Hello community, here is the log from the commit of package glibc for openSUSE:Factory checked in at Fri Jun 17 11:13:48 CEST 2011.
-------- --- glibc/glibc.changes 2011-06-15 14:42:49.000000000 +0200 +++ /mounts/work_src_done/STABLE/glibc/glibc.changes 2011-06-17 09:24:36.000000000 +0200 @@ -1,0 +2,22 @@ +Fri Jun 17 07:07:37 UTC 2011 - a...@suse.de + +- Do not package memusage and memusagestat since they require + lib-gd and that grows the build cycle. + +------------------------------------------------------------------- +Thu Jun 16 18:37:19 UTC 2011 - a...@suse.de + +- Fix handling of shared library preloading. + +------------------------------------------------------------------- +Thu Jun 16 13:33:23 UTC 2011 - a...@suse.de + +- Fix getaddrinfo IPv6 code (bnc#684534). +- Split up glibc-devel-static subpackage (bnc#655261). + +------------------------------------------------------------------- +Thu Jun 16 12:23:32 UTC 2011 - a...@suse.de + +- Reorder ld.so.conf library list (bnc#671725). + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- minmem New: ---- glibc-2.13-dl-load.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.yPKcrS/_old 2011-06-17 11:08:06.000000000 +0200 +++ /var/tmp/diff_new_pack.yPKcrS/_new 2011-06-17 11:08:06.000000000 +0200 @@ -19,11 +19,8 @@ Name: glibc BuildRequires: gcc-c++ -BuildRequires: gd-devel -BuildRequires: libpng-devel BuildRequires: libselinux-devel BuildRequires: libstdc++-devel -BuildRequires: zlib-devel %define _filter_GLIBC_PRIVATE 1 %define build_locales 1 %define run_testsuite 0 @@ -74,7 +71,7 @@ Obsoletes: glibc-32bit %endif Version: 2.13 -Release: 5 +Release: 7 Url: http://www.gnu.org/software/libc/libc.html Source: glibc-%{version}-996cf2ef0727.tar.bz2 Source2: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.13.tar.bz2 @@ -149,7 +146,7 @@ Patch28: glibc-2.2-sunrpc.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch29: glibc-2.8-getconf.diff -# PATCH-FIX-OPENSUSE only use ipv6 if real ipv6 address exists bnc#361697 +# PATCH-FIX-OPENSUSE only use ipv6 if real ipv6 address exists bnc#361697, bnc#684534 Patch30: getaddrinfo-ipv6-sanity.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch31: ppc-atomic.diff @@ -199,6 +196,8 @@ Patch56: glibc-static-memcpy.diff # FIX-OPENSUSE compile some files with -fno-strict-aliasing Patch58: glibc-strict-aliasing.diff +# PATCH-FIX-UPSTREAM fix preloading of shared libs a...@suse.de +Patch59: glibc-2.13-dl-load.patch # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch500: ARM_glibc-2.10.1-local-eabi-wchar.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines @@ -312,6 +311,18 @@ These libraries are needed to develop programs which use the standard C library. +%package devel-static + + +Summary: C library static libraries for -static linking +Group: Development/Libraries/C and C++ +Requires: %{name}-devel = %{version} + +%description devel-static +The glibc-devel-static package contains the C library static libraries +for -static linking. You don't need these, unless you link statically, +which is highly discouraged. + %package utils License: BSD3c(or similar) ; GPLv2+ ; LGPLv2.1+ Summary: Development utilities from GNU C library @@ -418,6 +429,7 @@ %patch55 -p1 %patch56 -p1 %patch58 +%patch59 -p1 %ifarch %arm armv5tel armv7l %patch500 %patch501 @@ -772,12 +784,8 @@ # cat > $RPM_BUILD_ROOT/etc/ld.so.conf <<EOF %ifarch s390x sparc64 x86_64 ppc64 ppc -#/usr/X11R6/lib64/Xaw3d -#/usr/X11R6/lib64 /usr/lib64/Xaw3d %endif -#/usr/X11R6/lib/Xaw3d -#/usr/X11R6/lib /usr/lib/Xaw3d %ifarch %x86 /usr/i586-suse-linux/lib @@ -789,16 +797,16 @@ /usr/$RPM_ARCH-suse-linux/lib %endif %endif -/usr/local/lib -/opt/kde3/lib %ifarch s390x sparc64 x86_64 ppc64 ppc /lib64 /lib /usr/lib64 /usr/lib /usr/local/lib64 +/usr/local/lib /opt/kde3/lib64 %endif +/opt/kde3/lib include /etc/ld.so.conf.d/*.conf EOF # Add ldconfig cache directory for directory ownership @@ -1038,26 +1046,30 @@ %{_prefix}/include/* %{_libdir}/*.o %{_libdir}/*.so -%{_libdir}/libBrokenLocale.a -%{_libdir}/libanl.a +# These static libraries are needed even for shared builds %{_libdir}/libbsd-compat.a -%{_libdir}/libc.a %{_libdir}/libc_nonshared.a -%{_libdir}/libcrypt.a -%{_libdir}/libdl.a %{_libdir}/libg.a %{_libdir}/libieee.a %ifarch ppc ppc64 s390 s390x sparc sparcv8 sparcv9 sparcv9v # This is not built on sparc64. %{_libdir}/libnldbl_nonshared.a %endif -%{_libdir}/libm.a %{_libdir}/libmcheck.a +%{_libdir}/libpthread_nonshared.a +%{_libdir}/librpcsvc.a + +%files devel-static +%defattr(-,root,root) +%{_libdir}/libBrokenLocale.a +%{_libdir}/libanl.a +%{_libdir}/libc.a +%{_libdir}/libcrypt.a +%{_libdir}/libdl.a +%{_libdir}/libm.a %{_libdir}/libnsl.a %{_libdir}/libpthread.a -%{_libdir}/libpthread_nonshared.a %{_libdir}/libresolv.a -%{_libdir}/librpcsvc.a %{_libdir}/librt.a %{_libdir}/libutil.a @@ -1109,8 +1121,9 @@ %defattr(-,root,root) /%{_lib}/libmemusage.so /%{_lib}/libpcprofile.so -%{_bindir}/memusage -%{_bindir}/memusagestat +# These need gd-devel for building +#%{_bindir}/memusage +#%{_bindir}/memusagestat %{_bindir}/mtrace %{_bindir}/pcprofiledump %{_bindir}/xtrace ++++++ getaddrinfo-ipv6-sanity.diff ++++++ --- /var/tmp/diff_new_pack.yPKcrS/_old 2011-06-17 11:08:06.000000000 +0200 +++ /var/tmp/diff_new_pack.yPKcrS/_new 2011-06-17 11:08:06.000000000 +0200 @@ -13,7 +13,16 @@ { const struct gaih_typeproto *tp = gaih_inet_typeproto; struct gaih_servtuple *st = (struct gaih_servtuple *) &nullserv; -@@ -766,7 +766,7 @@ gaih_inet (const char *name, const struc +@@ -706,7 +706,7 @@ gaih_inet (const char *name, const struc + no_data = 0; + nss_gethostbyname4_r fct4 + = __nss_lookup_function (nip, "gethostbyname4_r"); +- if (fct4 != NULL) ++ if (fct4 != NULL && usable_ipv6) + { + int herrno; + +@@ -763,7 +763,7 @@ gaih_inet (const char *name, const struc if (fct != NULL) { if (req->ai_family == AF_INET6 @@ -22,7 +31,7 @@ { gethosts (AF_INET6, struct in6_addr); no_inet6_data = no_data; -@@ -2157,7 +2157,7 @@ getaddrinfo (const char *name, const cha +@@ -2156,7 +2156,7 @@ getaddrinfo (const char *name, const cha if (hints->ai_family == AF_UNSPEC || hints->ai_family == AF_INET || hints->ai_family == AF_INET6) { ++++++ glibc-2.13-dl-load.patch ++++++ 2011-05-11 Ulrich Drepper <drep...@gmail.com> [BZ #12393] * elf/dl-load.c (is_trusted_path): Remove unnecessary test. (is_trusted_path_normalize): Skip initial colon. Append slash to empty buffer. Duplicate is_trusted_path code but allow constructed patch to be prefix. (is_dst): Allow $ORIGIN followed by /. (_dl_dst_substitute): Correct clearing of check_for_trusted. Correct testing of result of is_trusted_path_normalize (decompose_rpath): Fix warning. 2011-05-07 Petr Baudis <pa...@suse.cz> Ulrich Drepper <drep...@gmail.com> [BZ #12393] * elf/dl-load.c (fillin_rpath): Move trusted path check... (is_trusted_path): ...to here. (is_trusted_path_normalize): Wrapper for /../ and /./ normalization. (_dl_dst_substitute): Verify expanded $ORIGIN path elements using is_trusted_path_normalize() in setuid scripts. 2011-03-14 Andreas Schwab <sch...@redhat.com> * elf/dl-load.c (_dl_dst_substitute): When skipping the first rpath element also skip the following colon. (expand_dynamic_string_token): Add is_path parameter and pass down to DL_DST_REQUIRED and _dl_dst_substitute. (decompose_rpath): Call expand_dynamic_string_token with non-zero is_path. Ignore empty rpaths. (_dl_map_object_from_fd): Call expand_dynamic_string_token with zero is_path. 2011-03-06 Ulrich Drepper <drep...@gmail.com> * elf/dl-load.c (_dl_map_object): If we are looking for the first to-be-loaded object along a path to loader is ld.so. --- glibc-2.13/elf/dl-load.c 2011-05-20 21:53:43.766426054 +0200 +++ glibc-2.14/elf/dl-load.c 2011-05-31 09:59:16.781617374 +0200 @@ -1,5 +1,5 @@ /* Map in a shared object's segments from the file. - Copyright (C) 1995-2005, 2006, 2007, 2009, 2010 Free Software Foundation, Inc. + Copyright (C) 1995-2007, 2009, 2010, 2011 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -168,6 +168,87 @@ local_strdup (const char *s) } +static bool +is_trusted_path (const char *path, size_t len) +{ + const char *trun = system_dirs; + + for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) + { + if (len == system_dirs_len[idx] && memcmp (trun, path, len) == 0) + /* Found it. */ + return true; + + trun += system_dirs_len[idx] + 1; + } + + return false; +} + + +static bool +is_trusted_path_normalize (const char *path, size_t len) +{ + if (len == 0) + return false; + + if (*path == ':') + { + ++path; + --len; + } + + char *npath = (char *) alloca (len + 2); + char *wnp = npath; + while (*path != '\0') + { + if (path[0] == '/') + { + if (path[1] == '.') + { + if (path[2] == '.' && (path[3] == '/' || path[3] == '\0')) + { + while (wnp > npath && *--wnp != '/') + ; + path += 3; + continue; + } + else if (path[2] == '/' || path[2] == '\0') + { + path += 2; + continue; + } + } + + if (wnp > npath && wnp[-1] == '/') + { + ++path; + continue; + } + } + + *wnp++ = *path++; + } + + if (wnp == npath || wnp[-1] != '/') + *wnp++ = '/'; + + const char *trun = system_dirs; + + for (size_t idx = 0; idx < nsystem_dirs_len; ++idx) + { + if (wnp - npath >= system_dirs_len[idx] + && memcmp (trun, npath, system_dirs_len[idx]) == 0) + /* Found it. */ + return true; + + trun += system_dirs_len[idx] + 1; + } + + return false; +} + + static size_t is_dst (const char *start, const char *name, const char *str, int is_path, int secure) @@ -200,7 +281,8 @@ is_dst (const char *start, const char *n return 0; if (__builtin_expect (secure, 0) - && ((name[len] != '\0' && (!is_path || name[len] != ':')) + && ((name[len] != '\0' && name[len] != '/' + && (!is_path || name[len] != ':')) || (name != start + 1 && (!is_path || name[-2] != ':')))) return 0; @@ -240,13 +322,14 @@ _dl_dst_substitute (struct link_map *l, int is_path) { const char *const start = name; - char *last_elem, *wp; /* Now fill the result path. While copying over the string we keep track of the start of the last path element. When we come accross a DST we copy over the value or (if the value is not available) leave the entire path element out. */ - last_elem = wp = result; + char *wp = result; + char *last_elem = result; + bool check_for_trusted = false; do { @@ -265,6 +348,9 @@ _dl_dst_substitute (struct link_map *l, else #endif repl = l->l_origin; + + check_for_trusted = (INTUSE(__libc_enable_secure) + && l->l_type == lt_executable); } else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) repl = GLRO(dl_platform); @@ -284,6 +370,10 @@ _dl_dst_substitute (struct link_map *l, name += len; while (*name != '\0' && (!is_path || *name != ':')) ++name; + /* Also skip following colon if this is the first rpath + element, but keep an empty element at the end. */ + if (wp == result && is_path && *name == ':' && name[1] != '\0') + ++name; } else /* No DST we recognize. */ @@ -293,11 +383,28 @@ _dl_dst_substitute (struct link_map *l, { *wp++ = *name++; if (is_path && *name == ':') - last_elem = wp; + { + /* In SUID/SGID programs, after $ORIGIN expansion the + normalized path must be rooted in one of the trusted + directories. */ + if (__builtin_expect (check_for_trusted, false) + && !is_trusted_path_normalize (last_elem, wp - last_elem)) + wp = last_elem; + else + last_elem = wp; + + check_for_trusted = false; + } } } while (*name != '\0'); + /* In SUID/SGID programs, after $ORIGIN expansion the normalized + path must be rooted in one of the trusted directories. */ + if (__builtin_expect (check_for_trusted, false) + && !is_trusted_path_normalize (last_elem, wp - last_elem)) + wp = last_elem; + *wp = '\0'; return result; @@ -310,7 +417,7 @@ _dl_dst_substitute (struct link_map *l, belonging to the map is loaded. In this case the path element containing $ORIGIN is left out. */ static char * -expand_dynamic_string_token (struct link_map *l, const char *s) +expand_dynamic_string_token (struct link_map *l, const char *s, int is_path) { /* We make two runs over the string. First we determine how large the resulting string is and then we copy it over. Since this is no @@ -321,7 +428,7 @@ expand_dynamic_string_token (struct link char *result; /* Determine the number of DST elements. */ - cnt = DL_DST_COUNT (s, 1); + cnt = DL_DST_COUNT (s, is_path); /* If we do not have to replace anything simply copy the string. */ if (__builtin_expect (cnt, 0) == 0) @@ -335,7 +442,7 @@ expand_dynamic_string_token (struct link if (result == NULL) return NULL; - return _dl_dst_substitute (l, s, result, 1); + return _dl_dst_substitute (l, s, result, is_path); } @@ -407,33 +514,8 @@ fillin_rpath (char *rpath, struct r_sear cp[len++] = '/'; /* Make sure we don't use untrusted directories if we run SUID. */ - if (__builtin_expect (check_trusted, 0)) - { - const char *trun = system_dirs; - size_t idx; - int unsecure = 1; - - /* All trusted directories must be complete names. */ - if (cp[0] == '/') - { - for (idx = 0; idx < nsystem_dirs_len; ++idx) - { - if (len == system_dirs_len[idx] - && memcmp (trun, cp, len) == 0) - { - /* Found it. */ - unsecure = 0; - break; - } - - trun += system_dirs_len[idx] + 1; - } - } - - if (unsecure) - /* Simply drop this directory. */ - continue; - } + if (__builtin_expect (check_trusted, 0) && !is_trusted_path (cp, len)) + continue; /* See if this directory is already known. */ for (dirp = GL(dl_all_dirs); dirp != NULL; dirp = dirp->next) @@ -551,13 +633,21 @@ decompose_rpath (struct r_search_path_st /* Make a writable copy. At the same time expand possible dynamic string tokens. */ - copy = expand_dynamic_string_token (l, rpath); + copy = expand_dynamic_string_token (l, rpath, 1); if (copy == NULL) { errstring = N_("cannot create RUNPATH/RPATH copy"); goto signal_error; } + /* Ignore empty rpaths. */ + if (*copy == 0) + { + free (copy); + sps->dirs = (struct r_search_path_elem **) -1; + return false; + } + /* Count the number of necessary elements in the result array. */ nelems = 0; for (cp = copy; *cp != '\0'; ++cp) @@ -2109,7 +2201,9 @@ _dl_map_object (struct link_map *loader, { #ifdef SHARED // XXX Correct to unconditionally default to namespace 0? - l = loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded; + l = (loader + ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded + ?: &GL(dl_rtld_map)); #else l = loader; #endif @@ -2175,7 +2269,7 @@ _dl_map_object (struct link_map *loader, { /* The path may contain dynamic string tokens. */ realname = (loader - ? expand_dynamic_string_token (loader, name) + ? expand_dynamic_string_token (loader, name, 0) : local_strdup (name)); if (realname == NULL) fd = -1; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
