update to glibc-2.28-225.el8

Signed-off-by: anolis-bot <sam.zyc@alibaba-inc.com>
2023-06-06 16:06:45 +08:00 · 2023-06-06 16:06:45 +08:00 · 63c96efbaa
commit 63c96efbaa
parent 644b7d9a41
176 changed files with 35958 additions and 17585 deletions
--- a/glibc-rh2089247-6.patch
+++ b/glibc-rh2089247-6.patch
@ -0,0 +1,66 @@
+commit f430293d842031f2afc3013f156e1018065e480e
+Author: Adhemerval Zanella <adhemerval.zanella@linaro.org>
+Date:   Tue Jan 12 09:17:09 2021 -0300
+
+    posix: consume less entropy on tempname
+    
+    The first getrandom is used only for __GT_NOCREATE, which is inherently
+    insecure and can use the entropy as a small improvement.  On the
+    second and later attempts it might help against DoS attacks.
+    
+    It sync with gnulib commit 854fbb81d91f7a0f2b463e7ace2499dee2f380f2.
+    
+    Checked on x86_64-linux-gnu.
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index fcab9b26364021e4..3435c4bf75a01f42 100644
+--- a/sysdeps/posix/tempname.c
+++ b/sysdeps/posix/tempname.c
+@@ -22,6 +22,7 @@
+ 
+ #include <sys/types.h>
+ #include <assert.h>
+#include <stdbool.h>
+ 
+ #include <errno.h>
+ 
+@@ -79,11 +80,11 @@ typedef uint_fast64_t random_value;
+ #define BASE_62_POWER (62LL * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62 * 62)
+ 
+ static random_value
+-random_bits (random_value var)
+random_bits (random_value var, bool use_getrandom)
+ {
+   random_value r;
+   /* Without GRND_NONBLOCK it can be blocked for minutes on some systems.  */
+-  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+  if (use_getrandom && __getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
+     return r;
+ #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
+   /* Add entropy if getrandom did not work.  */
+@@ -271,6 +272,13 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
+   /* How many random base-62 digits can currently be extracted from V.  */
+   int vdigits = 0;
+ 
+  /* Whether to consume entropy when acquiring random bits.  On the
+     first try it's worth the entropy cost with __GT_NOCREATE, which
+     is inherently insecure and can use the entropy to make it a bit
+     less secure.  On the (rare) second and later attempts it might
+     help against DoS attacks.  */
+  bool use_getrandom = tryfunc == try_nocreate;
+
+   /* Least unfair value for V.  If V is less than this, V can generate
+      BASE_62_DIGITS digits fairly.  Otherwise it might be biased.  */
+   random_value const unfair_min
+@@ -294,7 +302,10 @@ try_tempname_len (char *tmpl, int suffixlen, void *args,
+           if (vdigits == 0)
+             {
+               do
+-                v = random_bits (v);
+                {
+                  v = random_bits (v, use_getrandom);
+                  use_getrandom = true;
+                }
+               while (unfair_min <= v);
+ 
+               vdigits = BASE_62_DIGITS;