From 82a7e57bc6017a06c048b2a46c8ff88495af197f Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Thu, 12 Dec 2024 19:38:18 +0000
Subject: [PATCH] import glibc-2.39-30.el10
---
SOURCES/glibc-RHEL-12867-2.patch | 117 +++++++++++++++++++++++++++++++
SPECS/glibc.spec | 6 +-
2 files changed, 122 insertions(+), 1 deletion(-)
create mode 100644 SOURCES/glibc-RHEL-12867-2.patch
diff --git a/SOURCES/glibc-RHEL-12867-2.patch b/SOURCES/glibc-RHEL-12867-2.patch
new file mode 100644
index 0000000..4f67be7
--- /dev/null
+++ b/SOURCES/glibc-RHEL-12867-2.patch
@@ -0,0 +1,117 @@
+commit 4f5704ea347e52ac3f272d1341da10aed6e9973e
+Author: Florian Weimer <fweimer@redhat.com>
+Date: Tue Dec 10 16:17:06 2024 +0100
+
+ powerpc: Use correct procedure call standard for getrandom vDSO call (bug 32440)
+
+ A plain indirect function call does not work on POWER because
+ success and failure are signaled through a flag register, and
+ not via the usual Linux negative return value convention.
+
+ This has potential security impact, in two ways: the return value
+ could be out of bounds (EAGAIN is 11 on powerpc6le), and no
+ random bytes have been written despite the non-error return value.
+
+ Fixes commit 461cab1de747f3842f27a5d24977d78d561d45f9 ("linux: Add
+ support for getrandom vDSO").
+
+ Reported-by: Ján StanÄek <jstancek@redhat.com>
+ Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+
+diff --git a/stdlib/Makefile b/stdlib/Makefile
+index 44a118da59f96c17..d3f55249434cc3e8 100644
+--- a/stdlib/Makefile
++++ b/stdlib/Makefile
+@@ -276,6 +276,7 @@ tests := \
+ tst-cxa_atexit \
+ tst-environ \
+ tst-getrandom \
++ tst-getrandom-errno \
+ tst-getrandom2 \
+ tst-labs \
+ tst-limits \
+diff --git a/stdlib/tst-getrandom-errno.c b/stdlib/tst-getrandom-errno.c
+new file mode 100644
+index 0000000000000000..75a60e53ad4e7350
+--- /dev/null
++++ b/stdlib/tst-getrandom-errno.c
+@@ -0,0 +1,37 @@
++/* Test errno handling in getrandom (bug 32440).
++ Copyright (C) 2024 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <https://www.gnu.org/licenses/>. */
++
++#include <errno.h>
++#include <stdlib.h>
++#include <support/check.h>
++#include <sys/random.h>
++
++static
++int do_test (void)
++{
++ errno = -1181968554; /* Just a random value. */
++ char buf[4];
++ int ret = getrandom (buf, sizeof (buf), -1); /* All flags set. */
++ if (errno != ENOSYS)
++ TEST_COMPARE (errno, EINVAL);
++ TEST_COMPARE (ret, -1);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
+diff --git a/sysdeps/unix/sysv/linux/getrandom.c b/sysdeps/unix/sysv/linux/getrandom.c
+index c8c578263da456b2..0dc8fa6e65b9ef6a 100644
+--- a/sysdeps/unix/sysv/linux/getrandom.c
++++ b/sysdeps/unix/sysv/linux/getrandom.c
+@@ -20,6 +20,8 @@
+ #include <errno.h>
+ #include <unistd.h>
+ #include <sysdep-cancel.h>
++#include <sysdep.h>
++#include <sysdep-vdso.h>
+
+ static inline ssize_t
+ getrandom_syscall (void *buffer, size_t length, unsigned int flags,
+@@ -201,11 +203,12 @@ getrandom_vdso (void *buffer, size_t length, unsigned int flags, bool cancel)
+ cancellation bridge (__syscall_cancel_arch), use GRND_NONBLOCK so there
+ is no potential unbounded blocking in the kernel. It should be a rare
+ situation, only at system startup when RNG is not initialized. */
+- ssize_t ret = GLRO (dl_vdso_getrandom) (buffer,
+- length,
+- flags | GRND_NONBLOCK,
+- state,
+- state_size);
++ long int ret = INTERNAL_VSYSCALL_CALL (GLRO (dl_vdso_getrandom), 5,
++ buffer,
++ length,
++ flags | GRND_NONBLOCK,
++ state,
++ state_size);
+ if (INTERNAL_SYSCALL_ERROR_P (ret))
+ {
+ /* Fallback to the syscall if the kernel would block. */
+@@ -241,7 +244,9 @@ __getrandom_early_init (_Bool initial)
+ uint32_t mmap_flags;
+ uint32_t reserved[13];
+ } params;
+- if (GLRO(dl_vdso_getrandom) (NULL, 0, 0, ¶ms, ~0UL) == 0)
++ long int ret = INTERNAL_VSYSCALL_CALL (GLRO(dl_vdso_getrandom),
++ 5, NULL, 0, 0, ¶ms, ~0UL);
++ if (! INTERNAL_SYSCALL_ERROR_P (ret))
+ {
+ /* Align each opaque state to L1 data cache size to avoid false
+ sharing. If the size can not be obtained, use the kernel
diff --git a/SPECS/glibc.spec b/SPECS/glibc.spec
index 993cdd7..f574372 100644
--- a/SPECS/glibc.spec
+++ b/SPECS/glibc.spec
@@ -145,7 +145,7 @@ Version: %{glibcversion}
# - It allows using the Release number without the %%dist tag in the dependency
# generator to make the generated requires interchangeable between Rawhide
# and ELN (.elnYY < .fcXX).
-%global baserelease 29
+%global baserelease 30
Release: %{baserelease}%{?dist}
# Licenses:
@@ -482,6 +482,7 @@ Patch164: glibc-upstream-2.39-134.patch
Patch165: glibc-upstream-2.39-135.patch
Patch166: glibc-upstream-2.39-136.patch
Patch167: glibc-upstream-2.39-137.patch
+Patch168: glibc-RHEL-12867-2.patch
##############################################################################
# Continued list of core "glibc" package information:
@@ -2477,6 +2478,9 @@ update_gconv_modules_cache ()
%endif
%changelog
+* Wed Dec 11 2024 Florian Weimer <fweimer@redhat.com> - 2.39-30
+- CVE-2024-12455: Incorrect getrandom return value on ppc64le
+
* Wed Nov 20 2024 Arjun Shankar <arjun@redhat.com> - 2.39-29
- Sync with upstream branch release/2.39/master,
commit dcaf51b41e259387602774829c45222d0507f90a:
--
GitLab