ports/core (2.7): [notify] glibc: update to 2.12.2
commit 53ce63301e8b0e06b757c66d34e9370cd9330a09 Author: Juergen Daubert <jue@jue.li> Date: Thu Dec 23 20:08:57 2010 +0100 [notify] glibc: update to 2.12.2 To avoid an unclean unmount of "/" on next shutdown, reload the init process after the glibc update. Either run the included post-install script or use the following command: /sbin/telinit U diff --git a/glibc/.footprint b/glibc/.footprint index 6ab7468..4023f06 100644 --- a/glibc/.footprint +++ b/glibc/.footprint @@ -9,49 +9,49 @@ lrwxrwxrwx root/root etc/localtime -> ../usr/share/zoneinfo/UTC -rw-r--r-- root/root etc/resolv.conf -rw-r--r-- root/root etc/rpc drwxr-xr-x root/root lib/ --rwxr-xr-x root/root lib/ld-2.12.1.so -lrwxrwxrwx root/root lib/ld-linux.so.2 -> ld-2.12.1.so --rwxr-xr-x root/root lib/libBrokenLocale-2.12.1.so -lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.12.1.so +-rwxr-xr-x root/root lib/ld-2.12.2.so +lrwxrwxrwx root/root lib/ld-linux.so.2 -> ld-2.12.2.so +-rwxr-xr-x root/root lib/libBrokenLocale-2.12.2.so +lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.12.2.so -rwxr-xr-x root/root lib/libSegFault.so --rwxr-xr-x root/root lib/libanl-2.12.1.so -lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.12.1.so --rwxr-xr-x root/root lib/libc-2.12.1.so -lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.12.1.so --rwxr-xr-x root/root lib/libcidn-2.12.1.so -lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.12.1.so --rwxr-xr-x root/root lib/libcrypt-2.12.1.so -lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.12.1.so --rwxr-xr-x root/root lib/libdl-2.12.1.so -lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.12.1.so --rwxr-xr-x root/root lib/libm-2.12.1.so -lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.12.1.so +-rwxr-xr-x root/root lib/libanl-2.12.2.so +lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.12.2.so +-rwxr-xr-x root/root lib/libc-2.12.2.so +lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.12.2.so +-rwxr-xr-x root/root lib/libcidn-2.12.2.so +lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.12.2.so +-rwxr-xr-x root/root lib/libcrypt-2.12.2.so +lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.12.2.so +-rwxr-xr-x root/root lib/libdl-2.12.2.so +lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.12.2.so +-rwxr-xr-x root/root lib/libm-2.12.2.so +lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.12.2.so -rwxr-xr-x root/root lib/libmemusage.so --rwxr-xr-x root/root lib/libnsl-2.12.1.so -lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.12.1.so --rwxr-xr-x root/root lib/libnss_compat-2.12.1.so -lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.12.1.so --rwxr-xr-x root/root lib/libnss_dns-2.12.1.so -lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.12.1.so --rwxr-xr-x root/root lib/libnss_files-2.12.1.so -lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.12.1.so --rwxr-xr-x root/root lib/libnss_hesiod-2.12.1.so -lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.12.1.so --rwxr-xr-x root/root lib/libnss_nis-2.12.1.so -lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.12.1.so --rwxr-xr-x root/root lib/libnss_nisplus-2.12.1.so -lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.12.1.so +-rwxr-xr-x root/root lib/libnsl-2.12.2.so +lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.12.2.so +-rwxr-xr-x root/root lib/libnss_compat-2.12.2.so +lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.12.2.so +-rwxr-xr-x root/root lib/libnss_dns-2.12.2.so +lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.12.2.so +-rwxr-xr-x root/root lib/libnss_files-2.12.2.so +lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.12.2.so +-rwxr-xr-x root/root lib/libnss_hesiod-2.12.2.so +lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.12.2.so +-rwxr-xr-x root/root lib/libnss_nis-2.12.2.so +lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.12.2.so +-rwxr-xr-x root/root lib/libnss_nisplus-2.12.2.so +lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.12.2.so -rwxr-xr-x root/root lib/libpcprofile.so --rwxr-xr-x root/root lib/libpthread-2.12.1.so -lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.12.1.so --rwxr-xr-x root/root lib/libresolv-2.12.1.so -lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.12.1.so --rwxr-xr-x root/root lib/librt-2.12.1.so -lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.12.1.so +-rwxr-xr-x root/root lib/libpthread-2.12.2.so +lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.12.2.so +-rwxr-xr-x root/root lib/libresolv-2.12.2.so +lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.12.2.so +-rwxr-xr-x root/root lib/librt-2.12.2.so +lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.12.2.so -rwxr-xr-x root/root lib/libthread_db-1.0.so lrwxrwxrwx root/root lib/libthread_db.so.1 -> libthread_db-1.0.so --rwxr-xr-x root/root lib/libutil-2.12.1.so -lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.12.1.so +-rwxr-xr-x root/root lib/libutil-2.12.2.so +lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.12.2.so drwxr-xr-x root/root sbin/ -rwxr-xr-x root/root sbin/ldconfig -rwxr-xr-x root/root sbin/sln diff --git a/glibc/.md5sum b/glibc/.md5sum index f2a761c..f729ce5 100644 --- a/glibc/.md5sum +++ b/glibc/.md5sum @@ -1,8 +1,7 @@ -733615b9c7f778639725ca40dbb781c6 CVE-2010-3847.patch -e64fc10ef089b48de254b5322b54cd42 CVE-2010-3856.patch 6c8b3f5c56d80eba760cc896e7462b0e Optimize-__getpagesize-a-bit.patch -4802b783766b5b487c601a19b5ce35f1 glibc-2.12.1.tar.xz +e0043f4f8e1aa61acc62fdf0f4d6133d glibc-2.12.2.tar.xz 6144e4b4074fc01deea1549de4920df1 glibc-fedora_i686.patch +e9da82fa084dff26de7c484ce0c89a9a glibc-ignore_origin.patch 96156bec8e05de67384dc93e72bdc313 host.conf fbbc215a9b15ba4846f326cc88108057 hosts 34fe6c5433cd6cda30123b7bb73ef378 kernel-headers-2.6.35.tar.xz diff --git a/glibc/CVE-2010-3847.patch b/glibc/CVE-2010-3847.patch deleted file mode 100644 index 3b2bd1c..0000000 --- a/glibc/CVE-2010-3847.patch +++ /dev/null @@ -1,98 +0,0 @@ -# http://seclists.org/fulldisclosure/2010/Oct/257 -# http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html - -Path elements containing $ORIGIN should always be ignored in privileged -programs. - -Andreas. - -2010-10-18 Andreas Schwab <schwab@redhat.com> - - * elf/dl-load.c (is_dst): Remove last parameter. - (_dl_dst_count): Ignore $ORIGIN in privileged programs. - (_dl_dst_substitute): Likewise. ---- - elf/dl-load.c | 30 +++++++++++++----------------- - 1 files changed, 13 insertions(+), 17 deletions(-) - -diff --git a/elf/dl-load.c b/elf/dl-load.c -index a7162eb..776f7e4 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -169,8 +169,7 @@ local_strdup (const char *s) - - - static size_t --is_dst (const char *start, const char *name, const char *str, -- int is_path, int secure) -+is_dst (const char *start, const char *name, const char *str, int is_path) - { - size_t len; - bool is_curly = false; -@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str, - && (!is_path || name[len] != ':')) - return 0; - -- if (__builtin_expect (secure, 0) -- && ((name[len] != '\0' && (!is_path || name[len] != ':')) -- || (name != start + 1 && (!is_path || name[-2] != ':')))) -- return 0; -- - return len; - } - -@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path) - { - size_t len; - -- /* $ORIGIN is not expanded for SUID/GUID programs (except if it -- is $ORIGIN alone) and it must always appear first in path. */ -+ /* $ORIGIN is not expanded for SUID/GUID programs. */ - ++name; -- if ((len = is_dst (start, name, "ORIGIN", is_path, -- INTUSE(__libc_enable_secure))) != 0 -- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0 -- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0) -+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0 -+ && !INTUSE(__libc_enable_secure)) -+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0 -+ || (len = is_dst (start, name, "LIB", is_path)) != 0) - ++cnt; - - name = strchr (name + len, '$'); -@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, - size_t len; - - ++name; -- if ((len = is_dst (start, name, "ORIGIN", is_path, -- INTUSE(__libc_enable_secure))) != 0) -+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0) - { -+ /* Ignore this path element in SUID/SGID programs. */ -+ if (INTUSE(__libc_enable_secure)) -+ repl = (const char *) -1; -+ else - #ifndef SHARED - if (l == NULL) - repl = _dl_get_origin (); -@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result, - #endif - repl = l->l_origin; - } -- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) -+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0) - repl = GLRO(dl_platform); -- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0) -+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0) - repl = DL_DST_LIB; - - if (repl != NULL && repl != (const char *) -1) --- -1.7.2.3 - - --- -Andreas Schwab, schwab@redhat.com -GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E -"And now for something completely different." - diff --git a/glibc/CVE-2010-3856.patch b/glibc/CVE-2010-3856.patch deleted file mode 100644 index 0a621c9..0000000 --- a/glibc/CVE-2010-3856.patch +++ /dev/null @@ -1,227 +0,0 @@ -# http://seclists.org/fulldisclosure/2010/Oct/344 -# http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html - -2010-10-22 Andreas Schwab <schwab@redhat.com> - - * include/dlfcn.h (__RTLD_SECURE): Define. - * elf/dl-load.c (_dl_map_object): Remove preloaded parameter. Use - mode & __RTLD_SECURE instead. - (open_path): Rename preloaded parameter to secure. - * sysdeps/generic/ldsodefs.h (_dl_map_object): Adjust declaration. - * elf/dl-open.c (dl_open_worker): Adjust call to _dl_map_object. - * elf/dl-deps.c (openaux): Likewise. - * elf/rtld.c (struct map_args): Remove is_preloaded. - (map_doit): Don't use it. - (dl_main): Likewise. - (do_preload): Use __RTLD_SECURE instead of is_preloaded. - (dlmopen_doit): Add __RTLD_SECURE to mode bits. ---- - elf/dl-deps.c | 2 +- - elf/dl-load.c | 20 +++++++++++--------- - elf/dl-open.c | 2 +- - elf/rtld.c | 16 +++++++--------- - include/dlfcn.h | 1 + - sysdeps/generic/ldsodefs.h | 6 ++---- - 6 files changed, 23 insertions(+), 24 deletions(-) - -diff --git a/elf/dl-deps.c b/elf/dl-deps.c -index e5b9cdf..1cab2d1 100644 ---- a/elf/dl-deps.c -+++ b/elf/dl-deps.c -@@ -62,7 +62,7 @@ openaux (void *a) - { - struct openaux_args *args = (struct openaux_args *) a; - -- args->aux = _dl_map_object (args->map, args->name, 0, -+ args->aux = _dl_map_object (args->map, args->name, - (args->map->l_type == lt_executable - ? lt_library : args->map->l_type), - args->trace_mode, args->open_mode, -diff --git a/elf/dl-load.c b/elf/dl-load.c -index 776f7e4..9ab3520 100644 ---- a/elf/dl-load.c -+++ b/elf/dl-load.c -@@ -1808,7 +1808,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader, - if MAY_FREE_DIRS is true. */ - - static int --open_path (const char *name, size_t namelen, int preloaded, -+open_path (const char *name, size_t namelen, int secure, - struct r_search_path_struct *sps, char **realname, - struct filebuf *fbp, struct link_map *loader, int whatcode, - bool *found_other_class) -@@ -1890,7 +1890,7 @@ open_path (const char *name, size_t namelen, int preloaded, - /* Remember whether we found any existing directory. */ - here_any |= this_dir->status[cnt] != nonexisting; - -- if (fd != -1 && __builtin_expect (preloaded, 0) -+ if (fd != -1 && __builtin_expect (secure, 0) - && INTUSE(__libc_enable_secure)) - { - /* This is an extra security effort to make sure nobody can -@@ -1959,7 +1959,7 @@ open_path (const char *name, size_t namelen, int preloaded, - - struct link_map * - internal_function --_dl_map_object (struct link_map *loader, const char *name, int preloaded, -+_dl_map_object (struct link_map *loader, const char *name, - int type, int trace_mode, int mode, Lmid_t nsid) - { - int fd; -@@ -2063,7 +2063,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - for (l = loader; l; l = l->l_loader) - if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH")) - { -- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, -+ &l->l_rpath_dirs, - &realname, &fb, loader, LA_SER_RUNPATH, - &found_other_class); - if (fd != -1) -@@ -2078,14 +2079,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - && main_map != NULL && main_map->l_type != lt_loaded - && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH, - "RPATH")) -- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, -+ &main_map->l_rpath_dirs, - &realname, &fb, loader ?: main_map, LA_SER_RUNPATH, - &found_other_class); - } - - /* Try the LD_LIBRARY_PATH environment variable. */ - if (fd == -1 && env_path_list.dirs != (void *) -1) -- fd = open_path (name, namelen, preloaded, &env_path_list, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list, - &realname, &fb, - loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, - LA_SER_LIBPATH, &found_other_class); -@@ -2094,12 +2096,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - if (fd == -1 && loader != NULL - && cache_rpath (loader, &loader->l_runpath_dirs, - DT_RUNPATH, "RUNPATH")) -- fd = open_path (name, namelen, preloaded, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, - &loader->l_runpath_dirs, &realname, &fb, loader, - LA_SER_RUNPATH, &found_other_class); - - if (fd == -1 -- && (__builtin_expect (! preloaded, 1) -+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1) - || ! INTUSE(__libc_enable_secure))) - { - /* Check the list of libraries in the file /etc/ld.so.cache, -@@ -2165,7 +2167,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded, - && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL - || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1)) - && rtld_search_dirs.dirs != (void *) -1) -- fd = open_path (name, namelen, preloaded, &rtld_search_dirs, -+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs, - &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); - - /* Add another newline when we are tracing the library loading. */ -diff --git a/elf/dl-open.c b/elf/dl-open.c -index c394b3f..cf8e8cc 100644 ---- a/elf/dl-open.c -+++ b/elf/dl-open.c -@@ -223,7 +223,7 @@ dl_open_worker (void *a) - - /* Load the named object. */ - struct link_map *new; -- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0, -+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0, - mode | __RTLD_CALLMAP, args->nsid); - - /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is -diff --git a/elf/rtld.c b/elf/rtld.c -index 201c9cf..4a8cee8 100644 ---- a/elf/rtld.c -+++ b/elf/rtld.c -@@ -587,7 +587,6 @@ struct map_args - /* Argument to map_doit. */ - char *str; - struct link_map *loader; -- int is_preloaded; - int mode; - /* Return value of map_doit. */ - struct link_map *map; -@@ -625,16 +624,17 @@ static void - map_doit (void *a) - { - struct map_args *args = (struct map_args *) a; -- args->map = _dl_map_object (args->loader, args->str, -- args->is_preloaded, lt_library, 0, args->mode, -- LM_ID_BASE); -+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0, -+ args->mode, LM_ID_BASE); - } - - static void - dlmopen_doit (void *a) - { - struct dlmopen_args *args = (struct dlmopen_args *) a; -- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT, -+ args->map = _dl_open (args->fname, -+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT -+ | __RTLD_SECURE), - dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv), - __environ); - } -@@ -804,8 +804,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where) - - args.str = fname; - args.loader = main_map; -- args.is_preloaded = 1; -- args.mode = 0; -+ args.mode = __RTLD_SECURE; - - unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded; - -@@ -1050,7 +1049,6 @@ of this helper program; chances are you did not intend to run this program.\n\ - - args.str = rtld_progname; - args.loader = NULL; -- args.is_preloaded = 0; - args.mode = __RTLD_OPENEXEC; - (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit, - &args); -@@ -1062,7 +1060,7 @@ of this helper program; chances are you did not intend to run this program.\n\ - else - { - HP_TIMING_NOW (start); -- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0, -+ _dl_map_object (NULL, rtld_progname, lt_library, 0, - __RTLD_OPENEXEC, LM_ID_BASE); - HP_TIMING_NOW (stop); - -diff --git a/include/dlfcn.h b/include/dlfcn.h -index a67426d..af92483 100644 ---- a/include/dlfcn.h -+++ b/include/dlfcn.h -@@ -9,6 +9,7 @@ - #define __RTLD_OPENEXEC 0x20000000 - #define __RTLD_CALLMAP 0x10000000 - #define __RTLD_AUDIT 0x08000000 -+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */ - - #define __LM_ID_CALLER -2 - -diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h -index fcc943b..fa4b6b2 100644 ---- a/sysdeps/generic/ldsodefs.h -+++ b/sysdeps/generic/ldsodefs.h -@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *), - - /* Open the shared object NAME and map in its segments. - LOADER's DT_RPATH is used in searching for NAME. -- If the object is already opened, returns its existing map. -- For preloaded shared objects PRELOADED is set to a non-zero -- value to allow additional security checks. */ -+ If the object is already opened, returns its existing map. */ - extern struct link_map *_dl_map_object (struct link_map *loader, -- const char *name, int preloaded, -+ const char *name, - int type, int trace_mode, int mode, - Lmid_t nsid) - internal_function attribute_hidden; - diff --git a/glibc/Pkgfile b/glibc/Pkgfile index e0931c3..7d1e1ab 100644 --- a/glibc/Pkgfile +++ b/glibc/Pkgfile @@ -3,13 +3,13 @@ # Maintainer: CRUX System Team, core-ports at crux dot nu name=glibc -version=2.12.1 +version=2.12.2 release=2 source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz http://crux.nu/files/distfiles/kernel-headers-2.6.35.tar.xz glibc-fedora_i686.patch + glibc-ignore_origin.patch Optimize-__getpagesize-a-bit.patch - CVE-2010-3847.patch CVE-2010-3856.patch hosts resolv.conf nsswitch.conf host.conf ld.so.conf) build() { @@ -20,10 +20,7 @@ build() { patch -p1 -d $name-$version -i $SRC/$name-fedora_i686.patch patch -R -p1 -d $name-$version -i $SRC/Optimize-__getpagesize-a-bit.patch - patch -p1 -d $name-$version -i $SRC/CVE-2010-3847.patch - patch -p1 -d $name-$version -i $SRC/CVE-2010-3856.patch - - sed -i '/^all-subdirs/,+6s/manual//' $name-$version/Makeconfig + patch -p1 -d $name-$version -i $SRC/$name-ignore_origin.patch mkdir build cd build diff --git a/glibc/glibc-ignore_origin.patch b/glibc/glibc-ignore_origin.patch new file mode 100644 index 0000000..cbf6756 --- /dev/null +++ b/glibc/glibc-ignore_origin.patch @@ -0,0 +1,26 @@ +# http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html +# new fix for http://seclists.org/fulldisclosure/2010/Oct/257 + +2010-12-09 Andreas Schwab <schwab@redhat.com> + + * elf/dl-object.c (_dl_new_object): Ignore origin of privileged + program. +--- + elf/dl-object.c | 3 +++ + 1 files changed, 3 insertions(+), 0 deletions(-) + +diff --git a/elf/dl-object.c b/elf/dl-object.c +index 5d15ce1..a34e902 100644 +--- a/elf/dl-object.c ++++ b/elf/dl-object.c +@@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type, + out: + new->l_origin = origin; + } ++ else if (INTUSE(__libc_enable_secure) && type == lt_executable) ++ /* The origin of a privileged program cannot be trusted. */ ++ new->l_origin = (char *) -1; + + return new; + } + diff --git a/glibc/post-install b/glibc/post-install new file mode 100644 index 0000000..fae8589 --- /dev/null +++ b/glibc/post-install @@ -0,0 +1,4 @@ +#!/bin/sh + +/sbin/telinit U +
participants (1)
-
crux@crux.nu