CRUX
Threads by month
- ----- 2024 -----
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
October 2017
- 8 participants
- 19 discussions
ports/core (3.3): [notify] glibc: updated to 2.24-9. Syncs with upstream.
by crux@crux.nu 22 Oct '17
by crux@crux.nu 22 Oct '17
22 Oct '17
commit c1f9872e222937d30119cad9e73d7d24673c771b
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Sun Oct 22 16:25:22 2017 +0200
[notify] glibc: updated to 2.24-9. Syncs with upstream.
Fixes:
CVE-2017-15670
CVE-2017-1000366
CVE-2015-5180
diff --git a/glibc/.md5sum b/glibc/.md5sum
index d59ccaa5..757ebc60 100644
--- a/glibc/.md5sum
+++ b/glibc/.md5sum
@@ -1,5 +1,6 @@
+bcfb2cb7f1cb0b4ecce27fcd5d5d2b21 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
aaad345ff18993dafe3e44ac947f7157 glibc-2.20-multilib-dirs.patch
-052018e4621ea8e3d7d8f1b711fcdaa3 glibc-2.24-updates.patch
+cb9c54c9d22b3ab597a69d05420b5e80 glibc-2.24.8.patch
97dc5517f92016f3d70d83e3162ad318 glibc-2.24.tar.xz
96156bec8e05de67384dc93e72bdc313 host.conf
fbbc215a9b15ba4846f326cc88108057 hosts
diff --git a/glibc/.signature b/glibc/.signature
index 5add9c43..e37cfd3e 100644
--- a/glibc/.signature
+++ b/glibc/.signature
@@ -1,6 +1,6 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqseqsi+1KI6tEwCOPga+iLAQvj05VaANUoS7dJW09bkmtVwDVezNbiVn6m4q2fOc6UPbyTSPGuFhRM9moY9o/gI=
-SHA256 (Pkgfile) = 34d333fdda050939723f57075b9263b17cf75788e283d9ebeee637dfd3811dfd
+RWRJc1FUaeVeqgAZOOo9pTZ8Kkhyn33vUDz6ZScBxuUJQ6SeGXgbji+1Hk8NhAeXhzpTxD/z+samesI/MdBUnJ7FWpznMnezQgk=
+SHA256 (Pkgfile) = 5d3c266de36bc04680358a4a7231bd7de49ead7e44da17d6a7edcb2a8d4cc3b5
SHA256 (.footprint) = 9bfd444359441e61174162207102b96597aa3a7051b4c5d8401d9d0e2713ec81
SHA256 (glibc-2.24.tar.xz) = 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3
SHA256 (kernel-headers-4.9.5.tar.xz) = 5783ad8f668ee71561fae370fbcdc477aaa6df249bd85635b87a8c204aeb4aa9
@@ -10,4 +10,5 @@ SHA256 (resolv.conf) = 72ccb58768a72a771ec37142bc361a18478a07ec9de6e925a20760794
SHA256 (nsswitch.conf) = 859b8984e5e90aff3cce8f9779996ae4033b280d2122840e9411e2f44a1c2e61
SHA256 (host.conf) = 1bffc6575eb6204458758c34656cd44d87e7d89f545055f8857dd8906b7fb277
SHA256 (ld.so.conf) = 441a37924864b5b063208922ea04a926cd9654e74ed3f160b9d455b56d23387f
-SHA256 (glibc-2.24-updates.patch) = 11839138c7d82544894df8fb6b505aa7afa1a07e79965a64b2a0dac7a1b0aa64
+SHA256 (glibc-2.24.8.patch) = 314fe8ec41042a85991e830a002abf2ff0b98dc4467afa238d8bb369d3be7cca
+SHA256 (0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch) = 3f634bf301eb8bab57e5ea552de3f694fb063ab45af3cc91990e1bc24f280ddd
diff --git a/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch b/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
new file mode 100644
index 00000000..bc410b26
--- /dev/null
+++ b/glibc/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
@@ -0,0 +1,765 @@
+From b9911eb529e51ebe7c5daa3b4f17e2caf7ddb9a4 Mon Sep 17 00:00:00 2001
+From: Fredrik Rinnestam <fredrik(a)crux.nu>
+Date: Sun, 22 Oct 2017 16:18:40 +0200
+Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+---
+ ChangeLog | 10 +
+ NEWS | 701 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ posix/glob.c | 2 +-
+ 3 files changed, 712 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 84189ec762..1fb38cb7ee 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,4 @@
++<<<<<<< HEAD
+ 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
+
+ * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
+@@ -20,6 +21,15 @@
+ * sysdeps/x86_64/tst-avxmod.c: Likewise.
+ * sysdeps/x86_64/tst-sse.c: Likewise.
+ * sysdeps/x86_64/tst-ssemod.c: Likewise.
++=======
++2017-10-20 Paul Eggert <eggert(a)cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
++2017-10-20 Wilco Dijkstra <wdijkstr(a)arm.com>
++>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+ 2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
+
+diff --git a/NEWS b/NEWS
+index 4831542023..90cae42eee 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,7 +5,708 @@ See the end for copying conditions.
+ Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
+ using `glibc' in the "product" field.
+
++<<<<<<< HEAD
+ Version 2.24.1
++=======
++Version 2.27
++
++Major new features:
++
++* Optimized x86-64 asin, atan2, exp, expf, log, pow, atan, sin and tan
++ with FMA, contributed by Arjan van de Ven and H.J. Lu from Intel.
++
++* Optimized x86-64 trunc and truncf for processors with SSE4.1.
++
++* Optimized generic expf, exp2f, logf, log2f and powf.
++
++* In order to support faster and safer process termination the malloc API
++ family of functions will no longer print a failure address and stack
++ backtrace after detecting heap corruption. The goal is to minimize the
++ amount of work done after corruption is detected and to avoid potential
++ security issues in continued process execution. Reducing shutdown time
++ leads to lower overall process restart latency, so there is benefit both
++ from a security and performance perspective.
++
++* The abort function terminates the process immediately, without flushing
++ stdio streams. Previous glibc versions used to flush streams, resulting
++ in deadlocks and further data corruption. This change also affects
++ process aborts as the result of assertion failures.
++
++* On platforms where long double has the IEEE binary128 format (aarch64,
++ alpha, mips64, s390 and sparc), the math library now implements _Float128
++ interfaces for that type, as defined by ISO/IEC TS 18661-3:2015. These
++ are the same interfaces added in version 2.26 for some platforms where
++ this format is supported but is not the format of long double.
++
++Deprecated and removed features, and other changes affecting compatibility:
++
++* On GNU/Linux, the obsolete Linux constant PTRACE_SEIZE_DEVEL is no longer
++ defined by <sys/ptrace.h>.
++
++* libm no longer supports SVID error handling (calling a user-provided
++ matherr function on error) or the _LIB_VERSION variable to control error
++ handling. (SVID error handling and the _LIB_VERSION variable still work
++ for binaries linked against older versions of the GNU C Library.) The
++ libieee.a library is no longer provided. math.h no longer defines struct
++ exception, or the macros X_TLOSS, DOMAIN, SING, OVERFLOW, UNDERFLOW,
++ TLOSS, PLOSS and HUGE.
++
++* The libm functions pow10, pow10f and pow10l are no longer supported for
++ new programs. Programs should use the standard names exp10, exp10f and
++ exp10l for these functions instead.
++
++* The mcontext_t type is no longer the same as struct sigcontext. On
++ platforms where it was previously the same, this changes the C++ name
++ mangling for interfaces involving this type.
++
++* The add-ons mechanism for building additional packages at the same time as
++ glibc has been removed. The --enable-add-ons configure option is now
++ ignored.
++
++Changes to build and runtime requirements:
++
++ [Add changes to build and runtime requirements here]
++
++Security related changes:
++
++ CVE-2009-5064: The ldd script would sometimes run the program under
++ examination directly, without preventing code execution through the
++ dynamic linker. (The glibc project disputes that this is a security
++ vulnerability; only trusted binaries must be examined using the ldd
++ script.)
++
++ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE, suffered
++ from a one-byte overflow during ~ operator processing (either on the stack
++ or the heap, depending on the length of the user name).
++
++The following bugs are resolved with this release:
++
++ [The release manager will add the list generated by
++ scripts/list-fixed-bugs.py just before the release.]
++
++
++Version 2.26
++
++Major new features:
++
++* A per-thread cache has been added to malloc. Access to the cache requires
++ no locks and therefore significantly accelerates the fast path to allocate
++ and free small amounts of memory. Refilling an empty cache requires locking
++ the underlying arena. Performance measurements show significant gains in a
++ wide variety of user workloads. Workloads were captured using a special
++ instrumented malloc and analyzed with a malloc simulator. Contributed by
++ DJ Delorie with the help of Florian Weimer, and Carlos O'Donell.
++
++* Unicode 10.0.0 Support: Character encoding, character type info, and
++ transliteration tables are all updated to Unicode 10.0.0, using
++ generator scripts contributed by Mike FABIAN (Red Hat).
++ These updates cause user visible changes, especially the changes in
++ wcwidth for many emoji characters cause problems when emoji sequences
++ are rendered with pango, see for example:
++ https://bugzilla.gnome.org/show_bug.cgi?id=780669#c5
++
++* Collation of Hungarian has been overhauled and is now consistent with "The
++ Rules of Hungarian Orthography, 12th edition" (Bug 18934). Contributed by
++ Egmont Koblinger.
++
++* Improvements to the DNS stub resolver, contributed by Florian Weimer:
++
++ - The GNU C Library will now detect when /etc/resolv.conf has been
++ modified and reload the changed configuration. The new resolver option
++ “no-reload” (RES_NORELOAD) disables this behavior.
++
++ - The GNU C Library now supports an arbitrary number of search domains
++ (configured using the “search” directive in /etc/resolv.conf);
++ previously, there was a hard limit of six domains. For backward
++ compatibility, applications that directly modify the ‘_res’ global
++ object are still limited to six search domains.
++
++ - When the “rotate” (RES_ROTATE) resolver option is active, the GNU C
++ Library will now randomly pick a name server from the configuration as a
++ starting point. (Previously, the second name server was always used.)
++
++* The tunables feature is now enabled by default. This allows users to tweak
++ behavior of the GNU C Library using the GLIBC_TUNABLES environment variable.
++
++* New function reallocarray, which resizes an allocated block (like realloc)
++ to the product of two sizes, with a guaranteed clean failure upon integer
++ overflow in the multiplication. Originally from OpenBSD, contributed by
++ Dennis Wölfing and Rüdiger Sonderfeld.
++
++* New wrappers for the Linux-specific system calls preadv2 and pwritev2.
++ These are extended versions of preadv and pwritev, respectively, taking an
++ additional flags argument. The set of supported flags depends on the
++ running kernel; full support currently requires kernel 4.7 or later.
++
++* posix_spawnattr_setflags now supports the flag POSIX_SPAWN_SETSID, to
++ create a new session ID for the spawned process. This feature is
++ scheduled to be added to the next major revision of POSIX; for the time
++ being, it is available under _GNU_SOURCE.
++
++* errno.h is now safe to use from C-preprocessed assembly language on all
++ supported operating systems. In this context, it will only define the
++ Exxxx constants, as preprocessor macros expanding to integer literals.
++
++* On ia64, powerpc64le, x86-32, and x86-64, the math library now implements
++ 128-bit floating point as defined by ISO/IEC/IEEE 60559:2011 (IEEE
++ 754-2008) and ISO/IEC TS 18661-3:2015. Contributed by Paul E. Murphy,
++ Gabriel F. T. Gomes, Tulio Magno Quites Machado Filho, and Joseph Myers.
++
++ To compile programs that use this feature, the compiler must support
++ 128-bit floating point with the type name _Float128 (as defined by TS
++ 18661-3) or __float128 (the nonstandard name used by GCC for C++, and for
++ C prior to version 7). _GNU_SOURCE or __STDC_WANT_IEC_60559_TYPES_EXT__
++ must be defined to make the new interfaces visible.
++
++ The new functions and macros correspond to those present for other
++ floating-point types (except for a few obsolescent interfaces not
++ supported for the new type), with F128 or f128 suffixes; for example,
++ strtof128, HUGE_VAL_F128 and cosf128. Following TS 18661-3, there are no
++ printf or scanf formats for the new type; the strfromf128 and strtof128
++ interfaces should be used instead.
++
++Deprecated and removed features, and other changes affecting compatibility:
++
++* The synchronization that pthread_spin_unlock performs has been changed to
++ now be equivalent to a C11 atomic store with release memory order to the
++ spin lock's memory location. Previously, several (but not all)
++ architectures used stronger synchronization (e.g., containing what is
++ often called a full barrier). This change can improve performance, but
++ may affect odd fringe uses of spin locks that depend on the previous
++ behavior (e.g., using spin locks as atomic variables to try to implement
++ Dekker's mutual exclusion algorithm).
++
++* The port to Native Client running on ARMv7-A (--host=arm-nacl) has been
++ removed.
++
++* Sun RPC is deprecated. The rpcgen program, librpcsvc, and Sun RPC headers
++ will only be built and installed when the GNU C Library is configured with
++ --enable-obsolete-rpc. This allows alternative RPC implementations, such
++ as TIRPC or rpcsvc-proto, to be used.
++
++* The NIS(+) name service modules, libnss_nis, libnss_nisplus, and
++ libnss_compat, are deprecated, and will not be built or installed by
++ default.
++
++ The NIS(+) support library, libnsl, is also deprecated. By default, a
++ compatibility shared library will be built and installed, but not headers
++ or development libraries. Only a few NIS-related programs require this
++ library. (In particular, the GNU C Library has never required programs
++ that use 'gethostbyname' to be linked with libnsl.)
++
++ Replacement implementations based on TIRPC, which additionally support
++ IPv6, are available from <https://github.com/thkukuk/>. The configure
++ option --enable-obsolete-nsl will cause libnsl's headers, and the NIS(+)
++ name service modules, to be built and installed.
++
++* The DNS stub resolver no longer performs EDNS fallback. If EDNS or DNSSEC
++ support is enabled, the configured recursive resolver must support EDNS.
++ (Responding to EDNS-enabled queries with responses which are not
++ EDNS-enabled is fine, but FORMERR responses are not.)
++
++* res_mkquery and res_nmkquery no longer support the IQUERY opcode. DNS
++ servers have not supported this opcode for a long time.
++
++* The _res_opcodes variable has been removed from libresolv. It had been
++ exported by accident.
++
++* <string.h> no longer includes inline versions of any string functions,
++ as this kind of optimization is better done by the compiler. The macros
++ __USE_STRING_INLINES and __NO_STRING_INLINES no longer have any effect.
++
++* The nonstandard header <xlocale.h> has been removed. Most programs should
++ use <locale.h> instead. If you have a specific need for the definition of
++ locale_t with no other declarations, please contact
++ libc-alpha(a)sourceware.org and explain.
++
++* The obsolete header <sys/ultrasound.h> has been removed.
++
++* The obsolete signal constant SIGUNUSED is no longer defined by <signal.h>.
++
++* The obsolete function cfree has been removed. Applications should use
++ free instead.
++
++* The stack_t type no longer has the name struct sigaltstack. This changes
++ the C++ name mangling for interfaces involving this type.
++
++* The ucontext_t type no longer has the name struct ucontext. This changes
++ the C++ name mangling for interfaces involving this type.
++
++* On M68k GNU/Linux and MIPS GNU/Linux, the fpregset_t type no longer has
++ the name struct fpregset. On Nios II GNU/Linux, the mcontext_t type no
++ longer has the name struct mcontext. On SPARC GNU/Linux, the struct
++ mc_fq, struct rwindow, struct fpq and struct fq types are no longer
++ defined in sys/ucontext.h, the mc_fpu_t type no longer has the name struct
++ mc_fpu, the gwindows_t type no longer has the name struct gwindows and the
++ fpregset_t type no longer has the name struct fpu. This changes the C++
++ name mangling for interfaces involving those types.
++
++* On S/390 GNU/Linux, the constants defined by <sys/ptrace.h> have been
++ synced with the kernel:
++
++ - PTRACE_GETREGS, PTRACE_SETREGS, PTRACE_GETFPREGS and PTRACE_SETFPREGS
++ are not supported on this architecture and have been removed.
++
++ - PTRACE_SINGLEBLOCK, PTRACE_SECCOMP_GET_FILTER, PTRACE_PEEKUSR_AREA,
++ PTRACE_POKEUSR_AREA, PTRACE_GET_LAST_BREAK, PTRACE_ENABLE_TE,
++ PTRACE_DISABLE_TE and PTRACE_TE_ABORT_RAND have been added.
++
++ Programs that assume the GET/SETREGS ptrace requests are universally
++ available will now fail to build, instead of malfunctioning at runtime.
++
++Changes to build and runtime requirements:
++
++* Linux kernel 3.2 or later is required at runtime, on all architectures
++ supported by that kernel. (This is a change from version 2.25 only for
++ x86-32 and x86-64.)
++
++* GNU Binutils 2.25 or later is now required to build the GNU C Library.
++
++* On most architectures, GCC 4.9 or later is required to build the GNU C
++ Library. On powerpc64le, GCC 6.2 or later is required.
++
++ Older GCC versions and non-GNU compilers are still supported when
++ compiling programs that use the GNU C Library. (We do not know exactly
++ how old, and some GNU extensions to C may be _de facto_ required. If you
++ are interested in helping us make this statement less vague, please
++ contact libc-alpha(a)sourceware.org.)
++
++Security related changes:
++
++* The DNS stub resolver limits the advertised UDP buffer size to 1200 bytes,
++ to avoid fragmentation-based spoofing attacks (CVE-2017-12132).
++
++* LD_LIBRARY_PATH is now ignored in binaries running in privileged AT_SECURE
++ mode to guard against local privilege escalation attacks (CVE-2017-1000366).
++
++* Avoid printing a backtrace from the __stack_chk_fail function since it is
++ called on a corrupt stack and a backtrace is unreliable on a corrupt stack
++ (CVE-2010-3192).
++
++* A use-after-free vulnerability in clntudp_call in the Sun RPC system has been
++ fixed (CVE-2017-12133).
++
++The following bugs are resolved with this release:
++
++ [984] network: Respond to changed resolv.conf in gethostbyname
++ [5010] network: sunrpc service cleanup causes unwanted port mapper traffic
++ [12068] localedata: sc_IT: misspelled yesexpr/day/abday/mon/abmon/date_fmt
++ fields
++ [12189] libc: __stack_chk_fail should not attempt a backtrace
++ (CVE-2010-3192)
++ [14096] time: Race condition on timezone/tst-timezone.out
++ [14172] localedata: az_IR: new locale
++ [14995] build: glibc fails to build if gold is the default linker, even if
++ ld.bfd is available
++ [15998] build: [powerpc] Set arch_minimum_kernel for powerpc LE
++ [16637] network: inet_pton function is accepting IPv6 with bad format
++ [16640] string: string/strtok.c: undefined behaviour inconsistent between
++ x86 and other generic code
++ [16875] localedata: ko_KR: fix lang_name
++ [17225] localedata: ar_SY: localized month names for May and June are
++ incorrect
++ [17297] localedata: da_DK: wrong date_fmt string
++ [18907] stdio: Incorrect order of __wur __THROW in <printf.h>
++ [18934] localedata: hu_HU: collate: fix multiple bugs and add tests
++ [18988] nptl: pthread wastes memory with mlockall(MCL_FUTURE)
++ [19066] localedata: ar_SA abbreviated day and month names are in English
++ [19569] network: resolv: Support an arbitrary number of search domains
++ [19570] network: Implement random DNS server selection in the stub
++ resolver
++ [19838] locale: localedef fails on PA-RISC
++ [19919] localedata: iso14651_t1_common: Correct the Malayalam sorting
++ order of 0D36 and 0D37
++ [19922] localedata: iso14651_t1_common: Define collation for Malayalam
++ chillu characters
++ [20098] libc: FAIL: debug/backtrace-tst on hppa
++ [20257] network: sunrpc: clntudp_call does not enforce timeout when
++ receiving data
++ [20275] localedata: locale day/abday/mon/abmon should not have trailing
++ whitespace
++ [20313] localedata: Update locale data to Unicode 9.0
++ [20424] manual: Document how to provide a malloc replacement
++ [20496] localedata: agr_PE: new language locale Awajún / Aguaruna (agr)
++ for Peru
++ [20686] locale: Add el_GR@euro to SUPPORTED.
++ [20831] dynamic-link: _dl_map_segments does not test for __mprotect
++ failures consistently
++ [21015] dynamic-link: Document and fix --enable-bind-now
++ [21016] nptl: pthread_cond support is broken on hppa
++ [21029] libc: glibc-2.23 (and later) fails to compile with -fno-omit-
++ frame-pointer on i386
++ [21049] libc: segfault in longjmp_chk() due to clobbered processor
++ register
++ [21075] libc: unused assigment to %g4 in sparc/sparc{64,32}/clone.S
++ [21088] libc: Build fails with --enable-static-nss
++ [21094] math: cosf(1.57079697) has 3 ulp error on targets where the
++ generic c code is used
++ [21109] libc: Tunables broken on big-endian
++ [21112] math: powf has large ulp errors with base close to 1 and exponent
++ around 4000
++ [21115] network: sunrpc: Use-after-free in error path in clntudp_call
++ (CVE-2017-12133)
++ [21120] malloc: glibc malloc is incompatible with GCC 7
++ [21130] math: Incorrect return from y0l (-inf) and y1l (-inf) when linking
++ with -lieee
++ [21134] math: Exception (divide by zero) not set for y0/y1 (0.0) and y0/y1
++ (-0.0) when linking with -lieee
++ [21171] math: log10, log2 and lgamma return incorrect results
++ [21179] libc: handle R_SPARC_DISP64 and R_SPARC_REGISTER relocs
++ [21182] libc: __memchr_sse2: regression in glibc-2.25 on i686
++ [21207] localedata: ce_RU: update weekdays from CLDR
++ [21209] dynamic-link: LD_HWCAP_MASK read in setuid binaries
++ [21217] localedata: Update months from CLDR-31
++ [21232] libc: miss posix_fadvise64 on MIPS64 when static linking
++ [21243] libc: support_delete_temp_file should issue warning for failed
++ remove()
++ [21244] libc: support resolv_test_start() socket fd close should be
++ checked for errors.
++ [21253] libc: localedef randomly segfaults when using -fstack-check due to
++ new posix_spawn implementation
++ [21258] dynamic-link: Branch predication in _dl_runtime_resolve_avx512_opt
++ leads to lower CPU frequency
++ [21259] libc: [alpha] termios.h missing IXANY for POSIX
++ [21261] libc: [sparc64] bits/setjmp.h namespace
++ [21267] network: [mips] bits/socket.h IOC* namespace
++ [21268] libc: [alpha] termios.h NL2, NL3 namespace
++ [21270] libc: mmap64 silently truncates large offset values
++ [21275] libc: posix_spawn always crashes on ia64 now
++ [21277] libc: [alpha] termios.h missing IUCLC for UNIX98 and older
++ [21280] math: [powerpc] logbl for POWER7 return incorrect results
++ [21289] libc: Incorrect declaration for 32-bit platforms with
++ _FILE_OFFSET_BITS=64 causes build error
++ [21295] network: GETAI(AF_UNSPEC) drops IPv6 addresses if nss module does
++ not support gethostbyname4_r
++ [21298] nptl: rwlock can deadlock on frequent reader/writer phase
++ switching
++ [21338] malloc: mallopt M_ARENA_MAX doesn't set the maximum number of
++ arenas
++ [21340] libc: Support POSIX_SPAWN_SETSID
++ [21357] libc: unwind-dw2-fde deadlock when using AddressSanitizer
++ [21359] network: ns_name_pack needs additional byte in destination buffer
++ [21361] network: resolv: Reduce advertised EDNS0 buffer size to guard
++ against fragmentation attacks (CVE-2017-12132)
++ [21369] network: resolv: Remove EDNS fallback
++ [21371] libc: Missing timespec definition when compiled with _XOPEN_SOURCE
++ and _POSIX_C_SOURCE
++ [21386] nptl: Assertion in fork for distinct parent PID is incorrect
++ [21391] dynamic-link: x86: Set dl_platform and dl_hwcap from CPU features
++ [21393] stdio: Missing dup3 error check in freopen, freopen64
++ [21396] libc: Use AVX2 memcpy/memset on Skylake server
++ [21399] localedata: Bad description for U00EC in
++ localedata/charmaps/CP1254
++ [21411] malloc: realloc documentation error
++ [21426] network: sys/socket.h uio.h namespace
++ [21428] libc: [aarch64] tst-backtrace5 testsuite failure
++ [21445] libc: signal.h bsd_signal namespace
++ [21455] network: Network headers stdint.h namespace
++ [21474] network: resolv: res_init does not use RES_DFLRETRY (2) but 4 for
++ retry value
++ [21475] network: resolv: Overlong search path is truncated mid-label
++ [21511] libc: sigstack namespace
++ [21512] libc: clone() ends up calling exit_group() through _exit() wrapper
++ [21514] libc: sysdeps/unix/sysv/linux/sys/syscall.h:31:27: fatal error:
++ bits/syscall.h: No such file or directory
++ [21517] libc: struct sigaltstack namespace
++ [21528] dynamic-link: Duplicated minimal strtoul implementations in ld.so
++ [21533] localedata: Update locale data to Unicode 10.0
++ [21537] libc:
++ ../sysdeps/unix/sysv/linux/s390/s390-32/__makecontext_ret.S:44: Error:
++ junk at end of line, first unrecognized character is `@'
++ [21538] libc: SIG_HOLD missing for XPG4
++ [21539] libc: S390: Mismatch between kernel and glibc ptrace.h with
++ request 12: PTRACE_SINGLEBLOCK vs PTRACE_GETREGS.
++ [21542] libc: Use conservative default for sysconf (_SC_NPROCESSORS_ONLN)
++ [21543] libc: sigevent namespace
++ [21548] libc: [mips] get/set/make/swap context for MIPS O32 assume wrong
++ size for general purpose registers in mcontext_t structure
++ [21550] libc: sigwait namespace
++ [21552] libc: XPG4 bsd_signal namespace
++ [21554] libc: sigpause namespace
++ [21560] libc: sys/wait.h signal.h namespace
++ [21561] libc: waitid namespace
++ [21573] nptl: GCC 7: /usr/bin/install: cannot remove
++ '/usr/include/stdlib.h': Permission denied
++ [21575] libc: sys/wait.h missing struct rusage definition
++ [21584] libc: sigaltstack etc namespace
++ [21597] libc: siginterrupt namespace
++ [21607] math: hppa: FAIL: math/test-tgmath
++ [21609] dynamic-link: Incomplete workaround for GCC __tls_get_addr ABI
++ issue on x86-64
++ [21622] libc: [tile] missing SA_* for POSIX.1:2008
++ [21624] dynamic-link: ld.so: Unsafe alloca allows local attackers to alias
++ stack and heap (CVE-2017-1000366)
++ [21625] libc: wait3 namespace
++ [21654] nss: Incorrect pointer alignment in NSS group merge result
++ construction
++ [21657] network: Parse interface zone id for node-local multicast
++ [21662] string: memcmp-avx2-movbe.S lacks saturating subtraction for
++ between_2_3
++ [21666] libc: .symver is used on common symbol
++ [21668] network: resolv: res_init cross-thread broadcast introduces race
++ conditions
++ [21687] math: tgmath.h totalorder, totalordermag return type
++ [21694] locale: Current Glibc Locale Does Not Support Tok-Pisin and Fiji
++ Hindi Locale
++ [21696] libc: Incorrect assumption of of __cpu_mask in
++ posix/sched_cpucount.c
++ [21697] libc: sysdeps/posix/spawni.c: 2 * suspicious condition ?
++ [21706] localedata: yesstr and nostr are missing for Breton [LC_MESSAGES]
++ locale
++ [21707] math: ppc64le: Invalid IFUNC resolver from libgcc calls getauxval,
++ leading to relocation crash
++ [21709] libc: resolv_conf.c:552: update_from_conf: Assertion
++ `resolv_conf_matches (resp, conf)' failed.
++ [21710] localedata: Added Samoan language locale for Samoa
++ [21711] localedata: Pashto yesstr/nostr locale are missing
++ [21715] nptl: sysdeps/nptl/bits/pthreadtypes.h: typedef guard
++ __have_pthread_attr_t can cause redefinition of typedef ‘pthread_attr_t’
++ [21721] localedata: Incorrect Full Weekday names for ks_IN@devanagari
++ [21723] localedata: yesstr/nostr missing for Chinese language locale
++ [21724] localedata: yesstr and nostr are missing for Xhosa [LC_MESSAGES]
++ locale
++ [21727] localedata: yesstr and nostr are missing for Tsonga [LC_MESSAGES]
++ locale
++ [21728] localedata: New Locale for Tongan language
++ [21729] localedata: incorrect LC_NAME fields for hi_IN
++ [21733] localedata: yesstr and nostr are missing for zh_HK
++ [21734] localedata: Missing yesstr and nostr are for kw_GB
++ [21738] libc: misc/tst-preadvwritev2 and misc/tst-preadvwritev64v2 fail
++ [21741] libc: Undefined __memmove_chk_XXX and __memset_chk_XXX in libc.a
++ [21742] libc: _dl_num_cache_relocations is undefined in libc.a
++ [21743] localedata: ks_IN@devanagari: abday strings mismatch the day
++ strings
++ [21744] libc: Tests failing on --enable-tunables --enable-stack-
++ protector=all
++ [21749] localedata: Wrong abbreviated day name (“abday”) for
++ ar_JO/ar_LB/ar_SY
++ [21756] localedata: missing yesstr, nostr for nds_DE and nds_NL
++ [21757] localedata: missing yesstr, nostr for pap_AW and pap_CW
++ [21759] localedata: missing yesstr and nostr for Tigrinya
++ [21760] localedata: Fix LC_MESSAGES and LC_ADDRESS for anp_IN
++ [21766] localedata: Wrong LC_MESSAGES for om_ET Locale
++ [21767] localedata: Missing Bislama locales
++ [21768] localedata: Missing yesstr and nostr for aa_ET
++ [21770] localedata: Missing Field in li_NL
++ [21778] nptl: Robust mutex may deadlock
++ [21779] libc: MicroBlaze segfaults when loading libpthread
++ [21783] localedata: Fix int_select international_call_prefixes
++ [21784] localedata: Inconsistency in country_isbn
++ [21788] localedata: Missing Country Postal Abbreviations
++ [21794] localedata: Added-country_isbn-for-Italy
++ [21795] localedata: Add/Fix country_isbn for France
++ [21796] localedata: Added country_isbn for Republic of Korea
++ [21797] localedata: Fix inconsistency in country_isbn and missing prefixes
++ [21799] localedata: Added int_select international_call_prefixes
++ [21801] localedata: Added int_select international_call_prefixes
++ [21804] nptl: Double semicolon in thread-shared-types.h
++ [21807] localedata: LC_ADDRESS fix for pap_CW
++ [21808] localedata: Fix LC_ADDRESS for pap_AW
++ [21821] localedata: Added country_name in mai_IN
++ [21822] localedata: Fix LC_TIME for mai_IN
++ [21823] localedata: missing yesstr, nostr for sa_IN
++ [21825] localedata: Fix name_mrs for mag_IN
++ [21828] localedata: 2.26 changelog should mention user visible changes
++ with unicode 9.0
++ [21835] localedata: Added Maithili language locale for Nepal
++ [21838] localedata: Removed redundant data for the_NP
++ [21839] localedata: Fix LC_MONETARY for ta_LK
++ [21844] localedata: Fix Latin characters and Months Sequence.
++ [21848] localedata: Fix mai_NP Title Name
++
++
++Version 2.25
++
++* The feature test macro __STDC_WANT_LIB_EXT2__, from ISO/IEC TR
++ 24731-2:2010, is supported to enable declarations of functions from that
++ TR. Note that not all functions from that TR are supported by the GNU C
++ Library.
++
++* The feature test macro __STDC_WANT_IEC_60559_BFP_EXT__, from ISO/IEC TS
++ 18661-1:2014, is supported to enable declarations of functions and macros
++ from that TS. Note that not all features from that TS are supported by
++ the GNU C Library.
++
++* The feature test macro __STDC_WANT_IEC_60559_FUNCS_EXT__, from ISO/IEC TS
++ 18661-4:2015, is supported to enable declarations of functions and macros
++ from that TS. Note that most features from that TS are not supported by
++ the GNU C Library.
++
++* The nonstandard feature selection macros _REENTRANT and _THREAD_SAFE are
++ now treated as compatibility synonyms for _POSIX_C_SOURCE=199506L.
++ Since the GNU C Library defaults to a much newer revision of POSIX, this
++ will only affect programs that specifically request an old conformance
++ mode. For instance, a program compiled with -std=c89 -D_REENTRANT will
++ see a change in the visible declarations, but a program compiled with
++ just -D_REENTRANT, or -std=c99 -D_POSIX_C_SOURCE=200809L -D_REENTRANT,
++ will not.
++
++ Some C libraries once required _REENTRANT and/or _THREAD_SAFE to be
++ defined by all multithreaded code, but glibc has not required this for
++ many years.
++
++* The inclusion of <sys/sysmacros.h> by <sys/types.h> is deprecated. This
++ means that in a future release, the macros “major”, “minor”, and “makedev”
++ will only be available from <sys/sysmacros.h>.
++
++ These macros are not part of POSIX nor XSI, and their names frequently
++ collide with user code; see for instance glibc bug 19239 and Red Hat bug
++ 130601. <stdlib.h> includes <sys/types.h> under _GNU_SOURCE, and C++ code
++ presently cannot avoid being compiled under _GNU_SOURCE, exacerbating the
++ problem.
++
++* New <fenv.h> features from TS 18661-1:2014 are added to libm: the
++ fesetexcept, fetestexceptflag, fegetmode and fesetmode functions, the
++ femode_t type and the FE_DFL_MODE and FE_SNANS_ALWAYS_SIGNAL macros.
++
++* Integer width macros from TS 18661-1:2014 are added to <limits.h>:
++ CHAR_WIDTH, SCHAR_WIDTH, UCHAR_WIDTH, SHRT_WIDTH, USHRT_WIDTH, INT_WIDTH,
++ UINT_WIDTH, LONG_WIDTH, ULONG_WIDTH, LLONG_WIDTH, ULLONG_WIDTH; and to
++ <stdint.h>: INT8_WIDTH, UINT8_WIDTH, INT16_WIDTH, UINT16_WIDTH,
++ INT32_WIDTH, UINT32_WIDTH, INT64_WIDTH, UINT64_WIDTH, INT_LEAST8_WIDTH,
++ UINT_LEAST8_WIDTH, INT_LEAST16_WIDTH, UINT_LEAST16_WIDTH,
++ INT_LEAST32_WIDTH, UINT_LEAST32_WIDTH, INT_LEAST64_WIDTH,
++ UINT_LEAST64_WIDTH, INT_FAST8_WIDTH, UINT_FAST8_WIDTH, INT_FAST16_WIDTH,
++ UINT_FAST16_WIDTH, INT_FAST32_WIDTH, UINT_FAST32_WIDTH, INT_FAST64_WIDTH,
++ UINT_FAST64_WIDTH, INTPTR_WIDTH, UINTPTR_WIDTH, INTMAX_WIDTH,
++ UINTMAX_WIDTH, PTRDIFF_WIDTH, SIG_ATOMIC_WIDTH, SIZE_WIDTH, WCHAR_WIDTH,
++ WINT_WIDTH.
++
++* New <math.h> features are added from TS 18661-1:2014:
++
++ - Signaling NaN macros: SNANF, SNAN, SNANL.
++
++ - Nearest integer functions: roundeven, roundevenf, roundevenl, fromfp,
++ fromfpf, fromfpl, ufromfp, ufromfpf, ufromfpl, fromfpx, fromfpxf,
++ fromfpxl, ufromfpx, ufromfpxf, ufromfpxl.
++
++ - llogb functions: the llogb, llogbf and llogbl functions, and the
++ FP_LLOGB0 and FP_LLOGBNAN macros.
++
++ - Max-min magnitude functions: fmaxmag, fmaxmagf, fmaxmagl, fminmag,
++ fminmagf, fminmagl.
++
++ - Comparison macros: iseqsig.
++
++ - Classification macros: iscanonical, issubnormal, iszero.
++
++ - Total order functions: totalorder, totalorderf, totalorderl,
++ totalordermag, totalordermagf, totalordermagl.
++
++ - Canonicalize functions: canonicalize, canonicalizef, canonicalizel.
++
++ - NaN functions: getpayload, getpayloadf, getpayloadl, setpayload,
++ setpayloadf, setpayloadl, setpayloadsig, setpayloadsigf, setpayloadsigl.
++
++* The functions strfromd, strfromf, and strfroml, from ISO/IEC TS 18661-1:2014,
++ are added to libc. They convert a floating-point number into string.
++
++* Most of glibc can now be built with the stack smashing protector enabled.
++ It is recommended to build glibc with --enable-stack-protector=strong.
++ Implemented by Nick Alcock (Oracle).
++
++* The function explicit_bzero, from OpenBSD, has been added to libc. It is
++ intended to be used instead of memset() to erase sensitive data after use;
++ the compiler will not optimize out calls to explicit_bzero even if they
++ are "unnecessary" (in the sense that no _correct_ program can observe the
++ effects of the memory clear).
++
++* On ColdFire, MicroBlaze, Nios II and SH3, the float_t type is now defined
++ to float instead of double. This does not affect the ABI of any libraries
++ that are part of the GNU C Library, but may affect the ABI of other
++ libraries that use this type in their interfaces.
++
++* On x86_64, when compiling with -mfpmath=387 or -mfpmath=sse+387, the
++ float_t and double_t types are now defined to long double instead of float
++ and double. These options are not the default, and this does not affect
++ the ABI of any libraries that are part of the GNU C Library, but it may
++ affect the ABI of other libraries that use this type in their interfaces,
++ if they are compiled or used with those options.
++
++* The getentropy and getrandom functions, and the <sys/random.h> header file
++ have been added.
++
++* The buffer size for byte-oriented stdio streams is now limited to 8192
++ bytes by default. Previously, on Linux, the default buffer size on most
++ file systems was 4096 bytes (and thus remains unchanged), except on
++ network file systems, where the buffer size was unpredictable and could be
++ as large as several megabytes.
++
++* The <sys/quota.h> header now includes the <linux/quota.h> header. Support
++ for the Linux quota interface which predates kernel version 2.4.22 has
++ been removed.
++
++* The malloc_get_state and malloc_set_state functions have been removed.
++ Already-existing binaries that dynamically link to these functions will
++ get a hidden implementation in which malloc_get_state is a stub. As far
++ as we know, these functions are used only by GNU Emacs and this change
++ will not adversely affect already-built Emacs executables. Any undumped
++ Emacs executables, which normally exist only during an Emacs build, should
++ be rebuilt by re-running “./configure; make” in the Emacs build tree.
++
++* The “ip6-dotint” and “no-ip6-dotint” resolver options, and the
++ corresponding RES_NOIP6DOTINT flag from <resolv.h> have been removed.
++ “no-ip6-dotint” had already been the default, and support for the
++ “ip6-dotint” option was removed from the Internet in 2006.
++
++* The "ip6-bytestring" resolver option and the corresponding RES_USEBSTRING
++ flag from <resolv.h> have been removed. The option relied on a
++ backwards-incompatible DNS extension which was never deployed on the
++ Internet.
++
++* The flags RES_AAONLY, RES_PRIMARY, RES_NOCHECKNAME, RES_KEEPTSIG,
++ RES_BLAST defined in the <resolv.h> header file have been deprecated.
++ They were already unimplemented.
++
++* The "inet6" option in /etc/resolv.conf and the RES_USE_INET6 flag for
++ _res.flags are deprecated. The flag was standardized in RFC 2133, but
++ removed again from the IETF name lookup interface specification in RFC
++ 2553. Applications should use getaddrinfo instead.
++
++* DNSSEC-related declarations and definitions have been removed from the
++ <arpa/nameser.h> header file, and libresolv will no longer attempt to
++ decode the data part of DNSSEC record types. Previous versions of glibc
++ only implemented minimal support for the previous version of DNSSEC, which
++ is incompatible with the currently deployed version.
++
++* The resource record type classification macros ns_t_qt_p, ns_t_mrr_p,
++ ns_t_rr_p, ns_t_udp_p, ns_t_xfr_p have been removed from the
++ <arpa/nameser.h> header file because the distinction between RR types and
++ meta-RR types is not officially standardized, subject to revision, and
++ thus not suitable for encoding in a macro.
++
++* The types res_sendhookact, res_send_qhook, re_send_rhook, and the qhook
++ and rhook members of the res_state type in <resolv.h> have been removed.
++ The glibc stub resolver did not support these hooks, but the header file
++ did not reflect that.
++
++* For multi-arch support it is recommended to use a GCC which has
++ been built with support for GNU indirect functions. This ensures
++ that correct debugging information is generated for functions
++ selected by IFUNC resolvers. This support can either be enabled by
++ configuring GCC with '--enable-gnu-indirect-function', or by
++ enabling it by default by setting 'default_gnu_indirect_function'
++ variable for a particular architecture in the GCC source file
++ 'gcc/config.gcc'.
++
++* GDB pretty printers have been added for mutex and condition variable
++ structures in POSIX Threads. When installed and loaded in gdb these pretty
++ printers show various pthread variables in human-readable form when read
++ using the 'print' or 'display' commands in gdb.
++
++* Tunables feature added to allow tweaking of the runtime for an application
++ program. This feature can be enabled with the '--enable-tunables' configure
++ flag. The GNU C Library manual has details on usage and README.tunables has
++ instructions on adding new tunables to the library.
++
++* A new version of condition variables functions have been implemented in
++ the NPTL implementation of POSIX Threads to provide stronger ordering
++ guarantees.
++
++* A new version of pthread_rwlock functions have been implemented to use a more
++ scalable algorithm primarily through not using a critical section anymore to
++ make state changes.
++>>>>>>> c369d66e54... CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+ Security related changes:
+
+diff --git a/posix/glob.c b/posix/glob.c
+index ea4b0b61eb..08f240a1ff 100644
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -856,7 +856,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
+--
+2.14.2
+
diff --git a/glibc/Pkgfile b/glibc/Pkgfile
index f048a094..d69230e5 100644
--- a/glibc/Pkgfile
+++ b/glibc/Pkgfile
@@ -4,12 +4,12 @@
name=glibc
version=2.24
-release=7
+release=9
source=(http://ftpmirror.gnu.org/gnu/glibc/glibc-2.24.tar.xz \
http://crux.nu/files/distfiles/kernel-headers-4.9.5.tar.xz \
$name-2.20-multilib-dirs.patch \
hosts resolv.conf nsswitch.conf host.conf ld.so.conf \
- glibc-2.24-updates.patch)
+ glibc-2.24.8.patch 0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch)
build() {
# install kernel headers
@@ -17,8 +17,9 @@ build() {
cp -r $SRC/kernel-headers-4.9.5/include $PKG/usr
chown root:root $PKG/usr
- patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/glibc-2.24-updates.patch
+ patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/glibc-2.24.8.patch
patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/$name-2.20-multilib-dirs.patch
+ patch -p1 -d $SRC/$name-${version:0:4} -i $SRC/0001-CVE-2017-15670-glob-Fix-one-byte-overflow-BZ-22320.patch
mkdir $SRC/build
cd $SRC/build
diff --git a/glibc/glibc-2.24-updates.patch b/glibc/glibc-2.24.8.patch
similarity index 90%
rename from glibc/glibc-2.24-updates.patch
rename to glibc/glibc-2.24.8.patch
index e6e9084c..4f1db10c 100644
--- a/glibc/glibc-2.24-updates.patch
+++ b/glibc/glibc-2.24.8.patch
@@ -1,8 +1,128 @@
diff --git a/ChangeLog b/ChangeLog
-index c44c926094..24693b184a 100644
+index c44c926094..84189ec762 100644
--- a/ChangeLog
+++ b/ChangeLog
-@@ -1,3 +1,551 @@
+@@ -1,3 +1,685 @@
++2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ * sysdeps/x86_64/Makefile (tests): Add tst-sse, tst-avx and
++ tst-avx512.
++ (test-extras): Add tst-avx-aux and tst-avx512-aux.
++ (extra-test-objs): Add tst-avx-aux.o and tst-avx512-aux.o.
++ (modules-names): Add tst-ssemod, tst-avxmod and tst-avx512mod.
++ ($(objpfx)tst-sse): New rule.
++ ($(objpfx)tst-avx): Likewise.
++ ($(objpfx)tst-avx512): Likewise.
++ (CFLAGS-tst-avx-aux.c): New.
++ (CFLAGS-tst-avxmod.c): Likewise.
++ (CFLAGS-tst-avx512-aux.c): Likewise.
++ (CFLAGS-tst-avx512mod.c): Likewise.
++ * sysdeps/x86_64/tst-avx-aux.c: New file.
++ * sysdeps/x86_64/tst-avx.c: Likewise.
++ * sysdeps/x86_64/tst-avx512-aux.c: Likewise.
++ * sysdeps/x86_64/tst-avx512.c: Likewise.
++ * sysdeps/x86_64/tst-avx512mod.c: Likewise.
++ * sysdeps/x86_64/tst-avxmod.c: Likewise.
++ * sysdeps/x86_64/tst-sse.c: Likewise.
++ * sysdeps/x86_64/tst-ssemod.c: Likewise.
++
++2017-10-19 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ * sysdeps/x86_64/dl-trampoline.h (_dl_runtime_resolve): Don't
++ adjust CFA when allocating register save area on re-aligned
++ stack.
++
++2016-12-21 Joseph Myers <joseph(a)codesourcery.com>
++
++ [BZ #20978]
++ * nis/nss_nisplus/nisplus-alias.c (_nss_nisplus_getaliasbyname_r):
++ Compare name == NULL, not name != NULL.
++
++2016-11-08 Joseph Myers <joseph(a)codesourcery.com>
++
++ [BZ #20790]
++ * sunrpc/rpc_parse.c (get_prog_declaration): Increase buffer size
++ to MAXLINESIZE.
++ * sunrpc/bug20790.x: New file.
++ * sunrpc/Makefile [$(run-built-tests) = yes] (rpcgen-tests): New
++ variable.
++ [$(run-built-tests) = yes] (tests-special): Add $(rpcgen-tests).
++ [$(run-built-tests) = yes] ($(rpcgen-tests)): New rule.
++
++2016-10-14 Steve Ellcey <sellcey(a)caviumnetworks.com>
++
++ * sysdeps/ieee754/dbl-64/e_pow.c (checkint) Make conditions explicitly
++ boolean.
++
++2017-07-19 DJ Delorie <dj(a)delorie.com>
++
++ [BZ #21654]
++ * grp/grp-merge.c (libc_hidden_def): Fix cast-after-dereference.
++
++2017-07-14 DJ Delorie <dj(a)redhat.com>
++
++ [BZ #21654]
++ * grp/grp_merge.c (__copy_grp): Align char** to minimum pointer
++ alignment not char alignment.
++ (__merge_grp): Likewise.
++
++2017-08-06 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #21871]
++ * sysdeps/x86/cpu-features.c (init_cpu_features): Set
++ bit_arch_Use_dl_runtime_resolve_opt only with AVX512F.
++
++2017-02-27 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #21115]
++ * sunrpc/clnt_udp.c (clntudp_call): Free ancillary data later.
++ * sunrpc/Makefile (tests): Add tst-udp-error.
++ (tst-udp-error): Link against libc.so explicitly.
++ * sunrpc/tst-udp-error: New file.
++
++2017-01-24 James Clarke <jrtc27(a)jrtc27.com>
++
++ * sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym: Use new REG_R*
++ constants instead of the old R* ones.
++ * sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym: Likewise.
++ * sysdeps/unix/sysv/linux/sh/sys/ucontext.h (NGPREG): Rename...
++ (NGREG): ... to this, to fit in with other architectures.
++ (gpregset_t): Use new NGREG macro.
++ [__USE_GNU]: Remove condition; all architectures other than tile
++ are unconditional.
++ (R*): Rename to REG_R*.
++
++2017-07-26 H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #21666]
++ * misc/regexp.c (loc1): Add __attribute__ ((nocommon));
++ (loc2): Likewise.
++ (locs): Likewise.
++
++2017-07-12 Szabolcs Nagy <szabolcs.nagy(a)arm.com>
++
++ * sysdeps/aarch64/dl-machine.h (RTLD_START_1): Change _dl_argv to the
++ hidden __GI__dl_argv symbol.
++
++2016-09-05 Aurelien Jarno <aurelien(a)aurel32.net>
++
++ * conform/Makefile (conformtest-header-tests): Pass -I. to $(PERL).
++ (linknamespace-symlists-tests): Likewise.
++ (linknamespace-header-tests): Likewise.
++
++2017-07-06 Florian Weimer <fweimer(a)redhat.com>
++ H.J. Lu <hongjiu.lu(a)intel.com>
++
++ [BZ #21609]
++ * sysdeps/x86_64/Makefile (sysdep-dl-routines): Add tls_get_addr.
++ (gen-as-const-headers): Add rtld-offsets.sym.
++ * sysdeps/x86_64/dl-tls.c: New file.
++ * sysdeps/x86_64/rtld-offsets.sym: Likwise.
++ * sysdeps/x86_64/tls_get_addr.S: Likewise.
++ * sysdeps/x86_64/dl-tls.h: Add multiple inclusion guards.
++ * sysdeps/x86_64/tlsdesc.sym (TI_MODULE_OFFSET): New.
++ (TI_OFFSET_OFFSET): Likwise.
++
+2017-06-14 Florian Weimer <fweimer(a)redhat.com>
+
+ * sysdeps/i386/i686/multiarch/strcspn-c.c: Add IS_IN (libc) guard.
@@ -262,6 +382,20 @@ index c44c926094..24693b184a 100644
+ * sysdeps/x86_64/sysdep.h (JUMPTARGET): Check SHARED instead
+ of PIC.
+
++2016-12-31 Florian Weimer <fweimer(a)redhat.com>
++
++ [BZ #18784]
++ CVE-2015-5180
++ * include/arpa/nameser_compat.h (T_QUERY_A_AND_AAAA): Rename from
++ T_UNSPEC. Adjust value.
++ * resolv/nss_dns/dns-host.c (_nss_dns_gethostbyname4_r): Use it.
++ * resolv/res_query.c (__libc_res_nquery): Likewise.
++ * resolv/res_mkquery.c (res_nmkquery): Check for out-of-range
++ QTYPEs.
++ * resolv/tst-resolv-qtypes.c: New file.
++ * resolv/Makefile (xtests): Add tst-resolv-qtypes.
++ (tst-resolv-qtypes): Link against libresolv and libpthread.
++
+2017-02-02 Siddhesh Poyarekar <siddhesh(a)sourceware.org>
+
+ * sysdeps/generic/unsecvars.h: Add GLIBC_TUNABLES.
@@ -609,10 +743,10 @@ index 03fd89c13e..ee379f5852 100644
ifndef avoid-generated
diff --git a/NEWS b/NEWS
-index b0447e7169..4a042dbe2b 100644
+index b0447e7169..4831542023 100644
--- a/NEWS
+++ b/NEWS
-@@ -5,6 +5,17 @@ See the end for copying conditions.
+@@ -5,6 +5,33 @@ See the end for copying conditions.
Please send GNU C library bug reports via <http://sourceware.org/bugzilla/>
using `glibc' in the "product" field.
@@ -626,6 +760,22 @@ index b0447e7169..4a042dbe2b 100644
+ (denial of service) in some Go applications compiled with gccgo. Reported
+ by Andreas Schwab. (CVE-2016-6323)
+
++* The DNS stub resolver functions would crash due to a NULL pointer
++ dereference when processing a query with a valid DNS question type which
++ was used internally in the implementation. The stub resolver now uses a
++ question type which is outside the range of valid question type values.
++ (CVE-2015-5180)
++
++The following bugs are resolved with this release:
++
++ [20790] Fix rpcgen buffer overrun
++ [20978] Fix strlen on null pointer in nss_nisplus
++ [21209] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs
++ [21289] Fix symbol redirect for fts_set
++ [21386] Assertion in fork for distinct parent PID is incorrect
++ [21609] x86-64: Align the stack in __tls_get_addr
++ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
++ [21654] nss: Fix invalid cast in group merging
+
Version 2.24
@@ -811,10 +961,26 @@ index 33bcd62180..8277d9f727 100644
*) AC_MSG_ERROR([unexpected symbols in test: $libc_undefs]) ;;
esac],
diff --git a/conform/Makefile b/conform/Makefile
-index 32a0937b06..762aac98fc 100644
+index 32a0937b06..7883624c81 100644
--- a/conform/Makefile
+++ b/conform/Makefile
-@@ -229,6 +229,7 @@ $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
+@@ -196,13 +196,13 @@ $(conformtest-header-tests): $(objpfx)%/conform.out: \
+ conformtest.pl $(conformtest-headers-data)
+ (set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
+ mkdir -p $(@D)/scratch; \
+- $(PERL) conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
++ $(PERL) -I. conformtest.pl --tmpdir=$(@D)/scratch --cc='$(CC)' \
+ --flags='$(conformtest-cc-flags)' --standard=$$std \
+ --headers=$$hdr > $@); \
+ $(evaluate-test)
+
+ $(linknamespace-symlists-tests): $(objpfx)symlist-%: list-header-symbols.pl
+- $(PERL) -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
++ $(PERL) -I. -w $< --tmpdir=$(objpfx) --cc='$(CC)' \
+ --flags='$(conformtest-cc-flags)' --standard=$* \
+ --headers="$(strip $(conformtest-headers-$*))" \
+ > $@ 2> $@.err; \
+@@ -229,10 +229,11 @@ $(linknamespace-symlist-stdlibs-tests): $(objpfx)symlist-stdlibs-%: \
$(linknamespace-header-tests): $(objpfx)%/linknamespace.out: \
linknamespace.pl \
@@ -822,6 +988,11 @@ index 32a0937b06..762aac98fc 100644
$(linknamespace-symlist-stdlibs-tests)
(set -e; std_hdr=$*; std=$${std_hdr%%/*}; hdr=$${std_hdr#*/}; \
mkdir -p $(@D)/scratch; \
+- $(PERL) -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
++ $(PERL) -I. -w $< --tmpdir=$(@D)/scratch --cc='$(CC)' \
+ --flags='$(conformtest-cc-flags)' --standard=$$std \
+ --stdsyms=$(objpfx)symlist-$$std --header=$$hdr \
+ --libsyms=$(objpfx)symlist-stdlibs-$$std \
diff --git a/elf/Makefile b/elf/Makefile
index 593403c640..847a012f84 100644
--- a/elf/Makefile
@@ -1421,6 +1592,49 @@ index b10748d185..2552049135 100644
extra-objs += $(foreach o,$(filter-out .os .oS,$(object-suffixes-$(lib))),\
$(patsubst %,%$o,$(filter-out \
$($(lib)-shared-only-routines),\
+diff --git a/grp/grp-merge.c b/grp/grp-merge.c
+index 0a1eb38d2c..5f79755798 100644
+--- a/grp/grp-merge.c
++++ b/grp/grp-merge.c
+@@ -85,6 +85,14 @@ __copy_grp (const struct group srcgrp, const size_t buflen,
+ }
+ members[i] = NULL;
+
++ /* Align for pointers. We can't simply align C because we need to
++ align destbuf[c]. */
++ if ((((uintptr_t)destbuf + c) & (__alignof__(char **) - 1)) != 0)
++ {
++ uintptr_t mis_align = ((uintptr_t)destbuf + c) & (__alignof__(char **) - 1);
++ c += __alignof__(char **) - mis_align;
++ }
++
+ /* Copy the pointers from the members array into the buffer and assign them
+ to the gr_mem member of destgrp. */
+ destgrp->gr_mem = (char **) &destbuf[c];
+@@ -129,7 +137,7 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
+
+ /* Get the count of group members from the last sizeof (size_t) bytes in the
+ mergegrp buffer. */
+- savedmemcount = (size_t) *(savedend - sizeof (size_t));
++ savedmemcount = *(size_t *) (savedend - sizeof (size_t));
+
+ /* Get the count of new members to add. */
+ for (memcount = 0; mergegrp->gr_mem[memcount]; memcount++)
+@@ -168,6 +176,14 @@ __merge_grp (struct group *savedgrp, char *savedbuf, char *savedend,
+ /* Add the NULL-terminator. */
+ members[savedmemcount + memcount] = NULL;
+
++ /* Align for pointers. We can't simply align C because we need to
++ align savedbuf[c]. */
++ if ((((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1)) != 0)
++ {
++ uintptr_t mis_align = ((uintptr_t)savedbuf + c) & (__alignof__(char **) - 1);
++ c += __alignof__(char **) - mis_align;
++ }
++
+ /* Copy the member array back into the buffer after the member list and free
+ the member array. */
+ savedgrp->gr_mem = (char **) &savedbuf[c];
diff --git a/iconv/gconv.h b/iconv/gconv.h
index 8d8ce5813b..a87028047b 100644
--- a/iconv/gconv.h
@@ -1434,6 +1648,22 @@ index 8d8ce5813b..a87028047b 100644
} *__gconv_t;
/* Transliteration using the locale's data. */
+diff --git a/include/arpa/nameser_compat.h b/include/arpa/nameser_compat.h
+index 2e735ede4c..7c0deed9ae 100644
+--- a/include/arpa/nameser_compat.h
++++ b/include/arpa/nameser_compat.h
+@@ -1,8 +1,8 @@
+ #ifndef _ARPA_NAMESER_COMPAT_
+ #include <resolv/arpa/nameser_compat.h>
+
+-/* Picksome unused number to represent lookups of IPv4 and IPv6 (i.e.,
+- T_A and T_AAAA). */
+-#define T_UNSPEC 62321
++/* The number is outside the 16-bit RR type range and is used
++ internally by the implementation. */
++#define T_QUERY_A_AND_AAAA 439963904
+
+ #endif
diff --git a/io/fts.h b/io/fts.h
index 127a0d2721..b6b45206c8 100644
--- a/io/fts.h
@@ -1664,6 +1894,43 @@ index 229783f3b7..4e16593d8b 100644
(void) mutex_unlock (&free_list_lock);
}
+diff --git a/misc/regexp.c b/misc/regexp.c
+index 3b3668272f..b2a2c6e636 100644
+--- a/misc/regexp.c
++++ b/misc/regexp.c
+@@ -29,14 +29,15 @@
+
+ #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_23)
+
+-/* Define the variables used for the interface. */
+-char *loc1;
+-char *loc2;
++/* Define the variables used for the interface. Avoid .symver on common
++ symbol, which just creates a new common symbol, not an alias. */
++char *loc1 __attribute__ ((nocommon));
++char *loc2 __attribute__ ((nocommon));
+ compat_symbol (libc, loc1, loc1, GLIBC_2_0);
+ compat_symbol (libc, loc2, loc2, GLIBC_2_0);
+
+ /* Although we do not support the use we define this variable as well. */
+-char *locs;
++char *locs __attribute__ ((nocommon));
+ compat_symbol (libc, locs, locs, GLIBC_2_0);
+
+
+diff --git a/nis/nss_nisplus/nisplus-alias.c b/nis/nss_nisplus/nisplus-alias.c
+index 7f698b4e6d..cb5acce01d 100644
+--- a/nis/nss_nisplus/nisplus-alias.c
++++ b/nis/nss_nisplus/nisplus-alias.c
+@@ -291,7 +291,7 @@ _nss_nisplus_getaliasbyname_r (const char *name, struct aliasent *alias,
+ return status;
+ }
+
+- if (name != NULL)
++ if (name == NULL)
+ {
+ *errnop = EINVAL;
+ return NSS_STATUS_UNAVAIL;
diff --git a/nptl/Makefile b/nptl/Makefile
index 0d8aadebed..fa925819ca 100644
--- a/nptl/Makefile
@@ -2994,6 +3261,276 @@ index d933f9c92a..7cdb06a611 100644
__execve (buffer, argv, envp);
+diff --git a/resolv/Makefile b/resolv/Makefile
+index 8be41d3ae1..a4c86b9762 100644
+--- a/resolv/Makefile
++++ b/resolv/Makefile
+@@ -40,6 +40,9 @@ ifeq ($(have-thread-library),yes)
+ extra-libs += libanl
+ routines += gai_sigqueue
+ tests += tst-res_hconf_reorder
++
++# This test sends millions of packets and is rather slow.
++xtests += tst-resolv-qtypes
+ endif
+ extra-libs-others = $(extra-libs)
+ libresolv-routines := gethnamaddr res_comp res_debug \
+@@ -117,3 +120,5 @@ tst-leaks2-ENV = MALLOC_TRACE=$(objpfx)tst-leaks2.mtrace
+ $(objpfx)mtrace-tst-leaks2.out: $(objpfx)tst-leaks2.out
+ $(common-objpfx)malloc/mtrace $(objpfx)tst-leaks2.mtrace > $@; \
+ $(evaluate-test)
++
++$(objpfx)tst-resolv-qtypes: $(objpfx)libresolv.so $(shared-thread-library)
+diff --git a/resolv/nss_dns/dns-host.c b/resolv/nss_dns/dns-host.c
+index 5f9e35701b..d16fa4b8ed 100644
+--- a/resolv/nss_dns/dns-host.c
++++ b/resolv/nss_dns/dns-host.c
+@@ -323,7 +323,7 @@ _nss_dns_gethostbyname4_r (const char *name, struct gaih_addrtuple **pat,
+
+ int olderr = errno;
+ enum nss_status status;
+- int n = __libc_res_nsearch (&_res, name, C_IN, T_UNSPEC,
++ int n = __libc_res_nsearch (&_res, name, C_IN, T_QUERY_A_AND_AAAA,
+ host_buffer.buf->buf, 2048, &host_buffer.ptr,
+ &ans2p, &nans2p, &resplen2, &ans2p_malloced);
+ if (n >= 0)
+diff --git a/resolv/res_mkquery.c b/resolv/res_mkquery.c
+index 12f9730199..d80b5318e5 100644
+--- a/resolv/res_mkquery.c
++++ b/resolv/res_mkquery.c
+@@ -103,6 +103,10 @@ res_nmkquery(res_state statp,
+ int n;
+ u_char *dnptrs[20], **dpp, **lastdnptr;
+
++ if (class < 0 || class > 65535
++ || type < 0 || type > 65535)
++ return -1;
++
+ #ifdef DEBUG
+ if (statp->options & RES_DEBUG)
+ printf(";; res_nmkquery(%s, %s, %s, %s)\n",
+diff --git a/resolv/res_query.c b/resolv/res_query.c
+index 944d1a90f5..07dc6f6583 100644
+--- a/resolv/res_query.c
++++ b/resolv/res_query.c
+@@ -122,7 +122,7 @@ __libc_res_nquery(res_state statp,
+ int n, use_malloc = 0;
+ u_int oflags = statp->_flags;
+
+- size_t bufsize = (type == T_UNSPEC ? 2 : 1) * QUERYSIZE;
++ size_t bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * QUERYSIZE;
+ u_char *buf = alloca (bufsize);
+ u_char *query1 = buf;
+ int nquery1 = -1;
+@@ -137,7 +137,7 @@ __libc_res_nquery(res_state statp,
+ printf(";; res_query(%s, %d, %d)\n", name, class, type);
+ #endif
+
+- if (type == T_UNSPEC)
++ if (type == T_QUERY_A_AND_AAAA)
+ {
+ n = res_nmkquery(statp, QUERY, name, class, T_A, NULL, 0, NULL,
+ query1, bufsize);
+@@ -190,7 +190,7 @@ __libc_res_nquery(res_state statp,
+ if (__builtin_expect (n <= 0, 0) && !use_malloc) {
+ /* Retry just in case res_nmkquery failed because of too
+ short buffer. Shouldn't happen. */
+- bufsize = (type == T_UNSPEC ? 2 : 1) * MAXPACKET;
++ bufsize = (type == T_QUERY_A_AND_AAAA ? 2 : 1) * MAXPACKET;
+ buf = malloc (bufsize);
+ if (buf != NULL) {
+ query1 = buf;
+diff --git a/resolv/tst-resolv-qtypes.c b/resolv/tst-resolv-qtypes.c
+new file mode 100644
+index 0000000000..b3e60c693b
+--- /dev/null
++++ b/resolv/tst-resolv-qtypes.c
+@@ -0,0 +1,185 @@
++/* Exercise low-level query functions with different QTYPEs.
++ Copyright (C) 2016 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <resolv.h>
++#include <string.h>
++#include <support/check.h>
++#include <support/check_nss.h>
++#include <support/resolv_test.h>
++#include <support/support.h>
++#include <support/test-driver.h>
++#include <support/xmemstream.h>
++
++/* If ture, the response function will send the actual response packet
++ over TCP instead of UDP. */
++static volatile bool force_tcp;
++
++/* Send back a fake resource record matching the QTYPE. */
++static void
++response (const struct resolv_response_context *ctx,
++ struct resolv_response_builder *b,
++ const char *qname, uint16_t qclass, uint16_t qtype)
++{
++ if (force_tcp && ctx->tcp)
++ {
++ resolv_response_init (b, (struct resolv_response_flags) { .tc = 1 });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ return;
++ }
++
++ resolv_response_init (b, (struct resolv_response_flags) { });
++ resolv_response_add_question (b, qname, qclass, qtype);
++ resolv_response_section (b, ns_s_an);
++ resolv_response_open_record (b, qname, qclass, qtype, 0);
++ resolv_response_add_data (b, &qtype, sizeof (qtype));
++ resolv_response_close_record (b);
++}
++
++static const const char *domain = "www.example.com";
++
++static int
++wrap_res_query (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_search (int type, unsigned char *answer, int answer_length)
++{
++ return res_query (domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_querydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_querydomain ("www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_send (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_mkquery (QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_send (buf, ret, answer, answer_length);
++}
++
++static int
++wrap_res_nquery (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nsearch (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquery (&_res, domain, C_IN, type, answer, answer_length);
++}
++
++static int
++wrap_res_nquerydomain (int type, unsigned char *answer, int answer_length)
++{
++ return res_nquerydomain (&_res, "www", "example.com", C_IN, type,
++ answer, answer_length);
++}
++
++static int
++wrap_res_nsend (int type, unsigned char *answer, int answer_length)
++{
++ unsigned char buf[512];
++ int ret = res_nmkquery (&_res, QUERY, domain, C_IN, type,
++ (const unsigned char *) "", 0, NULL,
++ buf, sizeof (buf));
++ if (type < 0 || type >= 65536)
++ {
++ /* res_mkquery fails for out-of-range record types. */
++ TEST_VERIFY_EXIT (ret == -1);
++ return -1;
++ }
++ TEST_VERIFY_EXIT (ret > 12); /* DNS header length. */
++ return res_nsend (&_res, buf, ret, answer, answer_length);
++}
++
++static void
++test_function (const char *fname,
++ int (*func) (int type,
++ unsigned char *answer, int answer_length))
++{
++ unsigned char buf[512];
++ for (int tcp = 0; tcp < 2; ++tcp)
++ {
++ force_tcp = tcp;
++ for (unsigned int type = 1; type <= 65535; ++type)
++ {
++ if (test_verbose)
++ printf ("info: sending QTYPE %d with %s (tcp=%d)\n",
++ type, fname, tcp);
++ int ret = func (type, buf, sizeof (buf));
++ if (ret != 47)
++ FAIL_EXIT1 ("%s tcp=%d qtype=%d return value %d",
++ fname,tcp, type, ret);
++ /* One question, one answer record. */
++ TEST_VERIFY (memcmp (buf + 4, "\0\1\0\1\0\0\0\0", 8) == 0);
++ /* Question section. */
++ static const char qname[] = "\3www\7example\3com";
++ size_t qname_length = sizeof (qname);
++ TEST_VERIFY (memcmp (buf + 12, qname, qname_length) == 0);
++ /* RDATA part of answer. */
++ uint16_t type16 = type;
++ TEST_VERIFY (memcmp (buf + ret - 2, &type16, sizeof (type16)) == 0);
++ }
++ }
++
++ TEST_VERIFY (func (-1, buf, sizeof (buf) == -1));
++ TEST_VERIFY (func (65536, buf, sizeof (buf) == -1));
++}
++
++static int
++do_test (void)
++{
++ struct resolv_redirect_config config =
++ {
++ .response_callback = response,
++ };
++ struct resolv_test *obj = resolv_test_start (config);
++
++ test_function ("res_query", &wrap_res_query);
++ test_function ("res_search", &wrap_res_search);
++ test_function ("res_querydomain", &wrap_res_querydomain);
++ test_function ("res_send", &wrap_res_send);
++
++ test_function ("res_nquery", &wrap_res_nquery);
++ test_function ("res_nsearch", &wrap_res_nsearch);
++ test_function ("res_nquerydomain", &wrap_res_nquerydomain);
++ test_function ("res_nsend", &wrap_res_nsend);
++
++ resolv_test_end (obj);
++ return 0;
++}
++
++#define TIMEOUT 300
++#include <support/test-driver.c>
diff --git a/scripts/backport-support.sh b/scripts/backport-support.sh
new file mode 100644
index 0000000000..2ece7ce575
@@ -3110,6 +3647,151 @@ index 0000000000..2ece7ce575
+}
+
+command_$command
+diff --git a/sunrpc/Makefile b/sunrpc/Makefile
+index 789ef423e5..1e91905011 100644
+--- a/sunrpc/Makefile
++++ b/sunrpc/Makefile
+@@ -96,13 +96,18 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_cout.o rpc_parse.o \
+ extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
+ others += rpcgen
+
+-tests = tst-xdrmem tst-xdrmem2 test-rpcent
++tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-udp-error
+ xtests := tst-getmyaddr
+
+ ifeq ($(have-thread-library),yes)
+ xtests += thrsvc
+ endif
+
++ifeq ($(run-built-tests),yes)
++rpcgen-tests := $(objpfx)bug20790.out
++tests-special += $(rpcgen-tests)
++endif
++
+ headers += $(rpcsvc:%.x=rpcsvc/%.h)
+ extra-libs := librpcsvc
+ extra-libs-others := librpcsvc # Make it in `others' pass, not `lib' pass.
+@@ -153,6 +158,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
+ $(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
++$(objpfx)tst-udp-error: $(common-objpfx)linkobj/libc.so
+
+ $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
+
+@@ -225,3 +231,9 @@ endif
+ endif
+
+ $(objpfx)thrsvc: $(common-objpfx)linkobj/libc.so $(shared-thread-library)
++
++ifeq ($(run-built-tests),yes)
++$(rpcgen-tests): $(objpfx)%.out: %.x $(objpfx)rpcgen
++ $(built-program-cmd) -c $< -o $@; \
++ $(evaluate-test)
++endif
+diff --git a/sunrpc/bug20790.x b/sunrpc/bug20790.x
+new file mode 100644
+index 0000000000..a00c9b3830
+--- /dev/null
++++ b/sunrpc/bug20790.x
+@@ -0,0 +1 @@
++program TPROG { version TVERS { int FUNC(int aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa) = 1; } = 1; } = 1;
+diff --git a/sunrpc/clnt_udp.c b/sunrpc/clnt_udp.c
+index 4d9acb1e6a..1de25cb771 100644
+--- a/sunrpc/clnt_udp.c
++++ b/sunrpc/clnt_udp.c
+@@ -421,9 +421,9 @@ send_again:
+ cmsg = CMSG_NXTHDR (&msg, cmsg))
+ if (cmsg->cmsg_level == SOL_IP && cmsg->cmsg_type == IP_RECVERR)
+ {
+- free (cbuf);
+ e = (struct sock_extended_err *) CMSG_DATA(cmsg);
+ cu->cu_error.re_errno = e->ee_errno;
++ free (cbuf);
+ return (cu->cu_error.re_status = RPC_CANTRECV);
+ }
+ free (cbuf);
+diff --git a/sunrpc/rpc_parse.c b/sunrpc/rpc_parse.c
+index 1a1df6d8c2..505a6554cf 100644
+--- a/sunrpc/rpc_parse.c
++++ b/sunrpc/rpc_parse.c
+@@ -521,7 +521,7 @@ static void
+ get_prog_declaration (declaration * dec, defkind dkind, int num /* arg number */ )
+ {
+ token tok;
+- char name[10]; /* argument name */
++ char name[MAXLINESIZE]; /* argument name */
+
+ if (dkind == DEF_PROGRAM)
+ {
+diff --git a/sunrpc/tst-udp-error.c b/sunrpc/tst-udp-error.c
+new file mode 100644
+index 0000000000..1efc02f5c6
+--- /dev/null
++++ b/sunrpc/tst-udp-error.c
+@@ -0,0 +1,62 @@
++/* Check for use-after-free in clntudp_call (bug 21115).
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <netinet/in.h>
++#include <rpc/clnt.h>
++#include <rpc/svc.h>
++#include <support/check.h>
++#include <support/namespace.h>
++#include <support/xsocket.h>
++#include <unistd.h>
++
++static int
++do_test (void)
++{
++ support_become_root ();
++ support_enter_network_namespace ();
++
++ /* Obtain a likely-unused port number. */
++ struct sockaddr_in sin =
++ {
++ .sin_family = AF_INET,
++ .sin_addr.s_addr = htonl (INADDR_LOOPBACK),
++ };
++ {
++ int fd = xsocket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
++ xbind (fd, (struct sockaddr *) &sin, sizeof (sin));
++ socklen_t sinlen = sizeof (sin);
++ xgetsockname (fd, (struct sockaddr *) &sin, &sinlen);
++ /* Close the socket, so that we will receive an error below. */
++ close (fd);
++ }
++
++ int sock = RPC_ANYSOCK;
++ CLIENT *clnt = clntudp_create
++ (&sin, 1, 2, (struct timeval) { 1, 0 }, &sock);
++ TEST_VERIFY_EXIT (clnt != NULL);
++ TEST_VERIFY (clnt_call (clnt, 3,
++ (xdrproc_t) xdr_void, NULL,
++ (xdrproc_t) xdr_void, NULL,
++ ((struct timeval) { 3, 0 }))
++ == RPC_CANTRECV);
++ clnt_destroy (clnt);
++
++ return 0;
++}
++
++#include <support/test-driver.c>
diff --git a/support/Makefile b/support/Makefile
new file mode 100644
index 0000000000..20b0343ade
@@ -11073,6 +11755,21 @@ index 0000000000..134e8ee4c1
+ p += ret;
+ }
+}
+diff --git a/sysdeps/aarch64/dl-machine.h b/sysdeps/aarch64/dl-machine.h
+index 282805e396..e86d8b5b63 100644
+--- a/sysdeps/aarch64/dl-machine.h
++++ b/sysdeps/aarch64/dl-machine.h
+@@ -172,8 +172,8 @@ _dl_start_user: \n\
+ cmp x0, #0 \n\
+ bne 1b \n\
+ // Update _dl_argv \n\
+- adrp x3, _dl_argv \n\
+- str x2, [x3, #:lo12:_dl_argv] \n\
++ adrp x3, __GI__dl_argv \n\
++ str x2, [x3, #:lo12:__GI__dl_argv] \n\
+ .L_done_stack_adjust: \n\
+ // compute envp \n\
+ add x3, x2, x1, lsl #3 \n\
diff --git a/sysdeps/aarch64/nptl/tcb-offsets.sym b/sysdeps/aarch64/nptl/tcb-offsets.sym
index 0677aeabff..238647dd47 100644
--- a/sysdeps/aarch64/nptl/tcb-offsets.sym
@@ -11401,6 +12098,30 @@ index e1707ab1c8..b01f712be2 100644
TID offsetof (struct pthread, tid) - TLS_PRE_TCB_SIZE
MULTIPLE_THREADS_OFFSET offsetof (struct pthread, header.multiple_threads) - TLS_PRE_TCB_SIZE
SYSINFO_OFFSET offsetof (tcbhead_t, __private)
+diff --git a/sysdeps/ieee754/dbl-64/e_pow.c b/sysdeps/ieee754/dbl-64/e_pow.c
+index 663fa392c2..bd758b5979 100644
+--- a/sysdeps/ieee754/dbl-64/e_pow.c
++++ b/sysdeps/ieee754/dbl-64/e_pow.c
+@@ -466,15 +466,15 @@ checkint (double x)
+ return (n & 1) ? -1 : 1; /* odd or even */
+ if (k > 20)
+ {
+- if (n << (k - 20))
++ if (n << (k - 20) != 0)
+ return 0; /* if not integer */
+- return (n << (k - 21)) ? -1 : 1;
++ return (n << (k - 21) != 0) ? -1 : 1;
+ }
+ if (n)
+ return 0; /*if not integer */
+ if (k == 20)
+ return (m & 1) ? -1 : 1;
+- if (m << (k + 12))
++ if (m << (k + 12) != 0)
+ return 0;
+- return (m << (k + 11)) ? -1 : 1;
++ return (m << (k + 11) != 0) ? -1 : 1;
+ }
diff --git a/sysdeps/m68k/m680x0/m68020/atomic-machine.h b/sysdeps/m68k/m680x0/m68020/atomic-machine.h
index 24bc5c5ef7..65965cca9e 100644
--- a/sysdeps/m68k/m680x0/m68020/atomic-machine.h
@@ -13626,6 +14347,180 @@ index 391ed5e17b..0000000000
- offset. */
-#define __ALIGNMENT_ARG
-#include <sysdeps/unix/sysv/linux/pwrite.c>
+diff --git a/sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym b/sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym
+index 17397c5511..25f914a93b 100644
+--- a/sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym
++++ b/sysdeps/unix/sysv/linux/sh/sh3/ucontext_i.sym
+@@ -13,22 +13,22 @@ SIG_SETMASK
+ oLINK ucontext (uc_link)
+ oSS_SP ucontext (uc_stack.ss_sp)
+ oSS_SIZE ucontext (uc_stack.ss_size)
+-oR0 mcontext (gregs[R0])
+-oR1 mcontext (gregs[R1])
+-oR2 mcontext (gregs[R2])
+-oR3 mcontext (gregs[R3])
+-oR4 mcontext (gregs[R4])
+-oR5 mcontext (gregs[R5])
+-oR6 mcontext (gregs[R6])
+-oR7 mcontext (gregs[R7])
+-oR8 mcontext (gregs[R8])
+-oR9 mcontext (gregs[R9])
+-oR10 mcontext (gregs[R10])
+-oR11 mcontext (gregs[R11])
+-oR12 mcontext (gregs[R12])
+-oR13 mcontext (gregs[R13])
+-oR14 mcontext (gregs[R14])
+-oR15 mcontext (gregs[R15])
++oR0 mcontext (gregs[REG_R0])
++oR1 mcontext (gregs[REG_R1])
++oR2 mcontext (gregs[REG_R2])
++oR3 mcontext (gregs[REG_R3])
++oR4 mcontext (gregs[REG_R4])
++oR5 mcontext (gregs[REG_R5])
++oR6 mcontext (gregs[REG_R6])
++oR7 mcontext (gregs[REG_R7])
++oR8 mcontext (gregs[REG_R8])
++oR9 mcontext (gregs[REG_R9])
++oR10 mcontext (gregs[REG_R10])
++oR11 mcontext (gregs[REG_R11])
++oR12 mcontext (gregs[REG_R12])
++oR13 mcontext (gregs[REG_R13])
++oR14 mcontext (gregs[REG_R14])
++oR15 mcontext (gregs[REG_R15])
+ oPC mcontext (pc)
+ oPR mcontext (pr)
+ oSR mcontext (sr)
+diff --git a/sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym b/sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym
+index 65633fbcf4..130f60cd96 100644
+--- a/sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym
++++ b/sysdeps/unix/sysv/linux/sh/sh4/ucontext_i.sym
+@@ -13,22 +13,22 @@ SIG_SETMASK
+ oLINK ucontext (uc_link)
+ oSS_SP ucontext (uc_stack.ss_sp)
+ oSS_SIZE ucontext (uc_stack.ss_size)
+-oR0 mcontext (gregs[R0])
+-oR1 mcontext (gregs[R1])
+-oR2 mcontext (gregs[R2])
+-oR3 mcontext (gregs[R3])
+-oR4 mcontext (gregs[R4])
+-oR5 mcontext (gregs[R5])
+-oR6 mcontext (gregs[R6])
+-oR7 mcontext (gregs[R7])
+-oR8 mcontext (gregs[R8])
+-oR9 mcontext (gregs[R9])
+-oR10 mcontext (gregs[R10])
+-oR11 mcontext (gregs[R11])
+-oR12 mcontext (gregs[R12])
+-oR13 mcontext (gregs[R13])
+-oR14 mcontext (gregs[R14])
+-oR15 mcontext (gregs[R15])
++oR0 mcontext (gregs[REG_R0])
++oR1 mcontext (gregs[REG_R1])
++oR2 mcontext (gregs[REG_R2])
++oR3 mcontext (gregs[REG_R3])
++oR4 mcontext (gregs[REG_R4])
++oR5 mcontext (gregs[REG_R5])
++oR6 mcontext (gregs[REG_R6])
++oR7 mcontext (gregs[REG_R7])
++oR8 mcontext (gregs[REG_R8])
++oR9 mcontext (gregs[REG_R9])
++oR10 mcontext (gregs[REG_R10])
++oR11 mcontext (gregs[REG_R11])
++oR12 mcontext (gregs[REG_R12])
++oR13 mcontext (gregs[REG_R13])
++oR14 mcontext (gregs[REG_R14])
++oR15 mcontext (gregs[REG_R15])
+ oPC mcontext (pc)
+ oPR mcontext (pr)
+ oSR mcontext (sr)
+diff --git a/sysdeps/unix/sysv/linux/sh/sys/ucontext.h b/sysdeps/unix/sysv/linux/sh/sys/ucontext.h
+index ab9a7e66bf..037fbb73e8 100644
+--- a/sysdeps/unix/sysv/linux/sh/sys/ucontext.h
++++ b/sysdeps/unix/sysv/linux/sh/sys/ucontext.h
+@@ -31,49 +31,47 @@
+ typedef int greg_t;
+
+ /* Number of general registers. */
+-#define NGPREG 16
++#define NGREG 16
+
+ /* Container for all general registers. */
+-typedef greg_t gregset_t[NGPREG];
++typedef greg_t gregset_t[NGREG];
+
+-#ifdef __USE_GNU
+ /* Number of each register is the `gregset_t' array. */
+ enum
+ {
+- R0 = 0,
+-#define R0 R0
+- R1 = 1,
+-#define R1 R1
+- R2 = 2,
+-#define R2 R2
+- R3 = 3,
+-#define R3 R3
+- R4 = 4,
+-#define R4 R4
+- R5 = 5,
+-#define R5 R5
+- R6 = 6,
+-#define R6 R6
+- R7 = 7,
+-#define R7 R7
+- R8 = 8,
+-#define R8 R8
+- R9 = 9,
+-#define R9 R9
+- R10 = 10,
+-#define R10 R10
+- R11 = 11,
+-#define R11 R11
+- R12 = 12,
+-#define R12 R12
+- R13 = 13,
+-#define R13 R13
+- R14 = 14,
+-#define R14 R14
+- R15 = 15,
+-#define R15 R15
++ REG_R0 = 0,
++#define REG_R0 REG_R0
++ REG_R1 = 1,
++#define REG_R1 REG_R1
++ REG_R2 = 2,
++#define REG_R2 REG_R2
++ REG_R3 = 3,
++#define REG_R3 REG_R3
++ REG_R4 = 4,
++#define REG_R4 REG_R4
++ REG_R5 = 5,
++#define REG_R5 REG_R5
++ REG_R6 = 6,
++#define REG_R6 REG_R6
++ REG_R7 = 7,
++#define REG_R7 REG_R7
++ REG_R8 = 8,
++#define REG_R8 REG_R8
++ REG_R9 = 9,
++#define REG_R9 REG_R9
++ REG_R10 = 10,
++#define REG_R10 REG_R10
++ REG_R11 = 11,
++#define REG_R11 REG_R11
++ REG_R12 = 12,
++#define REG_R12 REG_R12
++ REG_R13 = 13,
++#define REG_R13 REG_R13
++ REG_R14 = 14,
++#define REG_R14 REG_R14
++ REG_R15 = 15,
++#define REG_R15 REG_R15
+ };
+-#endif
+
+ #if (defined(__SH4__) || defined(__SH4A__))
+ typedef int freg_t;
diff --git a/sysdeps/unix/sysv/linux/sh/vfork.S b/sysdeps/unix/sysv/linux/sh/vfork.S
index 6895bc5491..df559cb439 100644
--- a/sysdeps/unix/sysv/linux/sh/vfork.S
@@ -13933,10 +14828,11 @@ diff --git a/sysdeps/unix/sysv/linux/tile/vfork.S b/sysdeps/unix/sysv/linux/tile
index d8c5ce3e24..2272777187 100644
--- a/sysdeps/unix/sysv/linux/tile/vfork.S
+++ b/sysdeps/unix/sysv/linux/tile/vfork.S
-@@ -30,18 +30,6 @@
+@@ -29,18 +29,6 @@
+
.text
ENTRY (__vfork)
- {
+- {
- addli r11, tp, PID_OFFSET /* Point at PID. */
- movei r13, 1
- }
@@ -13948,10 +14844,9 @@ index d8c5ce3e24..2272777187 100644
- CMOVEQZ r12, r12, r13 /* Replace zero pids. */
- ST4 r11, r12 /* Store the temporary PID. */
-
-- {
+ {
moveli r0, CLONE_VFORK | CLONE_VM | SIGCHLD
move r1, zero
- }
@@ -52,22 +40,6 @@ ENTRY (__vfork)
moveli TREG_SYSCALL_NR_NAME, __NR_clone
swint1
@@ -14214,7 +15109,7 @@ index 8332ade9fb..cdd2dea32a 100644
jae SYSCALL_ERROR_LABEL /* Branch forward if it failed. */
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
-index 9ce4b495a5..d1ee922290 100644
+index 9ce4b495a5..508ad2ae7b 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -133,8 +133,6 @@ init_cpu_features (struct cpu_features *cpu_features)
@@ -14226,7 +15121,7 @@ index 9ce4b495a5..d1ee922290 100644
case 0x5c:
case 0x5f:
-@@ -205,6 +203,30 @@ init_cpu_features (struct cpu_features *cpu_features)
+@@ -205,6 +203,33 @@ init_cpu_features (struct cpu_features *cpu_features)
if (CPU_FEATURES_ARCH_P (cpu_features, AVX2_Usable))
cpu_features->feature[index_arch_AVX_Fast_Unaligned_Load]
|= bit_arch_AVX_Fast_Unaligned_Load;
@@ -14242,10 +15137,13 @@ index 9ce4b495a5..d1ee922290 100644
+ |= bit_arch_Prefer_No_AVX512;
+
+ /* To avoid SSE transition penalty, use _dl_runtime_resolve_slow.
-+ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt. */
++ If XGETBV suports ECX == 1, use _dl_runtime_resolve_opt.
++ Use _dl_runtime_resolve_opt only with AVX512F since it is
++ slower than _dl_runtime_resolve_slow with AVX. */
+ cpu_features->feature[index_arch_Use_dl_runtime_resolve_slow]
+ |= bit_arch_Use_dl_runtime_resolve_slow;
-+ if (cpu_features->max_cpuid >= 0xd)
++ if (CPU_FEATURES_ARCH_P (cpu_features, AVX512F_Usable)
++ && cpu_features->max_cpuid >= 0xd)
+ {
+ unsigned int eax;
+
@@ -14327,6 +15225,76 @@ index 97ffe765f4..2609ac0999 100644
#endif /* !__ASSEMBLER__ */
+diff --git a/sysdeps/x86_64/Makefile b/sysdeps/x86_64/Makefile
+index 6d99284cd0..cc990a9685 100644
+--- a/sysdeps/x86_64/Makefile
++++ b/sysdeps/x86_64/Makefile
+@@ -27,7 +27,7 @@ ifeq ($(subdir),elf)
+ CFLAGS-.os += $(if $(filter $(@F),$(patsubst %,%.os,$(all-rtld-routines))),\
+ -mno-mmx)
+
+-sysdep-dl-routines += tlsdesc dl-tlsdesc
++sysdep-dl-routines += tlsdesc dl-tlsdesc tls_get_addr
+
+ tests += ifuncmain8
+ modules-names += ifuncmod8
+@@ -49,9 +49,12 @@ extra-test-objs += tst-quadmod1pie.o tst-quadmod2pie.o
+ $(objpfx)tst-quad1pie: $(objpfx)tst-quadmod1pie.o
+ $(objpfx)tst-quad2pie: $(objpfx)tst-quadmod2pie.o
+
+-tests += tst-audit3 tst-audit4 tst-audit5 tst-audit6 tst-audit7 tst-audit10
+-test-extras += tst-audit4-aux tst-audit10-aux
+-extra-test-objs += tst-audit4-aux.o tst-audit10-aux.o
++tests += tst-audit3 tst-audit4 tst-audit5 tst-audit6 tst-audit7 \
++ tst-audit10 tst-sse tst-avx tst-avx512
++test-extras += tst-audit4-aux tst-audit10-aux \
++ tst-avx-aux tst-avx512-aux
++extra-test-objs += tst-audit4-aux.o tst-audit10-aux.o \
++ tst-avx-aux.o tst-avx512-aux.o
+
+ tests += tst-split-dynreloc
+ LDFLAGS-tst-split-dynreloc = -Wl,-T,$(..)sysdeps/x86_64/tst-split-dynreloc.lds
+@@ -62,7 +65,8 @@ modules-names += tst-auditmod3a tst-auditmod3b \
+ tst-auditmod5a tst-auditmod5b \
+ tst-auditmod6a tst-auditmod6b tst-auditmod6c \
+ tst-auditmod7a tst-auditmod7b \
+- tst-auditmod10a tst-auditmod10b
++ tst-auditmod10a tst-auditmod10b \
++ tst-ssemod tst-avxmod tst-avx512mod
+
+ $(objpfx)tst-audit3: $(objpfx)tst-auditmod3a.so
+ $(objpfx)tst-audit3.out: $(objpfx)tst-auditmod3b.so
+@@ -89,6 +93,10 @@ $(objpfx)tst-audit10: $(objpfx)tst-audit10-aux.o $(objpfx)tst-auditmod10a.so
+ $(objpfx)tst-audit10.out: $(objpfx)tst-auditmod10b.so
+ tst-audit10-ENV = LD_AUDIT=$(objpfx)tst-auditmod10b.so
+
++$(objpfx)tst-sse: $(objpfx)tst-ssemod.so
++$(objpfx)tst-avx: $(objpfx)tst-avx-aux.o $(objpfx)tst-avxmod.so
++$(objpfx)tst-avx512: $(objpfx)tst-avx512-aux.o $(objpfx)tst-avx512mod.so
++
+ AVX-CFLAGS=-mavx -mno-vzeroupper
+ CFLAGS-tst-audit4-aux.c += $(AVX-CFLAGS)
+ CFLAGS-tst-auditmod4a.c += $(AVX-CFLAGS)
+@@ -96,14 +104,18 @@ CFLAGS-tst-auditmod4b.c += $(AVX-CFLAGS)
+ CFLAGS-tst-auditmod6b.c += $(AVX-CFLAGS)
+ CFLAGS-tst-auditmod6c.c += $(AVX-CFLAGS)
+ CFLAGS-tst-auditmod7b.c += $(AVX-CFLAGS)
++CFLAGS-tst-avx-aux.c += $(AVX-CFLAGS)
++CFLAGS-tst-avxmod.c += $(AVX-CFLAGS)
+ ifeq (yes,$(config-cflags-avx512))
+ AVX512-CFLAGS = -mavx512f
+ CFLAGS-tst-audit10-aux.c += $(AVX512-CFLAGS)
+ CFLAGS-tst-auditmod10a.c += $(AVX512-CFLAGS)
+ CFLAGS-tst-auditmod10b.c += $(AVX512-CFLAGS)
++CFLAGS-tst-avx512-aux.c += $(AVX512-CFLAGS)
++CFLAGS-tst-avx512mod.c += $(AVX512-CFLAGS)
+ endif
+ endif
+
+ ifeq ($(subdir),csu)
+-gen-as-const-headers += tlsdesc.sym
++gen-as-const-headers += tlsdesc.sym rtld-offsets.sym
+ endif
diff --git a/sysdeps/x86_64/dl-machine.h b/sysdeps/x86_64/dl-machine.h
index ed0c1a8efd..c0f0fa16a2 100644
--- a/sysdeps/x86_64/dl-machine.h
@@ -14371,6 +15339,85 @@ index ed0c1a8efd..c0f0fa16a2 100644
else
*(ElfW(Addr) *) (got + 2) = (ElfW(Addr)) &_dl_runtime_resolve_sse;
}
+diff --git a/sysdeps/x86_64/dl-tls.c b/sysdeps/x86_64/dl-tls.c
+new file mode 100644
+index 0000000000..3584805c8e
+--- /dev/null
++++ b/sysdeps/x86_64/dl-tls.c
+@@ -0,0 +1,53 @@
++/* Thread-local storage handling in the ELF dynamic linker. x86-64 version.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifdef SHARED
++/* Work around GCC PR58066, due to which __tls_get_addr may be called
++ with an unaligned stack. The compat implementation is in
++ tls_get_addr-compat.S. */
++
++# include <dl-tls.h>
++
++/* Define __tls_get_addr within elf/dl-tls.c under a different
++ name. */
++extern __typeof__ (__tls_get_addr) ___tls_get_addr;
++
++# define __tls_get_addr ___tls_get_addr
++# include <elf/dl-tls.c>
++# undef __tls_get_addr
++
++hidden_ver (___tls_get_addr, __tls_get_addr)
++
++/* Only handle slow paths for __tls_get_addr. */
++attribute_hidden
++void *
++__tls_get_addr_slow (GET_ADDR_ARGS)
++{
++ dtv_t *dtv = THREAD_DTV ();
++
++ if (__glibc_unlikely (dtv[0].counter != GL(dl_tls_generation)))
++ return update_get_addr (GET_ADDR_PARAM);
++
++ return tls_get_addr_tail (GET_ADDR_PARAM, dtv, NULL);
++}
++#else
++
++/* No compatibility symbol needed. */
++# include <elf/dl-tls.c>
++
++#endif
+diff --git a/sysdeps/x86_64/dl-tls.h b/sysdeps/x86_64/dl-tls.h
+index cf6c107f54..fa5bf6cd93 100644
+--- a/sysdeps/x86_64/dl-tls.h
++++ b/sysdeps/x86_64/dl-tls.h
+@@ -16,6 +16,9 @@
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+
++#ifndef _X86_64_DL_TLS_H
++#define _X86_64_DL_TLS_H
++
+ #include <stdint.h>
+
+ /* Type used for the representation of TLS information in the GOT. */
+@@ -27,3 +30,5 @@ typedef struct dl_tls_index
+
+
+ extern void *__tls_get_addr (tls_index *ti);
++
++#endif /* _X86_64_DL_TLS_H */
diff --git a/sysdeps/x86_64/dl-trampoline.S b/sysdeps/x86_64/dl-trampoline.S
index 12f1a5cf84..50b23633e3 100644
--- a/sysdeps/x86_64/dl-trampoline.S
@@ -14416,7 +15463,7 @@ index 12f1a5cf84..50b23633e3 100644
+#define _dl_runtime_resolve_opt _dl_runtime_resolve_avx512_opt
+#include "dl-trampoline.h"
diff --git a/sysdeps/x86_64/dl-trampoline.h b/sysdeps/x86_64/dl-trampoline.h
-index b90836ab13..32ad3af202 100644
+index b90836ab13..d21c5a987a 100644
--- a/sysdeps/x86_64/dl-trampoline.h
+++ b/sysdeps/x86_64/dl-trampoline.h
@@ -50,6 +50,106 @@
@@ -14526,7 +15573,17 @@ index b90836ab13..32ad3af202 100644
.globl _dl_runtime_resolve
.hidden _dl_runtime_resolve
.type _dl_runtime_resolve, @function
-@@ -162,7 +262,10 @@ _dl_runtime_resolve:
+@@ -69,7 +169,9 @@ _dl_runtime_resolve:
+ and $-VEC_SIZE, %RSP_LP
+ #endif
+ sub $REGISTER_SAVE_AREA, %RSP_LP
++#if !DL_RUNTIME_RESOLVE_REALIGN_STACK
+ cfi_adjust_cfa_offset(REGISTER_SAVE_AREA)
++#endif
+ # Preserve registers otherwise clobbered.
+ movq %rax, REGISTER_SAVE_RAX(%rsp)
+ movq %rcx, REGISTER_SAVE_RCX(%rsp)
+@@ -162,7 +264,10 @@ _dl_runtime_resolve:
.size _dl_runtime_resolve, .-_dl_runtime_resolve
@@ -14680,6 +15737,18 @@ index aeb752673a..8a25c482cb 100644
CANCELHANDLING offsetof (struct pthread, cancelhandling)
CLEANUP_JMP_BUF offsetof (struct pthread, cleanup_jmp_buf)
CLEANUP offsetof (struct pthread, cleanup)
+diff --git a/sysdeps/x86_64/rtld-offsets.sym b/sysdeps/x86_64/rtld-offsets.sym
+new file mode 100644
+index 0000000000..fd41b51521
+--- /dev/null
++++ b/sysdeps/x86_64/rtld-offsets.sym
+@@ -0,0 +1,6 @@
++#define SHARED
++#include <ldsodefs.h>
++
++--
++
++GL_TLS_GENERATION_OFFSET offsetof (struct rtld_global, _dl_tls_generation)
diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h
index 75ac747be8..4b67fa80c1 100644
--- a/sysdeps/x86_64/sysdep.h
@@ -14700,3 +15769,518 @@ index 75ac747be8..4b67fa80c1 100644
# define JUMPTARGET(name) name
#endif
+diff --git a/sysdeps/x86_64/tls_get_addr.S b/sysdeps/x86_64/tls_get_addr.S
+new file mode 100644
+index 0000000000..9d38fb3be5
+--- /dev/null
++++ b/sysdeps/x86_64/tls_get_addr.S
+@@ -0,0 +1,61 @@
++/* Stack-aligning implementation of __tls_get_addr. x86-64 version.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifdef SHARED
++
++# include <sysdep.h>
++# include "tlsdesc.h"
++# include "rtld-offsets.h"
++
++/* See __tls_get_addr and __tls_get_addr_slow in dl-tls.c. This function
++ call __tls_get_addr_slow on both slow paths. It realigns the stack
++ before the call to work around GCC PR58066. */
++
++ENTRY (__tls_get_addr)
++ mov %fs:DTV_OFFSET, %RDX_LP
++ mov GL_TLS_GENERATION_OFFSET+_rtld_local(%rip), %RAX_LP
++ /* GL(dl_tls_generation) == dtv[0].counter */
++ cmp %RAX_LP, (%rdx)
++ jne 1f
++ mov TI_MODULE_OFFSET(%rdi), %RAX_LP
++ /* dtv[ti->ti_module] */
++# ifdef __LP64__
++ salq $4, %rax
++ movq (%rdx,%rax), %rax
++# else
++ movl (%rdx,%rax, 8), %eax
++# endif
++ cmp $-1, %RAX_LP
++ je 1f
++ add TI_OFFSET_OFFSET(%rdi), %RAX_LP
++ ret
++1:
++ /* On the slow path, align the stack. */
++ pushq %rbp
++ cfi_def_cfa_offset (16)
++ cfi_offset (%rbp, -16)
++ mov %RSP_LP, %RBP_LP
++ cfi_def_cfa_register (%rbp)
++ and $-16, %RSP_LP
++ call __tls_get_addr_slow
++ mov %RBP_LP, %RSP_LP
++ popq %rbp
++ cfi_def_cfa (%rsp, 8)
++ ret
++END (__tls_get_addr)
++#endif /* SHARED */
+diff --git a/sysdeps/x86_64/tlsdesc.sym b/sysdeps/x86_64/tlsdesc.sym
+index 33854975d0..fc897ab4b5 100644
+--- a/sysdeps/x86_64/tlsdesc.sym
++++ b/sysdeps/x86_64/tlsdesc.sym
+@@ -15,3 +15,6 @@ TLSDESC_ARG offsetof(struct tlsdesc, arg)
+ TLSDESC_GEN_COUNT offsetof(struct tlsdesc_dynamic_arg, gen_count)
+ TLSDESC_MODID offsetof(struct tlsdesc_dynamic_arg, tlsinfo.ti_module)
+ TLSDESC_MODOFF offsetof(struct tlsdesc_dynamic_arg, tlsinfo.ti_offset)
++
++TI_MODULE_OFFSET offsetof(tls_index, ti_module)
++TI_OFFSET_OFFSET offsetof(tls_index, ti_offset)
+diff --git a/sysdeps/x86_64/tst-avx-aux.c b/sysdeps/x86_64/tst-avx-aux.c
+new file mode 100644
+index 0000000000..e3807de7bb
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avx-aux.c
+@@ -0,0 +1,47 @@
++/* Test case for preserved AVX registers in dynamic linker, -mavx part.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <immintrin.h>
++#include <stdlib.h>
++#include <string.h>
++
++int
++tst_avx_aux (void)
++{
++#ifdef __AVX__
++ extern __m256i avx_test (__m256i, __m256i, __m256i, __m256i,
++ __m256i, __m256i, __m256i, __m256i);
++
++ __m256i ymm0 = _mm256_set1_epi32 (0);
++ __m256i ymm1 = _mm256_set1_epi32 (1);
++ __m256i ymm2 = _mm256_set1_epi32 (2);
++ __m256i ymm3 = _mm256_set1_epi32 (3);
++ __m256i ymm4 = _mm256_set1_epi32 (4);
++ __m256i ymm5 = _mm256_set1_epi32 (5);
++ __m256i ymm6 = _mm256_set1_epi32 (6);
++ __m256i ymm7 = _mm256_set1_epi32 (7);
++ __m256i ret = avx_test (ymm0, ymm1, ymm2, ymm3,
++ ymm4, ymm5, ymm6, ymm7);
++ ymm0 = _mm256_set1_epi32 (0x12349876);
++ if (memcmp (&ymm0, &ret, sizeof (ret)))
++ abort ();
++ return 0;
++#else /* __AVX__ */
++ return 77;
++#endif /* __AVX__ */
++}
+diff --git a/sysdeps/x86_64/tst-avx.c b/sysdeps/x86_64/tst-avx.c
+new file mode 100644
+index 0000000000..ec2e3a79ff
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avx.c
+@@ -0,0 +1,49 @@
++/* Test case for preserved AVX registers in dynamic linker.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <cpuid.h>
++
++int tst_avx_aux (void);
++
++static int
++avx_enabled (void)
++{
++ unsigned int eax, ebx, ecx, edx;
++
++ if (__get_cpuid (1, &eax, &ebx, &ecx, &edx) == 0
++ || (ecx & (bit_AVX | bit_OSXSAVE)) != (bit_AVX | bit_OSXSAVE))
++ return 0;
++
++ /* Check the OS has AVX and SSE saving enabled. */
++ asm ("xgetbv" : "=a" (eax), "=d" (edx) : "c" (0));
++
++ return (eax & 6) == 6;
++}
++
++static int
++do_test (void)
++{
++ /* Run AVX test only if AVX is supported. */
++ if (avx_enabled ())
++ return tst_avx_aux ();
++ else
++ return 77;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../../test-skeleton.c"
+diff --git a/sysdeps/x86_64/tst-avx512-aux.c b/sysdeps/x86_64/tst-avx512-aux.c
+new file mode 100644
+index 0000000000..6cebc523f2
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avx512-aux.c
+@@ -0,0 +1,48 @@
++/* Test case for preserved AVX512 registers in dynamic linker,
++ -mavx512 part.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <immintrin.h>
++#include <stdlib.h>
++#include <string.h>
++
++int
++tst_avx512_aux (void)
++{
++#ifdef __AVX512F__
++ extern __m512i avx512_test (__m512i, __m512i, __m512i, __m512i,
++ __m512i, __m512i, __m512i, __m512i);
++
++ __m512i zmm0 = _mm512_set1_epi32 (0);
++ __m512i zmm1 = _mm512_set1_epi32 (1);
++ __m512i zmm2 = _mm512_set1_epi32 (2);
++ __m512i zmm3 = _mm512_set1_epi32 (3);
++ __m512i zmm4 = _mm512_set1_epi32 (4);
++ __m512i zmm5 = _mm512_set1_epi32 (5);
++ __m512i zmm6 = _mm512_set1_epi32 (6);
++ __m512i zmm7 = _mm512_set1_epi32 (7);
++ __m512i ret = avx512_test (zmm0, zmm1, zmm2, zmm3,
++ zmm4, zmm5, zmm6, zmm7);
++ zmm0 = _mm512_set1_epi32 (0x12349876);
++ if (memcmp (&zmm0, &ret, sizeof (ret)))
++ abort ();
++ return 0;
++#else /* __AVX512F__ */
++ return 77;
++#endif /* __AVX512F__ */
++}
+diff --git a/sysdeps/x86_64/tst-avx512.c b/sysdeps/x86_64/tst-avx512.c
+new file mode 100644
+index 0000000000..a8e42ef553
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avx512.c
+@@ -0,0 +1,57 @@
++/* Test case for preserved AVX512 registers in dynamic linker.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <cpuid.h>
++
++int tst_avx512_aux (void);
++
++static int
++avx512_enabled (void)
++{
++#ifdef bit_AVX512F
++ unsigned int eax, ebx, ecx, edx;
++
++ if (__get_cpuid (1, &eax, &ebx, &ecx, &edx) == 0
++ || (ecx & (bit_AVX | bit_OSXSAVE)) != (bit_AVX | bit_OSXSAVE))
++ return 0;
++
++ __cpuid_count (7, 0, eax, ebx, ecx, edx);
++ if (!(ebx & bit_AVX512F))
++ return 0;
++
++ asm ("xgetbv" : "=a" (eax), "=d" (edx) : "c" (0));
++
++ /* Verify that ZMM, YMM and XMM states are enabled. */
++ return (eax & 0xe6) == 0xe6;
++#else
++ return 0;
++#endif
++}
++
++static int
++do_test (void)
++{
++ /* Run AVX512 test only if AVX512 is supported. */
++ if (avx512_enabled ())
++ return tst_avx512_aux ();
++ else
++ return 77;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../../test-skeleton.c"
+diff --git a/sysdeps/x86_64/tst-avx512mod.c b/sysdeps/x86_64/tst-avx512mod.c
+new file mode 100644
+index 0000000000..4cfb3a2c3d
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avx512mod.c
+@@ -0,0 +1,48 @@
++/* Test case for x86-64 preserved AVX512 registers in dynamic linker. */
++
++#ifdef __AVX512F__
++#include <stdlib.h>
++#include <string.h>
++#include <immintrin.h>
++
++__m512i
++avx512_test (__m512i x0, __m512i x1, __m512i x2, __m512i x3,
++ __m512i x4, __m512i x5, __m512i x6, __m512i x7)
++{
++ __m512i zmm;
++
++ zmm = _mm512_set1_epi32 (0);
++ if (memcmp (&zmm, &x0, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (1);
++ if (memcmp (&zmm, &x1, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (2);
++ if (memcmp (&zmm, &x2, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (3);
++ if (memcmp (&zmm, &x3, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (4);
++ if (memcmp (&zmm, &x4, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (5);
++ if (memcmp (&zmm, &x5, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (6);
++ if (memcmp (&zmm, &x6, sizeof (zmm)))
++ abort ();
++
++ zmm = _mm512_set1_epi32 (7);
++ if (memcmp (&zmm, &x7, sizeof (zmm)))
++ abort ();
++
++ return _mm512_set1_epi32 (0x12349876);
++}
++#endif
+diff --git a/sysdeps/x86_64/tst-avxmod.c b/sysdeps/x86_64/tst-avxmod.c
+new file mode 100644
+index 0000000000..6e5b154997
+--- /dev/null
++++ b/sysdeps/x86_64/tst-avxmod.c
+@@ -0,0 +1,48 @@
++/* Test case for x86-64 preserved AVX registers in dynamic linker. */
++
++#ifdef __AVX__
++#include <stdlib.h>
++#include <string.h>
++#include <immintrin.h>
++
++__m256i
++avx_test (__m256i x0, __m256i x1, __m256i x2, __m256i x3,
++ __m256i x4, __m256i x5, __m256i x6, __m256i x7)
++{
++ __m256i ymm;
++
++ ymm = _mm256_set1_epi32 (0);
++ if (memcmp (&ymm, &x0, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (1);
++ if (memcmp (&ymm, &x1, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (2);
++ if (memcmp (&ymm, &x2, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (3);
++ if (memcmp (&ymm, &x3, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (4);
++ if (memcmp (&ymm, &x4, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (5);
++ if (memcmp (&ymm, &x5, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (6);
++ if (memcmp (&ymm, &x6, sizeof (ymm)))
++ abort ();
++
++ ymm = _mm256_set1_epi32 (7);
++ if (memcmp (&ymm, &x7, sizeof (ymm)))
++ abort ();
++
++ return _mm256_set1_epi32 (0x12349876);
++}
++#endif
+diff --git a/sysdeps/x86_64/tst-sse.c b/sysdeps/x86_64/tst-sse.c
+new file mode 100644
+index 0000000000..dd1537cf27
+--- /dev/null
++++ b/sysdeps/x86_64/tst-sse.c
+@@ -0,0 +1,46 @@
++/* Test case for preserved SSE registers in dynamic linker.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include <immintrin.h>
++#include <stdlib.h>
++#include <string.h>
++
++extern __m128i sse_test (__m128i, __m128i, __m128i, __m128i,
++ __m128i, __m128i, __m128i, __m128i);
++
++static int
++do_test (void)
++{
++ __m128i xmm0 = _mm_set1_epi32 (0);
++ __m128i xmm1 = _mm_set1_epi32 (1);
++ __m128i xmm2 = _mm_set1_epi32 (2);
++ __m128i xmm3 = _mm_set1_epi32 (3);
++ __m128i xmm4 = _mm_set1_epi32 (4);
++ __m128i xmm5 = _mm_set1_epi32 (5);
++ __m128i xmm6 = _mm_set1_epi32 (6);
++ __m128i xmm7 = _mm_set1_epi32 (7);
++ __m128i ret = sse_test (xmm0, xmm1, xmm2, xmm3,
++ xmm4, xmm5, xmm6, xmm7);
++ xmm0 = _mm_set1_epi32 (0x12349876);
++ if (memcmp (&xmm0, &ret, sizeof (ret)))
++ abort ();
++ return 0;
++}
++
++#define TEST_FUNCTION do_test ()
++#include "../../test-skeleton.c"
+diff --git a/sysdeps/x86_64/tst-ssemod.c b/sysdeps/x86_64/tst-ssemod.c
+new file mode 100644
+index 0000000000..907a64c69e
+--- /dev/null
++++ b/sysdeps/x86_64/tst-ssemod.c
+@@ -0,0 +1,46 @@
++/* Test case for x86-64 preserved SSE registers in dynamic linker. */
++
++#include <stdlib.h>
++#include <string.h>
++#include <immintrin.h>
++
++__m128i
++sse_test (__m128i x0, __m128i x1, __m128i x2, __m128i x3,
++ __m128i x4, __m128i x5, __m128i x6, __m128i x7)
++{
++ __m128i xmm;
++
++ xmm = _mm_set1_epi32 (0);
++ if (memcmp (&xmm, &x0, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (1);
++ if (memcmp (&xmm, &x1, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (2);
++ if (memcmp (&xmm, &x2, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (3);
++ if (memcmp (&xmm, &x3, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (4);
++ if (memcmp (&xmm, &x4, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (5);
++ if (memcmp (&xmm, &x5, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (6);
++ if (memcmp (&xmm, &x6, sizeof (xmm)))
++ abort ();
++
++ xmm = _mm_set1_epi32 (7);
++ if (memcmp (&xmm, &x7, sizeof (xmm)))
++ abort ();
++
++ return _mm_set1_epi32 (0x12349876);
++}
1
0
ports/xorg (3.3): [notify] xorg-libxfont: updated to 1.5.3. Fix for CVE-2017-13720, CVE-2017-13722
by crux@crux.nu 20 Oct '17
by crux@crux.nu 20 Oct '17
20 Oct '17
commit bdd4f0fab00a2c0f4a6aec10c30540fe4c5973be
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Fri Oct 20 21:24:08 2017 +0200
[notify] xorg-libxfont: updated to 1.5.3. Fix for CVE-2017-13720, CVE-2017-13722
diff --git a/xorg-libxfont/.md5sum b/xorg-libxfont/.md5sum
index c15faac..c936fc3 100644
--- a/xorg-libxfont/.md5sum
+++ b/xorg-libxfont/.md5sum
@@ -1 +1 @@
-254ee42bd178d18ebc7a73aacfde7f79 libXfont-1.5.2.tar.bz2
+9ba75bf38ba62a6ad52550ab716da9b3 libXfont-1.5.3.tar.bz2
diff --git a/xorg-libxfont/.signature b/xorg-libxfont/.signature
index 33e4cf6..188856f 100644
--- a/xorg-libxfont/.signature
+++ b/xorg-libxfont/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndApbu5QORK2lLDwohy+SmcVFcjG7n1oTrPsSBgnJXLxNo4DaW4b+RDY/o/RiCDYtfmBm9eNaAplKxBYeGAzvIQ0=
-SHA256 (Pkgfile) = c1cd3b03bab803aafcfe728ee2eb6c74978b36dc935b0b693accec006b15384f
+RWTSGWF5Q7TndOdY4ixEXWHEFdxkJ+JtH7nOUr7oCGdnXhcOLByATONkJe+CP9X0J7Df6zjdEhNay67R6GlNwL45cp9FIrNITgs=
+SHA256 (Pkgfile) = b8abc4bb6c99aa34b985a45be5a97c2cde6326c82fe272de69332cd4248b559f
SHA256 (.footprint) = 686b53b870b0d54c2aa693379b33c5ed88817527d477da80cf86b0bc3c883271
-SHA256 (libXfont-1.5.2.tar.bz2) = 02945ea68da447102f3e6c2b896c1d2061fd115de99404facc2aca3ad7010d71
+SHA256 (libXfont-1.5.3.tar.bz2) = ab85c10fd2683481dfef672a77fe60e6a2039558cbc0e9bf56b5e1df471c93d0
diff --git a/xorg-libxfont/Pkgfile b/xorg-libxfont/Pkgfile
index e91ab33..9f649eb 100644
--- a/xorg-libxfont/Pkgfile
+++ b/xorg-libxfont/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: freetype, xorg-xproto, xorg-xtrans, xorg-fontsproto, xorg-libfontenc
name=xorg-libxfont
-version=1.5.2
+version=1.5.3
release=1
source=(http://xorg.freedesktop.org/releases/individual/lib/libXfont-$versi…
1
0
commit 09da077dbc4cd42b7e949fd7911eb496bc7ab614
Author: Juergen Daubert <jue(a)jue.li>
Date: Thu Oct 19 12:48:33 2017 +0200
[notify] jre: update to 1.8.0_152
includes several security fixes, see
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html…
diff --git a/jre/.footprint b/jre/.footprint
index 71bce910b..1f478accd 100644
--- a/jre/.footprint
+++ b/jre/.footprint
@@ -214,7 +214,7 @@ drwxr-xr-x root/root usr/lib/jre/lib/ext/
-rw-r--r-- root/root usr/lib/jre/lib/ext/cldrdata.jar
-rw-r--r-- root/root usr/lib/jre/lib/ext/dnsns.jar
-rw-r--r-- root/root usr/lib/jre/lib/ext/jaccess.jar
--rwxr-xr-x root/root usr/lib/jre/lib/ext/jfxrt.jar
+-rw-r--r-- root/root usr/lib/jre/lib/ext/jfxrt.jar
-rw-r--r-- root/root usr/lib/jre/lib/ext/localedata.jar
-rw-r--r-- root/root usr/lib/jre/lib/ext/meta-index
-rw-r--r-- root/root usr/lib/jre/lib/ext/nashorn.jar
@@ -261,7 +261,7 @@ drwxr-xr-x root/root usr/lib/jre/lib/images/icons/
-rw-r--r-- root/root usr/lib/jre/lib/images/icons/sun-java_HighContrast.png
-rw-r--r-- root/root usr/lib/jre/lib/images/icons/sun-java_HighContrastInverse.png
-rw-r--r-- root/root usr/lib/jre/lib/images/icons/sun-java_LowContrast.png
--rwxr-xr-x root/root usr/lib/jre/lib/javafx.properties
+-rw-r--r-- root/root usr/lib/jre/lib/javafx.properties
-rw-r--r-- root/root usr/lib/jre/lib/javaws.jar
-rw-r--r-- root/root usr/lib/jre/lib/jce.jar
-rwxr-xr-x root/root usr/lib/jre/lib/jexec
@@ -269,7 +269,7 @@ drwxr-xr-x root/root usr/lib/jre/lib/images/icons/
drwxr-xr-x root/root usr/lib/jre/lib/jfr/
-rw-r--r-- root/root usr/lib/jre/lib/jfr/default.jfc
-rw-r--r-- root/root usr/lib/jre/lib/jfr/profile.jfc
--rwxr-xr-x root/root usr/lib/jre/lib/jfxswt.jar
+-rw-r--r-- root/root usr/lib/jre/lib/jfxswt.jar
-rw-r--r-- root/root usr/lib/jre/lib/jsse.jar
-rw-r--r-- root/root usr/lib/jre/lib/jvm.hprof.txt
drwxr-xr-x root/root usr/lib/jre/lib/locale/
@@ -336,14 +336,19 @@ drwxr-xr-x root/root usr/lib/jre/lib/oblique-fonts/
-rw-r--r-- root/root usr/lib/jre/lib/resources.jar
-rw-r--r-- root/root usr/lib/jre/lib/rt.jar
drwxr-xr-x root/root usr/lib/jre/lib/security/
--rw-r--r-- root/root usr/lib/jre/lib/security/US_export_policy.jar
-rw-r--r-- root/root usr/lib/jre/lib/security/blacklist
-rw-r--r-- root/root usr/lib/jre/lib/security/blacklisted.certs
-rw-r--r-- root/root usr/lib/jre/lib/security/cacerts
-rw-r--r-- root/root usr/lib/jre/lib/security/java.policy
-rw-r--r-- root/root usr/lib/jre/lib/security/java.security
-rw-r--r-- root/root usr/lib/jre/lib/security/javaws.policy
--rw-r--r-- root/root usr/lib/jre/lib/security/local_policy.jar
+drwxr-xr-x root/root usr/lib/jre/lib/security/policy/
+drwxr-xr-x root/root usr/lib/jre/lib/security/policy/limited/
+-rw-r--r-- root/root usr/lib/jre/lib/security/policy/limited/US_export_policy.jar
+-rw-r--r-- root/root usr/lib/jre/lib/security/policy/limited/local_policy.jar
+drwxr-xr-x root/root usr/lib/jre/lib/security/policy/unlimited/
+-rw-r--r-- root/root usr/lib/jre/lib/security/policy/unlimited/US_export_policy.jar
+-rw-r--r-- root/root usr/lib/jre/lib/security/policy/unlimited/local_policy.jar
-rw-r--r-- root/root usr/lib/jre/lib/security/trusted.libraries (EMPTY)
-rw-r--r-- root/root usr/lib/jre/lib/sound.properties
-rw-r--r-- root/root usr/lib/jre/lib/tzdb.dat
diff --git a/jre/.md5sum b/jre/.md5sum
index b335dbf7d..dfa8d46d5 100644
--- a/jre/.md5sum
+++ b/jre/.md5sum
@@ -1 +1 @@
-e3808f24d0f588b0c313fa18b50683c6 jre-8u144-linux-x64.tar.gz
+32c9a36d3869b13db18e8bd5bfc14dcb jre-8u152-linux-x64.tar.gz
diff --git a/jre/.signature b/jre/.signature
index e2905a2b2..5cfe27a67 100644
--- a/jre/.signature
+++ b/jre/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/TxyEZiErTJKV4Z70mC5Wk1NR9EQjkWpiHp9ey8FsyHevpAJI1N6XMXFStg5pDDEHJ6UgUD6HkhE/s4tiQfGpw0=
-SHA256 (Pkgfile) = 06b909029eef01713f1eebb878580bdff146d6fffcaa97a2629b264660ba69f3
-SHA256 (.footprint) = dc7cde6d890ec3915e294d5023a9c6f5ea54c013bc29339d96644a94d2fd42fb
-SHA256 (jre-8u144-linux-x64.tar.gz) = 4e6e11aad54ae3c716a5607ee88d81f3f1e8b5b23ee474b0272dba351ee9f28a
+RWSE3ohX2g5d/fKeTYzRY3fyAiNTjXmYIaZaeONj4hFHFoeiwNGJDT6bhJMumfIBSfVrVg3wk2UaogQKze76lkuE1Y0Sj+w+xws=
+SHA256 (Pkgfile) = 20b80ef7d132b6260330b31ab2ad7f4eaf4cf4b8f9adf6b117ce947fdef6614c
+SHA256 (.footprint) = d53169d2c96638760f9f3348baf15873a87cf1b7b36017b277aaa73ac1881c7c
+SHA256 (jre-8u152-linux-x64.tar.gz) = ed04ffbf8050a69b15f02c51a2cae8e0de9362e7f6fe8995b1c39c613fc20ede
diff --git a/jre/Pkgfile b/jre/Pkgfile
index 089a03344..87444231a 100644
--- a/jre/Pkgfile
+++ b/jre/Pkgfile
@@ -4,7 +4,7 @@
# Packager: Simone Rota, sip at crux dot nu
name=jre
-version=1.8.0_144
+version=1.8.0_152
release=1
source=(file:///$name-8u${version#*_}-linux-x64.tar.gz)
1
0
ports/opt (3.3): [notify] wpa_supplicant: security fix for the KRACK (Key Reinstallation Attacks) vulnerability
by crux@crux.nu 18 Oct '17
by crux@crux.nu 18 Oct '17
18 Oct '17
commit 1de458abe0a7518dba2e8b17f3fb9f50c38e440c
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 18 10:39:39 2017 +0200
[notify] wpa_supplicant: security fix for the KRACK (Key Reinstallation Attacks) vulnerability
See
- https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-message…
- https://www.krackattacks.com/
diff --git a/wpa_supplicant/.md5sum b/wpa_supplicant/.md5sum
index ea8a0db81..660019c37 100644
--- a/wpa_supplicant/.md5sum
+++ b/wpa_supplicant/.md5sum
@@ -1,2 +1,10 @@
+a209fe1510a138c0da3855854c38bf6f rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+a19510a630e870a100ccb56627df38b9 rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+1f9054638b4b142049aec620307e5bd2 rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+95e59981ffadbb832670a06db22c717f rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+2f13f68055c40a1034b0028d0c301988 rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+0065da3dce2284fa0c59a1359ad752bd rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+f993c4887d62de35b6492b0feffe2e49 rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+2dda6fa8a71fcd25d1f658eb44d7c3f0 rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
d716495fa71fbf6f8aca3075c8706af5 wlan
091569eb4440b7d7f2b4276dbfc03c3c wpa_supplicant-2.6.tar.gz
diff --git a/wpa_supplicant/.signature b/wpa_supplicant/.signature
index 93a4d7c7d..b44a5da65 100644
--- a/wpa_supplicant/.signature
+++ b/wpa_supplicant/.signature
@@ -1,6 +1,14 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/a8Qj5cjm4Lla1kZI8ErGziUebo0tSxwaucJSBU3mj/X0ZU5Ntp5Chv1qGGbd5Ii1mp5zwdiWTpPptAQ3lCBjgQ=
-SHA256 (Pkgfile) = c3597b4d648d5b0313c81f94efb37965440881e041e4d34a98838f9beb58eb34
+RWSE3ohX2g5d/RQg80Uz1Uy8/Bmifa5WGQsdDvlhpP0B/f7QXNBbntGkSjOBRzIvuuCD5bHTgtmDSqyR5n964zy4w19JVo4Seg0=
+SHA256 (Pkgfile) = 4b52b01a677225157876b502c8de725da63c7a5b1ff55469905f502783b73da3
SHA256 (.footprint) = d3b2e0c4068fe789ca0c18c2c81faf906efdbd970fa00641c3e5381dcbc474a5
SHA256 (wpa_supplicant-2.6.tar.gz) = b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450
+SHA256 (rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch) = 529113cc81256c6178f3c1cf25dd8d3f33e6d770e4a180bd31c6ab7e4917f40b
+SHA256 (rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch) = d86d47ab74170f3648b45b91bce780949ca92b09ab43df065178850ec0c335d7
+SHA256 (rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch) = d4535e36739a0cc7f3585e6bcba3c0bb8fc67cb3e729844e448c5dc751f47e81
+SHA256 (rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch) = 793a54748161b5af430dd9de4a1988d19cb8e85ab29bc2340f886b0297cee20b
+SHA256 (rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch) = 147c8abe07606905d16404fb2d2c8849796ca7c85ed8673c09bb50038bcdeb9e
+SHA256 (rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch) = 596d4d3b63ea859ed7ea9791b3a21cb11b6173b04c0a14a2afa47edf1666afa6
+SHA256 (rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch) = c5a17af84aec2d88c56ce0da2d6945be398fe7cab5c0c340deb30973900c2736
+SHA256 (rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch) = c8840d857b9432f3b488113c85c1ff5d4a4b8d81078b7033388dae1e990843b1
SHA256 (wlan) = 62f4c0bf8d5fedcf5b6ad79278f4be16f29841099f385acc4fc91e2d52ca1927
diff --git a/wpa_supplicant/Pkgfile b/wpa_supplicant/Pkgfile
index f143588af..ede524d6e 100644
--- a/wpa_supplicant/Pkgfile
+++ b/wpa_supplicant/Pkgfile
@@ -5,13 +5,30 @@
name=wpa_supplicant
version=2.6
-release=2
+release=3
source=(http://hostap.epitest.fi/releases/$name-$version.tar.gz
+ rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+ rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+ rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+ rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
wlan)
build () {
cd $name-$version/$name
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+ patch -d.. -p1 -i $SRC/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
cp defconfig .config
echo "CONFIG_READLINE=y
CONFIG_LIBNL32=y
diff --git a/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
new file mode 100644
index 000000000..727684865
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
new file mode 100644
index 000000000..1802d664a
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
@@ -0,0 +1,250 @@
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
new file mode 100644
index 000000000..e2937b851
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -0,0 +1,184 @@
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j(a)w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j(a)w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
new file mode 100644
index 000000000..22ee21794
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
@@ -0,0 +1,79 @@
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef(a)cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
new file mode 100644
index 000000000..c19c4c710
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
@@ -0,0 +1,64 @@
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j(a)w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j(a)w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
new file mode 100644
index 000000000..e1bd5a572
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
@@ -0,0 +1,132 @@
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j(a)w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j(a)w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
new file mode 100644
index 000000000..85ea1d62b
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
@@ -0,0 +1,43 @@
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j(a)w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j(a)w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
diff --git a/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
new file mode 100644
index 000000000..b9678f681
--- /dev/null
+++ b/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
@@ -0,0 +1,82 @@
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j(a)w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j(a)w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
+
1
0
ports/xorg (3.3): [notify] xorg-libxfont2: updated to 2.0.2. Fix for CVE-2017-13720, CVE-2017-13722
by crux@crux.nu 11 Oct '17
by crux@crux.nu 11 Oct '17
11 Oct '17
commit b17c83fd5b9ec4bd39de948130f444c67b63d364
Author: Fredrik Rinnestam <fredrik(a)crux.nu>
Date: Wed Oct 11 20:49:29 2017 +0200
[notify] xorg-libxfont2: updated to 2.0.2. Fix for CVE-2017-13720, CVE-2017-13722
diff --git a/xorg-libxfont2/.md5sum b/xorg-libxfont2/.md5sum
index 8d8fdd5..64589a4 100644
--- a/xorg-libxfont2/.md5sum
+++ b/xorg-libxfont2/.md5sum
@@ -1 +1 @@
-0d9f6dd9c23bf4bcbfb00504b566baf5 libXfont2-2.0.1.tar.bz2
+d39e6446e46f939486d1a8b856e8b67b libXfont2-2.0.2.tar.bz2
diff --git a/xorg-libxfont2/.signature b/xorg-libxfont2/.signature
index 130cf63..dbe798d 100644
--- a/xorg-libxfont2/.signature
+++ b/xorg-libxfont2/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndK/y2wQN2jdy8X841EeDpIQaV2YF0EhPZwdD6O2DAdAMBlUz0WlH8qcFMAj2BibbHecGAODdgyDP0JfH7ZOBQQM=
-SHA256 (Pkgfile) = 42d1d196fbe2558e56529cb039fea7b4d8e9d9002c5153b12b0832e44142003d
+RWTSGWF5Q7TndFQB5o5zKIwsOIBnzZzecH8QoRjLbCKYlrD6KNEJL0eP3oqrvy2VtdnsxdsANrlV5H8HrRhThX6Tc0pyWiWFIQU=
+SHA256 (Pkgfile) = df698163b9cad495b0167cb838737f7bfefb4d1efc9ebc88979874ce8ce71b16
SHA256 (.footprint) = dc140cda3b16fb7a5b446a303695090542a6625ecd69cc23fe2bf16ff2b6153a
-SHA256 (libXfont2-2.0.1.tar.bz2) = e9fbbb475ddd171b3a6a54b989cbade1f6f874fc35d505ebc5be426bc6e4db7e
+SHA256 (libXfont2-2.0.2.tar.bz2) = 94088d3b87f7d42c7116d9adaad155859e93330c6e47f5989f2de600b9a6c111
diff --git a/xorg-libxfont2/Pkgfile b/xorg-libxfont2/Pkgfile
index 0591661..4e32b63 100644
--- a/xorg-libxfont2/Pkgfile
+++ b/xorg-libxfont2/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: xorg-libfontenc, freetype, xorg-fontsproto, xorg-xtrans
name=xorg-libxfont2
-version=2.0.1
+version=2.0.2
release=1
source=(http://xorg.freedesktop.org/releases/individual/lib/libXfont2-$vers…
1
0
commit 9ee4516922b3f97d1dd4d579c1b68cb46313dec9
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 4 16:29:42 2017 +0200
[notify] curl: update to 7.56.0
includes a security fix for CVE-2017-1000254, see
- https://curl.haxx.se/docs/adv_20171004.html
- https://curl.haxx.se/changes.html
diff --git a/curl/.footprint b/curl/.footprint
index c0f9efb4..bde63d1b 100644
--- a/curl/.footprint
+++ b/curl/.footprint
@@ -15,9 +15,9 @@ drwxr-xr-x root/root usr/include/curl/
drwxr-xr-x root/root usr/lib/
-rw-r--r-- root/root usr/lib/libcurl.a
-rwxr-xr-x root/root usr/lib/libcurl.la
-lrwxrwxrwx root/root usr/lib/libcurl.so -> libcurl.so.4.4.0
-lrwxrwxrwx root/root usr/lib/libcurl.so.4 -> libcurl.so.4.4.0
--rwxr-xr-x root/root usr/lib/libcurl.so.4.4.0
+lrwxrwxrwx root/root usr/lib/libcurl.so -> libcurl.so.4.5.0
+lrwxrwxrwx root/root usr/lib/libcurl.so.4 -> libcurl.so.4.5.0
+-rwxr-xr-x root/root usr/lib/libcurl.so.4.5.0
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/libcurl.pc
drwxr-xr-x root/root usr/share/
@@ -202,6 +202,7 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_MAXREDIRS.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_MAX_RECV_SPEED_LARGE.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_MAX_SEND_SPEED_LARGE.3.gz
+-rw-r--r-- root/root usr/share/man/man3/CURLOPT_MIMEPOST.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_NETRC.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_NETRC_FILE.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_NEW_DIRECTORY_PERMS.3.gz
@@ -285,6 +286,7 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_NEC.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SOCKS5_GSSAPI_SERVICE.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SSH_AUTH_TYPES.3.gz
+-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SSH_COMPRESSION.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SSH_KEYDATA.3.gz
-rw-r--r-- root/root usr/share/man/man3/CURLOPT_SSH_KEYFUNCTION.3.gz
@@ -369,6 +371,19 @@ drwxr-xr-x root/root usr/share/man/man3/
-rw-r--r-- root/root usr/share/man/man3/curl_global_cleanup.3.gz
-rw-r--r-- root/root usr/share/man/man3/curl_global_init.3.gz
-rw-r--r-- root/root usr/share/man/man3/curl_global_init_mem.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_global_sslset.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_addpart.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_data.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_data_cb.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_encoder.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_filedata.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_filename.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_free.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_headers.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_init.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_name.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_subparts.3.gz
+-rw-r--r-- root/root usr/share/man/man3/curl_mime_type.3.gz
-rw-r--r-- root/root usr/share/man/man3/curl_mprintf.3.gz
-rw-r--r-- root/root usr/share/man/man3/curl_multi_add_handle.3.gz
-rw-r--r-- root/root usr/share/man/man3/curl_multi_assign.3.gz
diff --git a/curl/.md5sum b/curl/.md5sum
index 3b4b8a1a..3dec8714 100644
--- a/curl/.md5sum
+++ b/curl/.md5sum
@@ -1 +1 @@
-ac4a59c38c47adc160ea71eace20257b curl-7.55.1.tar.xz
+18ebc36c5dc9317d4a0b5db94a4e12ad curl-7.56.0.tar.xz
diff --git a/curl/.signature b/curl/.signature
index 3141f396..338f74ca 100644
--- a/curl/.signature
+++ b/curl/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/core.pub
-RWRJc1FUaeVeqsttOmP4bRTTlq1Erwu38RNfl/e6TLYTMEJWuLZV49lzOTgaw6LZ8JBdhFZ41iIStafin29JPu7EpPuFmRuEkA8=
-SHA256 (Pkgfile) = 623d20513f91b6f5519d9574654903ef59afaf79eadcb64552d5c643150d64aa
-SHA256 (.footprint) = 18cbbb14e896de64f7bff5174bcdda6a82db420ed1b9650a3b1f081c8563fe89
-SHA256 (curl-7.55.1.tar.xz) = 3eafca6e84ecb4af5f35795dee84e643d5428287e88c041122bb8dac18676bb7
+RWRJc1FUaeVeqlqZmKpuRZFq66mkgkIzBLaiIRwgRnatjolzx/xMxnAlxr9SOzNtip61Ofz+iAjHdr18Q2fuWmfyG/alBRUgsAk=
+SHA256 (Pkgfile) = b14e7ab3b96a0f2ead784eab5ac166a8c0e1ca572f85e94b95fd1b5b88c4dc07
+SHA256 (.footprint) = 6e020f23fe220c0cbfa665d5be74146b3de64d8ac2569aa6c2ca0a306fc95538
+SHA256 (curl-7.56.0.tar.xz) = 32437bcca0e9434384329fdc733547879d25ba70335b3cf9e3d9cbc3e71fd172
diff --git a/curl/Pkgfile b/curl/Pkgfile
index 7ef0bbdc..ea6467d3 100644
--- a/curl/Pkgfile
+++ b/curl/Pkgfile
@@ -4,7 +4,7 @@
# Depends on: openssl, zlib
name=curl
-version=7.55.1
+version=7.56.0
release=1
source=(http://curl.haxx.se/download/$name-$version.tar.xz)
1
0
commit 9a5a864d334573ae04ae4e6ec4f55fa5534b2673
Author: Juergen Daubert <jue(a)jue.li>
Date: Wed Oct 4 14:51:21 2017 +0200
[notify] apache: update to 2.4.28
includes one security fix, see
http://www.apache.org/dist/httpd/CHANGES_2.4.28
diff --git a/apache/.md5sum b/apache/.md5sum
index d0ca24d4b..a2d790127 100644
--- a/apache/.md5sum
+++ b/apache/.md5sum
@@ -1,3 +1,3 @@
2b98670eea68511989201f6910a6140d apache
3e3806b7f77965d50a2c81a570af7d9e crux.layout
-97b6bbfa83c866dbe20ef317e3afd108 httpd-2.4.27.tar.bz2
+49007ffe8e37a0834255b279810edf24 httpd-2.4.28.tar.bz2
diff --git a/apache/.signature b/apache/.signature
index 3f3ffa587..9cff369ab 100644
--- a/apache/.signature
+++ b/apache/.signature
@@ -1,7 +1,7 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/dmH41hEI0JGPf5ANn0xeoVxvA19cailAeyNIjvKds33KmMEGJCl9VdeKkmuQfWTI4m2yFgaZu15fW5JjLq2yQ0=
-SHA256 (Pkgfile) = 904fc84312279fe7565bb2a3507e897bbf9d885d03e1effa12bab12330e610de
+RWSE3ohX2g5d/bGqIsDkkQloc4lc37XSw0rQAyS+qyKAAqNeRPJ2kfqlesW53rdITXGcsgxtxU32Mr3VxnvEsphFMp6QUZzzBQc=
+SHA256 (Pkgfile) = 4a222cbd479eda2ce6c933f90b9ce30aa70c00e13da061455544f11af2bd3292
SHA256 (.footprint) = f15ae79d8c8a280e99c71fd353c5237b77131b7eb7c84b6fe6a995f85c4c496d
-SHA256 (httpd-2.4.27.tar.bz2) = 71fcc128238a690515bd8174d5330a5309161ef314a326ae45c7c15ed139c13a
+SHA256 (httpd-2.4.28.tar.bz2) = c1197a3a62a4ab5c584ab89b249af38cf28b4adee9c0106b62999fd29f920666
SHA256 (crux.layout) = cf555f92cdc9a078d9e89035819da1ac0d2e248f0d31637b9e8f48fc8d3f42cf
SHA256 (apache) = f4ff530751a937bead9030e15689a3b19591f790095b46bddc073efc82f756dd
diff --git a/apache/Pkgfile b/apache/Pkgfile
index 7395169c5..b31da0009 100644
--- a/apache/Pkgfile
+++ b/apache/Pkgfile
@@ -5,7 +5,7 @@
# Group: apache
name=apache
-version=2.4.27
+version=2.4.28
release=1
source=(http://www.apache.org/dist/httpd/httpd-$version.tar.bz2 \
crux.layout apache)
1
0
commit cfb55744536bf01064a3a4bd76d37743dcd68d80
Author: Juergen Daubert <jue(a)jue.li>
Date: Mon Oct 2 17:08:11 2017 +0200
[notify] xorg-server: update to 1.19.3-47
includes fixes for CVE-2017-10971 and CVE-2017-10972
Tar-ball generated from the xserver 1.19 branch until
126144c2355ce5a3a350f15ef97389c7f34bb6fb, see
https://cgit.freedesktop.org/xorg/xserver/commit/?h=server-1.19-branch
diff --git a/xorg-server/.md5sum b/xorg-server/.md5sum
index 9967666..bdce5ea 100644
--- a/xorg-server/.md5sum
+++ b/xorg-server/.md5sum
@@ -1 +1 @@
-015d2fc4b9f2bfe7a626edb63a62c65e xorg-server-1.19.3.tar.bz2
+3d7c931e2df10629ac01e474b291e382 xorg-server-1.19.3-47.tar.xz
diff --git a/xorg-server/.signature b/xorg-server/.signature
index a206bcb..979ca0f 100644
--- a/xorg-server/.signature
+++ b/xorg-server/.signature
@@ -1,5 +1,5 @@
untrusted comment: verify with /etc/ports/xorg.pub
-RWTSGWF5Q7TndNKPpf4nHJKEEOzgJg6P4qqh3sClnSkeEReVFfopP58zI8zbpbQyCoF7RJpxtBnoRkztFM53+5kDV66MCaYczA4=
-SHA256 (Pkgfile) = 0dd29b565993520456a009514cc6e640e83632a3ce75ed6a6bd7e49eb354b206
+RWTSGWF5Q7TndKl5rDQuF6Xvg3UvZWriBAp/zKrwCWZBcwpnLeQXsGc+SYN4PWvlMwD0NEEEbxUz/5roF2BNbbQH/UvUyEyo7go=
+SHA256 (Pkgfile) = 9dacb2db33ddaf59696f19cbb34bf435c4825ecf8be73282c308eea469af28a3
SHA256 (.footprint) = c10d0278783abcaa0855df1f191724365c35f987b8f774e2eb5fc83399ad4bf8
-SHA256 (xorg-server-1.19.3.tar.bz2) = 677a8166e03474719238dfe396ce673c4234735464d6dadf2959b600d20e5a98
+SHA256 (xorg-server-1.19.3-47.tar.xz) = 60ffe223c574f0881e8204f4c14c641bd34af5c3012ba4100d3e78f8422ecc06
diff --git a/xorg-server/Pkgfile b/xorg-server/Pkgfile
index a20179f..e3af6f3 100644
--- a/xorg-server/Pkgfile
+++ b/xorg-server/Pkgfile
@@ -4,9 +4,10 @@
# Depends on: libepoxy util-linux xorg-bdftopcf xorg-bigreqsproto xorg-font-util xorg-libdmx xorg-libxaw xorg-libxcomposite xorg-libxcursor xorg-libxfont2 xorg-libxft xorg-libxinerama xorg-libxkbfile xorg-libxrandr xorg-libxres xorg-libxtst xorg-libxxf86dga xorg-mkfontdir xorg-mkfontscale xorg-scrnsaverproto xorg-xcb-util-keysyms xorg-xcmiscproto xorg-xf86driproto
name=xorg-server
-version=1.19.3
+version=1.19.3-47
release=1
-source=(http://xorg.freedesktop.org/releases/individual/xserver/$name-$version.tar.bz2)
+#source=(http://xorg.freedesktop.org/releases/individual/xserver/$name-$version.tar.bz2)
+source=(https://crux.nu/files/distfiles/$name-$version.tar.xz)
build() {
cd $name-$version
1
0
commit c12b857d1604131e49afb03a8557b803c9a10d47
Author: Juergen Daubert <jue(a)jue.li>
Date: Mon Oct 2 15:53:04 2017 +0200
[notify] dnsmasq: update to 2.78
security fix, see
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.h…
diff --git a/dnsmasq/.md5sum b/dnsmasq/.md5sum
index b6304e93a..1367932a5 100644
--- a/dnsmasq/.md5sum
+++ b/dnsmasq/.md5sum
@@ -1,3 +1,3 @@
cf2b6cff8356ce9da3f6da7dfa0e588b dnsmasq
-5b973fea8e66e76a0e6bb44adefc6f9b dnsmasq-2.77.tar.xz
+6d0241b72c79d2b510776ccc4ed69ca4 dnsmasq-2.78.tar.xz
490957d8ec26925be2fe5ddd17ec7e6e dnsmasq-config.patch
diff --git a/dnsmasq/.signature b/dnsmasq/.signature
index 98d7b04b2..50b6d34bb 100644
--- a/dnsmasq/.signature
+++ b/dnsmasq/.signature
@@ -1,7 +1,7 @@
untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/bZj1Pvfl3LUi/kct0vIbjAM55hL5Mu5v/nLy6fDlIEnBofm822n2gdp0lrO7PbRJa4cWPfwNUKAN3r7IlJs9wQ=
-SHA256 (Pkgfile) = da4dbab82c35193cf873d8e6201cd7f34478e9001b854c41ae4987a006373f7e
+RWSE3ohX2g5d/UKwrGCr36sVXSUV8EQ7pLn0g2Tziu5dZPMLQ7pWjIpJJlATWJEphN9deE6BsQf1f+9nHBNgGZEvLTHJ3FgMHwk=
+SHA256 (Pkgfile) = 3a02f1099d36aa8fc2b95d86a7d81ec48adcbbadb7e362f13acf7544e0ddcdf7
SHA256 (.footprint) = 0a67922c7b59eb4a638cf4582f91ea285eb9876696d5a0829a7c70a9c9cb9804
-SHA256 (dnsmasq-2.77.tar.xz) = 6eac3b1c50ae25170e3ff8c96ddb55236cf45007633fdb8a35b1f3e02f5f8b8a
+SHA256 (dnsmasq-2.78.tar.xz) = 89949f438c74b0c7543f06689c319484bd126cc4b1f8c745c742ab397681252b
SHA256 (dnsmasq-config.patch) = 18a021a69fb134785c0b2ea690a12251d31c8a1d0e2405a71480827fe8a83507
SHA256 (dnsmasq) = 1550a45a85219d7e286f6c50d72d4794da27e7b78e6b482b8414f4cf8a4dbd7b
diff --git a/dnsmasq/Pkgfile b/dnsmasq/Pkgfile
index 9d8806e0f..6ecf5b5cc 100644
--- a/dnsmasq/Pkgfile
+++ b/dnsmasq/Pkgfile
@@ -3,7 +3,7 @@
# Maintainer: Juergen Daubert, jue at crux dot nu
name=dnsmasq
-version=2.77
+version=2.78
release=1
source=(http://www.thekelleys.org.uk/$name/$name-$version.tar.xz \
$name-config.patch dnsmasq)
1
0