From a092cd820b7e942d74d2745b358acd472af38b59 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 3 Aug 2014 20:04:37 -0400 Subject: gnu: coreutils: Update to 8.23. * gnu/packages/patches/coreutils-skip-nohup.patch: Remove. * gnu-system.am (dist_patch_DATA): Remove coreutils-skip-nohup.patch. * gnu/packages/patches/coreutils-dummy-man.patch: Adapt for 8.23. * gnu/packages/base.scm (coreutils): Update to 8.23. --- gnu-system.am | 1 - 1 file changed, 1 deletion(-) (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 6e1e8afec0..3f1c3c6ee5 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -288,7 +288,6 @@ dist_patch_DATA = \ gnu/packages/patches/clucene-pkgconfig.patch \ gnu/packages/patches/cmake-fix-tests.patch \ gnu/packages/patches/coreutils-dummy-man.patch \ - gnu/packages/patches/coreutils-skip-nohup.patch \ gnu/packages/patches/cpio-gets-undeclared.patch \ gnu/packages/patches/cssc-gets-undeclared.patch \ gnu/packages/patches/cssc-missing-include.patch \ -- cgit v1.3 From 785c33e3af9107118e57ba9efb39152f1b467a6f Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Wed, 20 Aug 2014 01:43:05 -0400 Subject: gnu: libffi: Update to 3.1. * gnu/packages/patches/libffi-mips-n32-fix.patch: Remove. * gnu-system.am (dist_patch_DATA): Remove it. * gnu/packages/libffi.scm (libffi): Update to 3.1. Remove patch. --- gnu-system.am | 1 - gnu/packages/libffi.scm | 7 +++---- gnu/packages/patches/libffi-mips-n32-fix.patch | 21 --------------------- 3 files changed, 3 insertions(+), 26 deletions(-) delete mode 100644 gnu/packages/patches/libffi-mips-n32-fix.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 3f1c3c6ee5..3da1c75b97 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -328,7 +328,6 @@ dist_patch_DATA = \ gnu/packages/patches/kmod-module-directory.patch \ gnu/packages/patches/libbonobo-activation-test-race.patch \ gnu/packages/patches/libevent-dns-tests.patch \ - gnu/packages/patches/libffi-mips-n32-fix.patch \ gnu/packages/patches/liboop-mips64-deplibs-fix.patch \ gnu/packages/patches/libmad-mips-newgcc.patch \ gnu/packages/patches/libtheora-config-guess.patch \ diff --git a/gnu/packages/libffi.scm b/gnu/packages/libffi.scm index c5e265087e..33e10d6fc2 100644 --- a/gnu/packages/libffi.scm +++ b/gnu/packages/libffi.scm @@ -29,11 +29,11 @@ ;; available in $includedir where some users expect them. '(lambda* (#:key outputs #:allow-other-keys) (define out (assoc-ref outputs "out")) - (symlink (string-append out "/lib/libffi-3.0.13/include") + (symlink (string-append out "/lib/libffi-3.1/include") (string-append out "/include"))))) (package (name "libffi") - (version "3.0.13") + (version "3.1") (source (origin (method url-fetch) (uri @@ -41,8 +41,7 @@ name "-" version ".tar.gz")) (sha256 (base32 - "077ibkf84bvcd6rw1m6jb107br63i2pp301rkmsbgg6300adxp8x")) - (patches (list (search-patch "libffi-mips-n32-fix.patch"))))) + "1sznmrhcswwbyqla9y2ximlkzbxks59wjfs3lh7qf8ayranyxzlp")))) (build-system gnu-build-system) (arguments `(#:phases (alist-cons-after 'install 'post-install ,post-install-phase diff --git a/gnu/packages/patches/libffi-mips-n32-fix.patch b/gnu/packages/patches/libffi-mips-n32-fix.patch deleted file mode 100644 index 87ec48f883..0000000000 --- a/gnu/packages/patches/libffi-mips-n32-fix.patch +++ /dev/null @@ -1,21 +0,0 @@ -Fix handling of uint32_t arguments on the MIPS N32 ABI. - -Patch by Mark H Weaver . - ---- libffi/src/mips/ffi.c.orig 2013-03-16 07:19:39.000000000 -0400 -+++ libffi/src/mips/ffi.c 2013-10-22 01:11:03.111985247 -0400 -@@ -170,7 +170,14 @@ - break; - - case FFI_TYPE_UINT32: -+#ifdef FFI_MIPS_N32 -+ /* The N32 ABI requires that 32-bit integers -+ be sign-extended to 64-bits, regardless of -+ whether they are signed or unsigned. */ -+ *(ffi_arg *)argp = *(SINT32 *)(* p_argv); -+#else - *(ffi_arg *)argp = *(UINT32 *)(* p_argv); -+#endif - break; - - /* This can only happen with 64bit slots. */ -- cgit v1.3 From 48abd130217bd1645fefc4ca1817862672c6d782 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 26 Aug 2014 12:00:26 -0400 Subject: gnu: file: Update to 5.19; add fix for CVE-2014-3587. * gnu/packages/patches/file-CVE-2014-3587.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/file.scm (file): Update to 5.19. Add patch. --- gnu-system.am | 1 + gnu/packages/file.scm | 5 +++-- gnu/packages/patches/file-CVE-2014-3587.patch | 16 ++++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 gnu/packages/patches/file-CVE-2014-3587.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 86937749c7..f24da850c2 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -299,6 +299,7 @@ dist_patch_DATA = \ gnu/packages/patches/doxygen-test.patch \ gnu/packages/patches/doxygen-tmake.patch \ gnu/packages/patches/emacs-configure-sh.patch \ + gnu/packages/patches/file-CVE-2014-3587.patch \ gnu/packages/patches/findutils-absolute-paths.patch \ gnu/packages/patches/flashrom-use-libftdi1.patch \ gnu/packages/patches/flex-bison-tests.patch \ diff --git a/gnu/packages/file.scm b/gnu/packages/file.scm index 067f20e67c..601b158128 100644 --- a/gnu/packages/file.scm +++ b/gnu/packages/file.scm @@ -27,13 +27,14 @@ (define-public file (package (name "file") - (version "5.18") + (version "5.19") (source (origin (method url-fetch) (uri (string-append "ftp://ftp.astron.com/pub/file/file-" version ".tar.gz")) (sha256 (base32 - "01xz106biz6x4h5ilymg5v3367djvgnfp4lm87132cjqdmqgn6b5")))) + "0z1sgrcfy6d285kj5izy1yypf371bjl3247plh9ppk0svaxv714l")) + (patches (list (search-patch "file-CVE-2014-3587.patch"))))) (build-system gnu-build-system) (synopsis "file, a file type guesser") (description diff --git a/gnu/packages/patches/file-CVE-2014-3587.patch b/gnu/packages/patches/file-CVE-2014-3587.patch new file mode 100644 index 0000000000..cf88bf5f3e --- /dev/null +++ b/gnu/packages/patches/file-CVE-2014-3587.patch @@ -0,0 +1,16 @@ +Fixes CVE-2014-3587. Copied from upstream commit +0641e56be1af003aa02c7c6b0184466540637233. + +--- file-5.19/src/cdf.c.orig 2014-06-09 09:04:37.000000000 -0400 ++++ file-5.19/src/cdf.c 2014-08-26 11:55:23.887118898 -0400 +@@ -824,6 +824,10 @@ + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); ++ if (q < p) { ++ DPRINTF(("Wrapped around %p < %p\n", q, p)); ++ goto out; ++ } + if (q > e) { + DPRINTF(("Ran of the end %p > %p\n", q, e)); + goto out; -- cgit v1.3 From f5beb0caf31f227dbe3dd909ec318e84247a504a Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Tue, 26 Aug 2014 14:44:14 -0400 Subject: gnu: glibc: Fix CVE-2014-5119. * gnu/packages/patches/glibc-CVE-2014-5119.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/base.scm (glibc): Add the patch. --- gnu-system.am | 1 + gnu/packages/base.scm | 3 +- gnu/packages/patches/glibc-CVE-2014-5119.patch | 212 +++++++++++++++++++++++++ 3 files changed, 215 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glibc-CVE-2014-5119.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index f24da850c2..006fcab801 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -311,6 +311,7 @@ dist_patch_DATA = \ gnu/packages/patches/glib-tests-prlimit.patch \ gnu/packages/patches/glib-tests-timer.patch \ gnu/packages/patches/glibc-bootstrap-system.patch \ + gnu/packages/patches/glibc-CVE-2014-5119.patch \ gnu/packages/patches/glibc-ldd-x86_64.patch \ gnu/packages/patches/gnunet-fix-scheduler.patch \ gnu/packages/patches/gnunet-fix-tests.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 30176cfddb..6f340172e0 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -384,7 +384,8 @@ library for working with executable and object formats is also included.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (list (search-patch "glibc-ldd-x86_64.patch"))))) + (patches (list (search-patch "glibc-CVE-2014-5119.patch") + (search-patch "glibc-ldd-x86_64.patch"))))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc diff --git a/gnu/packages/patches/glibc-CVE-2014-5119.patch b/gnu/packages/patches/glibc-CVE-2014-5119.patch new file mode 100644 index 0000000000..de063a2da5 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2014-5119.patch @@ -0,0 +1,212 @@ +Remove support for loadable gconv transliteration modules. +The support for transliteration modules has been non-functional for +over a decade, and the removal is prompted by security defects. The +normal gconv conversion modules are still supported. Transliteration +with //TRANSLIT is still possible, and the //IGNORE specifier +continues to be supported. (CVE-2014-5119) + +Based on upstream commits a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 +and f9df71e895d3552d557e783fdb9d133328195645 +by Florian Weimer . + +--- glibc-2.19/ChangeLog.orig 2014-02-07 04:04:38.000000000 -0500 ++++ glibc-2.19/ChangeLog 2014-08-26 14:35:12.368861387 -0400 +@@ -1,3 +1,10 @@ ++2014-08-26 Florian Weimer ++ ++ [BZ #17187] ++ * iconv/gconv_trans.c (struct known_trans, search_tree, lock, ++ trans_compare, open_translit, __gconv_translit_find): ++ Remove module loading code. ++ + 2014-02-06 Carlos O'Donell + + [BZ #16529] +--- glibc-2.19/iconv/gconv_trans.c.orig 2014-02-07 04:04:38.000000000 -0500 ++++ glibc-2.19/iconv/gconv_trans.c 2014-08-26 14:37:26.269525364 -0400 +@@ -238,181 +238,12 @@ + return __GCONV_ILLEGAL_INPUT; + } + +- +-/* Structure to represent results of found (or not) transliteration +- modules. */ +-struct known_trans +-{ +- /* This structure must remain the first member. */ +- struct trans_struct info; +- +- char *fname; +- void *handle; +- int open_count; +-}; +- +- +-/* Tree with results of previous calls to __gconv_translit_find. */ +-static void *search_tree; +- +-/* We modify global data. */ +-__libc_lock_define_initialized (static, lock); +- +- +-/* Compare two transliteration entries. */ +-static int +-trans_compare (const void *p1, const void *p2) +-{ +- const struct known_trans *s1 = (const struct known_trans *) p1; +- const struct known_trans *s2 = (const struct known_trans *) p2; +- +- return strcmp (s1->info.name, s2->info.name); +-} +- +- +-/* Open (maybe reopen) the module named in the struct. Get the function +- and data structure pointers we need. */ +-static int +-open_translit (struct known_trans *trans) +-{ +- __gconv_trans_query_fct queryfct; +- +- trans->handle = __libc_dlopen (trans->fname); +- if (trans->handle == NULL) +- /* Not available. */ +- return 1; +- +- /* Find the required symbol. */ +- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); +- if (queryfct == NULL) +- { +- /* We cannot live with that. */ +- close_and_out: +- __libc_dlclose (trans->handle); +- trans->handle = NULL; +- return 1; +- } +- +- /* Get the context. */ +- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) +- != 0) +- goto close_and_out; +- +- /* Of course we also have to have the actual function. */ +- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); +- if (trans->info.trans_fct == NULL) +- goto close_and_out; +- +- /* Now the optional functions. */ +- trans->info.trans_init_fct = +- __libc_dlsym (trans->handle, "gconv_trans_init"); +- trans->info.trans_context_fct = +- __libc_dlsym (trans->handle, "gconv_trans_context"); +- trans->info.trans_end_fct = +- __libc_dlsym (trans->handle, "gconv_trans_end"); +- +- trans->open_count = 1; +- +- return 0; +-} +- +- + int + internal_function + __gconv_translit_find (struct trans_struct *trans) + { +- struct known_trans **found; +- const struct path_elem *runp; +- int res = 1; +- +- /* We have to have a name. */ +- assert (trans->name != NULL); +- +- /* Acquire the lock. */ +- __libc_lock_lock (lock); +- +- /* See whether we know this module already. */ +- found = __tfind (trans, &search_tree, trans_compare); +- if (found != NULL) +- { +- /* Is this module available? */ +- if ((*found)->handle != NULL) +- { +- /* Maybe we have to reopen the file. */ +- if ((*found)->handle != (void *) -1) +- /* The object is not unloaded. */ +- res = 0; +- else if (open_translit (*found) == 0) +- { +- /* Copy the data. */ +- *trans = (*found)->info; +- (*found)->open_count++; +- res = 0; +- } +- } +- } +- else +- { +- size_t name_len = strlen (trans->name) + 1; +- int need_so = 0; +- struct known_trans *newp; +- +- /* We have to continue looking for the module. */ +- if (__gconv_path_elem == NULL) +- __gconv_get_path (); +- +- /* See whether we have to append .so. */ +- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) +- need_so = 1; +- +- /* Create a new entry. */ +- newp = (struct known_trans *) malloc (sizeof (struct known_trans) +- + (__gconv_max_path_elem_len +- + name_len + 3) +- + name_len); +- if (newp != NULL) +- { +- char *cp; +- +- /* Clear the struct. */ +- memset (newp, '\0', sizeof (struct known_trans)); +- +- /* Store a copy of the module name. */ +- newp->info.name = cp = (char *) (newp + 1); +- cp = __mempcpy (cp, trans->name, name_len); +- +- newp->fname = cp; +- +- /* Search in all the directories. */ +- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) +- { +- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), +- trans->name, name_len); +- if (need_so) +- memcpy (cp, ".so", sizeof (".so")); +- +- if (open_translit (newp) == 0) +- { +- /* We found a module. */ +- res = 0; +- break; +- } +- } +- +- if (res) +- newp->fname = NULL; +- +- /* In any case we'll add the entry to our search tree. */ +- if (__tsearch (newp, &search_tree, trans_compare) == NULL) +- { +- /* Yickes, this should not happen. Unload the object. */ +- res = 1; +- /* XXX unload here. */ +- } +- } +- } +- +- __libc_lock_unlock (lock); +- +- return res; ++ /* Transliteration module loading has been removed because it never ++ worked as intended and suffered from a security vulnerability. ++ Consequently, this function always fails. */ ++ return 1; + } -- cgit v1.3 From 39ccbfad1c1b56c4866563a60676cb35b6a17871 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Mon, 8 Sep 2014 11:05:45 -0400 Subject: gnu: glibc: Update to 2.20. * gnu/packages/patches/glibc-CVE-2014-5119.patch: Remove. * gnu-system.am (dist_patch_DATA): Remove it. * gnu/packages/base.scm (glibc): Update to 2.20. Remove patch. Raise minimum linux version to 2.6.32. --- gnu-system.am | 1 - gnu/packages/base.scm | 15 +- gnu/packages/patches/glibc-CVE-2014-5119.patch | 212 ------------------------- 3 files changed, 7 insertions(+), 221 deletions(-) delete mode 100644 gnu/packages/patches/glibc-CVE-2014-5119.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 510a217b98..a079fa2030 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -323,7 +323,6 @@ dist_patch_DATA = \ gnu/packages/patches/glib-tests-prlimit.patch \ gnu/packages/patches/glib-tests-timer.patch \ gnu/packages/patches/glibc-bootstrap-system.patch \ - gnu/packages/patches/glibc-CVE-2014-5119.patch \ gnu/packages/patches/glibc-ldd-x86_64.patch \ gnu/packages/patches/gnunet-fix-scheduler.patch \ gnu/packages/patches/gnunet-fix-tests.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index cbe115f8a8..5ecff76252 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -357,14 +357,14 @@ library for working with executable and object formats is also included.") (define-public glibc (package (name "glibc") - (version "2.19") + (version "2.20") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "18m2dssd6ja5arxmdxinc90xvpqcsnqjfwmjl2as07j0i3srff9d")) + "19bbyfc2gcxr9rihrkkbd3p362i608yhlyrr7icqsa6cmr16sjzq")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -373,8 +373,7 @@ library for working with executable and object formats is also included.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (list (search-patch "glibc-CVE-2014-5119.patch") - (search-patch "glibc-ldd-x86_64.patch"))))) + (patches (list (search-patch "glibc-ldd-x86_64.patch"))))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc @@ -405,10 +404,10 @@ library for working with executable and object formats is also included.") (assoc-ref %build-inputs "linux-headers") "/include") - ;; The default is to assume a 2.4 Linux interface, but we'll - ;; always use something newer. See "kernel-features.h" in the - ;; GNU libc for details. - "--enable-kernel=2.6.30" + ;; This is the default for most architectures as of GNU libc 2.20, + ;; but we specify it explicitly for clarity and consistency. See + ;; "kernel-features.h" in the GNU libc for details. + "--enable-kernel=2.6.32" ;; Use our Bash instead of /bin/sh. (string-append "BASH_SHELL=" diff --git a/gnu/packages/patches/glibc-CVE-2014-5119.patch b/gnu/packages/patches/glibc-CVE-2014-5119.patch deleted file mode 100644 index de063a2da5..0000000000 --- a/gnu/packages/patches/glibc-CVE-2014-5119.patch +++ /dev/null @@ -1,212 +0,0 @@ -Remove support for loadable gconv transliteration modules. -The support for transliteration modules has been non-functional for -over a decade, and the removal is prompted by security defects. The -normal gconv conversion modules are still supported. Transliteration -with //TRANSLIT is still possible, and the //IGNORE specifier -continues to be supported. (CVE-2014-5119) - -Based on upstream commits a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 -and f9df71e895d3552d557e783fdb9d133328195645 -by Florian Weimer . - ---- glibc-2.19/ChangeLog.orig 2014-02-07 04:04:38.000000000 -0500 -+++ glibc-2.19/ChangeLog 2014-08-26 14:35:12.368861387 -0400 -@@ -1,3 +1,10 @@ -+2014-08-26 Florian Weimer -+ -+ [BZ #17187] -+ * iconv/gconv_trans.c (struct known_trans, search_tree, lock, -+ trans_compare, open_translit, __gconv_translit_find): -+ Remove module loading code. -+ - 2014-02-06 Carlos O'Donell - - [BZ #16529] ---- glibc-2.19/iconv/gconv_trans.c.orig 2014-02-07 04:04:38.000000000 -0500 -+++ glibc-2.19/iconv/gconv_trans.c 2014-08-26 14:37:26.269525364 -0400 -@@ -238,181 +238,12 @@ - return __GCONV_ILLEGAL_INPUT; - } - -- --/* Structure to represent results of found (or not) transliteration -- modules. */ --struct known_trans --{ -- /* This structure must remain the first member. */ -- struct trans_struct info; -- -- char *fname; -- void *handle; -- int open_count; --}; -- -- --/* Tree with results of previous calls to __gconv_translit_find. */ --static void *search_tree; -- --/* We modify global data. */ --__libc_lock_define_initialized (static, lock); -- -- --/* Compare two transliteration entries. */ --static int --trans_compare (const void *p1, const void *p2) --{ -- const struct known_trans *s1 = (const struct known_trans *) p1; -- const struct known_trans *s2 = (const struct known_trans *) p2; -- -- return strcmp (s1->info.name, s2->info.name); --} -- -- --/* Open (maybe reopen) the module named in the struct. Get the function -- and data structure pointers we need. */ --static int --open_translit (struct known_trans *trans) --{ -- __gconv_trans_query_fct queryfct; -- -- trans->handle = __libc_dlopen (trans->fname); -- if (trans->handle == NULL) -- /* Not available. */ -- return 1; -- -- /* Find the required symbol. */ -- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); -- if (queryfct == NULL) -- { -- /* We cannot live with that. */ -- close_and_out: -- __libc_dlclose (trans->handle); -- trans->handle = NULL; -- return 1; -- } -- -- /* Get the context. */ -- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) -- != 0) -- goto close_and_out; -- -- /* Of course we also have to have the actual function. */ -- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); -- if (trans->info.trans_fct == NULL) -- goto close_and_out; -- -- /* Now the optional functions. */ -- trans->info.trans_init_fct = -- __libc_dlsym (trans->handle, "gconv_trans_init"); -- trans->info.trans_context_fct = -- __libc_dlsym (trans->handle, "gconv_trans_context"); -- trans->info.trans_end_fct = -- __libc_dlsym (trans->handle, "gconv_trans_end"); -- -- trans->open_count = 1; -- -- return 0; --} -- -- - int - internal_function - __gconv_translit_find (struct trans_struct *trans) - { -- struct known_trans **found; -- const struct path_elem *runp; -- int res = 1; -- -- /* We have to have a name. */ -- assert (trans->name != NULL); -- -- /* Acquire the lock. */ -- __libc_lock_lock (lock); -- -- /* See whether we know this module already. */ -- found = __tfind (trans, &search_tree, trans_compare); -- if (found != NULL) -- { -- /* Is this module available? */ -- if ((*found)->handle != NULL) -- { -- /* Maybe we have to reopen the file. */ -- if ((*found)->handle != (void *) -1) -- /* The object is not unloaded. */ -- res = 0; -- else if (open_translit (*found) == 0) -- { -- /* Copy the data. */ -- *trans = (*found)->info; -- (*found)->open_count++; -- res = 0; -- } -- } -- } -- else -- { -- size_t name_len = strlen (trans->name) + 1; -- int need_so = 0; -- struct known_trans *newp; -- -- /* We have to continue looking for the module. */ -- if (__gconv_path_elem == NULL) -- __gconv_get_path (); -- -- /* See whether we have to append .so. */ -- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) -- need_so = 1; -- -- /* Create a new entry. */ -- newp = (struct known_trans *) malloc (sizeof (struct known_trans) -- + (__gconv_max_path_elem_len -- + name_len + 3) -- + name_len); -- if (newp != NULL) -- { -- char *cp; -- -- /* Clear the struct. */ -- memset (newp, '\0', sizeof (struct known_trans)); -- -- /* Store a copy of the module name. */ -- newp->info.name = cp = (char *) (newp + 1); -- cp = __mempcpy (cp, trans->name, name_len); -- -- newp->fname = cp; -- -- /* Search in all the directories. */ -- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) -- { -- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), -- trans->name, name_len); -- if (need_so) -- memcpy (cp, ".so", sizeof (".so")); -- -- if (open_translit (newp) == 0) -- { -- /* We found a module. */ -- res = 0; -- break; -- } -- } -- -- if (res) -- newp->fname = NULL; -- -- /* In any case we'll add the entry to our search tree. */ -- if (__tsearch (newp, &search_tree, trans_compare) == NULL) -- { -- /* Yickes, this should not happen. Unload the object. */ -- res = 1; -- /* XXX unload here. */ -- } -- } -- } -- -- __libc_lock_unlock (lock); -- -- return res; -+ /* Transliteration module loading has been removed because it never -+ worked as intended and suffered from a security vulnerability. -+ Consequently, this function always fails. */ -+ return 1; - } -- cgit v1.3 From 6904ecce5fdd25a9564050101f1003a4d75e7bd5 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 17 Sep 2014 17:17:43 +0200 Subject: gnu: gcc-4.8.3: Add patch for PR61801. * gnu/packages/patches/gcc-fix-pr61801.patch: New file. * gnu/packages/gcc.scm (gcc-4.8): Use it. * gnu-system.am (dist_patch_DATA): Add it. --- gnu-system.am | 1 + gnu/packages/gcc.scm | 3 ++- gnu/packages/patches/gcc-fix-pr61801.patch | 25 +++++++++++++++++++++++++ 3 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/gcc-fix-pr61801.patch (limited to 'gnu-system.am') diff --git a/gnu-system.am b/gnu-system.am index 93afd9fb50..7d6763c5ec 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -327,6 +327,7 @@ dist_patch_DATA = \ gnu/packages/patches/flex-bison-tests.patch \ gnu/packages/patches/gawk-shell.patch \ gnu/packages/patches/gcc-cross-environment-variables.patch \ + gnu/packages/patches/gcc-fix-pr61801.patch \ gnu/packages/patches/gd-mips64-deplibs-fix.patch \ gnu/packages/patches/glib-tests-desktop.patch \ gnu/packages/patches/glib-tests-homedir.patch \ diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm index 66888389d4..02601585b9 100644 --- a/gnu/packages/gcc.scm +++ b/gnu/packages/gcc.scm @@ -268,7 +268,8 @@ Go. It also includes runtime support libraries for these languages.") version "/gcc-" version ".tar.bz2")) (sha256 (base32 - "07hg10zs7gnqz58my10ch0zygizqh0z0bz6pv4pgxx45n48lz3ka")))))) + "07hg10zs7gnqz58my10ch0zygizqh0z0bz6pv4pgxx45n48lz3ka")) + (patches (list (search-patch "gcc-fix-pr61801.patch"))))))) (define-public gcc-4.9 (package (inherit gcc-4.7) diff --git a/gnu/packages/patches/gcc-fix-pr61801.patch b/gnu/packages/patches/gcc-fix-pr61801.patch new file mode 100644 index 0000000000..e9cd92aa1c --- /dev/null +++ b/gnu/packages/patches/gcc-fix-pr61801.patch @@ -0,0 +1,25 @@ +GCC bug fix for . +Initially discussed at + . +Patch from . + +2014-07-17 Richard Biener + + PR rtl-optimization/61801 + + * sched-deps.c (sched_analyze_2): For ASM_OPERANDS and + ASM_INPUT don't set reg_pending_barrier if it appears in a + debug-insn. + +--- gcc-4_8-branch/gcc/sched-deps.c 2014/07/17 07:48:49 212739 ++++ gcc-4_8-branch/gcc/sched-deps.c 2014/07/17 07:49:44 212740 +@@ -2744,7 +2744,8 @@ + Consider for instance a volatile asm that changes the fpu rounding + mode. An insn should not be moved across this even if it only uses + pseudo-regs because it might give an incorrectly rounded result. */ +- if (code != ASM_OPERANDS || MEM_VOLATILE_P (x)) ++ if ((code != ASM_OPERANDS || MEM_VOLATILE_P (x)) ++ && !DEBUG_INSN_P (insn)) + reg_pending_barrier = TRUE_BARRIER; + + /* For all ASM_OPERANDS, we must traverse the vector of input operands. -- cgit v1.3