| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-klibc-alpha-Fix-definitions-of-_NSIG-and-struct-siga.patch | [klibc] alpha: Fix definitions of _NSIG and struct sigaction We use the RT signals API, but include the kernel UAPI header that defines _NSIG and struct sigaction for the old API. Copy over all the definitions and fix those two. |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=1cd11aaed1dece773c6b1ce2e99a0fe98b51321e | 2020-08-27 | |
| 0001-klibc-signal-Note-another-reason-to-define-_KLIBC_NE.patch | [klibc] signal: Note another reason to define _KLIBC_NEEDS_SA_RESTORER On some architectures we should set SA_RESTORER to avoid the need for a signal trampoline and executable stack. |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=ccc5c14c44f3fa76f61b8aae947cf3b853a6c833 | 2020-08-25 | |
| 0002-klibc-signal-Add-sysconfig-setting-to-force-SA_SIGIN.patch | [klibc] signal: Add sysconfig setting to force SA_SIGINFO on On alpha, arm, i386, m68k, powerpc, s390, sh, and sparc (32-bit), the kernel sets up the signal stack frame differently depending on the SA_SIGINFO flag, not whether the sigaction() or rt_sigaction() system call was used to install the handler. On alpha and sparc, we are going to start providing our own restorer that will call rt_sigaction(), so will need to ensure this flag is always set. |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2a2a0b6b79c2470f529daabd5c193f58fe188337 | 2020-08-25 | |
| 0003-klibc-s390-Set-sa_restorer-for-signals-and-disable-e.patch | [klibc] s390: Set sa_restorer for signals and disable executable stack s390 allows specifiying a signal restorer in the usual way. We should do this to avoid needing an executable stack. * Define a __sigreturn() routine that calls rt_sigreturn * Force the SA_RESTORER flag on for all signal handlers, and set __sigreturn as the restorer if none is already set * Force the SA_SIGINFO flag on for all signal handlers, so that we can always return from them with rt_sigreturn * Set KLIBCEXECSTACK=n |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=c341c978e3024b9c575fac94012fc5b6f5679334 | 2020-04-30 | |
| 0004-klibc-alpha-Pass-restorer-to-rt_sigaction-and-disabl.patch | [klibc] alpha: Pass restorer to rt_sigaction() and disable executable stack alpha does not support the SA_RESTORER flag, but allows specifiying a restorer callback as an additional parameter to rt_sigaction(). We should do this to avoid needing an executable stack. * Force the SA_SIGINFO flag on for all signal handlers, so that we can always return from them with rt_sigreturn * Define a __sigreturn() routine that calls rt_sigreturn * Pass that routine as the last argument to rt_sigaction() * Set KLIBCEXECSTACK=n |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=570ed1e207cbe38ed487c722f8ac7db68e664a94 | 2020-08-23 | |
| 0005-klibc-sparc-Set-sa_restorer-for-signals-and-disable-.patch | [klibc] sparc: Set sa_restorer for signals and disable executable stack sparc allows specifiying a signal restorer in the usual way. We should do this to avoid needing an executable stack. * Define a __sigreturn() routine that calls rt_sigreturn * Force the SA_RESTORER flag on for all signal handlers, and set __sigreturn as the restorer if none is already set * Force the SA_SIGINFO flag on for all signal handlers, so that we can always return from them with rt_sigreturn * Set KLIBCEXECSTACK=n |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=05350b72cace18417c1ba00c4796a5e19ebb908b | 2020-04-30 | |
| 0001-klibc-ia64-Fix-definition-of-struct-sigaction.patch | [klibc] ia64: Fix definition of struct sigaction ia64 only provides the RT signal API, in which the type of sa_flags is unsigned long and sa_mask is the last member of the struct. |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=811bff9cec254e3396493f4f2447862d252870ac | 2020-08-28 | |
| 0035-klibc-malloc-Set-errno-on-failure.patch | [klibc] malloc: Set errno on failure malloc() is specified to set errno = ENOMEM on failure, so do that. |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=7f6626d12daa2f1efd9953d1f4ba2065348dc5cd | 2021-04-28 | |
| 0036-klibc-malloc-Fail-if-requested-size-PTRDIFF_MAX.patch | [klibc] malloc: Fail if requested size > PTRDIFF_MAX malloc() adds some overhead to the requested size, which may result in an integer overflow and subsequent buffer overflow if it is close to SIZE_MAX. It should fail if size is large enough for this to happen. Further, it's not legal for a C object to be larger than PTRDIFF_MAX (half of SIZE_MAX) as pointer arithmetic within it could overflow. So return failure immediately if size is greater than that. CVE-2021-31873 |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=a31ae8c508fc8d1bca4f57e9f9f88127572d5202 | 2021-04-28 | |
| 0037-klibc-calloc-Fail-if-multiplication-overflows.patch | [klibc] calloc: Fail if multiplication overflows calloc() multiplies its 2 arguments together and passes the result to malloc(). Since the factors and product both have type size_t, this can result in an integer overflow and subsequent buffer overflow. Check for this and fail if it happens. CVE-2021-31870 |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=292650f04c2b5348b4efbad61fb014ed09b4f3f2 | 2021-04-28 | |
| 0039-klibc-cpio-Fix-possible-integer-overflow-on-32-bit-s.patch | [klibc] cpio: Fix possible integer overflow on 32-bit systems The maximum name and file sizes in the "new" header format are 32-bit unsigned values. However, the I/O functions mostly use long for sizes and offsets, so that sizes >= 2^31 are handled wrongly on 32-bit systems. The current GNU cpio code doesn't seem to have this problem, but the divergence between this version and that is large enough that I can't simply cherry-pick a fix for it. As a short-term fix, in read_in_new_ascii(), fail if c_namesize or c_filesize is > LONG_MAX. CVE-2021-31872 |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=9b1c91577aef7f2e72c3aa11a27749160bd278ff | 2021-04-28 | |
| 0040-klibc-cpio-Fix-possible-crash-on-64-bit-systems.patch | [klibc] cpio: Fix possible crash on 64-bit systems copyin_link() tries to allocate (unsigned int)c_filesize + 1 bytes. If c_filesize == UINT_MAX, this works out as 0 bytes, resulting in a null pointer and a subsequent SIGSEGV. The previous commit made this impossible on 32-bit systems. CVE-2021-31871 |
Ben Hutchings <ben@decadent.org.uk> | no | https://git.kernel.org/pub/scm/libs/klibc/klibc.git/commit/?id=2e48a12ab1e30d43498c2d53e878a11a1b5102d5 | 2021-04-28 | |
| 0041-klibc-set-long-jmp-s390x-save-restore-the-correct-re.patch | {set,long}jmp [s390x]: save/restore the correct registers The s390x ABI actually has FPU registers f8‥f15, not f1/f3/f5/f7, to be saved. (Closes: Debian #943425) |
mirabilos <tg@debian.org> | yes |