about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/glibc
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2021-01-10 07:13:44 +0000
committerAlyssa Ross <hi@alyssa.is>2021-01-12 14:07:16 +0000
commite2698550456abba83c6dcd5d5e5a9990a0b96f8a (patch)
tree79a56f0df3fa55e470d84b4dff6059fbf487ec18 /nixpkgs/pkgs/development/libraries/glibc
parent1cdc42df888dc98c347e03bd942ed9825a55bcb3 (diff)
parent84d74ae9c9cbed73274b8e4e00be14688ffc93fe (diff)
downloadnixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.gz
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.bz2
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.lz
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.xz
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.tar.zst
nixlib-e2698550456abba83c6dcd5d5e5a9990a0b96f8a.zip
Merge commit '84d74ae9c9cbed73274b8e4e00be14688ffc93fe'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/glibc')
-rw-r--r--nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch18
-rw-r--r--nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch79
-rw-r--r--nixpkgs/pkgs/development/libraries/glibc/common.nix6
3 files changed, 82 insertions, 21 deletions
diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch b/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch
deleted file mode 100644
index 2c558f53b735..000000000000
--- a/nixpkgs/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Adapted from https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=4d5cfeb510125345cb41431afc9022492994cffa, omitting changes to NEWS
-diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
-index 1943691..ac694c0 100644
---- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
-+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
-@@ -31,7 +31,8 @@
-    environment variable, LD_PREFER_MAP_32BIT_EXEC.  */
- #define EXTRA_LD_ENVVARS \
-   case 21:								  \
--    if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
-+    if (!__libc_enable_secure						  \
-+	&& memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0)		  \
-       GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
- 	|= bit_arch_Prefer_MAP_32BIT_EXEC;				  \
-     break;
--- 
-2.9.3
-
diff --git a/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch b/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch
new file mode 100644
index 000000000000..8334398e8912
--- /dev/null
+++ b/nixpkgs/pkgs/development/libraries/glibc/2.31-cve-2020-10029.patch
@@ -0,0 +1,79 @@
+diff --git a/sysdeps/ieee754/ldbl-96/Makefile b/sysdeps/ieee754/ldbl-96/Makefile
+index 995e90d6da..318628aed6 100644
+--- a/sysdeps/ieee754/ldbl-96/Makefile
++++ b/sysdeps/ieee754/ldbl-96/Makefile
+@@ -17,5 +17,6 @@
+ # <https://www.gnu.org/licenses/>.
+ 
+ ifeq ($(subdir),math)
+-tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96
++tests += test-canonical-ldbl-96 test-totalorderl-ldbl-96 test-sinl-pseudo
++CFLAGS-test-sinl-pseudo.c += -fstack-protector-all
+ endif
+diff --git a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+index 5f742321ae..bcdf20179f 100644
+--- a/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
++++ b/sysdeps/ieee754/ldbl-96/e_rem_pio2l.c
+@@ -210,6 +210,18 @@ __ieee754_rem_pio2l (long double x, long double *y)
+       return 0;
+     }
+ 
++  if ((i0 & 0x80000000) == 0)
++    {
++      /* Pseudo-zero and unnormal representations are not valid
++	 representations of long double.  We need to avoid stack
++	 corruption in __kernel_rem_pio2, which expects input in a
++	 particular normal form, but those representations do not need
++	 to be consistently handled like any particular floating-point
++	 value.  */
++      y[1] = y[0] = __builtin_nanl ("");
++      return 0;
++    }
++
+   /* Split the 64 bits of the mantissa into three 24-bit integers
+      stored in a double array.  */
+   exp = j0 - 23;
+--- /dev/null
++++ b/sysdeps/ieee754/ldbl-96/test-sinl-pseudo.c
+@@ -0,0 +1,41 @@
++/* Test sinl for pseudo-zeros and unnormals for ldbl-96 (bug 25487).
++   Copyright (C) 2020 Free Software Foundation, Inc.
++   This file is part of the GNU C Library.
++
++   The GNU C Library is free software; you can redistribute it and/or
++   modify it under the terms of the GNU Lesser General Public
++   License as published by the Free Software Foundation; either
++   version 2.1 of the License, or (at your option) any later version.
++
++   The GNU C Library is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   Lesser General Public License for more details.
++
++   You should have received a copy of the GNU Lesser General Public
++   License along with the GNU C Library; if not, see
++   <https://www.gnu.org/licenses/>.  */
++
++#include <math.h>
++#include <math_ldbl.h>
++#include <stdint.h>
++
++static int
++do_test (void)
++{
++  for (int i = 0; i < 64; i++)
++    {
++      uint64_t sig = i == 63 ? 0 : 1ULL << i;
++      long double ld;
++      SET_LDOUBLE_WORDS (ld, 0x4141,
++			 sig >> 32, sig & 0xffffffffULL);
++      /* The requirement is that no stack overflow occurs when the
++	 pseudo-zero or unnormal goes through range reduction.  */
++      volatile long double ldr;
++      ldr = sinl (ld);
++      (void) ldr;
++    }
++  return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/nixpkgs/pkgs/development/libraries/glibc/common.nix b/nixpkgs/pkgs/development/libraries/glibc/common.nix
index 85856fc366d9..0b2f34c7b765 100644
--- a/nixpkgs/pkgs/development/libraries/glibc/common.nix
+++ b/nixpkgs/pkgs/development/libraries/glibc/common.nix
@@ -41,9 +41,9 @@
 } @ args:
 
 let
-  version = "2.30";
+  version = "2.31";
   patchSuffix = "";
-  sha256 = "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72";
+  sha256 = "05zxkyz9bv3j9h0xyid1rhvh3klhsmrpkf3bcs6frvlgyr2gwilj";
 in
 
 assert withLinuxHeaders -> linuxHeaders != null;
@@ -113,8 +113,8 @@ stdenv.mkDerivation ({
       })
 
       ./fix-x64-abi.patch
-      ./2.27-CVE-2019-19126.patch
       ./2.30-cve-2020-1752.patch
+      ./2.31-cve-2020-10029.patch
     ]
     ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
     ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;