diff -u eglibc-2.15/debian/changelog eglibc-2.15/debian/changelog --- eglibc-2.15/debian/changelog +++ eglibc-2.15/debian/changelog @@ -1,3 +1,10 @@ +eglibc (2.15-0ubuntu10.5+mokafive1) precise; urgency=low + + * Apply 2e64d265 from upstream glibc to fix a segfault on some + platforms, including amd64, when LD_AUDIT is used. + + -- Geoffrey Thomas Tue, 22 Oct 2013 15:21:43 -0700 + eglibc (2.15-0ubuntu10.5) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via diff -u eglibc-2.15/debian/patches/series eglibc-2.15/debian/patches/series --- eglibc-2.15/debian/patches/series +++ eglibc-2.15/debian/patches/series @@ -193,0 +194 @@ +any/cvs-ld_audit-segfault.diff only in patch2: unchanged: --- eglibc-2.15.orig/debian/patches/any/cvs-ld_audit-segfault.diff +++ eglibc-2.15/debian/patches/any/cvs-ld_audit-segfault.diff @@ -0,0 +1,75 @@ +commit 2e64d2659d3edaebc792ac596a9863f1626e5c25 +Author: H.J. Lu +Date: Wed Nov 14 15:44:40 2012 -0800 + + Skip audit if l_reloc_result is NULL + +diff --git a/elf/Makefile b/elf/Makefile +index c2f0e20..7e5c9c8 100644 +--- a/elf/Makefile ++++ b/elf/Makefile +@@ -142,7 +142,7 @@ tests += loadtest restest1 preloadtest loadfail multiload origtest resolvfail \ + tst-dlmodcount tst-dlopenrpath tst-deep1 \ + tst-dlmopen1 tst-dlmopen2 tst-dlmopen3 \ + unload3 unload4 unload5 unload6 unload7 unload8 tst-global1 order2 \ +- tst-audit1 tst-audit2 \ ++ tst-audit1 tst-audit2 tst-audit8 \ + tst-stackguard1 tst-addr1 tst-thrlock \ + tst-unique1 tst-unique2 tst-unique3 tst-unique4 \ + tst-initorder tst-initorder2 tst-relsort1 +@@ -1020,6 +1020,10 @@ $(objpfx)tst-audit7: $(objpfx)tst-auditmod7a.so + $(objpfx)tst-audit7.out: $(objpfx)tst-auditmod7b.so + tst-audit7-ENV = LD_AUDIT=$(objpfx)tst-auditmod7b.so + ++$(objpfx)tst-audit8: $(common-objpfx)math/libm.so ++$(objpfx)tst-audit8.out: $(objpfx)tst-auditmod1.so ++tst-audit8-ENV = LD_AUDIT=$(objpfx)tst-auditmod1.so ++ + $(objpfx)tst-global1: $(libdl) + $(objpfx)tst-global1.out: $(objpfx)testobj6.so $(objpfx)testobj2.so + +diff --git a/elf/dl-runtime.c b/elf/dl-runtime.c +index 2e02a21..7a3bc9e 100644 +--- a/elf/dl-runtime.c ++++ b/elf/dl-runtime.c +@@ -1,5 +1,5 @@ + /* On-demand PLT fixup for shared objects. +- Copyright (C) 1995-2009, 2010, 2011 Free Software Foundation, Inc. ++ Copyright (C) 1995-2012 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -164,6 +164,26 @@ _dl_profile_fixup ( + { + void (*mcount_fct) (ElfW(Addr), ElfW(Addr)) = INTUSE(_dl_mcount); + ++ if (l->l_reloc_result == NULL) ++ { ++ /* BZ #14843: ELF_DYNAMIC_RELOCATE is called before l_reloc_result ++ is allocated. We will get here if ELF_DYNAMIC_RELOCATE calls a ++ resolver function to resolve an IRELATIVE relocation and that ++ resolver calls a function that is not yet resolved (lazy). For ++ example, the resolver in x86-64 libm.so calls __get_cpu_features ++ defined in libc.so. Skip audit and resolve the external function ++ in this case. */ ++ *framesizep = -1; ++ return _dl_fixup ( ++# ifdef ELF_MACHINE_RUNTIME_FIXUP_ARGS ++# ifndef ELF_MACHINE_RUNTIME_FIXUP_PARAMS ++# error Please define ELF_MACHINE_RUNTIME_FIXUP_PARAMS. ++# endif ++ ELF_MACHINE_RUNTIME_FIXUP_PARAMS, ++# endif ++ l, reloc_arg); ++ } ++ + /* This is the address in the array where we store the result of previous + relocations. */ + struct reloc_result *reloc_result = &l->l_reloc_result[reloc_index]; +diff --git a/elf/tst-audit8.c b/elf/tst-audit8.c +new file mode 100644 +index 0000000..63656b4 +--- /dev/null ++++ b/elf/tst-audit8.c +@@ -0,0 +1 @@ ++#include "../io/pwd.c"