回合上游社区补丁,补丁数量：6

<h3>优先级:</h3>次要<h3>原因分析:</h3>【是否新引入rpm包，是否进行了安全编译选项扫描】否【定位分析】例行回合社区bugfix补丁。<table ><tr><td colSpan="1" rowSpan="1">软件包</td><td colSpan="1" rowSpan="1">CommitId</td><td colSpan="1" rowSpan="1">描述</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">2aa0974d2573441bffd596b07bff8698b1f2f18c</td><td colSpan="1" rowSpan="1">elf: ldconfig should skip temporary files created by package managers This avoids crashes due to partially written files, after a package update is interrupted. Reviewed-by: Adhemerval Zanella </td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">cfb5a97a93ea656e3b2263e42142a4032986d9ba</td><td colSpan="1" rowSpan="1">ldconfig: Fixes for skipping temporary files. Arguments to a memchr call were swapped, causing incorrect skipping of files. Files related to dpkg have different names: they actually end in .dpkg-new and .dpkg-tmp, not .tmp as I mistakenly assumed. Fixes commit 2aa0974d2573441bffd59 (elf: ldconfig should skip temporary files created by package managers).</td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">980450f12685326729d63ff72e93a996113bf073</td><td colSpan="1" rowSpan="1">elf: Add TLS modid reuse test for bug 29039 This is a minimal regression test for bug 29039 which only affects targets with TLSDESC and a reproducer requires that 1) Have modid gaps (closed modules) with old generation. 2) Update a DTV to a newer generation (needs a newer dlopen). 3) But do not update the closed gap entry in that DTV. 4) Reuse the modid gap for a new module (another dlopen). 5) Use dynamic TLSDESC in that new module with old generation (bug). 6) Access TLS via this TLSDESC and the now outdated DTV. However step (3) in practice rarely happens: during DTV update the entries for closed modids are initialized to unallocated and then dynamic TLSDESC calls __tls_get_addr independently of its generation. The only exception to this is DTV setup at thread creation (gaps are initialized to NULL instead of unallocated) or DTV resize where the gap entries are outside the previous DTV array (again NULL instead of unallocated, and this requires loading &gt; DTV_SURPLUS modules). So the bug can only cause NULL (+ offset) dereference, not use after free. And the easiest way to get (3) is via thread creation. Note that step (5) requires that the newly loaded module has larger TLS than the remaining optional static TLS. And for (6) there cannot be other TLS access or dlopen in the thread that updates the DTV. Tested on aarch64-linux-gnu. Reviewed-by: Adhemerval Zanella </td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">3921c5b40f293c57cb326f58713c924b0662ef59</td><td colSpan="1" rowSpan="1">elf: Fix TLS modid reuse generation assignment (BZ 29039) _dl_assign_tls_modid() assigns a slotinfo entry for a new module, but does *not* do anything to the generation counter. The first time this happens, the generation is zero and map_generation() returns the current generation to be used during relocation processing. However, if a slotinfo entry is later reused, it will already have a generation assigned. If this generation has fallen behind the current global max generation, then this causes an obsolete generation to be assigned during relocation processing, as map_generation() returns this generation if nonzero. _dl_add_to_slotinfo() eventually resets the generation, but by then it is too late. This causes DTV updates to be skipped, leading to NULL or broken TLS slot pointers and segfaults. Fix this by resetting the generation to zero in _dl_assign_tls_modid(), so it behaves the same as the first time a slot is assigned. _dl_add_to_slotinfo() will still assign the correct static generation later during module load, but relocation processing will no longer use an obsolete generation. Note that slotinfo entry (aka modid) reuse typically happens after a dlclose and only TLS access via dynamic tlsdesc is affected. Because tlsdesc is optimized to use the optional part of static TLS, dynamic tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls tunable to a large enough value, or by LD_PRELOAD-ing the affected modules. Fixes bug 29039. Reviewed-by: Szabolcs Nagy </td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">434eca873f14f618d6c2279b54fb809fb56f2c50</td><td colSpan="1" rowSpan="1">elf: Fix _dl_debug_vdprintf to work before self-relocation The strlen might trigger and invalid GOT entry if it used before the process is self-relocated (for instance on dl-tunables if any error occurs). For i386, _dl_writev with PIE requires to use the old &#x27;int $0x80&#x27; syscall mode because the calling the TLS register (gs) is not yet initialized. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar </td></tr><tr><td colSpan="1" rowSpan="1">openEuler:glibc</td><td colSpan="1" rowSpan="1">1cce91d8aed5c3eca2b6f47767c82d9ed3e9e33f</td><td colSpan="1" rowSpan="1">elf: Check objname before calling fatal_error _dl_signal_error may be called with objname == NULL. _dl_exception_create checks objname == NULL. But fatal_error doesn&#x27;t. Check objname before calling fatal_error. This fixes BZ #31596. Reviewed-by: Sunil K Pandey </td></tr></table>【对外部是否有影响】否

src-openEuler/glibc
关闭

内容风险标识

评论 (4)

src-openEuler/glibc关闭 .gitee-modal { width: 500px !important; }

内容风险标识