From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 128717 invoked by alias); 4 Feb 2019 14:53:44 -0000 Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Subscribe: List-Archive: Sender: libc-stable-owner@sourceware.org Received: (qmail 128702 invoked by uid 89); 4 Feb 2019 14:53:44 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=gai X-Spam-Status: No, score=-26.4 required=5.0 tests=BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,KAM_NUMSUBJECT,KAM_SHORT,SPF_HELO_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mx1.redhat.com Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 04 Feb 2019 14:53:42 +0000 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 811AC13CE4; Mon, 4 Feb 2019 14:53:41 +0000 (UTC) Received: from oldenburg2.str.redhat.com (dhcp-192-219.str.redhat.com [10.33.192.219]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 7F9966E9F6; Mon, 4 Feb 2019 14:53:40 +0000 (UTC) From: Florian Weimer To: Aurelien Jarno Cc: libc-stable@sourceware.org, carlos@redhat.com Subject: Re: Backporting CVE-2016-10739 References: <20190204134254.GA13816@aurel32.net> Date: Tue, 01 Jan 2019 00:00:00 -0000 In-Reply-To: <20190204134254.GA13816@aurel32.net> (Aurelien Jarno's message of "Mon, 4 Feb 2019 14:42:54 +0100") Message-ID: <871s4nppu4.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Mon, 04 Feb 2019 14:53:41 +0000 (UTC) X-IsSubscribed: yes X-SW-Source: 2019-02/txt/msg00007.txt.bz2 Here is the patch I'm testing to restore ABI after the regular backports. This looks fairly reasonable to me as far as such things go. I've put all patches on the fw/bug20018-backport branch on sourceware as well. Thanks, Florian Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018] This commit avoids adding the __inet_aton_exact@GLIBC_PRIVATE symbol. In master, the separately-compiled getaddrinfo implementation in nscd needs it, however such an internal ABI change is not desirable on a release branch if it can be avoided easily. 2019-02-04 Florian Weimer [BZ #20018] Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix. * include/arpa/inet.h (__inet_aton_exact): Declare as hidden. * resolv/inet_addr.c (__inet_aton_exact): Remove libc_hidden_def. * resolv/Versions (GLIBC_PRIVATE): Do not export __inet_aton_exact. * nscd/nscd-inet_addr.c: New file. Build resolv/inet_addr.c for nscd, without public symbols. * nscd/Makefile (nscd-modules): Add it. diff --git a/include/arpa/inet.h b/include/arpa/inet.h index 19aec74275..dce60b4909 100644 --- a/include/arpa/inet.h +++ b/include/arpa/inet.h @@ -2,8 +2,8 @@ #ifndef _ISOMAC /* Variant of inet_aton which rejects trailing garbage. */ -extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp); -libc_hidden_proto (__inet_aton_exact) +extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp) + attribute_hidden; libc_hidden_proto (inet_ntop) libc_hidden_proto (inet_pton) diff --git a/nscd/Makefile b/nscd/Makefile index b713a84c49..eb23c01a39 100644 --- a/nscd/Makefile +++ b/nscd/Makefile @@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \ getsrvbynm_r getsrvbypt_r servicescache \ dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \ xmalloc xstrdup aicache initgrcache gai res_hconf \ - netgroupcache + netgroupcache nscd-inet_addr ifeq ($(build-nscd)$(have-thread-library),yesyes) diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c new file mode 100644 index 0000000000..cfa4ac7462 --- /dev/null +++ b/nscd/nscd-inet_addr.c @@ -0,0 +1,24 @@ +/* Legacy IPv4 text-to-address functions. Version for nscd. + Copyright (C) 2019 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +/* Do not provide definitions of the public symbols exported from + libc. */ +#undef weak_alias +#define weak_alias(from, to) + +#include diff --git a/resolv/Versions b/resolv/Versions index 9a82704af7..b05778d965 100644 --- a/resolv/Versions +++ b/resolv/Versions @@ -27,7 +27,6 @@ libc { __h_errno; __resp; __res_iclose; - __inet_aton_exact; __inet_pton_length; __resolv_context_get; __resolv_context_get_preinit; diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c index 41b6166a5b..1bc4a2c4d6 100644 --- a/resolv/inet_addr.c +++ b/resolv/inet_addr.c @@ -192,7 +192,6 @@ __inet_aton_exact (const char *cp, struct in_addr *addr) else return 0; } -libc_hidden_def (__inet_aton_exact) /* inet_aton ignores trailing garbage. */ int