Some architectures have a specific path for their runtime linker
hardcoded and in order to avoid installing them into /lib or /lib64
instead of /usr/lib or /usr/lib64, we are adding artificial provides.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those libraries uses a special RUNPATH called $ORIGIN which we
do not support in IPFire. So changing this to the directory where
the are installed.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch changes many things about glibc in one go. Sorry.
We move glibc out of /lib so that we no longer install any files where
they should not be according to our FHS.
We also enable SSP-all and ensure that everything is properly hardened.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
libcrypt in glibc is deprecated and has been replaced by libxcrypt which
offers a new ABI. The new ABI is package in libxcrypt and the old one in
compat-libxcrypt which should be dropped soon.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Instead of compiling with -O3, we now compile this with -O2
which is the default for the whole system. It looks like binaries
launch and perform a little bit slower than on some other
distributions, but there is no explanation to it.
This change will reduce the size of the libc and sibling libraries
which will hopefully allow to load them faster. Code might potentially
execute slower on some machines, but this impact might be less than
the startup time of the binaries.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
glibc has been a bit unstable and we are going to drop
patches that we don't essentially need in the hope to
mitigate any random segfaults.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* Drop support for the audit subsystem.
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
These packages are a bit redundant and got now
merged into the main package and the -devel package.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Requires Linux kernel 3.2 now.
Security related changes:
* An out-of-bounds value in a broken-out struct tm argument to strftime no
longer causes a crash. Reported by Adam Nielsen. (CVE-2015-8776)
* The LD_POINTER_GUARD environment variable can no longer be used to disable
the pointer guard feature. It is always enabled. Previously,
LD_POINTER_GUARD could be used to disable security hardening in binaries
running in privileged AT_SECURE mode. Reported by Hector Marco-Gisbert.
(CVE-2015-8777)
* An integer overflow in hcreate and hcreate_r could lead to an
out-of-bounds memory access. Reported by Szabolcs Nagy. (CVE-2015-8778)
* The catopen function no longer has unbounded stack usage. Reported by
Max. (CVE-2015-8779)
* The nan, nanf and nanl functions no longer have unbounded stack usage
depending on the length of the string passed as an argument to the
functions. Reported by Joseph Myers. (CVE-2014-9761)
* A stack-based buffer overflow was found in libresolv when invoked from
libnss_dns, allowing specially crafted DNS responses to seize control
of execution flow in the DNS client. The buffer overflow occurs in
the functions send_dg (send datagram) and send_vc (send TCP) for the
NSS module libnss_dns.so.2 when calling getaddrinfo with AF_UNSPEC
family. The use of AF_UNSPEC triggers the low-level resolver code to
send out two parallel queries for A and AAAA. A mismanagement of the
buffers used for those queries could result in the response of a query
writing beyond the alloca allocated buffer created by
_nss_dns_gethostbyname4_r. Buffer management is simplified to remove
the overflow. Thanks to the Google Security Team and Red Hat for
reporting the security impact of this issue, and Robert Holiday of
Ciena for reporting the related bug 18665. (CVE-2015-7547)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Security fix:
A buffer overflow in gethostbyname_r and related functions performing DNS
requests has been fixed. If the NSS functions were called with a
misaligned buffer, the buffer length change due to pointer alignment was
not taken into account. This could result in application crashes or,
potentially arbitrary code execution, using crafted, but syntactically
valid DNS responses. (CVE-2015-1781)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
* The following bugs are resolved with this release:
6804, 9894, 12994, 13347, 13651, 14308, 14770, 15119, 15132, 15347, 15514,
15698, 15804, 15894, 15946, 16002, 16064, 16095, 16194, 16198, 16275,
16284, 16287, 16315, 16348, 16349, 16354, 16357, 16362, 16447, 16516,
16532, 16539, 16545, 16561, 16562, 16564, 16574, 16599, 16600, 16609,
16610, 16611, 16613, 16619, 16623, 16629, 16632, 16634, 16639, 16642,
16648, 16649, 16670, 16674, 16677, 16680, 16681, 16683, 16689, 16695,
16701, 16706, 16707, 16712, 16713, 16714, 16724, 16731, 16739, 16740,
16743, 16754, 16758, 16759, 16760, 16770, 16786, 16789, 16791, 16796,
16799, 16800, 16815, 16823, 16824, 16831, 16838, 16839, 16849, 16854,
16876, 16877, 16878, 16882, 16885, 16888, 16890, 16892, 16912, 16915,
16916, 16917, 16918, 16922, 16927, 16928, 16932, 16943, 16958, 16965,
16966, 16967, 16977, 16978, 16984, 16990, 16996, 17009, 17022, 17031,
17042, 17048, 17050, 17058, 17061, 17062, 17069, 17075, 17078, 17079,
17084, 17086, 17088, 17092, 17097, 17125, 17135, 17137, 17150, 17153,
17187, 17213, 17259, 17261, 17262, 17263, 17319, 17325, 17354.
* Reverted change of ABI data structures for s390 and s390x:
On s390 and s390x the size of struct ucontext and jmp_buf was increased in
2.19. This change is reverted in 2.20. The introduced 2.19 symbol versions
of getcontext, setjmp, _setjmp, __sigsetjmp, longjmp, _longjmp, siglongjmp
are preserved pointing straight to the same implementation as the old ones.
Given that, new callers will simply provide a too-big buffer to these
functions. Any applications/libraries out there that embed jmp_buf or
ucontext_t in an ABI-relevant data structure that have already been rebuilt
against 2.19 headers will have to rebuilt again. This is necessary in any
case to revert the breakage in their ABI caused by the glibc change.
* Support for file description locks is added to systems running the
Linux kernel. The standard file locking interfaces are extended to
operate on file descriptions, not file descriptors, via the use of
F_OFD_GETLK, F_OFD_SETLK, and F_OFD_SETLKW. File description locks
are associated with an open file instead of a process.
* Optimized strchr implementation for AArch64. Contributed by ARM Ltd.
* The minimum Linux kernel version that this version of the GNU C Library
can be used with is 2.6.32.
* Running the testsuite no longer terminates as soon as a test fails.
Instead, a file tests.sum (xtests.sum from "make xcheck") is generated,
with PASS or FAIL lines for individual tests. A summary of the results is
printed, including a list of failing lists, and "make check" exits with
error status if there were any unexpected failures. "make check
stop-on-test-failure=y" may be used to keep the old behavior.
* The am33 port, which had not worked for several years, has been removed
from ports.
* The _BSD_SOURCE and _SVID_SOURCE feature test macros are no longer
supported; they now act the same as _DEFAULT_SOURCE (but generate a
warning). Except for cases where _BSD_SOURCE enabled BSD interfaces that
conflicted with POSIX (support for which was removed in 2.19), the
interfaces those macros enabled remain available when compiling with
_GNU_SOURCE defined, with _DEFAULT_SOURCE defined, or without any feature
test macros defined.
* Optimized strcmp implementation for ARMv7. Contributed by ARM Ltd.
* Added support for TX lock elision of pthread mutexes on s390 and s390x.
This may improve lock scaling of existing programs on TX capable systems.
The lock elision code is only built with --enable-lock-elision=yes and
then requires a GCC version supporting the TX builtins. With lock elision
default mutexes are elided via __builtin_tbegin, if the cpu supports
transactions. By default lock elision is not enabled and the elision code
is not built.
* CVE-2014-4043 The posix_spawn_file_actions_addopen implementation did not
copy the path argument. This allowed programs to cause posix_spawn to
deference a dangling pointer, or use an unexpected pathname argument if
the string was modified after the posix_spawn_file_actions_addopen
invocation.
* All supported architectures now use the main glibc sysdeps directory
instead of some being in a separate "ports" directory (which was
distributed separately before glibc 2.17).
* The NPTL implementation of POSIX pthreads is no longer an "add-on".
On configurations that support it (all Linux configurations), it's now
used regardless of the --enable-add-ons switch to configure. It is no
longer possible to build such configurations without pthreads support.
* Locale names, including those obtained from environment variables (LANG
and the LC_* variables), are more tightly checked for proper syntax.
setlocale will now fail (with EINVAL) for locale names that are overly
long, contain slashes without starting with a slash, or contain ".." path
components. (CVE-2014-0475) Previously, some valid locale names were
silently replaced with the "C" locale when running in AT_SECURE mode
(e.g., in a SUID program). This is no longer necessary because of the
additional checks.
* On x86-64, the dynamic linker's lazy-binding support is now compatible
with application code using Intel MPX instructions. (With all previous
versions, the MPX register state could be clobbered when making calls
into or out of a shared library.) Note that while the new dynamic
linker is compatible with all known x86 hardware whether or not it
supports Intel MPX, some x86 instruction-set emulators might fail to
handle the new instruction encodings. This is known to affect Valgrind
versions up through 3.9 (but will be fixed in the forthcoming 3.10
release), and might affect other tools that do instruction emulation.
* Support for loadable gconv transliteration modules has been removed.
The support for transliteration modules has been non-functional for
over a decade, and the removal is prompted by security defects. The
normal gconv conversion modules are still supported. Transliteration
with //TRANSLIT is still possible, and the //IGNORE specifier
continues to be supported. (CVE-2014-5119)
* Decoding a crafted input sequence in the character sets IBM933, IBM935,
IBM937, IBM939, IBM1364 could result in an out-of-bounds array read,
resulting a denial-of-service security vulnerability in applications which
use functions related to iconv. (CVE-2014-6040)
On armv7hl the runtime linker is replaced by /lib/ld-linux-armhf.so.3
so that hardware and software floating point libraries may co-exist.
Fixes#10178.
Peter Müller