diff --git a/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch b/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch deleted file mode 100644 index 78d7c4b..0000000 --- a/SOURCES/glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch +++ /dev/null @@ -1,36 +0,0 @@ -From patchwork Thu Jul 3 13:26:40 2014 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: ARM: Define ELF_MACHINE_NO_REL -X-Patchwork-Submitter: Will Newton -X-Patchwork-Id: 366862 -Message-Id: <1404394000-13429-1-git-send-email-will.newton@linaro.org> -To: libc-alpha@sourceware.org -Date: Thu, 3 Jul 2014 14:26:40 +0100 -From: Will Newton -List-Id: - -Fix a -Wundef warning on ARM. - -ChangeLog: - -2014-07-03 Will Newton - - * sysdeps/arm/dl-machine.h (ELF_MACHINE_NO_REL): Define. ---- - sysdeps/arm/dl-machine.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/sysdeps/arm/dl-machine.h b/sysdeps/arm/dl-machine.h -index c5ffc93..d6b0c52 100644 ---- a/sysdeps/arm/dl-machine.h -+++ b/sysdeps/arm/dl-machine.h -@@ -296,6 +296,7 @@ elf_machine_plt_value (struct link_map *map, const Elf32_Rel *reloc, - /* ARM never uses Elf32_Rela relocations for the dynamic linker. - Prelinked libraries may use Elf32_Rela though. */ - #define ELF_MACHINE_NO_RELA defined RTLD_BOOTSTRAP -+#define ELF_MACHINE_NO_REL 0 - - /* Names of the architecture-specific auditing callback functions. */ - #define ARCH_LA_PLTENTER arm_gnu_pltenter diff --git a/SOURCES/glibc-rh1256317-armhfp-build-issue.patch b/SOURCES/glibc-rh1256317-armhfp-build-issue.patch deleted file mode 100644 index aa6e7fe..0000000 --- a/SOURCES/glibc-rh1256317-armhfp-build-issue.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/sysdeps/unix/arm/sysdep.S 2016-11-05 11:44:45.561945344 +0100 -+++ b/sysdeps/unix/arm/sysdep.S 2016-11-05 11:44:19.542069815 +0100 -@@ -37,7 +37,7 @@ - moveq r0, $EAGAIN /* Yes; translate it to EAGAIN. */ - #endif - --#ifndef IS_IN_rtld -+#if !IS_IN (rtld) - mov ip, lr - cfi_register (lr, ip) - mov r1, r0 diff --git a/SOURCES/glibc-rh1772307.patch b/SOURCES/glibc-rh1772307.patch deleted file mode 100644 index 1ccc6dd..0000000 --- a/SOURCES/glibc-rh1772307.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 27d3ce1467990f89126e228559dec8f84b96c60e Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Fri, 1 Apr 2016 15:08:48 -0700 -Subject: [PATCH] Remove Fast_Copy_Backward from Intel Core processors - -Intel Core i3, i5 and i7 processors have fast unaligned copy and -copy backward is ignored. Remove Fast_Copy_Backward from Intel Core -processors to avoid confusion. - - * sysdeps/x86/cpu-features.c (init_cpu_features): Don't set - bit_arch_Fast_Copy_Backward for Intel Core proessors. ---- - ChangeLog | 5 +++++ - sysdeps/x86/cpu-features.c | 6 +----- - 2 files changed, 6 insertions(+), 5 deletions(-) - -diff -rup a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c ---- a/sysdeps/x86/cpu-features.c 2020-01-21 16:44:28.637555853 -0500 -+++ b/sysdeps/x86/cpu-features.c 2020-01-21 16:46:51.208756416 -0500 -@@ -116,11 +116,8 @@ init_cpu_features (struct cpu_features * - case 0x2c: - case 0x2e: - case 0x2f: -- /* Rep string instructions, copy backward, unaligned loads -+ /* Rep string instructions, unaligned load, unaligned copy, - and pminub are fast on Intel Core i3, i5 and i7. */ --#if index_Fast_Rep_String != index_Fast_Copy_Backward --# error index_Fast_Rep_String != index_Fast_Copy_Backward --#endif - #if index_Fast_Rep_String != index_Fast_Unaligned_Load - # error index_Fast_Rep_String != index_Fast_Unaligned_Load - #endif -@@ -129,7 +126,6 @@ init_cpu_features (struct cpu_features * - #endif - cpu_features->feature[index_Fast_Rep_String] - |= (bit_Fast_Rep_String -- | bit_Fast_Copy_Backward - | bit_Fast_Unaligned_Load - | bit_Prefer_PMINUB_for_stringop); - break; - diff --git a/SOURCES/glibc-rh1812119-1.patch b/SOURCES/glibc-rh1812119-1.patch new file mode 100644 index 0000000..85b8399 --- /dev/null +++ b/SOURCES/glibc-rh1812119-1.patch @@ -0,0 +1,130 @@ +Based on the following commit, but modified for rhel-7.9. +Added sysdeps/ieee754/ldbl-96/Makefile to contain test case. +Adjust test case to use #include . + +commit 9333498794cde1d5cca518badf79533a24114b6f +Author: Joseph Myers +Date: Wed Feb 12 23:31:56 2020 +0000 + + Avoid ldbl-96 stack corruption from range reduction of pseudo-zero (bug 25487). + + Bug 25487 reports stack corruption in ldbl-96 sinl on a pseudo-zero + argument (an representation where all the significand bits, including + the explicit high bit, are zero, but the exponent is not zero, which + is not a valid representation for the long double type). + + Although this is not a valid long double representation, existing + practice in this area (see bug 4586, originally marked invalid but + subsequently fixed) is that we still seek to avoid invalid memory + accesses as a result, in case of programs that treat arbitrary binary + data as long double representations, although the invalid + representations of the ldbl-96 format do not need to be consistently + handled the same as any particular valid representation. + + This patch makes the range reduction detect pseudo-zero and unnormal + representations that would otherwise go to __kernel_rem_pio2, and + returns a NaN for them instead of continuing with the range reduction + process. (Pseudo-zero and unnormal representations whose unbiased + exponent is less than -1 have already been safely returned from the + function before this point without going through the rest of range + reduction.) Pseudo-zero representations would previously result in + the value passed to __kernel_rem_pio2 being all-zero, which is + definitely unsafe; unnormal representations would previously result in + a value passed whose high bit is zero, which might well be unsafe + since that is not a form of input expected by __kernel_rem_pio2. + + Tested for x86_64. + +diff -urN a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c +--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c 2012-12-24 22:02:13.000000000 -0500 ++++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c 2021-01-06 20:39:13.502241328 -0500 +@@ -210,6 +210,18 @@ + return 0; + } + ++ if ((i0 & 0x80000000) == 0) ++ { ++ /* Pseudo-zero and unnormal representations are not valid ++ representations of long double. We need to avoid stack ++ corruption in __kernel_rem_pio2, which expects input in a ++ particular normal form, but those representations do not need ++ to be consistently handled like any particular floating-point ++ value. */ ++ y[1] = y[0] = __builtin_nanl (""); ++ return 0; ++ } ++ + /* Split the 64 bits of the mantissa into three 24-bit integers + stored in a double array. */ + exp = j0 - 23; +diff -urN a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile +--- a/sysdeps/ieee754/ldbl-96/Makefile 1969-12-31 19:00:00.000000000 -0500 ++++ b/sysdeps/ieee754/ldbl-96/Makefile 2021-01-06 20:55:49.163141757 -0500 +@@ -0,0 +1,22 @@ ++# Makefile for sysdeps/ieee754/ldbl-96. ++# Copyright (C) 2016-2021 Free Software Foundation, Inc. ++# This file is part of the GNU C Library. ++ ++# The GNU C Library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2.1 of the License, or (at your option) any later version. ++ ++# The GNU C Library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++ ++# You should have received a copy of the GNU Lesser General Public ++# License along with the GNU C Library; if not, see ++# . ++ ++ifeq ($(subdir),math) ++tests += test-sinl-pseudo ++CFLAGS-test-sinl-pseudo.c += -fstack-protector-all ++endif +diff -urN a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c +--- a/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c 1969-12-31 19:00:00.000000000 -0500 ++++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c 2021-01-05 16:27:24.658596782 -0500 +@@ -0,0 +1,41 @@ ++/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487). ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ for (int i = 0; i < 64; i++) ++ { ++ uint64_t sig = i == 63 ? 0 : 1ULL << i; ++ long double ld; ++ SET_LDOUBLE_WORDS (ld, 0x4141, ++ sig >> 32, sig & 0xffffffffULL); ++ /* The requirement is that no stack overflow occurs when the ++ pseudo-zero or unnormal goes through range reduction. */ ++ volatile long double ldr; ++ ldr = sinl (ld); ++ (void) ldr; ++ } ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-rh1812119-2.patch b/SOURCES/glibc-rh1812119-2.patch new file mode 100644 index 0000000..7ad13fb --- /dev/null +++ b/SOURCES/glibc-rh1812119-2.patch @@ -0,0 +1,22 @@ +Based on the following commit, but modified for rhel-7.9. + +commit c10acd40262486dac597001aecc20ad9d3bd0e4a +Author: Florian Weimer +Date: Thu Feb 13 17:01:15 2020 +0100 + + math/test-sinl-pseudo: Use stack protector only if available + + This fixes commit 9333498794cde1d5cca518bad ("Avoid ldbl-96 stack + corruption from range reduction of pseudo-zero (bug 25487)."). + +diff -urN a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile +--- a/sysdeps/ieee754/ldbl-96/Makefile 2021-01-06 20:55:49.163141757 -0500 ++++ b/sysdeps/ieee754/ldbl-96/Makefile 2021-01-06 20:58:06.612989216 -0500 +@@ -18,5 +18,7 @@ + + ifeq ($(subdir),math) + tests += test-sinl-pseudo ++ifeq ($(have-ssp),yes) + CFLAGS-test-sinl-pseudo.c += -fstack-protector-all + endif ++endif # $(subdir) == math diff --git a/SOURCES/glibc-rh1869380.patch b/SOURCES/glibc-rh1869380.patch new file mode 100644 index 0000000..94d7935 --- /dev/null +++ b/SOURCES/glibc-rh1869380.patch @@ -0,0 +1,134 @@ +This is a custom patch for RHEL 7 to fix CVE-2020-29573 and includes +parts of 41290b6e842a2adfbda77a49abfacb0db2d63bfb, and +681900d29683722b1cb0a8e565a0585846ec5a61. + +We had a discussion[1] upstream about the treatment of unnormal long +double numbers in glibc and gcc and there is general consensus that +unnormal numbers (pseudos in general) ought to be treated like NaNs +without the guarantee that they will always be treated correctly in +glibc. That is, there is agreement that we should fix bugs and +security issues arising from such inputs but not guarantee glibc +behaviour with such inputs since the latter would involve extensive +coverage. + +Now on to #1869380, this crash in printf manifests itself only in +RHEL-7 and not in any other Red Hat distribution because later +versions of glibc use __builtin_nan from gcc, which always recognizes +pseudos as NaN. Based on that and the recent consensus, the correct +way to fix #1869380 appears to be to treat unnormals as NaN instead of +fixing the unnormal representation as in this patch[2]. + +[1] https://sourceware.org/pipermail/libc-alpha/2020-November/119949.html +[2] https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html + +Co-authored-by: Siddhesh Poyarekar + +diff --git a/stdio-common/printf_fp.c b/stdio-common/printf_fp.c +index d0e082494af6b0a3..60b143571065a082 100644 +--- a/stdio-common/printf_fp.c ++++ b/stdio-common/printf_fp.c +@@ -151,6 +151,28 @@ static wchar_t *group_number (wchar_t *buf, wchar_t *bufend, + wchar_t thousands_sep, int ngroups) + internal_function; + ++static __always_inline int ++isnanl_or_pseudo (long double in) ++{ ++#if defined __x86_64__ || defined __i386__ ++ union ++ { ++ long double f; ++ struct ++ { ++ uint64_t low; ++ uint64_t high; ++ } u; ++ } ldouble; ++ ++ ldouble.f = in; ++ ++ return __isnanl (in) || (ldouble.u.low & 0x8000000000000000) == 0; ++#else ++ return __isnanl (in); ++#endif ++} ++ + + int + __printf_fp_l (FILE *fp, locale_t loc, +@@ -335,7 +357,7 @@ __printf_fp_l (FILE *fp, locale_t loc, + + /* Check for special values: not a number or infinity. */ + int res; +- if (__isnanl (fpnum.ldbl)) ++ if (isnanl_or_pseudo (fpnum.ldbl)) + { + is_neg = signbit (fpnum.ldbl); + if (isupper (info->spec)) +diff --git a/sysdeps/x86/Makefile b/sysdeps/x86/Makefile +index c26533245e8a8103..f1da941dbbadadb3 100644 +--- a/sysdeps/x86/Makefile ++++ b/sysdeps/x86/Makefile +@@ -18,3 +18,7 @@ sysdep-dl-routines += dl-get-cpu-features + tests += tst-get-cpu-features + tests-static += tst-get-cpu-features-static + endif ++ ++ifeq ($(subdir),math) ++tests += tst-ldbl-nonnormal-printf ++endif # $(subdir) == math +diff --git a/sysdeps/x86/tst-ldbl-nonnormal-printf.c b/sysdeps/x86/tst-ldbl-nonnormal-printf.c +new file mode 100644 +index 0000000000000000..e4e3e428747488b9 +--- /dev/null ++++ b/sysdeps/x86/tst-ldbl-nonnormal-printf.c +@@ -0,0 +1,49 @@ ++/* Test printf with x86-specific non-normal long double value. ++ Copyright (C) 2020-2021 Free Software Foundation, Inc. ++ ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++ ++/* Fill the stack with non-zero values. This makes a crash in ++ snprintf more likely. */ ++static void __attribute__ ((noinline, noclone)) ++fill_stack (void) ++{ ++ char buffer[65536]; ++ memset (buffer, 0xc0, sizeof (buffer)); ++ asm ("" ::: "memory"); ++} ++ ++static int ++do_test (void) ++{ ++ fill_stack (); ++ ++ long double value; ++ memcpy (&value, "\x00\x04\x00\x00\x00\x00\x00\x00\x00\x04", 10); ++ ++ char buf[30]; ++ int ret = snprintf (buf, sizeof (buf), "%Lg", value); ++ TEST_COMPARE (ret, strlen (buf)); ++ TEST_COMPARE_STRING (buf, "nan"); ++ return 0; ++} ++ ++#include diff --git a/SOURCES/glibc-rh1883162.patch b/SOURCES/glibc-rh1883162.patch new file mode 100644 index 0000000..d146a06 --- /dev/null +++ b/SOURCES/glibc-rh1883162.patch @@ -0,0 +1,28 @@ +Use stat64 to detect presence of file that alters IFUNC selection. +This avoids problems in NVMe drives where 32-bit stat would fail +because the device ID doesn't fit into teh truncated 16-bit dev_t. + +diff --git a/sysdeps/x86/cpu-features.h b/sysdeps/x86/cpu-features.h +index 4e2e6fabb39ab600..e3b8167ae0669f00 100644 +--- a/sysdeps/x86/cpu-features.h ++++ b/sysdeps/x86/cpu-features.h +@@ -184,11 +184,19 @@ + static bool __attribute__ ((unused)) + use_unaligned_strstr (void) + { ++# if defined __x86_64__ + struct stat unaligned_strstr_etc_sysconfig_file; ++# else ++ struct stat64 unaligned_strstr_etc_sysconfig_file; ++# endif + + /* TLS may not have been set up yet, so avoid using stat since it tries to + set errno. */ ++# if defined __x86_64__ + return INTERNAL_SYSCALL (stat, , 2, ++# else ++ return INTERNAL_SYSCALL (stat64, , 2, ++# endif + ENABLE_STRSTR_UNALIGNED_PATHNAME, + &unaligned_strstr_etc_sysconfig_file) == 0; + } diff --git a/SOURCES/glibc-rh1912543.patch b/SOURCES/glibc-rh1912543.patch new file mode 100644 index 0000000..44dd01f --- /dev/null +++ b/SOURCES/glibc-rh1912543.patch @@ -0,0 +1,131 @@ +commit ee7a3144c9922808181009b7b3e50e852fb4999b +Author: Andreas Schwab +Date: Mon Dec 21 08:56:43 2020 +0530 + + Fix buffer overrun in EUC-KR conversion module (bz #24973) + + The byte 0xfe as input to the EUC-KR conversion denotes a user-defined + area and is not allowed. The from_euc_kr function used to skip two bytes + when told to skip over the unknown designation, potentially running over + the buffer end. + +Conflicts: + iconvdata/Makefile + +Textual conflict in iconvdata/Makefile due to tests differences. + +diff --git a/iconvdata/Makefile b/iconvdata/Makefile +index 4ec2741cdc..85009f3390 100644 +--- a/iconvdata/Makefile ++++ b/iconvdata/Makefile +@@ -73,7 +73,7 @@ modules.so := $(addsuffix .so, $(modules)) + ifeq (yes,$(build-shared)) + tests = bug-iconv1 bug-iconv2 tst-loading tst-e2big tst-iconv4 bug-iconv4 \ + tst-iconv6 bug-iconv5 bug-iconv6 tst-iconv7 bug-iconv8 bug-iconv9 \ +- bug-iconv10 bug-iconv11 bug-iconv12 ++ bug-iconv10 bug-iconv11 bug-iconv12 bug-iconv13 + ifeq ($(have-thread-library),yes) + tests += bug-iconv3 + endif +diff --git a/iconvdata/bug-iconv13.c b/iconvdata/bug-iconv13.c +new file mode 100644 +index 0000000000..87aaff398e +--- /dev/null ++++ b/iconvdata/bug-iconv13.c +@@ -0,0 +1,53 @@ ++/* bug 24973: Test EUC-KR module ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ . */ ++ ++#include ++#include ++#include ++#include ++ ++static int ++do_test (void) ++{ ++ iconv_t cd = iconv_open ("UTF-8//IGNORE", "EUC-KR"); ++ TEST_VERIFY_EXIT (cd != (iconv_t) -1); ++ ++ /* 0xfe (->0x7e : row 94) and 0xc9 (->0x49 : row 41) are user-defined ++ areas, which are not allowed and should be skipped over due to ++ //IGNORE. The trailing 0xfe also is an incomplete sequence, which ++ should be checked first. */ ++ char input[4] = { '\xc9', '\xa1', '\0', '\xfe' }; ++ char *inptr = input; ++ size_t insize = sizeof (input); ++ char output[4]; ++ char *outptr = output; ++ size_t outsize = sizeof (output); ++ ++ /* This used to crash due to buffer overrun. */ ++ TEST_VERIFY (iconv (cd, &inptr, &insize, &outptr, &outsize) == (size_t) -1); ++ TEST_VERIFY (errno == EINVAL); ++ /* The conversion should produce one character, the converted null ++ character. */ ++ TEST_VERIFY (sizeof (output) - outsize == 1); ++ ++ TEST_VERIFY_EXIT (iconv_close (cd) != -1); ++ ++ return 0; ++} ++ ++#include +diff --git a/iconvdata/euc-kr.c b/iconvdata/euc-kr.c +index b0d56cf3ee..1045bae926 100644 +--- a/iconvdata/euc-kr.c ++++ b/iconvdata/euc-kr.c +@@ -80,11 +80,7 @@ euckr_from_ucs4 (uint32_t ch, unsigned char *cp) + \ + if (ch <= 0x9f) \ + ++inptr; \ +- /* 0xfe(->0x7e : row 94) and 0xc9(->0x59 : row 41) are \ +- user-defined areas. */ \ +- else if (__builtin_expect (ch == 0xa0, 0) \ +- || __builtin_expect (ch > 0xfe, 0) \ +- || __builtin_expect (ch == 0xc9, 0)) \ ++ else if (__glibc_unlikely (ch == 0xa0)) \ + { \ + /* This is illegal. */ \ + STANDARD_FROM_LOOP_ERR_HANDLER (1); \ +diff --git a/iconvdata/ksc5601.h b/iconvdata/ksc5601.h +index d3eb3a4ff8..f5cdc72797 100644 +--- a/iconvdata/ksc5601.h ++++ b/iconvdata/ksc5601.h +@@ -50,15 +50,15 @@ ksc5601_to_ucs4 (const unsigned char **s, size_t avail, unsigned char offset) + unsigned char ch2; + int idx; + ++ if (avail < 2) ++ return 0; ++ + /* row 94(0x7e) and row 41(0x49) are user-defined area in KS C 5601 */ + + if (ch < offset || (ch - offset) <= 0x20 || (ch - offset) >= 0x7e + || (ch - offset) == 0x49) + return __UNKNOWN_10646_CHAR; + +- if (avail < 2) +- return 0; +- + ch2 = (*s)[1]; + if (ch2 < offset || (ch2 - offset) <= 0x20 || (ch2 - offset) >= 0x7f) + return __UNKNOWN_10646_CHAR; +-- +2.29.2 + diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index 24c6272..25f68dd 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -1,6 +1,6 @@ %define glibcsrcdir glibc-2.17-c758a686 %define glibcversion 2.17 -%define glibcrelease 317%{?dist} +%define glibcrelease 322%{?dist} ############################################################################## # We support the following options: # --with/--without, @@ -249,11 +249,6 @@ Patch0068: glibc-rh1349982.patch # These changes were brought forward from RHEL 6 for compatibility Patch0069: glibc-rh1448107.patch - -# Armhfp build issue -Patch9998: glibc-armhfp-ELF_MACHINE_NO_REL-undefined.patch -Patch9999: glibc-rh1256317-armhfp-build-issue.patch - Patch1000: glibc-rh905877.patch Patch1001: glibc-rh958652.patch Patch1002: glibc-rh977870.patch @@ -1626,7 +1621,6 @@ Patch2837: glibc-rh1775599.patch Patch2838: glibc-rh1235112.patch Patch2839: glibc-rh1728915-1.patch Patch2840: glibc-rh1728915-2.patch -Patch2841: glibc-rh1772307.patch Patch2842: glibc-rh1747465-1.patch Patch2843: glibc-rh1747465-2.patch Patch2844: glibc-rh1747465-3.patch @@ -1639,6 +1633,11 @@ Patch2850: glibc-rh1775816.patch Patch2851: glibc-rh1763325.patch Patch2852: glibc-rh1406732-6.patch Patch2853: glibc-rh1834816.patch +Patch2854: glibc-rh1912543.patch +Patch2855: glibc-rh1869380.patch +Patch2856: glibc-rh1812119-1.patch +Patch2857: glibc-rh1812119-2.patch +Patch2858: glibc-rh1883162.patch ############################################################################## # End of glibc patches. @@ -2990,7 +2989,6 @@ package or when debugging this package. %patch2838 -p1 %patch2839 -p1 %patch2840 -p1 -%patch2841 -p1 %patch2842 -p1 %patch2843 -p1 %patch2844 -p1 @@ -3003,11 +3001,11 @@ package or when debugging this package. %patch2851 -p1 %patch2852 -p1 %patch2853 -p1 - -%ifarch %{arm} -%patch9998 -p1 -%patch9999 -p1 -%endif +%patch2854 -p1 +%patch2855 -p1 +%patch2856 -p1 +%patch2857 -p1 +%patch2858 -p1 ############################################################################## # %%prep - Additional prep required... @@ -4195,6 +4193,22 @@ rm -f *.filelist* %endif %changelog +* Wed Jan 06 2021 Carlos O'Donell - 2.17-322 +- Enable file-based IFUNC selection on NVMe devices (#1883162) + +* Wed Jan 06 2021 Carlos O'Donell - 2.17-321 +- CVE-2020-10029: Prevent stack corruption from crafted input in cosl, sinl, + sincosl, and tanl function. (#1812119) + +* Tue Jan 05 2021 Carlos O'Donell - 2.17-320 +- CVE-2020-29573: Harden printf family of functions (#1869380) + +* Tue Jan 05 2021 Carlos O'Donell - 2.17-319 +- Revert fix for #1772307 to improve Intel Xeon performance (#1889977) + +* Tue Jan 05 2021 Carlos O'Donell - 2.17-318 +- CVE-2019-25013: Fix EUC-KR conversion module defect (#1912543) + * Tue May 12 2020 Florian Weimer - 2.17-317 - Do not clobber errno in nss_compat (#1834816)