glibc: remove outdated patches

Co-authored-by: Luka Blaskovic <lblasc@znode.net>

pkgs/development/libraries/glibc/CVE-2018-11236.patch

@@ -1,146 +0,0 @@
-From 5460617d1567657621107d895ee2dd83bc1f88f2 Mon Sep 17 00:00:00 2001
-From: Paul Pluzhnikov <ppluzhnikov@google.com>
-Date: Tue, 8 May 2018 18:12:41 -0700
-Subject: [PATCH] Fix BZ 22786: integer addition overflow may cause stack
- buffer overflow when realpath() input length is close to SSIZE_MAX.
-
-2018-05-09  Paul Pluzhnikov  <ppluzhnikov@google.com>
-
-	[BZ #22786]
-	* stdlib/canonicalize.c (__realpath): Fix overflow in path length
-	computation.
-	* stdlib/Makefile (test-bz22786): New test.
-	* stdlib/test-bz22786.c: New test.
----
- ChangeLog             |  8 +++++
- stdlib/Makefile       |  2 +-
- stdlib/canonicalize.c |  2 +-
- stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 100 insertions(+), 2 deletions(-)
- create mode 100644 stdlib/test-bz22786.c
-
-diff --git a/stdlib/Makefile b/stdlib/Makefile
-index af1643c..1ddb1f9 100644
---- a/stdlib/Makefile
-+++ b/stdlib/Makefile
-@@ -84,7 +84,7 @@ tests		:= tst-strtol tst-strtod testmb testrand testsort testdiv   \
- 		   tst-cxa_atexit tst-on_exit test-atexit-race 		    \
- 		   test-at_quick_exit-race test-cxa_atexit-race             \
- 		   test-on_exit-race test-dlclose-exit-race 		    \
--		   tst-makecontext-align
-+		   tst-makecontext-align test-bz22786
- 
- tests-internal	:= tst-strtod1i tst-strtod3 tst-strtod4 tst-strtod5i \
- 		   tst-tls-atexit tst-tls-atexit-nodelete
-diff --git a/stdlib/canonicalize.c b/stdlib/canonicalize.c
-index 4135f3f..390fb43 100644
---- a/stdlib/canonicalize.c
-+++ b/stdlib/canonicalize.c
-@@ -181,7 +181,7 @@ __realpath (const char *name, char *resolved)
- 		extra_buf = __alloca (path_max);
- 
- 	      len = strlen (end);
--	      if ((long int) (n + len) >= path_max)
-+	      if (path_max - n <= len)
- 		{
- 		  __set_errno (ENAMETOOLONG);
- 		  goto error;
-diff --git a/stdlib/test-bz22786.c b/stdlib/test-bz22786.c
-new file mode 100644
-index 0000000..e7837f9
---- /dev/null
-+++ b/stdlib/test-bz22786.c
-@@ -0,0 +1,90 @@
-+/* Bug 22786: test for buffer overflow in realpath.
-+   Copyright (C) 2018 Free Software Foundation, Inc.
-+   This file is part of the GNU C Library.
-+
-+   The GNU C Library is free software; you can redistribute it and/or
-+   modify it under the terms of the GNU Lesser General Public
-+   License as published by the Free Software Foundation; either
-+   version 2.1 of the License, or (at your option) any later version.
-+
-+   The GNU C Library is distributed in the hope that it will be useful,
-+   but WITHOUT ANY WARRANTY; without even the implied warranty of
-+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+   Lesser General Public License for more details.
-+
-+   You should have received a copy of the GNU Lesser General Public
-+   License along with the GNU C Library; if not, see
-+   <http://www.gnu.org/licenses/>.  */
-+
-+/* This file must be run from within a directory called "stdlib".  */
-+
-+#include <errno.h>
-+#include <limits.h>
-+#include <stdio.h>
-+#include <stdlib.h>
-+#include <string.h>
-+#include <unistd.h>
-+#include <sys/stat.h>
-+#include <sys/types.h>
-+#include <support/test-driver.h>
-+#include <libc-diag.h>
-+
-+static int
-+do_test (void)
-+{
-+  const char dir[] = "bz22786";
-+  const char lnk[] = "bz22786/symlink";
-+
-+  rmdir (dir);
-+  if (mkdir (dir, 0755) != 0 && errno != EEXIST)
-+    {
-+      printf ("mkdir %s: %m\n", dir);
-+      return EXIT_FAILURE;
-+    }
-+  if (symlink (".", lnk) != 0 && errno != EEXIST)
-+    {
-+      printf ("symlink (%s, %s): %m\n", dir, lnk);
-+      return EXIT_FAILURE;
-+    }
-+
-+  const size_t path_len = (size_t) INT_MAX + 1;
-+
-+  DIAG_PUSH_NEEDS_COMMENT;
-+#if __GNUC_PREREQ (7, 0)
-+  /* GCC 7 warns about too-large allocations; here we need such
-+     allocation to succeed for the test to work.  */
-+  DIAG_IGNORE_NEEDS_COMMENT (7, "-Walloc-size-larger-than=");
-+#endif
-+  char *path = malloc (path_len);
-+  DIAG_POP_NEEDS_COMMENT;
-+
-+  if (path == NULL)
-+    {
-+      printf ("malloc (%zu): %m\n", path_len);
-+      return EXIT_UNSUPPORTED;
-+    }
-+
-+  /* Construct very long path = "bz22786/symlink/aaaa....."  */
-+  char *p = mempcpy (path, lnk, sizeof (lnk) - 1);
-+  *(p++) = '/';
-+  memset (p, 'a', path_len - (path - p) - 2);
-+  p[path_len - (path - p) - 1] = '\0';
-+
-+  /* This call crashes before the fix for bz22786 on 32-bit platforms.  */
-+  p = realpath (path, NULL);
-+
-+  if (p != NULL || errno != ENAMETOOLONG)
-+    {
-+      printf ("realpath: %s (%m)", p);
-+      return EXIT_FAILURE;
-+    }
-+
-+  /* Cleanup.  */
-+  unlink (lnk);
-+  rmdir (dir);
-+
-+  return 0;
-+}
-+
-+#define TEST_FUNCTION do_test
-+#include <support/test-driver.c>
--- 
-2.9.3
-

pkgs/development/libraries/glibc/CVE-2018-11237.patch

@@ -1,55 +0,0 @@
-From f51c8367685dc888a02f7304c729ed5277904aff Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Thu, 24 May 2018 14:39:18 +0200
-Subject: [PATCH] Don't write beyond destination in
- __mempcpy_avx512_no_vzeroupper (bug 23196)
-
-When compiled as mempcpy, the return value is the end of the destination
-buffer, thus it cannot be used to refer to the start of it.
-
-(cherry picked from commit 9aaaab7c6e4176e61c59b0a63c6ba906d875dc0e)
----
- ChangeLog                                               | 9 +++++++++
- NEWS                                                    | 7 +++++++
- string/test-mempcpy.c                                   | 1 +
- sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S | 5 +++--
- 4 files changed, 20 insertions(+), 2 deletions(-)
-
-diff --git a/string/test-mempcpy.c b/string/test-mempcpy.c
-index c08fba8..d98ecdd 100644
---- a/string/test-mempcpy.c
-+++ b/string/test-mempcpy.c
-@@ -18,6 +18,7 @@
-    <http://www.gnu.org/licenses/>.  */
- 
- #define MEMCPY_RESULT(dst, len) (dst) + (len)
-+#define MIN_PAGE_SIZE 131072
- #define TEST_MAIN
- #define TEST_NAME "mempcpy"
- #include "test-string.h"
-diff --git a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
-index 23c0f7a..effc3ac 100644
---- a/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
-+++ b/sysdeps/x86_64/multiarch/memmove-avx512-no-vzeroupper.S
-@@ -336,6 +336,7 @@ L(preloop_large):
- 	vmovups	(%rsi), %zmm4
- 	vmovups	0x40(%rsi), %zmm5
- 
-+	mov	%rdi, %r11
- /* Align destination for access with non-temporal stores in the loop.  */
- 	mov	%rdi, %r8
- 	and	$-0x80, %rdi
-@@ -366,8 +367,8 @@ L(gobble_256bytes_nt_loop):
- 	cmp	$256, %rdx
- 	ja	L(gobble_256bytes_nt_loop)
- 	sfence
--	vmovups	%zmm4, (%rax)
--	vmovups	%zmm5, 0x40(%rax)
-+	vmovups	%zmm4, (%r11)
-+	vmovups	%zmm5, 0x40(%r11)
- 	jmp	L(check)
- 
- L(preloop_large_bkw):
--- 
-2.9.3
-

pkgs/development/libraries/glibc/common.nix

@@ -19,7 +19,7 @@
 
 { stdenv, lib
 , buildPackages
-, fetchurl, fetchpatch
+, fetchurl
 , linuxHeaders ? null
 , gd ? null, libpng ? null
 , libidn2
@@ -94,35 +94,13 @@ stdenv.mkDerivation ({
         url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff";
         sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4";
       })
-
-      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
-      ./CVE-2018-11236.patch
-      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f51c8367685dc888a02f7304c729ed5277904aff
-      ./CVE-2018-11237.patch
-
-      # Remove after upgrading to glibc 2.28+
-      # Change backported from upstream
-      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9c79cec8cd2a6996a73aa83d79b360ffd4bebde6
-      ./fix-out-of-bounds-access-in-findidxwc.patch
-
-      # Remove after upgrading to glibc 2.28+
-      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=21526a507df8f1b2e37492193a754534d8938c0b
-      ./fix-out-of-bounds-access-in-ibm-1390-converter.patch
     ]
     ++ lib.optionals stdenv.isx86_64 [
       ./fix-x64-abi.patch
       ./2.27-CVE-2019-19126.patch
     ]
     ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
-    ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch
-
-    # Remove after upgrading to glibc 2.28+
-    ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform || stdenv.hostPlatform.isMusl) (fetchpatch {
-      url = "https://sourceware.org/git/?p=glibc.git;a=patch;h=780684eb04298977bc411ebca1eadeeba4877833";
-      name = "correct-pwent-parsing-issue-and-resulting-build.patch";
-      sha256 = "08fja894vzaj8phwfhsfik6jj2pbji7kypy3q8pgxvsd508zdv1q";
-      excludes = [ "ChangeLog" ];
-    });
+    ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch;
 
   postPatch =
     ''

pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-findidxwc.patch

@@ -1,26 +0,0 @@
-diff -ur glibc-2.27/locale/weightwc.h glibc-2.27-patched/locale/weightwc.h
---- glibc-2.27/locale/weightwc.h	2018-02-02 01:17:18.000000000 +0900
-+++ glibc-2.27-patched/locale/weightwc.h	2020-01-12 04:54:16.044440602 +0900
-@@ -94,19 +94,19 @@
- 	    if (cp[cnt] != usrc[cnt])
- 	      break;
- 
--	  if (cnt < nhere - 1)
-+	  if (cnt < nhere - 1 || cnt == len)
- 	    {
- 	      cp += 2 * nhere;
- 	      continue;
- 	    }
- 
--	  if (cp[nhere - 1] > usrc[nhere -1])
-+	  if (cp[nhere - 1] > usrc[nhere - 1])
- 	    {
- 	      cp += 2 * nhere;
- 	      continue;
- 	    }
- 
--	  if (cp[2 * nhere - 1] < usrc[nhere -1])
-+	  if (cp[2 * nhere - 1] < usrc[nhere - 1])
- 	    {
- 	      cp += 2 * nhere;
- 	      continue;

pkgs/development/libraries/glibc/fix-out-of-bounds-access-in-ibm-1390-converter.patch

@@ -1,35 +0,0 @@
-From 21526a507df8f1b2e37492193a754534d8938c0b Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@suse.de>
-Date: Tue, 24 Jul 2018 14:08:34 +0200
-Subject: [PATCH] Fix out-of-bounds access in IBM-1390 converter (bug 23448)
-
-The IBM-1390 converter can consume/produce two UCS4 characters in each
-loop.
----
- ChangeLog           | 6 ++++++
- iconvdata/ibm1364.c | 2 ++
- 2 files changed, 8 insertions(+)
-
-diff --git a/iconvdata/ibm1364.c b/iconvdata/ibm1364.c
-index b833273..517fe60 100644
---- a/iconvdata/ibm1364.c
-+++ b/iconvdata/ibm1364.c
-@@ -150,6 +150,7 @@ enum
- #define MIN_NEEDED_INPUT  	MIN_NEEDED_FROM
- #define MAX_NEEDED_INPUT  	MAX_NEEDED_FROM
- #define MIN_NEEDED_OUTPUT 	MIN_NEEDED_TO
-+#define MAX_NEEDED_OUTPUT 	MAX_NEEDED_TO
- #define LOOPFCT 		FROM_LOOP
- #define BODY \
-   {									      \
-@@ -296,6 +297,7 @@ enum
- 
- /* Next, define the other direction.  */
- #define MIN_NEEDED_INPUT	MIN_NEEDED_TO
-+#define MAX_NEEDED_INPUT  	MAX_NEEDED_TO
- #define MIN_NEEDED_OUTPUT	MIN_NEEDED_FROM
- #define MAX_NEEDED_OUTPUT	MAX_NEEDED_FROM
- #define LOOPFCT			TO_LOOP
--- 
-2.9.3
-