diff options
author | Alyssa Ross <hi@alyssa.is> | 2021-01-10 07:13:44 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2021-01-12 14:07:16 +0000 |
commit | e2698550456abba83c6dcd5d5e5a9990a0b96f8a (patch) | |
tree | 79a56f0df3fa55e470d84b4dff6059fbf487ec18 /nixpkgs/pkgs/development/libraries/glibc | |
parent | 1cdc42df888dc98c347e03bd942ed9825a55bcb3 (diff) | |
parent | 84d74ae9c9cbed73274b8e4e00be14688ffc93fe (diff) | |
download | nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.gz nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.bz2 nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.lz nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.xz nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.zst nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.zip |
Merge commit '84d74ae9c9cbed73274b8e4e00be14688ffc93fe'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/glibc')
3 files changed, 82 insertions, 21 deletions
diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch b/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch deleted file mode 100644 index 2c558f53b735..000000000000 --- a/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch +++ /dev/null @@ -1,18 +0,0 @@ -Adapted from https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=4d5cfeb510125345cb41431afc9022492994cffa, omitting changes to NEWS -diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -index 1943691..ac694c0 100644 ---- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h -@@ -31,7 +31,8 @@ - environment variable, LD_PREFER_MAP_32BIT_EXEC. */ - #define EXTRA_LD_ENVVARS \ - case 21: \ -- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ -+ if (!__libc_enable_secure \ -+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ - GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ - |= bit_arch_Prefer_MAP_32BIT_EXEC; \ - break; --- -2.9.3 - diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch b/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch new file mode 100644 index 000000000000..8334398e8912 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch @@ -0,0 +1,79 @@ +diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile +index 995e90d6da..318628aed6 100644 +--- a/sysdeps/ieee754/ldbl-96/Makefile ++++ b/sysdeps/ieee754/ldbl-96/Makefile +@@ -17,5 +17,6 @@ + # <https://www.gnu.org/licenses/>. + + ifeq ($(subdir),math) +-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 ++tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo ++CFLAGS-test-sinl-pseudo.c += -fstack-protector-all + endif +diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c +index 5f742321ae..bcdf20179f 100644 +--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c ++++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c +@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y) + return 0; + } + ++ if ((i0 & 0x80000000) == 0) ++ { ++ /* Pseudo-zero and unnormal representations are not valid ++ representations of long double. We need to avoid stack ++ corruption in __kernel_rem_pio2, which expects input in a ++ particular normal form, but those representations do not need ++ to be consistently handled like any particular floating-point ++ value. */ ++ y[1] = y[0] = __builtin_nanl (""); ++ return 0; ++ } ++ + /* Split the 64 bits of the mantissa into three 24-bit integers + stored in a double array. */ + exp = j0 - 23; +--- /dev/null ++++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c +@@ -0,0 +1,41 @@ ++/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487). ++ Copyright (C) 2020 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with the GNU C Library; if not, see ++ <https://www.gnu.org/licenses/>. */ ++ ++#include <math.h> ++#include <math_ldbl.h> ++#include <stdint.h> ++ ++static int ++do_test (void) ++{ ++ for (int i = 0; i < 64; i++) ++ { ++ uint64_t sig = i == 63 ? 0 : 1ULL << i; ++ long double ld; ++ SET_LDOUBLE_WORDS (ld, 0x4141, ++ sig >> 32, sig & 0xffffffffULL); ++ /* The requirement is that no stack overflow occurs when the ++ pseudo-zero or unnormal goes through range reduction. */ ++ volatile long double ldr; ++ ldr = sinl (ld); ++ (void) ldr; ++ } ++ return 0; ++} ++ ++#include <support/test-driver.c> diff --git a/nixpkgs/pkgs/development/libraries/glibc/common.nix b/nixpkgs/pkgs/development/libraries/glibc/common.nix index 85856fc366d9..0b2f34c7b765 100644 --- a/nixpkgs/pkgs/development/libraries/glibc/common.nix +++ b/nixpkgs/pkgs/development/libraries/glibc/common.nix @@ -41,9 +41,9 @@ } @ args: let - version = "2.30"; + version = "2.31"; patchSuffix = ""; - sha256 = "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"; + sha256 = "05zxkyz9bv3j9h0xyid1rhvh3klhsmrpkf3bcs6frvlgyr2gwilj"; in assert withLinuxHeaders -> linuxHeaders != null; @@ -113,8 +113,8 @@ stdenv.mkDerivation ({ }) ./fix-x64-abi.patch - ./2.27-CVE-2019-19126.patch ./2.30-cve-2020-1752.patch + ./2.31-cve-2020-10029.patch ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch; |