, -1); -+ unsigned char rule = tmp >> 24; -+ prev_idx = idx; -+ idx = tmp & 0xffffff; -+ idxcnt = idxmax++; -+ -+ /* Save the rule for the first sequence. */ -+ if (__glibc_unlikely (idxcnt == 0)) -+ seq->rule = rule; -+ -+ if ((rulesets[rule * nrules + pass] -+ & sort_backward) == 0) -+ /* No more backward characters to push. */ -+ break; -+ ++idxcnt; -+ } -+ -+ if (backw_stop >= idxcnt) -+ { -+ /* No sequence at all or just one. */ -+ if (idxcnt == idxmax || backw_stop > idxcnt) -+ /* Note that len is still zero. */ -+ break; -+ -+ backw_stop = ~0ul; -+ } -+ else -+ { -+ /* We pushed backward sequences. If the stream ended with the -+ backward sequence, then we process the last sequence we -+ found. Otherwise we process the sequence before the last -+ one since the last one was a forward sequence. */ -+ seq->back_us = seq->us; -+ seq->us = us; -+ backw = idxcnt; -+ if (idxmax > idxcnt) -+ { -+ backw--; -+ seq->save_idx = idx; -+ idx = prev_idx; -+ } -+ if (backw > backw_stop) -+ backw--; -+ } -+ } -+ -+ len = weights[idx++]; -+ /* Skip over indices of previous levels. */ -+ for (int i = 0; i < pass; i++) -+ { -+ idx += len; -+ len = weights[idx]; -+ idx++; -+ } -+ } -+ -+ /* Update the structure. */ -+ seq->val = val; -+ seq->len = len; -+ seq->backw_stop = backw_stop; -+ seq->backw = backw; -+ seq->idxcnt = idxcnt; -+ seq->idxmax = idxmax; -+ seq->us = us; -+ seq->idx = idx; -+} -+ -+/* Compare two sequences. This version does not use the index and rules -+ cache. */ -+static int -+do_compare_nocache (coll_seq *seq1, coll_seq *seq2, int position, -+ const USTRING_TYPE *weights) -+{ -+ int seq1len = seq1->len; -+ int seq2len = seq2->len; -+ size_t val1 = seq1->val; -+ size_t val2 = seq2->val; -+ int idx1 = seq1->idx; -+ int idx2 = seq2->idx; -+ int result = 0; -+ -+ /* Test for position if necessary. */ -+ if (position && val1 != val2) -+ { -+ result = val1 > val2 ? 1 : -1; -+ goto out; -+ } -+ -+ /* Compare the two sequences. */ -+ do -+ { -+ if (weights[idx1] != weights[idx2]) -+ { -+ /* The sequences differ. */ -+ result = weights[idx1] - weights[idx2]; -+ goto out; -+ } -+ -+ /* Increment the offsets. */ -+ ++idx1; -+ ++idx2; -+ -+ --seq1len; -+ --seq2len; -+ } -+ while (seq1len > 0 && seq2len > 0); -+ -+ if (position && seq1len != seq2len) -+ result = seq1len - seq2len; -+ -+out: -+ seq1->len = seq1len; -+ seq2->len = seq2len; -+ seq1->idx = idx1; -+ seq2->idx = idx2; -+ return result; -+} -+ -+/* Compare two sequences using the index cache. */ -+static int -+do_compare (coll_seq *seq1, coll_seq *seq2, int position, -+ const USTRING_TYPE *weights) -+{ -+ int seq1len = seq1->len; -+ int seq2len = seq2->len; -+ size_t val1 = seq1->val; -+ size_t val2 = seq2->val; -+ int32_t *idx1arr = seq1->idxarr; -+ int32_t *idx2arr = seq2->idxarr; -+ int idx1now = seq1->idxnow; -+ int idx2now = seq2->idxnow; -+ int result = 0; -+ -+ /* Test for position if necessary. */ -+ if (position && val1 != val2) -+ { -+ result = val1 > val2 ? 1 : -1; -+ goto out; -+ } -+ -+ /* Compare the two sequences. */ -+ do -+ { -+ if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]]) -+ { -+ /* The sequences differ. */ -+ result = weights[idx1arr[idx1now]] - weights[idx2arr[idx2now]]; -+ goto out; -+ } -+ -+ /* Increment the offsets. */ -+ ++idx1arr[idx1now]; -+ ++idx2arr[idx2now]; -+ -+ --seq1len; -+ --seq2len; -+ } -+ while (seq1len > 0 && seq2len > 0); -+ -+ if (position && seq1len != seq2len) -+ result = seq1len - seq2len; -+ -+out: -+ seq1->len = seq1len; -+ seq2->len = seq2len; -+ return result; -+} -+ - int --STRCOLL (s1, s2, l) -- const STRING_TYPE *s1; -- const STRING_TYPE *s2; -- __locale_t l; -+STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l) - { - struct __locale_data *current = l->__locales[LC_COLLATE]; - uint_fast32_t nrules = current->values[_NL_ITEM_INDEX (_NL_COLLATE_NRULES)].word; -@@ -56,34 +479,6 @@ STRCOLL (s1, s2, l) - const USTRING_TYPE *weights; - const USTRING_TYPE *extra; - const int32_t *indirect; -- uint_fast32_t pass; -- int result = 0; -- const USTRING_TYPE *us1; -- const USTRING_TYPE *us2; -- size_t s1len; -- size_t s2len; -- int32_t *idx1arr; -- int32_t *idx2arr; -- unsigned char *rule1arr; -- unsigned char *rule2arr; -- size_t idx1max; -- size_t idx2max; -- size_t idx1cnt; -- size_t idx2cnt; -- size_t idx1now; -- size_t idx2now; -- size_t backw1_stop; -- size_t backw2_stop; -- size_t backw1; -- size_t backw2; -- int val1; -- int val2; -- int position; -- int seq1len; -- int seq2len; -- int use_malloc; -- --#include WEIGHT_H - - if (nrules == 0) - return STRCMP (s1, s2); -@@ -98,7 +493,6 @@ STRCOLL (s1, s2, l) - current->values[_NL_ITEM_INDEX (CONCAT(_NL_COLLATE_EXTRA,SUFFIX))].string; - indirect = (const int32_t *) - current->values[_NL_ITEM_INDEX (CONCAT(_NL_COLLATE_INDIRECT,SUFFIX))].string; -- use_malloc = 0; - - assert (((uintptr_t) table) % __alignof__ (table[0]) == 0); - assert (((uintptr_t) weights) % __alignof__ (weights[0]) == 0); -@@ -106,18 +500,13 @@ STRCOLL (s1, s2, l) - assert (((uintptr_t) indirect) % __alignof__ (indirect[0]) == 0); - - /* We need this a few times. */ -- s1len = STRLEN (s1); -- s2len = STRLEN (s2); -+ size_t s1len = STRLEN (s1); -+ size_t s2len = STRLEN (s2); - - /* Catch empty strings. */ -- if (__builtin_expect (s1len == 0, 0) || __builtin_expect (s2len == 0, 0)) -+ if (__glibc_unlikely (s1len == 0) || __glibc_unlikely (s2len == 0)) - return (s1len != 0) - (s2len != 0); - -- /* We need the elements of the strings as unsigned values since they -- are used as indeces. */ -- us1 = (const USTRING_TYPE *) s1; -- us2 = (const USTRING_TYPE *) s2; -- - /* Perform the first pass over the string and while doing this find - and store the weights for each character. Since we want this to - be as fast as possible we are using `alloca' to store the temporary -@@ -127,411 +516,124 @@ STRCOLL (s1, s2, l) - - Please note that the localedef programs makes sure that `position' - is not used at the first level. */ -- if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1))) -- { -- idx1arr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1)); -- idx2arr = &idx1arr[s1len]; -- rule1arr = (unsigned char *) &idx2arr[s2len]; -- rule2arr = &rule1arr[s1len]; -- -- if (idx1arr == NULL) -- /* No memory. Well, go with the stack then. -- -- XXX Once this implementation is stable we will handle this -- differently. Instead of precomputing the indeces we will -- do this in time. This means, though, that this happens for -- every pass again. */ -- goto try_stack; -- use_malloc = 1; -- } -- else -- { -- try_stack: -- idx1arr = (int32_t *) alloca (s1len * sizeof (int32_t)); -- idx2arr = (int32_t *) alloca (s2len * sizeof (int32_t)); -- rule1arr = (unsigned char *) alloca (s1len); -- rule2arr = (unsigned char *) alloca (s2len); -- } - -- idx1cnt = 0; -- idx2cnt = 0; -- idx1max = 0; -- idx2max = 0; -- idx1now = 0; -- idx2now = 0; -- backw1_stop = ~0ul; -- backw2_stop = ~0ul; -- backw1 = ~0ul; -- backw2 = ~0ul; -- seq1len = 0; -- seq2len = 0; -- position = rulesets[0] & sort_position; -- while (1) -- { -- val1 = 0; -- val2 = 0; -- -- /* Get the next non-IGNOREd element for string `s1'. */ -- if (seq1len == 0) -- do -- { -- ++val1; -- -- if (backw1_stop != ~0ul) -- { -- /* The is something pushed. */ -- if (backw1 == backw1_stop) -- { -- /* The last pushed character was handled. Continue -- with forward characters. */ -- if (idx1cnt < idx1max) -- { -- idx1now = idx1cnt; -- backw1_stop = ~0ul; -- } -- else -- /* Nothing anymore. The backward sequence ended with -- the last sequence in the string. Note that seq1len -- is still zero. */ -- break; -- } -- else -- idx1now = --backw1; -- } -- else -- { -- backw1_stop = idx1max; -- -- while (*us1 != L('\0')) -- { -- int32_t tmp = findidx (&us1, -1); -- rule1arr[idx1max] = tmp >> 24; -- idx1arr[idx1max] = tmp & 0xffffff; -- idx1cnt = idx1max++; -- -- if ((rulesets[rule1arr[idx1cnt] * nrules] -- & sort_backward) == 0) -- /* No more backward characters to push. */ -- break; -- ++idx1cnt; -- } -- -- if (backw1_stop >= idx1cnt) -- { -- /* No sequence at all or just one. */ -- if (idx1cnt == idx1max || backw1_stop > idx1cnt) -- /* Note that seq1len is still zero. */ -- break; -- -- backw1_stop = ~0ul; -- idx1now = idx1cnt; -- } -- else -- /* We pushed backward sequences. */ -- idx1now = backw1 = idx1cnt - 1; -- } -- } -- while ((seq1len = weights[idx1arr[idx1now]++]) == 0); -- -- /* And the same for string `s2'. */ -- if (seq2len == 0) -- do -- { -- ++val2; -- -- if (backw2_stop != ~0ul) -- { -- /* The is something pushed. */ -- if (backw2 == backw2_stop) -- { -- /* The last pushed character was handled. Continue -- with forward characters. */ -- if (idx2cnt < idx2max) -- { -- idx2now = idx2cnt; -- backw2_stop = ~0ul; -- } -- else -- /* Nothing anymore. The backward sequence ended with -- the last sequence in the string. Note that seq2len -- is still zero. */ -- break; -- } -- else -- idx2now = --backw2; -- } -- else -- { -- backw2_stop = idx2max; -- -- while (*us2 != L('\0')) -- { -- int32_t tmp = findidx (&us2, -1); -- rule2arr[idx2max] = tmp >> 24; -- idx2arr[idx2max] = tmp & 0xffffff; -- idx2cnt = idx2max++; -- -- if ((rulesets[rule2arr[idx2cnt] * nrules] -- & sort_backward) == 0) -- /* No more backward characters to push. */ -- break; -- ++idx2cnt; -- } -- -- if (backw2_stop >= idx2cnt) -- { -- /* No sequence at all or just one. */ -- if (idx2cnt == idx2max || backw2_stop > idx2cnt) -- /* Note that seq1len is still zero. */ -- break; -- -- backw2_stop = ~0ul; -- idx2now = idx2cnt; -- } -- else -- /* We pushed backward sequences. */ -- idx2now = backw2 = idx2cnt - 1; -- } -- } -- while ((seq2len = weights[idx2arr[idx2now]++]) == 0); -- -- /* See whether any or both strings are empty. */ -- if (seq1len == 0 || seq2len == 0) -- { -- if (seq1len == seq2len) -- /* Both ended. So far so good, both strings are equal at the -- first level. */ -- break; -- -- /* This means one string is shorter than the other. Find out -- which one and return an appropriate value. */ -- result = seq1len == 0 ? -1 : 1; -- goto free_and_return; -- } -+ coll_seq seq1, seq2; -+ bool use_malloc = false; -+ int result = 0; - -- /* Test for position if necessary. */ -- if (position && val1 != val2) -- { -- result = val1 - val2; -- goto free_and_return; -- } -+ memset (&seq1, 0, sizeof (seq1)); -+ seq2 = seq1; - -- /* Compare the two sequences. */ -- do -- { -- if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]]) -- { -- /* The sequences differ. */ -- result = weights[idx1arr[idx1now]] - weights[idx2arr[idx2now]]; -- goto free_and_return; -- } -+ size_t size_max = SIZE_MAX / (sizeof (int32_t) + 1); - -- /* Increment the offsets. */ -- ++idx1arr[idx1now]; -- ++idx2arr[idx2now]; -+ /* If the strings are long enough to cause overflow in the size request, then -+ skip the allocation and proceed with the non-cached routines. */ -+ if (MIN (s1len, s2len) > size_max -+ || MAX (s1len, s2len) > size_max - MIN (s1len, s2len)) -+ goto begin_collate; - -- --seq1len; -- --seq2len; -- } -- while (seq1len > 0 && seq2len > 0); -+ if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1))) -+ { -+ seq1.idxarr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1)); - -- if (position && seq1len != seq2len) -+ /* If we failed to allocate memory, we leave everything as NULL so that -+ we use the nocache version of traversal and comparison functions. */ -+ if (seq1.idxarr != NULL) - { -- result = seq1len - seq2len; -- goto free_and_return; -+ seq2.idxarr = &seq1.idxarr[s1len]; -+ seq1.rulearr = (unsigned char *) &seq2.idxarr[s2len]; -+ seq2.rulearr = &seq1.rulearr[s1len]; -+ use_malloc = true; - } - } -+ else -+ { -+ seq1.idxarr = (int32_t *) alloca (s1len * sizeof (int32_t)); -+ seq2.idxarr = (int32_t *) alloca (s2len * sizeof (int32_t)); -+ seq1.rulearr = (unsigned char *) alloca (s1len); -+ seq2.rulearr = (unsigned char *) alloca (s2len); -+ } - -- /* Now the remaining passes over the weights. We now use the -- indeces we found before. */ -- for (pass = 1; pass < nrules; ++pass) -+ int rule; -+ -+ begin_collate: -+ rule = 0; -+ /* Cache values in the first pass and if needed, use them in subsequent -+ passes. */ -+ for (int pass = 0; pass < nrules; ++pass) - { -+ seq1.idxcnt = 0; -+ seq1.idx = 0; -+ seq2.idx = 0; -+ seq1.backw_stop = ~0ul; -+ seq1.backw = ~0ul; -+ seq2.idxcnt = 0; -+ seq2.backw_stop = ~0ul; -+ seq2.backw = ~0ul; -+ -+ /* We need the elements of the strings as unsigned values since they -+ are used as indices. */ -+ seq1.us = (const USTRING_TYPE *) s1; -+ seq2.us = (const USTRING_TYPE *) s2; -+ - /* We assume that if a rule has defined `position' in one section - this is true for all of them. */ -- idx1cnt = 0; -- idx2cnt = 0; -- backw1_stop = ~0ul; -- backw2_stop = ~0ul; -- backw1 = ~0ul; -- backw2 = ~0ul; -- position = rulesets[rule1arr[0] * nrules + pass] & sort_position; -+ int position = rulesets[rule * nrules + pass] & sort_position; - - while (1) - { -- val1 = 0; -- val2 = 0; -- -- /* Get the next non-IGNOREd element for string `s1'. */ -- if (seq1len == 0) -- do -- { -- ++val1; -- -- if (backw1_stop != ~0ul) -- { -- /* The is something pushed. */ -- if (backw1 == backw1_stop) -- { -- /* The last pushed character was handled. Continue -- with forward characters. */ -- if (idx1cnt < idx1max) -- { -- idx1now = idx1cnt; -- backw1_stop = ~0ul; -- } -- else -- { -- /* Nothing anymore. The backward sequence -- ended with the last sequence in the string. */ -- idx1now = ~0ul; -- break; -- } -- } -- else -- idx1now = --backw1; -- } -- else -- { -- backw1_stop = idx1cnt; -- -- while (idx1cnt < idx1max) -- { -- if ((rulesets[rule1arr[idx1cnt] * nrules + pass] -- & sort_backward) == 0) -- /* No more backward characters to push. */ -- break; -- ++idx1cnt; -- } -- -- if (backw1_stop == idx1cnt) -- { -- /* No sequence at all or just one. */ -- if (idx1cnt == idx1max) -- /* Note that seq1len is still zero. */ -- break; -- -- backw1_stop = ~0ul; -- idx1now = idx1cnt++; -- } -- else -- /* We pushed backward sequences. */ -- idx1now = backw1 = idx1cnt - 1; -- } -- } -- while ((seq1len = weights[idx1arr[idx1now]++]) == 0); -- -- /* And the same for string `s2'. */ -- if (seq2len == 0) -- do -- { -- ++val2; -- -- if (backw2_stop != ~0ul) -- { -- /* The is something pushed. */ -- if (backw2 == backw2_stop) -- { -- /* The last pushed character was handled. Continue -- with forward characters. */ -- if (idx2cnt < idx2max) -- { -- idx2now = idx2cnt; -- backw2_stop = ~0ul; -- } -- else -- { -- /* Nothing anymore. The backward sequence -- ended with the last sequence in the string. */ -- idx2now = ~0ul; -- break; -- } -- } -- else -- idx2now = --backw2; -- } -- else -- { -- backw2_stop = idx2cnt; -- -- while (idx2cnt < idx2max) -- { -- if ((rulesets[rule2arr[idx2cnt] * nrules + pass] -- & sort_backward) == 0) -- /* No more backward characters to push. */ -- break; -- ++idx2cnt; -- } -- -- if (backw2_stop == idx2cnt) -- { -- /* No sequence at all or just one. */ -- if (idx2cnt == idx2max) -- /* Note that seq2len is still zero. */ -- break; -- -- backw2_stop = ~0ul; -- idx2now = idx2cnt++; -- } -- else -- /* We pushed backward sequences. */ -- idx2now = backw2 = idx2cnt - 1; -- } -- } -- while ((seq2len = weights[idx2arr[idx2now]++]) == 0); -+ if (__glibc_unlikely (seq1.idxarr == NULL)) -+ { -+ get_next_seq_nocache (&seq1, nrules, rulesets, weights, table, -+ extra, indirect, pass); -+ get_next_seq_nocache (&seq2, nrules, rulesets, weights, table, -+ extra, indirect, pass); -+ } -+ else if (pass == 0) -+ { -+ get_next_seq (&seq1, nrules, rulesets, weights, table, extra, -+ indirect); -+ get_next_seq (&seq2, nrules, rulesets, weights, table, extra, -+ indirect); -+ } -+ else -+ { -+ get_next_seq_cached (&seq1, nrules, pass, rulesets, weights); -+ get_next_seq_cached (&seq2, nrules, pass, rulesets, weights); -+ } - - /* See whether any or both strings are empty. */ -- if (seq1len == 0 || seq2len == 0) -+ if (seq1.len == 0 || seq2.len == 0) - { -- if (seq1len == seq2len) -+ if (seq1.len == seq2.len) - /* Both ended. So far so good, both strings are equal - at this level. */ - break; - - /* This means one string is shorter than the other. Find out - which one and return an appropriate value. */ -- result = seq1len == 0 ? -1 : 1; -+ result = seq1.len == 0 ? -1 : 1; - goto free_and_return; - } - -- /* Test for position if necessary. */ -- if (position && val1 != val2) -- { -- result = val1 - val2; -- goto free_and_return; -- } -- -- /* Compare the two sequences. */ -- do -- { -- if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]]) -- { -- /* The sequences differ. */ -- result = (weights[idx1arr[idx1now]] -- - weights[idx2arr[idx2now]]); -- goto free_and_return; -- } -- -- /* Increment the offsets. */ -- ++idx1arr[idx1now]; -- ++idx2arr[idx2now]; -- -- --seq1len; -- --seq2len; -- } -- while (seq1len > 0 && seq2len > 0); -- -- if (position && seq1len != seq2len) -- { -- result = seq1len - seq2len; -- goto free_and_return; -- } -+ if (__glibc_unlikely (seq1.idxarr == NULL)) -+ result = do_compare_nocache (&seq1, &seq2, position, weights); -+ else -+ result = do_compare (&seq1, &seq2, position, weights); -+ if (result != 0) -+ goto free_and_return; - } -+ -+ if (__glibc_likely (seq1.rulearr != NULL)) -+ rule = seq1.rulearr[0]; -+ else -+ rule = seq1.rule; - } - - /* Free the memory if needed. */ - free_and_return: - if (use_malloc) -- free (idx1arr); -+ free (seq1.idxarr); - - return result; - } diff --git a/pkgs/development/libraries/glibc/2.19/cve-2013-4237.patch b/pkgs/development/libraries/glibc/2.19/cve-2013-4237.patch deleted file mode 100644 index f745cb003aa2..000000000000 --- a/pkgs/development/libraries/glibc/2.19/cve-2013-4237.patch +++ /dev/null @@ -1,302 +0,0 @@ -commit 91ce40854d0b7f865cf5024ef95a8026b76096f3 -Author: Florian Weimer -Date: Fri Aug 16 09:38:52 2013 +0200 - - CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r - - * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode - member. - * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode - member. - * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member. - * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit. - Return delayed error code. Remove GETDENTS_64BIT_ALIGNED - conditional. - * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define - GETDENTS_64BIT_ALIGNED. - * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise. - * manual/filesys.texi (Reading/Closing Directory): Document - ENAMETOOLONG return value of readdir_r. Recommend readdir more - strongly. - * manual/conf.texi (Limits for Files): Add portability note to - NAME_MAX, PATH_MAX. - (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX. - -diff --git a/manual/conf.texi b/manual/conf.texi -index 7eb8b36..c720063 100644 ---- a/manual/conf.texi -+++ b/manual/conf.texi -@@ -1149,6 +1149,9 @@ typed ahead as input. @xref{I/O Queues}. - @deftypevr Macro int NAME_MAX - The uniform system limit (if any) for the length of a file name component, not - including the terminating null character. -+ -+@strong{Portability Note:} On some systems, @theglibc{} defines -+@code{NAME_MAX}, but does not actually enforce this limit. - @end deftypevr - - @comment limits.h -@@ -1157,6 +1160,9 @@ including the terminating null character. - The uniform system limit (if any) for the length of an entire file name (that - is, the argument given to system calls such as @code{open}), including the - terminating null character. -+ -+@strong{Portability Note:} @Theglibc{} does not enforce this limit -+even if @code{PATH_MAX} is defined. - @end deftypevr - - @cindex limits, pipe buffer size -@@ -1476,6 +1482,9 @@ Inquire about the value of @code{POSIX_REC_MIN_XFER_SIZE}. - Inquire about the value of @code{POSIX_REC_XFER_ALIGN}. - @end table - -+@strong{Portability Note:} On some systems, @theglibc{} does not -+enforce @code{_PC_NAME_MAX} or @code{_PC_PATH_MAX} limits. -+ - @node Utility Limits - @section Utility Program Capacity Limits - -diff --git a/manual/filesys.texi b/manual/filesys.texi -index 1df9cf2..814c210 100644 ---- a/manual/filesys.texi -+++ b/manual/filesys.texi -@@ -444,9 +444,9 @@ symbols are declared in the header file @file{dirent.h}. - @comment POSIX.1 - @deftypefun {struct dirent *} readdir (DIR *@var{dirstream}) - This function reads the next entry from the directory. It normally --returns a pointer to a structure containing information about the file. --This structure is statically allocated and can be rewritten by a --subsequent call. -+returns a pointer to a structure containing information about the -+file. This structure is associated with the @var{dirstream} handle -+and can be rewritten by a subsequent call. - - @strong{Portability Note:} On some systems @code{readdir} may not - return entries for @file{.} and @file{..}, even though these are always -@@ -461,19 +461,61 @@ conditions are defined for this function: - The @var{dirstream} argument is not valid. - @end table - --@code{readdir} is not thread safe. Multiple threads using --@code{readdir} on the same @var{dirstream} may overwrite the return --value. Use @code{readdir_r} when this is critical. -+To distinguish between an end-of-directory condition or an error, you -+must set @code{errno} to zero before calling @code{readdir}. To avoid -+entering an infinite loop, you should stop reading from the directory -+after the first error. -+ -+In POSIX.1-2008, @code{readdir} is not thread-safe. In @theglibc{} -+implementation, it is safe to call @code{readdir} concurrently on -+different @var{dirstream}s, but multiple threads accessing the same -+@var{dirstream} result in undefined behavior. @code{readdir_r} is a -+fully thread-safe alternative, but suffers from poor portability (see -+below). It is recommended that you use @code{readdir}, with external -+locking if multiple threads access the same @var{dirstream}. - @end deftypefun - - @comment dirent.h - @comment GNU - @deftypefun int readdir_r (DIR *@var{dirstream}, struct dirent *@var{entry}, struct dirent **@var{result}) --This function is the reentrant version of @code{readdir}. Like --@code{readdir} it returns the next entry from the directory. But to --prevent conflicts between simultaneously running threads the result is --not stored in statically allocated memory. Instead the argument --@var{entry} points to a place to store the result. -+This function is a version of @code{readdir} which performs internal -+locking. Like @code{readdir} it returns the next entry from the -+directory. To prevent conflicts between simultaneously running -+threads the result is stored inside the @var{entry} object. -+ -+@strong{Portability Note:} It is recommended to use @code{readdir} -+instead of @code{readdir_r} for the following reasons: -+ -+@itemize @bullet -+@item -+On systems which do not define @code{NAME_MAX}, it may not be possible -+to use @code{readdir_r} safely because the caller does not specify the -+length of the buffer for the directory entry. -+ -+@item -+On some systems, @code{readdir_r} cannot read directory entries with -+very long names. If such a name is encountered, @theglibc{} -+implementation of @code{readdir_r} returns with an error code of -+@code{ENAMETOOLONG} after the final directory entry has been read. On -+other systems, @code{readdir_r} may return successfully, but the -+@code{d_name} member may not be NUL-terminated or may be truncated. -+ -+@item -+POSIX-1.2008 does not guarantee that @code{readdir} is thread-safe, -+even when access to the same @var{dirstream} is serialized. But in -+current implementations (including @theglibc{}), it is safe to call -+@code{readdir} concurrently on different @var{dirstream}s, so there is -+no need to use @code{readdir_r} in most multi-threaded programs. In -+the rare case that multiple threads need to read from the same -+@var{dirstream}, it is still better to use @code{readdir} and external -+synchronization. -+ -+@item -+It is expected that future versions of POSIX will obsolete -+@code{readdir_r} and mandate the level of thread safety for -+@code{readdir} which is provided by @theglibc{} and other -+implementations today. -+@end itemize - - Normally @code{readdir_r} returns zero and sets @code{*@var{result}} - to @var{entry}. If there are no more entries in the directory or an -@@ -481,15 +523,6 @@ error is detected, @code{readdir_r} sets @code{*@var{result}} to a - null pointer and returns a nonzero error code, also stored in - @code{errno}, as described for @code{readdir}. - --@strong{Portability Note:} On some systems @code{readdir_r} may not --return a NUL terminated string for the file name, even when there is no --@code{d_reclen} field in @code{struct dirent} and the file --name is the maximum allowed size. Modern systems all have the --@code{d_reclen} field, and on old systems multi-threading is not --critical. In any case there is no such problem with the @code{readdir} --function, so that even on systems without the @code{d_reclen} member one --could use multiple threads by using external locking. -- - It is also important to look at the definition of the @code{struct - dirent} type. Simply passing a pointer to an object of this type for - the second parameter of @code{readdir_r} might not be enough. Some -diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h -index a7a074d..8e8570d 100644 ---- a/sysdeps/posix/dirstream.h -+++ b/sysdeps/posix/dirstream.h -@@ -39,6 +39,8 @@ struct __dirstream - - off_t filepos; /* Position of next entry to read. */ - -+ int errcode; /* Delayed error code. */ -+ - /* Directory block. */ - char data[0] __attribute__ ((aligned (__alignof__ (void*)))); - }; -diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c -index ddfc3a7..fc05b0f 100644 ---- a/sysdeps/posix/opendir.c -+++ b/sysdeps/posix/opendir.c -@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp) - dirp->size = 0; - dirp->offset = 0; - dirp->filepos = 0; -+ dirp->errcode = 0; - - return dirp; - } -diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c -index b5a8e2e..8ed5c3f 100644 ---- a/sysdeps/posix/readdir_r.c -+++ b/sysdeps/posix/readdir_r.c -@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result) - DIRENT_TYPE *dp; - size_t reclen; - const int saved_errno = errno; -+ int ret; - - __libc_lock_lock (dirp->lock); - -@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result) - bytes = 0; - __set_errno (saved_errno); - } -+ if (bytes < 0) -+ dirp->errcode = errno; - - dp = NULL; -- /* Reclen != 0 signals that an error occurred. */ -- reclen = bytes != 0; - break; - } - dirp->size = (size_t) bytes; -@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result) - dirp->filepos += reclen; - #endif - -- /* Skip deleted files. */ -+#ifdef NAME_MAX -+ if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1) -+ { -+ /* The record is very long. It could still fit into the -+ caller-supplied buffer if we can skip padding at the -+ end. */ -+ size_t namelen = _D_EXACT_NAMLEN (dp); -+ if (namelen <= NAME_MAX) -+ reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1; -+ else -+ { -+ /* The name is too long. Ignore this file. */ -+ dirp->errcode = ENAMETOOLONG; -+ dp->d_ino = 0; -+ continue; -+ } -+ } -+#endif -+ -+ /* Skip deleted and ignored files. */ - } - while (dp->d_ino == 0); - - if (dp != NULL) - { --#ifdef GETDENTS_64BIT_ALIGNED -- /* The d_reclen value might include padding which is not part of -- the DIRENT_TYPE data structure. */ -- reclen = MIN (reclen, -- offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name)); --#endif - *result = memcpy (entry, dp, reclen); --#ifdef GETDENTS_64BIT_ALIGNED -+#ifdef _DIRENT_HAVE_D_RECLEN - entry->d_reclen = reclen; - #endif -+ ret = 0; - } - else -- *result = NULL; -+ { -+ *result = NULL; -+ ret = dirp->errcode; -+ } - - __libc_lock_unlock (dirp->lock); - -- return dp != NULL ? 0 : reclen ? errno : 0; -+ return ret; - } - - #ifdef __READDIR_R_ALIAS -diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c -index 2935a8e..d4991ad 100644 ---- a/sysdeps/posix/rewinddir.c -+++ b/sysdeps/posix/rewinddir.c -@@ -33,6 +33,7 @@ rewinddir (dirp) - dirp->filepos = 0; - dirp->offset = 0; - dirp->size = 0; -+ dirp->errcode = 0; - #ifndef NOT_IN_libc - __libc_lock_unlock (dirp->lock); - #endif -diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c -index 8ebbcfd..a7d114e 100644 ---- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c -+++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c -@@ -18,7 +18,6 @@ - #define __READDIR_R __readdir64_r - #define __GETDENTS __getdents64 - #define DIRENT_TYPE struct dirent64 --#define GETDENTS_64BIT_ALIGNED 1 - - #include - -diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c -index 5ed8e95..290f2c8 100644 ---- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c -+++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c -@@ -1,5 +1,4 @@ - #define readdir64_r __no_readdir64_r_decl --#define GETDENTS_64BIT_ALIGNED 1 - #include - #undef readdir64_r - weak_alias (__readdir_r, readdir64_r) diff --git a/pkgs/development/libraries/glibc/2.19/cve-2013-4332.patch b/pkgs/development/libraries/glibc/2.19/cve-2013-4332.patch deleted file mode 100644 index 94d25d7bbe1c..000000000000 --- a/pkgs/development/libraries/glibc/2.19/cve-2013-4332.patch +++ /dev/null @@ -1,56 +0,0 @@ -https://projects.archlinux.org/svntogit/packages.git/tree/trunk/glibc-2.18-malloc-corrupt-CVE-2013-4332.patch?h=packages/glibc - -diff --git a/malloc/malloc.c b/malloc/malloc.c -index dd295f5..7f43ba3 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes) - size_t page_mask = GLRO(dl_pagesize) - 1; - size_t rounded_bytes = (bytes + page_mask) & ~(page_mask); - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - void *(*hook) (size_t, size_t, const void *) = - force_reg (__memalign_hook); - if (__builtin_expect (hook != NULL, 0)) -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 7f43ba3..3148c5f 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes) - - size_t pagesz = GLRO(dl_pagesize); - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - pagesz - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - void *(*hook) (size_t, size_t, const void *) = - force_reg (__memalign_hook); - if (__builtin_expect (hook != NULL, 0)) -diff --git a/malloc/malloc.c b/malloc/malloc.c -index 3148c5f..f7718a9 100644 ---- a/malloc/malloc.c -+++ b/malloc/malloc.c -@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes) - /* Otherwise, ensure that it is at least a minimum chunk size */ - if (alignment < MINSIZE) alignment = MINSIZE; - -+ /* Check for overflow. */ -+ if (bytes > SIZE_MAX - alignment - MINSIZE) -+ { -+ __set_errno (ENOMEM); -+ return 0; -+ } -+ - arena_get(ar_ptr, bytes + alignment + MINSIZE); - if(!ar_ptr) - return 0; diff --git a/pkgs/development/libraries/glibc/2.19/cve-2013-4458.patch b/pkgs/development/libraries/glibc/2.19/cve-2013-4458.patch deleted file mode 100644 index bec4acde7548..000000000000 --- a/pkgs/development/libraries/glibc/2.19/cve-2013-4458.patch +++ /dev/null @@ -1,50 +0,0 @@ -commit 7cbcdb3699584db8913ca90f705d6337633ee10f -Author: Siddhesh Poyarekar -Date: Fri Oct 25 10:22:12 2013 +0530 - - Fix stack overflow due to large AF_INET6 requests - - Resolves #16072 (CVE-2013-4458). - - This patch fixes another stack overflow in getaddrinfo when it is - called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914, - but the AF_INET6 case went undetected back then. - -diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c -index e6ce4cf..8ff74b4 100644 ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - &rc, &herrno, NULL, &localcanon)); \ - if (rc != ERANGE || herrno != NETDB_INTERNAL) \ - break; \ -- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \ -+ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \ -+ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \ -+ alloca_used); \ -+ else \ -+ { \ -+ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \ -+ 2 * tmpbuflen); \ -+ if (newp == NULL) \ -+ { \ -+ result = -EAI_MEMORY; \ -+ goto free_and_return; \ -+ } \ -+ tmpbuf = newp; \ -+ malloc_tmpbuf = true; \ -+ tmpbuflen = 2 * tmpbuflen; \ -+ } \ - } \ - if (status == NSS_STATUS_SUCCESS && rc == 0) \ - h = &th; \ -@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp, - { \ - __set_h_errno (herrno); \ - _res.options |= old_res_options & RES_USE_INET6; \ -- return -EAI_SYSTEM; \ -+ result = -EAI_SYSTEM; \ -+ goto free_and_return; \ - } \ - if (herrno == TRY_AGAIN) \ - no_data = EAI_AGAIN; \ diff --git a/pkgs/development/libraries/glibc/2.19/cve-2013-4788.patch b/pkgs/development/libraries/glibc/2.19/cve-2013-4788.patch deleted file mode 100644 index cf8c7911f68a..000000000000 --- a/pkgs/development/libraries/glibc/2.19/cve-2013-4788.patch +++ /dev/null @@ -1,222 +0,0 @@ -commit c61b4d41c9647a54a329aa021341c0eb032b793e -Author: Carlos O'Donell -Date: Mon Sep 23 00:52:09 2013 -0400 - - BZ #15754: CVE-2013-4788 - - The pointer guard used for pointer mangling was not initialized for - static applications resulting in the security feature being disabled. - The pointer guard is now correctly initialized to a random value for - static applications. Existing static applications need to be - recompiled to take advantage of the fix. - - The test tst-ptrguard1-static and tst-ptrguard1 add regression - coverage to ensure the pointer guards are sufficiently random - and initialized to a default value. - -diff --git a/csu/libc-start.c b/csu/libc-start.c -index e5da3ef..c898d06 100644 ---- a/csu/libc-start.c -+++ b/csu/libc-start.c -@@ -37,6 +37,12 @@ extern void __pthread_initialize_minimal (void); - in thread local area. */ - uintptr_t __stack_chk_guard attribute_relro; - # endif -+# ifndef THREAD_SET_POINTER_GUARD -+/* Only exported for architectures that don't store the pointer guard -+ value in thread local area. */ -+uintptr_t __pointer_chk_guard_local -+ attribute_relro attribute_hidden __attribute__ ((nocommon)); -+# endif - #endif - - #ifdef HAVE_PTR_NTHREADS -@@ -195,6 +201,16 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), - # else - __stack_chk_guard = stack_chk_guard; - # endif -+ -+ /* Set up the pointer guard value. */ -+ uintptr_t pointer_chk_guard = _dl_setup_pointer_guard (_dl_random, -+ stack_chk_guard); -+# ifdef THREAD_SET_POINTER_GUARD -+ THREAD_SET_POINTER_GUARD (pointer_chk_guard); -+# else -+ __pointer_chk_guard_local = pointer_chk_guard; -+# endif -+ - #endif - - /* Register the destructor of the dynamic linker if there is any. */ -diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h -index dc683c2..3907293 100644 ---- a/ports/sysdeps/ia64/stackguard-macros.h -+++ b/ports/sysdeps/ia64/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; }) -diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h -index 589ea2b..f2e041b 100644 ---- a/ports/sysdeps/tile/stackguard-macros.h -+++ b/ports/sysdeps/tile/stackguard-macros.h -@@ -4,11 +4,17 @@ - # if __WORDSIZE == 64 - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; }) - # else - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; }) - # endif - #else - # define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; }) -+# define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; }) - #endif -diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h -index ababf65..4fa3d96 100644 ---- a/sysdeps/generic/stackguard-macros.h -+++ b/sysdeps/generic/stackguard-macros.h -@@ -2,3 +2,6 @@ - - extern uintptr_t __stack_chk_guard; - #define STACK_CHK_GUARD __stack_chk_guard -+ -+extern uintptr_t __pointer_chk_guard_local; -+#define POINTER_CHK_GUARD __pointer_chk_guard_local -diff --git a/sysdeps/i386/stackguard-macros.h b/sysdeps/i386/stackguard-macros.h -index 8c31e19..0397629 100644 ---- a/sysdeps/i386/stackguard-macros.h -+++ b/sysdeps/i386/stackguard-macros.h -@@ -2,3 +2,11 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("movl %%gs:%c1, %0" : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/powerpc/powerpc32/stackguard-macros.h b/sysdeps/powerpc/powerpc32/stackguard-macros.h -index 839f6a4..b3d0af8 100644 ---- a/sysdeps/powerpc/powerpc32/stackguard-macros.h -+++ b/sysdeps/powerpc/powerpc32/stackguard-macros.h -@@ -2,3 +2,13 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("lwz %0,%1(2)" \ -+ : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \ -+ ); \ -+ x; \ -+ }) -diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h -index 9da879c..4620f96 100644 ---- a/sysdeps/powerpc/powerpc64/stackguard-macros.h -+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h -@@ -2,3 +2,13 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ld %0,%1(2)" \ -+ : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \ -+ ); \ -+ x; \ -+ }) -diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h -index b74c579..449e8d4 100644 ---- a/sysdeps/s390/s390-32/stackguard-macros.h -+++ b/sysdeps/s390/s390-32/stackguard-macros.h -@@ -2,3 +2,14 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; }) -+ -+/* On s390/s390x there is no unique pointer guard, instead we use the -+ same value as the stack guard. */ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ear %0,%%a0; l %0,%1(%0)" \ -+ : "=a" (x) \ -+ : "i" (offsetof (tcbhead_t, stack_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h -index 0cebb5f..c8270fb 100644 ---- a/sysdeps/s390/s390-64/stackguard-macros.h -+++ b/sysdeps/s390/s390-64/stackguard-macros.h -@@ -2,3 +2,17 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; }) -+ -+/* On s390/s390x there is no unique pointer guard, instead we use the -+ same value as the stack guard. */ -+#define POINTER_CHK_GUARD \ -+ ({ \ -+ uintptr_t x; \ -+ asm ("ear %0,%%a0;" \ -+ "sllg %0,%0,32;" \ -+ "ear %0,%%a1;" \ -+ "lg %0,%1(%0)" \ -+ : "=a" (x) \ -+ : "i" (offsetof (tcbhead_t, stack_guard))); \ -+ x; \ -+ }) -diff --git a/sysdeps/sparc/sparc32/stackguard-macros.h b/sysdeps/sparc/sparc32/stackguard-macros.h -index c0b02b0..1eef0f1 100644 ---- a/sysdeps/sparc/sparc32/stackguard-macros.h -+++ b/sysdeps/sparc/sparc32/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("ld [%%g7+0x18], %0" : "=r" (x)); x; }) -diff --git a/sysdeps/sparc/sparc64/stackguard-macros.h b/sysdeps/sparc/sparc64/stackguard-macros.h -index 80f0635..cc0c12c 100644 ---- a/sysdeps/sparc/sparc64/stackguard-macros.h -+++ b/sysdeps/sparc/sparc64/stackguard-macros.h -@@ -2,3 +2,6 @@ - - #define STACK_CHK_GUARD \ - ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; asm ("ldx [%%g7+0x30], %0" : "=r" (x)); x; }) -diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h -index d7fedb3..1948800 100644 ---- a/sysdeps/x86_64/stackguard-macros.h -+++ b/sysdeps/x86_64/stackguard-macros.h -@@ -4,3 +4,8 @@ - ({ uintptr_t x; \ - asm ("mov %%fs:%c1, %0" : "=r" (x) \ - : "i" (offsetof (tcbhead_t, stack_guard))); x; }) -+ -+#define POINTER_CHK_GUARD \ -+ ({ uintptr_t x; \ -+ asm ("mov %%fs:%c1, %0" : "=r" (x) \ -+ : "i" (offsetof (tcbhead_t, pointer_guard))); x; }) diff --git a/pkgs/development/libraries/glibc/2.19/glibc-rh739743.patch b/pkgs/development/libraries/glibc/2.19/glibc-rh739743.patch deleted file mode 100644 index c390b772b16d..000000000000 --- a/pkgs/development/libraries/glibc/2.19/glibc-rh739743.patch +++ /dev/null @@ -1,55 +0,0 @@ -2009-04-26 Aurelien Jarno - - * sysdeps/posix/getaddrinfo.c (rfc3484_sort): don't assign native - result if the result has no associated interface. - ---- - sysdeps/posix/getaddrinfo.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -1456,13 +1456,13 @@ - - /* Fill in the results in all the records. */ - for (int i = 0; i < src->nresults; ++i) -- if (src->results[i].index == a1_index) -+ if (a1_index != -1 && src->results[i].index == a1_index) - { - assert (src->results[i].native == -1 - || src->results[i].native == a1_native); - src->results[i].native = a1_native; - } -- else if (src->results[i].index == a2_index) -+ else if (a2_index != -1 && src->results[i].index == a2_index) - { - assert (src->results[i].native == -1 - || src->results[i].native == a2_native); - -2009-03-15 Aurelien Jarno - - * sysdeps/posix/getaddrinfo.c (getaddrinfo): correctly detect - interface for all 127.X.Y.Z addresses. - ---- - sysdeps/posix/getaddrinfo.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - ---- a/sysdeps/posix/getaddrinfo.c -+++ b/sysdeps/posix/getaddrinfo.c -@@ -2265,7 +2265,14 @@ - tmp.addr[0] = 0; - tmp.addr[1] = 0; - tmp.addr[2] = htonl (0xffff); -- tmp.addr[3] = sinp->sin_addr.s_addr; -+ /* Special case for lo interface, the source address -+ being possibly different than the interface -+ address. */ -+ if ((ntohl(sinp->sin_addr.s_addr) & 0xff000000) -+ == 0x7f000000) -+ tmp.addr[3] = htonl(0x7f000001); -+ else -+ tmp.addr[3] = sinp->sin_addr.s_addr; - } - else - { diff --git a/pkgs/development/libraries/glibc/2.19/scanf.patch b/pkgs/development/libraries/glibc/2.19/scanf.patch deleted file mode 100644 index 4eed86ca1109..000000000000 --- a/pkgs/development/libraries/glibc/2.19/scanf.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://sourceware.org/bugzilla/show_bug.cgi?id=15917 - -commit a4966c6104918ac884ee1131a4ed23c5ad6b4c5a -Author: Andreas Schwab -Date: Thu Oct 31 12:51:03 2013 +0100 - - Fix parsing of 0e+0 as float - -diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c -index 78dc2fc..e6fa8f3 100644 ---- a/stdio-common/vfscanf.c -+++ b/stdio-common/vfscanf.c -@@ -1966,6 +1966,8 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr, - if (width > 0) - --width; - } -+ else -+ got_digit = 1; - } - - while (1) diff --git a/pkgs/development/libraries/glibc/2.19/strstr-sse42-hack.patch b/pkgs/development/libraries/glibc/2.19/strstr-sse42-hack.patch deleted file mode 100644 index cdf4c0253167..000000000000 --- a/pkgs/development/libraries/glibc/2.19/strstr-sse42-hack.patch +++ /dev/null @@ -1,14 +0,0 @@ -https://bugs.archlinux.org/task/36556 -diff --git a/sysdeps/x86_64/multiarch/strstr.c b/sysdeps/x86_64/multiarch/strstr.c -index cd63b68..03d8b9a 100644 ---- a/sysdeps/x86_64/multiarch/strstr.c -+++ b/sysdeps/x86_64/multiarch/strstr.c -@@ -86,7 +86,7 @@ - /* Simple replacement of movdqu to address 4KB boundary cross issue. - If EOS occurs within less than 16B before 4KB boundary, we don't - cross to next page. */ --static __m128i -+static inline __m128i - __m128i_strloadu (const unsigned char * p, __m128i zero) - { - if (__builtin_expect ((int) ((size_t) p & 0xfff) > 0xff0, 0))