-rw-r--r-- root/root etc/ld.so.conf
drwxr-xr-x root/root etc/ld.so.conf.d/
lrwxrwxrwx root/root etc/localtime -> ../usr/share/zoneinfo/UTC
+-rw-r--r-- root/root etc/nscd.conf
-rw-r--r-- root/root etc/nsswitch.conf
-rw-r--r-- root/root etc/resolv.conf
-rw-r--r-- root/root etc/rpc
drwxr-xr-x root/root lib/
--rwxr-xr-x root/root lib/ld-2.19.so
-lrwxrwxrwx root/root lib/ld-linux-armhf.so.3 -> ld-2.19.so
--rwxr-xr-x root/root lib/libBrokenLocale-2.19.so
-lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.19.so
+-rwxr-xr-x root/root lib/ld-2.22.so
+lrwxrwxrwx root/root lib/ld-linux-armhf.so.3 -> ld-2.22.so
+-rwxr-xr-x root/root lib/libBrokenLocale-2.22.so
+lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.22.so
-rwxr-xr-x root/root lib/libSegFault.so
--rwxr-xr-x root/root lib/libanl-2.19.so
-lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.19.so
--rwxr-xr-x root/root lib/libc-2.19.so
-lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.19.so
--rwxr-xr-x root/root lib/libcidn-2.19.so
-lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.19.so
--rwxr-xr-x root/root lib/libcrypt-2.19.so
-lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.19.so
--rwxr-xr-x root/root lib/libdl-2.19.so
-lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.19.so
--rwxr-xr-x root/root lib/libm-2.19.so
-lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.19.so
+-rwxr-xr-x root/root lib/libanl-2.22.so
+lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.22.so
+-rwxr-xr-x root/root lib/libc-2.22.so
+lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.22.so
+-rwxr-xr-x root/root lib/libcidn-2.22.so
+lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.22.so
+-rwxr-xr-x root/root lib/libcrypt-2.22.so
+lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.22.so
+-rwxr-xr-x root/root lib/libdl-2.22.so
+lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.22.so
+-rwxr-xr-x root/root lib/libm-2.22.so
+lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.22.so
-rwxr-xr-x root/root lib/libmemusage.so
--rwxr-xr-x root/root lib/libnsl-2.19.so
-lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.19.so
--rwxr-xr-x root/root lib/libnss_compat-2.19.so
-lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.19.so
--rwxr-xr-x root/root lib/libnss_db-2.19.so
-lrwxrwxrwx root/root lib/libnss_db.so.2 -> libnss_db-2.19.so
--rwxr-xr-x root/root lib/libnss_dns-2.19.so
-lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.19.so
--rwxr-xr-x root/root lib/libnss_files-2.19.so
-lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.19.so
--rwxr-xr-x root/root lib/libnss_hesiod-2.19.so
-lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.19.so
--rwxr-xr-x root/root lib/libnss_nis-2.19.so
-lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.19.so
--rwxr-xr-x root/root lib/libnss_nisplus-2.19.so
-lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.19.so
+-rwxr-xr-x root/root lib/libnsl-2.22.so
+lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.22.so
+-rwxr-xr-x root/root lib/libnss_compat-2.22.so
+lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.22.so
+-rwxr-xr-x root/root lib/libnss_db-2.22.so
+lrwxrwxrwx root/root lib/libnss_db.so.2 -> libnss_db-2.22.so
+-rwxr-xr-x root/root lib/libnss_dns-2.22.so
+lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.22.so
+-rwxr-xr-x root/root lib/libnss_files-2.22.so
+lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.22.so
+-rwxr-xr-x root/root lib/libnss_hesiod-2.22.so
+lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.22.so
+-rwxr-xr-x root/root lib/libnss_nis-2.22.so
+lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.22.so
+-rwxr-xr-x root/root lib/libnss_nisplus-2.22.so
+lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.22.so
-rwxr-xr-x root/root lib/libpcprofile.so
--rwxr-xr-x root/root lib/libpthread-2.19.so
-lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.19.so
--rwxr-xr-x root/root lib/libresolv-2.19.so
-lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.19.so
--rwxr-xr-x root/root lib/librt-2.19.so
-lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.19.so
+-rwxr-xr-x root/root lib/libpthread-2.22.so
+lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.22.so
+-rwxr-xr-x root/root lib/libresolv-2.22.so
+lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.22.so
+-rwxr-xr-x root/root lib/librt-2.22.so
+lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.22.so
-rwxr-xr-x root/root lib/libthread_db-1.0.so
lrwxrwxrwx root/root lib/libthread_db.so.1 -> libthread_db-1.0.so
--rwxr-xr-x root/root lib/libutil-2.19.so
-lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.19.so
+-rwxr-xr-x root/root lib/libutil-2.22.so
+lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.22.so
drwxr-xr-x root/root sbin/
-rwxr-xr-x root/root sbin/ldconfig
-rwxr-xr-x root/root sbin/sln
-rw-r--r-- root/root usr/include/asm/mman.h
-rw-r--r-- root/root usr/include/asm/msgbuf.h
-rw-r--r-- root/root usr/include/asm/param.h
+-rw-r--r-- root/root usr/include/asm/perf_regs.h
-rw-r--r-- root/root usr/include/asm/poll.h
-rw-r--r-- root/root usr/include/asm/posix_types.h
-rw-r--r-- root/root usr/include/asm/ptrace.h
-rw-r--r-- root/root usr/include/bits/ipctypes.h
-rw-r--r-- root/root usr/include/bits/libc-lock.h
-rw-r--r-- root/root usr/include/bits/libio-ldbl.h
+-rw-r--r-- root/root usr/include/bits/libm-simd-decl-stubs.h
-rw-r--r-- root/root usr/include/bits/link.h
-rw-r--r-- root/root usr/include/bits/local_lim.h
-rw-r--r-- root/root usr/include/bits/locale.h
-rw-r--r-- root/root usr/include/bits/math-finite.h
+-rw-r--r-- root/root usr/include/bits/math-vector.h
-rw-r--r-- root/root usr/include/bits/mathcalls.h
-rw-r--r-- root/root usr/include/bits/mathdef.h
-rw-r--r-- root/root usr/include/bits/mathinline.h
-rw-r--r-- root/root usr/include/glob.h
-rw-r--r-- root/root usr/include/gnu-versions.h
drwxr-xr-x root/root usr/include/gnu/
+-rw-r--r-- root/root usr/include/gnu/lib-names-hard.h
-rw-r--r-- root/root usr/include/gnu/lib-names.h
-rw-r--r-- root/root usr/include/gnu/libc-version.h
-rw-r--r-- root/root usr/include/gnu/stubs-hard.h
+lrwxrwxrwx root/root usr/include/gnu/stubs-soft.h -> stubs-hard.h
-rw-r--r-- root/root usr/include/gnu/stubs.h
-rw-r--r-- root/root usr/include/grp.h
-rw-r--r-- root/root usr/include/gshadow.h
-rw-r--r-- root/root usr/include/linux/affs_hardblocks.h
-rw-r--r-- root/root usr/include/linux/agpgart.h
-rw-r--r-- root/root usr/include/linux/aio_abi.h
+-rw-r--r-- root/root usr/include/linux/am437x-vpfe.h
+drwxr-xr-x root/root usr/include/linux/android/
+-rw-r--r-- root/root usr/include/linux/android/..install.cmd
+-rw-r--r-- root/root usr/include/linux/android/.install (EMPTY)
+-rw-r--r-- root/root usr/include/linux/android/binder.h
-rw-r--r-- root/root usr/include/linux/apm_bios.h
-rw-r--r-- root/root usr/include/linux/arcfb.h
-rw-r--r-- root/root usr/include/linux/atalk.h
-rw-r--r-- root/root usr/include/linux/binfmts.h
-rw-r--r-- root/root usr/include/linux/blkpg.h
-rw-r--r-- root/root usr/include/linux/blktrace_api.h
+-rw-r--r-- root/root usr/include/linux/bpf.h
+-rw-r--r-- root/root usr/include/linux/bpf_common.h
-rw-r--r-- root/root usr/include/linux/bpqether.h
-rw-r--r-- root/root usr/include/linux/bsg.h
-rw-r--r-- root/root usr/include/linux/btrfs.h
-rw-r--r-- root/root usr/include/linux/firewire-cdev.h
-rw-r--r-- root/root usr/include/linux/firewire-constants.h
-rw-r--r-- root/root usr/include/linux/flat.h
+-rw-r--r-- root/root usr/include/linux/fou.h
-rw-r--r-- root/root usr/include/linux/fs.h
-rw-r--r-- root/root usr/include/linux/fsl_hypervisor.h
-rw-r--r-- root/root usr/include/linux/fuse.h
drwxr-xr-x root/root usr/include/linux/hsi/
-rw-r--r-- root/root usr/include/linux/hsi/..install.cmd
-rw-r--r-- root/root usr/include/linux/hsi/.install (EMPTY)
+-rw-r--r-- root/root usr/include/linux/hsi/cs-protocol.h
-rw-r--r-- root/root usr/include/linux/hsi/hsi_char.h
+-rw-r--r-- root/root usr/include/linux/hsr_netlink.h
-rw-r--r-- root/root usr/include/linux/hw_breakpoint.h
+-rw-r--r-- root/root usr/include/linux/hyperv.h
-rw-r--r-- root/root usr/include/linux/hysdn_if.h
-rw-r--r-- root/root usr/include/linux/i2c-dev.h
-rw-r--r-- root/root usr/include/linux/i2c.h
-rw-r--r-- root/root usr/include/linux/if_vlan.h
-rw-r--r-- root/root usr/include/linux/if_x25.h
-rw-r--r-- root/root usr/include/linux/igmp.h
+drwxr-xr-x root/root usr/include/linux/iio/
+-rw-r--r-- root/root usr/include/linux/iio/..install.cmd
+-rw-r--r-- root/root usr/include/linux/iio/.install (EMPTY)
+-rw-r--r-- root/root usr/include/linux/iio/events.h
+-rw-r--r-- root/root usr/include/linux/iio/types.h
-rw-r--r-- root/root usr/include/linux/in.h
-rw-r--r-- root/root usr/include/linux/in6.h
-rw-r--r-- root/root usr/include/linux/in_route.h
-rw-r--r-- root/root usr/include/linux/ixjuser.h
-rw-r--r-- root/root usr/include/linux/jffs2.h
-rw-r--r-- root/root usr/include/linux/joystick.h
+-rw-r--r-- root/root usr/include/linux/kcmp.h
-rw-r--r-- root/root usr/include/linux/kd.h
-rw-r--r-- root/root usr/include/linux/kdev_t.h
-rw-r--r-- root/root usr/include/linux/kernel-page-flags.h
-rw-r--r-- root/root usr/include/linux/map_to_7segment.h
-rw-r--r-- root/root usr/include/linux/matroxfb.h
-rw-r--r-- root/root usr/include/linux/mdio.h
+-rw-r--r-- root/root usr/include/linux/media-bus-format.h
-rw-r--r-- root/root usr/include/linux/media.h
-rw-r--r-- root/root usr/include/linux/mei.h
+-rw-r--r-- root/root usr/include/linux/memfd.h
-rw-r--r-- root/root usr/include/linux/mempolicy.h
-rw-r--r-- root/root usr/include/linux/meye.h
+-rw-r--r-- root/root usr/include/linux/mic_common.h
+-rw-r--r-- root/root usr/include/linux/mic_ioctl.h
-rw-r--r-- root/root usr/include/linux/mii.h
-rw-r--r-- root/root usr/include/linux/minix_fs.h
-rw-r--r-- root/root usr/include/linux/mman.h
-rw-r--r-- root/root usr/include/linux/mmc/.install (EMPTY)
-rw-r--r-- root/root usr/include/linux/mmc/ioctl.h
-rw-r--r-- root/root usr/include/linux/mmtimer.h
+-rw-r--r-- root/root usr/include/linux/mpls.h
-rw-r--r-- root/root usr/include/linux/mqueue.h
-rw-r--r-- root/root usr/include/linux/mroute.h
-rw-r--r-- root/root usr/include/linux/mroute6.h
-rw-r--r-- root/root usr/include/linux/neighbour.h
-rw-r--r-- root/root usr/include/linux/net.h
-rw-r--r-- root/root usr/include/linux/net_dropmon.h
+-rw-r--r-- root/root usr/include/linux/net_namespace.h
-rw-r--r-- root/root usr/include/linux/net_tstamp.h
-rw-r--r-- root/root usr/include/linux/netconf.h
-rw-r--r-- root/root usr/include/linux/netdevice.h
-rw-r--r-- root/root usr/include/linux/netfilter/nf_conntrack_tcp.h
-rw-r--r-- root/root usr/include/linux/netfilter/nf_conntrack_tuple_common.h
-rw-r--r-- root/root usr/include/linux/netfilter/nf_nat.h
+-rw-r--r-- root/root usr/include/linux/netfilter/nf_tables.h
+-rw-r--r-- root/root usr/include/linux/netfilter/nf_tables_compat.h
-rw-r--r-- root/root usr/include/linux/netfilter/nfnetlink.h
-rw-r--r-- root/root usr/include/linux/netfilter/nfnetlink_acct.h
-rw-r--r-- root/root usr/include/linux/netfilter/nfnetlink_compat.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_TPROXY.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_addrtype.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_bpf.h
+-rw-r--r-- root/root usr/include/linux/netfilter/xt_cgroup.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_cluster.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_comment.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_connbytes.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_esp.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_hashlimit.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_helper.h
+-rw-r--r-- root/root usr/include/linux/netfilter/xt_ipcomp.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_iprange.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_ipvs.h
+-rw-r--r-- root/root usr/include/linux/netfilter/xt_l2tp.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_length.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_limit.h
-rw-r--r-- root/root usr/include/linux/netfilter/xt_mac.h
-rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebt_pkttype.h
-rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebt_redirect.h
-rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebt_stp.h
--rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebt_ulog.h
-rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebt_vlan.h
-rw-r--r-- root/root usr/include/linux/netfilter_bridge/ebtables.h
-rw-r--r-- root/root usr/include/linux/netfilter_decnet.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_LOG.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_REJECT.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_TTL.h
--rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_ULOG.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_ah.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_ecn.h
-rw-r--r-- root/root usr/include/linux/netfilter_ipv4/ipt_ttl.h
-rw-r--r-- root/root usr/include/linux/ppp_defs.h
-rw-r--r-- root/root usr/include/linux/pps.h
-rw-r--r-- root/root usr/include/linux/prctl.h
+-rw-r--r-- root/root usr/include/linux/psci.h
-rw-r--r-- root/root usr/include/linux/ptp_clock.h
-rw-r--r-- root/root usr/include/linux/ptrace.h
-rw-r--r-- root/root usr/include/linux/qnx4_fs.h
-rw-r--r-- root/root usr/include/linux/shm.h
-rw-r--r-- root/root usr/include/linux/signal.h
-rw-r--r-- root/root usr/include/linux/signalfd.h
+-rw-r--r-- root/root usr/include/linux/smiapp.h
-rw-r--r-- root/root usr/include/linux/snmp.h
-rw-r--r-- root/root usr/include/linux/sock_diag.h
-rw-r--r-- root/root usr/include/linux/socket.h
-rw-r--r-- root/root usr/include/linux/sockios.h
--rw-r--r-- root/root usr/include/linux/som.h
-rw-r--r-- root/root usr/include/linux/sonet.h
-rw-r--r-- root/root usr/include/linux/sonypi.h
-rw-r--r-- root/root usr/include/linux/sound.h
-rw-r--r-- root/root usr/include/linux/synclink.h
-rw-r--r-- root/root usr/include/linux/sysctl.h
-rw-r--r-- root/root usr/include/linux/sysinfo.h
+-rw-r--r-- root/root usr/include/linux/target_core_user.h
-rw-r--r-- root/root usr/include/linux/taskstats.h
drwxr-xr-x root/root usr/include/linux/tc_act/
-rw-r--r-- root/root usr/include/linux/tc_act/..install.cmd
-rw-r--r-- root/root usr/include/linux/tc_act/.install (EMPTY)
+-rw-r--r-- root/root usr/include/linux/tc_act/tc_bpf.h
+-rw-r--r-- root/root usr/include/linux/tc_act/tc_connmark.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_csum.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_defact.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_gact.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_nat.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_pedit.h
-rw-r--r-- root/root usr/include/linux/tc_act/tc_skbedit.h
+-rw-r--r-- root/root usr/include/linux/tc_act/tc_vlan.h
drwxr-xr-x root/root usr/include/linux/tc_ematch/
-rw-r--r-- root/root usr/include/linux/tc_ematch/..install.cmd
-rw-r--r-- root/root usr/include/linux/tc_ematch/.install (EMPTY)
-rw-r--r-- root/root usr/include/linux/tcp_metrics.h
-rw-r--r-- root/root usr/include/linux/telephony.h
-rw-r--r-- root/root usr/include/linux/termios.h
+-rw-r--r-- root/root usr/include/linux/thermal.h
-rw-r--r-- root/root usr/include/linux/time.h
-rw-r--r-- root/root usr/include/linux/times.h
-rw-r--r-- root/root usr/include/linux/timex.h
-rw-r--r-- root/root usr/include/linux/tiocl.h
-rw-r--r-- root/root usr/include/linux/tipc.h
-rw-r--r-- root/root usr/include/linux/tipc_config.h
+-rw-r--r-- root/root usr/include/linux/tipc_netlink.h
-rw-r--r-- root/root usr/include/linux/toshiba.h
-rw-r--r-- root/root usr/include/linux/tty.h
-rw-r--r-- root/root usr/include/linux/tty_flags.h
-rw-r--r-- root/root usr/include/linux/usb/..install.cmd
-rw-r--r-- root/root usr/include/linux/usb/.install (EMPTY)
-rw-r--r-- root/root usr/include/linux/usb/audio.h
+-rw-r--r-- root/root usr/include/linux/usb/cdc-wdm.h
-rw-r--r-- root/root usr/include/linux/usb/cdc.h
-rw-r--r-- root/root usr/include/linux/usb/ch11.h
-rw-r--r-- root/root usr/include/linux/usb/ch9.h
-rw-r--r-- root/root usr/include/linux/usb/tmc.h
-rw-r--r-- root/root usr/include/linux/usb/video.h
-rw-r--r-- root/root usr/include/linux/usbdevice_fs.h
+-rw-r--r-- root/root usr/include/linux/usbip.h
-rw-r--r-- root/root usr/include/linux/utime.h
-rw-r--r-- root/root usr/include/linux/utsname.h
-rw-r--r-- root/root usr/include/linux/uuid.h
-rw-r--r-- root/root usr/include/linux/virtio_config.h
-rw-r--r-- root/root usr/include/linux/virtio_console.h
-rw-r--r-- root/root usr/include/linux/virtio_ids.h
+-rw-r--r-- root/root usr/include/linux/virtio_input.h
-rw-r--r-- root/root usr/include/linux/virtio_net.h
-rw-r--r-- root/root usr/include/linux/virtio_pci.h
-rw-r--r-- root/root usr/include/linux/virtio_ring.h
-rw-r--r-- root/root usr/include/linux/virtio_rng.h
+-rw-r--r-- root/root usr/include/linux/virtio_scsi.h
+-rw-r--r-- root/root usr/include/linux/virtio_types.h
+-rw-r--r-- root/root usr/include/linux/vm_sockets.h
-rw-r--r-- root/root usr/include/linux/vt.h
-rw-r--r-- root/root usr/include/linux/wait.h
-rw-r--r-- root/root usr/include/linux/wanrouter.h
-rw-r--r-- root/root usr/include/linux/x25.h
-rw-r--r-- root/root usr/include/linux/xattr.h
-rw-r--r-- root/root usr/include/linux/xfrm.h
+-rw-r--r-- root/root usr/include/linux/xilinx-v4l2-controls.h
+-rw-r--r-- root/root usr/include/linux/zorro.h
+-rw-r--r-- root/root usr/include/linux/zorro_ids.h
-rw-r--r-- root/root usr/include/locale.h
-rw-r--r-- root/root usr/include/malloc.h
-rw-r--r-- root/root usr/include/math.h
-rw-r--r-- root/root usr/include/mcheck.h
-rw-r--r-- root/root usr/include/memory.h
+drwxr-xr-x root/root usr/include/misc/
+-rw-r--r-- root/root usr/include/misc/..install.cmd
+-rw-r--r-- root/root usr/include/misc/.install (EMPTY)
+-rw-r--r-- root/root usr/include/misc/cxl.h
-rw-r--r-- root/root usr/include/mntent.h
-rw-r--r-- root/root usr/include/monetary.h
-rw-r--r-- root/root usr/include/mqueue.h
-rw-r--r-- root/root usr/include/sound/compress_offload.h
-rw-r--r-- root/root usr/include/sound/compress_params.h
-rw-r--r-- root/root usr/include/sound/emu10k1.h
+-rw-r--r-- root/root usr/include/sound/firewire.h
-rw-r--r-- root/root usr/include/sound/hdsp.h
-rw-r--r-- root/root usr/include/sound/hdspm.h
-rw-r--r-- root/root usr/include/sound/sb16_csp.h
-rw-r--r-- root/root usr/include/xen/..install.cmd
-rw-r--r-- root/root usr/include/xen/.install (EMPTY)
-rw-r--r-- root/root usr/include/xen/evtchn.h
+-rw-r--r-- root/root usr/include/xen/gntalloc.h
+-rw-r--r-- root/root usr/include/xen/gntdev.h
-rw-r--r-- root/root usr/include/xen/privcmd.h
-rw-r--r-- root/root usr/include/xlocale.h
drwxr-xr-x root/root usr/lib/
-rw-r--r-- root/root usr/share/i18n/locales/ber_DZ
-rw-r--r-- root/root usr/share/i18n/locales/ber_MA
-rw-r--r-- root/root usr/share/i18n/locales/bg_BG
+-rw-r--r-- root/root usr/share/i18n/locales/bhb_IN
-rw-r--r-- root/root usr/share/i18n/locales/bho_IN
-rw-r--r-- root/root usr/share/i18n/locales/bn_BD
-rw-r--r-- root/root usr/share/i18n/locales/bn_IN
-rw-r--r-- root/root usr/share/i18n/locales/ca_ES@euro
-rw-r--r-- root/root usr/share/i18n/locales/ca_FR
-rw-r--r-- root/root usr/share/i18n/locales/ca_IT
+-rw-r--r-- root/root usr/share/i18n/locales/ce_RU
-rw-r--r-- root/root usr/share/i18n/locales/cmn_TW
-rw-r--r-- root/root usr/share/i18n/locales/crh_UA
-rw-r--r-- root/root usr/share/i18n/locales/cs_CZ
-rw-r--r-- root/root usr/share/i18n/locales/pt_PT
-rw-r--r-- root/root usr/share/i18n/locales/pt_PT@euro
-rw-r--r-- root/root usr/share/i18n/locales/quz_PE
+-rw-r--r-- root/root usr/share/i18n/locales/raj_IN
-rw-r--r-- root/root usr/share/i18n/locales/ro_RO
-rw-r--r-- root/root usr/share/i18n/locales/ru_RU
-rw-r--r-- root/root usr/share/i18n/locales/ru_UA
-rw-r--r-- root/root usr/share/i18n/locales/szl_PL
-rw-r--r-- root/root usr/share/i18n/locales/ta_IN
-rw-r--r-- root/root usr/share/i18n/locales/ta_LK
+-rw-r--r-- root/root usr/share/i18n/locales/tcy_IN
-rw-r--r-- root/root usr/share/i18n/locales/te_IN
-rw-r--r-- root/root usr/share/i18n/locales/tg_TJ
-rw-r--r-- root/root usr/share/i18n/locales/th_TH
drwxr-xr-x root/root var/
drwxr-xr-x root/root var/db/
-rw-r--r-- root/root var/db/Makefile
+drwxr-xr-x root/root var/db/nscd/
+drwxr-xr-x root/root var/run/
+drwxr-xr-x root/root var/run/nscd/
-c241d3240d0d98af4f1b948cd940dbd8 CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch
-1d06c7a6084db7710bec7215143c5799 CVE-2014-0475.patch
-59f56ab2c3b3334074c07dec6c217301 CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch
-27ae57547600f9c6a9a897aa6f4e5555 CVE-2014-9402-Avoid-infinite-loop-in-nss_dns-getnetbyname.patch
-b2a77e95e8694f37415f86e8bc0a1fe5 CVE-2015-1472-wscanf-allocates-too-little-memory.patch
-e26b8cc666b162f999404b03970f14e4 glibc-2.19.tar.xz
+e51e02bf552a0a1fbbdc948fb2f5e83c glibc-2.22.tar.xz
96156bec8e05de67384dc93e72bdc313 host.conf
fbbc215a9b15ba4846f326cc88108057 hosts
-922519df77d72faea626ddc3854d6bad iconv-gconv_trans.c.patch
f7fefce570a3c776e26e778c5e401490 ld.so.conf
-cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz
+af9dd5d8f71185a64a8eccface15fc00 linux-4.1.13.tar.xz
75931315bf9bc9be15a5e25e4ddd5f0d nsswitch.conf
acf9daad1ee85de5efd3543965596a63 resolv.conf
+++ /dev/null
-From 6143805bb45e716829d86851e9372f55a136064b Mon Sep 17 00:00:00 2001
-From: Jeff Law <law@redhat.com>
-Date: Mon, 15 Dec 2014 10:09:32 +0100
-Subject: [PATCH 35/37] CVE-2012-3406: Stack overflow in vfprintf [BZ #16617]
-
-A larger number of format specifiers coudld cause a stack overflow,
-potentially allowing to bypass _FORTIFY_SOURCE format string
-protection.
-
-Conflicts:
- ChangeLog
- NEWS
----
- ChangeLog | 13 +++++++++
- NEWS | 57 ++++++++++++++++++++++++++++++++++++++++
- stdio-common/Makefile | 2 +-
- stdio-common/bug23-2.c | 70 +++++++++++++++++++++++++++++++++++++++++++++++++
- stdio-common/bug23-3.c | 50 +++++++++++++++++++++++++++++++++++
- stdio-common/bug23-4.c | 31 ++++++++++++++++++++++
- stdio-common/vfprintf.c | 40 ++++++++++++++++++++++++++--
- 7 files changed, 260 insertions(+), 3 deletions(-)
- create mode 100644 stdio-common/bug23-2.c
- create mode 100644 stdio-common/bug23-3.c
- create mode 100644 stdio-common/bug23-4.c
-
-diff --git a/stdio-common/bug23-2.c b/stdio-common/bug23-2.c
-new file mode 100644
-index 0000000..9e0cfe6
---- /dev/null
-+++ b/stdio-common/bug23-2.c
-@@ -0,0 +1,70 @@
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+
-+static const char expected[] = "\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55\
-+\n\
-+a\n\
-+abbcd55%%%%%%%%%%%%%%%%%%%%%%%%%%\n";
-+
-+static int
-+do_test (void)
-+{
-+ char *buf = malloc (strlen (expected) + 1);
-+ snprintf (buf, strlen (expected) + 1,
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%\n",
-+ "a", "b", "c", "d", 5);
-+ return strcmp (buf, expected) != 0;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-diff --git a/stdio-common/bug23-3.c b/stdio-common/bug23-3.c
-new file mode 100644
-index 0000000..57c8cef
---- /dev/null
-+++ b/stdio-common/bug23-3.c
-@@ -0,0 +1,50 @@
-+#include <stdio.h>
-+#include <string.h>
-+#include <stdlib.h>
-+
-+int
-+do_test (void)
-+{
-+ size_t instances = 16384;
-+#define X0 "\n%1$s\n" "%1$s" "%2$s" "%2$s" "%3$s" "%4$s" "%5$d" "%5$d"
-+ const char *item = "\na\nabbcd55";
-+#define X3 X0 X0 X0 X0 X0 X0 X0 X0
-+#define X6 X3 X3 X3 X3 X3 X3 X3 X3
-+#define X9 X6 X6 X6 X6 X6 X6 X6 X6
-+#define X12 X9 X9 X9 X9 X9 X9 X9 X9
-+#define X14 X12 X12 X12 X12
-+#define TRAILER "%%%%%%%%%%%%%%%%%%%%%%%%%%"
-+#define TRAILER2 TRAILER TRAILER
-+ size_t length = instances * strlen (item) + strlen (TRAILER) + 1;
-+
-+ char *buf = malloc (length + 1);
-+ snprintf (buf, length + 1,
-+ X14 TRAILER2 "\n",
-+ "a", "b", "c", "d", 5);
-+
-+ const char *p = buf;
-+ size_t i;
-+ for (i = 0; i < instances; ++i)
-+ {
-+ const char *expected;
-+ for (expected = item; *expected; ++expected)
-+ {
-+ if (*p != *expected)
-+ {
-+ printf ("mismatch at offset %zu (%zu): expected %d, got %d\n",
-+ (size_t) (p - buf), i, *expected & 0xFF, *p & 0xFF);
-+ return 1;
-+ }
-+ ++p;
-+ }
-+ }
-+ if (strcmp (p, TRAILER "\n") != 0)
-+ {
-+ printf ("mismatch at trailer: [%s]\n", p);
-+ return 1;
-+ }
-+ free (buf);
-+ return 0;
-+}
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-diff --git a/stdio-common/bug23-4.c b/stdio-common/bug23-4.c
-new file mode 100644
-index 0000000..a478564
---- /dev/null
-+++ b/stdio-common/bug23-4.c
-@@ -0,0 +1,31 @@
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/resource.h>
-+
-+#define LIMIT 1000000
-+
-+int
-+main (void)
-+{
-+ struct rlimit lim;
-+ getrlimit (RLIMIT_STACK, &lim);
-+ lim.rlim_cur = 1048576;
-+ setrlimit (RLIMIT_STACK, &lim);
-+ char *fmtstr = malloc (4 * LIMIT + 1);
-+ if (fmtstr == NULL)
-+ abort ();
-+ char *output = malloc (LIMIT + 1);
-+ if (output == NULL)
-+ abort ();
-+ for (size_t i = 0; i < LIMIT; i++)
-+ memcpy (fmtstr + 4 * i, "%1$d", 4);
-+ fmtstr[4 * LIMIT] = '\0';
-+ int ret = snprintf (output, LIMIT + 1, fmtstr, 0);
-+ if (ret != LIMIT)
-+ abort ();
-+ for (size_t i = 0; i < LIMIT; i++)
-+ if (output[i] != '0')
-+ abort ();
-+ return 0;
-+}
-diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c
-index f7e5f61..f423be6 100644
---- a/stdio-common/vfprintf.c
-+++ b/stdio-common/vfprintf.c
-@@ -263,6 +263,12 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap)
- /* For the argument descriptions, which may be allocated on the heap. */
- void *args_malloced = NULL;
-
-+ /* For positional argument handling. */
-+ struct printf_spec *specs;
-+
-+ /* Track if we malloced the SPECS array and thus must free it. */
-+ bool specs_malloced = false;
-+
- /* This table maps a character into a number representing a
- class. In each step there is a destination label for each
- class. */
-@@ -1678,8 +1684,8 @@ do_positional:
- size_t nspecs = 0;
- /* A more or less arbitrary start value. */
- size_t nspecs_size = 32 * sizeof (struct printf_spec);
-- struct printf_spec *specs = alloca (nspecs_size);
-
-+ specs = alloca (nspecs_size);
- /* The number of arguments the format string requests. This will
- determine the size of the array needed to store the argument
- attributes. */
-@@ -1720,11 +1726,39 @@ do_positional:
- if (nspecs * sizeof (*specs) >= nspecs_size)
- {
- /* Extend the array of format specifiers. */
-+ if (nspecs_size * 2 < nspecs_size)
-+ {
-+ __set_errno (ENOMEM);
-+ done = -1;
-+ goto all_done;
-+ }
- struct printf_spec *old = specs;
-- specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size);
-+ if (__libc_use_alloca (2 * nspecs_size))
-+ specs = extend_alloca (specs, nspecs_size, 2 * nspecs_size);
-+ else
-+ {
-+ nspecs_size *= 2;
-+ specs = malloc (nspecs_size);
-+ if (specs == NULL)
-+ {
-+ __set_errno (ENOMEM);
-+ specs = old;
-+ done = -1;
-+ goto all_done;
-+ }
-+ }
-
- /* Copy the old array's elements to the new space. */
- memmove (specs, old, nspecs * sizeof (*specs));
-+
-+ /* If we had previously malloc'd space for SPECS, then
-+ release it after the copy is complete. */
-+ if (specs_malloced)
-+ free (old);
-+
-+ /* Now set SPECS_MALLOCED if needed. */
-+ if (!__libc_use_alloca (nspecs_size))
-+ specs_malloced = true;
- }
-
- /* Parse the format specifier. */
-@@ -2045,6 +2079,8 @@ do_positional:
- }
-
- all_done:
-+ if (specs_malloced)
-+ free (specs);
- if (__glibc_unlikely (args_malloced != NULL))
- free (args_malloced);
- if (__glibc_unlikely (workstart != NULL))
---
-2.2.1
-
+++ /dev/null
-From 176fc6c7ddec8d93468f9b790d39dcab6d41b1a6 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 12 May 2014 15:24:12 +0200
-Subject: [PATCH] _nl_find_locale: Improve handling of crafted locale names [BZ #17137]
-
-Prevent directory traversal in locale-related environment variables
-(CVE-2014-0475).
-
-(cherry picked from commit 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3)
-
-Conflicts:
- NEWS
- localedata/Makefile
----
- ChangeLog | 9 ++
- NEWS | 11 ++-
- locale/findlocale.c | 74 +++++++++++++---
- localedata/ChangeLog | 6 ++
- localedata/Makefile | 2 +-
- localedata/tst-setlocale3.c | 203 +++++++++++++++++++++++++++++++++++++++++++
- 6 files changed, 290 insertions(+), 15 deletions(-)
- create mode 100644 localedata/tst-setlocale3.c
-
-diff --git a/locale/findlocale.c b/locale/findlocale.c
-index 0c42b99..faeee61 100644
---- a/locale/findlocale.c
-+++ b/locale/findlocale.c
-@@ -17,6 +17,7 @@
- <http://www.gnu.org/licenses/>. */
-
- #include <assert.h>
-+#include <errno.h>
- #include <locale.h>
- #include <stdlib.h>
- #include <string.h>
-@@ -57,6 +58,45 @@ struct loaded_l10nfile *_nl_locale_file_list[__LC_LAST];
-
- const char _nl_default_locale_path[] attribute_hidden = LOCALEDIR;
-
-+/* Checks if the name is actually present, that is, not NULL and not
-+ empty. */
-+static inline int
-+name_present (const char *name)
-+{
-+ return name != NULL && name[0] != '\0';
-+}
-+
-+/* Checks that the locale name neither extremely long, nor contains a
-+ ".." path component (to prevent directory traversal). */
-+static inline int
-+valid_locale_name (const char *name)
-+{
-+ /* Not set. */
-+ size_t namelen = strlen (name);
-+ /* Name too long. The limit is arbitrary and prevents stack overflow
-+ issues later. */
-+ if (__glibc_unlikely (namelen > 255))
-+ return 0;
-+ /* Directory traversal attempt. */
-+ static const char slashdot[4] = {'/', '.', '.', '/'};
-+ if (__glibc_unlikely (memmem (name, namelen,
-+ slashdot, sizeof (slashdot)) != NULL))
-+ return 0;
-+ if (namelen == 2 && __glibc_unlikely (name[0] == '.' && name [1] == '.'))
-+ return 0;
-+ if (namelen >= 3
-+ && __glibc_unlikely (((name[0] == '.'
-+ && name[1] == '.'
-+ && name[2] == '/')
-+ || (name[namelen - 3] == '/'
-+ && name[namelen - 2] == '.'
-+ && name[namelen - 1] == '.'))))
-+ return 0;
-+ /* If there is a slash in the name, it must start with one. */
-+ if (__glibc_unlikely (memchr (name, '/', namelen) != NULL) && name[0] != '/')
-+ return 0;
-+ return 1;
-+}
-
- struct __locale_data *
- internal_function
-@@ -65,7 +105,7 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
- {
- int mask;
- /* Name of the locale for this category. */
-- char *loc_name;
-+ char *loc_name = (char *) *name;
- const char *language;
- const char *modifier;
- const char *territory;
-@@ -73,31 +113,39 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
- const char *normalized_codeset;
- struct loaded_l10nfile *locale_file;
-
-- if ((*name)[0] == '\0')
-+ if (loc_name[0] == '\0')
- {
- /* The user decides which locale to use by setting environment
- variables. */
-- *name = getenv ("LC_ALL");
-- if (*name == NULL || (*name)[0] == '\0')
-- *name = getenv (_nl_category_names.str
-+ loc_name = getenv ("LC_ALL");
-+ if (!name_present (loc_name))
-+ loc_name = getenv (_nl_category_names.str
- + _nl_category_name_idxs[category]);
-- if (*name == NULL || (*name)[0] == '\0')
-- *name = getenv ("LANG");
-+ if (!name_present (loc_name))
-+ loc_name = getenv ("LANG");
-+ if (!name_present (loc_name))
-+ loc_name = (char *) _nl_C_name;
- }
-
-- if (*name == NULL || (*name)[0] == '\0'
-- || (__builtin_expect (__libc_enable_secure, 0)
-- && strchr (*name, '/') != NULL))
-- *name = (char *) _nl_C_name;
-+ /* We used to fall back to the C locale if the name contains a slash
-+ character '/', but we now check for directory traversal in
-+ valid_locale_name, so this is no longer necessary. */
-
-- if (__builtin_expect (strcmp (*name, _nl_C_name), 1) == 0
-- || __builtin_expect (strcmp (*name, _nl_POSIX_name), 1) == 0)
-+ if (__builtin_expect (strcmp (loc_name, _nl_C_name), 1) == 0
-+ || __builtin_expect (strcmp (loc_name, _nl_POSIX_name), 1) == 0)
- {
- /* We need not load anything. The needed data is contained in
- the library itself. */
- *name = (char *) _nl_C_name;
- return _nl_C[category];
- }
-+ else if (!valid_locale_name (loc_name))
-+ {
-+ __set_errno (EINVAL);
-+ return NULL;
-+ }
-+
-+ *name = loc_name;
-
- /* We really have to load some data. First we try the archive,
- but only if there was no LOCPATH environment variable specified. */
-
-diff --git a/localedata/Makefile b/localedata/Makefile
-index 7d157bf..9daa470 100644
---- a/localedata/Makefile
-+++ b/localedata/Makefile
-@@ -77,7 +77,7 @@ locale_test_suite := tst_iswalnum tst_iswalpha tst_iswcntrl \
-
- tests = $(locale_test_suite) tst-digits tst-setlocale bug-iconv-trans \
- tst-leaks tst-mbswcs6 tst-xlocale1 tst-xlocale2 bug-usesetlocale \
-- tst-strfmon1 tst-sscanf bug-setlocale1 tst-setlocale2
-+ tst-strfmon1 tst-sscanf bug-setlocale1 tst-setlocale2 tst-setlocale3
- tests-static = bug-setlocale1-static
- tests += $(tests-static)
- ifeq (yes,$(build-shared))
-diff --git a/localedata/tst-setlocale3.c b/localedata/tst-setlocale3.c
-new file mode 100644
-index 0000000..e3b21a9
---- /dev/null
-+++ b/localedata/tst-setlocale3.c
-@@ -0,0 +1,203 @@
-+/* Regression test for setlocale invalid environment variable handling.
-+ Copyright (C) 2014 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <locale.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+/* The result of setlocale may be overwritten by subsequent calls, so
-+ this wrapper makes a copy. */
-+static char *
-+setlocale_copy (int category, const char *locale)
-+{
-+ const char *result = setlocale (category, locale);
-+ if (result == NULL)
-+ return NULL;
-+ return strdup (result);
-+}
-+
-+static char *de_locale;
-+
-+static void
-+setlocale_fail (const char *envstring)
-+{
-+ setenv ("LC_CTYPE", envstring, 1);
-+ if (setlocale (LC_CTYPE, "") != NULL)
-+ {
-+ printf ("unexpected setlocale success for \"%s\" locale\n", envstring);
-+ exit (1);
-+ }
-+ const char *newloc = setlocale (LC_CTYPE, NULL);
-+ if (strcmp (newloc, de_locale) != 0)
-+ {
-+ printf ("failed setlocale call \"%s\" changed locale to \"%s\"\n",
-+ envstring, newloc);
-+ exit (1);
-+ }
-+}
-+
-+static void
-+setlocale_success (const char *envstring)
-+{
-+ setenv ("LC_CTYPE", envstring, 1);
-+ char *newloc = setlocale_copy (LC_CTYPE, "");
-+ if (newloc == NULL)
-+ {
-+ printf ("setlocale for \"%s\": %m\n", envstring);
-+ exit (1);
-+ }
-+ if (strcmp (newloc, de_locale) == 0)
-+ {
-+ printf ("setlocale with LC_CTYPE=\"%s\" left locale at \"%s\"\n",
-+ envstring, de_locale);
-+ exit (1);
-+ }
-+ if (setlocale (LC_CTYPE, de_locale) == NULL)
-+ {
-+ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
-+ de_locale, envstring);
-+ exit (1);
-+ }
-+ char *newloc2 = setlocale_copy (LC_CTYPE, newloc);
-+ if (newloc2 == NULL)
-+ {
-+ printf ("restoring locale \"%s\" following \"%s\": %m\n",
-+ newloc, envstring);
-+ exit (1);
-+ }
-+ if (strcmp (newloc, newloc2) != 0)
-+ {
-+ printf ("representation of locale \"%s\" changed from \"%s\" to \"%s\"",
-+ envstring, newloc, newloc2);
-+ exit (1);
-+ }
-+ free (newloc);
-+ free (newloc2);
-+
-+ if (setlocale (LC_CTYPE, de_locale) == NULL)
-+ {
-+ printf ("restoring locale \"%s\" with LC_CTYPE=\"%s\": %m\n",
-+ de_locale, envstring);
-+ exit (1);
-+ }
-+}
-+
-+/* Checks that a known-good locale still works if LC_ALL contains a
-+ value which should be ignored. */
-+static void
-+setlocale_ignore (const char *to_ignore)
-+{
-+ const char *fr_locale = "fr_FR.UTF-8";
-+ setenv ("LC_CTYPE", fr_locale, 1);
-+ char *expected_locale = setlocale_copy (LC_CTYPE, "");
-+ if (expected_locale == NULL)
-+ {
-+ printf ("setlocale with LC_CTYPE=\"%s\" failed: %m\n", fr_locale);
-+ exit (1);
-+ }
-+ if (setlocale (LC_CTYPE, de_locale) == NULL)
-+ {
-+ printf ("failed to restore locale: %m\n");
-+ exit (1);
-+ }
-+ unsetenv ("LC_CTYPE");
-+
-+ setenv ("LC_ALL", to_ignore, 1);
-+ setenv ("LC_CTYPE", fr_locale, 1);
-+ const char *actual_locale = setlocale (LC_CTYPE, "");
-+ if (actual_locale == NULL)
-+ {
-+ printf ("setlocale with LC_ALL, LC_CTYPE=\"%s\" failed: %m\n",
-+ fr_locale);
-+ exit (1);
-+ }
-+ if (strcmp (actual_locale, expected_locale) != 0)
-+ {
-+ printf ("setlocale under LC_ALL failed: got \"%s\", expected \"%s\"\n",
-+ actual_locale, expected_locale);
-+ exit (1);
-+ }
-+ unsetenv ("LC_CTYPE");
-+ setlocale_success (fr_locale);
-+ unsetenv ("LC_ALL");
-+ free (expected_locale);
-+}
-+
-+static int
-+do_test (void)
-+{
-+ /* The glibc test harness sets this environment variable
-+ uncondionally. */
-+ unsetenv ("LC_ALL");
-+
-+ de_locale = setlocale_copy (LC_CTYPE, "de_DE.UTF-8");
-+ if (de_locale == NULL)
-+ {
-+ printf ("setlocale (LC_CTYPE, \"de_DE.UTF-8\"): %m\n");
-+ return 1;
-+ }
-+ setlocale_success ("C");
-+ setlocale_success ("en_US.UTF-8");
-+ setlocale_success ("/en_US.UTF-8");
-+ setlocale_success ("//en_US.UTF-8");
-+ setlocale_ignore ("");
-+
-+ setlocale_fail ("does-not-exist");
-+ setlocale_fail ("/");
-+ setlocale_fail ("/../localedata/en_US.UTF-8");
-+ setlocale_fail ("en_US.UTF-8/");
-+ setlocale_fail ("en_US.UTF-8/..");
-+ setlocale_fail ("en_US.UTF-8/../en_US.UTF-8");
-+ setlocale_fail ("../localedata/en_US.UTF-8");
-+ {
-+ size_t large_length = 1024;
-+ char *large_name = malloc (large_length + 1);
-+ if (large_name == NULL)
-+ {
-+ puts ("malloc failure");
-+ return 1;
-+ }
-+ memset (large_name, '/', large_length);
-+ const char *suffix = "en_US.UTF-8";
-+ strcpy (large_name + large_length - strlen (suffix), suffix);
-+ setlocale_fail (large_name);
-+ free (large_name);
-+ }
-+ {
-+ size_t huge_length = 64 * 1024 * 1024;
-+ char *huge_name = malloc (huge_length + 1);
-+ if (huge_name == NULL)
-+ {
-+ puts ("malloc failure");
-+ return 1;
-+ }
-+ memset (huge_name, 'X', huge_length);
-+ huge_name[huge_length] = '\0';
-+ /* Construct a composite locale specification. */
-+ const char *prefix = "LC_CTYPE=de_DE.UTF-8;LC_TIME=";
-+ memcpy (huge_name, prefix, strlen (prefix));
-+ setlocale_fail (huge_name);
-+ free (huge_name);
-+ }
-+
-+ return 0;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
-
----
-From d07eb371352d67ee4ef931b6956d1e0f28b599dc Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 28 May 2014 14:05:03 +0200
-Subject: [PATCH] manual: Update the locale documentation
-
-(cherry picked from commit 585367266923156ac6fb789939a923641ba5aaf4)
-
-Conflicts:
- manual/locale.texi
----
- ChangeLog | 13 +++++
- manual/locale.texi | 146 ++++++++++++++++++++++++++++++++++++++++-----------
- 2 files changed, 127 insertions(+), 32 deletions(-)
-
-diff --git a/manual/locale.texi b/manual/locale.texi
-index 8bfd653..ee1c3a1 100644
---- a/manual/locale.texi
-+++ b/manual/locale.texi
-@@ -29,6 +29,7 @@ will follow the conventions preferred by the user.
- * Setting the Locale:: How a program specifies the locale
- with library functions.
- * Standard Locales:: Locale names available on all systems.
-+* Locale Names:: Format of system-specific locale names.
- * Locale Information:: How to access the information for the locale.
- * Formatting Numbers:: A dedicated function to format numbers.
- * Yes-or-No Questions:: Check a Response against the locale.
-@@ -99,14 +100,16 @@ locale named @samp{espana-castellano} to use the standard conventions of
- most of Spain.
-
- The set of locales supported depends on the operating system you are
--using, and so do their names. We can't make any promises about what
--locales will exist, except for one standard locale called @samp{C} or
--@samp{POSIX}. Later we will describe how to construct locales.
--@comment (@pxref{Building Locale Files}).
-+using, and so do their names, except that the standard locale called
-+@samp{C} or @samp{POSIX} always exist. @xref{Locale Names}.
-+
-+In order to force the system to always use the default locale, the
-+user can set the @code{LC_ALL} environment variable to @samp{C}.
-
- @cindex combining locales
--A user also has the option of specifying different locales for different
--purposes---in effect, choosing a mixture of multiple locales.
-+A user also has the option of specifying different locales for
-+different purposes---in effect, choosing a mixture of multiple
-+locales. @xref{Locale Categories}.
-
- For example, the user might specify the locale @samp{espana-castellano}
- for most purposes, but specify the locale @samp{usa-english} for
-@@ -120,7 +123,7 @@ which locales apply. However, the user can choose to use each locale
- for a particular subset of those purposes.
-
- @node Locale Categories, Setting the Locale, Choosing Locale, Locales
--@section Categories of Activities that Locales Affect
-+@section Locale Categories
- @cindex categories for locales
- @cindex locale categories
-
-@@ -128,7 +131,11 @@ The purposes that locales serve are grouped into @dfn{categories}, so
- that a user or a program can choose the locale for each category
- independently. Here is a table of categories; each name is both an
- environment variable that a user can set, and a macro name that you can
--use as an argument to @code{setlocale}.
-+use as the first argument to @code{setlocale}.
-+
-+The contents of the environment variable (or the string in the second
-+argument to @code{setlocale}) has to be a valid locale name.
-+@xref{Locale Names}.
-
- @vtable @code
- @comment locale.h
-@@ -172,7 +179,7 @@ for affirmative and negative responses.
- @comment locale.h
- @comment ISO
- @item LC_ALL
--This is not an environment variable; it is only a macro that you can use
-+This is not a category; it is only a macro that you can use
- with @code{setlocale} to set a single locale for all purposes. Setting
- this environment variable overwrites all selections by the other
- @code{LC_*} variables or @code{LANG}.
-@@ -355,13 +362,7 @@ The symbols in this section are defined in the header file @file{locale.h}.
- @c strndup @ascuheap @acsmem
- @c strcasecmp_l ok (C locale)
- The function @code{setlocale} sets the current locale for category
--@var{category} to @var{locale}. A list of all the locales the system
--provides can be created by running
--
--@pindex locale
--@smallexample
-- locale -a
--@end smallexample
-+@var{category} to @var{locale}.
-
- If @var{category} is @code{LC_ALL}, this specifies the locale for all
- purposes. The other possible values of @var{category} specify an
-@@ -386,10 +387,9 @@ is passed in as @var{locale} parameter.
-
- When you read the current locale for category @code{LC_ALL}, the value
- encodes the entire combination of selected locales for all categories.
--In this case, the value is not just a single locale name. In fact, we
--don't make any promises about what it looks like. But if you specify
--the same ``locale name'' with @code{LC_ALL} in a subsequent call to
--@code{setlocale}, it restores the same combination of locale selections.
-+If you specify the same ``locale name'' with @code{LC_ALL} in a
-+subsequent call to @code{setlocale}, it restores the same combination
-+of locale selections.
-
- To be sure you can use the returned string encoding the currently selected
- locale at a later time, you must make a copy of the string. It is not
-@@ -405,20 +405,15 @@ for @var{category}.
- If a nonempty string is given for @var{locale}, then the locale of that
- name is used if possible.
-
-+The effective locale name (either the second argument to
-+@code{setlocale}, or if the argument is an empty string, the name
-+obtained from the process environment) must be valid locale name.
-+@xref{Locale Names}.
-+
- If you specify an invalid locale name, @code{setlocale} returns a null
- pointer and leaves the current locale unchanged.
- @end deftypefun
-
--The path used for finding locale data can be set using the
--@code{LOCPATH} environment variable. The default path for finding
--locale data is system specific. It is computed from the value given
--as the prefix while configuring the C library. This value normally is
--@file{/usr} or @file{/}. For the former the complete path is:
--
--@smallexample
--/usr/lib/locale
--@end smallexample
--
- Here is an example showing how you might use @code{setlocale} to
- temporarily switch to a new locale.
-
-@@ -458,7 +453,7 @@ locale categories, and future versions of the library will do so. For
- portability, assume that any symbol beginning with @samp{LC_} might be
- defined in @file{locale.h}.
-
--@node Standard Locales, Locale Information, Setting the Locale, Locales
-+@node Standard Locales, Locale Names, Setting the Locale, Locales
- @section Standard Locales
-
- The only locale names you can count on finding on all operating systems
-@@ -492,7 +487,94 @@ with the environment, rather than trying to specify some non-standard
- locale explicitly by name. Remember, different machines might have
- different sets of locales installed.
-
--@node Locale Information, Formatting Numbers, Standard Locales, Locales
-+@node Locale Names, Locale Information, Standard Locales, Locales
-+@section Locale Names
-+
-+The following command prints a list of locales supported by the
-+system:
-+
-+@pindex locale
-+@smallexample
-+ locale -a
-+@end smallexample
-+
-+@strong{Portability Note:} With the notable exception of the standard
-+locale names @samp{C} and @samp{POSIX}, locale names are
-+system-specific.
-+
-+Most locale names follow XPG syntax and consist of up to four parts:
-+
-+@smallexample
-+@var{language}[_@var{territory}[.@var{codeset}]][@@@var{modifier}]
-+@end smallexample
-+
-+Beside the first part, all of them are allowed to be missing. If the
-+full specified locale is not found, less specific ones are looked for.
-+The various parts will be stripped off, in the following order:
-+
-+@enumerate
-+@item
-+codeset
-+@item
-+normalized codeset
-+@item
-+territory
-+@item
-+modifier
-+@end enumerate
-+
-+For example, the locale name @samp{de_AT.iso885915@@euro} denotes a
-+German-language locale for use in Austria, using the ISO-8859-15
-+(Latin-9) character set, and with the Euro as the currency symbol.
-+
-+In addition to locale names which follow XPG syntax, systems may
-+provide aliases such as @samp{german}. Both categories of names must
-+not contain the slash character @samp{/}.
-+
-+If the locale name starts with a slash @samp{/}, it is treated as a
-+path relative to the configured locale directories; see @code{LOCPATH}
-+below. The specified path must not contain a component @samp{..}, or
-+the name is invalid, and @code{setlocale} will fail.
-+
-+@strong{Portability Note:} POSIX suggests that if a locale name starts
-+with a slash @samp{/}, it is resolved as an absolute path. However,
-+@theglibc{} treats it as a relative path under the directories listed
-+in @code{LOCPATH} (or the default locale directory if @code{LOCPATH}
-+is unset).
-+
-+Locale names which are longer than an implementation-defined limit are
-+invalid and cause @code{setlocale} to fail.
-+
-+As a special case, locale names used with @code{LC_ALL} can combine
-+several locales, reflecting different locale settings for different
-+categories. For example, you might want to use a U.S. locale with ISO
-+A4 paper format, so you set @code{LANG} to @samp{en_US.UTF-8}, and
-+@code{LC_PAPER} to @samp{de_DE.UTF-8}. In this case, the
-+@code{LC_ALL}-style combined locale name is
-+
-+@smallexample
-+LC_CTYPE=en_US.UTF-8;LC_TIME=en_US.UTF-8;LC_PAPER=de_DE.UTF-8;@dots{}
-+@end smallexample
-+
-+followed by other category settings not shown here.
-+
-+@vindex LOCPATH
-+The path used for finding locale data can be set using the
-+@code{LOCPATH} environment variable. This variable lists the
-+directories in which to search for locale definitions, separated by a
-+colon @samp{:}.
-+
-+The default path for finding locale data is system specific. A typical
-+value for the @code{LOCPATH} default is:
-+
-+@smallexample
-+/usr/share/locale
-+@end smallexample
-+
-+The value of @code{LOCPATH} is ignored by privileged programs for
-+security reasons, and only the default directory is used.
-+
-+@node Locale Information, Formatting Numbers, Locale Names, Locales
- @section Accessing Locale Information
-
- There are several ways to access locale information. The simplest
---
-
-From b76db403426d4978ca2e60998c6dc62668a3f998 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Wed, 28 May 2014 14:41:52 +0200
-Subject: [PATCH] setlocale: Use the heap for the copy of the locale argument
-
-This avoids alloca calls with potentially large arguments.
-
-(cherry picked from commit d183645616b0533b3acee28f1a95570bffbdf50f)
----
- ChangeLog | 5 +++++
- locale/setlocale.c | 14 ++++++++++++--
- 2 files changed, 17 insertions(+), 2 deletions(-)
-
-diff --git a/locale/setlocale.c b/locale/setlocale.c
-index b70fa6c..a4c5983 100644
---- a/locale/setlocale.c
-+++ b/locale/setlocale.c
-@@ -272,6 +272,8 @@ setlocale (int category, const char *locale)
- of entries of the form `CATEGORY=VALUE'. */
- const char *newnames[__LC_LAST];
- struct __locale_data *newdata[__LC_LAST];
-+ /* Copy of the locale argument, for in-place splitting. */
-+ char *locale_copy = NULL;
-
- /* Set all name pointers to the argument name. */
- for (category = 0; category < __LC_LAST; ++category)
-@@ -281,7 +283,13 @@ setlocale (int category, const char *locale)
- if (__builtin_expect (strchr (locale, ';') != NULL, 0))
- {
- /* This is a composite name. Make a copy and split it up. */
-- char *np = strdupa (locale);
-+ locale_copy = strdup (locale);
-+ if (__glibc_unlikely (locale_copy == NULL))
-+ {
-+ __libc_rwlock_unlock (__libc_setlocale_lock);
-+ return NULL;
-+ }
-+ char *np = locale_copy;
- char *cp;
- int cnt;
-
-@@ -299,6 +307,7 @@ setlocale (int category, const char *locale)
- {
- error_return:
- __libc_rwlock_unlock (__libc_setlocale_lock);
-+ free (locale_copy);
-
- /* Bogus category name. */
- ERROR_RETURN;
-@@ -391,8 +400,9 @@ setlocale (int category, const char *locale)
- /* Critical section left. */
- __libc_rwlock_unlock (__libc_setlocale_lock);
-
-- /* Free the resources (the locale path variable). */
-+ /* Free the resources. */
- free (locale_path);
-+ free (locale_copy);
-
- return composite;
- }
---
-1.7.1
-
-
+++ /dev/null
-From b9b6e3f01655942891bf4c66a2c5e8246cdad7e1 Mon Sep 17 00:00:00 2001
-From: Carlos O'Donell <carlos@redhat.com>
-Date: Wed, 19 Nov 2014 11:44:12 -0500
-Subject: [PATCH 1/2] CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
-
-The function wordexp() fails to properly handle the WRDE_NOCMD
-flag when processing arithmetic inputs in the form of "$((... ``))"
-where "..." can be anything valid. The backticks in the arithmetic
-epxression are evaluated by in a shell even if WRDE_NOCMD forbade
-command substitution. This allows an attacker to attempt to pass
-dangerous commands via constructs of the above form, and bypass
-the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
-in exec_comm(), the only place that can execute a shell. All other
-checks for WRDE_NOCMD are superfluous and removed.
-
-We expand the testsuite and add 3 new regression tests of roughly
-the same form but with a couple of nested levels.
-
-On top of the 3 new tests we add fork validation to the WRDE_NOCMD
-testing. If any forks are detected during the execution of a wordexp()
-call with WRDE_NOCMD, the test is marked as failed. This is slightly
-heuristic since vfork might be used in the future, but it provides a
-higher level of assurance that no shells were executed as part of
-command substitution with WRDE_NOCMD in effect. In addition it doesn't
-require libpthread or libdl, instead we use the public implementation
-namespace function __register_atfork (already part of the public ABI
-for libpthread).
-
-Tested on x86_64 with no regressions.
-
-Conflicts:
- ChangeLog
- NEWS
----
- ChangeLog | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++
- NEWS | 10 ++
- posix/wordexp-test.c | 44 +++++++++
- posix/wordexp.c | 16 +---
- 4 files changed, 324 insertions(+), 12 deletions(-)
-
-diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
-index 4957006..bdd65e4 100644
---- a/posix/wordexp-test.c
-+++ b/posix/wordexp-test.c
-@@ -27,6 +27,25 @@
-
- #define IFS " \n\t"
-
-+extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
-+extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
-+
-+static int __app_register_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
-+{
-+ return __register_atfork (prepare, parent, child,
-+ &__dso_handle == NULL ? NULL : __dso_handle);
-+}
-+
-+/* Number of forks seen. */
-+static int registered_forks;
-+
-+/* For each fork increment the fork count. */
-+static void
-+register_fork (void)
-+{
-+ registered_forks++;
-+}
-+
- struct test_case_struct
- {
- int retval;
-@@ -206,6 +225,12 @@ struct test_case_struct
- { WRDE_SYNTAX, NULL, "$((2+))", 0, 0, { NULL, }, IFS },
- { WRDE_SYNTAX, NULL, "`", 0, 0, { NULL, }, IFS },
- { WRDE_SYNTAX, NULL, "$((010+4+))", 0, 0, { NULL }, IFS },
-+ /* Test for CVE-2014-7817. We test 3 combinations of command
-+ substitution inside an arithmetic expression to make sure that
-+ no commands are executed and error is returned. */
-+ { WRDE_CMDSUB, NULL, "$((`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-+ { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-+ { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS },
-
- { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
- };
-@@ -258,6 +283,15 @@ main (int argc, char *argv[])
- return -1;
- }
-
-+ /* If we are not allowed to do command substitution, we install
-+ fork handlers to verify that no forks happened. No forks should
-+ happen at all if command substitution is disabled. */
-+ if (__app_register_atfork (register_fork, NULL, NULL) != 0)
-+ {
-+ printf ("Failed to register fork handler.\n");
-+ return -1;
-+ }
-+
- for (test = 0; test_case[test].retval != -1; test++)
- if (testit (&test_case[test]))
- ++fail;
-@@ -367,6 +401,9 @@ testit (struct test_case_struct *tc)
-
- printf ("Test %d (%s): ", ++tests, tc->words);
-
-+ if (tc->flags & WRDE_NOCMD)
-+ registered_forks = 0;
-+
- if (tc->flags & WRDE_APPEND)
- {
- /* initial wordexp() call, to be appended to */
-@@ -378,6 +415,13 @@ testit (struct test_case_struct *tc)
- }
- retval = wordexp (tc->words, &we, tc->flags);
-
-+ if ((tc->flags & WRDE_NOCMD)
-+ && (registered_forks > 0))
-+ {
-+ printf ("FAILED fork called for WRDE_NOCMD\n");
-+ return 1;
-+ }
-+
- if (tc->flags & WRDE_DOOFFS)
- start_offs = sav_we.we_offs;
-
-diff --git a/posix/wordexp.c b/posix/wordexp.c
-index 366ec18..36a1367 100644
---- a/posix/wordexp.c
-+++ b/posix/wordexp.c
-@@ -893,6 +893,10 @@ exec_comm (char *comm, char **word, size_t *word_length, size_t *max_length,
- pid_t pid;
- int noexec = 0;
-
-+ /* Do nothing if command substitution should not succeed. */
-+ if (flags & WRDE_NOCMD)
-+ return WRDE_CMDSUB;
-+
- /* Don't fork() unless necessary */
- if (!comm || !*comm)
- return 0;
-@@ -2082,9 +2086,6 @@ parse_dollars (char **word, size_t *word_length, size_t *max_length,
- }
- }
-
-- if (flags & WRDE_NOCMD)
-- return WRDE_CMDSUB;
--
- (*offset) += 2;
- return parse_comm (word, word_length, max_length, words, offset, flags,
- quoted? NULL : pwordexp, ifs, ifs_white);
-@@ -2196,9 +2197,6 @@ parse_dquote (char **word, size_t *word_length, size_t *max_length,
- break;
-
- case '`':
-- if (flags & WRDE_NOCMD)
-- return WRDE_CMDSUB;
--
- ++(*offset);
- error = parse_backtick (word, word_length, max_length, words,
- offset, flags, NULL, NULL, NULL);
-@@ -2357,12 +2355,6 @@ wordexp (const char *words, wordexp_t *pwordexp, int flags)
- break;
-
- case '`':
-- if (flags & WRDE_NOCMD)
-- {
-- error = WRDE_CMDSUB;
-- goto do_error;
-- }
--
- ++words_offset;
- error = parse_backtick (&word, &word_length, &max_length, words,
- &words_offset, flags, pwordexp, ifs,
---
-2.2.1
-
+++ /dev/null
-From c9e9c2e4b1bdd880e11ad1d0756da87634456b95 Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 15 Dec 2014 17:41:13 +0100
-Subject: [PATCH] Avoid infinite loop in nss_dns getnetbyname [BZ #17630]
-
-Conflicts:
- ChangeLog
- NEWS
----
- ChangeLog | 14 ++++++++++++++
- NEWS | 8 ++++++++
- resolv/nss_dns/dns-network.c | 4 ++--
- 3 files changed, 24 insertions(+), 2 deletions(-)
-
-diff --git a/resolv/nss_dns/dns-network.c b/resolv/nss_dns/dns-network.c
-index 13ad38c..1993ec1 100644
---- a/resolv/nss_dns/dns-network.c
-+++ b/resolv/nss_dns/dns-network.c
-@@ -398,8 +398,8 @@ getanswer_r (const querybuf *answer, int anslen, struct netent *result,
-
- case BYNAME:
- {
-- char **ap = result->n_aliases++;
-- while (*ap != NULL)
-+ char **ap;
-+ for (ap = result->n_aliases; *ap != NULL; ++ap)
- {
- /* Check each alias name for being of the forms:
- 4.3.2.1.in-addr.arpa = net 1.2.3.4
---
-2.2.1
-
+++ /dev/null
-From 18d9cd1d9d95503074db705686d0236c99db5d00 Mon Sep 17 00:00:00 2001
-From: Paul Pluzhnikov <ppluzhnikov@google.com>
-Date: Fri, 6 Feb 2015 00:30:42 -0500
-Subject: [PATCH 2/2] CVE-2015-1472: wscanf allocates too little memory
-
-BZ #16618
-
-Under certain conditions wscanf can allocate too little memory for the
-to-be-scanned arguments and overflow the allocated buffer. The
-implementation now correctly computes the required buffer size when
-using malloc.
-
-A regression test was added to tst-sscanf.
-
-Conflicts:
- ChangeLog
- NEWS
----
- ChangeLog | 133 ++++++++++++++++++++++++++++++++++++++++++++++
- NEWS | 44 +++++++++++++++
- stdio-common/tst-sscanf.c | 33 ++++++++++++
- stdio-common/vfscanf.c | 12 ++---
- 4 files changed, 216 insertions(+), 6 deletions(-)
-
-diff --git a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
-index 1214c7d..c62bee6 100644
---- a/stdio-common/tst-sscanf.c
-+++ b/stdio-common/tst-sscanf.c
-@@ -232,5 +232,38 @@ main (void)
- }
- }
-
-+ /* BZ #16618
-+ The test will segfault during SSCANF if the buffer overflow
-+ is not fixed. The size of `s` is such that it forces the use
-+ of malloc internally and this triggers the incorrect computation.
-+ Thus the value for SIZE is arbitrariy high enough that malloc
-+ is used. */
-+ {
-+#define SIZE 131072
-+ CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
-+ if (s == NULL)
-+ abort ();
-+ for (size_t i = 0; i < SIZE; i++)
-+ s[i] = L('0');
-+ s[SIZE] = L('\0');
-+ int i = 42;
-+ /* Scan multi-digit zero into `i`. */
-+ if (SSCANF (s, L("%d"), &i) != 1)
-+ {
-+ printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
-+ result = 1;
-+ }
-+ if (i != 0)
-+ {
-+ printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
-+ result = 1;
-+ }
-+ free (s);
-+ if (result != 1)
-+ printf ("PASS: bug16618: Did not crash.\n");
-+#undef SIZE
-+ }
-+
-+
- return result;
- }
-diff --git a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
-index 2e1e91a..d7a18e3 100644
---- a/stdio-common/vfscanf.c
-+++ b/stdio-common/vfscanf.c
-@@ -272,9 +272,10 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
- if (__builtin_expect (wpsize == wpmax, 0)) \
- { \
- CHAR_T *old = wp; \
-- size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax \
-- ? UCHAR_MAX + 1 : 2 * wpmax); \
-- if (use_malloc || !__libc_use_alloca (newsize)) \
-+ bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \
-+ size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax); \
-+ size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX; \
-+ if (!__libc_use_alloca (newsize)) \
- { \
- wp = realloc (use_malloc ? wp : NULL, newsize); \
- if (wp == NULL) \
-@@ -286,14 +287,13 @@ _IO_vfscanf_internal (_IO_FILE *s, const char *format, _IO_va_list argptr,
- } \
- if (! use_malloc) \
- MEMCPY (wp, old, wpsize); \
-- wpmax = newsize; \
-+ wpmax = wpneed; \
- use_malloc = true; \
- } \
- else \
- { \
- size_t s = wpmax * sizeof (CHAR_T); \
-- wp = (CHAR_T *) extend_alloca (wp, s, \
-- newsize * sizeof (CHAR_T)); \
-+ wp = (CHAR_T *) extend_alloca (wp, s, newsize); \
- wpmax = s / sizeof (CHAR_T); \
- if (old != NULL) \
- MEMCPY (wp, old, wpsize); \
---
-2.2.1
-
# Depends on:
name=glibc
-version=2.19
-release=5
+version=2.22
+release=1
source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz \
- ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-3.12.tar.xz \
- CVE-2014-0475.patch iconv-gconv_trans.c.patch \
- CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
- CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
- CVE-2014-9402-Avoid-infinite-loop-in-nss_dns-getnetbyname.patch \
- CVE-2015-1472-wscanf-allocates-too-little-memory.patch \
+ http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-4.1.13.tar.xz \
hosts resolv.conf nsswitch.conf host.conf ld.so.conf)
build() {
# install kernel headers
- cd linux-3.12
+ cd linux-4.1.13
make mrproper
make ARCH=arm headers_check
make ARCH=arm INSTALL_HDR_PATH=$PKG/usr headers_install
- patch -p1 -d $SRC/$name-$version -i $SRC/CVE-2014-0475.patch
- patch -p1 -d $SRC/$name-$version -i $SRC/iconv-gconv_trans.c.patch
- patch -p1 -d $SRC/$name-$version -i $SRC/CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch
- patch -p1 -d $SRC/$name-$version -i $SRC/CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch
- patch -p1 -d $SRC/$name-$version -i $SRC/CVE-2014-9402-Avoid-infinite-loop-in-nss_dns-getnetbyname.patch
- patch -p1 -d $SRC/$name-$version -i $SRC/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
-
mkdir $SRC/build
cd $SRC/build
../$name-$version/configure --prefix=/usr \
--build=arm-unknown-linux-gnueabihf \
--libexecdir=/usr/lib \
--with-headers=$PKG/usr/include \
- --with-tls \
--enable-kernel=2.6.25 \
--enable-add-ons \
+ --enable-static-nss \
--disable-profile \
+ --disable-werror \
--without-gd \
--enable-obsolete-rpc
make
make install_root=$PKG install
- cp $SRC/{hosts,resolv.conf,nsswitch.conf,host.conf,ld.so.conf} $PKG/etc
+ install -m 0644 $SRC/$name-$version/nscd/nscd.conf $PKG/etc
+ install -d $PKG/var/{db,run}/nscd
+
+ install -m 0644 $SRC/{hosts,resolv.conf,nsswitch.conf,host.conf,ld.so.conf} $PKG/etc
+
ln -sf ../usr/share/zoneinfo/UTC $PKG/etc/localtime
- mkdir -p $PKG/etc/ld.so.conf.d $PKG/usr/lib/locale
+ ln -s stubs-hard.h $PKG/usr/include/gnu/stubs-soft.h
+ install -d $PKG/etc/ld.so.conf.d $PKG/usr/lib/locale
touch $PKG/etc/ld.so.cache
rm -rf $PKG/usr/share/{info,locale} \
- $PKG/usr/bin/tzselect \
- $PKG/usr/sbin/z{dump,ic}
+ $PKG/usr/bin/tzselect \
+ $PKG/usr/sbin/z{dump,ic}
}