Date: Thursday, April 23, 2015 @ 16:08:06 Author: heftig Revision: 132053
archrelease: copy trunk to multilib-staging-x86_64 Added: lib32-glibc/repos/multilib-staging-x86_64/ lib32-glibc/repos/multilib-staging-x86_64/PKGBUILD (from rev 132052, lib32-glibc/trunk/PKGBUILD) lib32-glibc/repos/multilib-staging-x86_64/glibc-2.21-roundup.patch (from rev 132052, lib32-glibc/trunk/glibc-2.21-roundup.patch) lib32-glibc/repos/multilib-staging-x86_64/lib32-glibc.conf (from rev 132052, lib32-glibc/trunk/lib32-glibc.conf) --------------------------+ PKGBUILD | 147 +++++++++++++++++++++++++++++++++++++++++++++ glibc-2.21-roundup.patch | 97 +++++++++++++++++++++++++++++ lib32-glibc.conf | 1 3 files changed, 245 insertions(+) Copied: lib32-glibc/repos/multilib-staging-x86_64/PKGBUILD (from rev 132052, lib32-glibc/trunk/PKGBUILD) =================================================================== --- multilib-staging-x86_64/PKGBUILD (rev 0) +++ multilib-staging-x86_64/PKGBUILD 2015-04-23 14:08:06 UTC (rev 132053) @@ -0,0 +1,147 @@ +# $Id$ +# Maintainer: Jan Alexander Steffens (heftig) <jan.steff...@gmail.com> +# Contributor: Jan de Groot <j...@archlinux.org> +# Contributor: Allan McRae <al...@archlinux.org> + +# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc + +_pkgbasename=glibc +pkgname=lib32-$_pkgbasename +pkgver=2.21 +pkgrel=4 +pkgdesc="GNU C Library (32-bit)" +arch=('x86_64') +url="http://www.gnu.org/software/libc" +license=('GPL' 'LGPL') +groups=() +depends=() +makedepends=('gcc-multilib>=4.9') +backup=() + + +options=('!strip' 'staticlibs' '!emptydirs') + +source=(http://ftp.gnu.org/gnu/libc/${_pkgbasename}-${pkgver}.tar.xz{,.sig} + glibc-2.21-roundup.patch + lib32-glibc.conf) +md5sums=('9cb398828e8f84f57d1f7d5588cf40cd' + 'SKIP' + 'feb826d5f4965e9892ee6e851fec43a9' + '6e052f1cb693d5d3203f50f9d4e8c33b') +validpgpkeys=('F37CDAB708E65EA183FD1AF625EF0A436C2A4AFF') # Carlos O'Donell + +prepare() { + cd ${srcdir}/glibc-${pkgver} + + # glibc-2.21..01b07c70 + patch -p1 -i $srcdir/glibc-2.21-roundup.patch + + mkdir ${srcdir}/glibc-build +} + +build() { + cd ${srcdir}/glibc-build + + #if [[ ${CARCH} = "i686" ]]; then + # Hack to fix NPTL issues with Xen, only required on 32bit platforms + # TODO: make separate glibc-xen package for i686 + export CFLAGS="${CFLAGS} -mno-tls-direct-seg-refs" + #fi + + echo "slibdir=/usr/lib32" >> configparms + echo "rtlddir=/usr/lib32" >> configparms + echo "sbindir=/usr/bin" >> configparms + echo "rootsbindir=/usr/bin" >> configparms + + export CC="gcc -m32" + export CXX="g++ -m32" + + # remove hardening options for building libraries + CFLAGS=${CFLAGS/-fstack-protector-strong/} + CPPFLAGS=${CPPFLAGS/-D_FORTIFY_SOURCE=2/} + + ${srcdir}/${_pkgbasename}-${pkgver}/configure --prefix=/usr \ + --libdir=/usr/lib32 --libexecdir=/usr/lib32 \ + --with-headers=/usr/include \ + --with-bugurl=https://bugs.archlinux.org/ \ + --enable-add-ons \ + --enable-obsolete-rpc \ + --enable-kernel=2.6.32 \ + --enable-bind-now --disable-profile \ + --enable-stackguard-randomization \ + --enable-lock-elision \ + --enable-multi-arch \ + --disable-werror \ + i686-unknown-linux-gnu + + # build libraries with hardening disabled + echo "build-programs=no" >> configparms + make + + # re-enable hardening for programs + sed -i "/build-programs=/s#no#yes#" configparms + echo "CC += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms + echo "CXX += -fstack-protector-strong -D_FORTIFY_SOURCE=2" >> configparms + make + + # remove harding in preparation to run test-suite + sed -i '5,7d' configparms +} + +check() { + # the linker commands need to be reordered - fixed in 2.19 + LDFLAGS=${LDFLAGS/--as-needed,/} + + cd ${srcdir}/glibc-build + + # tst-cleanupx4 failure on i686 is "expected" + make check || true +} + +package() { + cd ${srcdir}/glibc-build + make install_root=${pkgdir} install + + rm -rf ${pkgdir}/{etc,sbin,usr/{bin,sbin,share},var} + + # We need one 32 bit specific header file + find ${pkgdir}/usr/include -type f -not -name stubs-32.h -delete + + + # Dynamic linker + mkdir ${pkgdir}/usr/lib + ln -s ../lib32/ld-linux.so.2 ${pkgdir}/usr/lib/ + + # Add lib32 paths to the default library search path + install -Dm644 "$srcdir/lib32-glibc.conf" "$pkgdir/etc/ld.so.conf.d/lib32-glibc.conf" + + # Symlink /usr/lib32/locale to /usr/lib/locale + ln -s ../lib/locale "$pkgdir/usr/lib32/locale" + + # remove the static libraries that have a shared counterpart + # libc, libdl, libm and libpthread are required for toolchain testsuites + # in addition libcrypt appears widely required + rm $pkgdir/usr/lib32/lib{anl,BrokenLocale,nsl,resolv,rt,util}.a + + # Do not strip the following files for improved debugging support + # ("improved" as in not breaking gdb and valgrind...): + # ld-${pkgver}.so + # libc-${pkgver}.so + # libpthread-${pkgver}.so + # libthread_db-1.0.so + + cd $pkgdir + strip $STRIP_BINARIES \ + \ + \ + usr/lib32/getconf/* + + + strip $STRIP_STATIC usr/lib32/*.a + + strip $STRIP_SHARED usr/lib32/{libanl,libBrokenLocale,libcidn,libcrypt}-*.so \ + usr/lib32/libnss_{compat,db,dns,files,hesiod,nis,nisplus}-*.so \ + usr/lib32/{libdl,libm,libnsl,libresolv,librt,libutil}-*.so \ + usr/lib32/{libmemusage,libpcprofile,libSegFault}.so \ + usr/lib32/{audit,gconv}/*.so +} Copied: lib32-glibc/repos/multilib-staging-x86_64/glibc-2.21-roundup.patch (from rev 132052, lib32-glibc/trunk/glibc-2.21-roundup.patch) =================================================================== --- multilib-staging-x86_64/glibc-2.21-roundup.patch (rev 0) +++ multilib-staging-x86_64/glibc-2.21-roundup.patch 2015-04-23 14:08:06 UTC (rev 132053) @@ -0,0 +1,97 @@ +diff --git a/ChangeLog b/ChangeLog +index dc1ed1b..26feb07 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,15 @@ ++2015-04-21 Arjun Shankar <arjun...@lostca.se> ++ ++ [BZ #18287] ++ * resolv/nss_dns/dns-host.c (getanswer_r): Adjust buffer length ++ based on padding. (CVE-2015-1781) ++ ++2015-02-10 Evangelos Foutras <evange...@foutrelis.com> ++ ++ [BZ #17949] ++ * sysdeps/i386/i686/multiarch/mempcpy_chk.S: Fix position of ++ jump label. ++ + 2015-02-06 Carlos O'Donell <car...@systemhalted.org> + + * version.h (RELEASE): Set to "stable". +@@ -7,6 +19,7 @@ + * sysdeps/unix/sysv/linux/hppa/pthread.h: Sync with pthread.h. + + 2015-02-05 Paul Pluzhnikov <ppluzhni...@google.com> ++ Paul Eggert <egg...@cs.ucla.edu> + + [BZ #16618] + * stdio-common/tst-sscanf.c (main): Test for buffer overflow. +diff --git a/NEWS b/NEWS +index 617cdbb..c9f6b58 100644 +--- a/NEWS ++++ b/NEWS +@@ -5,6 +5,19 @@ See the end for copying conditions. + Please send GNU C library bug reports via <http://sourceware.org/bugzilla/> + using `glibc' in the "product" field. + ++Version 2.21.1 ++ ++* The following bugs are resolved with this release: ++ ++ 17949, 18287. ++ ++* A buffer overflow in gethostbyname_r and related functions performing DNS ++ requests has been fixed. If the NSS functions were called with a ++ misaligned buffer, the buffer length change due to pointer alignment was ++ not taken into account. This could result in application crashes or, ++ potentially arbitrary code execution, using crafted, but syntactically ++ valid DNS responses. (CVE-2015-1781) ++ + Version 2.21 + + * The following bugs are resolved with this release: +@@ -21,10 +34,11 @@ Version 2.21 + 17801, 17803, 17806, 17834, 17844, 17848, 17868, 17869, 17870, 17885, + 17892. + +-* CVE-2015-1472 Under certain conditions wscanf can allocate too little +- memory for the to-be-scanned arguments and overflow the allocated +- buffer. The implementation now correctly computes the required buffer +- size when using malloc. ++* CVE-2015-1472 CVE-2015-1473 Under certain conditions wscanf can allocate ++ too little memory for the to-be-scanned arguments and overflow the ++ allocated buffer. The implementation now correctly computes the required ++ buffer size when using malloc, and switches to malloc from alloca as ++ intended. + + * A new semaphore algorithm has been implemented in generic C code for all + machines. Previous custom assembly implementations of semaphore were +diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c +index f715ab0..40069a7 100644 +--- a/resolv/nss_dns/dns-host.c ++++ b/resolv/nss_dns/dns-host.c +@@ -615,7 +615,8 @@ getanswer_r (const querybuf *answer, int anslen, const char *qname, int qtype, + int have_to_map = 0; + uintptr_t pad = -(uintptr_t) buffer % __alignof__ (struct host_data); + buffer += pad; +- if (__glibc_unlikely (buflen < sizeof (struct host_data) + pad)) ++ buflen = buflen > pad ? buflen - pad : 0; ++ if (__glibc_unlikely (buflen < sizeof (struct host_data))) + { + /* The buffer is too small. */ + too_small: +diff --git a/sysdeps/i386/i686/multiarch/mempcpy_chk.S b/sysdeps/i386/i686/multiarch/mempcpy_chk.S +index 207b648..b6fa202 100644 +--- a/sysdeps/i386/i686/multiarch/mempcpy_chk.S ++++ b/sysdeps/i386/i686/multiarch/mempcpy_chk.S +@@ -36,8 +36,8 @@ ENTRY(__mempcpy_chk) + cmpl $0, KIND_OFFSET+__cpu_features@GOTOFF(%ebx) + jne 1f + call __init_cpu_features +- leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax +-1: testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) ++1: leal __mempcpy_chk_ia32@GOTOFF(%ebx), %eax ++ testl $bit_SSE2, CPUID_OFFSET+index_SSE2+__cpu_features@GOTOFF(%ebx) + jz 2f + leal __mempcpy_chk_sse2_unaligned@GOTOFF(%ebx), %eax + testl $bit_Fast_Unaligned_Load, FEATURE_OFFSET+index_Fast_Unaligned_Load+__cpu_features@GOTOFF(%ebx) Copied: lib32-glibc/repos/multilib-staging-x86_64/lib32-glibc.conf (from rev 132052, lib32-glibc/trunk/lib32-glibc.conf) =================================================================== --- multilib-staging-x86_64/lib32-glibc.conf (rev 0) +++ multilib-staging-x86_64/lib32-glibc.conf 2015-04-23 14:08:06 UTC (rev 132053) @@ -0,0 +1 @@ +/usr/lib32