diff options
Diffstat (limited to 'extra/distcc')
-rw-r--r-- | extra/distcc/dcc_gcc_rewrite_fqn-avoid-heap-corruption.patch | 65 | ||||
-rw-r--r-- | extra/distcc/distcc-hardened.patch | 24 | ||||
-rw-r--r-- | extra/distcc/gcc-10.patch | 15 |
3 files changed, 104 insertions, 0 deletions
diff --git a/extra/distcc/dcc_gcc_rewrite_fqn-avoid-heap-corruption.patch b/extra/distcc/dcc_gcc_rewrite_fqn-avoid-heap-corruption.patch new file mode 100644 index 0000000..5d0a86d --- /dev/null +++ b/extra/distcc/dcc_gcc_rewrite_fqn-avoid-heap-corruption.patch @@ -0,0 +1,65 @@ +commit 879b71d6e95673e58d33f6c3c341a893ee307161 +Author: Alexey Sheplyakov <asheplyakov@yandex.ru> +Date: Sat Jul 10 22:18:14 2021 +0400 + + dcc_gcc_rewrite_fqn: avoid heap corruption + + On ALT Linux I've run into the following bug: + + distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c + free(): invalid next size (fast) + Aborted (core dumped) + + Apparently dcc_gcc_rewrite writes beyond the allocated memory: + + valgrind --leak-check=full -v ./distcc gcc -Wall -std=gnu89 -I. -O2 -o hello.o -c hello.c + + ==11382== ERROR SUMMARY: 53 errors from 5 contexts (suppressed: 0 from 0) + ==11382== + ==11382== 1 errors in context 1 of 5: + ==11382== Invalid write of size 1 + ==11382== at 0x4C349D8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) + ==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) + ==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) + ==11382== by 0x10E380: main (distcc.c:352) + ==11382== Address 0x544e828 is 1 bytes after a block of size 23 alloc'd + ==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) + ==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) + ==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) + ==11382== by 0x10E380: main (distcc.c:352) + ==11382== + ==11382== + ==11382== 1 errors in context 2 of 5: + ==11382== Invalid write of size 1 + ==11382== at 0x4C349C8: strcat (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==11382== by 0x10D165: dcc_gcc_rewrite_fqn (compile.c:611) + ==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) + ==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) + ==11382== by 0x10E380: main (distcc.c:352) + ==11382== Address 0x544e827 is 0 bytes after a block of size 23 alloc'd + ==11382== at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) + ==11382== by 0x10D087: dcc_gcc_rewrite_fqn (compile.c:588) + ==11382== by 0x10D4B4: dcc_build_somewhere (compile.c:725) + ==11382== by 0x10DC01: dcc_build_somewhere_timed (compile.c:1014) + ==11382== by 0x10E380: main (distcc.c:352) + + and ALT Linux' hardened glibc does not quite like that. + Correctly compute the `newcmd_len` to avoid the problem. + + ALTBUG: #40425 + +diff --git a/src/compile.c b/src/compile.c +index 34964566fdd6..26d7d1821501 100644 +--- a/src/compile.c ++++ b/src/compile.c +@@ -584,7 +584,7 @@ static int dcc_gcc_rewrite_fqn(char **argv) + return -ENOENT; + + +- newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0] + 1); ++ newcmd_len = strlen(target_with_vendor) + 1 + strlen(argv[0]) + 1; + newcmd = malloc(newcmd_len); + if (!newcmd) + return -ENOMEM; diff --git a/extra/distcc/distcc-hardened.patch b/extra/distcc/distcc-hardened.patch new file mode 100644 index 0000000..c50b15d --- /dev/null +++ b/extra/distcc/distcc-hardened.patch @@ -0,0 +1,24 @@ +From: Gordon Malm <gengor@gentoo.org> + +Make distcc client pass -D__KERNEL__ macro. Hardened GCC uses this +macro to determine if code intended to be run in-kernel is being compiled. +If the code is kernel code, certain compile flags are not applied. + +When using distcc to build kernel code (modules, etc.) without this patch, +the distccd host doesn't get passed -D__KERNEL__. Consequently, gcc on +the distccd host applies all kinds of flags that it shouldn't. + +--- distcc-2.18.3/src/strip.c ++++ distcc-2.18.3-hardened/src/strip.c +@@ -79,7 +79,10 @@ int dcc_strip_local_args(char **from, ch + /* skip through argv, copying all arguments but skipping ones that + * ought to be omitted */ + for (from_i = to_i = 0; from[from_i]; from_i++) { +- if (str_equal("-D", from[from_i]) ++ if (str_equal("-D__KERNEL__", from[from_i])) { ++ to[to_i++] = from[from_i]; ++ } ++ else if (str_equal("-D", from[from_i]) + || str_equal("-I", from[from_i]) + || str_equal("-U", from[from_i]) + || str_equal("-L", from[from_i]) diff --git a/extra/distcc/gcc-10.patch b/extra/distcc/gcc-10.patch new file mode 100644 index 0000000..599de51 --- /dev/null +++ b/extra/distcc/gcc-10.patch @@ -0,0 +1,15 @@ +Upstream: Should be +Reason: Fixes compilation under gcc-10 which has -fno-common + +diff --git a/src/stats.c b/src/stats.c +index 35dbf7d..76bfbee 100644 +--- a/src/stats.c ++++ b/src/stats.c +@@ -82,7 +82,7 @@ struct statsdata { + char compiler[MAX_FILENAME_LEN]; + }; + +-const char *stats_text[20] = { "TCP_ACCEPT", "REJ_BAD_REQ", "REJ_OVERLOAD", ++extern const char *stats_text[20] = { "TCP_ACCEPT", "REJ_BAD_REQ", "REJ_OVERLOAD", + "COMPILE_OK", "COMPILE_ERROR", "COMPILE_TIMEOUT", "CLI_DISCONN", + "OTHER" }; |