Debian Patches

Status for glibc/2.36-9+deb12u7

Patch Description Author Forwarded Bugs Origin Last update
git-updates.diff GIT update of https://sourceware.org/git/glibc.git/release/2.36/master from glibc-2.36

diff --git a/Makeconfig b/Makeconfig
index ba70321af1..9dd058e04b 100644
no
locale/check-unknown-symbols.diff Check for unknown symbols in collation rules. This is useful to detect
broken locales since unknown symbols are always wrong.

This request has not been submitted upstream yet.

# DP: Dpatch author: Denis Barbier
# DP: Patch author: Denis Barbier
# DP: Upstream status: not submitted
# DP: Date: 2006-01-08
no
locale/locale-print-LANGUAGE.diff Comments tell that LANG has to be the first value, and LC_ALL the last
one. Thus LANGUAGE is printed between them.

# DP: Dpatch author: Denis Barbier
# DP: Patch author: Denis Barbier
# DP: Upstream status: not submitted
# DP: Date: 2006-01-08
no
locale/LC_IDENTIFICATION-optional-fields.diff In LC_IDENTIFICATION, audience, application and abbreviation keywords
are optional, thus do not report an error if they are not defined.

# DP: Dpatch author: Denis Barbier
# DP: Patch author: Denis Barbier
# DP: Upstream status: not submitted
# DP: Date: 2006-01-08
no
localedata/sort-UTF8-first.diff no
localedata/supported.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Add several locales to localedata.SUPPORTED
# DP: - ru_RU.CP1251 was requested in #225516
# DP: - uz_UZ.UTF-8 was clearly missing, uz_UZ had no UTF-8 variant
# DP: - da_DK.ISO-8859-15, en_GB.ISO-8859-15, en_US.ISO-8859-15, no_NO.UTF-8,
# DP: no_NO and sv_SE.ISO-8859-15 are found in fedora-branch CVS branch.
# DP: Related bugs: #225516 (ru_RU.CP1251)
# DP: Dpatch author: Denis Barbier
# DP: Upstream status: not submitted
# DP: Date: 2006-01-10
no
localedata/locale-eu_FR.diff # DP: Description: #257840: locales: Please add the eu_FR locale
# DP: Related bugs: #257840
# DP: Dpatch author: GOTO Masanori <gotom@debian.org>
# DP: Patch author: Christian Perrier <bubulle@debian.org>
# DP: Upstream status: Not submitted
# DP: Status Details: sending upstream
# DP: Date: 2004-07-31
no
localedata/locale-ku_TR.diff # DP: Description: Please add Kurdish locale
# DP: Related bugs: BZ870
# DP: Dpatch author: Denis Barbier <barbier@debian.org>
# DP: Patch author: Kader DILSIZ, Pablo Saratxaga
# DP: Upstream status: Version 0.1 submitted in the original bugreport
# DP: has been committed, this new version has been sent just after.
# DP: Date: 2006-01-06
no
localedata/fo_FO-date_fmt.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Fix d_t_fmt and date_fmt in fo_FO
# DP: Related bugs: #307194
# DP: Dpatch author: Denis Barbier
# DP: Patch author: Jacob Sparre Andersen <sparre@nbi.dk>
# DP: Upstream status: not submitted
# DP: Date: 2006-01-10
no
localedata/locales-fr.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Various fixes for all French locales
# DP: Related bugs: #248377 #351786 #345481
# DP: Dpatch author: Denis Barbier <barbier@debian.org>
# DP: Patch author: Denis Barbier
# DP: Upstream status: not submitted
# DP: Date: 2006-01-10
no
localedata/locale-en_DK.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Improve en_DK and add en_DK.ISO-8859-15 to SUPPORTED
# DP: This locale is only useful to provide ISO8601 date formats.
# DP: Related bugs: #323159
# DP: Dpatch author: Denis Barbier
# DP: Patch author: Jakob Bohm <jbj@image.dk>
# DP: Upstream status: not submitted
# DP: Date: 2006-01-16
no
localedata/locale-zh_TW.diff See BTS #352600.
Not submitted yet.
no
localedata/tailor-iso14651_t1.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: Rewrite collation rules to include iso14651_t1
# DP: ar_SA cs_CZ et_EE hr_HR lt_LT pl_PL sl_SI tr_TR: not
# DP: submitted yet.
# DP: Related bugs: BZ664 BZ672
# DP: Dpatch author: Denis Barbier
# DP: Patch author: Denis Barbier, Pablo Saratxaga
# DP: Upstream status: BZ664 BZ672
# DP: Date: 2006-01-18

2008-08-08 Aurelien Jarno <aurel32@debian.org>

Loosy update for glibc 2.8.

2007-05-25 Pierre Habouzit <madcoder@debian.org>

Loosy update for glibc 2.6.

2005-01-16 Denis Barbier <barbier@linuxfr.org>

[BZ #672]
Replace current collation rules by including iso14651_t1 and adding
extra rules if needed. There should be no noticeable changes in
sorted text. only ligatures and ignoreable characters have modified
weights.
* locales/da_DK: Likewise.
no
localedata/submitted-es_MX-decimal_point.diff 2012-06-06 Aurelien Jarno <aurelien@aurel32.net>

* locales/es_MX (LC_MONETARY): Set mon_thousands_sep to space
( ).
no
alpha/local-gcc4.1.diff 2006-05-30 Falk Hueffner <falk@debian.org>

* sysdeps/unix/sysv/linux/alpha/ioperm.c: force the architecture
to ev6 in assembly code.

{standard input}: Assembler messages:
{standard input}:341: Error: macro requires $at register while noat in effect
{standard input}:374: Error: macro requires $at register while noat in effect
{standard input}:438: Error: macro requires $at register while noat in effect
{standard input}:471: Error: macro requires $at register while noat in effect
make[3]: *** [/tmp/buildd/glibc-2.3.6/build-tree/alpha-libc/misc/ioperm.o] Error 1

Hrm. gcc puts .arch ev4 into the .s, and this overrides -mev6 for as.
I cannot really think of anything better than
no
alpha/submitted-dl-support.diff older versions of glibc would build dl-sysdep as shared-only and dl-support as
static-only. alpha hooks in a cache variable via dl-auxv.h. newer versions of
glibc build dl-sysdep as both shared and static which means we now have symbol
duplication for static builds with dl-sysdep and dl-support. since dl-sysdep
is both shared/static, there is no point in hooking dl-support anymore, so we
can punt it.
no
alpha/local-string-functions.diff The alpha assembly version of various string functions do not work
correctly on some corner cases, and thus doesn't pass the testsuite.
This patch removes them.
no
alpha/submitted-fts64.diff 2016-03-22 Aurelien Jarno <aurelien@aurel32.net>

* sysdeps/unix/sysv/linux/alpha/fts.c: New file.
* sysdeps/unix/sysv/linux/alpha/fts64.c: New file.
no
alpha/submitted-makecontext.diff 2018-03-01 Aurelien Jarno <aurelien@aurel32.net>

[BZ #22910]
* sysdeps/unix/sysv/linux/alpha/setcontext.S (__startcontext): Set
up CFI directive to forbid further backtracing.
no
arm/local-sigaction.diff no
arm/unsubmitted-ldso-multilib.diff no
arm/local-arm-futex.diff Lie about futex_atomic_cmpxchg_inatomic kernel support. In past versions of glibc, we incorrectly assumed all ARM kernels
in all configurations supported futex_atomic_cmpxchg_inatomic. This
was clearly a lie, however it was a lie that we relied on, because
the fallback implementation appears to not play nicely with certain
applications like pulseaudio. Restore the lie for kernels > 2.6.32
and plug our ears and scream "LA LA LA" about how wrong this is.
Adam Conrad <adconrad@ubuntu.com> no debian 2015-03-25
arm/git-atomic-compiler-builtins.diff commit f9646d138f568ced95b29c20efdf902063c7ea96

arm: Enable USE_ATOMIC_COMPILER_BUILTINS (BZ #24774)

As per other architectures. I have checked on a armv8 hardware with
the following configurations:

arm-linux-gnueabihf (gcc built with --with-float=hard --with-cpu=arm926ej-s)
armv5-linux-gnueabihf (-march=armv5te -mfpu=vfpv3)
armv7-linux-gnueabihf (-march=armv7-a -mfpu=vfpv3)
armv7-thumb-linux-gnueabihf (-march=armv7-a -mfpu=vfpv3 -mthumb)
armv7-neon-linux-gnueabihf (-march=armv7-a -mfpu=neon)
armv7-neonhard-linux-gnueabihf (-march=armv7-a -mfpu=neon -mfloat-abi=hard)

Without any regression.

I haven't dig into the code, but since Linux atomic-machine.h handle
pre-ARMv6 and ARMv6 I expect the compiler might have some small room
to optimize.

The code size also improves is most of the configurations:

* master

text data bss dec hex filename
1727801 9720 37928 1775449 1b1759 arm-linux-gnueabihf/libc.so
1691729 9720 37928 1739377 1a8a71 arm-linux-gnueabihf-armv7-disable-multi-arch/libc.so
1725509 9720 37928 1773157 1b0e65 armv5-linux-gnueabihf/libc.so
1700757 9720 37928 1748405 1aadb5 armv6-linux-gnueabihf/libc.so
1698973 9720 37928 1746621 1aa6bd armv6t2-linux-gnueabihf/libc.so
1695481 9752 37928 1743161 1a9939 armv7-linux-gnueabihf/libc.so
1692917 9744 37928 1740589 1a8f2d armv7-neonhard-linux-gnueabihf/libc.so
1692917 9744 37928 1740589 1a8f2d armv7-neon-linux-gnueabihf/libc.so
1225353 9752 37928 1273033 136cc9 armv7-thumb-linux-gnueabihf/libc.so

* patched

text data bss dec hex filename
1726805 9720 37928 1774453 1b1375 arm-linux-gnueabihf/libc.so
1689321 9720 37928 1736969 1a8109 arm-linux-gnueabihf-armv7-disable-multi-arch/libc.so
1724433 9720 37928 1772081 1b0a31 armv5-linux-gnueabihf/libc.so
1698301 9720 37928 1745949 1aa41d armv6-linux-gnueabihf/libc.so
1696525 9720 37928 1744173 1a9d2d armv6t2-linux-gnueabihf/libc.so
1693009 9752 37928 1740689 1a8f91 armv7-linux-gnueabihf/libc.so
1690493 9744 37928 1738165 1a85b5 armv7-neonhard-linux-gnueabihf/libc.so
1690493 9744 37928 1738165 1a85b5 armv7-neon-linux-gnueabihf/libc.so
1223837 9752 37928 1271517 1366dd armv7-thumb-linux-gnueabihf/libc.so

The idea is eventually move all architectures to use compiler builtins.

Reviewed-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>

diff --git a/sysdeps/arm/atomic-machine.h b/sysdeps/arm/atomic-machine.h
index 9524043797..e1f7731df0 100644
Adhemerval Zanella <adhemerval.zanella@linaro.org> no 2021-09-28
hppa/local-inlining.diff Increase the maximal overall growth of the compilation unit caused
by inlining for dl-reloc.c on hppa. This remove some warnings and
strangely it reduces the size of the final binary.
no
hurd-i386/git-htl-pthread-self-early.diff Will be committed for 2.37

commit 302bf01641d0addebe2aea69b9924bd781f76d81

htl: Let pthread_self and cancellability called early

When applications redirect some functions they might get called before
libpthread is fully initialized. They may still expected pthread_self
and cancellable functions to work, so cope with such calls in that
situation.

diff --git a/htl/cancellation.c b/htl/cancellation.c
index a5d5d2ac04..7d38944718 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-07-28
hurd-i386/git-static-pie.diff commit af6b1cce9812273c7f597be6536d28eaec6fb89b

hurd: Fix starting static binaries with stack protection enabled

gcc introduces gs:0x14 accesses in most functions, so we need some tcbhead
to be ready very early during initialization. This configures a static area
which can be referenced by various protected functions, until proper TLS is
set up.

diff --git a/sysdeps/mach/hurd/i386/init-first.c b/sysdeps/mach/hurd/i386/init-first.c
index f10d4a1bc2..7d8721856b 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-22
hurd-i386/git-ipv6.diff commit af6e07dad78dd6367e81d5a4fec7056f1af3e806

non-linux: bits/in.h: Add more RFC options

diff --git a/bits/in.h b/bits/in.h
index 076cce08aa..ad898cce89 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-15
hurd-i386/git-ip_mreqn.diff commit a2ee8c6500fdaff03019928d916d166ee266e1f5

Move ip_mreqn structure from Linux to generic

I.e. from sysdeps/unix/sysv/linux/bits/in.h to netinet/in.h

It is following both the BSD and Linux definitions.

Reviewed-by: Florian Weimer <fweimer@redhat.com>

diff --git a/inet/netinet/in.h b/inet/netinet/in.h
index 1633bc64e4..362eb9e9e7 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-13
hurd-i386/git-bootstrap-enable_secure.diff commit dba88b4f44d80864ec78595526e081ab9b5af278

hurd: Assume non-suid during bootstrap

We do not have a hurd data block only when bootstrapping the system, in
which case we don't have a notion of suid yet anyway.

This is needed, otherwise init_standard_fds would check that standard
file descriptors are allocated, which is meaningless during bootstrap.

diff --git a/sysdeps/mach/hurd/i386/init-first.c b/sysdeps/mach/hurd/i386/init-first.c
index 534a796e0d..f10d4a1bc2 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-19
hurd-i386/git-cond-destroy.diff commit 4565083abc972bffe810e4151f8f3cb48531e526

htl: Make pthread*_cond_timedwait register wref before releasing mutex

Otherwise another thread could be rightly trying to destroy the condition,
see e.g. tst-cond20.

diff --git a/sysdeps/htl/pt-cond-timedwait.c b/sysdeps/htl/pt-cond-timedwait.c
index 6f4cb41bf1..4352e54fff 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-22
hurd-i386/git-strerror_X.diff commit 03ad444e8e086391f53d87c3949e0d44adef4bc3

mach: Fix incoherency between perror and strerror

08d2024b4167 ("string: Simplify strerror_r") inadvertently made
__strerror_r print unknown error system in decimal while the original
code was printing it in hexadecimal. perror was kept printing in
hexadecimal in 725eeb4af14c ("string: Use tls-internal on strerror_l"),
let us keep both coherent.

This also fixes a duplicate ':'

Spotted by the libunistring testsuite test-perror2

commit 1918241b55540536fee45b3096e786b7b7f9277a

tst-sprintf-errno: Update Hurd message output

03ad444e8e08 ("mach: Fix incoherency between perror and strerror")
fixesd the output of error messages, but tst-sprintf-errno.c was still
checking the old (erroneous) format. This updates the expected output
according to the 03ad444e8e08 fix.

diff --git a/sysdeps/mach/_strerror.c b/sysdeps/mach/_strerror.c
index b179c440d3..acc00612bb 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-09-11
hurd-i386/git-xpg_strerror.diff commit cb033e6b0ca7b8873cd00687ffd1828038a595d3

mach: Make xpg_strerror_r set a message on error

posix advises to have strerror_r fill a message even when we are returning
an error.

This makes mach's xpg_strerror_r do this, like the generic version does.

Spotted by the libunistring testsuite test-strerror_r

diff --git a/sysdeps/mach/xpg-strerror.c b/sysdeps/mach/xpg-strerror.c
index 92bb67e2bc..de75cc84ae 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-08-27
hurd-i386/git-readlink-fifo.diff commit 9e5c991106cb04b489272de0ef6a7a6bcef50477 (origin/master, origin/HEAD)

hurd: Fix readlink() hanging on fifo

readlink() opens the target with O_READ to be able to read the symlink
content. When the target is actually a fifo, that would hang waiting for a
writer (caught in the coreutils testsuite). We thus have to first lookup the
target without O_READ to perform io_stat and lookout for fifos, and only
after checking the symlink type, we can re-lookup with O_READ.

commit 5652e12cce80825297c3e0666991deb10310343c (HEAD -> master, origin-rw/master)

hurd: Make readlink* just reopen the file used for stat

9e5c991106cb ("hurd: Fix readlink() hanging on fifo") separated opening
the file for the stat call from opening the file for the read call. That
however opened a small window for the file to change. Better make this
atomic by reopening the file with O_READ.

===================================================================
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-09-15
hurd-i386/git-net-route.h.diff commit ffd0b295d96aa58d65e642d7519f4d8c33acb3f0

hurd: Add ifrtreq structure to net/route.h

As used by the hurdish route ioctls.

===================================================================
Damien Zammit <damien@zamaudio.com> no 2022-09-21
hurd-i386/git-SOMAXCONN.diff commit 7de3f0a96c4e93a7cd7312296d00039604ed94f8

hurd: Increase SOMAXCONN to 4096

Notably fakeroot-tcp may introduce a lot of parallel connections.

diff --git a/sysdeps/mach/hurd/bits/socket.h b/sysdeps/mach/hurd/bits/socket.h
index 70fce4fb27..4ece37f1dd 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-09-27
hurd-i386/git-sigtimedwait.diff commit 19934d629ee22bbd332f04da4320e4f624c9560c

hurd: Add sigtimedwait and sigwaitinfo support

This simply needed to add the timeout parameter to mach_msg, and copy
information from struct hurd_signal_detail.

diff --git a/sysdeps/mach/hurd/sigtimedwait.c b/sysdeps/mach/hurd/sigtimedwait.c
new file mode 100644
index 0000000000..cc5b383ea6
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-11-07
hurd-i386/git-getrandom-chroot.diff commit 8fb923ddc38dd5f4bfac4869d70fd80483fdb87a

hurd: Make getrandom cache the server port

Previously, getrandom would, each time it's called, traverse the file
system to find /dev/urandom, fetch some random data from it, then throw
away that port. This is quite slow, while calls to getrandom are
genrally expected to be fast.

Additionally, this means that getrandom can not work when /dev/urandom
is unavailable, such as inside a chroot that lacks one. User programs
expect calls to getrandom to work inside a chroot if they first call
getrandom outside of the chroot.

In particular, this is known to break the OpenSSH server, and in that
case the issue is exacerbated by the API of arc4random, which prevents
it from properly reporting errors, forcing glibc to abort on failure.
This causes sshd to just die once it tries to generate a random number.

Caching the random server port, in a manner similar to how socket
server ports are cached, both improves the performance and works around
the chroot issue.

Tested on i686-gnu with the following program:

pthread_barrier_t barrier;

void *worker(void*) {
pthread_barrier_wait(&barrier);
uint32_t sum = 0;
for (int i = 0; i < 10000; i++) {
sum += arc4random();
}
return (void *)(uintptr_t) sum;
}

int main() {
pthread_t threads[THREAD_COUNT];

pthread_barrier_init(&barrier, NULL, THREAD_COUNT);

for (int i = 0; i < THREAD_COUNT; i++) {
pthread_create(&threads[i], NULL, worker, NULL);
}
for (int i = 0; i < THREAD_COUNT; i++) {
void *retval;
pthread_join(threads[i], &retval);
printf("Thread %i: %lu\n", i, (unsigned long)(uintptr_t) retval);
}

In my totally unscientific benchmark, with this patch, this completes
in about 7 seconds, whereas previously it took about 50 seconds. This
program was also used to test that getrandom () doesn't explode if the
random server dies, but instead reopens the /dev/urandom anew. I have
also verified that with this patch, OpenSSH can once again accept
connections properly.

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20221202135558.23781-1-bugaevc@gmail.com>

diff --git a/sysdeps/mach/hurd/getrandom.c b/sysdeps/mach/hurd/getrandom.c
index ad2d3ba387..9ee3ef74fb 100644
Sergey Bugaev <bugaevc@gmail.com> no 2022-12-02
hurd-i386/git-mach-headers-freestanding.diff commit 8b8c768e3c701ed1993789bb46acb8a12c7a93df

Force use of -ffreestanding when checking for gnumach headers

Without this ./configure assumes that we are in a fully hosted
environment, which might not be the case. After this patch, we can rely on
the freestanding header files provided by GCC such as stdint.h.
Message-Id: <Y5+0V9osFc/zXMq0@mars>

commit 7685630b98ca2a3f5de86eadf130993e6cf998a0

mach: Fix passing -ffreestanding when checking for gnumach headers

8b8c768e3c70 ("Force use of -ffreestanding when checking for gnumach
headers") was passing -ffreestanding to CFLAGS only, but headers checks are
performed with the preprocessor, so we rather need to pass it to CPPFLAGS.

commit 0fb10e49ad169374650534509767ec1d4232e230

mach: Drop remnants of old_CFLAGS
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-12-19
hurd-i386/git-sem_wait_race.diff commit 289b098c9e21e2805e3835f9b5780235ab14a290

htl: Fix sem_wait race between read and gsync_wait

If the value changes between sem_wait's read and the gsync_wait call,
the kernel will return KERN_INVALID_ARGUMENT, which we have to interpret
as the value having already changed.

This fixes applications (e.g. libgo) seeing sem_wait erroneously return
KERN_INVALID_ARGUMENT.

diff --git a/sysdeps/htl/sem-timedwait.c b/sysdeps/htl/sem-timedwait.c
index 1b1eec9f59..c610804b08 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2022-12-30
hurd-i386/git-intr-msg-cfa.diff commit 63550530d98db6e9c30dc96a3ea08411b873b23e

hurd: Fix unwinding over INTR_MSG_TRAP

We used to use .cfi_adjust_cfa_offset around %esp manipulation
asm instructions to fix unwinding, but when building glibc with
-fno-omit-frame-pointer this is bogus since in that case %ebp is the CFA and
does not move.

Instead, let's force -fno-omit-frame-pointer when building intr-msg.c so
that %ebp can always be used and no .cfi_adjust_cfa_offset is needed.

diff --git a/hurd/Makefile b/hurd/Makefile
index 77cb16cdf7..7c34e9ad0d 100644
Samuel Thibault <samuel.thibault@ens-lyon.org> no 2023-02-09
hurd-i386/local-enable-ldconfig.diff # DP: Description: Enable ldconfig and such on hurd-i386
# DP: Author: Jeff Bailey <jbailey@nisa.net>
# DP: Related Bugs: #309489
# DP: Upstream status: Not submitted
# DP: Status Details: Upstream disagrees with this patch, but I'm
# DP: putting it in so that we have expected Debian behaviour on the
# DP: Hurd. We should review this when the ELF standard supports runpath.
# DP: Date: 08 Apr 2003
no
hurd-i386/tg-sysvshm.diff [PATCH] Implement SysV shared memory for GNU/Hurd.
2005-07-11 Marcus Brinkmann <marcus@gnu.org>

* hurd/Makefile (routines): Add sysvshm.
(distribute): Add sysvshm.h.
* hurd/sysvshm.h: New file.
* hurd/sysvshm.c: New file.
* sysdeps/mach/hurd/bits/stat.h (S_IMMAP0): New macro.
(S_ISPARE): Unset the S_IMMAP0 flag.
* sysdeps/mach/hurd/ftok.c: New file.
* sysdeps/mach/hurd/shmat.c: New file.
* sysdeps/mach/hurd/shmctl.c: New file.
* sysdeps/mach/hurd/shmdt.c: New file.
* sysdeps/mach/hurd/bits/posix_opt.h: Define _XOPEN_SHM to 1.

TODO:

> + char filename[sizeof (SHM_DIR) - 1 + SHM_NAMEMAX];
> + struct stat statbuf;
> +
> + sprintf (filename, SHM_DIR SHM_NAMEPRI, id);
> + /* SysV requires read access for IPC_STAT. */
> + fd = __open (filename, O_NORW);
> + if (fd < 0)
> + {
> + if (errno == ENOENT)
> + errno = EINVAL;
> + return -1;
> + }

Since this is repeated in more than one function, put it into an
internal subroutine. Then we have only one place doing the
name-generation logic.



> + case IPC_RMID:
> + res = __unlink (filename);
> + /* FIXME: Check error (mapping ENOENT to EINVAL). */

Fix it.
Marcus Brinkmann <marcus@gnu.org> no
hurd-i386/tg-thread-cancel.diff [PATCH] The critical section lock _can_ be held in these place.
At least since hurd_thread_cancel can be called by another thread and lock our
critical lock.

http://bugs.debian.org/46859


Thomas suggested that there is no need to take the critical section
lock. I believe that taking the critical section lock is necessary to
prevent the target thread from entering a signal handler. Roland will
look into the problem.


Taking the critical section lock makes these assertions bogus.

It happens that hurd_thread_cancel is only called from libports and inside
/hurd/term so this is rare in practice.

A reproducer can be found here:

http://lists.gnu.org/archive/html/bug-hurd/2014-05/msg00025.html

2006-08-05 Samuel Thibault <samuel.thibault@ens-lyon.org>

* hurd/thread-cancel.c (hurd_thread_cancel): Do not assert that
`&ss->critical_section_lock' is unlocked.
* sysdeps/mach/hurd/jmp-unwind.c (_longjmp_unwind): Likewise, and take
critical section lock before taking the sigstate lock.
* sysdeps/mach/hurd/spawni.c (__spawni): Likewise.
Samuel Thibault <samuel.thibault@ens-lyon.org> no
hurd-i386/local-disable-ioctls.diff struct ortentry and struct ifalias req are actually not defined
struct arpreq is defined, but can not be passed to an ioctl on the Hurd.
so let's make packages not believe these are available.
no
hurd-i386/tg-sendmsg-SCM_CREDS.diff [PATCH] hurd: SCM_CREDS support
Svante Signell <svante.signell@gmail.com>
Samuel Thibault <samuel.thibault@ens-lyon.org>

* sysdeps/mach/hurd/sendmsg.c (__libc_sendmsg): On SCM_CREDS
control messages, record uids, pass a rendez-vous port in the
control message, and call __auth_user_authenticate_request to
make auth send credentials on that port. Do not wait for a
reply.
* sysdeps/mach/hurd/recvmsg.c (contains_uid, contains_gid,
check_auth): New functions.
(__libc_recvmsg): On SCM_CREDS control messages, call check_auth
to check the passed credentials thanks to the answer from the
auth server.
* hurd/Makefile (user-interfaces): Add auth_request and
auth_reply.
no
hurd-i386/tg-mach-hurd-link.diff [PATCH] Add -lmachuser -lhurduser to libc.so on GNU/Hurd.
http://lists.gnu.org/archive/html/bug-hurd/2011-03/msg00112.html

2011-03-29 Samuel Thibault <samuel.thibault@ens-lyon.org>

* Makerules ($(inst_libdir)/libc.so): Add -lmachuser -lhurduser to
libc.so on GNU/Hurd.

It's still unclear what we want to aim for.
Samuel Thibault <samuel.thibault@ens-lyon.org> no
hurd-i386/local-ED.diff This is a long funny story, but even if it's standard-compliant, it poses too
many problems.
no
hurd-i386/local-madvise_warn.diff Do not warn about madvise not being implemented. It does not have any real
semantic anyway, and that brings some -Werror FTBFS.
no
hurd-i386/tg-hooks.diff [PATCH] t/hooks
Add link rules to sort hooks, otherwise they are not properly recorded

2012-04-21 Samuel Thibault <samuel.thibault@ens-lyon.org>

* Makerules (shlib.lds): Add hurd hooks sorting rules.
Samuel Thibault <samuel.thibault@ens-lyon.org> no
hurd-i386/local-usr.diff Upstream uses prefix= while we use prefix=/usr

===================================================================
no
hurd-i386/tg-ifaddrs_v6.diff [PATCH] Workaround to add IPv6 support to getifaddrs
ifreq only contains sockaddr structures, which are not big enough for
IPv6 addresses. This takes another, ugly, approach, by parsing fsysopts
/servers/socket/2 options...
Samuel Thibault <samuel.thibault@ens-lyon.org> no
hurd-i386/unsubmitted-clock_t_centiseconds.diff Some applications assume centisecond precision, or at most millisecond precision
(e.g. guile). This is a work-around for them.
no
hurd-i386/submitted-path_mounted.diff [PATCH 2/2] Define _PATH_MOUNTED as "/etc/mtab"
Change the definition of _PATH_MOUNTED to "/etc/mtab". This is the
value used on Linux.

The change is motivated by the fact that on Debian /etc/mtab is a
symbolic link to /proc/mounts. This patch adjusts the macro for
non-linux systems such as Hurd. Changing this using
sysdeps/mach/hurd/paths.h causes build problems because
/usr/include/hurd/paths.h is shadowed by this file. This change is
proposed in the hope that aligning the non-linux targets with the
glibc for Linux is perceived as a good thing while fixing this problem
on Debian/Hurd along the way.

* sysdeps/generic/paths.h (_PATH_MOUNTED): Change value to "/etc/mtab".
Justus Winter <4winter@informatik.uni-hamburg.de> no 2013-08-15
hurd-i386/submitted-bind_umask2.diff 2014-08-27 Samuel Thibault <samuel.thibault@ens-lyon.org>

Fix bind when umask is e.g. 0777.

* sysdeps/mach/hurd/bind.c (__bind): Pass mode 0666 to __dir_mkfile
instead of final mode, so that call __ifsock_getsockaddr can always
succeed, before calling __file_chmod to fix the mode according to umask,
before calling __dir_link to show the file.

Part of the original fix was committed, the other hasn't been yet, see Roland's
"Harumph" reply to
https://sourceware.org/ml/libc-alpha/2014-08/msg00408.html
no
hurd-i386/tg-bootstrap.diff This dependency is missing, but would pose problem on Darwin no
hurd-i386/tg-libc_rwlock_recursive.diff [PATCH] XXX: make libc_rwlock recursive
Without making the rwlocks recursive, running fakeroot-tcp gets this:

#0 0x0106e91c in mach_msg_trap () at /usr/src/glibc-2.24/build-tree/hurd-i386-libc/mach/mach_msg_trap.S:2
#1 0x0106f090 in __mach_msg (msg=0x20034a0, option=3, send_size=64, rcv_size=32, rcv_name=421, timeout=0, notify=0) at msg.c:110
#2 0x0125a241 in __gsync_wait (task=1, addr=19101080, val1=2, val2=0, msec=0, flags=0)
at /usr/src/glibc-2.24/build-tree/hurd-i386-libc/mach/RPC_gsync_wait.c:175
#3 0x010b0743 in __dcigettext (domainname=0x8050740 <_libc_intl_domainname@@GLIBC_2.2.6> "libc",
msgid1=0x8051d88 "undefined symbol: acl_get_fd", msgid2=0x0, plural=0, n=0, category=5) at dcigettext.c:527
#4 0x010af776 in __dcgettext (domainname=0x8050740 <_libc_intl_domainname@@GLIBC_2.2.6> "libc",
msgid=0x8051d88 "undefined symbol: acl_get_fd", category=5) at dcgettext.c:47
#5 0x0124e427 in __dlerror () at dlerror.c:94
#6 0x01035ae3 in load_library_symbols () from /usr/lib/i386-gnu/libfakeroot/libfakeroot-tcp.so
#7 0x01035cc3 in tmp___fxstat64 () from /usr/lib/i386-gnu/libfakeroot/libfakeroot-tcp.so
#8 0x01036cd6 in __fxstat64 () from /usr/lib/i386-gnu/libfakeroot/libfakeroot-tcp.so
#9 0x010ad831 in _nl_load_locale_from_archive (category=category@entry=0, namep=namep@entry=0x200399c) at loadarchive.c:211
#10 0x010ac45b in _nl_find_locale (locale_path=0x0, locale_path_len=0, category=category@entry=0, name=0x200399c) at findlocale.c:154
#11 0x010abde7 in setlocale (category=0, locale=0x804c2e4 "") at setlocale.c:417
#12 0x0804947f in main (argc=2, argv=0x2003ad4) at programs/locale.c:191

That's very unfortunate: libfakeroot gets initialized from a section
where __libc_setlocale_lock is already locked, and thus the dlerror()
call hangs inside __dcigettext. It happens that Linux doesn't have
the problem probably because pthread_rwlock_wrlock returns a EDEADLK
error instead of hanging, and then the first unlock unlocks, and the
second unlock probably returns an EINVAL. This is all very unsafe, but
that's fakeroot-tcp's matter (see http://bugs.debian.org/845930 for the
follow-up)...

We only use it when constructing the debian installer for -s -r options
anyway.
Samuel Thibault <samuel.thibault@ens-lyon.org> no
hurd-i386/local-no_unsupported_ioctls.diff These ioctls are not actually supported (and will probably not be in the
close future), and are not available on Linux either, so don't expose
them to application at the risk of them complaining that they don't work
(e.g. xterm using TIOCLSET).
no
hurd-i386/local-exec_filename.diff Keep compatibility with experimental implementation no
hurd-i386/proc_reauth.diff =================================================================== no
hurd-i386/local-stack_chk_guard.diff Fix compatibility with binaries that reference __stack_chk_guard

===================================================================
no
i386/local-biarch.diff # DP: Description: Allow ldconfig to work on i386/x86-64 biarch systems
# DP: Related bugs:
# DP: Dpatch author: Daniel Jacobowitz
# DP: Patch author: Daniel Jacobowitz
# DP: Upstream status: Debian-Specific
# DP: Status Details: based on Ubuntu change by Jeff Bailey
# DP: Date: 2005-10-13
no
i386/unsubmitted-quiet-ldconfig.diff no
i386/local-setcontext-revert-eax-ecx-edx.patch Revert upstream commit 15eab1e3e891 ("i386: Don't unnecessarily save and
restore EAX, ECX and EDX [BZ# 25262]"). It breaks libunwind8.
no
kfreebsd/submitted-auxv.diff https://sourceware.org/bugzilla/show_bug.cgi?id=15794 no
kfreebsd/local-config_h_in.patch 2009-05-23 Aurelien Jarno <aurelien@aurel32.net>

* config.h.in (__KFREEBSD_KERNEL_VERSION): Add.
no
kfreebsd/local-grantpt.diff no
kfreebsd/local-sysdeps.diff no
kfreebsd/local-fbtl.diff no
kfreebsd/local-fbtl-depends.diff no
kfreebsd/local-scripts.diff no
kfreebsd/local-getaddrinfo-freebsd-kernel.diff no
kfreebsd/local-no-execfn.diff AT_EXECFN is Linux specific no
m68k/local-dwarf2-buildfix.diff # DP: Description: Adding empty m68k framestate.c not to build for dwarf2.
# DP: Related bugs:
# DP: Dpatch author: GOTO Masanori <gotom@debian.org>
# DP: Patch author: GOTO Masanori <gotom@debian.org>
# DP: Upstream status: Debian-Specific
# DP: Status Details: m68k uses sjlj exceptions, not dwarf2 unwind.
# DP: This patch adds empty framestate.c for m68k to avoid
# DP: dwarf2 build failure.
# DP: Date: 2003-07-19 (Update 2005-03-16 gotom)

2005-03-16 GOTO Masanori <gotom@debian.org>

* sysdeps/m68k/unwind-pe.c: Update to fix compilation failure.

2003-07-19 GOTO Masanori <gotom@debian.org>

* sysdeps/m68k/framestate.c: Add to fix compilation failure
with sjlj exception, suggested by Philip Blundell.
no
m68k/local-reloc.diff # DP: Description: binutils bug workaround
# DP: Related bugs: #263601: m68k: workaround for binutils problem
# DP: Dpatch author: Roman Zippel <zippel@linux-m68k.org>
# DP: Patch author: Richard Zidlicky <rz@linux-m68k.org>
# DP: Upstream status: Debian-Specific
# DP: Status Details: Actual fix is to modify m68k binutils.
# DP: Date: 2004-08-09
no
m68k/submitted-gcc34-seccomment.diff # DP: Description: Make glibc-2.3.5 compile with gcc-3.4/4.0 + binutils 2.16
# on m68k fixed by adding #APP.
# DP: Related bugs:
# DP: Dpatch author: GOTO Masanori <gotom@debian.org>
# DP: Patch author: Andreas Schwab <schwab@suse.de>
# DP: Upstream status: Pending
# DP: Status Details:
# DP: Date: 2005-08-03
Andreas Schwab <schwab@suse.de> no
mips/submitted-rld_map.diff 2010-05-20 Aurelien Jarno <aurelien@aurel32.net>

* sysdeps/mips/dl-debug.h (ELF_MACHINE_DEBUG_SETUP): test for
RLD_MAP pointer before using it.
no
powerpc/local-powerpc8xx-dcbz.diff no
sh4/local-fpscr_values.diff no
all/local-alias-et_EE.diff no
all/local-remove-manual.diff The GNU Libc Reference manual has to be removed for licensing reasons.
But some files have a dependency on manual/errno.texi; the easiest
solution is to drop those dependencies and make sure that MAKEINFO=:
so that no target depends on manual/*.texi files.
no
all/local-ru_RU.diff # DP: Description: Change default charset for 'russian' locale alias
# DP: Related bugs: #62586
# DP: Dpatch author: Ben Collins
# DP: Patch author: Alistair McKinstry
# DP: Upstream status: Submitted
# DP: Status Details: http://sources.redhat.com/bugzilla/show_bug.cgi?id=120
# DP: Date: 2002-03-10
no
all/local-ldd.diff 2013-05-11 Aurelien Jarno <aurelien@aurel32.net>

* elf/ldd.bash.in: Verify the dynamic linker is working before
using it.
no
any/local-asserth-decls.diff # DP: Description: /usr/include/assert.h
# DP: One must be allowed to include <assert.h> multiple times with different
# DP: values for NDEBUG, so the file is not protected against multiple
# DP: inclusions. Unfortunately this means that the declarations for
# DP: __assert_fail() and the like may occur multiple times in a compilation
# DP: unit, causing gcc to issue a batch of warnings.
# DP: I believe this can be fixed by protecting the declarations (but only
# DP: those declarations) against repetition.
# DP: Author: Jeroen T. Vermeulen <jtv@xs4all.nl>
# DP: Upstream status: Not submitted
# DP: Status Details: Plan to submit
# DP: Date: 2003-01-01
no
any/local-fhs-linux-paths.diff # DP: Description: Correct linux paths for FHS
# DP: Author: Unknown
# DP: Upstream status: Debian-Specific
# DP: Status Details: GNU doesn't follow the FHS.
# DP: Date: Unknown
no
any/local-fhs-nscd.diff no
any/local-ld-multiarch.diff 2012-05-01 Aurelien Jarno <aurelien@aurel32.net>

* elf/Makefile(trusted-dirs.st): Fix DL_DST_LIB computation with
two level slibdir directories.

2009-09-08 Aurelien Jarno <aurelien@aurel32.net>

* Makeconfig: add support for multiarch compat directories.
no
any/local-ldso-disable-hwcap.diff # DP: Allow hwcap's to be disabled with the existence of a file. This
# DP: makes it easier to do upgrades with optimized (hwcap) library
# DP: packages.
# DP: Author: Rewritten by Daniel Jacobowitz <dan@debian.org>
# DP: Upstream status: Debian-Specific
# DP: Status Details: This isn't going to be acceptable upstream, we
# DP: only need it because we support in-place upgrades.
# DP: Date: 2003-10-28, (Updated 2005-01-02 gotom, 2007-05-20 aurel32)
no
any/local-stubs_h.diff no
any/local-tcsetaddr.diff # All lines beginning with `# DP:' are a description of the patch.
# DP: Description: tcsetattr sanity check on PARENB/CREAD/CSIZE for ptys
# DP: Related bugs: 218131
# DP: Author: Jeff Licquia <licquia@progeny.com>
# DP: Upstream status: [In CVS | Debian-Specific | Pending | Not submitted ]
# DP: Status Details:
# DP: Date: 2003-10-29
no
any/local-nss-overflow.diff 2009-01-12 Arthur Loiret <aloiret@debian.org>

nss/nss_files/files-parse.c: Include <limits.h>.
(INT_FIELD): Convert field to uintmax_t and check for 32-bit overflow.
(INT_FIELD_MAYBE_NULL): Likewise.
no
any/submitted-missing-etc-hosts.diff no
any/submitted-bits-fcntl_h-at.diff 2012-10-08 Wookey <wookey@wookware.org>

* include AT_* defines in sysdeps/unix/sysv/linux/aarch64/bits/fcntl.h

2009-11-19 Aurelien Jarno <aurelien@aurel32.net>

* io/fcntl.h: Move AT_* defines to...
* sysdeps/mach/hurd/bits/fcntl.h: ...here.
* sysdeps/unix/sysv/linux/powerpc/bits/fcntl.h: ...here.
* sysdeps/unix/sysv/linux/s390/bits/fcntl.h: ...here.
* sysdeps/unix/sysv/linux/sh/bits/fcntl.h: ...here.
* sysdeps/unix/sysv/linux/sparc/bits/fcntl.h: ...here.
* sysdeps/unix/sysv/linux/x86/bits/fcntl.h: ...here.

2009-11-19 Aurelien Jarno <aurelien@aurel32.net>

* sysdeps/unix/sysv/linux/alpha/bits/fcntl.h: Define AT_*
constants.
* sysdeps/unix/sysv/linux/arm/bits/fcntl.h: Define AT_*
constants.
* sysdeps/unix/sysv/linux/hppa/bits/fcntl.h: Define AT_*
constants.
* sysdeps/unix/sysv/linux/ia64/bits/fcntl.h: Define AT_*
constants.
* sysdeps/unix/sysv/linux/m68k/bits/fcntl.h: Define AT_*
constants.
* sysdeps/unix/sysv/linux/mips/bits/fcntl.h: Define AT_*
constants.
no
any/submitted-nptl-invalid-td.patch 2010-02-27 Aurelien Jarno <aurelien@aurel32.net>

* pthreadP.h(INVALID_TD_P, INVALID_NOT_TERMINATED_TD_P): detect
NULL pointers.
no
any/local-ldconfig-multiarch.diff make ldconfig use the built-in system paths Make ldconfig use the same view of built-in system paths that ld.so does,
instead of just using SLIBDIR and LIBDIR; this corrects a failure of
ldconfig to cache libraries in non-multiarch directories when building for
multiarch, even though they're on the system path.
Steve Langasek <steve.langasek@linaro.org> no
any/local-disable-libnss-db.diff Disable libnss-db as the format is not compatible with the libnss-db package, and is
architecture dependent.
no
any/local-revert-bz13979.diff Warn if user requests __FORTIFY_SOURCE but it is disabled
Warn if user requests __FORTIFY_SOURCE but it is disabled

[BZ #13979]
* include/features.h: Warn if user requests __FORTIFY_SOURCE
checking but the checks are disabled for any reason.
Roland Mc Grath <roland@hack.frob.com> no 2012-05-08
any/unsubmitted-ldso-machine-mismatch.diff no
any/local-ldconfig-ignore-ld.so.diff diff --git a/elf/ldconfig.c b/elf/ldconfig.c
index 4211f4c..6425f8e 100644
no
any/local-bootstrap-headers.diff Taken from EGLIBC, r1484 + r1525

2018-03-09 Aurelien Jarno <aurelien@aurel32.net>

* Makefile (install-headers): Amend to install gnu/lib-names-$abi.h.

2014-07-30 Helmut Grohne <helmut@subdivi.de>

* With the advent of multilib gnu/stubs.h became a meta-header that
includes the correct stubs-$abi.h. So install gnu/stubs.h as usual
and install stubs-bootstrap.h as gnu/stubs-$abi.h

2007-02-20 Jim Blandy <jimb@codesourcery.com>

* Makefile (install-headers): Preserve old behavior: depend on
$(inst_includedir)/gnu/stubs.h only if install-bootstrap-headers
is set; otherwise, place gnu/stubs.h on the 'install-others' list.

2007-02-16 Jim Blandy <jimb@codesourcery.com>

* Makefile: Amend make install-headers to install everything
necessary for building a cross-compiler. Install gnu/stubs.h as
part of 'install-headers', not 'install-others'.
If install-bootstrap-headers is 'yes', install a dummy copy of
gnu/stubs.h, instead of computing the real thing.
* include/stubs-bootstrap.h: New file.
no
any/local-cudacc-float128.diff Turn off HAVE_FLOAT128 for CUDACC and ICC compilers. Adam Conrad <adconrad@0c3.net> no 2017-10-11
any/local-test-install.diff Use install_root for test destination override, not DESTDIR Adam Conrad <adconrad@ubuntu.com> no 2020-02-08
any/local-cross.patch no
any/git-floatn-gcc-13-support.diff commit 3e5760fcb48528d48deeb60cb885a97bb731160c

Update _FloatN header support for C++ in GCC 13

GCC 13 adds support for _FloatN and _FloatNx types in C++, so breaking
the installed glibc headers that assume such support is not present.
GCC mostly works around this with fixincludes, but that doesn't help
for building glibc and its tests (glibc doesn't itself contain C++
code, but there's C++ code built for tests). Update glibc's
bits/floatn-common.h and bits/floatn.h headers to handle the GCC 13
support directly.

In general the changes match those made by fixincludes, though I think
the ones in sysdeps/powerpc/bits/floatn.h, where the header tests
__LDBL_MANT_DIG__ == 113 or uses #elif, wouldn't match the existing
fixincludes patterns.

Some places involving special C++ handling in relation to _FloatN
support are not changed. There's no need to change the
__HAVE_FLOATN_NOT_TYPEDEF definition (also in a form that wouldn't be
matched by the fixincludes fixes) because it's only used in relation
to macro definitions using features not supported for C++
(__builtin_types_compatible_p and _Generic). And there's no need to
change the inline function overloads for issignaling, iszero and
iscanonical in C++ because cases where types have the same format but
are no longer compatible types are handled automatically by the C++
overload resolution rules.

This patch also does not change the overload handling for iseqsig, and
there I think changes *are* needed, beyond those in this patch or made
by fixincludes. The way that overload is defined, via a template
parameter to a structure type, requires overloads whenever the types
are incompatible, even if they have the same format. So I think we
need to add overloads with GCC 13 for every supported _FloatN and
_FloatNx type, rather than just having one for _Float128 when it has a
different ABI to long double as at present (but for older GCC, such
overloads must not be defined for types that end up defined as
typedefs for another type).

Tested with build-many-glibcs.py: compilers build for
aarch64-linux-gnu ia64-linux-gnu mips64-linux-gnu powerpc-linux-gnu
powerpc64le-linux-gnu x86_64-linux-gnu; glibcs build for
aarch64-linux-gnu ia64-linux-gnu i686-linux-gnu mips-linux-gnu
mips64-linux-gnu-n32 powerpc-linux-gnu powerpc64le-linux-gnu
x86_64-linux-gnu.

diff --git a/bits/floatn-common.h b/bits/floatn-common.h
index 92982d6460..67519dbb74 100644
Joseph Myers <joseph@codesourcery.com> no 2022-09-28
any/local-disable-tst-bz29951.diff Disable tst-bz29951 as the corresponding binary test file can't be included in git-updates.diff

To be removed for 2.37.
no
any/local-qsort-memory-corruption.patch diff -rup a/stdlib/qsort.c b/stdlib/qsort.c no
any/local-CVE-2024-2961-iso-2022-cn-ext.diff commit 4ed98540a7fd19f458287e783ae59c41e64df7b5

iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)

ISO-2022-CN-EXT uses escape sequences to indicate character set changes
(as specified by RFC 1922). While the SOdesignation has the expected
bounds checks, neither SS2designation nor SS3designation have its;
allowing a write overflow of 1, 2, or 3 bytes with fixed values:
'$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.

Checked on aarch64-linux-gnu.

Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
Tested-by: Carlos O'Donell <carlos@redhat.com>

(cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada)

diff --git a/iconvdata/Makefile b/iconvdata/Makefile
index f4c089ed5d..d01b3fcab6 100644
Charles Fol <folcharles@gmail.com> no 2024-03-28
any/local-CVE-2024-33599-nscd.diff commit caa3151ca460bdd9330adeedd68c3112d97bffe4

CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)

Using alloca matches what other caches do. The request length is
bounded by MAXKEYLEN.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit 87801a8fd06db1d654eea3e4f7626ff476a9bdaa)

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 85977521a6..f0de064368 100644
Florian Weimer <fweimer@redhat.com> no 2024-04-25
any/local-CVE-2024-33600-nscd.diff commit c34f470a615b136170abd16142da5dd0c024f7d1

CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)

If we failed to add a not-found response to the cache, the dataset
point can be null, resulting in a null pointer dereference.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 7835b00dbce53c3c87bbbb1754a95fb5e58187aa)

commit f205b3af56740e3b014915b1bd3b162afe3407ef

CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)

The addgetnetgrentX call in addinnetgrX may have failed to produce
a result, so the result variable in addinnetgrX can be NULL.
Use db->negtimeout as the fallback value if there is no result data;
the timeout is also overwritten below.

Also avoid sending a second not-found response. (The client
disconnects after receiving the first response, so the data stream did
not go out of sync even without this fix.) It is still beneficial to
add the negative response to the mapping, so that the client can get
it from there in the future, instead of going through the socket.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit b048a482f088e53144d26a61c390bed0210f49f2)

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index f0de064368..787e44d851 100644
Florian Weimer <fweimer@redhat.com> no 2024-04-25
any/local-CVE-2024-33601-33602-nscd.diff commit b6742463694b1dfdd5120b91ee21cf05d15ec2e2

CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)

This avoids potential memory corruption when the underlying NSS
callback function does not use the buffer space to store all strings
(e.g., for constant strings).

Instead of custom buffer management, two scratch buffers are used.
This increases stack usage somewhat.

Scratch buffer allocation failure is handled by return -1
(an invalid timeout value) instead of terminating the process.
This fixes bug 31679.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit c04a21e050d64a1193a6daab872bca2528bda44b)

diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
index 787e44d851..aaabbbb003 100644
Florian Weimer <fweimer@redhat.com> no 2024-04-25

All known versions for source package 'glibc'

Links