diff --git a/SOURCES/glibc-rh2089247-1.patch b/SOURCES/glibc-rh2089247-1.patch new file mode 100644 index 0000000..b3e05ef --- /dev/null +++ b/SOURCES/glibc-rh2089247-1.patch @@ -0,0 +1,47 @@ +commit e1df30fbc2e2167a982c0e77a7ebee28f4dd0800 +Author: Adhemerval Zanella +Date: Thu Jul 25 11:22:17 2019 -0300 + + Get new entropy on each attempt __gen_tempname (BZ #15813) + + This is missing bit for fully fix BZ#15813 (the other two were fixed + by 359653aaacad463). + + Checked on x86_64-linux-gnu. + + [BZ #15813] + sysdeps/posix/tempname.c (__gen_tempname): get entrypy on each + attempt. + +diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c +index 3d26f378021680ae..61d7a9f36d37abae 100644 +--- a/sysdeps/posix/tempname.c ++++ b/sysdeps/posix/tempname.c +@@ -186,7 +186,6 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) + { + int len; + char *XXXXXX; +- uint64_t value; + unsigned int count; + int fd = -1; + int save_errno = errno; +@@ -218,13 +217,13 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) + /* This is where the Xs start. */ + XXXXXX = &tmpl[len - 6 - suffixlen]; + +- /* Get some more or less random data. */ +- RANDOM_BITS (value); +- value ^= (uint64_t)__getpid () << 32; +- +- for (count = 0; count < attempts; value += 7777, ++count) ++ uint64_t pid = (uint64_t) __getpid () << 32; ++ for (count = 0; count < attempts; ++count) + { +- uint64_t v = value; ++ uint64_t v; ++ /* Get some more or less random data. */ ++ RANDOM_BITS (v); ++ v ^= pid; + + /* Fill in the random bits. */ + XXXXXX[0] = letters[v % 62]; diff --git a/SOURCES/glibc-rh2089247-2.patch b/SOURCES/glibc-rh2089247-2.patch new file mode 100644 index 0000000..84c6ac2 --- /dev/null +++ b/SOURCES/glibc-rh2089247-2.patch @@ -0,0 +1,87 @@ +commit 8eaf34eda256ba3647ed6e7ed5c7c9aa19955d17 +Author: Samuel Thibault +Date: Fri Dec 13 10:10:59 2019 +0100 + + hurd: Fix local PLT + + * include/sys/random.h (__getrandom): Add hidden prototype. + * stdlib/getrandom.c (getrandom): Rename to hidden definition __getrandom. + Add weak alias. + * sysdeps/mach/hurd/getrandom.c (getrandom): Likewise. + * sysdeps/unix/sysv/linux/getrandom.c (getrandom): Likewise. + * sysdeps/mach/hurd/getentropy.c (getentropy): Use __getrandom instead of + getrandom. + +Conflicts: + include/sys/random.h + (Missing backport of include/ consistency patch, + commit ebd32784ce2029d0461a90a79bc4e37f8d051765 upstream.) + sysdeps/mach/hurd/getentropy.c + (Hurd change has been dropped.) + sysdeps/unix/sysv/linux/dl-write.c + (Mismerge of sysdeps/mach/hurd/getrandom.c.) + +diff --git a/include/sys/random.h b/include/sys/random.h +new file mode 100644 +index 0000000000000000..6aa313d35dbdce8a +--- /dev/null ++++ b/include/sys/random.h +@@ -0,0 +1,11 @@ ++#ifndef _SYS_RANDOM_H ++#include ++ ++# ifndef _ISOMAC ++ ++extern ssize_t __getrandom (void *__buffer, size_t __length, ++ unsigned int __flags) __wur; ++libc_hidden_proto (__getrandom) ++ ++# endif /* !_ISOMAC */ ++#endif +diff --git a/stdlib/getrandom.c b/stdlib/getrandom.c +index 45234bea17c5c86c..f8056688e40a0215 100644 +--- a/stdlib/getrandom.c ++++ b/stdlib/getrandom.c +@@ -22,10 +22,12 @@ + /* Write up to LENGTH bytes of randomness starting at BUFFER. + Return the number of bytes written, or -1 on error. */ + ssize_t +-getrandom (void *buffer, size_t length, unsigned int flags) ++__getrandom (void *buffer, size_t length, unsigned int flags) + { + __set_errno (ENOSYS); + return -1; + } +- + stub_warning (getrandom) ++ ++libc_hidden_def (__getrandom) ++weak_alias (__getrandom, getrandom) +diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c +index 435b037399665654..e34d7fdcd89d9b06 100644 +--- a/sysdeps/unix/sysv/linux/getrandom.c ++++ b/sysdeps/unix/sysv/linux/getrandom.c +@@ -25,7 +25,7 @@ + /* Write up to LENGTH bytes of randomness starting at BUFFER. + Return the number of bytes written, or -1 on error. */ + ssize_t +-getrandom (void *buffer, size_t length, unsigned int flags) ++__getrandom (void *buffer, size_t length, unsigned int flags) + { + return SYSCALL_CANCEL (getrandom, buffer, length, flags); + } +@@ -33,7 +33,7 @@ getrandom (void *buffer, size_t length, unsigned int flags) + /* Always provide a definition, even if the kernel headers lack the + system call number. */ + ssize_t +-getrandom (void *buffer, size_t length, unsigned int flags) ++__getrandom (void *buffer, size_t length, unsigned int flags) + { + /* Ideally, we would add a cancellation point here, but we currently + cannot do so inside libc. */ +@@ -41,3 +41,5 @@ getrandom (void *buffer, size_t length, unsigned int flags) + return -1; + } + #endif ++libc_hidden_def (__getrandom) ++weak_alias (__getrandom, getrandom) diff --git a/SOURCES/glibc-rh2089247-3.patch b/SOURCES/glibc-rh2089247-3.patch new file mode 100644 index 0000000..b7f72e6 --- /dev/null +++ b/SOURCES/glibc-rh2089247-3.patch @@ -0,0 +1,67 @@ +Partial backport of: + +commit 04986243d1af37ac0177ed2f9db0a066ebd2b212 +Author: Adhemerval Zanella +Date: Wed Jul 15 19:35:58 2020 +0000 + + Remove internal usage of extensible stat functions + + It replaces the internal usage of __{f,l}xstat{at}{64} with the + __{f,l}stat{at}{64}. It should not change the generate code since + sys/stat.h explicit defines redirections to internal calls back to + xstat* symbols. + + Checked with a build for all affected ABIs. I also check on + x86_64-linux-gnu and i686-linux-gnu. + + Reviewed-by: Lukasz Majewski + +Only the changes to include/sys/stat.h and sysdeps/posix/tempname.c +are included here. + +diff --git a/include/sys/stat.h b/include/sys/stat.h +index b82d4527801d4797..c5b1938b87c9c5c3 100644 +--- a/include/sys/stat.h ++++ b/include/sys/stat.h +@@ -52,6 +52,7 @@ extern __typeof (__fxstatat64) __fxstatat64 attribute_hidden; + #define lstat64(fname, buf) __lxstat64 (_STAT_VER, fname, buf) + #define __lstat64(fname, buf) __lxstat64 (_STAT_VER, fname, buf) + #define stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf) ++#define __stat64(fname, buf) __xstat64 (_STAT_VER, fname, buf) + #define fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf) + #define __fstat64(fd, buf) __fxstat64 (_STAT_VER, fd, buf) + #define fstat(fd, buf) __fxstat (_STAT_VER, fd, buf) +diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c +index 61d7a9f36d37abae..a7b404cf4410cb00 100644 +--- a/sysdeps/posix/tempname.c ++++ b/sysdeps/posix/tempname.c +@@ -66,7 +66,6 @@ + # define __gettimeofday gettimeofday + # define __mkdir mkdir + # define __open open +-# define __lxstat64(version, file, buf) lstat (file, buf) + # define __secure_getenv secure_getenv + #endif + +@@ -97,7 +96,7 @@ static int + direxists (const char *dir) + { + struct_stat64 buf; +- return __xstat64 (_STAT_VER, dir, &buf) == 0 && S_ISDIR (buf.st_mode); ++ return __stat64 (dir, &buf) == 0 && S_ISDIR (buf.st_mode); + } + + /* Path search algorithm, for tmpnam, tmpfile, etc. If DIR is +@@ -252,10 +251,10 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) + + case __GT_NOCREATE: + /* This case is backward from the other three. __gen_tempname +- succeeds if __xstat fails because the name does not exist. ++ succeeds if lstat fails because the name does not exist. + Note the continue to bypass the common logic at the bottom + of the loop. */ +- if (__lxstat64 (_STAT_VER, tmpl, &st) < 0) ++ if (__lstat64 (tmpl, &st) < 0) + { + if (errno == ENOENT) + { diff --git a/SOURCES/glibc-rh2089247-4.patch b/SOURCES/glibc-rh2089247-4.patch new file mode 100644 index 0000000..878739a --- /dev/null +++ b/SOURCES/glibc-rh2089247-4.patch @@ -0,0 +1,440 @@ +commit 4dddd7e9cbecad4aa03ee5a9b9edb596e3d4e909 +Author: Adhemerval Zanella +Date: Tue Sep 29 08:56:07 2020 -0300 + + posix: Sync tempname with gnulib [BZ #26648] + + It syncs with gnulib commit b1268f22f443e8e4b9e. The try_tempname_len + now uses getrandom on each iteration to get entropy and only uses the + clock plus ASLR as source of entropy if getrandom fails. + + Checked on x86_64-linux-gnu and i686-linux-gnu. + +Conflicts: + sysdeps/posix/tempname.c + (Missing tree-wide __gettimeofday to clock_gettime change, + commit 4a39c34c4f85de57fb4e648cfa1e774437d69680 upstream. + File was rebased to the upstream version.) + +diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c +index a7b404cf4410cb00..f199b25a7a227751 100644 +--- a/sysdeps/posix/tempname.c ++++ b/sysdeps/posix/tempname.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 1991-2018 Free Software Foundation, Inc. ++/* Copyright (C) 1991-2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -13,10 +13,10 @@ + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see +- . */ ++ . */ + + #if !_LIBC +-# include ++# include + # include "tempname.h" + #endif + +@@ -24,9 +24,6 @@ + #include + + #include +-#ifndef __set_errno +-# define __set_errno(Val) errno = (Val) +-#endif + + #include + #ifndef P_tmpdir +@@ -36,12 +33,12 @@ + # define TMP_MAX 238328 + #endif + #ifndef __GT_FILE +-# define __GT_FILE 0 +-# define __GT_DIR 1 +-# define __GT_NOCREATE 2 ++# define __GT_FILE 0 ++# define __GT_DIR 1 ++# define __GT_NOCREATE 2 + #endif +-#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR \ +- || GT_NOCREATE != __GT_NOCREATE) ++#if !_LIBC && (GT_FILE != __GT_FILE || GT_DIR != __GT_DIR \ ++ || GT_NOCREATE != __GT_NOCREATE) + # error report this to bug-gnulib@gnu.org + #endif + +@@ -50,11 +47,11 @@ + #include + + #include +-#include ++#include + #include +-#include +- ++#include + #include ++#include + + #if _LIBC + # define struct_stat64 struct stat64 +@@ -62,33 +59,38 @@ + #else + # define struct_stat64 struct stat + # define __gen_tempname gen_tempname +-# define __getpid getpid +-# define __gettimeofday gettimeofday + # define __mkdir mkdir + # define __open open +-# define __secure_getenv secure_getenv ++# define __lstat64(file, buf) lstat (file, buf) ++# define __stat64(file, buf) stat (file, buf) ++# define __getrandom getrandom ++# define __clock_gettime64 clock_gettime ++# define __timespec64 timespec + #endif + +-#ifdef _LIBC +-# include +-# define RANDOM_BITS(Var) ((Var) = random_bits ()) +-# else +-# define RANDOM_BITS(Var) \ +- { \ +- struct timeval tv; \ +- __gettimeofday (&tv, NULL); \ +- (Var) = ((uint64_t) tv.tv_usec << 16) ^ tv.tv_sec; \ +- } +-#endif ++/* Use getrandom if it works, falling back on a 64-bit linear ++ congruential generator that starts with Var's value ++ mixed in with a clock's low-order bits if available. */ ++typedef uint_fast64_t random_value; ++#define RANDOM_VALUE_MAX UINT_FAST64_MAX ++#define BASE_62_DIGITS 10 /* 62**10 < UINT_FAST64_MAX */ ++#define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) + +-/* Use the widest available unsigned type if uint64_t is not +- available. The algorithm below extracts a number less than 62**6 +- (approximately 2**35.725) from uint64_t, so ancient hosts where +- uintmax_t is only 32 bits lose about 3.725 bits of randomness, +- which is better than not having mkstemp at all. */ +-#if !defined UINT64_MAX && !defined uint64_t +-# define uint64_t uintmax_t ++static random_value ++random_bits (random_value var) ++{ ++ random_value r; ++ /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ ++ if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) ++ return r; ++#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) ++ /* Add entropy if getrandom did not work. */ ++ struct __timespec64 tv; ++ __clock_gettime64 (CLOCK_MONOTONIC, &tv); ++ var ^= tv.tv_nsec; + #endif ++ return 2862933555777941757 * var + 3037000493; ++} + + #if _LIBC + /* Return nonzero if DIR is an existent directory. */ +@@ -107,7 +109,7 @@ direxists (const char *dir) + enough space in TMPL. */ + int + __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx, +- int try_tmpdir) ++ int try_tmpdir) + { + const char *d; + size_t dlen, plen; +@@ -121,35 +123,35 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx, + { + plen = strlen (pfx); + if (plen > 5) +- plen = 5; ++ plen = 5; + } + + if (try_tmpdir) + { + d = __secure_getenv ("TMPDIR"); + if (d != NULL && direxists (d)) +- dir = d; ++ dir = d; + else if (dir != NULL && direxists (dir)) +- /* nothing */ ; ++ /* nothing */ ; + else +- dir = NULL; ++ dir = NULL; + } + if (dir == NULL) + { + if (direxists (P_tmpdir)) +- dir = P_tmpdir; ++ dir = P_tmpdir; + else if (strcmp (P_tmpdir, "/tmp") != 0 && direxists ("/tmp")) +- dir = "/tmp"; ++ dir = "/tmp"; + else +- { +- __set_errno (ENOENT); +- return -1; +- } ++ { ++ __set_errno (ENOENT); ++ return -1; ++ } + } + + dlen = strlen (dir); + while (dlen > 1 && dir[dlen - 1] == '/') +- dlen--; /* remove trailing slashes */ ++ dlen--; /* remove trailing slashes */ + + /* check we have room for "${dir}/${pfx}XXXXXX\0" */ + if (tmpl_len < dlen + 1 + plen + 6 + 1) +@@ -163,39 +165,91 @@ __path_search (char *tmpl, size_t tmpl_len, const char *dir, const char *pfx, + } + #endif /* _LIBC */ + ++#if _LIBC ++static int try_tempname_len (char *, int, void *, int (*) (char *, void *), ++ size_t); ++#endif ++ ++static int ++try_file (char *tmpl, void *flags) ++{ ++ int *openflags = flags; ++ return __open (tmpl, ++ (*openflags & ~O_ACCMODE) ++ | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); ++} ++ ++static int ++try_dir (char *tmpl, void *flags _GL_UNUSED) ++{ ++ return __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR); ++} ++ ++static int ++try_nocreate (char *tmpl, void *flags _GL_UNUSED) ++{ ++ struct_stat64 st; ++ ++ if (__lstat64 (tmpl, &st) == 0 || errno == EOVERFLOW) ++ __set_errno (EEXIST); ++ return errno == ENOENT ? 0 : -1; ++} ++ + /* These are the characters used in temporary file names. */ + static const char letters[] = + "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; + + /* Generate a temporary file name based on TMPL. TMPL must match the +- rules for mk[s]temp (i.e. end in "XXXXXX", possibly with a suffix). ++ rules for mk[s]temp (i.e., end in at least X_SUFFIX_LEN "X"s, ++ possibly with a suffix). + The name constructed does not exist at the time of the call to +- __gen_tempname. TMPL is overwritten with the result. ++ this function. TMPL is overwritten with the result. + + KIND may be one of: +- __GT_NOCREATE: simply verify that the name does not exist +- at the time of the call. +- __GT_FILE: create the file using open(O_CREAT|O_EXCL) +- and return a read-write fd. The file is mode 0600. +- __GT_DIR: create a directory, which will be mode 0700. ++ __GT_NOCREATE: simply verify that the name does not exist ++ at the time of the call. ++ __GT_FILE: create the file using open(O_CREAT|O_EXCL) ++ and return a read-write fd. The file is mode 0600. ++ __GT_DIR: create a directory, which will be mode 0700. + + We use a clever algorithm to get hard-to-predict names. */ ++#ifdef _LIBC ++static ++#endif + int +-__gen_tempname (char *tmpl, int suffixlen, int flags, int kind) ++gen_tempname_len (char *tmpl, int suffixlen, int flags, int kind, ++ size_t x_suffix_len) + { +- int len; ++ static int (*const tryfunc[]) (char *, void *) = ++ { ++ [__GT_FILE] = try_file, ++ [__GT_DIR] = try_dir, ++ [__GT_NOCREATE] = try_nocreate ++ }; ++ return try_tempname_len (tmpl, suffixlen, &flags, tryfunc[kind], ++ x_suffix_len); ++} ++ ++#ifdef _LIBC ++static ++#endif ++int ++try_tempname_len (char *tmpl, int suffixlen, void *args, ++ int (*tryfunc) (char *, void *), size_t x_suffix_len) ++{ ++ size_t len; + char *XXXXXX; + unsigned int count; + int fd = -1; + int save_errno = errno; +- struct_stat64 st; + + /* A lower bound on the number of temporary files to attempt to + generate. The maximum total number of temporary file names that + can exist for a given template is 62**6. It should never be + necessary to try all of these combinations. Instead if a reasonable + number of names is tried (we define reasonable as 62**3) fail to +- give the system administrator the chance to remove the problems. */ ++ give the system administrator the chance to remove the problems. ++ This value requires that X_SUFFIX_LEN be at least 3. */ + #define ATTEMPTS_MIN (62 * 62 * 62) + + /* The number of times to attempt to generate a temporary file. To +@@ -206,82 +260,75 @@ __gen_tempname (char *tmpl, int suffixlen, int flags, int kind) + unsigned int attempts = ATTEMPTS_MIN; + #endif + ++ /* A random variable. The initial value is used only the for fallback path ++ on 'random_bits' on 'getrandom' failure. Its initial value tries to use ++ some entropy from the ASLR and ignore possible bits from the stack ++ alignment. */ ++ random_value v = ((uintptr_t) &v) / alignof (max_align_t); ++ ++ /* How many random base-62 digits can currently be extracted from V. */ ++ int vdigits = 0; ++ ++ /* Least unfair value for V. If V is less than this, V can generate ++ BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ ++ random_value const unfair_min ++ = RANDOM_VALUE_MAX - RANDOM_VALUE_MAX % BASE_62_POWER; ++ + len = strlen (tmpl); +- if (len < 6 + suffixlen || memcmp (&tmpl[len - 6 - suffixlen], "XXXXXX", 6)) ++ if (len < x_suffix_len + suffixlen ++ || strspn (&tmpl[len - x_suffix_len - suffixlen], "X") < x_suffix_len) + { + __set_errno (EINVAL); + return -1; + } + + /* This is where the Xs start. */ +- XXXXXX = &tmpl[len - 6 - suffixlen]; ++ XXXXXX = &tmpl[len - x_suffix_len - suffixlen]; + +- uint64_t pid = (uint64_t) __getpid () << 32; + for (count = 0; count < attempts; ++count) + { +- uint64_t v; +- /* Get some more or less random data. */ +- RANDOM_BITS (v); +- v ^= pid; +- +- /* Fill in the random bits. */ +- XXXXXX[0] = letters[v % 62]; +- v /= 62; +- XXXXXX[1] = letters[v % 62]; +- v /= 62; +- XXXXXX[2] = letters[v % 62]; +- v /= 62; +- XXXXXX[3] = letters[v % 62]; +- v /= 62; +- XXXXXX[4] = letters[v % 62]; +- v /= 62; +- XXXXXX[5] = letters[v % 62]; +- +- switch (kind) +- { +- case __GT_FILE: +- fd = __open (tmpl, +- (flags & ~O_ACCMODE) +- | O_RDWR | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); +- break; +- +- case __GT_DIR: +- fd = __mkdir (tmpl, S_IRUSR | S_IWUSR | S_IXUSR); +- break; +- +- case __GT_NOCREATE: +- /* This case is backward from the other three. __gen_tempname +- succeeds if lstat fails because the name does not exist. +- Note the continue to bypass the common logic at the bottom +- of the loop. */ +- if (__lstat64 (tmpl, &st) < 0) +- { +- if (errno == ENOENT) +- { +- __set_errno (save_errno); +- return 0; +- } +- else +- /* Give up now. */ +- return -1; +- } +- continue; +- +- default: +- assert (! "invalid KIND in __gen_tempname"); +- abort (); +- } +- ++ for (size_t i = 0; i < x_suffix_len; i++) ++ { ++ if (vdigits == 0) ++ { ++ do ++ v = random_bits (v); ++ while (unfair_min <= v); ++ ++ vdigits = BASE_62_DIGITS; ++ } ++ ++ XXXXXX[i] = letters[v % 62]; ++ v /= 62; ++ vdigits--; ++ } ++ ++ fd = tryfunc (tmpl, args); + if (fd >= 0) +- { +- __set_errno (save_errno); +- return fd; +- } ++ { ++ __set_errno (save_errno); ++ return fd; ++ } + else if (errno != EEXIST) +- return -1; ++ return -1; + } + + /* We got out of the loop because we ran out of combinations to try. */ + __set_errno (EEXIST); + return -1; + } ++ ++int ++__gen_tempname (char *tmpl, int suffixlen, int flags, int kind) ++{ ++ return gen_tempname_len (tmpl, suffixlen, flags, kind, 6); ++} ++ ++#if !_LIBC ++int ++try_tempname (char *tmpl, int suffixlen, void *args, ++ int (*tryfunc) (char *, void *)) ++{ ++ return try_tempname_len (tmpl, suffixlen, args, tryfunc, 6); ++} ++#endif diff --git a/SOURCES/glibc-rh2089247-5.patch b/SOURCES/glibc-rh2089247-5.patch new file mode 100644 index 0000000..ba26b89 --- /dev/null +++ b/SOURCES/glibc-rh2089247-5.patch @@ -0,0 +1,17 @@ +Downstream-only patch to use non-time64 identifiers in +sysdeps/posix/tempname.c. Upstream has switched to the time64 +symbols. + +diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c +index f199b25a7a227751..fcab9b26364021e4 100644 +--- a/sysdeps/posix/tempname.c ++++ b/sysdeps/posix/tempname.c +@@ -56,6 +56,8 @@ + #if _LIBC + # define struct_stat64 struct stat64 + # define __secure_getenv __libc_secure_getenv ++# define __clock_gettime64 __clock_gettime ++# define __timespec64 timespec + #else + # define struct_stat64 struct stat + # define __gen_tempname gen_tempname diff --git a/SOURCES/glibc-rh2089247-6.patch b/SOURCES/glibc-rh2089247-6.patch new file mode 100644 index 0000000..713b457 --- /dev/null +++ b/SOURCES/glibc-rh2089247-6.patch @@ -0,0 +1,66 @@ +commit f430293d842031f2afc3013f156e1018065e480e +Author: Adhemerval Zanella +Date: Tue Jan 12 09:17:09 2021 -0300 + + posix: consume less entropy on tempname + + The first getrandom is used only for __GT_NOCREATE, which is inherently + insecure and can use the entropy as a small improvement. On the + second and later attempts it might help against DoS attacks. + + It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2. + + Checked on x86_64-linux-gnu. + +diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c +index fcab9b26364021e4..3435c4bf75a01f42 100644 +--- a/sysdeps/posix/tempname.c ++++ b/sysdeps/posix/tempname.c +@@ -22,6 +22,7 @@ + + #include + #include ++#include + + #include + +@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value; + #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62) + + static random_value +-random_bits (random_value var) ++random_bits (random_value var, bool use_getrandom) + { + random_value r; + /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */ +- if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) ++ if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r) + return r; + #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME) + /* Add entropy if getrandom did not work. */ +@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, + /* How many random base-62 digits can currently be extracted from V. */ + int vdigits = 0; + ++ /* Whether to consume entropy when acquiring random bits. On the ++ first try it's worth the entropy cost with __GT_NOCREATE, which ++ is inherently insecure and can use the entropy to make it a bit ++ less secure. On the (rare) second and later attempts it might ++ help against DoS attacks. */ ++ bool use_getrandom = tryfunc == try_nocreate; ++ + /* Least unfair value for V. If V is less than this, V can generate + BASE_62_DIGITS digits fairly. Otherwise it might be biased. */ + random_value const unfair_min +@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args, + if (vdigits == 0) + { + do +- v = random_bits (v); ++ { ++ v = random_bits (v, use_getrandom); ++ use_getrandom = true; ++ } + while (unfair_min <= v); + + vdigits = BASE_62_DIGITS; diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec index 1355462..fd6321d 100644 --- a/SPECS/glibc.spec +++ b/SPECS/glibc.spec @@ -1,6 +1,6 @@ %define glibcsrcdir glibc-2.28 %define glibcversion 2.28 -%define glibcrelease 203%{?dist} +%define glibcrelease 204%{?dist} # Pre-release tarballs are pulled in from git using a command that is # effectively: # @@ -897,6 +897,12 @@ Patch702: glibc-rh1982608.patch Patch703: glibc-rh1961109.patch Patch704: glibc-rh2086853.patch Patch705: glibc-rh2077835.patch +Patch706: glibc-rh2089247-1.patch +Patch707: glibc-rh2089247-2.patch +Patch708: glibc-rh2089247-3.patch +Patch709: glibc-rh2089247-4.patch +Patch710: glibc-rh2089247-5.patch +Patch711: glibc-rh2089247-6.patch ############################################################################## # Continued list of core "glibc" package information: @@ -2727,6 +2733,9 @@ fi %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared %changelog +* Mon May 23 2022 Florian Weimer - 2.28-204 +- Increase tempnam randomness (#2089247) + * Tue May 17 2022 Patsy Griffin - 2.28-203 - 390x: Add support for IBM z16. (#2077835)