From c4a298c52c8c8e80f0f08619ea171e6ad23e3654 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 24 Nov 2014 22:47:41 +0100 Subject: gnu: grep: Update to 2.21. * gnu/packages/base.scm (grep): Update to 2.21. --- gnu/packages/base.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/base.scm') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 4f28306652..39da8f87e9 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -64,14 +64,14 @@ command-line arguments, multiple languages, and so on.") (define-public grep (package (name "grep") - (version "2.20") + (version "2.21") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/grep/grep-" version ".tar.xz")) (sha256 (base32 - "0rcs0spsxdmh6yz8y4frkqp6f5iw19mdbdl9s2v6956hq0mlbbzh")))) + "1pp5n15qwxrw1pibwjhhgsibyv5cafhamf8lwzjygs6y00fa2i2j")))) (build-system gnu-build-system) (synopsis "Print lines matching a pattern") (description -- cgit v1.2.3 From 97e11209032cb10a40c588c66ebe9f345a85f234 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 26 Nov 2014 11:16:05 +0100 Subject: gnu: glibc: Do not install all the locales. * gnu/packages/base.scm (glibc)[outputs]: Remove "locales". [arguments]: Remove --localedir argument. Change libc_cv_localedir value to "/run/current-system/locale". Remove 'install-locales' phase. --- gnu/packages/base.scm | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) (limited to 'gnu/packages/base.scm') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 39da8f87e9..e2ec52a45b 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -381,25 +381,27 @@ included.") ;; users should automatically pull Linux headers as well. (propagated-inputs `(("linux-headers" ,linux-libre-headers))) - ;; Store the locales separately (~100 MiB). Note that "out" retains a - ;; reference to them anyway, so there's no space savings here. - ;; TODO: Eventually we may want to add a $LOCALE_ARCHIVE search path like - ;; Nixpkgs does. - (outputs '("out" "locales" "debug")) + (outputs '("out" "debug")) (arguments `(#:out-of-source? #t #:configure-flags (list "--enable-add-ons" "--sysconfdir=/etc" - (string-append "--localedir=" (assoc-ref %outputs "locales") - "/share/locale") + ;; Installing a locale archive with all the locales is to + ;; expensive (~100 MiB), so we rely on users to install the + ;; locales they really want. + ;; + ;; Set the default locale path. In practice, $LOCPATH may be + ;; defined to point whatever locales users want. However, setuid + ;; binaries don't honor $LOCPATH, so they'll instead look into + ;; $libc_cv_localedir; we choose /run/current-system/locale, with + ;; the idea that it is going to be populated by the sysadmin. + ;; ;; `--localedir' is not honored, so work around it. ;; See . - (string-append "libc_cv_localedir=" - (assoc-ref %outputs "locales") - "/share/locale") + (string-append "libc_cv_localedir=/run/current-system/locale") (string-append "--with-headers=" (assoc-ref %build-inputs "linux-headers") @@ -476,11 +478,7 @@ included.") "") (("exec @PERL@") "exec perl")))) - (alist-cons-after - 'install 'install-locales - (lambda _ - (zero? (system* "make" "localedata/install-locales"))) - %standard-phases)))) + %standard-phases))) (inputs `(("static-bash" ,(static-package bash-light)))) -- cgit v1.2.3 From 84c84ce7bfc6f34a3d5a9205dc0a92e25435efcf Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sat, 27 Dec 2014 11:52:55 +0100 Subject: gnu: binutils: Update to 2.25. * gnu/packages/base.scm (binutils): Update to 2.25. --- gnu/packages/base.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'gnu/packages/base.scm') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index aec8d8949c..5bf27c9ef1 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -312,14 +312,14 @@ change. GNU make offers many powerful extensions over the standard utility.") (define-public binutils (package (name "binutils") - (version "2.24") + (version "2.25") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/binutils/binutils-" version ".tar.bz2")) (sha256 (base32 - "0ds1y7qa0xqihw4ihnsgg6bxanmb228r228ddvwzgrv4jszcbs75")) + "08r9i26b05zcwb9zxb6zllpfdiiicdfsgbpsjlrjmvx3rxjzrpi2")) (patches (list (search-patch "binutils-ld-new-dtags.patch") (search-patch "binutils-loongson-workaround.patch"))))) (build-system gnu-build-system) -- cgit v1.2.3 From f05bdc9412135f34a1c417edc203c35cd005d0d5 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Sun, 28 Dec 2014 23:46:59 +0100 Subject: gnu: Don't use --strip-all in cases where this is problematic. This is a followup to 856ae5e. See for an example of build failure. * guix/build/gnu-build-system.scm (strip): Add #:archive-strip-flags parameter. Use it when (ar-file? path). * guix/build-system/gnu.scm (gnu-build): Add #:archive-strip-flags parameter and pass it down. * gnu/packages/commencement.scm (gcc-boot0)[arguments]: Add #:strip-flags. * gnu/packages/base.scm (glibc)[arguments]: Likewise. --- gnu/packages/base.scm | 3 +++ gnu/packages/commencement.scm | 4 ++++ guix/build-system/gnu.scm | 2 ++ guix/build/gnu-build-system.scm | 11 ++++++++++- 4 files changed, 19 insertions(+), 1 deletion(-) (limited to 'gnu/packages/base.scm') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 5bf27c9ef1..b4f4d8ee06 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -421,6 +421,9 @@ included.") ;; XXX: Work around "undefined reference to `__stack_chk_guard'". "libc_cv_ssp=no") + ;; Using '--strip-all' on crt*.o breaks them. + #:strip-flags '("--strip-debug") + #:tests? #f ; XXX #:phases (alist-cons-before 'configure 'pre-configure diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 20831de997..309e195bc2 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -170,6 +170,10 @@ identifier SYSTEM." (ice-9 regex) (srfi srfi-1) (srfi srfi-26)) + + ;; Using '--strip-all' leads to a link failure while building libc. + #:strip-flags '("--strip-debug") + ,@(substitute-keyword-arguments (package-arguments gcc-4.8) ((#:configure-flags flags) `(append (list ,(string-append "--target=" (boot-triplet)) diff --git a/guix/build-system/gnu.scm b/guix/build-system/gnu.scm index f765a144c4..e2b41b1898 100644 --- a/guix/build-system/gnu.scm +++ b/guix/build-system/gnu.scm @@ -275,6 +275,7 @@ standard packages used as implicit inputs of the GNU build system." (patch-shebangs? #t) (strip-binaries? #t) (strip-flags ''("--strip-all")) + (archive-strip-flags ''("--strip-debug")) (strip-directories ''("lib" "lib64" "libexec" "bin" "sbin")) (phases '%standard-phases) @@ -338,6 +339,7 @@ are allowed to refer to." #:patch-shebangs? ,patch-shebangs? #:strip-binaries? ,strip-binaries? #:strip-flags ,strip-flags + #:archive-strip-flags ,archive-strip-flags #:strip-directories ,strip-directories))) (define guile-for-build diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index 11b43c521f..a985b1c715 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -298,6 +298,12 @@ makefiles." (string-append target "-objcopy") "objcopy")) (strip-flags '("--strip-all")) + + ;; Using '--strip-all' on .a file would remove the archive + ;; index, leading to "Archive has no index" errors when + ;; linking against them. + (archive-strip-flags '("--strip-debug")) + (strip-directories '("lib" "lib64" "libexec" "bin" "sbin")) #:allow-other-keys) @@ -353,7 +359,10 @@ makefiles." (or (not debug-output) (make-debug-file path)) (zero? (apply system* strip-command - (append strip-flags (list path)))) + (append (if (ar-file? path) + archive-strip-flags + strip-flags) + (list path)))) (or (not debug-output) (add-debug-link path)))) (const #t) ; down -- cgit v1.2.3 From 7da473b75721e06237b106c6d186f2729117b1ee Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 29 Dec 2014 21:44:48 +0100 Subject: gnu: Revert use of '--strip-all'. This reverts commits f05bdc9412135f34a1c417edc203c35cd005d0d5 and 856ae5e6c71a1283a414d33e638051f95d3cce35. This broke all sorts of things. See , for example. --- gnu/packages/base.scm | 3 --- gnu/packages/commencement.scm | 4 ---- gnu/packages/linux.scm | 5 ----- guix/build-system/gnu.scm | 4 +--- guix/build/gnu-build-system.scm | 13 ++----------- 5 files changed, 3 insertions(+), 26 deletions(-) (limited to 'gnu/packages/base.scm') diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index b4f4d8ee06..5bf27c9ef1 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -421,9 +421,6 @@ included.") ;; XXX: Work around "undefined reference to `__stack_chk_guard'". "libc_cv_ssp=no") - ;; Using '--strip-all' on crt*.o breaks them. - #:strip-flags '("--strip-debug") - #:tests? #f ; XXX #:phases (alist-cons-before 'configure 'pre-configure diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 309e195bc2..20831de997 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -170,10 +170,6 @@ identifier SYSTEM." (ice-9 regex) (srfi srfi-1) (srfi srfi-26)) - - ;; Using '--strip-all' leads to a link failure while building libc. - #:strip-flags '("--strip-debug") - ,@(substitute-keyword-arguments (package-arguments gcc-4.8) ((#:configure-flags flags) `(append (list ,(string-append "--target=" (boot-triplet)) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 53368251b5..9dc5f5cd40 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -292,11 +292,6 @@ for SYSTEM, or #f if there is no configuration for SYSTEM." (alist-replace 'install ,install-phase (alist-delete 'configure %standard-phases))) - - ;; Use '--strip-debug', not '--strip-all', because the latter leads to - ;; unloadable modules (due to the lack of a symbol table.) - #:strip-flags '("--strip-debug") - #:tests? #f)) (synopsis "100% free redistribution of a cleaned Linux kernel") (description diff --git a/guix/build-system/gnu.scm b/guix/build-system/gnu.scm index e2b41b1898..c675155a6a 100644 --- a/guix/build-system/gnu.scm +++ b/guix/build-system/gnu.scm @@ -274,8 +274,7 @@ standard packages used as implicit inputs of the GNU build system." (parallel-tests? #t) (patch-shebangs? #t) (strip-binaries? #t) - (strip-flags ''("--strip-all")) - (archive-strip-flags ''("--strip-debug")) + (strip-flags ''("--strip-debug")) (strip-directories ''("lib" "lib64" "libexec" "bin" "sbin")) (phases '%standard-phases) @@ -339,7 +338,6 @@ are allowed to refer to." #:patch-shebangs? ,patch-shebangs? #:strip-binaries? ,strip-binaries? #:strip-flags ,strip-flags - #:archive-strip-flags ,archive-strip-flags #:strip-directories ,strip-directories))) (define guile-for-build diff --git a/guix/build/gnu-build-system.scm b/guix/build/gnu-build-system.scm index a985b1c715..1311cdcc9a 100644 --- a/guix/build/gnu-build-system.scm +++ b/guix/build/gnu-build-system.scm @@ -297,13 +297,7 @@ makefiles." (objcopy-command (if target (string-append target "-objcopy") "objcopy")) - (strip-flags '("--strip-all")) - - ;; Using '--strip-all' on .a file would remove the archive - ;; index, leading to "Archive has no index" errors when - ;; linking against them. - (archive-strip-flags '("--strip-debug")) - + (strip-flags '("--strip-debug")) (strip-directories '("lib" "lib64" "libexec" "bin" "sbin")) #:allow-other-keys) @@ -359,10 +353,7 @@ makefiles." (or (not debug-output) (make-debug-file path)) (zero? (apply system* strip-command - (append (if (ar-file? path) - archive-strip-flags - strip-flags) - (list path)))) + (append strip-flags (list path)))) (or (not debug-output) (add-debug-link path)))) (const #t) ; down -- cgit v1.2.3 From 26804e1351a86bfcde1b8bebeb984b9c79e6fe6f Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 30 Dec 2014 13:57:40 -0500 Subject: gnu: glibc: Add fixes for CVE-2014-7817 and CVE-2012-3406. * gnu/packages/patches/glibc-CVE-2012-3406.patch, gnu/packages/patches/glibc-CVE-2014-7817.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/base.scm (glibc): Add patches. --- gnu-system.am | 2 + gnu/packages/base.scm | 4 +- gnu/packages/patches/glibc-CVE-2012-3406.patch | 282 +++++++++++++++++++++++++ gnu/packages/patches/glibc-CVE-2014-7817.patch | 171 +++++++++++++++ 4 files changed, 458 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glibc-CVE-2012-3406.patch create mode 100644 gnu/packages/patches/glibc-CVE-2014-7817.patch (limited to 'gnu/packages/base.scm') diff --git a/gnu-system.am b/gnu-system.am index c2266c0da4..729d185d47 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -362,6 +362,8 @@ dist_patch_DATA = \ gnu/packages/patches/glib-tests-prlimit.patch \ gnu/packages/patches/glib-tests-timer.patch \ gnu/packages/patches/glib-tests-gapplication.patch \ + gnu/packages/patches/glibc-CVE-2012-3406.patch \ + gnu/packages/patches/glibc-CVE-2014-7817.patch \ gnu/packages/patches/glibc-bootstrap-system.patch \ gnu/packages/patches/glibc-ldd-x86_64.patch \ gnu/packages/patches/gnunet-fix-scheduler.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 5bf27c9ef1..117ee74b97 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -375,7 +375,9 @@ included.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (list (search-patch "glibc-ldd-x86_64.patch"))))) + (patches (list (search-patch "glibc-CVE-2014-7817.patch") + (search-patch "glibc-CVE-2012-3406.patch") + (search-patch "glibc-ldd-x86_64.patch"))))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc diff --git a/gnu/packages/patches/glibc-CVE-2012-3406.patch b/gnu/packages/patches/glibc-CVE-2012-3406.patch new file mode 100644 index 0000000000..9147a2aeee --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2012-3406.patch @@ -0,0 +1,282 @@ +Fix CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] + +Note: Here the ChangeLog and NEWS updates are removed from Jeff's + patch, since they depend on other earlier commits. + +From: Jeff Law +Date: Mon, 15 Dec 2014 09:09:32 +0000 (+0100) +Subject: CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] +X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=a3a1f4163c4d0f9a36056c8640661a88674ae8a2 + +CVE-2012-3406: Stack overflow in vfprintf [BZ #16617] + +A larger number of format specifiers coudld cause a stack overflow, +potentially allowing to bypass _FORTIFY_SOURCE format string +protection. + +(cherry picked from commit a5357b7ce2a2982c5778435704bcdb55ce3667a0) +(cherry picked from commit ae61fc7b33d9d99d2763c16de8275227dc9748ba) + +Conflicts: + NEWS +--- + +diff --git a/stdio-common/Makefile b/stdio-common/Makefile +index 5f8e534..e5e45b6 100644 +--- a/stdio-common/Makefile ++++ b/stdio-common/Makefile +@@ -57,7 +57,7 @@ tests := tstscanf test_rdwr test-popen tstgetln test-fseek \ + bug19 bug19a tst-popen2 scanf13 scanf14 scanf15 bug20 bug21 bug22 \ + scanf16 scanf17 tst-setvbuf1 tst-grouping bug23 bug24 \ + bug-vfprintf-nargs tst-long-dbl-fphex tst-fphex-wide tst-sprintf3 \ +- bug25 tst-printf-round bug26 ++ bug25 tst-printf-round bug23-2 bug23-3 bug23-4 bug26 + + test-srcs = tst-unbputc tst-printf + +diff --git a/stdio-common/bug23-2.c b/stdio-common/bug23-2.c +new file mode 100644 +index 0000000..9e0cfe6 +--- /dev/null ++++ b/stdio-common/bug23-2.c +@@ -0,0 +1,70 @@ ++#include ++#include ++#include ++ ++static const char expected[] = "\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55\ ++\n\ ++a\n\ ++abbcd55%%%%%%%%%%%%%%%%%%%%%%%%%%\n"; ++ ++static int ++do_test (void) ++{ ++ char *buf = malloc (strlen (expected) + 1); ++ snprintf (buf, strlen (expected) + 1, ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n", ++ "a", "b", "c", "d", 5); ++ return strcmp (buf, expected) != 0; ++} ++ ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" +diff --git a/stdio-common/bug23-3.c b/stdio-common/bug23-3.c +new file mode 100644 +index 0000000..57c8cef +--- /dev/null ++++ b/stdio-common/bug23-3.c +@@ -0,0 +1,50 @@ ++#include ++#include ++#include ++ ++int ++do_test (void) ++{ ++ size_t instances = 16384; ++#define X0 "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d" ++ const char *item = "\na\nabbcd55"; ++#define X3 X0 X0 X0 X0 X0 X0 X0 X0 ++#define X6 X3 X3 X3 X3 X3 X3 X3 X3 ++#define X9 X6 X6 X6 X6 X6 X6 X6 X6 ++#define X12 X9 X9 X9 X9 X9 X9 X9 X9 ++#define X14 X12 X12 X12 X12 ++#define TRAILER "%%%%%%%%%%%%%%%%%%%%%%%%%%" ++#define TRAILER2 TRAILER TRAILER ++ size_t length = instances * strlen (item) + strlen (TRAILER) + 1; ++ ++ char *buf = malloc (length + 1); ++ snprintf (buf, length + 1, ++ X14 TRAILER2 "\n", ++ "a", "b", "c", "d", 5); ++ ++ const char *p = buf; ++ size_t i; ++ for (i = 0; i < instances; ++i) ++ { ++ const char *expected; ++ for (expected = item; *expected; ++expected) ++ { ++ if (*p != *expected) ++ { ++ printf ("mismatch at offset %zu (%zu): expected %d, got %d\n", ++ (size_t) (p - buf), i, *expected & 0xFF, *p & 0xFF); ++ return 1; ++ } ++ ++p; ++ } ++ } ++ if (strcmp (p, TRAILER "\n") != 0) ++ { ++ printf ("mismatch at trailer: [%s]\n", p); ++ return 1; ++ } ++ free (buf); ++ return 0; ++} ++#define TEST_FUNCTION do_test () ++#include "../test-skeleton.c" +diff --git a/stdio-common/bug23-4.c b/stdio-common/bug23-4.c +new file mode 100644 +index 0000000..a478564 +--- /dev/null ++++ b/stdio-common/bug23-4.c +@@ -0,0 +1,31 @@ ++#include ++#include ++#include ++#include ++ ++#define LIMIT 1000000 ++ ++int ++main (void) ++{ ++ struct rlimit lim; ++ getrlimit (RLIMIT_STACK, &lim); ++ lim.rlim_cur = 1048576; ++ setrlimit (RLIMIT_STACK, &lim); ++ char *fmtstr = malloc (4 * LIMIT + 1); ++ if (fmtstr == NULL) ++ abort (); ++ char *output = malloc (LIMIT + 1); ++ if (output == NULL) ++ abort (); ++ for (size_t i = 0; i < LIMIT; i++) ++ memcpy (fmtstr + 4 * i, "%1$d", 4); ++ fmtstr[4 * LIMIT] = '\0'; ++ int ret = snprintf (output, LIMIT + 1, fmtstr, 0); ++ if (ret != LIMIT) ++ abort (); ++ for (size_t i = 0; i < LIMIT; i++) ++ if (output[i] != '0') ++ abort (); ++ return 0; ++} +diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c +index c4ff833..429a3d1 100644 +--- a/stdio-common/vfprintf.c ++++ b/stdio-common/vfprintf.c +@@ -263,6 +263,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap) + /* For the argument descriptions, which may be allocated on the heap. */ + void *args_malloced = NULL; + ++ /* For positional argument handling. */ ++ struct printf_spec *specs; ++ ++ /* Track if we malloced the SPECS array and thus must free it. */ ++ bool specs_malloced = false; ++ + /* This table maps a character into a number representing a + class. In each step there is a destination label for each + class. */ +@@ -1679,8 +1685,8 @@ do_positional: + size_t nspecs = 0; + /* A more or less arbitrary start value. */ + size_t nspecs_size = 32 * sizeof (struct printf_spec); +- struct printf_spec *specs = alloca (nspecs_size); + ++ specs = alloca (nspecs_size); + /* The number of arguments the format string requests. This will + determine the size of the array needed to store the argument + attributes. */ +@@ -1721,11 +1727,39 @@ do_positional: + if (nspecs * sizeof (*specs) >= nspecs_size) + { + /* Extend the array of format specifiers. */ ++ if (nspecs_size * 2 < nspecs_size) ++ { ++ __set_errno (ENOMEM); ++ done = -1; ++ goto all_done; ++ } + struct printf_spec *old = specs; +- specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size); ++ if (__libc_use_alloca (2 * nspecs_size)) ++ specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size); ++ else ++ { ++ nspecs_size *= 2; ++ specs = malloc (nspecs_size); ++ if (specs == NULL) ++ { ++ __set_errno (ENOMEM); ++ specs = old; ++ done = -1; ++ goto all_done; ++ } ++ } + + /* Copy the old array's elements to the new space. */ + memmove (specs, old, nspecs * sizeof (*specs)); ++ ++ /* If we had previously malloc'd space for SPECS, then ++ release it after the copy is complete. */ ++ if (specs_malloced) ++ free (old); ++ ++ /* Now set SPECS_MALLOCED if needed. */ ++ if (!__libc_use_alloca (nspecs_size)) ++ specs_malloced = true; + } + + /* Parse the format specifier. */ +@@ -2046,6 +2080,8 @@ do_positional: + } + + all_done: ++ if (specs_malloced) ++ free (specs); + if (__glibc_unlikely (args_malloced != NULL)) + free (args_malloced); + if (__glibc_unlikely (workstart != NULL)) diff --git a/gnu/packages/patches/glibc-CVE-2014-7817.patch b/gnu/packages/patches/glibc-CVE-2014-7817.patch new file mode 100644 index 0000000000..14c885523c --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2014-7817.patch @@ -0,0 +1,171 @@ +Fix CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. + +Note: Here the ChangeLog and NEWS updates are removed from Carlos's + patch, since they depend on other earlier commits. + +From: Carlos O'Donell +Date: Wed, 19 Nov 2014 16:44:12 +0000 (-0500) +Subject: CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. +X-Git-Url: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff_plain;h=33ceaf6187b31ea15284ac65131749e1cb68d2ae + +CVE-2014-7817: wordexp fails to honour WRDE_NOCMD. + +The function wordexp() fails to properly handle the WRDE_NOCMD +flag when processing arithmetic inputs in the form of "$((... ``))" +where "..." can be anything valid. The backticks in the arithmetic +epxression are evaluated by in a shell even if WRDE_NOCMD forbade +command substitution. This allows an attacker to attempt to pass +dangerous commands via constructs of the above form, and bypass +the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD +in exec_comm(), the only place that can execute a shell. All other +checks for WRDE_NOCMD are superfluous and removed. + +We expand the testsuite and add 3 new regression tests of roughly +the same form but with a couple of nested levels. + +On top of the 3 new tests we add fork validation to the WRDE_NOCMD +testing. If any forks are detected during the execution of a wordexp() +call with WRDE_NOCMD, the test is marked as failed. This is slightly +heuristic since vfork might be used in the future, but it provides a +higher level of assurance that no shells were executed as part of +command substitution with WRDE_NOCMD in effect. In addition it doesn't +require libpthread or libdl, instead we use the public implementation +namespace function __register_atfork (already part of the public ABI +for libpthread). + +Tested on x86_64 with no regressions. + +(cherry picked from commit a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c) +--- + +diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c +index 4957006..bdd65e4 100644 +--- a/posix/wordexp-test.c ++++ b/posix/wordexp-test.c +@@ -27,6 +27,25 @@ + + #define IFS " \n\t" + ++extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden"))); ++extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *); ++ ++static int __app_register_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void)) ++{ ++ return __register_atfork (prepare, parent, child, ++ &__dso_handle == NULL ? NULL : __dso_handle); ++} ++ ++/* Number of forks seen. */ ++static int registered_forks; ++ ++/* For each fork increment the fork count. */ ++static void ++register_fork (void) ++{ ++ registered_forks++; ++} ++ + struct test_case_struct + { + int retval; +@@ -206,6 +225,12 @@ struct test_case_struct + { WRDE_SYNTAX, NULL, "$((2+))", 0, 0, { NULL, }, IFS }, + { WRDE_SYNTAX, NULL, "`", 0, 0, { NULL, }, IFS }, + { WRDE_SYNTAX, NULL, "$((010+4+))", 0, 0, { NULL }, IFS }, ++ /* Test for CVE-2014-7817. We test 3 combinations of command ++ substitution inside an arithmetic expression to make sure that ++ no commands are executed and error is returned. */ ++ { WRDE_CMDSUB, NULL, "$((`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS }, ++ { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS }, ++ { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS }, + + { -1, NULL, NULL, 0, 0, { NULL, }, IFS }, + }; +@@ -258,6 +283,15 @@ main (int argc, char *argv[]) + return -1; + } + ++ /* If we are not allowed to do command substitution, we install ++ fork handlers to verify that no forks happened. No forks should ++ happen at all if command substitution is disabled. */ ++ if (__app_register_atfork (register_fork, NULL, NULL) != 0) ++ { ++ printf ("Failed to register fork handler.\n"); ++ return -1; ++ } ++ + for (test = 0; test_case[test].retval != -1; test++) + if (testit (&test_case[test])) + ++fail; +@@ -367,6 +401,9 @@ testit (struct test_case_struct *tc) + + printf ("Test %d (%s): ", ++tests, tc->words); + ++ if (tc->flags & WRDE_NOCMD) ++ registered_forks = 0; ++ + if (tc->flags & WRDE_APPEND) + { + /* initial wordexp() call, to be appended to */ +@@ -378,6 +415,13 @@ testit (struct test_case_struct *tc) + } + retval = wordexp (tc->words, &we, tc->flags); + ++ if ((tc->flags & WRDE_NOCMD) ++ && (registered_forks > 0)) ++ { ++ printf ("FAILED fork called for WRDE_NOCMD\n"); ++ return 1; ++ } ++ + if (tc->flags & WRDE_DOOFFS) + start_offs = sav_we.we_offs; + +diff --git a/posix/wordexp.c b/posix/wordexp.c +index b6b65dd..26f3a26 100644 +--- a/posix/wordexp.c ++++ b/posix/wordexp.c +@@ -893,6 +893,10 @@ exec_comm (char *comm, char **word, size_t *word_length, size_t *max_length, + pid_t pid; + int noexec = 0; + ++ /* Do nothing if command substitution should not succeed. */ ++ if (flags & WRDE_NOCMD) ++ return WRDE_CMDSUB; ++ + /* Don't fork() unless necessary */ + if (!comm || !*comm) + return 0; +@@ -2082,9 +2086,6 @@ parse_dollars (char **word, size_t *word_length, size_t *max_length, + } + } + +- if (flags & WRDE_NOCMD) +- return WRDE_CMDSUB; +- + (*offset) += 2; + return parse_comm (word, word_length, max_length, words, offset, flags, + quoted? NULL : pwordexp, ifs, ifs_white); +@@ -2196,9 +2197,6 @@ parse_dquote (char **word, size_t *word_length, size_t *max_length, + break; + + case '`': +- if (flags & WRDE_NOCMD) +- return WRDE_CMDSUB; +- + ++(*offset); + error = parse_backtick (word, word_length, max_length, words, + offset, flags, NULL, NULL, NULL); +@@ -2357,12 +2355,6 @@ wordexp (const char *words, wordexp_t *pwordexp, int flags) + break; + + case '`': +- if (flags & WRDE_NOCMD) +- { +- error = WRDE_CMDSUB; +- goto do_error; +- } +- + ++words_offset; + error = parse_backtick (&word, &word_length, &max_length, words, + &words_offset, flags, pwordexp, ifs, -- cgit v1.2.3 From bf0baaf7db6c3ab7d54f274a8728612e323b1b08 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 30 Dec 2014 19:58:05 -0500 Subject: gnu: glibc: MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference. * gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/base.scm (glibc): Add patch. --- gnu-system.am | 1 + gnu/packages/base.scm | 1 + .../patches/glibc-mips-dangling-vfork-ref.patch | 45 ++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch (limited to 'gnu/packages/base.scm') diff --git a/gnu-system.am b/gnu-system.am index 729d185d47..405c01fb07 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -366,6 +366,7 @@ dist_patch_DATA = \ gnu/packages/patches/glibc-CVE-2014-7817.patch \ gnu/packages/patches/glibc-bootstrap-system.patch \ gnu/packages/patches/glibc-ldd-x86_64.patch \ + gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch \ gnu/packages/patches/gnunet-fix-scheduler.patch \ gnu/packages/patches/gnunet-fix-tests.patch \ gnu/packages/patches/gobject-introspection-cc.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 117ee74b97..1f479ccbbe 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -377,6 +377,7 @@ included.") (modules '((guix build utils))) (patches (list (search-patch "glibc-CVE-2014-7817.patch") (search-patch "glibc-CVE-2012-3406.patch") + (search-patch "glibc-mips-dangling-vfork-ref.patch") (search-patch "glibc-ldd-x86_64.patch"))))) (build-system gnu-build-system) diff --git a/gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch b/gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch new file mode 100644 index 0000000000..852b6de669 --- /dev/null +++ b/gnu/packages/patches/glibc-mips-dangling-vfork-ref.patch @@ -0,0 +1,45 @@ +Avoid a dangling `vfork@GLIBC_2.0' reference on MIPS. + +Note: Here the ChangeLog and NEWS updates are removed from Maciej's + patch, since they depend on other earlier commits. + +From: Maciej W. Rozycki +Date: Wed, 22 Oct 2014 14:20:37 +0000 (+0100) +Subject: MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference +X-Git-Url: https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=c14e752fc73d34c75d4f84f37fea8e0b1734cf98 + +MIPS: Avoid a dangling `vfork@GLIBC_2.0' reference + +This satisfies a symbol reference created with: + + .symver __libc_vfork, vfork@GLIBC_2.0 + +where `__libc_vfork' has not been defined or referenced. In this case +the `vfork@GLIBC_2.0' reference is supposed to be discarded, however a +bug present in GAS since forever causes an undefined symbol table entry +to be created. This in turn triggers a problem in the linker that can +manifest itself by link errors such as: + +ld: libpthread.so: invalid string offset 2765592330 >= 5154 for section `.dynstr' + +The GAS and linker bugs need to be resolved, but we can avoid them too +by providing a `__libc_vfork' definition just like our other platforms. + + [BZ #17485] + * sysdeps/unix/sysv/linux/mips/vfork.S (__libc_vfork): Define. + +(cherry picked from commit b5af9297d51a43f96c5be1bafab032184690dd6f) + +Conflicts: + NEWS +--- + +diff --git a/sysdeps/unix/sysv/linux/mips/vfork.S b/sysdeps/unix/sysv/linux/mips/vfork.S +index 80c362d..2c1a747 100644 +--- a/sysdeps/unix/sysv/linux/mips/vfork.S ++++ b/sysdeps/unix/sysv/linux/mips/vfork.S +@@ -108,3 +108,4 @@ L(error): + + libc_hidden_def(__vfork) + weak_alias (__vfork, vfork) ++strong_alias (__vfork, __libc_vfork) -- cgit v1.2.3