Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix [BZ #20018] fw/bug20018-backport

This commit avoids adding the __inet_aton_exact@GLIBC_PRIVATE
symbol.  In master, the separately-compiled getaddrinfo
implementation in nscd needs it, however such an internal ABI change
is not desirable on a release branch if it can be avoided easily.

6 files changed, 39 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 8fb841c000..d07b83f13d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2019-02-04  Florian Weimer  <fweimer@redhat.com>
+
+	[BZ #20018]
+	Restore GLIBC_PRIVATE ABI after CVE-2016-10739 fix.
+	* include/arpa/inet.h (__inet_aton_exact): Declare as hidden.
+	* resolv/inet_addr.c (__inet_aton_exact): Remove libc_hidden_def.
+	* resolv/Versions (GLIBC_PRIVATE): Do not export
+	__inet_aton_exact.
+	* nscd/nscd-inet_addr.c: New file.  Build resolv/inet_addr.c for
+	nscd, without public symbols.
+	* nscd/Makefile (nscd-modules): Add it.
+
 2019-01-21  Florian Weimer  <fweimer@redhat.com>
 
 	[BZ #20018]
diff --git a/include/arpa/inet.h b/include/arpa/inet.h
index 19aec74275..dce60b4909 100644
--- a/include/arpa/inet.h
+++ b/include/arpa/inet.h
@@ -2,8 +2,8 @@
 
 #ifndef _ISOMAC
 /* Variant of inet_aton which rejects trailing garbage.  */
-extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp);
-libc_hidden_proto (__inet_aton_exact)
+extern int __inet_aton_exact (const char *__cp, struct in_addr *__inp)
+  attribute_hidden;
 
 libc_hidden_proto (inet_ntop)
 libc_hidden_proto (inet_pton)
diff --git a/nscd/Makefile b/nscd/Makefile
index b713a84c49..eb23c01a39 100644
--- a/nscd/Makefile
+++ b/nscd/Makefile
@@ -36,7 +36,7 @@ nscd-modules := nscd connections pwdcache getpwnam_r getpwuid_r grpcache \
 		getsrvbynm_r getsrvbypt_r servicescache \
 		dbg_log nscd_conf nscd_stat cache mem nscd_setup_thread \
 		xmalloc xstrdup aicache initgrcache gai res_hconf \
-		netgroupcache
+		netgroupcache nscd-inet_addr
 
 ifeq ($(build-nscd)$(have-thread-library),yesyes)
 
diff --git a/nscd/nscd-inet_addr.c b/nscd/nscd-inet_addr.c
new file mode 100644
index 0000000000..cfa4ac7462
--- /dev/null
+++ b/nscd/nscd-inet_addr.c
@@ -0,0 +1,24 @@
+/* Legacy IPv4 text-to-address functions.  Version for nscd.
+   Copyright (C) 2019 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <http://www.gnu.org/licenses/>.  */
+
+/* Do not provide definitions of the public symbols exported from
+   libc.  */
+#undef weak_alias
+#define weak_alias(from, to)
+
+#include <resolv/inet_addr.c>
diff --git a/resolv/Versions b/resolv/Versions
index 9a82704af7..b05778d965 100644
--- a/resolv/Versions
+++ b/resolv/Versions
@@ -27,7 +27,6 @@ libc {
     __h_errno; __resp;
 
     __res_iclose;
-    __inet_aton_exact;
     __inet_pton_length;
     __resolv_context_get;
     __resolv_context_get_preinit;
diff --git a/resolv/inet_addr.c b/resolv/inet_addr.c
index 41b6166a5b..1bc4a2c4d6 100644
--- a/resolv/inet_addr.c
+++ b/resolv/inet_addr.c
@@ -192,7 +192,6 @@ __inet_aton_exact (const char *cp, struct in_addr *addr)
   else
     return 0;
 }
-libc_hidden_def (__inet_aton_exact)
 
 /* inet_aton ignores trailing garbage.  */
 int