diff --git a/.gitignore b/.gitignore index 71c3904..541fb77 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -/glibc-2.22-719-g1233be7.tar.gz +/glibc-2.23-40-gde51ff8.tar.gz diff --git a/glibc-CVE-2015-7547.patch b/glibc-CVE-2015-7547.patch deleted file mode 100644 index 627afda..0000000 --- a/glibc-CVE-2015-7547.patch +++ /dev/null @@ -1,567 +0,0 @@ -CVE-2015-7547 - -2016-02-15 Carlos O'Donell - - [BZ #18665] - * resolv/nss_dns/dns-host.c (gaih_getanswer_slice): Always set - *herrno_p. - (gaih_getanswer): Document functional behviour. Return tryagain - if any result is tryagain. - * resolv/res_query.c (__libc_res_nsearch): Set buffer size to zero - when freed. - * resolv/res_send.c: Add copyright text. - (__libc_res_nsend): Document that MAXPACKET is expected. - (send_vc): Document. Remove buffer reuse. - (send_dg): Document. Remove buffer reuse. Set *thisanssizp to set the - size of the buffer. Add Dprint for truncated UDP buffer. - -Index: glibc-2.22-719-g1233be7/resolv/nss_dns/dns-host.c -=================================================================== ---- glibc-2.22-719-g1233be7.orig/resolv/nss_dns/dns-host.c -+++ glibc-2.22-719-g1233be7/resolv/nss_dns/dns-host.c -@@ -1041,7 +1041,10 @@ gaih_getanswer_slice (const querybuf *an - int h_namelen = 0; - - if (ancount == 0) -- return NSS_STATUS_NOTFOUND; -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } - - while (ancount-- > 0 && cp < end_of_message && had_error == 0) - { -@@ -1218,7 +1221,14 @@ gaih_getanswer_slice (const querybuf *an - /* Special case here: if the resolver sent a result but it only - contains a CNAME while we are looking for a T_A or T_AAAA record, - we fail with NOTFOUND instead of TRYAGAIN. */ -- return canon == NULL ? NSS_STATUS_TRYAGAIN : NSS_STATUS_NOTFOUND; -+ if (canon != NULL) -+ { -+ *h_errnop = HOST_NOT_FOUND; -+ return NSS_STATUS_NOTFOUND; -+ } -+ -+ *h_errnop = NETDB_INTERNAL; -+ return NSS_STATUS_TRYAGAIN; - } - - -@@ -1232,11 +1242,101 @@ gaih_getanswer (const querybuf *answer1, - - enum nss_status status = NSS_STATUS_NOTFOUND; - -+ /* Combining the NSS status of two distinct queries requires some -+ compromise and attention to symmetry (A or AAAA queries can be -+ returned in any order). What follows is a breakdown of how this -+ code is expected to work and why. We discuss only SUCCESS, -+ TRYAGAIN, NOTFOUND and UNAVAIL, since they are the only returns -+ that apply (though RETURN and MERGE exist). We make a distinction -+ between TRYAGAIN (recoverable) and TRYAGAIN' (not-recoverable). -+ A recoverable TRYAGAIN is almost always due to buffer size issues -+ and returns ERANGE in errno and the caller is expected to retry -+ with a larger buffer. -+ -+ Lastly, you may be tempted to make significant changes to the -+ conditions in this code to bring about symmetry between responses. -+ Please don't change anything without due consideration for -+ expected application behaviour. Some of the synthesized responses -+ aren't very well thought out and sometimes appear to imply that -+ IPv4 responses are always answer 1, and IPv6 responses are always -+ answer 2, but that's not true (see the implemetnation of send_dg -+ and send_vc to see response can arrive in any order, particlarly -+ for UDP). However, we expect it holds roughly enough of the time -+ that this code works, but certainly needs to be fixed to make this -+ a more robust implementation. -+ -+ ---------------------------------------------- -+ | Answer 1 Status / | Synthesized | Reason | -+ | Answer 2 Status | Status | | -+ |--------------------------------------------| -+ | SUCCESS/SUCCESS | SUCCESS | [1] | -+ | SUCCESS/TRYAGAIN | TRYAGAIN | [5] | -+ | SUCCESS/TRYAGAIN' | SUCCESS | [1] | -+ | SUCCESS/NOTFOUND | SUCCESS | [1] | -+ | SUCCESS/UNAVAIL | SUCCESS | [1] | -+ | TRYAGAIN/SUCCESS | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN | TRYAGAIN | [2] | -+ | TRYAGAIN/TRYAGAIN' | TRYAGAIN | [2] | -+ | TRYAGAIN/NOTFOUND | TRYAGAIN | [2] | -+ | TRYAGAIN/UNAVAIL | TRYAGAIN | [2] | -+ | TRYAGAIN'/SUCCESS | SUCCESS | [3] | -+ | TRYAGAIN'/TRYAGAIN | TRYAGAIN | [3] | -+ | TRYAGAIN'/TRYAGAIN' | TRYAGAIN' | [3] | -+ | TRYAGAIN'/NOTFOUND | TRYAGAIN' | [3] | -+ | TRYAGAIN'/UNAVAIL | UNAVAIL | [3] | -+ | NOTFOUND/SUCCESS | SUCCESS | [3] | -+ | NOTFOUND/TRYAGAIN | TRYAGAIN | [3] | -+ | NOTFOUND/TRYAGAIN' | TRYAGAIN' | [3] | -+ | NOTFOUND/NOTFOUND | NOTFOUND | [3] | -+ | NOTFOUND/UNAVAIL | UNAVAIL | [3] | -+ | UNAVAIL/SUCCESS | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN | UNAVAIL | [4] | -+ | UNAVAIL/TRYAGAIN' | UNAVAIL | [4] | -+ | UNAVAIL/NOTFOUND | UNAVAIL | [4] | -+ | UNAVAIL/UNAVAIL | UNAVAIL | [4] | -+ ---------------------------------------------- -+ -+ [1] If the first response is a success we return success. -+ This ignores the state of the second answer and in fact -+ incorrectly sets errno and h_errno to that of the second -+ answer. However because the response is a success we ignore -+ *errnop and *h_errnop (though that means you touched errno on -+ success). We are being conservative here and returning the -+ likely IPv4 response in the first answer as a success. -+ -+ [2] If the first response is a recoverable TRYAGAIN we return -+ that instead of looking at the second response. The -+ expectation here is that we have failed to get an IPv4 response -+ and should retry both queries. -+ -+ [3] If the first response was not a SUCCESS and the second -+ response is not NOTFOUND (had a SUCCESS, need to TRYAGAIN, -+ or failed entirely e.g. TRYAGAIN' and UNAVAIL) then use the -+ result from the second response, otherwise the first responses -+ status is used. Again we have some odd side-effects when the -+ second response is NOTFOUND because we overwrite *errnop and -+ *h_errnop that means that a first answer of NOTFOUND might see -+ its *errnop and *h_errnop values altered. Whether it matters -+ in practice that a first response NOTFOUND has the wrong -+ *errnop and *h_errnop is undecided. -+ -+ [4] If the first response is UNAVAIL we return that instead of -+ looking at the second response. The expectation here is that -+ it will have failed similarly e.g. configuration failure. -+ -+ [5] Testing this code is complicated by the fact that truncated -+ second response buffers might be returned as SUCCESS if the -+ first answer is a SUCCESS. To fix this we add symmetry to -+ TRYAGAIN with the second response. If the second response -+ is a recoverable error we now return TRYAGIN even if the first -+ response was SUCCESS. */ -+ - if (anslen1 > 0) - status = gaih_getanswer_slice(answer1, anslen1, qname, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ - if ((status == NSS_STATUS_SUCCESS || status == NSS_STATUS_NOTFOUND - || (status == NSS_STATUS_TRYAGAIN - /* We want to look at the second answer in case of an -@@ -1252,8 +1352,15 @@ gaih_getanswer (const querybuf *answer1, - &pat, &buffer, &buflen, - errnop, h_errnop, ttlp, - &first); -+ /* Use the second response status in some cases. */ - if (status != NSS_STATUS_SUCCESS && status2 != NSS_STATUS_NOTFOUND) - status = status2; -+ /* Do not return a truncated second response (unless it was -+ unavoidable e.g. unrecoverable TRYAGAIN). */ -+ if (status == NSS_STATUS_SUCCESS -+ && (status2 == NSS_STATUS_TRYAGAIN -+ && *errnop == ERANGE && *h_errnop != NO_RECOVERY)) -+ status = NSS_STATUS_TRYAGAIN; - } - - return status; -Index: glibc-2.22-719-g1233be7/resolv/res_query.c -=================================================================== ---- glibc-2.22-719-g1233be7.orig/resolv/res_query.c -+++ glibc-2.22-719-g1233be7/resolv/res_query.c -@@ -396,6 +396,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - } -@@ -447,6 +448,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - -@@ -521,6 +523,7 @@ __libc_res_nsearch(res_state statp, - { - free (*answerp2); - *answerp2 = NULL; -+ *nanswerp2 = 0; - *answerp2_malloced = 0; - } - if (saved_herrno != -1) -Index: glibc-2.22-719-g1233be7/resolv/res_send.c -=================================================================== ---- glibc-2.22-719-g1233be7.orig/resolv/res_send.c -+++ glibc-2.22-719-g1233be7/resolv/res_send.c -@@ -1,3 +1,20 @@ -+/* Copyright (C) 2016 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ - /* - * Copyright (c) 1985, 1989, 1993 - * The Regents of the University of California. All rights reserved. -@@ -353,6 +370,8 @@ __libc_res_nsend(res_state statp, const - #ifdef USE_HOOKS - if (__glibc_unlikely (statp->qhook || statp->rhook)) { - if (anssiz < MAXPACKET && ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *buf = malloc (MAXPACKET); - if (buf == NULL) - return (-1); -@@ -652,6 +671,77 @@ libresolv_hidden_def (res_nsend) - - /* Private */ - -+/* The send_vc function is responsible for sending a DNS query over TCP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports sending both IPv4 and -+ IPv6 queries at the same serially on the same socket. -+ -+ Please note that for TCP there is no way to disable sending both -+ queries, unlike UDP, which honours RES_SNGLKUP and RES_SNGLKUPREOP -+ and sends the queries serially and waits for the result after each -+ sent query. This implemetnation should be corrected to honour these -+ options. -+ -+ Please also note that for TCP we send both queries over the same -+ socket one after another. This technically violates best practice -+ since the server is allowed to read the first query, respond, and -+ then close the socket (to service another client). If the server -+ does this, then the remaining second query in the socket data buffer -+ will cause the server to send the client an RST which will arrive -+ asynchronously and the client's OS will likely tear down the socket -+ receive buffer resulting in a potentially short read and lost -+ response data. This will force the client to retry the query again, -+ and this process may repeat until all servers and connection resets -+ are exhausted and then the query will fail. It's not known if this -+ happens with any frequency in real DNS server implementations. This -+ implementation should be corrected to use two sockets by default for -+ parallel queries. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ serially on the same socket. -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message and the rest of the socket data will be read and discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -661,11 +751,7 @@ send_vc(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; -- // XXX REMOVE -- // int anssiz = *anssizp; -- HEADER *anhp = (HEADER *) ans; -+ HEADER *anhp = (HEADER *) *ansp; - struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns]; - int truncating, connreset, n; - /* On some architectures compiler might emit a warning indicating -@@ -754,6 +840,8 @@ send_vc(res_state statp, - * Receive length & response - */ - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - uint16_t rlen16; - read_len: -@@ -790,36 +878,14 @@ send_vc(res_state statp, - u_char **thisansp; - int *thisresplenp; - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ -- DIAG_PUSH_NEEDS_COMMENT; -- DIAG_IGNORE_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- DIAG_POP_NEEDS_COMMENT; -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; -@@ -827,10 +893,14 @@ send_vc(res_state statp, - anhp = (HEADER *) *thisansp; - - *thisresplenp = rlen; -- if (rlen > *thisanssizp) { -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- if (__glibc_likely (anscp != NULL)) { -+ /* Is the answer buffer too small? */ -+ if (*thisanssizp < rlen) { -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ if (thisansp != NULL && thisansp != ansp) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp == NULL) { - *terrno = ENOMEM; -@@ -842,6 +912,9 @@ send_vc(res_state statp, - if (thisansp == ansp2) - *ansp2_malloced = 1; - anhp = (HEADER *) newp; -+ /* A uint16_t can't be larger than MAXPACKET -+ thus it's safe to allocate MAXPACKET but -+ read RLEN bytes instead. */ - len = rlen; - } else { - Dprint(statp->options & RES_DEBUG, -@@ -972,6 +1045,66 @@ reopen (res_state statp, int *terrno, in - return 1; - } - -+/* The send_dg function is responsible for sending a DNS query over UDP -+ to the nameserver numbered NS from the res_state STATP i.e. -+ EXT(statp).nssocks[ns]. The function supports IPv4 and IPv6 queries -+ along with the ability to send the query in parallel for both stacks -+ (default) or serially (RES_SINGLKUP). It also supports serial lookup -+ with a close and reopen of the socket used to talk to the server -+ (RES_SNGLKUPREOP) to work around broken name servers. -+ -+ The query stored in BUF of BUFLEN length is sent first followed by -+ the query stored in BUF2 of BUFLEN2 length. Queries are sent -+ in parallel (default) or serially (RES_SINGLKUP or RES_SNGLKUPREOP). -+ -+ Answers to the query are stored firstly in *ANSP up to a max of -+ *ANSSIZP bytes. If more than *ANSSIZP bytes are needed and ANSCP -+ is non-NULL (to indicate that modifying the answer buffer is allowed) -+ then malloc is used to allocate a new response buffer and ANSCP and -+ ANSP will both point to the new buffer. If more than *ANSSIZP bytes -+ are needed but ANSCP is NULL, then as much of the response as -+ possible is read into the buffer, but the results will be truncated. -+ When truncation happens because of a small answer buffer the DNS -+ packets header feild TC will bet set to 1, indicating a truncated -+ message, while the rest of the UDP packet is discarded. -+ -+ Answers to the query are stored secondly in *ANSP2 up to a max of -+ *ANSSIZP2 bytes, with the actual response length stored in -+ *RESPLEN2. If more than *ANSSIZP bytes are needed and ANSP2 -+ is non-NULL (required for a second query) then malloc is used to -+ allocate a new response buffer, *ANSSIZP2 is set to the new buffer -+ size and *ANSP2_MALLOCED is set to 1. -+ -+ The ANSP2_MALLOCED argument will eventually be removed as the -+ change in buffer pointer can be used to detect the buffer has -+ changed and that the caller should use free on the new buffer. -+ -+ Note that the answers may arrive in any order from the server and -+ therefore the first and second answer buffers may not correspond to -+ the first and second queries. -+ -+ It is not supported to call this function with a non-NULL ANSP2 -+ but a NULL ANSCP. Put another way, you can call send_vc with a -+ single unmodifiable buffer or two modifiable buffers, but no other -+ combination is supported. -+ -+ It is the caller's responsibility to free the malloc allocated -+ buffers by detecting that the pointers have changed from their -+ original values i.e. *ANSCP or *ANSP2 has changed. -+ -+ If an answer is truncated because of UDP datagram DNS limits then -+ *V_CIRCUIT is set to 1 and the return value non-zero to indicate to -+ the caller to retry with TCP. The value *GOTSOMEWHERE is set to 1 -+ if any progress was made reading a response from the nameserver and -+ is used by the caller to distinguish between ECONNREFUSED and -+ ETIMEDOUT (the latter if *GOTSOMEWHERE is 1). -+ -+ If errors are encountered then *TERRNO is set to an appropriate -+ errno value and a zero result is returned for a recoverable error, -+ and a less-than zero result is returned for a non-recoverable error. -+ -+ If no errors are encountered then *TERRNO is left unmodified and -+ a the length of the first response in bytes is returned. */ - static int - send_dg(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -981,8 +1114,6 @@ send_dg(res_state statp, - { - const HEADER *hp = (HEADER *) buf; - const HEADER *hp2 = (HEADER *) buf2; -- u_char *ans = *ansp; -- int orig_anssizp = *anssizp; - struct timespec now, timeout, finish; - struct pollfd pfd[1]; - int ptimeout; -@@ -1015,6 +1146,8 @@ send_dg(res_state statp, - int need_recompute = 0; - int nwritten = 0; - int recvresp1 = 0; -+ /* Skip the second response if there is no second query. -+ To do that we mark the second response as received. */ - int recvresp2 = buf2 == NULL; - pfd[0].fd = EXT(statp).nssocks[ns]; - pfd[0].events = POLLOUT; -@@ -1178,55 +1311,56 @@ send_dg(res_state statp, - int *thisresplenp; - - if ((recvresp1 | recvresp2) == 0 || buf2 == NULL) { -+ /* We have not received any responses -+ yet or we only have one response to -+ receive. */ - thisanssizp = anssizp; - thisansp = anscp ?: ansp; - assert (anscp != NULL || ansp2 == NULL); - thisresplenp = &resplen; - } else { -- if (*anssizp != MAXPACKET) { -- /* No buffer allocated for the first -- reply. We can try to use the rest -- of the user-provided buffer. */ --#if _STRING_ARCH_unaligned -- *anssizp2 = orig_anssizp - resplen; -- *ansp2 = *ansp + resplen; --#else -- int aligned_resplen -- = ((resplen + __alignof__ (HEADER) - 1) -- & ~(__alignof__ (HEADER) - 1)); -- *anssizp2 = orig_anssizp - aligned_resplen; -- *ansp2 = *ansp + aligned_resplen; --#endif -- } else { -- /* The first reply did not fit into the -- user-provided buffer. Maybe the second -- answer will. */ -- *anssizp2 = orig_anssizp; -- *ansp2 = *ansp; -- } -- - thisanssizp = anssizp2; - thisansp = ansp2; - thisresplenp = resplen2; - } - - if (*thisanssizp < MAXPACKET -- /* Yes, we test ANSCP here. If we have two buffers -- both will be allocatable. */ -- && anscp -+ /* If the current buffer is not the the static -+ user-supplied buffer then we can reallocate -+ it. */ -+ && (thisansp != NULL && thisansp != ansp) - #ifdef FIONREAD -+ /* Is the size too small? */ - && (ioctl (pfd[0].fd, FIONREAD, thisresplenp) < 0 - || *thisanssizp < *thisresplenp) - #endif - ) { -+ /* Always allocate MAXPACKET, callers expect -+ this specific size. */ - u_char *newp = malloc (MAXPACKET); - if (newp != NULL) { -- *anssizp = MAXPACKET; -- *thisansp = ans = newp; -+ *thisanssizp = MAXPACKET; -+ *thisansp = newp; - if (thisansp == ansp2) - *ansp2_malloced = 1; - } - } -+ /* We could end up with truncation if anscp was NULL -+ (not allowed to change caller's buffer) and the -+ response buffer size is too small. This isn't a -+ reliable way to detect truncation because the ioctl -+ may be an inaccurate report of the UDP message size. -+ Therefore we use this only to issue debug output. -+ To do truncation accurately with UDP we need -+ MSG_TRUNC which is only available on Linux. We -+ can abstract out the Linux-specific feature in the -+ future to detect truncation. */ -+ if (__glibc_unlikely (*thisanssizp < *thisresplenp)) { -+ Dprint(statp->options & RES_DEBUG, -+ (stdout, ";; response may be truncated (UDP)\n") -+ ); -+ } -+ - HEADER *anhp = (HEADER *) *thisansp; - socklen_t fromlen = sizeof(struct sockaddr_in6); - assert (sizeof(from) <= fromlen); diff --git a/glibc-isinf-cxx11.patch b/glibc-isinf-cxx11.patch deleted file mode 100644 index b65a2f3..0000000 --- a/glibc-isinf-cxx11.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit 48746aa5a013aab5ca89ee8c29761baec8850c0f -Author: Jakub Jelinek -Date: Mon Feb 1 16:17:55 2016 +0000 - - Restore isinf, isinfl, isnanf and isnanl for C++11 - -diff --git a/math/bits/mathcalls.h b/math/bits/mathcalls.h -index a48345d..9a7b3f0 100644 ---- a/math/bits/mathcalls.h -+++ b/math/bits/mathcalls.h -@@ -196,7 +196,9 @@ __MATHDECL_1 (int,__finite,, (_Mdouble_ __value)) __attribute__ ((__const__)); - _Mdouble_END_NAMESPACE - - #ifdef __USE_MISC --# if !defined __cplusplus || __cplusplus < 201103L /* Conflicts with C++11. */ -+# if (!defined __cplusplus \ -+ || __cplusplus < 201103L /* isinf conflicts with C++11. */ \ -+ || __MATH_DECLARING_DOUBLE == 0) /* isinff or isinfl don't. */ - /* Return 0 if VALUE is finite or NaN, +1 if it - is +Infinity, -1 if it is -Infinity. */ - __MATHDECL_1 (int,isinf,, (_Mdouble_ __value)) __attribute__ ((__const__)); -@@ -232,7 +234,9 @@ __END_NAMESPACE_C99 - __MATHDECL_1 (int,__isnan,, (_Mdouble_ __value)) __attribute__ ((__const__)); - - #if defined __USE_MISC || (defined __USE_XOPEN && !defined __USE_XOPEN2K) --# if !defined __cplusplus || __cplusplus < 201103L /* Conflicts with C++11. */ -+# if (!defined __cplusplus \ -+ || __cplusplus < 201103L /* isnan conflicts with C++11. */ \ -+ || __MATH_DECLARING_DOUBLE == 0) /* isnanf or isnanl don't. */ - /* Return nonzero if VALUE is not a number. */ - __MATHDECL_1 (int,isnan,, (_Mdouble_ __value)) __attribute__ ((__const__)); - # endif diff --git a/glibc-rh1114591.patch b/glibc-rh1114591.patch deleted file mode 100644 index 73e6bc4..0000000 --- a/glibc-rh1114591.patch +++ /dev/null @@ -1,47 +0,0 @@ -Upstream patch: - -commit ff889b196575c2fbf6aa7130abb1ec862714ea4e -Author: Florian Weimer -Date: Fri Feb 19 14:21:34 2016 +0100 - - Remove trailing newline from date_fmt in Serbian locales [BZ #19581] - -diff --git a/localedata/locales/sr_ME b/localedata/locales/sr_ME -index 4f243dc..dd68df8 100644 ---- a/localedata/locales/sr_ME -+++ b/localedata/locales/sr_ME -@@ -119,7 +119,7 @@ am_pm "";"" - t_fmt_ampm "" - date_fmt "/ - / --" -+" - week 7;19971130;4 - first_weekday 2 - first_workday 2 -diff --git a/localedata/locales/sr_RS b/localedata/locales/sr_RS -index 2ae085b..ffea86f 100644 ---- a/localedata/locales/sr_RS -+++ b/localedata/locales/sr_RS -@@ -300,7 +300,7 @@ am_pm "";"" - t_fmt_ampm "" - date_fmt "/ - / --" -+" - week 7;19971130;4 - first_weekday 2 - first_workday 2 -diff --git a/localedata/locales/sr_RS@latin b/localedata/locales/sr_RS@latin -index da6628b..fd10ea6 100644 ---- a/localedata/locales/sr_RS@latin -+++ b/localedata/locales/sr_RS@latin -@@ -120,7 +120,7 @@ am_pm "";"" - t_fmt_ampm "" - date_fmt "/ - / --" -+" - week 7;19971130;4 - first_weekday 2 - first_workday 2 diff --git a/glibc-rh1252570.patch b/glibc-rh1252570.patch index 5e69e9a..228bb96 100644 --- a/glibc-rh1252570.patch +++ b/glibc-rh1252570.patch @@ -12,11 +12,11 @@ Date: Thu Feb 19 15:52:08 2015 +0100 setting nsaddr_list[].sin_family to zero. reverted: -Index: b/resolv/res_init.c +Index: glibc-2.23-39-g314f6de/resolv/res_init.c =================================================================== ---- a/resolv/res_init.c -+++ b/resolv/res_init.c -@@ -153,8 +153,10 @@ __res_vinit(res_state statp, int preinit +--- glibc-2.23-39-g314f6de.orig/resolv/res_init.c ++++ glibc-2.23-39-g314f6de/resolv/res_init.c +@@ -139,8 +139,10 @@ __res_vinit(res_state statp, int preinit char *cp, **pp; int n; char buf[BUFSIZ]; @@ -29,7 +29,7 @@ Index: b/resolv/res_init.c int haveenv = 0; int havesearch = 0; #ifdef RESOLVSORT -@@ -183,9 +185,15 @@ __res_vinit(res_state statp, int preinit +@@ -169,9 +171,15 @@ __res_vinit(res_state statp, int preinit statp->_flags = 0; statp->qhook = NULL; statp->rhook = NULL; @@ -47,7 +47,7 @@ Index: b/resolv/res_init.c /* Allow user to override the local domain definition */ if ((cp = getenv("LOCALDOMAIN")) != NULL) { -@@ -289,7 +297,11 @@ __res_vinit(res_state statp, int preinit +@@ -275,7 +283,11 @@ __res_vinit(res_state statp, int preinit continue; } /* read nameservers to query */ @@ -59,7 +59,7 @@ Index: b/resolv/res_init.c struct in_addr a; cp = buf + sizeof("nameserver") - 1; -@@ -297,12 +309,13 @@ __res_vinit(res_state statp, int preinit +@@ -283,12 +295,13 @@ __res_vinit(res_state statp, int preinit cp++; if ((*cp != '\0') && (*cp != '\n') && __inet_aton(cp, &a)) { @@ -76,7 +76,7 @@ Index: b/resolv/res_init.c } else { struct in6_addr a6; char *el; -@@ -344,11 +357,10 @@ __res_vinit(res_state statp, int preinit +@@ -330,11 +343,10 @@ __res_vinit(res_state statp, int preinit } } @@ -92,7 +92,7 @@ Index: b/resolv/res_init.c } } #endif -@@ -403,9 +415,10 @@ __res_vinit(res_state statp, int preinit +@@ -389,9 +401,10 @@ __res_vinit(res_state statp, int preinit continue; } } @@ -105,7 +105,7 @@ Index: b/resolv/res_init.c /* We try IPv6 servers again. */ statp->ipv6_unavail = false; } -@@ -594,7 +607,11 @@ __res_iclose(res_state statp, bool free_ +@@ -580,7 +593,11 @@ __res_iclose(res_state statp, bool free_ statp->_vcsock = -1; statp->_flags &= ~(RES_F_VC | RES_F_CONN); } @@ -117,7 +117,7 @@ Index: b/resolv/res_init.c if (statp->_u._ext.nsaddrs[ns]) { if (statp->_u._ext.nssocks[ns] != -1) { close_not_cancel_no_status(statp->_u._ext.nssocks[ns]); -@@ -605,6 +622,8 @@ __res_iclose(res_state statp, bool free_ +@@ -591,6 +608,8 @@ __res_iclose(res_state statp, bool free_ statp->_u._ext.nsaddrs[ns] = NULL; } } @@ -126,11 +126,11 @@ Index: b/resolv/res_init.c } libc_hidden_def (__res_iclose) -Index: b/resolv/res_send.c +Index: glibc-2.23-39-g314f6de/resolv/res_send.c =================================================================== ---- a/resolv/res_send.c -+++ b/resolv/res_send.c -@@ -176,7 +176,6 @@ evNowTime(struct timespec *res) { +--- glibc-2.23-39-g314f6de.orig/resolv/res_send.c ++++ glibc-2.23-39-g314f6de/resolv/res_send.c +@@ -193,7 +193,6 @@ evNowTime(struct timespec *res) { /* Forward. */ @@ -138,7 +138,7 @@ Index: b/resolv/res_send.c static int send_vc(res_state, const u_char *, int, const u_char *, int, u_char **, int *, int *, int, u_char **, -@@ -214,21 +213,20 @@ res_ourserver_p(const res_state statp, c +@@ -231,21 +230,20 @@ res_ourserver_p(const res_state statp, c in_port_t port = in4p->sin_port; in_addr_t addr = in4p->sin_addr.s_addr; @@ -166,7 +166,7 @@ Index: b/resolv/res_send.c (srv->sin6_port == inp->sin6_port) && !(memcmp(&srv->sin6_addr, &in6addr_any, sizeof (struct in6_addr)) && -@@ -378,48 +376,80 @@ __libc_res_nsend(res_state statp, const +@@ -397,48 +395,80 @@ __libc_res_nsend(res_state statp, const * If the ns_addr_list in the resolver context has changed, then * invalidate our cached copy and the associated timing data. */ @@ -264,7 +264,7 @@ Index: b/resolv/res_send.c } /* -@@ -428,37 +458,44 @@ __libc_res_nsend(res_state statp, const +@@ -447,37 +477,44 @@ __libc_res_nsend(res_state statp, const */ if (__builtin_expect ((statp->options & RES_ROTATE) != 0, 0) && (statp->options & RES_BLAST) == 0) { @@ -329,7 +329,7 @@ Index: b/resolv/res_send.c same_ns: #ifdef USE_HOOKS if (__glibc_unlikely (statp->qhook != NULL)) { -@@ -615,21 +652,6 @@ libresolv_hidden_def (res_nsend) +@@ -634,21 +671,6 @@ libresolv_hidden_def (res_nsend) /* Private */ @@ -348,19 +348,19 @@ Index: b/resolv/res_send.c - return (struct sockaddr *) (void *) &statp->nsaddr_list[n]; -} - - static int - send_vc(res_state statp, - const u_char *buf, int buflen, const u_char *buf2, int buflen2, -@@ -644,7 +666,7 @@ send_vc(res_state statp, - // XXX REMOVE - // int anssiz = *anssizp; - HEADER *anhp = (HEADER *) ans; + /* The send_vc function is responsible for sending a DNS query over TCP + to the nameserver numbered NS from the res_state STATP i.e. + EXT(statp).nssocks[ns]. The function supports sending both IPv4 and +@@ -730,7 +752,7 @@ send_vc(res_state statp, + const HEADER *hp = (HEADER *) buf; + const HEADER *hp2 = (HEADER *) buf2; + HEADER *anhp = (HEADER *) *ansp; - struct sockaddr *nsap = get_nsaddr (statp, ns); + struct sockaddr_in6 *nsap = EXT(statp).nsaddrs[ns]; int truncating, connreset, n; /* On some architectures compiler might emit a warning indicating 'resplen' may be used uninitialized. However if buf2 == NULL -@@ -677,8 +699,8 @@ send_vc(res_state statp, +@@ -763,8 +785,8 @@ send_vc(res_state statp, if (getpeername(statp->_vcsock, (struct sockaddr *)&peer, &size) < 0 || @@ -371,7 +371,7 @@ Index: b/resolv/res_send.c statp->_flags &= ~RES_F_VC; } } -@@ -687,19 +709,20 @@ send_vc(res_state statp, +@@ -773,19 +795,20 @@ send_vc(res_state statp, if (statp->_vcsock >= 0) __res_iclose(statp, false); @@ -396,7 +396,7 @@ Index: b/resolv/res_send.c __res_iclose(statp, false); return (0); } -@@ -906,7 +929,8 @@ static int +@@ -979,7 +1002,8 @@ static int reopen (res_state statp, int *terrno, int ns) { if (EXT(statp).nssocks[ns] == -1) { diff --git a/glibc.spec b/glibc.spec index aae1a86..c0be76b 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,6 +1,6 @@ -%define glibcsrcdir glibc-2.22-719-g1233be7 +%define glibcsrcdir glibc-2.23-40-gde51ff8 %define glibcversion 2.22.90 -%define glibcrelease 37%{?dist} +%define glibcrelease 38%{?dist} # Pre-release tarballs are pulled in from git using a command that is # effectively: # @@ -293,17 +293,10 @@ Patch2034: glibc-aarch64-workaround-nzcv-clobber-in-tlsdesc.patch Patch2035: glibc-nsswitch-Add-group-merging-support.patch Patch2036: glibc-gcc-PR69537.patch -Patch2037: glibc-isinf-cxx11.patch # Upstream BZ 19573, patch reverts problematic commit Patch2099: glibc-rh1252570.patch -# CVE-2015-7547 -Patch2100: glibc-CVE-2015-7547.patch - -# Upstream BZ 19581 -Patch2101: glibc-rh1114591.patch - ############################################################################## # # Benchmark comparison patches. @@ -697,10 +690,7 @@ cat /proc/meminfo %patch0059 -p1 %patch2035 -p1 %patch2036 -p1 -%patch2037 -p1 %patch2099 -p1 -%patch2100 -p1 -%patch2101 -p1 ############################################################################## # %%prep - Additional prep required... @@ -1967,6 +1957,9 @@ rm -f *.filelist* %endif %changelog +* Thu Feb 25 2016 Carlos O'Donell - 2.22.90-38 +- Auto-sync with upstream master. + * Fri Feb 19 2016 Florian Weimer - 2.22.90-37 - Remove stray newline from Serbian locales (#1114591). diff --git a/series b/series index e3f70b9..9b34d6b 100644 --- a/series +++ b/series @@ -38,6 +38,4 @@ glibc-bug-regex-gcc5.patch -p1 --fuzz=0 glibc-c-utf8-locale.patch -p1 --fuzz=0 glibc-nsswitch-Add-group-merging-support.patch -p1 --fuzz=0 glibc-gcc-PR69537.patch -p1 --fuzz=0 -glibc-isinf-cxx11.patch -p1 --fuzz=0 glibc-rh1252570.patch -p1 --fuzz=0 -glibc-CVE-2015-7547.patch -p1 --fuzz=0 diff --git a/sources b/sources index 2151b4a..c43d307 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -59f24ea4c6c662c064f54a64fca055a6 glibc-2.22-719-g1233be7.tar.gz +d1dab355e80e61297ed07d6b402cbbe1 glibc-2.23-40-gde51ff8.tar.gz