glibc:ibm/2.30/master

Last commit made on 2021-03-18
Get this branch:
git clone -b ibm/2.30/master https://git.launchpad.net/glibc

Branch merges

Branch information

Name:
ibm/2.30/master
Repository:
lp:glibc

Recent commits

889122c... by Florian Weimer on 2021-01-29

NEWS: Fix typo in CVE-2021-3326 entry

fa4162a... by Florian Weimer on 2021-01-29

NEWS: Mention CVE-2021-3326 (iconv assertion with ISO-20220-JP-3)

903f0b6... by Raphael Moreira Zinsly <email address hidden> on 2021-03-18

Merge branch release/2.30/master into ibm/2.30/master

3e33d93... by Siddhesh Poyarekar <email address hidden> on 2020-12-07

Add NEWS entry for CVE-2020-29562 (BZ #26923)

BZ #26923 now has a CVE entry, so add a NEWS entry for it.

3d8ef60... by Michael Colavita <email address hidden> on 2020-11-19

iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)

Previously, in UCS4 conversion routines we limit the number of
characters we examine to the minimum of the number of characters in the
input and the number of characters in the output. This is not the
correct behavior when __GCONV_IGNORE_ERRORS is set, as we do not consume
an output character when we skip a code unit. Instead, track the input
and output pointers and terminate the loop when either reaches its
limit.

This resolves assertion failures when resetting the input buffer in a step of
iconv, which assumes that the input will be fully consumed given sufficient
output space.

67b1fb5... by Arjun Shankar <email address hidden> on 2020-11-04

iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]

The IBM1364, IBM1371, IBM1388, IBM1390 and IBM1399 character sets
share converter logic (iconvdata/ibm1364.c) which would reject
redundant shift sequences when processing input in these character
sets. This led to a hang in the iconv program (CVE-2020-27618).

This commit adjusts the converter to ignore redundant shift sequences
and adds test cases for iconv_prog hangs that would be triggered upon
their rejection. This brings the implementation in line with other
converters that also ignore redundant shift sequences (e.g. IBM930
etc., fixed in commit 692de4b3960d).

Reviewed-by: Carlos O'Donell <email address hidden>

1bf0789... by DJ Delorie <email address hidden> on 2021-02-25

nscd: Fix double free in netgroupcache [BZ #27462]

In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
was fixed, but this led to an occasional double-free. This patch
tracks the "live" allocation better.

Tested manually by a third party.

Related: RHBZ 1927877

Reviewed-by: Siddhesh Poyarekar <email address hidden>
Reviewed-by: Carlos O'Donell <email address hidden>
(cherry picked from commit dca565886b5e8bd7966e15f0ca42ee5cff686673)

79bf3c9... by Florian Weimer on 2021-01-27

gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)

The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:

       /* We must run out of output buffer space in this
   rerun. */
       assert (outbuf == outerr);
       assert (nstatus == __GCONV_FULL_OUTPUT);

This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).

Reported-by: Tavis Ormandy <email address hidden>
(cherry picked from commit 7d88c6142c6efc160c0ee5e4f85cde382c072888)

d811d24... by "H.J. Lu" <email address hidden> on 2020-12-28

x86: Check IFUNC definition in unrelocated executable [BZ #20019]

Calling an IFUNC function defined in unrelocated executable also leads to
segfault. Issue a fatal error message when calling IFUNC function defined
in the unrelocated executable from a shared library.

On x86, ifuncmain6pie failed with:

[hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct
./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/ifuncmod6.so' is defined in the executable and creates an unsatisfiable circular dependency.
[hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ifuncmod6.so | grep foo
00003ff4 00000706 R_386_GLOB_DAT 0000400c foo_ptr
00003ff8 00000406 R_386_GLOB_DAT 00000000 foo
0000400c 00000401 R_386_32 00000000 foo
[hjl@gnu-cfl-2 build-i686-linux]$

Remove non-JUMP_SLOT relocations against foo in ifuncmod6.so, which
trigger the circular IFUNC dependency, and build ifuncmain6pie with
-Wl,-z,lazy.

(cherry picked from commits 6ea5b57afa5cdc9ce367d2b69a2cebfb273e4617
 and 7137d682ebfcb6db5dfc5f39724718699922f06c)

8113182... by "H.J. Lu" <email address hidden> on 2021-01-13

x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]

Update dl_cet_check() to set header.feature_1 in TCB when both IBT and
SHSTK are always on.

(cherry picked from commit 2ef23b520597f4ea1790a669b83e608f24f4cf12)