diff options
| -rw-r--r-- | REUSE.toml | 31 | ||||
| -rw-r--r-- | bugs/README.md | 68 | ||||
| -rw-r--r-- | bugs/cve/2014/8128/03_thumbnail.tiff | bin | 0 -> 243 bytes | |||
| -rw-r--r-- | bugs/gnu/19784/limit | 1 | ||||
| -rw-r--r-- | bugs/gnu/25023/separator | 1 | ||||
| -rw-r--r-- | bugs/gnu/26545/size | 1 | ||||
| -rw-r--r-- | bugs/maptools/2633/heapoverflow.tiff | bin | 0 -> 284 bytes | |||
| -rw-r--r-- | loftix/bugs.scm | 78 | ||||
| -rw-r--r-- | patches/coreutils-gnulib-glibc-2.25.patch | 65 | ||||
| -rw-r--r-- | patches/coreutils-gnulib-glibc-2.28.patch | 169 |
10 files changed, 393 insertions, 21 deletions
diff --git a/REUSE.toml b/REUSE.toml index 5c6d23c..413ff62 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -22,6 +22,11 @@ path = 'bugs/cve/2013/7437/2.bmp' SPDX-FileCopyrightText = 'Stefan Cornelius' [[annotations]] +path = 'bugs/cve/2014/8128/03_thumbnail.tiff' +SPDX-FileCopyrightText = 'William Robinet' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = [ 'bugs/cve/2016/1838/attachment_316158', 'bugs/cve/2016/1839/asan_heap-oob' ] SPDX-FileCopyrightText = 'Mateusz Jurczyk' @@ -55,7 +60,8 @@ path = [ 'bugs/cve/2016/8691/11.crash', 'bugs/cve/2017/7600/outside-unsigned-char.tiff', 'bugs/cve/2017/7601/shift-long.tiff', 'bugs/cve/2017/15020/reproducer', - 'bugs/cve/2017/15025/3899.crashes.bin' ] + 'bugs/cve/2017/15025/3899.crashes.bin', + 'bugs/maptools/2633/heapoverflow.tiff' ] SPDX-FileCopyrightText = 'Agostino Sarubbo' SPDX-License-Identifier = 'CC0-1.0' @@ -87,7 +93,8 @@ SPDX-License-Identifier = 'CC0-1.0' [[annotations]] path = [ 'bugs/cve/2017/6965/bug_3', - 'bugs/cve/2018/10372/bug3' ] + 'bugs/cve/2018/10372/bug3', + 'bugs/gnu/25023/separator', ] SPDX-FileCopyrightText = 'Phạm Văn Thuận' SPDX-License-Identifier = 'CC0-1.0' @@ -125,12 +132,32 @@ SPDX-FileCopyrightText = '陈鹏' SPDX-License-Identifier = 'CC0-1.0' [[annotations]] +path = 'bugs/gnu/19784/limit' +SPDX-FileCopyrightText = 'Yury Usishchev' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] +path = 'bugs/gnu/26545/size' +SPDX-FileCopyrightText = 'Pádraig Brady' +SPDX-License-Identifier = 'CC0-1.0' + +[[annotations]] path = [ 'patches/afl++-*.patch', 'patches/e9patch-*.patch' ] SPDX-FileCopyrightText = 'Nguyễn Gia Phong' SPDX-License-Identifier = 'GPL-3.0-or-later' [[annotations]] +path = 'patches/coreutils-gnulib-glibc-2.25.patch' +SPDX-FileCopyrightText = 'Eric Blake' +SPDX-License-Identifier = 'GPL-3.0-or-later' + +[[annotations]] +path = 'patches/coreutils-gnulib-glibc-2.28.patch' +SPDX-FileCopyrightText = 'Paul Eggert' +SPDX-License-Identifier = 'GPL-3.0-or-later' + +[[annotations]] # https://src.fedoraproject.org/rpms/ming/c/c6f24aedb4f66c5b3167b75bebc55b14fd6b5248 path = 'patches/libming-parallel-make.patch' SPDX-FileCopyrightText = 'Dominik Mierzejewski' diff --git a/bugs/README.md b/bugs/README.md index 97943fc..503f433 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -1,6 +1,6 @@ # Bug reproducers -## binutils +## GNU Binary Utilities - CVE-2017-6965: [heap buffer overflow][sourceware-21137] @@ -34,6 +34,23 @@ guix shell -e '(@@ (loftix bugs) binutils-2.32-asan)' readelf -a cve/2019/9077/hbo2 +## GNU Core Utilities + +- #19784: [heap buffer overflow](gnu-19784) + + guix shell -e '(@@ (loftix bugs) coreutils-8.23-asan)' + make-prime-list "$(cat gnu/19784/limit)" + +- #25023: [global buffer overflow](gnu-25023) + + guix shell -e '(@@ (loftix bugs) coreutils-8.25-asan)' + echo | pr -m -S"$(cat gnu/25023/separator)" -t /dev/fd/0 /dev/null + +- #26545: [memcpy param overlap](gnu-26545) + + guix shell -e '(@@ (loftix bugs) coreutils-8.27-asan)' + shred -n4 -s"$(cat gnu/26545/size)" /dev/null + ## JasPer - CVE-2016-8691: [divide-by-zero][jasper-22] @@ -106,6 +123,16 @@ ## libtiff +- BZ#2633: [heap buffer overflow][maptools-2633]: + + guix shell -e '(@@ (loftix bugs) libtiff-4.0.7-asan)' + tiff2ps maptools/2633/heapoverflow.tiff + +- CVE-2014-8128: [buffer overflow][maptools-2489] + + guix shell -e '(@@ (loftix bugs) libtiff-4.0.3)' + thumbnail cve/2014/8128/03_thumbnail.tiff /dev/null + - CVE-2016-3186: [buffer overflow][redhat-1319503] guix shell -e '(@@ (loftix bugs) libtiff-4.0.6)' @@ -231,6 +258,9 @@ [chromium-40076524]: https://issues.chromium.org/issues/40076524 [chromium-42452152]: https://project-zero.issues.chromium.org/issues/42452152 [chromium-42452154]: https://project-zero.issues.chromium.org/issues/42452154 +[gnu-19784]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=19784 +[gnu-25023]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=25023 +[gnu-26545]: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=26545 [jasper-22]: https://github.com/jasper-software/jasper/issues/22 [jasper-49]: https://github.com/jasper-software/jasper/issues/49 [jasper-67]: https://github.com/jasper-software/jasper/issues/67 @@ -239,23 +269,25 @@ [libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 [libming-128]: https://github.com/libming/libming/issues/128 [libming-130]: https://github.com/libming/libming/issues/130 -[maptools-2554]: https://bugzilla.maptools.org/show_bug.cgi?id=2554 -[maptools-2558]: https://bugzilla.maptools.org/show_bug.cgi?id=2558 -[maptools-2587]: https://bugzilla.maptools.org/show_bug.cgi?id=2587 -[maptools-2592]: https://bugzilla.maptools.org/show_bug.cgi?id=2592 -[maptools-2596]: https://bugzilla.maptools.org/show_bug.cgi?id=2596 -[maptools-2598]: https://bugzilla.maptools.org/show_bug.cgi?id=2598 -[maptools-2610]: https://bugzilla.maptools.org/show_bug.cgi?id=2610 -[maptools-2611]: https://bugzilla.maptools.org/show_bug.cgi?id=2611 -[maptools-2620]: https://bugzilla.maptools.org/show_bug.cgi?id=2620 -[maptools-2622]: https://bugzilla.maptools.org/show_bug.cgi?id=2622 -[maptools-2624]: https://bugzilla.maptools.org/show_bug.cgi?id=2624 -[maptools-2640]: https://bugzilla.maptools.org/show_bug.cgi?id=2640 -[maptools-2646]: https://bugzilla.maptools.org/show_bug.cgi?id=2646 -[maptools-2647]: https://bugzilla.maptools.org/show_bug.cgi?id=2647 -[maptools-2648]: https://bugzilla.maptools.org/show_bug.cgi?id=2648 -[maptools-2653]: https://bugzilla.maptools.org/show_bug.cgi?id=2653 -[maptools-2656]: https://bugzilla.maptools.org/show_bug.cgi?id=2656 +[maptools-2489]: http://bugzilla.maptools.org/show_bug.cgi?id=2489 +[maptools-2554]: http://bugzilla.maptools.org/show_bug.cgi?id=2554 +[maptools-2558]: http://bugzilla.maptools.org/show_bug.cgi?id=2558 +[maptools-2587]: http://bugzilla.maptools.org/show_bug.cgi?id=2587 +[maptools-2592]: http://bugzilla.maptools.org/show_bug.cgi?id=2592 +[maptools-2596]: http://bugzilla.maptools.org/show_bug.cgi?id=2596 +[maptools-2598]: http://bugzilla.maptools.org/show_bug.cgi?id=2598 +[maptools-2610]: http://bugzilla.maptools.org/show_bug.cgi?id=2610 +[maptools-2611]: http://bugzilla.maptools.org/show_bug.cgi?id=2611 +[maptools-2620]: http://bugzilla.maptools.org/show_bug.cgi?id=2620 +[maptools-2622]: http://bugzilla.maptools.org/show_bug.cgi?id=2622 +[maptools-2624]: http://bugzilla.maptools.org/show_bug.cgi?id=2624 +[maptools-2633]: http://bugzilla.maptools.org/show_bug.cgi?id=2633 +[maptools-2640]: http://bugzilla.maptools.org/show_bug.cgi?id=2640 +[maptools-2646]: http://bugzilla.maptools.org/show_bug.cgi?id=2646 +[maptools-2647]: http://bugzilla.maptools.org/show_bug.cgi?id=2647 +[maptools-2648]: http://bugzilla.maptools.org/show_bug.cgi?id=2648 +[maptools-2653]: http://bugzilla.maptools.org/show_bug.cgi?id=2653 +[maptools-2656]: http://bugzilla.maptools.org/show_bug.cgi?id=2656 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 [oss-sec-20161110-9]: https://www.openwall.com/lists/oss-security/2016/11/10/9 diff --git a/bugs/cve/2014/8128/03_thumbnail.tiff b/bugs/cve/2014/8128/03_thumbnail.tiff new file mode 100644 index 0000000..368733b --- /dev/null +++ b/bugs/cve/2014/8128/03_thumbnail.tiff Binary files differdiff --git a/bugs/gnu/19784/limit b/bugs/gnu/19784/limit new file mode 100644 index 0000000..e440e5c --- /dev/null +++ b/bugs/gnu/19784/limit @@ -0,0 +1 @@ +3 \ No newline at end of file diff --git a/bugs/gnu/25023/separator b/bugs/gnu/25023/separator new file mode 100644 index 0000000..bbeba64 --- /dev/null +++ b/bugs/gnu/25023/separator @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/bugs/gnu/26545/size b/bugs/gnu/26545/size new file mode 100644 index 0000000..c793025 --- /dev/null +++ b/bugs/gnu/26545/size @@ -0,0 +1 @@ +7 \ No newline at end of file diff --git a/bugs/maptools/2633/heapoverflow.tiff b/bugs/maptools/2633/heapoverflow.tiff new file mode 100644 index 0000000..04af49a --- /dev/null +++ b/bugs/maptools/2633/heapoverflow.tiff Binary files differdiff --git a/loftix/bugs.scm b/loftix/bugs.scm index 12239e2..0b6b306 100644 --- a/loftix/bugs.scm +++ b/loftix/bugs.scm @@ -24,9 +24,11 @@ #:use-module (gnu packages xml) #:use-module (guix build-system gnu) #:use-module (guix download) + #:use-module (guix gexp) #:use-module (guix git-download) #:use-module ((guix licenses) #:prefix license:) - #:use-module (guix packages)) + #:use-module (guix packages) + #:use-module (guix utils)) (define-public binutils-2.32-asan (package @@ -94,6 +96,68 @@ (base32 "125clslv17xh1sab74343fg6v31msavpmaa1c1394zsqa773g5rn")) (patches '()))))) +(define-public coreutils-8.27-asan + (package + (inherit coreutils) + (version "8.27") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "0sv547572iq8ayy8klir4hnngnx92a9nsazmf1wgzfc7xr4x74c8")) + (patches + (search-patches "patches/coreutils-gnulib-glibc-2.28.patch")))) + (arguments + (substitute-keyword-arguments (package-arguments coreutils) + ((#:make-flags flags #~'()) + #~(cons* "CFLAGS=-O2 -g -fsanitize=address" + "LDFLAGS=-fsanitize=address" + #$flags)) + ((#:phases phases #~%standard-phases) + #~(modify-phases #$phases + (add-before 'build 'set-env + (lambda _ (setenv "ASAN_OPTIONS" "detect_leaks=0"))))) + ((#:tests? _ #f) + #f))))) + +(define-public coreutils-8.25-asan + (package + (inherit coreutils-8.27-asan) + (version "8.25") + (source (origin + (method url-fetch) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "11yfrnb94xzmvi4lhclkcmkqsbhww64wf234ya1aacjvg82prrii")) + (patches (search-patches + "patches/coreutils-gnulib-glibc-2.25.patch" + "patches/coreutils-gnulib-glibc-2.28.patch")))))) + +(define-public coreutils-8.23-asan + (package + (inherit coreutils-8.25-asan) + (version "8.23") + (source (origin + (inherit (package-source coreutils-8.25-asan)) + (uri (string-append "mirror://gnu/coreutils/coreutils-" + version ".tar.xz")) + (sha256 + (base32 + "0bdq6yggyl7nkc2pbl6pxhhyx15nyqhz3ds6rfn448n6rxdwlhzc")))) + (arguments + (substitute-keyword-arguments (package-arguments coreutils-8.25-asan) + ((#:phases phases #~%standard-phases) + #~(modify-phases #$phases + (add-after 'install 'install-make-prime-list + (lambda* (#:key outputs #:allow-other-keys) + (install-file + "src/make-prime-list" + (string-append (assoc-ref outputs "out") "/bin")))))))))) + (define-public jasper-1.900.19 ;; FIXME: UBSan somehow breaks build phase. (package @@ -262,6 +326,18 @@ It can be used from PHP, Perl, Ruby, Python, C, C++ and Java.") (patches (search-patches "patches/libming-parallel-make.patch")))))) +(define-public libtiff-4.0.3 + (package + (inherit libtiff) + (version "4.0.3") + (source (origin + (method url-fetch) + (uri (string-append "ftp://ftp.remotesensing.org/pub/libtiff/tiff-" + version ".tar.gz")) + (sha256 + (base32 "0wj8d1iwk9vnpax2h29xqc2hwknxg3s0ay2d5pxkg59ihbifn6pa")))) + (outputs '("out")))) + (define-public libtiff-4.0.6 (package (inherit libtiff) diff --git a/patches/coreutils-gnulib-glibc-2.25.patch b/patches/coreutils-gnulib-glibc-2.25.patch new file mode 100644 index 0000000..4a9d83d --- /dev/null +++ b/patches/coreutils-gnulib-glibc-2.25.patch @@ -0,0 +1,65 @@ +commit 4da63c5881f60f71999a943612da9112232b9161 +Author: Eric Blake <eblake@redhat.com> +Date: 2016-09-14 19:21:42 -0500 + + mountlist: include sysmacros.h for glibc + + On Fedora rawhide (glibc 2.25), './gnulib-tool --test mountlist' + reports: + ../../gllib/mountlist.c: In function 'read_file_system_list': + ../../gllib/mountlist.c:534:13: warning: '__makedev_from_sys_types' is deprecated: + In the GNU C Library, `makedev' is defined by <sys/sysmacros.h>. + For historical compatibility, it is currently defined by + <sys/types.h> as well, but we plan to remove this soon. + To use `makedev', include <sys/sysmacros.h> directly. + If you did not intend to use a system-defined macro `makedev', + you should #undef it after including <sys/types.h>. + [-Wdeprecated-declarations] + me->me_dev = makedev (devmaj, devmin); + ^~ + In file included from /usr/include/features.h:397:0, + from /usr/include/sys/types.h:25, + from ./sys/types.h:28, + from ../../gllib/mountlist.h:23, + from ../../gllib/mountlist.c:20: + /usr/include/sys/sysmacros.h:89:1: note: declared here + __SYSMACROS_DEFINE_MAKEDEV (__SYSMACROS_FST_IMPL_TEMPL) + ^ + + Fix it by including the right headers. We also need a fix to + autoconf's AC_HEADER_MAJOR, but that's a separate patch. + + * m4/mountlist.m4 (gl_PREREQ_MOUTLIST_EXTRA): Include + AC_HEADER_MAJOR. + * lib/mountlist.c (includes): Use correct headers. + + Signed-off-by: Eric Blake <eblake@redhat.com> + +diff --git a/lib/mountlist.c b/lib/mountlist.c +index bb4e4ee21097..cf4020e2ab75 100644 +--- a/lib/mountlist.c ++++ b/lib/mountlist.c +@@ -37,6 +37,12 @@ + # include <sys/param.h> + #endif + ++#if MAJOR_IN_MKDEV ++# include <sys/mkdev.h> ++#elif MAJOR_IN_SYSMACROS ++# include <sys/sysmacros.h> ++#endif ++ + #if defined MOUNTED_GETFSSTAT /* OSF_1 and Darwin1.3.x */ + # if HAVE_SYS_UCRED_H + # include <grp.h> /* needed on OSF V4.0 for definition of NGROUPS, +diff --git a/m4/mountlist.m4 b/m4/mountlist.m4 +index 2e2ca37fbf0c..b6724fa33b87 100644 +--- a/m4/mountlist.m4 ++++ b/m4/mountlist.m4 +@@ -15,5 +15,6 @@ AC_DEFUN([gl_PREREQ_MOUNTLIST_EXTRA], + [ + dnl Note gl_LIST_MOUNTED_FILE_SYSTEMS checks for mntent.h, not sys/mntent.h. + AC_CHECK_HEADERS([sys/mntent.h]) ++ AC_HEADER_MAJOR()dnl for use of makedev () + gl_FSTYPENAME + ]) diff --git a/patches/coreutils-gnulib-glibc-2.28.patch b/patches/coreutils-gnulib-glibc-2.28.patch new file mode 100644 index 0000000..6281c0d --- /dev/null +++ b/patches/coreutils-gnulib-glibc-2.28.patch @@ -0,0 +1,169 @@ +commit 4af4a4a71827c0bc5e0ec67af23edef4f15cee8e +Author: Paul Eggert <eggert@cs.ucla.edu> +Date: 2018-03-05 10:56:29 -0800 + + fflush: adjust to glibc 2.28 libio.h removal + + Problem reported by Daniel P. Berrangé in: + https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html + * lib/fflush.c (clear_ungetc_buffer_preserving_position) + (disable_seek_optimization, rpl_fflush): + * lib/fpurge.c (fpurge): + * lib/freadahead.c (freadahead): + * lib/freading.c (freading): + * lib/freadptr.c (freadptr): + * lib/freadseek.c (freadptrinc): + * lib/fseeko.c (fseeko): + * lib/fseterr.c (fseterr): + Check _IO_EOF_SEEN instead of _IO_ftrylockfile. + * lib/stdio-impl.h (_IO_IN_BACKUP) [_IO_EOF_SEEN]: + Define if not already defined. + +diff --git a/lib/fflush.c b/lib/fflush.c +index 983ade0ffbd9..a6edfa105b01 100644 +--- a/lib/fflush.c ++++ b/lib/fflush.c +@@ -33,7 +33,7 @@ + #undef fflush + + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + + /* Clear the stream's ungetc buffer, preserving the value of ftello (fp). */ + static void +@@ -72,7 +72,7 @@ clear_ungetc_buffer (FILE *fp) + + #endif + +-#if ! (defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) ++#if ! (defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */) + + # if (defined __sferror || defined __DragonFly__ || defined __ANDROID__) && defined __SNPT + /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ +@@ -148,7 +148,7 @@ rpl_fflush (FILE *stream) + if (stream == NULL || ! freading (stream)) + return fflush (stream); + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + + clear_ungetc_buffer_preserving_position (stream); + +diff --git a/lib/fpurge.c b/lib/fpurge.c +index b1d417c7a2b0..3aedcc373468 100644 +--- a/lib/fpurge.c ++++ b/lib/fpurge.c +@@ -62,7 +62,7 @@ fpurge (FILE *fp) + /* Most systems provide FILE as a struct and the necessary bitmask in + <stdio.h>, because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_IO_read_end = fp->_IO_read_ptr; + fp->_IO_write_ptr = fp->_IO_write_base; + /* Avoid memory leak when there is an active ungetc buffer. */ +diff --git a/lib/freadahead.c b/lib/freadahead.c +index c2ecb5b28a81..23ec76ee5391 100644 +--- a/lib/freadahead.c ++++ b/lib/freadahead.c +@@ -30,7 +30,7 @@ extern size_t __sreadahead (FILE *); + size_t + freadahead (FILE *fp) + { +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_write_ptr > fp->_IO_write_base) + return 0; + return (fp->_IO_read_end - fp->_IO_read_ptr) +diff --git a/lib/freading.c b/lib/freading.c +index 73c28acddfdc..c24d0c88abf6 100644 +--- a/lib/freading.c ++++ b/lib/freading.c +@@ -31,7 +31,7 @@ freading (FILE *fp) + /* Most systems provide FILE as a struct and the necessary bitmask in + <stdio.h>, because they need it for implementing getc() and putc() as + fast macros. */ +-# if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++# if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + return ((fp->_flags & _IO_NO_WRITES) != 0 + || ((fp->_flags & (_IO_NO_READS | _IO_CURRENTLY_PUTTING)) == 0 + && fp->_IO_read_base != NULL)); +diff --git a/lib/freadptr.c b/lib/freadptr.c +index 5aeadf3da1e5..ffb8010392e2 100644 +--- a/lib/freadptr.c ++++ b/lib/freadptr.c +@@ -29,7 +29,7 @@ freadptr (FILE *fp, size_t *sizep) + size_t size; + + /* Keep this code in sync with freadahead! */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_write_ptr > fp->_IO_write_base) + return NULL; + size = fp->_IO_read_end - fp->_IO_read_ptr; +diff --git a/lib/freadseek.c b/lib/freadseek.c +index e7b0c7bdb32b..5fd2dd7cac23 100644 +--- a/lib/freadseek.c ++++ b/lib/freadseek.c +@@ -36,7 +36,7 @@ freadptrinc (FILE *fp, size_t increment) + /* Keep this code in sync with freadptr! */ + #if HAVE___FREADPTRINC /* musl libc */ + __freadptrinc (fp, increment); +-#elif defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#elif defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_IO_read_ptr += increment; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ + /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ +diff --git a/lib/fseeko.c b/lib/fseeko.c +index 0101ab55f703..193f4e8ce515 100644 +--- a/lib/fseeko.c ++++ b/lib/fseeko.c +@@ -47,7 +47,7 @@ fseeko (FILE *fp, off_t offset, int whence) + #endif + + /* These tests are based on fpurge.c. */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + if (fp->_IO_read_end == fp->_IO_read_ptr + && fp->_IO_write_ptr == fp->_IO_write_base + && fp->_IO_save_base == NULL) +@@ -123,7 +123,7 @@ fseeko (FILE *fp, off_t offset, int whence) + return -1; + } + +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_flags &= ~_IO_EOF_SEEN; + fp->_offset = pos; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ +diff --git a/lib/fseterr.c b/lib/fseterr.c +index 82649c3ac1bf..adb637256dcf 100644 +--- a/lib/fseterr.c ++++ b/lib/fseterr.c +@@ -29,7 +29,7 @@ fseterr (FILE *fp) + /* Most systems provide FILE as a struct and the necessary bitmask in + <stdio.h>, because they need it for implementing getc() and putc() as + fast macros. */ +-#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ ++#if defined _IO_EOF_SEEN || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */ + fp->_flags |= _IO_ERR_SEEN; + #elif defined __sferror || defined __DragonFly__ || defined __ANDROID__ + /* FreeBSD, NetBSD, OpenBSD, DragonFly, Mac OS X, Cygwin, Minix 3, Android */ +diff --git a/lib/stdio-impl.h b/lib/stdio-impl.h +index 78d896e9f552..05c5752a2436 100644 +--- a/lib/stdio-impl.h ++++ b/lib/stdio-impl.h +@@ -18,6 +18,12 @@ + the same implementation of stdio extension API, except that some fields + have different naming conventions, or their access requires some casts. */ + ++/* Glibc 2.28 made _IO_IN_BACKUP private. For now, work around this ++ problem by defining it ourselves. FIXME: Do not rely on glibc ++ internals. */ ++#if !defined _IO_IN_BACKUP && defined _IO_EOF_SEEN ++# define _IO_IN_BACKUP 0x100 ++#endif + + /* BSD stdio derived implementations. */ + |