devel March 2022

devel@uclibc-ng.org

5 participants
7 discussions

CVE-2018-1000001

by bbe_5nc1ex0wa4fk＠byom.de

Hello! Is the latest uclibc affected by CVE-2018-1000001? https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000001 Running ltp showed that the test for CVE-2018-1000001 (realpath01) fails. realpath01.c:30: TFAIL: returned unexpected errno: SUCCESS (0) https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/sysc… This cve was fixed in glibc with this commit: https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2018-1000001 https://github.com/bminor/glibc/commit/52a713fdd0a30e1bd79818e2e3c4ab44ddca… It looks like the issue is also fixed in uclibc? https://github.com/wbx-github/uclibc-ng/blob/master/libc/sysdeps/linux/comm… But maybe uclibc returns a different/wrong return code (SUCCESS) compared to glibc (ENOENT) in this corner case? see also glibc commit message Fix this by checking the path returned by getcwd syscall and falling back to generic_getcwd if the path is not absolute, effectively making getcwd(3) fail with ENOENT. The error code is chosen for consistency with the case when the current directory is unlinked.

2 years, 8 months

(fwd) Vulnerability in uClibc-ng [labs-advisory@nozominetworks.com]

by Waldemar Brodkorb

----- Forwarded message from Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> ----- Date: Fri, 11 Mar 2022 16:42:40 +0100 From: Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.0 To: devel(a)uclibc-ng.org, wbx(a)uclibc-ng.org Subject: Vulnerability in uClibc-ng Hello, we are trying to contact you in order to handle and resolve a vulnerability that we found, that is affecting all versions of uClibc-ng, and that we submitted to ICS-CERT. Can you confirm that you received an email asking you to participate to the related VINCE (CERT/CC Vulnerability Information and Coordination Environment) vulnerability case? In case you would like to switch to encrypted GPG communications, you may find our key attached to this email. Best regards, Andrea Palanca pub rsa4096 2021-01-21 [SC] [expires: 2025-01-20] 8B8C7C296AEC8BD654FF69A6797E06A000A77236 uid Nozomi Networks Labs Advisory <labs-advisory(a)nozominetworks.com> sub rsa4096 2021-01-21 [E] [expires: 2025-01-20] ----- End forwarded message -----

2 years, 8 months

Re: Vulnerability in uClibc-ng

by Waldemar Brodkorb

Hello Andrea, Nozomi Networks Labs Advisory wrote, > Hello, > > we are trying to contact you in order to handle and resolve a vulnerability > that we found, that is affecting all versions of uClibc-ng, and that we > submitted to ICS-CERT. > > Can you confirm that you received an email asking you to participate to the > related VINCE (CERT/CC Vulnerability Information and Coordination > Environment) vulnerability case? Yes. > In case you would like to switch to encrypted GPG communications, you may > find our key attached to this email. No, best thing is to discuss the vulnerability here on the mailing list. Unfortunately I wasn't able to fix the issue by myself and hope someone from the rather small community will step up. So sent all dirty details to this list. best regards Waldemar

2 years, 8 months

[PATCH] xtensa: fix variable reference in TLS_LD

by Max Filippov

Use @DTPOFF instead of @TPOFF in TLS_LD as specified by the xtensa ABI. DTPOFF produces variable offset relative to the variable's module TLS block, it's the linker's job to replace it with TPOFF and adjust surrounding code when the object file is linked into an executable. This fixes tests tls/tst-tls[123] on xtensa that fail if built as PIE. Signed-off-by: Max Filippov <jcmvbkbc(a)gmail.com> --- test/tls/tls-macros-xtensa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tls/tls-macros-xtensa.h b/test/tls/tls-macros-xtensa.h index 179dc5e57ce5..90fc726f6f6b 100644 --- a/test/tls/tls-macros-xtensa.h +++ b/test/tls/tls-macros-xtensa.h @@ -15,7 +15,7 @@ __asm__ ("movi a8, _TLS_MODULE_BASE_@TLSFUNC\n\t" \ "movi a10, _TLS_MODULE_BASE_@TLSARG\n\t" \ "callx8.tls a8, _TLS_MODULE_BASE_@TLSCALL\n\t" \ - "movi %0, " #x "@TPOFF\n\t" \ + "movi %0, " #x "@DTPOFF\n\t" \ "add %0, %0, a10\n\t" \ : "=r" (__l) \ : \ @@ -38,7 +38,7 @@ __asm__ ("movi a0, _TLS_MODULE_BASE_@TLSFUNC\n\t" \ "movi a2, _TLS_MODULE_BASE_@TLSARG\n\t" \ "callx0.tls a0, _TLS_MODULE_BASE_@TLSCALL\n\t" \ - "movi %0, " #x "@TPOFF\n\t" \ + "movi %0, " #x "@DTPOFF\n\t" \ "add %0, %0, a2\n\t" \ : "=r" (__l) \ : \ -- 2.30.2

2 years, 8 months

test from webinterface

by mail＠waldemar-brodkorb.de

test from webinterface

2 years, 8 months

(fwd) [PATCH] Enable build for RISC-V 32-bit target [ustcymgu@gmail.com]

by Waldemar Brodkorb

----- Forwarded message from Yimin Gu <ustcymgu(a)gmail.com> ----- Date: Thu, 10 Mar 2022 19:57:03 +0800 From: Yimin Gu <ustcymgu(a)gmail.com> To: devel(a)uclibc-ng.org Cc: wbx(a)uclibc-ng.org Subject: [PATCH] Enable build for RISC-V 32-bit target RISC-V 32-bit No-MMU is not officially supported by Linux kernel, but the current 64-bit toolchain can be built for 32-bit targets without substantial code change, thus it's nice to let uclibc compile for rv32 targets. I also managed to get uclibc/busybox running on rv32 QEMU and FPGA softcore without noticable problem based on this: https://github.com/damien-lemoal/buildroot. Note that to compile successfully, these macros need to be added in the arch/riscv/include/uapi/asm/unistd.h kernel header file: #define __ARCH_WANT_NEW_STAT #define __ARCH_WANT_SET_GET_RLIMIT #define __ARCH_WANT_TIME32_SYSCALLS Signed-off-by: Yimin Gu <ustcymgu(a)gmail.com> --- libc/sysdeps/linux/riscv64/bits/wordsize.h | 3 ++- libc/sysdeps/linux/riscv64/sys/asm.h | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/libc/sysdeps/linux/riscv64/bits/wordsize.h b/libc/sysdeps/linux/riscv64/bits/wordsize.h index 67a16ba62..1fc649aad 100644 --- a/libc/sysdeps/linux/riscv64/bits/wordsize.h +++ b/libc/sysdeps/linux/riscv64/bits/wordsize.h @@ -25,5 +25,6 @@ #if __riscv_xlen == 64 # define __WORDSIZE_TIME64_COMPAT32 1 #else -# error "rv32i-based targets are not supported" +# define __WORDSIZE_TIME64_COMPAT32 1 +// # warning "rv32i-based targets are experimental" #endif diff --git a/libc/sysdeps/linux/riscv64/sys/asm.h b/libc/sysdeps/linux/riscv64/sys/asm.h index ddb84b683..3d0f7afbc 100644 --- a/libc/sysdeps/linux/riscv64/sys/asm.h +++ b/libc/sysdeps/linux/riscv64/sys/asm.h @@ -26,7 +26,11 @@ # define REG_S sd # define REG_L ld #elif __riscv_xlen == 32 -# error "rv32i-based targets are not supported" +# warning "rv32i-based targets are experimental" +# define PTRLOG 2 +# define SZREG 4 +# define REG_S sw +# define REG_L lw #else # error __riscv_xlen must equal 32 or 64 #endif -- 2.35.1 ----- End forwarded message -----

2 years, 8 months

tst-cancel18 failing

by Max Filippov

Hello, I've noticed that with the uclibc-ng 1.0.39 the tests tst-cancel18 and tst-cancelx18 are failing in NPTL-enabled configs (on xtensa). Bisection pointed me to the commit 08d46f1ce21e ("librt: avoid compilation error") which effectively turned off cancellation for clock_nanosleep. Reverting it fixes the tests for me, and does not break uclibc-ng build on nommu configs with or without threads support. So I'm curious what was the original issue that mentioned commit tried to solve (what arch/config)? -- Thanks. -- Max

2 years, 8 months

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

devel March 2022