-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #124 from tbeckerson/glibc
glibc
- Loading branch information
Showing
3 changed files
with
342 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,72 @@ | ||
| Submitted By: Armin K. <krejzi at email dot com> | ||
| Date: 2013-02-11 | ||
| Initial Package Version: 2.17 | ||
| Upstream Status: Not Applicable | ||
| Origin: Self | ||
| Description: This patch removes references to /var/db directory which is not part | ||
| of FHS and replaces them with more suitable directories in /var | ||
| hierarchy - /var/cache/nscd for nscd and /var/lib/nss_db for nss_db. | ||
|
|
||
| --- a/Makeconfig 2012-12-25 04:02:13.000000000 +0100 | ||
| +++ b/Makeconfig 2013-02-11 01:32:32.500667439 +0100 | ||
| @@ -250,7 +250,7 @@ | ||
|
|
||
| # Directory for the database files and Makefile for nss_db. | ||
| ifndef vardbdir | ||
| -vardbdir = $(localstatedir)/db | ||
| +vardbdir = $(localstatedir)/lib/nss_db | ||
| endif | ||
| inst_vardbdir = $(install_root)$(vardbdir) | ||
|
|
||
| --- a/nscd/nscd.h 2012-12-25 04:02:13.000000000 +0100 | ||
| +++ b/nscd/nscd.h 2013-02-11 01:32:32.500667439 +0100 | ||
| @@ -112,11 +112,11 @@ | ||
|
|
||
|
|
||
| /* Paths of the file for the persistent storage. */ | ||
| -#define _PATH_NSCD_PASSWD_DB "/var/db/nscd/passwd" | ||
| -#define _PATH_NSCD_GROUP_DB "/var/db/nscd/group" | ||
| -#define _PATH_NSCD_HOSTS_DB "/var/db/nscd/hosts" | ||
| -#define _PATH_NSCD_SERVICES_DB "/var/db/nscd/services" | ||
| -#define _PATH_NSCD_NETGROUP_DB "/var/db/nscd/netgroup" | ||
| +#define _PATH_NSCD_PASSWD_DB "/var/cache/nscd/passwd" | ||
| +#define _PATH_NSCD_GROUP_DB "/var/cache/nscd/group" | ||
| +#define _PATH_NSCD_HOSTS_DB "/var/cache/nscd/hosts" | ||
| +#define _PATH_NSCD_SERVICES_DB "/var/cache/nscd/services" | ||
| +#define _PATH_NSCD_NETGROUP_DB "/var/cache/nscd/netgroup" | ||
|
|
||
| /* Path used when not using persistent storage. */ | ||
| #define _PATH_NSCD_XYZ_DB_TMP "/var/run/nscd/dbXXXXXX" | ||
| --- a/nss/db-Makefile 2012-12-25 04:02:13.000000000 +0100 | ||
| +++ b/nss/db-Makefile 2013-02-11 01:32:32.500667439 +0100 | ||
| @@ -22,7 +22,7 @@ | ||
| /etc/rpc /etc/services /etc/shadow /etc/gshadow \ | ||
| /etc/netgroup) | ||
|
|
||
| -VAR_DB = /var/db | ||
| +VAR_DB = /var/lib/nss_db | ||
|
|
||
| AWK = awk | ||
| MAKEDB = makedb --quiet | ||
| --- a/sysdeps/generic/paths.h 2012-12-25 04:02:13.000000000 +0100 | ||
| +++ b/sysdeps/generic/paths.h 2013-02-11 01:32:32.500667439 +0100 | ||
| @@ -68,7 +68,7 @@ | ||
| /* Provide trailing slash, since mostly used for building pathnames. */ | ||
| #define _PATH_DEV "/dev/" | ||
| #define _PATH_TMP "/tmp/" | ||
| -#define _PATH_VARDB "/var/db/" | ||
| +#define _PATH_VARDB "/var/lib/nss_db/" | ||
| #define _PATH_VARRUN "/var/run/" | ||
| #define _PATH_VARTMP "/var/tmp/" | ||
|
|
||
| --- a/sysdeps/unix/sysv/linux/paths.h 2012-12-25 04:02:13.000000000 +0100 | ||
| +++ b/sysdeps/unix/sysv/linux/paths.h 2013-02-11 01:32:32.504000831 +0100 | ||
| @@ -68,7 +68,7 @@ | ||
| /* Provide trailing slash, since mostly used for building pathnames. */ | ||
| #define _PATH_DEV "/dev/" | ||
| #define _PATH_TMP "/tmp/" | ||
| -#define _PATH_VARDB "/var/db/" | ||
| +#define _PATH_VARDB "/var/lib/nss_db/" | ||
| #define _PATH_VARRUN "/var/run/" | ||
| #define _PATH_VARTMP "/var/tmp/" | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,227 @@ | ||
| Submitted By: Xi Ruoyao <xry111 at xry111 dot site> | ||
| Date: 2024-05-02 | ||
| Initial Package Version: 2.39 | ||
| Upstream Status: Committed | ||
| Origin: Upstream | ||
| Description: Fix a bug in iconv() that can crash the system and/or allow | ||
| remote access through a buffer overflow. | ||
| See comments included below for details. | ||
| Change from glibc-2.39-upstream_fix-1.patch: fix some | ||
| broken UTF-8 literals in the added test case. | ||
|
|
||
| From 31da30f23cddd36db29d5b6a1c7619361b271fb4 Mon Sep 17 00:00:00 2001 | ||
| From: Charles Fol <folcharles@gmail.com> | ||
| Date: Thu, 28 Mar 2024 12:25:38 -0300 | ||
| Subject: [PATCH] iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing | ||
| escape sequence (CVE-2024-2961) | ||
|
|
||
| ISO-2022-CN-EXT uses escape sequences to indicate character set changes | ||
| (as specified by RFC 1922). While the SOdesignation has the expected | ||
| bounds checks, neither SS2designation nor SS3designation have its; | ||
| allowing a write overflow of 1, 2, or 3 bytes with fixed values: | ||
| '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'. | ||
|
|
||
| Checked on aarch64-linux-gnu. | ||
|
|
||
| Co-authored-by: Adhemerval Zanella <adhemerval.zanella@linaro.org> | ||
| Reviewed-by: Carlos O'Donell <carlos@redhat.com> | ||
| Tested-by: Carlos O'Donell <carlos@redhat.com> | ||
|
|
||
| (cherry picked from commit f9dc609e06b1136bb0408be9605ce7973a767ada) | ||
| --- | ||
| iconvdata/Makefile | 5 +- | ||
| iconvdata/iso-2022-cn-ext.c | 12 +++ | ||
| iconvdata/tst-iconv-iso-2022-cn-ext.c | 128 ++++++++++++++++++++++++++ | ||
| 3 files changed, 144 insertions(+), 1 deletion(-) | ||
| create mode 100644 iconvdata/tst-iconv-iso-2022-cn-ext.c | ||
|
|
||
| diff --git a/iconvdata/Makefile b/iconvdata/Makefile | ||
| index ea019ce5c0..7196a8744b 100644 | ||
| --- a/iconvdata/Makefile | ||
| +++ b/iconvdata/Makefile | ||
| @@ -75,7 +75,8 @@ ifeq (yes,$(build-shared)) | ||
| tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ | ||
| tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ | ||
| bug-iconv10 bug-iconv11 bug-iconv12 tst-iconv-big5-hkscs-to-2ucs4 \ | ||
| - bug-iconv13 bug-iconv14 bug-iconv15 | ||
| + bug-iconv13 bug-iconv14 bug-iconv15 \ | ||
| + tst-iconv-iso-2022-cn-ext | ||
| ifeq ($(have-thread-library),yes) | ||
| tests += bug-iconv3 | ||
| endif | ||
| @@ -330,6 +331,8 @@ $(objpfx)bug-iconv14.out: $(addprefix $(objpfx), $(gconv-modules)) \ | ||
| $(addprefix $(objpfx),$(modules.so)) | ||
| $(objpfx)bug-iconv15.out: $(addprefix $(objpfx), $(gconv-modules)) \ | ||
| $(addprefix $(objpfx),$(modules.so)) | ||
| +$(objpfx)tst-iconv-iso-2022-cn-ext.out: $(addprefix $(objpfx), $(gconv-modules)) \ | ||
| + $(addprefix $(objpfx),$(modules.so)) | ||
|
|
||
| $(objpfx)iconv-test.out: run-iconv-test.sh \ | ||
| $(addprefix $(objpfx), $(gconv-modules)) \ | ||
| diff --git a/iconvdata/iso-2022-cn-ext.c b/iconvdata/iso-2022-cn-ext.c | ||
| index b34c8a36f4..cce29b1969 100644 | ||
| --- a/iconvdata/iso-2022-cn-ext.c | ||
| +++ b/iconvdata/iso-2022-cn-ext.c | ||
| @@ -574,6 +574,12 @@ DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); | ||
| { \ | ||
| const char *escseq; \ | ||
| \ | ||
| + if (outptr + 4 > outend) \ | ||
| + { \ | ||
| + result = __GCONV_FULL_OUTPUT; \ | ||
| + break; \ | ||
| + } \ | ||
| + \ | ||
| assert (used == CNS11643_2_set); /* XXX */ \ | ||
| escseq = "*H"; \ | ||
| *outptr++ = ESC; \ | ||
| @@ -587,6 +593,12 @@ DIAG_IGNORE_Os_NEEDS_COMMENT (5, "-Wmaybe-uninitialized"); | ||
| { \ | ||
| const char *escseq; \ | ||
| \ | ||
| + if (outptr + 4 > outend) \ | ||
| + { \ | ||
| + result = __GCONV_FULL_OUTPUT; \ | ||
| + break; \ | ||
| + } \ | ||
| + \ | ||
| assert ((used >> 5) >= 3 && (used >> 5) <= 7); \ | ||
| escseq = "+I+J+K+L+M" + ((used >> 5) - 3) * 2; \ | ||
| *outptr++ = ESC; \ | ||
| diff --git a/iconvdata/tst-iconv-iso-2022-cn-ext.c b/iconvdata/tst-iconv-iso-2022-cn-ext.c | ||
| new file mode 100644 | ||
| index 0000000000..96a8765fd5 | ||
| --- /dev/null | ||
| +++ b/iconvdata/tst-iconv-iso-2022-cn-ext.c | ||
| @@ -0,0 +1,128 @@ | ||
| +/* Verify ISO-2022-CN-EXT does not write out of the bounds. | ||
| + Copyright (C) 2024 Free Software Foundation, Inc. | ||
| + This file is part of the GNU C Library. | ||
| + | ||
| + The GNU C Library is free software; you can redistribute it and/or | ||
| + modify it under the terms of the GNU Lesser General Public | ||
| + License as published by the Free Software Foundation; either | ||
| + version 2.1 of the License, or (at your option) any later version. | ||
| + | ||
| + The GNU C Library is distributed in the hope that it will be useful, | ||
| + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
| + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | ||
| + Lesser General Public License for more details. | ||
| + | ||
| + You should have received a copy of the GNU Lesser General Public | ||
| + License along with the GNU C Library; if not, see | ||
| + <https://www.gnu.org/licenses/>. */ | ||
| + | ||
| +#include <stdio.h> | ||
| +#include <string.h> | ||
| + | ||
| +#include <errno.h> | ||
| +#include <iconv.h> | ||
| +#include <sys/mman.h> | ||
| + | ||
| +#include <support/xunistd.h> | ||
| +#include <support/check.h> | ||
| +#include <support/support.h> | ||
| + | ||
| +/* The test sets up a two memory page buffer with the second page marked | ||
| + PROT_NONE to trigger a fault if the conversion writes beyond the exact | ||
| + expected amount. Then we carry out various conversions and precisely | ||
| + place the start of the output buffer in order to trigger a SIGSEGV if the | ||
| + process writes anywhere between 1 and page sized bytes more (only one | ||
| + PROT_NONE page is setup as a canary) than expected. These tests exercise | ||
| + all three of the cases in ISO-2022-CN-EXT where the converter must switch | ||
| + character sets and may run out of buffer space while doing the | ||
| + operation. */ | ||
| + | ||
| +static int | ||
| +do_test (void) | ||
| +{ | ||
| + iconv_t cd = iconv_open ("ISO-2022-CN-EXT", "UTF-8"); | ||
| + TEST_VERIFY_EXIT (cd != (iconv_t) -1); | ||
| + | ||
| + char *ntf; | ||
| + size_t ntfsize; | ||
| + char *outbufbase; | ||
| + { | ||
| + int pgz = getpagesize (); | ||
| + TEST_VERIFY_EXIT (pgz > 0); | ||
| + ntfsize = 2 * pgz; | ||
| + | ||
| + ntf = xmmap (NULL, ntfsize, PROT_READ | PROT_WRITE, MAP_PRIVATE | ||
| + | MAP_ANONYMOUS, -1); | ||
| + xmprotect (ntf + pgz, pgz, PROT_NONE); | ||
| + | ||
| + outbufbase = ntf + pgz; | ||
| + } | ||
| + | ||
| + /* Check if SOdesignation escape sequence does not trigger an OOB write. */ | ||
| + { | ||
| + char inbuf[] = "\xe4\xba\xa4\xe6\x8d\xa2"; | ||
| + | ||
| + for (int i = 0; i < 9; i++) | ||
| + { | ||
| + char *inp = inbuf; | ||
| + size_t inleft = sizeof (inbuf) - 1; | ||
| + | ||
| + char *outp = outbufbase - i; | ||
| + size_t outleft = i; | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) | ||
| + == (size_t) -1); | ||
| + TEST_COMPARE (errno, E2BIG); | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); | ||
| + } | ||
| + } | ||
| + | ||
| + /* Same as before for SS2designation. */ | ||
| + { | ||
| + char inbuf[] = "㴽 \xe3\xb4\xbd"; | ||
| + | ||
| + for (int i = 0; i < 14; i++) | ||
| + { | ||
| + char *inp = inbuf; | ||
| + size_t inleft = sizeof (inbuf) - 1; | ||
| + | ||
| + char *outp = outbufbase - i; | ||
| + size_t outleft = i; | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) | ||
| + == (size_t) -1); | ||
| + TEST_COMPARE (errno, E2BIG); | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); | ||
| + } | ||
| + } | ||
| + | ||
| + /* Same as before for SS3designation. */ | ||
| + { | ||
| + char inbuf[] = "劄 \xe5\x8a\x84"; | ||
| + | ||
| + for (int i = 0; i < 14; i++) | ||
| + { | ||
| + char *inp = inbuf; | ||
| + size_t inleft = sizeof (inbuf) - 1; | ||
| + | ||
| + char *outp = outbufbase - i; | ||
| + size_t outleft = i; | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, &inp, &inleft, &outp, &outleft) | ||
| + == (size_t) -1); | ||
| + TEST_COMPARE (errno, E2BIG); | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv (cd, NULL, NULL, NULL, NULL) == 0); | ||
| + } | ||
| + } | ||
| + | ||
| + TEST_VERIFY_EXIT (iconv_close (cd) != -1); | ||
| + | ||
| + xmunmap (ntf, ntfsize); | ||
| + | ||
| + return 0; | ||
| +} | ||
| + | ||
| +#include <support/test-driver.c> | ||
| -- | ||
| 2.45.0 | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| [info] | ||
| name = glibc | ||
| version = 2.39 | ||
| type = src | ||
| license = GPL2 | ||
| url = https://ftp.gnu.org/gnu/$NAME/$NAME-$VERSION.tar.xz | ||
| sha256 = f77bd47cf8170c57365ae7bf86696c118adb3b120d3259c64c502d3dc1e2d926 | ||
|
|
||
| [description] | ||
| The GNU C Library - The project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more. | ||
|
|
||
| [download] | ||
| curl -L $URL --output $NAME-$VERSION.tar.xz | ||
| tar xf $NAME-$VERSION.tar.xz | ||
|
|
||
| [install] | ||
| # Patch 1 - Some of the Glibc programs use the non-FHS compliant /var/db directory to store their runtime data. Apply the following patch to make such programs store their runtime data in the FHS-compliant locations: | ||
| cp $SOVIET_REPOS_DIR/OUR/base/patch/$NAME-$VERSION-fhs-1.patch | ||
| patch -Np1 -i $NAME-$VERSION-fhs-1.patch | ||
| # Patch 2 - $ix a security vulnerability: | ||
| cp $SOVIET_REPOS_DIR/OUR/base/patch/$NAME-$VERSION-upstream_fix-2.patch | ||
| patch -Np1 -i $NAME-$VERSION-upstream_fix-2.patch | ||
|
|
||
| mkdir build | ||
| cd build | ||
| ../configure \ | ||
| --prefix=/usr \ | ||
| --disable-werror \ | ||
| --enable-kernel=4.14 \ | ||
| --enable-stack-protector=strong \ | ||
| --with-headers=/usr/include \ | ||
| --disable-nscd \ | ||
| --enable-cet | ||
| make $MAKE_FLAGS | ||
| # Fix the Makefile to skip an outdated sanity check that fails with a modern Glibc configuration: | ||
| sed '/test-installation/s@$(PERL)@echo not running@' -i ../Makefile | ||
| make DESTDIR=$BUILD_ROOT install | ||
| # Fix a hardcoded path to the executable loader in the ldd script: | ||
| sed '/RTLDLIST=/s@/usr@@g' -i /usr/bin/ldd | ||
| # add all the locales | ||
| echo 'Installing Locales...' | ||
| make DESTDIR=$BUILD_ROOT localedata/install-locales | ||
| localedef -i C -f UTF-8 C.UTF-8 |