wok annotate glibc/stuff/glibc-2.14.1-fixes-1.patch @ rev 21988

Up sudo (1.8.28) CVE-2019-14287
author Pascal Bellard <pascal.bellard@slitaz.org>
date Tue Oct 15 10:14:15 2019 +0200 (2019-10-15)
parents
children
rev   line source
pankso@12269 1 Submitted By: Matt Burgess <matthew_at_linuxfromscratch_dot_org>
pankso@12269 2 Date: 2011-10-07
pankso@12269 3 Initial Package Version: 2.14.1
pankso@12269 4 Upstream Status: From upstream
pankso@12269 5 Origin: Matt Burgess
pankso@12269 6 Description: Fixes Firefox crashes and a bug when programs link to
pankso@12269 7 SDL.
pankso@12269 8
pankso@12269 9 diff -Naur glibc-2.14.1.orig/elf/dl-close.c glibc-2.14.1/elf/dl-close.c
pankso@12269 10 --- glibc-2.14.1.orig/elf/dl-close.c 2011-10-07 09:48:55.000000000 +0000
pankso@12269 11 +++ glibc-2.14.1/elf/dl-close.c 2011-10-07 19:43:10.346411120 +0000
pankso@12269 12 @@ -119,17 +119,8 @@
pankso@12269 13 if (map->l_direct_opencount > 0 || map->l_type != lt_loaded
pankso@12269 14 || dl_close_state != not_pending)
pankso@12269 15 {
pankso@12269 16 - if (map->l_direct_opencount == 0)
pankso@12269 17 - {
pankso@12269 18 - if (map->l_type == lt_loaded)
pankso@12269 19 - dl_close_state = rerun;
pankso@12269 20 - else if (map->l_type == lt_library)
pankso@12269 21 - {
pankso@12269 22 - struct link_map **oldp = map->l_initfini;
pankso@12269 23 - map->l_initfini = map->l_orig_initfini;
pankso@12269 24 - _dl_scope_free (oldp);
pankso@12269 25 - }
pankso@12269 26 - }
pankso@12269 27 + if (map->l_direct_opencount == 0 && map->l_type == lt_loaded)
pankso@12269 28 + dl_close_state = rerun;
pankso@12269 29
pankso@12269 30 /* There are still references to this object. Do nothing more. */
pankso@12269 31 if (__builtin_expect (GLRO(dl_debug_mask) & DL_DEBUG_FILES, 0))
pankso@12269 32 diff -Naur glibc-2.14.1.orig/elf/dl-deps.c glibc-2.14.1/elf/dl-deps.c
pankso@12269 33 --- glibc-2.14.1.orig/elf/dl-deps.c 2011-10-07 09:48:55.000000000 +0000
pankso@12269 34 +++ glibc-2.14.1/elf/dl-deps.c 2011-10-07 19:43:10.348432639 +0000
pankso@12269 35 @@ -478,6 +478,7 @@
pankso@12269 36 nneeded * sizeof needed[0]);
pankso@12269 37 atomic_write_barrier ();
pankso@12269 38 l->l_initfini = l_initfini;
pankso@12269 39 + l->l_free_initfini = 1;
pankso@12269 40 }
pankso@12269 41
pankso@12269 42 /* If we have no auxiliary objects just go on to the next map. */
pankso@12269 43 @@ -678,6 +679,7 @@
pankso@12269 44 l_initfini[nlist] = NULL;
pankso@12269 45 atomic_write_barrier ();
pankso@12269 46 map->l_initfini = l_initfini;
pankso@12269 47 + map->l_free_initfini = 1;
pankso@12269 48 if (l_reldeps != NULL)
pankso@12269 49 {
pankso@12269 50 atomic_write_barrier ();
pankso@12269 51 @@ -686,7 +688,7 @@
pankso@12269 52 _dl_scope_free (old_l_reldeps);
pankso@12269 53 }
pankso@12269 54 if (old_l_initfini != NULL)
pankso@12269 55 - map->l_orig_initfini = old_l_initfini;
pankso@12269 56 + _dl_scope_free (old_l_initfini);
pankso@12269 57
pankso@12269 58 if (errno_reason)
pankso@12269 59 _dl_signal_error (errno_reason == -1 ? 0 : errno_reason, objname,
pankso@12269 60 diff -Naur glibc-2.14.1.orig/elf/dl-libc.c glibc-2.14.1/elf/dl-libc.c
pankso@12269 61 --- glibc-2.14.1.orig/elf/dl-libc.c 2011-10-07 09:48:55.000000000 +0000
pankso@12269 62 +++ glibc-2.14.1/elf/dl-libc.c 2011-10-07 19:43:10.352411141 +0000
pankso@12269 63 @@ -279,6 +279,10 @@
pankso@12269 64 if (! old->dont_free)
pankso@12269 65 free (old);
pankso@12269 66 }
pankso@12269 67 +
pankso@12269 68 + /* Free the initfini dependency list. */
pankso@12269 69 + if (l->l_free_initfini)
pankso@12269 70 + free (l->l_initfini);
pankso@12269 71 }
pankso@12269 72
pankso@12269 73 if (__builtin_expect (GL(dl_ns)[ns]._ns_global_scope_alloc, 0) != 0
pankso@12269 74 diff -Naur glibc-2.14.1.orig/elf/rtld.c glibc-2.14.1/elf/rtld.c
pankso@12269 75 --- glibc-2.14.1.orig/elf/rtld.c 2011-10-07 09:48:55.000000000 +0000
pankso@12269 76 +++ glibc-2.14.1/elf/rtld.c 2011-10-07 19:43:10.355406263 +0000
pankso@12269 77 @@ -2263,6 +2263,7 @@
pankso@12269 78 lnp->dont_free = 1;
pankso@12269 79 lnp = lnp->next;
pankso@12269 80 }
pankso@12269 81 + l->l_free_initfini = 0;
pankso@12269 82
pankso@12269 83 if (l != &GL(dl_rtld_map))
pankso@12269 84 _dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,
pankso@12269 85 diff -Naur glibc-2.14.1.orig/include/link.h glibc-2.14.1/include/link.h
pankso@12269 86 --- glibc-2.14.1.orig/include/link.h 2011-10-07 09:48:55.000000000 +0000
pankso@12269 87 +++ glibc-2.14.1/include/link.h 2011-10-07 19:43:10.357462703 +0000
pankso@12269 88 @@ -192,6 +192,9 @@
pankso@12269 89 during LD_TRACE_PRELINKING=1
pankso@12269 90 contains any DT_SYMBOLIC
pankso@12269 91 libraries. */
pankso@12269 92 + unsigned int l_free_initfini:1; /* Nonzero if l_initfini can be
pankso@12269 93 + freed, ie. not allocated with
pankso@12269 94 + the dummy malloc in ld.so. */
pankso@12269 95
pankso@12269 96 /* Collected information about own RPATH directories. */
pankso@12269 97 struct r_search_path_struct l_rpath_dirs;
pankso@12269 98 @@ -240,9 +243,6 @@
pankso@12269 99
pankso@12269 100 /* List of object in order of the init and fini calls. */
pankso@12269 101 struct link_map **l_initfini;
pankso@12269 102 - /* The init and fini list generated at startup, saved when the
pankso@12269 103 - object is also loaded dynamically. */
pankso@12269 104 - struct link_map **l_orig_initfini;
pankso@12269 105
pankso@12269 106 /* List of the dependencies introduced through symbol binding. */
pankso@12269 107 struct link_map_reldeps
pankso@12269 108 diff -Naur glibc-2.14.1.orig/resolv/res_query.c glibc-2.14.1/resolv/res_query.c
pankso@12269 109 --- glibc-2.14.1.orig/resolv/res_query.c 2011-10-07 09:48:55.000000000 +0000
pankso@12269 110 +++ glibc-2.14.1/resolv/res_query.c 2011-10-07 19:43:10.361412711 +0000
pankso@12269 111 @@ -122,6 +122,7 @@
pankso@12269 112 int *resplen2)
pankso@12269 113 {
pankso@12269 114 HEADER *hp = (HEADER *) answer;
pankso@12269 115 + HEADER *hp2;
pankso@12269 116 int n, use_malloc = 0;
pankso@12269 117 u_int oflags = statp->_flags;
pankso@12269 118
pankso@12269 119 @@ -239,26 +240,25 @@
pankso@12269 120 /* __libc_res_nsend might have reallocated the buffer. */
pankso@12269 121 hp = (HEADER *) *answerp;
pankso@12269 122
pankso@12269 123 - /* We simplify the following tests by assigning HP to HP2. It
pankso@12269 124 - is easy to verify that this is the same as ignoring all
pankso@12269 125 - tests of HP2. */
pankso@12269 126 - HEADER *hp2 = answerp2 ? (HEADER *) *answerp2 : hp;
pankso@12269 127 -
pankso@12269 128 - if (n < (int) sizeof (HEADER) && answerp2 != NULL
pankso@12269 129 - && *resplen2 > (int) sizeof (HEADER))
pankso@12269 130 + /* We simplify the following tests by assigning HP to HP2 or
pankso@12269 131 + vice versa. It is easy to verify that this is the same as
pankso@12269 132 + ignoring all tests of HP or HP2. */
pankso@12269 133 + if (answerp2 == NULL || *resplen2 < (int) sizeof (HEADER))
pankso@12269 134 {
pankso@12269 135 - /* Special case of partial answer. */
pankso@12269 136 - assert (hp != hp2);
pankso@12269 137 - hp = hp2;
pankso@12269 138 + hp2 = hp;
pankso@12269 139 }
pankso@12269 140 - else if (answerp2 != NULL && *resplen2 < (int) sizeof (HEADER)
pankso@12269 141 - && n > (int) sizeof (HEADER))
pankso@12269 142 + else
pankso@12269 143 {
pankso@12269 144 - /* Special case of partial answer. */
pankso@12269 145 - assert (hp != hp2);
pankso@12269 146 - hp2 = hp;
pankso@12269 147 + hp2 = (HEADER *) *answerp2;
pankso@12269 148 + if (n < (int) sizeof (HEADER))
pankso@12269 149 + {
pankso@12269 150 + hp = hp2;
pankso@12269 151 + }
pankso@12269 152 }
pankso@12269 153
pankso@12269 154 + /* Make sure both hp and hp2 are defined */
pankso@12269 155 + assert((hp != NULL) && (hp2 != NULL));
pankso@12269 156 +
pankso@12269 157 if ((hp->rcode != NOERROR || ntohs(hp->ancount) == 0)
pankso@12269 158 && (hp2->rcode != NOERROR || ntohs(hp2->ancount) == 0)) {
pankso@12269 159 #ifdef DEBUG