Last commit made on 2021-04-14
Get this branch:
git clone -b release/2.28/master

Branch merges

Branch information


Recent commits

83d6f50... by Siddhesh Poyarekar <email address hidden> on 2021-03-16

Fix SXID_ERASE behavior in setuid programs (BZ #27471)

When parse_tunables tries to erase a tunable marked as SXID_ERASE for
setuid programs, it ends up setting the envvar string iterator
incorrectly, because of which it may parse the next tunable
incorrectly. Given that currently the implementation allows malformed
and unrecognized tunables pass through, it may even allow SXID_ERASE
tunables to go through.

This change revamps the SXID_ERASE implementation so that:

- Only valid tunables are written back to the tunestr string, because
  of which children of SXID programs will only inherit a clean list of
  identified tunables that are not SXID_ERASE.

- Unrecognized tunables get scrubbed off from the environment and
  subsequently from the child environment.

- This has the side-effect that a tunable that is not identified by
  the setxid binary, will not be passed on to a non-setxid child even
  if the child could have identified that tunable. This may break
  applications that expect this behaviour but expecting such tunables
  to cross the SXID boundary is wrong.
Reviewed-by: Carlos O'Donell <email address hidden>

(cherry picked from commit 2ed18c5b534d9e92fc006202a5af0df6b72e7aca)

6cd05bc... by Siddhesh Poyarekar <email address hidden> on 2021-03-16

Enhance setuid-tunables test

Instead of passing GLIBC_TUNABLES via the environment, pass the
environment variable from parent to child. This allows us to test
multiple variables to ensure better coverage.

The test list currently only includes the case that's already being
tested. More tests will be added later.
Reviewed-by: Carlos O'Donell <email address hidden>

(cherry picked from commit 061fe3f8add46a89b7453e87eabb9c4695005ced)

Also add intprops.h from 2.29 from commit 8e6fd2bdb21efe2cc1ae7571ff8fb2599db6a05a

c43e69d... by Siddhesh Poyarekar <email address hidden> on 2021-03-16

tst-env-setuid: Use support_capture_subprogram_self_sgid

Use the support_capture_subprogram_self_sgid to spawn an sgid child.
Reviewed-by: Carlos O'Donell <email address hidden>

(cherry picked from commit ca335281068a1ed549a75ee64f90a8310755956f)

b790d1c... by Siddhesh Poyarekar <email address hidden> on 2021-04-09

support: Add capability to fork an sgid child

Add a new function support_capture_subprogram_self_sgid that spawns an
sgid child of the running program with its own image and returns the
exit code of the child process. This functionality is used by at
least three tests in the testsuite at the moment, so it makes sense to

There is also a new function support_subprogram_wait which should
provide simple system() like functionality that does not set up file
actions. This is useful in cases where only the return code of the
spawned subprocess is interesting.

This patch also ports tst-secure-getenv to this new function. A
subsequent patch will port other tests. This also brings an important
change to tst-secure-getenv behaviour. Now instead of succeeding, the
test fails as UNSUPPORTED if it is unable to spawn a setgid child,
which is how it should have been in the first place.
Reviewed-by: Carlos O'Donell <email address hidden>

(cherry picked from commit 716a3bdc41b2b4b864dc64475015ba51e35e1273)

d79d7e1... by Siddhesh Poyarekar <email address hidden> on 2021-03-15

support: Typo and formatting fixes

- Add a newline to the end of error messages in transfer().
- Fixed the name of support_subprocess_init().

(cherry picked from commit 95c68080a3ded882789b1629f872c3ad531efda0)

7e3b1e7... by Siddhesh Poyarekar <email address hidden> on 2021-03-15

support: Pass environ to child process

Pass environ to posix_spawn so that the child process can inherit
environment of the test.

(cherry picked from commit e958490f8c74e660bd93c128b3bea746e268f3f6)

e23cded... by Adhemerval Zanella on 2019-04-12

support: Add support_capture_subprogram

Its API is similar to support_capture_subprocess, but rather creates a
new process based on the input path and arguments. Under the hoods it
uses posix_spawn to create the new process.

It also allows the use of other support_capture_* functions to check
for expected results and free the resources.

Checked on x86_64-linux-gnu.

 * support/Makefile (libsupport-routines): Add support_subprocess,
 xposix_spawn, xposix_spawn_file_actions_addclose, and
 (tst-support_capture_subprocess-ARGS): New rule.
 * support/capture_subprocess.h (support_capture_subprogram): New
 * support/support_capture_subprocess.c (support_capture_subprocess):
 Refactor to use support_subprocess and support_capture_poll.
 (support_capture_subprogram): New function.
 * support/tst-support_capture_subprocess.c (write_mode_to_str,
 str_to_write_mode, test_common, parse_int, handle_restart,
 do_subprocess, do_subprogram, do_multiple_tests): New functions.
 (do_test): Add support_capture_subprogram tests.
 * support/subprocess.h: New file.
 * support/support_subprocess.c: Likewise.
 * support/xposix_spawn.c: Likewise.
 * support/xposix_spawn_file_actions_addclose.c: Likewise.
 * support/xposix_spawn_file_actions_adddup2.c: Likewise.
 * support/xspawn.h: Likewise.

Reviewed-by: Carlos O'Donell <email address hidden>
(cherry picked from commit 0e169691290a6d2187a4ff41495fc5678cbfdcdc)

4352eb4... by DJ Delorie <email address hidden> on 2021-02-25

nscd: Fix double free in netgroupcache [BZ #27462]

In commit 745664bd798ec8fd50438605948eea594179fba1 a use-after-free
was fixed, but this led to an occasional double-free. This patch
tracks the "live" allocation better.

Tested manually by a third party.

Related: RHBZ 1927877

Reviewed-by: Siddhesh Poyarekar <email address hidden>
Reviewed-by: Carlos O'Donell <email address hidden>
(cherry picked from commit dca565886b5e8bd7966e15f0ca42ee5cff686673)

e9db776... by Florian Weimer on 2021-01-27

gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)

The conversion loop to the internal encoding does not follow
the interface contract that __GCONV_FULL_OUTPUT is only returned
after the internal wchar_t buffer has been filled completely. This
is enforced by the first of the two asserts in iconv/skeleton.c:

       /* We must run out of output buffer space in this
   rerun. */
       assert (outbuf == outerr);
       assert (nstatus == __GCONV_FULL_OUTPUT);

This commit solves this issue by queuing a second wide character
which cannot be written immediately in the state variable, like
other converters already do (e.g., BIG5-HKSCS or TSCII).

Reported-by: Tavis Ormandy <email address hidden>
(cherry picked from commit 7d88c6142c6efc160c0ee5e4f85cde382c072888)

44fd888... by "H.J. Lu" <email address hidden> on 2020-12-28

x86: Check IFUNC definition in unrelocated executable [BZ #20019]

Calling an IFUNC function defined in unrelocated executable also leads to
segfault. Issue a fatal error message when calling IFUNC function defined
in the unrelocated executable from a shared library.

On x86, ifuncmain6pie failed with:

[hjl@gnu-cfl-2 build-i686-linux]$ ./elf/ifuncmain6pie --direct
./elf/ifuncmain6pie: IFUNC symbol 'foo' referenced in '/export/build/gnu/tools-build/glibc-32bit/build-i686-linux/elf/' is defined in the executable and creates an unsatisfiable circular dependency.
[hjl@gnu-cfl-2 build-i686-linux]$ readelf -rW elf/ | grep foo
00003ff4 00000706 R_386_GLOB_DAT 0000400c foo_ptr
00003ff8 00000406 R_386_GLOB_DAT 00000000 foo
0000400c 00000401 R_386_32 00000000 foo
[hjl@gnu-cfl-2 build-i686-linux]$

Remove non-JUMP_SLOT relocations against foo in, which
trigger the circular IFUNC dependency, and build ifuncmain6pie with

(cherry picked from commits 6ea5b57afa5cdc9ce367d2b69a2cebfb273e4617
 and 7137d682ebfcb6db5dfc5f39724718699922f06c)