次要
【是否新引入rpm包,是否进行了安全编译选项扫描】
否
【定位分析】
例行回合社区bugfix补丁。
软件包 | CommitId | 描述 |
openEuler:glibc | 2aa0974d2573441bffd596b07bff8698b1f2f18c | elf: ldconfig should skip temporary files created by package managers This avoids crashes due to partially written files, after a package update is interrupted. Reviewed-by: Adhemerval Zanella |
openEuler:glibc | cfb5a97a93ea656e3b2263e42142a4032986d9ba | ldconfig: Fixes for skipping temporary files. Arguments to a memchr call were swapped, causing incorrect skipping of files. Files related to dpkg have different names: they actually end in .dpkg-new and .dpkg-tmp, not .tmp as I mistakenly assumed. Fixes commit 2aa0974d2573441bffd59 (elf: ldconfig should skip temporary files created by package managers). |
openEuler:glibc | 980450f12685326729d63ff72e93a996113bf073 | elf: Add TLS modid reuse test for bug 29039 This is a minimal regression test for bug 29039 which only affects targets with TLSDESC and a reproducer requires that 1) Have modid gaps (closed modules) with old generation. 2) Update a DTV to a newer generation (needs a newer dlopen). 3) But do not update the closed gap entry in that DTV. 4) Reuse the modid gap for a new module (another dlopen). 5) Use dynamic TLSDESC in that new module with old generation (bug). 6) Access TLS via this TLSDESC and the now outdated DTV. However step (3) in practice rarely happens: during DTV update the entries for closed modids are initialized to unallocated and then dynamic TLSDESC calls __tls_get_addr independently of its generation. The only exception to this is DTV setup at thread creation (gaps are initialized to NULL instead of unallocated) or DTV resize where the gap entries are outside the previous DTV array (again NULL instead of unallocated, and this requires loading > DTV_SURPLUS modules). So the bug can only cause NULL (+ offset) dereference, not use after free. And the easiest way to get (3) is via thread creation. Note that step (5) requires that the newly loaded module has larger TLS than the remaining optional static TLS. And for (6) there cannot be other TLS access or dlopen in the thread that updates the DTV. Tested on aarch64-linux-gnu. Reviewed-by: Adhemerval Zanella |
openEuler:glibc | 3921c5b40f293c57cb326f58713c924b0662ef59 | elf: Fix TLS modid reuse generation assignment (BZ 29039) _dl_assign_tls_modid() assigns a slotinfo entry for a new module, but does *not* do anything to the generation counter. The first time this happens, the generation is zero and map_generation() returns the current generation to be used during relocation processing. However, if a slotinfo entry is later reused, it will already have a generation assigned. If this generation has fallen behind the current global max generation, then this causes an obsolete generation to be assigned during relocation processing, as map_generation() returns this generation if nonzero. _dl_add_to_slotinfo() eventually resets the generation, but by then it is too late. This causes DTV updates to be skipped, leading to NULL or broken TLS slot pointers and segfaults. Fix this by resetting the generation to zero in _dl_assign_tls_modid(), so it behaves the same as the first time a slot is assigned. _dl_add_to_slotinfo() will still assign the correct static generation later during module load, but relocation processing will no longer use an obsolete generation. Note that slotinfo entry (aka modid) reuse typically happens after a dlclose and only TLS access via dynamic tlsdesc is affected. Because tlsdesc is optimized to use the optional part of static TLS, dynamic tlsdesc can be avoided by increasing the glibc.rtld.optional_static_tls tunable to a large enough value, or by LD_PRELOAD-ing the affected modules. Fixes bug 29039. Reviewed-by: Szabolcs Nagy |
openEuler:glibc | 434eca873f14f618d6c2279b54fb809fb56f2c50 | elf: Fix _dl_debug_vdprintf to work before self-relocation The strlen might trigger and invalid GOT entry if it used before the process is self-relocated (for instance on dl-tunables if any error occurs). For i386, _dl_writev with PIE requires to use the old 'int $0x80' syscall mode because the calling the TLS register (gs) is not yet initialized. Checked on x86_64-linux-gnu. Reviewed-by: Siddhesh Poyarekar |
openEuler:glibc | 1cce91d8aed5c3eca2b6f47767c82d9ed3e9e33f | elf: Check objname before calling fatal_error _dl_signal_error may be called with objname == NULL. _dl_exception_create checks objname == NULL. But fatal_error doesn't. Check objname before calling fatal_error. This fixes BZ #31596. Reviewed-by: Sunil K Pandey |
【对外部是否有影响】
否
Hi peulerosci, welcome to the openEuler Community.
I'm the Bot here serving you. You can find the instructions on how to interact with me at Here.
If you have any questions, please contact the SIG: Computing, and any of the maintainers: @openeuler-robot , @liqingqing_1229 , @SuperSix173 , @wangbin , @Juyin
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
https://sourceware.org/git/?p=glibc.git;a=commit;h=2aa0974d2573441bffd596b07bff8698b1f2f18c
https://sourceware.org/git/?p=glibc.git;a=commit;h=cfb5a97a93ea656e3b2263e42142a4032986d9ba
https://sourceware.org/git/?p=glibc.git;a=commit;h=434eca873f14f618d6c2279b54fb809fb56f2c50
https://sourceware.org/git/?p=glibc.git;a=commit;h=1cce91d8aed5c3eca2b6f47767c82d9ed3e9e33f
https://sourceware.org/git/?p=glibc.git;a=commit;h=980450f12685326729d63ff72e93a996113bf073
https://sourceware.org/git/?p=glibc.git;a=commit;h=3921c5b40f293c57cb326f58713c924b0662ef59
登录 后才可以发表评论