From 2d658b851e674b7b3a996dd421379c2910407e36 Mon Sep 17 00:00:00 2001 From: Alexey Neyman Date: Thu, 11 May 2017 23:16:40 -0700 Subject: Add GCC 7.1.0 Removed patches either picked up upstream, or no longer applicable (boehm-gc no longer part of GCC). Signed-off-by: Alexey Neyman diff --git a/config/cc/gcc.in b/config/cc/gcc.in index caf254c..bc11b17 100644 --- a/config/cc/gcc.in +++ b/config/cc/gcc.in @@ -3,7 +3,7 @@ ## default y ## select CC_SUPPORT_CXX if !LIBC_none ## select CC_SUPPORT_FORTRAN -## select CC_SUPPORT_JAVA +## select CC_SUPPORT_JAVA if !CC_GCC_6_or_later ## select CC_SUPPORT_ADA ## select CC_SUPPORT_OBJC ## select CC_SUPPORT_OBJCXX @@ -73,6 +73,11 @@ choice # Don't remove next line # CT_INSERT_VERSION_BELOW +config CC_GCC_V_7_1_0 + bool + prompt "7.1.0" + select CC_GCC_7 + config CC_GCC_V_linaro_6_3 bool prompt "linaro-6.3-2017.02" @@ -141,25 +146,31 @@ config CC_GCC_4_9_or_later config CC_GCC_5 bool select CC_GCC_5_or_later - select CC_GCC_HAS_LIBMPX config CC_GCC_5_or_later bool select CC_GCC_4_9_or_later + select CC_GCC_HAS_LIBMPX config CC_GCC_6 bool select CC_GCC_6_or_later - select CC_GCC_HAS_LIBMPX config CC_GCC_6_or_later bool select CC_GCC_5_or_later -config CC_GCC_latest +config CC_GCC_7 + bool + select CC_GCC_7_or_later + +config CC_GCC_7_or_later bool select CC_GCC_6_or_later - select CC_GCC_HAS_LIBMPX + +config CC_GCC_latest + bool + select CC_GCC_7_or_later # Only enable gcc's support for plugins if binutils has it as well # They are useful only when doing LTO, but it does no harm enabling @@ -185,6 +196,7 @@ config CC_GCC_VERSION string # Don't remove next line # CT_INSERT_VERSION_STRING_BELOW + default "7.1.0" if CC_GCC_V_7_1_0 default "linaro-6.3-2017.02" if CC_GCC_V_linaro_6_3 default "6.3.0" if CC_GCC_V_6_3_0 default "linaro-5.4-2017.01" if CC_GCC_V_linaro_5_4 diff --git a/patches/gcc/7.1.0/100-uclibc-conf.patch b/patches/gcc/7.1.0/100-uclibc-conf.patch new file mode 100644 index 0000000..73d1f0d --- /dev/null +++ b/patches/gcc/7.1.0/100-uclibc-conf.patch @@ -0,0 +1,15 @@ +Index: b/contrib/regression/objs-gcc.sh +=================================================================== +--- a/contrib/regression/objs-gcc.sh ++++ b/contrib/regression/objs-gcc.sh +@@ -106,6 +106,10 @@ + then + make all-gdb all-dejagnu all-ld || exit 1 + make install-gdb install-dejagnu install-ld || exit 1 ++elif [ $H_REAL_TARGET = $H_REAL_HOST -a $H_REAL_TARGET = i686-pc-linux-uclibc ] ++ then ++ make all-gdb all-dejagnu all-ld || exit 1 ++ make install-gdb install-dejagnu install-ld || exit 1 + elif [ $H_REAL_TARGET = $H_REAL_HOST ] ; then + make bootstrap || exit 1 + make install || exit 1 diff --git a/patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch b/patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch new file mode 100644 index 0000000..bce09eb --- /dev/null +++ b/patches/gcc/7.1.0/1000-libtool-leave-framework-alone.patch @@ -0,0 +1,14 @@ +--- gcc-6.2.0/libtool-ldflags 2016-12-20 11:13:12.669668125 -0800 ++++ gcc-6.2.0/libtool-ldflags 2016-12-20 11:28:34.894826286 -0800 +@@ -36,6 +36,11 @@ + for arg + do + case $arg in ++ -framework) ++ # libtool handles this option. It should not be prefixed with ++ # -Xcompiler, as that would split it from the argument that ++ # follows. ++ ;; + -f*|--*|-static-lib*|-shared-lib*|-B*) + # Libtool does not ascribe any special meaning options + # that begin with -f or with a double-dash. So, it will diff --git a/patches/gcc/7.1.0/370-gcc-plugin-Win-Dont-need-undefined-extern-var-refs-nor-fpic.patch b/patches/gcc/7.1.0/370-gcc-plugin-Win-Dont-need-undefined-extern-var-refs-nor-fpic.patch new file mode 100644 index 0000000..d8986d5 --- /dev/null +++ b/patches/gcc/7.1.0/370-gcc-plugin-Win-Dont-need-undefined-extern-var-refs-nor-fpic.patch @@ -0,0 +1,160 @@ +diff -urN gcc-5.3.0.orig/config/gcc-plugin.m4 gcc-5.3.0/config/gcc-plugin.m4 +--- gcc-5.3.0.orig/config/gcc-plugin.m4 2015-12-19 14:39:04.120734900 +0000 ++++ gcc-5.3.0/config/gcc-plugin.m4 2015-12-20 01:28:45.381965300 +0000 +@@ -20,6 +20,9 @@ + + pluginlibs= + ++ PICFLAG="-fPIC" ++ UNDEFINEDPREAMBLE="extern int X;" ++ UNDEFINEDCODE="return X == 0;" + case "${host}" in + *-*-darwin*) + if test x$build = x$host; then +@@ -30,6 +33,11 @@ + export_sym_check= + fi + ;; ++ *-*-mingw*|*-*-cygwin*|*-*-msys*) ++ PICFLAG="" ++ UNDEFINEDPREAMBLE="" ++ UNDEFINEDCODE="" ++ ;; + *) + if test x$build = x$host; then + export_sym_check="objdump${exeext} -T" +@@ -81,17 +89,17 @@ + case "${host}" in + *-*-darwin*) + CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g` +- CFLAGS="$CFLAGS -fPIC" ++ CFLAGS="$CFLAGS ${PICFLAG}" + LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup" + ;; + *) +- CFLAGS="$CFLAGS -fPIC" +- LDFLAGS="$LDFLAGS -fPIC -shared" ++ CFLAGS="$CFLAGS ${PICFLAG}" ++ LDFLAGS="$LDFLAGS ${PICFLAG} -shared" + ;; + esac +- AC_MSG_CHECKING([for -fPIC -shared]) ++ AC_MSG_CHECKING([for ${PICFLAG} -shared]) + AC_TRY_LINK( +- [extern int X;],[return X == 0;], ++ [${UNDEFINEDPREAMBLE}],[${UNDEFINEDCODE}], + [AC_MSG_RESULT([yes]); have_pic_shared=yes], + [AC_MSG_RESULT([no]); have_pic_shared=no]) + if test x"$have_pic_shared" != x"yes" -o x"$ac_cv_search_dlopen" = x"no"; then +diff -urN gcc-5.3.0.orig/gcc/configure gcc-5.3.0/gcc/configure +--- gcc-5.3.0.orig/gcc/configure 2015-12-19 14:40:16.893975900 +0000 ++++ gcc-5.3.0/gcc/configure 2015-12-20 01:28:45.472476700 +0000 +@@ -28386,6 +28386,9 @@ + + pluginlibs= + ++ PICFLAG="-fPIC" ++ UNDEFINEDPREAMBLE="extern int X;" ++ UNDEFINEDCODE="return X == 0;" + case "${host}" in + *-*-darwin*) + if test x$build = x$host; then +@@ -28396,6 +28399,11 @@ + export_sym_check= + fi + ;; ++ *-*-mingw*|*-*-cygwin*|*-*-msys*) ++ PICFLAG="" ++ UNDEFINEDPREAMBLE="" ++ UNDEFINEDCODE="" ++ ;; + *) + if test x$build = x$host; then + export_sym_check="objdump${exeext} -T" +@@ -28508,23 +28516,23 @@ + case "${host}" in + *-*-darwin*) + CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g` +- CFLAGS="$CFLAGS -fPIC" ++ CFLAGS="$CFLAGS ${PICFLAG}" + LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup" + ;; + *) +- CFLAGS="$CFLAGS -fPIC" +- LDFLAGS="$LDFLAGS -fPIC -shared" ++ CFLAGS="$CFLAGS ${PICFLAG}" ++ LDFLAGS="$LDFLAGS ${PICFLAG} -shared" + ;; + esac +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5 +-$as_echo_n "checking for -fPIC -shared... " >&6; } ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5 ++$as_echo_n "checking for ${PICFLAG} -shared... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +-extern int X; ++${UNDEFINEDPREAMBLE} + int + main () + { +-return X == 0; ++${UNDEFINEDCODE} + ; + return 0; + } +diff -urN gcc-5.3.0.orig/libcc1/configure gcc-5.3.0/libcc1/configure +--- gcc-5.3.0.orig/libcc1/configure 2015-12-19 14:40:20.855979000 +0000 ++++ gcc-5.3.0/libcc1/configure 2015-12-20 01:28:45.504980900 +0000 +@@ -14500,6 +14500,9 @@ + + pluginlibs= + ++ PICFLAG="-fPIC" ++ UNDEFINEDPREAMBLE="extern int X;" ++ UNDEFINEDCODE="return X == 0;" + case "${host}" in + *-*-darwin*) + if test x$build = x$host; then +@@ -14510,6 +14513,11 @@ + export_sym_check= + fi + ;; ++ *-*-mingw*|*-*-cygwin*|*-*-msys*) ++ PICFLAG="" ++ UNDEFINEDPREAMBLE="" ++ UNDEFINEDCODE="" ++ ;; + *) + if test x$build = x$host; then + export_sym_check="objdump${exeext} -T" +@@ -14622,23 +14630,23 @@ + case "${host}" in + *-*-darwin*) + CFLAGS=`echo $CFLAGS | sed s/-mdynamic-no-pic//g` +- CFLAGS="$CFLAGS -fPIC" ++ CFLAGS="$CFLAGS ${PICFLAG}" + LDFLAGS="$LDFLAGS -shared -undefined dynamic_lookup" + ;; + *) +- CFLAGS="$CFLAGS -fPIC" +- LDFLAGS="$LDFLAGS -fPIC -shared" ++ CFLAGS="$CFLAGS ${PICFLAG}" ++ LDFLAGS="$LDFLAGS ${PICFLAG} -shared" + ;; + esac +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -fPIC -shared" >&5 +-$as_echo_n "checking for -fPIC -shared... " >&6; } ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${PICFLAG} -shared" >&5 ++$as_echo_n "checking for ${PICFLAG} -shared... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ +-extern int X; ++${UNDEFINEDPREAMBLE} + int + main () + { +-return X == 0; ++${UNDEFINEDCODE} + ; + return 0; + } diff --git a/patches/gcc/7.1.0/380-gcc-plugin-POSIX-include-sys-select-h.patch b/patches/gcc/7.1.0/380-gcc-plugin-POSIX-include-sys-select-h.patch new file mode 100644 index 0000000..12ef48e --- /dev/null +++ b/patches/gcc/7.1.0/380-gcc-plugin-POSIX-include-sys-select-h.patch @@ -0,0 +1,11 @@ +diff -urN gcc-5.3.0.orig/libcc1/connection.cc gcc-5.3.0/libcc1/connection.cc +--- gcc-5.3.0.orig/libcc1/connection.cc 2015-12-19 14:40:20.860479600 +0000 ++++ gcc-5.3.0/libcc1/connection.cc 2015-12-20 01:31:04.346611500 +0000 +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + #include + #include + #include "marshall.hh" diff --git a/patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch b/patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch new file mode 100644 index 0000000..5efa7fd --- /dev/null +++ b/patches/gcc/7.1.0/810-arm-softfloat-libgcc.patch @@ -0,0 +1,30 @@ +Index: b/gcc/config/arm/linux-elf.h +=================================================================== +--- a/gcc/config/arm/linux-elf.h ++++ b/gcc/config/arm/linux-elf.h +@@ -60,7 +60,7 @@ + %{shared:-lc} \ + %{!shared:%{profile:-lc_p}%{!profile:-lc}}" + +-#define LIBGCC_SPEC "%{mfloat-abi=soft*:-lfloat} -lgcc" ++#define LIBGCC_SPEC "-lgcc" + + #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2" + +Index: b/libgcc/config/arm/t-linux +=================================================================== +--- a/libgcc/config/arm/t-linux ++++ b/libgcc/config/arm/t-linux +@@ -1,6 +1,11 @@ + LIB1ASMSRC = arm/lib1funcs.S + LIB1ASMFUNCS = _udivsi3 _divsi3 _umodsi3 _modsi3 _dvmd_lnx _clzsi2 _clzdi2 \ +- _ctzsi2 _arm_addsubdf3 _arm_addsubsf3 ++ _ctzsi2 _arm_addsubdf3 _arm_addsubsf3 \ ++ _arm_addsubdf3 _arm_addsubsf3 \ ++ _arm_negdf2 _arm_muldivdf3 _arm_cmpdf2 _arm_unorddf2 \ ++ _arm_fixdfsi _arm_fixunsdfsi _arm_truncdfsf2 \ ++ _arm_negsf2 _arm_muldivsf3 _arm_cmpsf2 _arm_unordsf2 \ ++ _arm_fixsfsi _arm_fixunssfsi + + # Just for these, we omit the frame pointer since it makes such a big + # difference. diff --git a/patches/gcc/7.1.0/860-cilk-wchar.patch b/patches/gcc/7.1.0/860-cilk-wchar.patch new file mode 100644 index 0000000..1d9916f --- /dev/null +++ b/patches/gcc/7.1.0/860-cilk-wchar.patch @@ -0,0 +1,56 @@ +[PATCH] cilk: fix build without wchar + +When building against uClibc with wchar support disabled, WCHAR_MIN and +WCHAR_MAX are not defined leading to compilation errors. + +Fix it by only including the wchar code if available. + +Signed-off-by: Peter Korsgaard +--- + libcilkrts/include/cilk/reducer_min_max.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +Index: b/libcilkrts/include/cilk/reducer_min_max.h +=================================================================== +--- a/libcilkrts/include/cilk/reducer_min_max.h ++++ b/libcilkrts/include/cilk/reducer_min_max.h +@@ -3154,7 +3154,9 @@ + CILK_C_REDUCER_MAX_INSTANCE(char, char, CHAR_MIN) + CILK_C_REDUCER_MAX_INSTANCE(unsigned char, uchar, 0) + CILK_C_REDUCER_MAX_INSTANCE(signed char, schar, SCHAR_MIN) ++#ifdef WCHAR_MIN + CILK_C_REDUCER_MAX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN) ++#endif + CILK_C_REDUCER_MAX_INSTANCE(short, short, SHRT_MIN) + CILK_C_REDUCER_MAX_INSTANCE(unsigned short, ushort, 0) + CILK_C_REDUCER_MAX_INSTANCE(int, int, INT_MIN) +@@ -3306,7 +3308,9 @@ + CILK_C_REDUCER_MAX_INDEX_INSTANCE(char, char, CHAR_MIN) + CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned char, uchar, 0) + CILK_C_REDUCER_MAX_INDEX_INSTANCE(signed char, schar, SCHAR_MIN) ++#ifdef WCHAR_MIN + CILK_C_REDUCER_MAX_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MIN) ++#endif + CILK_C_REDUCER_MAX_INDEX_INSTANCE(short, short, SHRT_MIN) + CILK_C_REDUCER_MAX_INDEX_INSTANCE(unsigned short, ushort, 0) + CILK_C_REDUCER_MAX_INDEX_INSTANCE(int, int, INT_MIN) +@@ -3432,7 +3436,9 @@ + CILK_C_REDUCER_MIN_INSTANCE(char, char, CHAR_MAX) + CILK_C_REDUCER_MIN_INSTANCE(unsigned char, uchar, CHAR_MAX) + CILK_C_REDUCER_MIN_INSTANCE(signed char, schar, SCHAR_MAX) ++#ifdef WCHAR_MAX + CILK_C_REDUCER_MIN_INSTANCE(wchar_t, wchar_t, WCHAR_MAX) ++#endif + CILK_C_REDUCER_MIN_INSTANCE(short, short, SHRT_MAX) + CILK_C_REDUCER_MIN_INSTANCE(unsigned short, ushort, USHRT_MAX) + CILK_C_REDUCER_MIN_INSTANCE(int, int, INT_MAX) +@@ -3584,7 +3590,9 @@ + CILK_C_REDUCER_MIN_INDEX_INSTANCE(char, char, CHAR_MAX) + CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned char, uchar, CHAR_MAX) + CILK_C_REDUCER_MIN_INDEX_INSTANCE(signed char, schar, SCHAR_MAX) ++#ifdef WCHAR_MAX + CILK_C_REDUCER_MIN_INDEX_INSTANCE(wchar_t, wchar_t, WCHAR_MAX) ++#endif + CILK_C_REDUCER_MIN_INDEX_INSTANCE(short, short, SHRT_MAX) + CILK_C_REDUCER_MIN_INDEX_INSTANCE(unsigned short, ushort, USHRT_MAX) + CILK_C_REDUCER_MIN_INDEX_INSTANCE(int, int, INT_MAX) diff --git a/patches/gcc/7.1.0/891-fix-m68k-uclinux.patch b/patches/gcc/7.1.0/891-fix-m68k-uclinux.patch new file mode 100644 index 0000000..4e186bd --- /dev/null +++ b/patches/gcc/7.1.0/891-fix-m68k-uclinux.patch @@ -0,0 +1,18 @@ +avoids internal compiler error while compiling linux-atomic.c +See here: +https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53833 + +Signed-off-by: Waldemar Brodkorb + +diff -Nur gcc-5.3.0.orig/libgcc/config.host gcc-5.3.0/libgcc/config.host +--- gcc-5.3.0.orig/libgcc/config.host 2015-10-01 14:01:18.000000000 +0200 ++++ gcc-5.3.0/libgcc/config.host 2016-04-26 21:30:25.353691745 +0200 +@@ -794,7 +794,7 @@ + m68k*-*-openbsd*) + ;; + m68k-*-uclinux*) # Motorola m68k/ColdFire running uClinux with uClibc +- tmake_file="$tmake_file m68k/t-floatlib m68k/t-linux" ++ tmake_file="$tmake_file m68k/t-floatlib" + md_unwind_header=m68k/linux-unwind.h + ;; + m68k-*-linux*) # Motorola m68k's running GNU/Linux diff --git a/patches/gcc/7.1.0/900-libgfortran-missing-include.patch b/patches/gcc/7.1.0/900-libgfortran-missing-include.patch new file mode 100644 index 0000000..1f47469 --- /dev/null +++ b/patches/gcc/7.1.0/900-libgfortran-missing-include.patch @@ -0,0 +1,10 @@ +--- gcc-6.3.0/libgfortran/io/close.c.org 2017-01-17 09:43:48.395850000 +0100 ++++ gcc-6.3.0/libgfortran/io/close.c 2017-01-17 09:21:05.000000000 +0100 +@@ -25,6 +25,7 @@ + #include "io.h" + #include "unix.h" + #include ++#include + + typedef enum + { CLOSE_DELETE, CLOSE_KEEP, CLOSE_UNSPECIFIED } diff --git a/patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch b/patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch new file mode 100644 index 0000000..61989e5 --- /dev/null +++ b/patches/gcc/7.1.0/910-nios2-bad-multilib-default.patch @@ -0,0 +1,28 @@ +diff -ur gcc-6.2.0.orig/gcc/config/nios2/nios2.h gcc-6.2.0/gcc/config/nios2/nios2.h +--- gcc-6.2.0.orig/gcc/config/nios2/nios2.h 2016-11-29 10:27:50.364479625 -0800 ++++ gcc-6.2.0/gcc/config/nios2/nios2.h 2016-11-29 10:29:55.069624746 -0800 +@@ -63,11 +63,11 @@ + #if TARGET_ENDIAN_DEFAULT == 0 + # define ASM_SPEC "%{!meb:-EL} %{meb:-EB} %{march=*:-march=%*}" + # define LINK_SPEC_ENDIAN "%{!meb:-EL} %{meb:-EB}" +-# define MULTILIB_DEFAULTS { "EL" } ++# define MULTILIB_DEFAULTS { "mel" } + #else + # define ASM_SPEC "%{!mel:-EB} %{mel:-EL} %{march=*:-march=%*}" + # define LINK_SPEC_ENDIAN "%{!mel:-EB} %{mel:-EL}" +-# define MULTILIB_DEFAULTS { "EB" } ++# define MULTILIB_DEFAULTS { "meb" } + #endif + + #define LINK_SPEC LINK_SPEC_ENDIAN \ +diff -ur gcc-6.2.0.orig/gcc/config/nios2/t-nios2 gcc-6.2.0/gcc/config/nios2/t-nios2 +--- gcc-6.2.0.orig/gcc/config/nios2/t-nios2 2016-11-29 10:27:50.364479625 -0800 ++++ gcc-6.2.0/gcc/config/nios2/t-nios2 2016-11-29 10:29:03.517151014 -0800 +@@ -22,6 +22,5 @@ + # MULTILIB_DIRNAMES = nomul mulx fpu-60-1 fpu-60-2 + # MULTILIB_EXCEPTIONS = + +-# MULTILIB_OPTIONS += EL/EB ++# MULTILIB_OPTIONS += mel/meb + # MULTILIB_DIRNAMES += le be +-# MULTILIB_MATCHES += EL=mel EB=meb diff --git a/patches/gcc/7.1.0/930-libgcc-disable-split-stack-nothreads.patch b/patches/gcc/7.1.0/930-libgcc-disable-split-stack-nothreads.patch new file mode 100644 index 0000000..07f9a73 --- /dev/null +++ b/patches/gcc/7.1.0/930-libgcc-disable-split-stack-nothreads.patch @@ -0,0 +1,14 @@ +disable split-stack for non-thread builds + +Signed-off-by: Waldemar Brodkorb + +diff -Nur gcc-5.3.0.orig/libgcc/config/t-stack gcc-5.3.0/libgcc/config/t-stack +--- gcc-5.3.0.orig/libgcc/config/t-stack 2010-10-01 21:31:49.000000000 +0200 ++++ gcc-5.3.0/libgcc/config/t-stack 2016-03-07 03:25:32.000000000 +0100 +@@ -1,4 +1,6 @@ + # Makefile fragment to provide generic support for -fsplit-stack. + # This should be used in config.host for any host which supports + # -fsplit-stack. ++ifeq ($(enable_threads),yes) + LIB2ADD_ST += $(srcdir)/generic-morestack.c $(srcdir)/generic-morestack-thread.c ++endif -- cgit v0.10.2-6-g49f6 From e943889480c49713274c3f4ba1da0991becb2f4d Mon Sep 17 00:00:00 2001 From: Alexey Neyman Date: Fri, 12 May 2017 10:59:20 -0700 Subject: Add patch to uClibc-ng that allows building with GCC7 Signed-off-by: Alexey Neyman diff --git a/patches/uClibc-ng/1.0.20/700-features.h-c11.patch b/patches/uClibc-ng/1.0.20/700-features.h-c11.patch new file mode 100644 index 0000000..cb1d2a8 --- /dev/null +++ b/patches/uClibc-ng/1.0.20/700-features.h-c11.patch @@ -0,0 +1,61 @@ +From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Sun, 7 May 2017 16:28:14 +0200 +Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation + +--- + include/features.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/include/features.h b/include/features.h +index e76bbba..f982079 100644 +--- a/include/features.h ++++ b/include/features.h +@@ -55,6 +55,7 @@ + These are defined by this file and are used by the + header files to decide what to declare or define: + ++ __USE_ISOC11 Define ISO C11 things. + __USE_ISOC99 Define ISO C99 things. + __USE_ISOC95 Define ISO C90 AMD1 (C95) things. + __USE_POSIX Define IEEE Std 1003.1 things. +@@ -91,6 +92,7 @@ + + + /* Undefine everything, so we get a clean slate. */ ++#undef __USE_ISOC11 + #undef __USE_ISOC99 + #undef __USE_ISOC95 + #undef __USE_POSIX +@@ -151,6 +153,8 @@ + #ifdef _GNU_SOURCE + # undef _ISOC99_SOURCE + # define _ISOC99_SOURCE 1 ++# undef _ISOC11_SOURCE ++# define _ISOC11_SOURCE 1 + # undef _POSIX_SOURCE + # define _POSIX_SOURCE 1 + # undef _POSIX_C_SOURCE +@@ -223,11 +227,14 @@ + # define _SVID_SOURCE 1 + #endif + +-/* This is to enable the ISO C99 extension. Also recognize the old macro +- which was used prior to the standard acceptance. This macro will +- eventually go away and the features enabled by default once the ISO C99 +- standard is widely adopted. */ +-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ ++/* This is to enable the ISO C11 extension. */ ++#if (defined _ISOC11_SOURCE \ ++ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L)) ++# define __USE_ISOC11 1 ++#endif ++ ++/* This is to enable the ISO C99 extension. */ ++#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \ + || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) + # define __USE_ISOC99 1 + #endif +-- +cgit v0.11.2-3-g2eb4 + diff --git a/patches/uClibc-ng/1.0.21/700-features.h-c11.patch b/patches/uClibc-ng/1.0.21/700-features.h-c11.patch new file mode 100644 index 0000000..cb1d2a8 --- /dev/null +++ b/patches/uClibc-ng/1.0.21/700-features.h-c11.patch @@ -0,0 +1,61 @@ +From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Sun, 7 May 2017 16:28:14 +0200 +Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation + +--- + include/features.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/include/features.h b/include/features.h +index e76bbba..f982079 100644 +--- a/include/features.h ++++ b/include/features.h +@@ -55,6 +55,7 @@ + These are defined by this file and are used by the + header files to decide what to declare or define: + ++ __USE_ISOC11 Define ISO C11 things. + __USE_ISOC99 Define ISO C99 things. + __USE_ISOC95 Define ISO C90 AMD1 (C95) things. + __USE_POSIX Define IEEE Std 1003.1 things. +@@ -91,6 +92,7 @@ + + + /* Undefine everything, so we get a clean slate. */ ++#undef __USE_ISOC11 + #undef __USE_ISOC99 + #undef __USE_ISOC95 + #undef __USE_POSIX +@@ -151,6 +153,8 @@ + #ifdef _GNU_SOURCE + # undef _ISOC99_SOURCE + # define _ISOC99_SOURCE 1 ++# undef _ISOC11_SOURCE ++# define _ISOC11_SOURCE 1 + # undef _POSIX_SOURCE + # define _POSIX_SOURCE 1 + # undef _POSIX_C_SOURCE +@@ -223,11 +227,14 @@ + # define _SVID_SOURCE 1 + #endif + +-/* This is to enable the ISO C99 extension. Also recognize the old macro +- which was used prior to the standard acceptance. This macro will +- eventually go away and the features enabled by default once the ISO C99 +- standard is widely adopted. */ +-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ ++/* This is to enable the ISO C11 extension. */ ++#if (defined _ISOC11_SOURCE \ ++ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L)) ++# define __USE_ISOC11 1 ++#endif ++ ++/* This is to enable the ISO C99 extension. */ ++#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \ + || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) + # define __USE_ISOC99 1 + #endif +-- +cgit v0.11.2-3-g2eb4 + diff --git a/patches/uClibc-ng/1.0.22/700-features.h-c11.patch b/patches/uClibc-ng/1.0.22/700-features.h-c11.patch new file mode 100644 index 0000000..cb1d2a8 --- /dev/null +++ b/patches/uClibc-ng/1.0.22/700-features.h-c11.patch @@ -0,0 +1,61 @@ +From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Sun, 7 May 2017 16:28:14 +0200 +Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation + +--- + include/features.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/include/features.h b/include/features.h +index e76bbba..f982079 100644 +--- a/include/features.h ++++ b/include/features.h +@@ -55,6 +55,7 @@ + These are defined by this file and are used by the + header files to decide what to declare or define: + ++ __USE_ISOC11 Define ISO C11 things. + __USE_ISOC99 Define ISO C99 things. + __USE_ISOC95 Define ISO C90 AMD1 (C95) things. + __USE_POSIX Define IEEE Std 1003.1 things. +@@ -91,6 +92,7 @@ + + + /* Undefine everything, so we get a clean slate. */ ++#undef __USE_ISOC11 + #undef __USE_ISOC99 + #undef __USE_ISOC95 + #undef __USE_POSIX +@@ -151,6 +153,8 @@ + #ifdef _GNU_SOURCE + # undef _ISOC99_SOURCE + # define _ISOC99_SOURCE 1 ++# undef _ISOC11_SOURCE ++# define _ISOC11_SOURCE 1 + # undef _POSIX_SOURCE + # define _POSIX_SOURCE 1 + # undef _POSIX_C_SOURCE +@@ -223,11 +227,14 @@ + # define _SVID_SOURCE 1 + #endif + +-/* This is to enable the ISO C99 extension. Also recognize the old macro +- which was used prior to the standard acceptance. This macro will +- eventually go away and the features enabled by default once the ISO C99 +- standard is widely adopted. */ +-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ ++/* This is to enable the ISO C11 extension. */ ++#if (defined _ISOC11_SOURCE \ ++ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L)) ++# define __USE_ISOC11 1 ++#endif ++ ++/* This is to enable the ISO C99 extension. */ ++#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \ + || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) + # define __USE_ISOC99 1 + #endif +-- +cgit v0.11.2-3-g2eb4 + diff --git a/patches/uClibc-ng/1.0.23/700-features.h-c11.patch b/patches/uClibc-ng/1.0.23/700-features.h-c11.patch new file mode 100644 index 0000000..cb1d2a8 --- /dev/null +++ b/patches/uClibc-ng/1.0.23/700-features.h-c11.patch @@ -0,0 +1,61 @@ +From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Sun, 7 May 2017 16:28:14 +0200 +Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation + +--- + include/features.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/include/features.h b/include/features.h +index e76bbba..f982079 100644 +--- a/include/features.h ++++ b/include/features.h +@@ -55,6 +55,7 @@ + These are defined by this file and are used by the + header files to decide what to declare or define: + ++ __USE_ISOC11 Define ISO C11 things. + __USE_ISOC99 Define ISO C99 things. + __USE_ISOC95 Define ISO C90 AMD1 (C95) things. + __USE_POSIX Define IEEE Std 1003.1 things. +@@ -91,6 +92,7 @@ + + + /* Undefine everything, so we get a clean slate. */ ++#undef __USE_ISOC11 + #undef __USE_ISOC99 + #undef __USE_ISOC95 + #undef __USE_POSIX +@@ -151,6 +153,8 @@ + #ifdef _GNU_SOURCE + # undef _ISOC99_SOURCE + # define _ISOC99_SOURCE 1 ++# undef _ISOC11_SOURCE ++# define _ISOC11_SOURCE 1 + # undef _POSIX_SOURCE + # define _POSIX_SOURCE 1 + # undef _POSIX_C_SOURCE +@@ -223,11 +227,14 @@ + # define _SVID_SOURCE 1 + #endif + +-/* This is to enable the ISO C99 extension. Also recognize the old macro +- which was used prior to the standard acceptance. This macro will +- eventually go away and the features enabled by default once the ISO C99 +- standard is widely adopted. */ +-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ ++/* This is to enable the ISO C11 extension. */ ++#if (defined _ISOC11_SOURCE \ ++ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L)) ++# define __USE_ISOC11 1 ++#endif ++ ++/* This is to enable the ISO C99 extension. */ ++#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \ + || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) + # define __USE_ISOC99 1 + #endif +-- +cgit v0.11.2-3-g2eb4 + diff --git a/patches/uClibc-ng/1.0.24/700-features.h-c11.patch b/patches/uClibc-ng/1.0.24/700-features.h-c11.patch new file mode 100644 index 0000000..cb1d2a8 --- /dev/null +++ b/patches/uClibc-ng/1.0.24/700-features.h-c11.patch @@ -0,0 +1,61 @@ +From 5b0f49037e8ea8500b05c8f31ee88529ccac4cee Mon Sep 17 00:00:00 2001 +From: Waldemar Brodkorb +Date: Sun, 7 May 2017 16:28:14 +0200 +Subject: sync features.h with GNU C library, fixes gcc 7.1 toolchain creation + +--- + include/features.h | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/include/features.h b/include/features.h +index e76bbba..f982079 100644 +--- a/include/features.h ++++ b/include/features.h +@@ -55,6 +55,7 @@ + These are defined by this file and are used by the + header files to decide what to declare or define: + ++ __USE_ISOC11 Define ISO C11 things. + __USE_ISOC99 Define ISO C99 things. + __USE_ISOC95 Define ISO C90 AMD1 (C95) things. + __USE_POSIX Define IEEE Std 1003.1 things. +@@ -91,6 +92,7 @@ + + + /* Undefine everything, so we get a clean slate. */ ++#undef __USE_ISOC11 + #undef __USE_ISOC99 + #undef __USE_ISOC95 + #undef __USE_POSIX +@@ -151,6 +153,8 @@ + #ifdef _GNU_SOURCE + # undef _ISOC99_SOURCE + # define _ISOC99_SOURCE 1 ++# undef _ISOC11_SOURCE ++# define _ISOC11_SOURCE 1 + # undef _POSIX_SOURCE + # define _POSIX_SOURCE 1 + # undef _POSIX_C_SOURCE +@@ -223,11 +227,14 @@ + # define _SVID_SOURCE 1 + #endif + +-/* This is to enable the ISO C99 extension. Also recognize the old macro +- which was used prior to the standard acceptance. This macro will +- eventually go away and the features enabled by default once the ISO C99 +- standard is widely adopted. */ +-#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \ ++/* This is to enable the ISO C11 extension. */ ++#if (defined _ISOC11_SOURCE \ ++ || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 201112L)) ++# define __USE_ISOC11 1 ++#endif ++ ++/* This is to enable the ISO C99 extension. */ ++#if (defined _ISOC99_SOURCE || defined _ISOC11_SOURCE \ + || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199901L)) + # define __USE_ISOC99 1 + #endif +-- +cgit v0.11.2-3-g2eb4 + -- cgit v0.10.2-6-g49f6 From 5d792b41794c3cc6d36d63dfad2d7629e2d893c9 Mon Sep 17 00:00:00 2001 From: Alexey Neyman Date: Sat, 13 May 2017 20:14:24 -0700 Subject: Patches for glibc to compile with GCC7 Signed-off-by: Alexey Neyman diff --git a/patches/glibc/2.12.1/920-fix-rpc_parse-format.patch b/patches/glibc/2.12.1/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.12.1/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.12.1/940-nis-bogus-conditional.patch b/patches/glibc/2.12.1/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.12.1/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.12.2/920-fix-rpc_parse-format.patch b/patches/glibc/2.12.2/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.12.2/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.12.2/940-nis-bogus-conditional.patch b/patches/glibc/2.12.2/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.12.2/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.13/920-fix-rpc_parse-format.patch b/patches/glibc/2.13/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.13/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.13/940-nis-bogus-conditional.patch b/patches/glibc/2.13/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.13/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.14.1/920-fix-rpc_parse-format.patch b/patches/glibc/2.14.1/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.14.1/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.14.1/940-nis-bogus-conditional.patch b/patches/glibc/2.14.1/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.14.1/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.14/920-fix-rpc_parse-format.patch b/patches/glibc/2.14/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.14/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.14/940-nis-bogus-conditional.patch b/patches/glibc/2.14/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.14/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.15/920-fix-rpc_parse-format.patch b/patches/glibc/2.15/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.15/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.15/940-nis-bogus-conditional.patch b/patches/glibc/2.15/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.15/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.16.0/920-fix-rpc_parse-format.patch b/patches/glibc/2.16.0/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.16.0/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.16.0/940-nis-bogus-conditional.patch b/patches/glibc/2.16.0/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.16.0/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.17/920-fix-rpc_parse-format.patch b/patches/glibc/2.17/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.17/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.17/940-nis-bogus-conditional.patch b/patches/glibc/2.17/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.17/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.18/920-fix-rpc_parse-format.patch b/patches/glibc/2.18/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.18/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.18/940-nis-bogus-conditional.patch b/patches/glibc/2.18/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.18/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.19/920-fix-rpc_parse-format.patch b/patches/glibc/2.19/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.19/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.19/930-explicit-boolean.patch b/patches/glibc/2.19/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.19/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.19/940-nis-bogus-conditional.patch b/patches/glibc/2.19/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.19/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.20/920-fix-rpc_parse-format.patch b/patches/glibc/2.20/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.20/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.20/930-explicit-boolean.patch b/patches/glibc/2.20/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.20/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.20/940-nis-bogus-conditional.patch b/patches/glibc/2.20/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.20/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.21/920-fix-rpc_parse-format.patch b/patches/glibc/2.21/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.21/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.21/930-explicit-boolean.patch b/patches/glibc/2.21/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.21/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.21/940-nis-bogus-conditional.patch b/patches/glibc/2.21/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.21/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.21/950-dlclose-assert.patch b/patches/glibc/2.21/950-dlclose-assert.patch new file mode 100644 index 0000000..6e2fcff --- /dev/null +++ b/patches/glibc/2.21/950-dlclose-assert.patch @@ -0,0 +1,40 @@ +commit 2bd2cad9e8a410643e80efa0b15f6f2882e1271b +Author: Roland McGrath +Date: Fri Apr 17 14:29:40 2015 -0700 + + Avoid confusing compiler with dynamically impossible statically invalid dereference in _dl_close_worker. + +diff --git a/elf/dl-close.c b/elf/dl-close.c +index cf8f9e0465..412f71d70b 100644 +--- a/elf/dl-close.c ++++ b/elf/dl-close.c +@@ -641,9 +641,16 @@ _dl_close_worker (struct link_map *map) + DL_UNMAP (imap); + + /* Finally, unlink the data structure and free it. */ +- if (imap->l_prev != NULL) +- imap->l_prev->l_next = imap->l_next; +- else ++#if DL_NNS == 1 ++ /* The assert in the (imap->l_prev == NULL) case gives ++ the compiler license to warn that NS points outside ++ the dl_ns array bounds in that case (as nsid != LM_ID_BASE ++ is tantamount to nsid >= DL_NNS). That should be impossible ++ in this configuration, so just assert about it instead. */ ++ assert (nsid == LM_ID_BASE); ++ assert (imap->l_prev != NULL); ++#else ++ if (imap->l_prev == NULL) + { + assert (nsid != LM_ID_BASE); + ns->_ns_loaded = imap->l_next; +@@ -652,6 +659,9 @@ _dl_close_worker (struct link_map *map) + we leave for debuggers to examine. */ + r->r_map = (void *) ns->_ns_loaded; + } ++ else ++#endif ++ imap->l_prev->l_next = imap->l_next; + + --ns->_ns_nloaded; + if (imap->l_next != NULL) diff --git a/patches/glibc/2.22/920-fix-rpc_parse-format.patch b/patches/glibc/2.22/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.22/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.22/930-explicit-boolean.patch b/patches/glibc/2.22/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.22/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.22/940-nis-bogus-conditional.patch b/patches/glibc/2.22/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.22/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.23/920-fix-rpc_parse-format.patch b/patches/glibc/2.23/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.23/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.23/930-explicit-boolean.patch b/patches/glibc/2.23/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.23/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.23/940-nis-bogus-conditional.patch b/patches/glibc/2.23/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.23/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/2.24/920-fix-rpc_parse-format.patch b/patches/glibc/2.24/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/2.24/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/2.24/930-explicit-boolean.patch b/patches/glibc/2.24/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/2.24/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/2.24/940-nis-bogus-conditional.patch b/patches/glibc/2.24/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/2.24/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; diff --git a/patches/glibc/linaro-2.20-2014.11/920-fix-rpc_parse-format.patch b/patches/glibc/linaro-2.20-2014.11/920-fix-rpc_parse-format.patch new file mode 100644 index 0000000..37e58da --- /dev/null +++ b/patches/glibc/linaro-2.20-2014.11/920-fix-rpc_parse-format.patch @@ -0,0 +1,60 @@ +commit 5874510faaf3cbd0bb112aaacab9f225002beed1 +Author: Joseph Myers +Date: Tue Nov 8 23:44:51 2016 +0000 + + Fix rpcgen buffer overrun (bug 20790). + + Building with GCC 7 produces an error building rpcgen: + + rpc_parse.c: In function 'get_prog_declaration': + rpc_parse.c:543:25: error: may write a terminating nul past the end of the destination [-Werror=format-length=] + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ~~~~^ + rpc_parse.c:543:5: note: format output between 5 and 14 bytes into a destination of size 10 + sprintf (name, "%s%d", ARGNAME, num); /* default name of argument */ + ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + That buffer overrun is for the case where the .x file declares a + program with a million arguments. The strcpy two lines above can + generate a buffer overrun much more simply for a long argument name. + + The limit on length of line read by rpcgen (MAXLINESIZE == 1024) + provides a bound on the buffer size needed, so this patch just changes + the buffer size to MAXLINESIZE to avoid both possible buffer + overruns. A testcase is added that rpcgen does not crash with a + 500-character argument name, where it previously crashed. + + It would not at all surprise me if there are many other ways of + crashing rpcgen with either valid or invalid input; fuzz testing would + likely find various such bugs, though I don't think they are that + important to fix (rpcgen is not that likely to be used with untrusted + .x files as input). (As well as fuzz-findable bugs there are probably + also issues when various int variables get overflowed on very large + input.) The test infrastructure for rpcgen-not-crashing tests would + need extending if tests are to be added for cases where rpcgen should + produce an error, as opposed to cases where it should succeed. + + Tested for x86_64 and x86. + + [BZ #20790] + * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size + to MAXLINESIZE. + * sunrpc/bug20790.x: New file. + * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New + variable. + [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests). + [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule. + +diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c +index 1a1df6d8c2..505a6554cf 100644 +--- a/sunrpc/rpc_parse.c ++++ b/sunrpc/rpc_parse.c +@@ -521,7 +521,7 @@ static void + get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ ) + { + token tok; +- char name[10]; /* argument name */ ++ char name[MAXLINESIZE]; /* argument name */ + + if (dkind == DEF_PROGRAM) + { diff --git a/patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch b/patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch new file mode 100644 index 0000000..780fae6 --- /dev/null +++ b/patches/glibc/linaro-2.20-2014.11/930-explicit-boolean.patch @@ -0,0 +1,33 @@ +commit e223d1fe72e820d96f43831412ab267a1ace04d0 +Author: steve ellcey-CA Eng-Software +Date: Fri Oct 14 12:53:27 2016 -0700 + + Fix warnings from latest GCC. + + * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly + boolean. + +diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c +index 663fa392c2..bd758b5979 100644 +--- a/sysdeps/ieee754/dbl-64/e_pow.c ++++ b/sysdeps/ieee754/dbl-64/e_pow.c +@@ -466,15 +466,15 @@ checkint (double x) + return (n & 1) ? -1 : 1; /* odd or even */ + if (k > 20) + { +- if (n << (k - 20)) ++ if (n << (k - 20) != 0) + return 0; /* if not integer */ +- return (n << (k - 21)) ? -1 : 1; ++ return (n << (k - 21) != 0) ? -1 : 1; + } + if (n) + return 0; /*if not integer */ + if (k == 20) + return (m & 1) ? -1 : 1; +- if (m << (k + 12)) ++ if (m << (k + 12) != 0) + return 0; +- return (m << (k + 11)) ? -1 : 1; ++ return (m << (k + 11) != 0) ? -1 : 1; + } diff --git a/patches/glibc/linaro-2.20-2014.11/940-nis-bogus-conditional.patch b/patches/glibc/linaro-2.20-2014.11/940-nis-bogus-conditional.patch new file mode 100644 index 0000000..09b38cf --- /dev/null +++ b/patches/glibc/linaro-2.20-2014.11/940-nis-bogus-conditional.patch @@ -0,0 +1,62 @@ +commit f88759ea9bd3c8d8fef28f123ba9767cb0e421a3 +Author: Joseph Myers +Date: Wed Dec 21 23:44:01 2016 +0000 + + Fix nss_nisplus build with mainline GCC (bug 20978). + + glibc build with current mainline GCC fails because + nis/nss_nisplus/nisplus-alias.c contains code + + if (name != NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; + } + + char buf[strlen (name) + 9 + tablename_len]; + + producing an error about strlen being called on a pointer that is + always NULL (and a subsequent use of that pointer with a %s format in + snprintf). + + As Andreas noted, the bogus conditional comes from a 1997 change: + + - if (name == NULL || strlen(name) > 8) + - return NSS_STATUS_NOTFOUND; + - else + + if (name != NULL || strlen(name) <= 8) + + So the intention is clearly to return an error for NULL name. + + This patch duly inverts the sense of the conditional. It fixes the + build with GCC mainline, and passes usual glibc testsuite testing for + x86_64. However, I have not tried any actual substantive nisplus + testing, do not have an environment for such testing, and do not know + whether it is possible that strlen (name) or tablename_len might be + large so that the VLA for buf is actually a security issue. However, + if it is a security issue, there are plenty of other similar instances + in the nisplus code (that haven't been hidden by a bogus comparison + with NULL) - and nis_table.c:__create_ib_request uses strdupa on the + string passed to nis_list, so a local fix in the caller wouldn't + suffice anyway (see bug 20987). (Calls to strdupa and other such + macros that use alloca must be considered equally questionable + regarding stack overflow issues as direct calls to alloca and VLA + declarations.) + + [BZ #20978] + * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r): + Compare name == NULL, not name != NULL. + +diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c +index 7f698b4e6d..cb5acce01d 100644 +--- a/nis/nss_nisplus/nisplus-alias.c ++++ b/nis/nss_nisplus/nisplus-alias.c +@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias, + return status; + } + +- if (name != NULL) ++ if (name == NULL) + { + *errnop = EINVAL; + return NSS_STATUS_UNAVAIL; -- cgit v0.10.2-6-g49f6 From 487c598b27caa585abe977151f345733661a1b45 Mon Sep 17 00:00:00 2001 From: Alexey Neyman Date: Sat, 13 May 2017 23:23:23 -0700 Subject: Fix sh4-*-linux with GCC7 GCC7 also checks -fsanitize=divide-by-zero, which generates a trap and in sh4, traps in rtld result in link failure. Pull the fix from upstream, although it is not a complete fix, I think: this still generates a trap (SIGILL) rather than the intended SIGFPE. Signed-off-by: Alexey Neyman diff --git a/patches/glibc/2.25/960-sh4-trap-divdi3.patch b/patches/glibc/2.25/960-sh4-trap-divdi3.patch new file mode 100644 index 0000000..20f6cb3 --- /dev/null +++ b/patches/glibc/2.25/960-sh4-trap-divdi3.patch @@ -0,0 +1,296 @@ +commit db3d848e154b00071f4a5e729d5884efad410109 +Author: Adhemerval Zanella +Date: Wed Mar 15 15:44:59 2017 -0300 + + Build divdi3 only for architecture that required it + + As noted in [1], divdi3 object is only exported in a handful ABIs + (i386, m68k, powerpc32, s390-32, and ia64), however it is built + for all current architectures regardless. + + This patch refact the make rules for this object to so only the + aforementioned architectures that actually require it builds it. + + Also, to avoid internal PLT calls to the exported symbol from the + module, glibc uses an internal header (symbol-hacks.h) which is + unrequired (and in fact breaks the build for architectures that + intend to get symbol definitions from libgcc.a). The patch also + changes it to create its own header (divdi3-symbol-hacks.h) and + adjust the architectures that require it accordingly. + + I checked the build/check (with run-built-tests=no) on the + following architectures (which I think must cover all supported + ABI/builds) using GCC 6.3: + + aarch64-linux-gnu + alpha-linux-gnu + arm-linux-gnueabihf + hppa-linux-gnu + ia64-linux-gnu + m68k-linux-gnu + microblaze-linux-gnu + mips64-n32-linux-gnu + mips-linux-gnu + mips64-linux-gnu + nios2-linux-gnu + powerpc-linux-gnu + powerpc-linux-gnu-power4 + powerpc64-linux-gnu + powerpc64le-linux-gnu + s390x-linux-gnu + s390-linux-gnu + sh4-linux-gnu + sh4-linux-gnu-soft + sparc64-linux-gnu + sparcv9-linux-gnu + tilegx-linux-gnu + tilegx-linux-gnu-32 + tilepro-linux-gnu + x86_64-linux-gnu + x86_64-linux-gnu-x32 + i686-linux-gnu + + I only saw one regression on sparcv9-linux-gnu (extra PLT call to + .udiv) which I address in next patch in the set. It also correctly + build SH with GCC 7.0.1 (without any regression from c89721e25d). + + [1] https://sourceware.org/ml/libc-alpha/2017-03/msg00243.html + + * sysdeps/i386/symbol-hacks.h: New file. + * sysdeps/m68k/symbol-hacks.h: New file. + * sysdeps/powerpc/powerpc32/symbol-hacks.h: New file. + * sysdeps/s390/s390-32/symbol-hacks.h: New file. + * sysdeps/unix/sysv/linux/i386/Makefile + [$(subdir) = csu] (sysdep_routines): New rule: divdi3 object. + [$(subdir) = csu] (sysdep-only-routines): Likewise. + [$(subdir) = csu] (CFLAGS-divdi3.c): Likewise. + * sysdeps/unix/sysv/linux/m68k/Makefile + [$(subdir) = csu] (sysdep_routines): Likewise. + [$(subdir) = csu] (sysdep-only-routines): Likewise. + [$(subdir) = csu] (CFLAGS-divdi3.c): Likewise. + * sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile + [$(subdir) = csu] (sysdep_routines): Likewise. + [$(subdir) = csu] (sysdep-only-routines): Likewise. + [$(subdir) = csu] (CFLAGS-divdi3.c): Likewise. + * sysdeps/unix/sysv/linux/s390/s390-32/Makefile + [$(subdir) = csu] (sysdep_routines): Likewise. + [$(subdir) = csu] (sysdep-only-routines): Likewise. + [$(subdir) = csu] (CFLAGS-divdi3.c): Likewise. + * sysdeps/wordsize-32/Makefile: Remove file. + * sysdeps/wordsize-32/symbol-hacks.h: Definitions move to ... + * sysdeps/wordsize-32/divdi3-symbol-hacks.h: ... here. + +diff --git a/sysdeps/i386/symbol-hacks.h b/sysdeps/i386/symbol-hacks.h +new file mode 100644 +index 0000000000..36a13c83f7 +--- /dev/null ++++ b/sysdeps/i386/symbol-hacks.h +@@ -0,0 +1,21 @@ ++/* Hacks needed for symbol manipulation. i386 version. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#include_next "symbol-hacks.h" +diff --git a/sysdeps/m68k/symbol-hacks.h b/sysdeps/m68k/symbol-hacks.h +new file mode 100644 +index 0000000000..e449d29810 +--- /dev/null ++++ b/sysdeps/m68k/symbol-hacks.h +@@ -0,0 +1,21 @@ ++/* Hacks needed for symbol manipulation. m68k version. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#include_next "symbol-hacks.h" +diff --git a/sysdeps/powerpc/powerpc32/symbol-hacks.h b/sysdeps/powerpc/powerpc32/symbol-hacks.h +new file mode 100644 +index 0000000000..dbb3141621 +--- /dev/null ++++ b/sysdeps/powerpc/powerpc32/symbol-hacks.h +@@ -0,0 +1,21 @@ ++/* Hacks needed for symbol manipulation. powerpc version. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#include_next "symbol-hacks.h" +diff --git a/sysdeps/s390/s390-32/symbol-hacks.h b/sysdeps/s390/s390-32/symbol-hacks.h +new file mode 100644 +index 0000000000..585c42365a +--- /dev/null ++++ b/sysdeps/s390/s390-32/symbol-hacks.h +@@ -0,0 +1,21 @@ ++/* Hacks needed for symbol manipulation. s390 version. ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++ ++#include_next "symbol-hacks.h" +diff --git a/sysdeps/unix/sysv/linux/i386/Makefile b/sysdeps/unix/sysv/linux/i386/Makefile +index 6aac0dfe15..4080b8c966 100644 +--- a/sysdeps/unix/sysv/linux/i386/Makefile ++++ b/sysdeps/unix/sysv/linux/i386/Makefile +@@ -26,6 +26,11 @@ endif + + ifeq ($(subdir),csu) + sysdep-dl-routines += sysdep ++ifeq (yes,$(build-shared)) ++sysdep_routines += divdi3 ++shared-only-routines += divdi3 ++CPPFLAGS-divdi3.c = -Din_divdi3_c ++endif + endif + + ifeq ($(subdir),nptl) +diff --git a/sysdeps/unix/sysv/linux/m68k/Makefile b/sysdeps/unix/sysv/linux/m68k/Makefile +index 5c50ce6927..ce1f696a6f 100644 +--- a/sysdeps/unix/sysv/linux/m68k/Makefile ++++ b/sysdeps/unix/sysv/linux/m68k/Makefile +@@ -4,6 +4,11 @@ m68k-syntax-flag = -DMOTOROLA_SYNTAX + + ifeq ($(subdir),csu) + sysdep_routines += m68k-helpers ++ifeq (yes,$(build-shared)) ++sysdep_routines += divdi3 ++shared-only-routines += divdi3 ++CPPFLAGS-divdi3.c = -Din_divdi3_c ++endif + endif + + ifeq ($(subdir),misc) +diff --git a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile +index 3d6c150582..1f45659ed1 100644 +--- a/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile ++++ b/sysdeps/unix/sysv/linux/powerpc/powerpc32/Makefile +@@ -1,2 +1,10 @@ + # See Makeconfig regarding the use of default-abi. + default-abi := 32 ++ ++ifeq ($(subdir),csu) ++ifeq (yes,$(build-shared)) ++sysdep_routines += divdi3 ++shared-only-routines += divdi3 ++CPPFLAGS-divdi3.c = -Din_divdi3_c ++endif ++endif +diff --git a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile +index da3b3c76b4..fd8cf92633 100644 +--- a/sysdeps/unix/sysv/linux/s390/s390-32/Makefile ++++ b/sysdeps/unix/sysv/linux/s390/s390-32/Makefile +@@ -21,3 +21,11 @@ endif + ifeq ($(subdir),stdlib) + sysdep_routines += __makecontext_ret + endif ++ ++ifeq ($(subdir),csu) ++ifeq (yes,$(build-shared)) ++sysdep_routines += divdi3 ++shared-only-routines += divdi3 ++CPPFLAGS-divdi3.c = -Din_divdi3_c ++endif ++endif +diff --git a/sysdeps/wordsize-32/Makefile b/sysdeps/wordsize-32/Makefile +deleted file mode 100644 +index 82beac44ed..0000000000 +--- a/sysdeps/wordsize-32/Makefile ++++ /dev/null +@@ -1,7 +0,0 @@ +-ifeq ($(subdir),csu) +-ifeq (yes,$(build-shared)) +-sysdep_routines += divdi3 +-shared-only-routines += divdi3 +-CPPFLAGS-divdi3.c = -Din_divdi3_c +-endif +-endif +diff --git a/sysdeps/wordsize-32/symbol-hacks.h b/sysdeps/wordsize-32/divdi3-symbol-hacks.h +similarity index 89% +rename from sysdeps/wordsize-32/symbol-hacks.h +rename to sysdeps/wordsize-32/divdi3-symbol-hacks.h +index 0aec1e0b97..6c90cb796d 100644 +--- a/sysdeps/wordsize-32/symbol-hacks.h ++++ b/sysdeps/wordsize-32/divdi3-symbol-hacks.h +@@ -1,4 +1,4 @@ +-/* Hacks needed for symbol manipulation. ++/* Hacks needed for divdi3 symbol manipulation. + Copyright (C) 2004-2017 Free Software Foundation, Inc. + This file is part of the GNU C Library. + +@@ -16,13 +16,13 @@ + License along with the GNU C Library; if not, see + . */ + +-#include_next "symbol-hacks.h" +- + /* A very dirty trick: gcc emits references to __divdi3, __udivdi3, + __moddi3, and __umoddi3. These functions are exported and + therefore we get PLTs. Unnecessarily so. Changing gcc is a big + task which might not be worth it so we play tricks with the +- assembler. */ ++ assembler. ++ Note: in_divdi3_c is only used to avoid symbol alias on divdi3 ++ build itself. */ + #if !defined __ASSEMBLER__ && !defined in_divdi3_c && IS_IN (libc) && defined SHARED + asm ("__divdi3 = __divdi3_internal"); + asm ("__udivdi3 = __udivdi3_internal"); diff --git a/patches/glibc/2.25/961-sparc-extra-plt-call.patch b/patches/glibc/2.25/961-sparc-extra-plt-call.patch new file mode 100644 index 0000000..3781cf0 --- /dev/null +++ b/patches/glibc/2.25/961-sparc-extra-plt-call.patch @@ -0,0 +1,65 @@ +commit bdc543e338281da051b3dc06eae96c330a485ce6 +Author: Adhemerval Zanella +Date: Thu Mar 16 09:15:57 2017 -0300 + + sparc: Fix .udiv plt on libc + + With the removal of divdi3 object from sparcv9-linux-gnu build, its + definition came from libgcc and its functions internall calls .udiv. + Since glibc also exports these symbols for compatibility reasons, it + will end up creating PLT calls internally in libc.so. + + To avoid it, this patch uses the linker option --wrap to replace all + the internal libc.so .udiv calls to the wrapper __wrap_.udiv. Along + with strong alias in the udiv implementations, it makes linker do + local calls. + + Checked on sparcv9-linux-gnu. + + * sysdeps/sparc/sparc32/Makefile (libc.so-gnulib): New rule. + * sysdeps/sparc/sparc32/sparcv8/udiv.S (.udiv): Make a strong_alias + to __wrap_.udiv. + * sysdeps/sparc/sparc32/sparcv9/udiv.S (.udiv): Likewise. + * sysdeps/sparc/sparc32/udiv.S (.udiv): Likewise. + +diff --git a/sysdeps/sparc/sparc32/Makefile b/sysdeps/sparc/sparc32/Makefile +index da205898cf..14d6e03c6f 100644 +--- a/sysdeps/sparc/sparc32/Makefile ++++ b/sysdeps/sparc/sparc32/Makefile +@@ -47,3 +47,9 @@ $(divrem:%=$(sysdep_dir)/sparc/sparc32/%.S): $(sysdep_dir)/sparc/sparc32/divrem. + mv -f $@-tmp $@ + + sysdep-realclean := $(sysdep-realclean) $(divrem:%=sysdeps/sparc/sparc32/%.S) ++ ++# libgcc __divdi3 and __moddi3 uses .udiv and since it is also exported by ++# libc.so linker will create PLTs for the symbol. To avoid it we strong alias ++# the exported libc one to __wrap_.udiv and use linker option --wrap to make any ++# call to .udiv to call the wrapper symbol. ++libc.so-gnulib += -Wl,--wrap=.udiv +diff --git a/sysdeps/sparc/sparc32/sparcv8/udiv.S b/sysdeps/sparc/sparc32/sparcv8/udiv.S +index d71954351e..e9cab4e4ef 100644 +--- a/sysdeps/sparc/sparc32/sparcv8/udiv.S ++++ b/sysdeps/sparc/sparc32/sparcv8/udiv.S +@@ -13,3 +13,4 @@ ENTRY(.udiv) + udiv %o0, %o1, %o0 + + END(.udiv) ++strong_alias (.udiv, __wrap_.udiv) +diff --git a/sysdeps/sparc/sparc32/sparcv9/udiv.S b/sysdeps/sparc/sparc32/sparcv9/udiv.S +index de79899756..368f85ede2 100644 +--- a/sysdeps/sparc/sparc32/sparcv9/udiv.S ++++ b/sysdeps/sparc/sparc32/sparcv9/udiv.S +@@ -15,3 +15,4 @@ ENTRY(.udiv) + udiv %o0, %o1, %o0 + + END(.udiv) ++strong_alias (.udiv, __wrap_.udiv) +diff --git a/sysdeps/sparc/sparc32/udiv.S b/sysdeps/sparc/sparc32/udiv.S +index 8dfff66158..ade0afdf40 100644 +--- a/sysdeps/sparc/sparc32/udiv.S ++++ b/sysdeps/sparc/sparc32/udiv.S +@@ -344,3 +344,4 @@ LOC(got_result): + mov %o2, %o0 + + END(.udiv) ++strong_alias (.udiv, __wrap_.udiv) -- cgit v0.10.2-6-g49f6 From 842915db44b2a41486dc5ea0212ddfc19093fe32 Mon Sep 17 00:00:00 2001 From: Alexey Neyman Date: Sun, 14 May 2017 00:04:05 -0700 Subject: Separate uclibc's multilib headers on MIPS, too The generated sysnum.h is different for o32/n32/64 ABIs. This needs to be revisited; either do this for all architecutres or perhaps, compare the headers for various multilibs and combine them if the are identical. Signed-off-by: Alexey Neyman diff --git a/scripts/build/arch/mips.sh b/scripts/build/arch/mips.sh index f91a80a..acb8851 100644 --- a/scripts/build/arch/mips.sh +++ b/scripts/build/arch/mips.sh @@ -48,6 +48,17 @@ CT_DoArchUClibcConfig() { CT_KconfigDeleteOption "CONFIG_MIPS_ISA_MIPS64R2" "${cfg}" } +CT_DoArchUClibcHeaderDir() { + local dir_var="${1}" + local cflags="${2}" + + # If it is non-default multilib, add a suffix with architecture (reported by gcc) + # to the headers installation path. + if [ -n "${cflags}" ]; then + eval "${dir_var}="$( ${CT_TARGET}-${CT_CC} -print-multiarch ${cflags} ) + fi +} + CT_DoArchUClibcCflags() { local cfg="${1}" local cflags="${2}" -- cgit v0.10.2-6-g49f6