Hello community,
here is the log from the commit of package glibc for openSUSE:Factory checked
in at 2014-06-23 09:23:33
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/glibc (Old)
and /work/SRC/openSUSE:Factory/.glibc.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "glibc"
Changes:
--------
--- /work/SRC/openSUSE:Factory/glibc/glibc-testsuite.changes 2014-05-22
20:38:35.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.glibc.new/glibc-testsuite.changes
2014-06-23 09:23:34.000000000 +0200
@@ -1,0 +2,12 @@
+Mon Jun 16 08:27:38 UTC 2014 - sch...@suse.de
+
+- psfaa.patch: copy filename argument in posix_spawn_file_actions_addopen
+ (CVE-2014-4043, bnc#882600, BZ #17048)
+
+-------------------------------------------------------------------
+Wed May 28 15:11:45 UTC 2014 - m...@suse.de
+
+- glibc-memset-nontemporal.diff: Speedup memset on x86_64
+ (bnc#868622, BZ #16830)
+
+-------------------------------------------------------------------
glibc-utils.changes: same change
glibc.changes: same change
New:
----
glibc-memset-nontemporal.diff
psfaa.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glibc-testsuite.spec ++++++
--- /var/tmp/diff_new_pack.TH1CnY/_old 2014-06-23 09:23:37.000000000 +0200
+++ /var/tmp/diff_new_pack.TH1CnY/_new 2014-06-23 09:23:37.000000000 +0200
@@ -256,6 +256,8 @@
Patch1011: aarch64-setcontext.patch
# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932)
Patch1012: nss-nis-stack-use.patch
+# PATCH-FIX-UPSTREAM posix_spawn_file_actions_addopen needs to copy the path
argument (BZ #17048)
+Patch1013: psfaa.patch
###
# Patches awaiting upstream approval
@@ -270,6 +272,8 @@
Patch2003: abort-no-flush.patch
# PATCH-FIX-UPSTREAM Properly handle forced elision in pthread_mutex_trylock
(BZ #16657)
Patch2004: pthread-mutex-trylock-elision.patch
+# PATCH-FIX-UPSTREAM Speedup memset on x86-64 for large block sizes (BZ #16830)
+Patch2005: glibc-memset-nontemporal.diff
# Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
@@ -483,12 +487,14 @@
%patch1010 -p1
%patch1011 -p1
%patch1012 -p1
+%patch1013 -p1
%patch2000 -p1
%patch2001 -p1
%patch2002 -p1
%patch2003 -p1
%patch2004 -p1
+%patch2005 -p1
%patch3000
glibc-utils.spec: same change
++++++ glibc.spec ++++++
--- /var/tmp/diff_new_pack.TH1CnY/_old 2014-06-23 09:23:37.000000000 +0200
+++ /var/tmp/diff_new_pack.TH1CnY/_new 2014-06-23 09:23:37.000000000 +0200
@@ -256,6 +256,8 @@
Patch1011: aarch64-setcontext.patch
# PATCH-FIX-UPSTREAM Fix unbound stack use in NIS NSS module (BZ #16932)
Patch1012: nss-nis-stack-use.patch
+# PATCH-FIX-UPSTREAM posix_spawn_file_actions_addopen needs to copy the path
argument (BZ #17048)
+Patch1013: psfaa.patch
###
# Patches awaiting upstream approval
@@ -270,6 +272,8 @@
Patch2003: abort-no-flush.patch
# PATCH-FIX-UPSTREAM Properly handle forced elision in pthread_mutex_trylock
(BZ #16657)
Patch2004: pthread-mutex-trylock-elision.patch
+# PATCH-FIX-UPSTREAM Speedup memset on x86-64 for large block sizes (BZ #16830)
+Patch2005: glibc-memset-nontemporal.diff
# Non-glibc patches
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
@@ -483,12 +487,14 @@
%patch1010 -p1
%patch1011 -p1
%patch1012 -p1
+%patch1013 -p1
%patch2000 -p1
%patch2001 -p1
%patch2002 -p1
%patch2003 -p1
%patch2004 -p1
+%patch2005 -p1
%patch3000
++++++ glibc-memset-nontemporal.diff ++++++
Fix for bnc #868622, slow memset for large block sizes.
diff --git a/sysdeps/x86_64/memset.S b/sysdeps/x86_64/memset.S
index db4fb84..9c42018 100644
--- a/sysdeps/x86_64/memset.S
+++ b/sysdeps/x86_64/memset.S
@@ -84,6 +84,9 @@ L(loop_start):
movdqu %xmm8, -48(%rdi,%rdx)
movdqu %xmm8, 48(%rdi)
movdqu %xmm8, -64(%rdi,%rdx)
+ mov __x86_shared_cache_size(%rip),%r9d # The largest cache size
+ cmp %r9,%rdx
+ ja L(nt_move)
addq %rdi, %rdx
andq $-64, %rdx
cmpq %rdx, %rcx
@@ -99,6 +102,23 @@ L(loop):
jne L(loop)
rep
ret
+L(nt_move):
+ addq %rdi, %rdx
+ andq $-64, %rdx
+ cmpq %rdx, %rcx
+ je L(return)
+ .p2align 4
+L(nt_loop):
+ movntdq %xmm8, (%rcx)
+ movntdq %xmm8, 16(%rcx)
+ movntdq %xmm8, 32(%rcx)
+ movntdq %xmm8, 48(%rcx)
+ addq $64, %rcx
+ cmpq %rcx, %rdx
+ jne L(nt_loop)
+ sfence
+ rep
+ ret
L(less_16_bytes):
movq %xmm8, %rcx
testb $24, %dl
++++++ psfaa.patch ++++++
2014-06-11 Florian Weimer <fwei...@redhat.com>
[BZ #17048]
* posix/spawn_int.h (struct __spawn_action): Make the path string
non-const to support deallocation.
* posix/spawn_faction_addopen.c
(posix_spawn_file_actions_addopen): Make a copy of the pathname.
* posix/spawn_faction_destroy.c
(posix_spawn_file_actions_destroy): Adjust comment. Deallocate
path in all spawn_do_open actions.
* posix/tst-spawn.c (do_test): Exercise the copy operation in
posix_spawn_file_actions_addopen.
Index: glibc-2.19/posix/spawn_faction_addopen.c
===================================================================
--- glibc-2.19.orig/posix/spawn_faction_addopen.c
+++ glibc-2.19/posix/spawn_faction_addopen.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <spawn.h>
#include <unistd.h>
+#include <string.h>
#include "spawn_int.h"
@@ -35,17 +36,24 @@ posix_spawn_file_actions_addopen (posix_
if (fd < 0 || fd >= maxfd)
return EBADF;
+ char *path_copy = strdup (path);
+ if (path_copy == NULL)
+ return ENOMEM;
+
/* Allocate more memory if needed. */
if (file_actions->__used == file_actions->__allocated
&& __posix_spawn_file_actions_realloc (file_actions) != 0)
- /* This can only mean we ran out of memory. */
- return ENOMEM;
+ {
+ /* This can only mean we ran out of memory. */
+ free (path_copy);
+ return ENOMEM;
+ }
/* Add the new value. */
rec = &file_actions->__actions[file_actions->__used];
rec->tag = spawn_do_open;
rec->action.open_action.fd = fd;
- rec->action.open_action.path = path;
+ rec->action.open_action.path = path_copy;
rec->action.open_action.oflag = oflag;
rec->action.open_action.mode = mode;
Index: glibc-2.19/posix/spawn_faction_destroy.c
===================================================================
--- glibc-2.19.orig/posix/spawn_faction_destroy.c
+++ glibc-2.19/posix/spawn_faction_destroy.c
@@ -18,11 +18,29 @@
#include <spawn.h>
#include <stdlib.h>
-/* Initialize data structure for file attribute for `spawn' call. */
+#include "spawn_int.h"
+
+/* Deallocate the file actions. */
int
posix_spawn_file_actions_destroy (posix_spawn_file_actions_t *file_actions)
{
- /* Free the memory allocated. */
+ /* Free the paths in the open actions. */
+ for (int i = 0; i < file_actions->__used; ++i)
+ {
+ struct __spawn_action *sa = &file_actions->__actions[i];
+ switch (sa->tag)
+ {
+ case spawn_do_open:
+ free (sa->action.open_action.path);
+ break;
+ case spawn_do_close:
+ case spawn_do_dup2:
+ /* No cleanup required. */
+ break;
+ }
+ }
+
+ /* Free the array of actions. */
free (file_actions->__actions);
return 0;
}
Index: glibc-2.19/posix/spawn_int.h
===================================================================
--- glibc-2.19.orig/posix/spawn_int.h
+++ glibc-2.19/posix/spawn_int.h
@@ -22,7 +22,7 @@ struct __spawn_action
struct
{
int fd;
- const char *path;
+ char *path;
int oflag;
mode_t mode;
} open_action;
Index: glibc-2.19/posix/tst-spawn.c
===================================================================
--- glibc-2.19.orig/posix/tst-spawn.c
+++ glibc-2.19/posix/tst-spawn.c
@@ -168,6 +168,7 @@ do_test (int argc, char *argv[])
char fd2name[18];
char fd3name[18];
char fd4name[18];
+ char *name3_copy;
char *spargv[12];
int i;
@@ -222,9 +223,15 @@ do_test (int argc, char *argv[])
if (posix_spawn_file_actions_addclose (&actions, fd1) != 0)
error (EXIT_FAILURE, errno, "posix_spawn_file_actions_addclose");
/* We want to open the third file. */
- if (posix_spawn_file_actions_addopen (&actions, fd3, name3,
+ name3_copy = strdup (name3);
+ if (name3_copy == NULL)
+ error (EXIT_FAILURE, errno, "strdup");
+ if (posix_spawn_file_actions_addopen (&actions, fd3, name3_copy,
O_RDONLY, 0666) != 0)
error (EXIT_FAILURE, errno, "posix_spawn_file_actions_addopen");
+ /* Overwrite the name to check that a copy has been made. */
+ memset (name3_copy, 'X', strlen (name3_copy));
+
/* We dup the second descriptor. */
fd4 = MAX (2, MAX (fd1, MAX (fd2, fd3))) + 1;
if (posix_spawn_file_actions_adddup2 (&actions, fd2, fd4) != 0)
@@ -253,6 +260,7 @@ do_test (int argc, char *argv[])
/* Cleanup. */
if (posix_spawn_file_actions_destroy (&actions) != 0)
error (EXIT_FAILURE, errno, "posix_spawn_file_actions_destroy");
+ free (name3_copy);
/* Wait for the child. */
if (waitpid (pid, &status, 0) != pid)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
