diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2018-10-10 23:09:36 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-10-11 09:00:31 +0200 |
commit | 7716b728c18deb9a2c780e148050e3683d4d93c1 (patch) | |
tree | 0ed1643262bc41121f3fd1a27da70106a8e9f937 /source/d/make/b552b05251980f693c729e251f93f5225b400714.patch | |
parent | 7a2f2302165a37a7a57a4765375e33881a3697b0 (diff) | |
download | current-7716b728c18deb9a2c780e148050e3683d4d93c1.tar.gz |
Wed Oct 10 23:09:36 UTC 201820181010230936
a/kernel-firmware-20181008_c6b6265-noarch-1.txz: Upgraded.
a/kernel-generic-4.14.75-x86_64-1.txz: Upgraded.
a/kernel-huge-4.14.75-x86_64-1.txz: Upgraded.
a/kernel-modules-4.14.75-x86_64-1.txz: Upgraded.
d/git-2.19.1-x86_64-1.txz: Upgraded.
Submodules' "URL"s come from the untrusted .gitmodules file, but we
blindly gave it to "git clone" to clone submodules when "git clone
--recurse-submodules" was used to clone a project that has such a
submodule. The code has been hardened to reject such malformed URLs
(e.g. one that begins with a dash). Credit for finding and fixing this
vulnerability goes to joernchen and Jeff King, respectively.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17456
(* Security fix *)
d/kernel-headers-4.14.75-x86-1.txz: Upgraded.
d/make-4.2.1-x86_64-4.txz: Rebuilt.
Use a non-blocking read with pselect to avoid hangs.
Thanks to Linux.tar.gz and David Spencer.
d/subversion-1.10.3-x86_64-1.txz: Upgraded.
k/kernel-source-4.14.75-noarch-1.txz: Upgraded.
Config changes since 4.14.74:
FB_HYPERV n -> m
Thanks to walecha.
l/librsvg-2.44.7-x86_64-1.txz: Upgraded.
l/python-pillow-5.3.0-x86_64-1.txz: Upgraded.
n/nghttp2-1.34.0-x86_64-1.txz: Upgraded.
x/libSM-1.2.3-x86_64-1.txz: Upgraded.
x/libX11-1.6.7-x86_64-1.txz: Upgraded.
x/libdrm-2.4.95-x86_64-1.txz: Upgraded.
x/libxcb-1.13.1-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.1.85.0-x86_64-1.txz: Upgraded.
Thanks to dugan.
xap/gnuplot-5.2.5-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/d/make/b552b05251980f693c729e251f93f5225b400714.patch')
-rw-r--r-- | source/d/make/b552b05251980f693c729e251f93f5225b400714.patch | 170 |
1 files changed, 170 insertions, 0 deletions
diff --git a/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch b/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch new file mode 100644 index 00000000..6f44ae3f --- /dev/null +++ b/source/d/make/b552b05251980f693c729e251f93f5225b400714.patch @@ -0,0 +1,170 @@ +From b552b05251980f693c729e251f93f5225b400714 Mon Sep 17 00:00:00 2001 +From: Paul Smith <psmith@gnu.org> +Date: Sat, 3 Jun 2017 16:20:51 -0400 +Subject: [SV 51159] Use a non-blocking read with pselect to avoid hangs. + +* posixos.c (set_blocking): Set blocking on a file descriptor. +(jobserver_setup): Set non-blocking on the jobserver read side. +(jobserver_parse_auth): Ditto. +(jobserver_acquire_all): Set blocking to avoid a busy-wait loop. +(jobserver_acquire): If the non-blocking read() returns without +taking a token then try again. +--- + posixos.c | 97 ++++++++++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 71 insertions(+), 26 deletions(-) + +diff --git a/posixos.c b/posixos.c +index e642d7f..dbafa51 100644 +--- a/posixos.c ++++ b/posixos.c +@@ -62,6 +62,24 @@ make_job_rfd (void) + #endif + } + ++static void ++set_blocking (int fd, int blocking) ++{ ++ // If we're not using pselect() don't change the blocking ++#ifdef HAVE_PSELECT ++ int flags; ++ EINTRLOOP (flags, fcntl (fd, F_GETFL)); ++ if (flags >= 0) ++ { ++ int r; ++ flags = blocking ? (flags & ~O_NONBLOCK) : (flags | O_NONBLOCK); ++ EINTRLOOP (r, fcntl (fd, F_SETFL, flags)); ++ if (r < 0) ++ pfatal_with_name ("fcntl(O_NONBLOCK)"); ++ } ++#endif ++} ++ + unsigned int + jobserver_setup (int slots) + { +@@ -86,6 +104,9 @@ jobserver_setup (int slots) + pfatal_with_name (_("init jobserver pipe")); + } + ++ /* When using pselect() we want the read to be non-blocking. */ ++ set_blocking (job_fds[0], 0); ++ + return 1; + } + +@@ -121,6 +142,9 @@ jobserver_parse_auth (const char *auth) + return 0; + } + ++ /* When using pselect() we want the read to be non-blocking. */ ++ set_blocking (job_fds[0], 0); ++ + return 1; + } + +@@ -169,7 +193,10 @@ jobserver_acquire_all (void) + { + unsigned int tokens = 0; + +- /* Close the write side, so the read() won't hang. */ ++ /* Use blocking reads to wait for all outstanding jobs. */ ++ set_blocking (job_fds[0], 1); ++ ++ /* Close the write side, so the read() won't hang forever. */ + close (job_fds[1]); + job_fds[1] = -1; + +@@ -236,18 +263,12 @@ jobserver_pre_acquire (void) + unsigned int + jobserver_acquire (int timeout) + { +- sigset_t empty; +- fd_set readfds; + struct timespec spec; + struct timespec *specp = NULL; +- int r; +- char intake; ++ sigset_t empty; + + sigemptyset (&empty); + +- FD_ZERO (&readfds); +- FD_SET (job_fds[0], &readfds); +- + if (timeout) + { + /* Alarm after one second (is this too granular?) */ +@@ -256,28 +277,52 @@ jobserver_acquire (int timeout) + specp = &spec; + } + +- r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty); +- +- if (r == -1) ++ while (1) + { +- /* Better be SIGCHLD. */ +- if (errno != EINTR) +- pfatal_with_name (_("pselect jobs pipe")); +- return 0; +- } ++ fd_set readfds; ++ int r; ++ char intake; + +- if (r == 0) +- /* Timeout. */ +- return 0; ++ FD_ZERO (&readfds); ++ FD_SET (job_fds[0], &readfds); + +- /* The read FD is ready: read it! */ +- EINTRLOOP (r, read (job_fds[0], &intake, 1)); +- if (r < 0) +- pfatal_with_name (_("read jobs pipe")); ++ r = pselect (job_fds[0]+1, &readfds, NULL, NULL, specp, &empty); ++ if (r < 0) ++ switch (errno) ++ { ++ case EINTR: ++ /* SIGCHLD will show up as an EINTR. */ ++ return 0; ++ ++ case EBADF: ++ /* Someone closed the jobs pipe. ++ That shouldn't happen but if it does we're done. */ ++ O (fatal, NILF, _("job server shut down")); + +- /* What does it mean if read() returns 0? It shouldn't happen because only +- the master make can reap all the tokens and close the write side...?? */ +- return r > 0; ++ default: ++ pfatal_with_name (_("pselect jobs pipe")); ++ } ++ ++ if (r == 0) ++ /* Timeout. */ ++ return 0; ++ ++ /* The read FD is ready: read it! This is non-blocking. */ ++ EINTRLOOP (r, read (job_fds[0], &intake, 1)); ++ ++ if (r < 0) ++ { ++ /* Someone sniped our token! Try again. */ ++ if (errno == EAGAIN) ++ continue; ++ ++ pfatal_with_name (_("read jobs pipe")); ++ } ++ ++ /* read() should never return 0: only the master make can reap all the ++ tokens and close the write side...?? */ ++ return r > 0; ++ } + } + + #else +-- +cgit v1.0-41-gc330 + |