From 3bac4df0de46115762b708aef45309eb59bf0ce1 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 6 Feb 2019 12:07:32 +0100 Subject: [PATCH 1/7] linux-headers: Update version from 4.14.76 to 4.14.87 --- linux-headers.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-headers.be0 b/linux-headers.be0 index 58de8784b..905531b33 100755 --- a/linux-headers.be0 +++ b/linux-headers.be0 @@ -1,6 +1,6 @@ #!/usr/bin/env beesh -# BEE_VERSION linux-headers-4.14.76-0 +# BEE_VERSION linux-headers-4.14.87-0 ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.) From f2a2859abc865c88631ca6eb3a04e53fdcd975ec Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 6 Feb 2019 11:55:20 +0100 Subject: [PATCH 2/7] glibc: Update version from 2.27 to 2.29 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From the [announcement][1]: > NEWS for version 2.29 > ==================== > > * The getcpu wrapper function has been added, which returns the > currently used CPU and NUMA node. This function is Linux-specific. > > * A new convenience target has been added for distribution maintainers > to build and install all locales as directories with files. The new > target is run by issuing the following command in your build tree: > 'make localedata/install-locale-files', with an optional DESTDIR > to set the install root if you wish to install into a non-default > configured location. > > * Optimized generic exp, exp2, log, log2, pow, sinf, cosf, sincosf and > tanf. > > * The reallocarray function is now declared under _DEFAULT_SOURCE, not > just for _GNU_SOURCE, to match BSD environments. > > * For powercp64le ABI, Transactional Lock Elision is now enabled iff > kernel indicates that it will abort the transaction prior to entering > the kernel (PPC_FEATURE2_HTM_NOSC on hwcap2). On older kernels the > transaction is suspended, and this caused some undefined side-effects > issues by aborting transactions manually. Glibc avoided it by abort > transactions manually on each syscall, but it lead to performance > issues on newer kernels where the HTM state is saved and restore > lazily (the state being saved even when the process actually does not > use HTM). > > * The functions posix_spawn_file_actions_addchdir_np and > posix_spawn_file_actions_addfchdir_np have been added, enabling > posix_spawn and posix_spawnp to run the new process in a different > directory. These functions are GNU extensions. The function > posix_spawn_file_actions_addchdir_np is similar to the Solaris > function of the same name. > > * The popen and system do not run atfork handlers anymore (BZ#17490). > Although it is a possible POSIX violation, the POSIX rationale in > pthread_atfork documentation regarding atfork handlers is to handle > inconsistent mutex state after a fork call in a multi-threaded > process. > In both popen and system there is no direct access to user-defined > mutexes. > > * Support for the C-SKY ABIV2 running on Linux has been added. This > port requires at least binutils-2.32, gcc-9.0, and linux-4.20. Two > ABIs are supported: > - C-SKY ABIV2 soft-float little-endian > - C-SKY ABIV2 hard-float little-endian > > * strftime's default formatting of a locale's alternative year (%Ey) > has been changed to zero-pad the year to a minimum of two digits, > like "%y". This improves the display of Japanese era years during > the first nine years of a new era, and is expected to be harmless > for all other locales (only Japanese locales regularly have > alternative year numbers less than 10). Zero-padding can be > overridden with the '_' or '-' flags (which are GNU extensions). > > * As a GNU extension, the '_' and '-' flags can now be applied to > "%EY" to control how the year number is formatted; they have the > same effect that they would on "%Ey". […] > Security related changes: > > CVE-2018-19591: A file descriptor leak in if_nametoindex can lead to a > denial of service due to resource exhaustion when processing > getaddrinfo calls with crafted host names. Reported by Guido Vranken. > > CVE-2019-6488: On x32, the size_t parameter may be passed in the lower > 32 bits of a 64-bit register with with non-zero upper 32 bit. When it > happened, accessing the 32-bit size_t value as the full 64-bit > register in the assembly string/memory functions would cause a buffer > overflow. > Reported by H.J. Lu. > > CVE-2016-10739: The getaddrinfo function could successfully parse IPv4 > addresses with arbitrary trailing characters, potentially leading to > data or command injection issues in applications. [1]: https://sourceware.org/ml/libc-announce/2019/msg00000.html --- glibc.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glibc.be0 b/glibc.be0 index 8483e18f5..2547c8462 100755 --- a/glibc.be0 +++ b/glibc.be0 @@ -1,6 +1,6 @@ #!/bin/env beesh -# BEE_VERSION glibc-2.27-0 +# BEE_VERSION glibc-2.29-0 SRCURL[0]="https://ftp.gnu.org/gnu/glibc/glibc-${PKGVERSION}.tar.bz2" From 4917db790f977709fd99289c7b482dfb302ff8f5 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 6 Feb 2019 11:55:44 +0100 Subject: [PATCH 3/7] glibc: Strip trailing spaces --- glibc.be0 | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/glibc.be0 b/glibc.be0 index 2547c8462..bcb7a5751 100755 --- a/glibc.be0 +++ b/glibc.be0 @@ -31,7 +31,7 @@ mee_patch_post() { # use /bin/bash instead of /bin/sh .. echo "sed-ing elf/ldd.bash.in" sed -i 's|@BASH@|/bin/bash|' elf/ldd.bash.in - + # fix some binary issues when gzipping manpages.. echo "sed-ing manual/Makefile" sed -i 's|gzip -9|gzip -n -9|' manual/Makefile @@ -95,9 +95,9 @@ mee_install_post() { # timezones anymore with glibc >= 2.16 # install Europe/Berlin as default Timezone #rm -v ${D}${SYSCONFDIR}/localtime - #ln -v ${D}/${PREFIX}/share/zoneinfo/Europe/Berlin ${D}${SYSCONFDIR}/localtime - - + #ln -v ${D}/${PREFIX}/share/zoneinfo/Europe/Berlin ${D}${SYSCONFDIR}/localtime + + if [ "${SLIBDIR}" != "${LIBDIR}" ] ; then cd ${D}${SLIBDIR} for i in * ; do @@ -105,7 +105,7 @@ mee_install_post() { done cd - fi - + if [ "${ROOTSBINDIR}" != "${SBINDIR}" ] ; then cd ${D}${ROOTSBINDIR} for i in * ; do From 6990e294d703d28151cf5bb952d8bb995247fbce Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 6 Feb 2019 11:57:54 +0100 Subject: [PATCH 4/7] glibc: Increase minimal Linux header requirement to 4.14.87 That is the oldest Linux kernel version, currently in MarIuX. --- glibc.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glibc.be0 b/glibc.be0 index bcb7a5751..c14c38b1c 100755 --- a/glibc.be0 +++ b/glibc.be0 @@ -51,7 +51,7 @@ mee_configure() { --enable-add-ons \ --enable-obsolete-rpc \ --enable-obsolete-nsl \ - --enable-kernel=4.4.34 + --enable-kernel=4.14.87 } mee_build_pre() { From ffe3528e80e2a13ef5f6fcbd62034c57d337a0fb Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Wed, 6 Feb 2019 11:58:47 +0100 Subject: [PATCH 5/7] glibc: Use strong stack protector --enable-stack-protector=[yes|no|all|strong] Use -fstack-protector[-all|-strong] to detect glibc buffer overflows --- glibc.be0 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/glibc.be0 b/glibc.be0 index c14c38b1c..32fc78157 100755 --- a/glibc.be0 +++ b/glibc.be0 @@ -51,7 +51,8 @@ mee_configure() { --enable-add-ons \ --enable-obsolete-rpc \ --enable-obsolete-nsl \ - --enable-kernel=4.14.87 + --enable-kernel=4.14.87 \ + --enable-stack-protector=strong } mee_build_pre() { From 2d87f24ed785858b5a28c3cb658e6d435fec4c37 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Fri, 8 Feb 2019 14:12:36 +0100 Subject: [PATCH 6/7] glibc-locales: Update version from 2.27 to 2.29 --- glibc-locales.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glibc-locales.be0 b/glibc-locales.be0 index 83eff1982..9fe6c5031 100755 --- a/glibc-locales.be0 +++ b/glibc-locales.be0 @@ -1,6 +1,6 @@ #!/bin/env beesh -# BEE_VERSION glibc-locales-2.27-0 +# BEE_VERSION glibc-locales-2.29-0 mee_install() { mkdir -pv ${D}${LIBDIR}/locale From 4676dcc470a9739167be94b465be18d29af3e110 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Thu, 12 Sep 2019 13:08:33 +0200 Subject: [PATCH 7/7] glibc: Add reminder for glibc-locales Addresses https://github.molgen.mpg.de/mariux64/bee-files/pull/502#issuecomment-4689 --- glibc.be0 | 1 + 1 file changed, 1 insertion(+) diff --git a/glibc.be0 b/glibc.be0 index 32fc78157..d5d4a60bc 100755 --- a/glibc.be0 +++ b/glibc.be0 @@ -1,5 +1,6 @@ #!/bin/env beesh +# Do not forget to update glibc-locales # BEE_VERSION glibc-2.29-0 SRCURL[0]="https://ftp.gnu.org/gnu/glibc/glibc-${PKGVERSION}.tar.bz2"