FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CRUX > CRUX

 
 
LinkBack Thread Tools
 
Old 12-23-2010, 06:45 PM
 
Default ports/core (2.7): glibc: update to 2.12.2

commit 53ce63301e8b0e06b757c66d34e9370cd9330a09
Author: Juergen Daubert <jue@jue.li>
Date: Thu Dec 23 20:08:57 2010 +0100

[notify] glibc: update to 2.12.2

To avoid an unclean unmount of "/" on next shutdown, reload
the init process after the glibc update. Either run the
included post-install script or use the following command:

/sbin/telinit U

diff --git a/glibc/.footprint b/glibc/.footprint
index 6ab7468..4023f06 100644
--- a/glibc/.footprint
+++ b/glibc/.footprint
@@ -9,49 +9,49 @@ lrwxrwxrwx root/root etc/localtime -> ../usr/share/zoneinfo/UTC
-rw-r--r-- root/root etc/resolv.conf
-rw-r--r-- root/root etc/rpc
drwxr-xr-x root/root lib/
--rwxr-xr-x root/root lib/ld-2.12.1.so
-lrwxrwxrwx root/root lib/ld-linux.so.2 -> ld-2.12.1.so
--rwxr-xr-x root/root lib/libBrokenLocale-2.12.1.so
-lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.12.1.so
+-rwxr-xr-x root/root lib/ld-2.12.2.so
+lrwxrwxrwx root/root lib/ld-linux.so.2 -> ld-2.12.2.so
+-rwxr-xr-x root/root lib/libBrokenLocale-2.12.2.so
+lrwxrwxrwx root/root lib/libBrokenLocale.so.1 -> libBrokenLocale-2.12.2.so
-rwxr-xr-x root/root lib/libSegFault.so
--rwxr-xr-x root/root lib/libanl-2.12.1.so
-lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.12.1.so
--rwxr-xr-x root/root lib/libc-2.12.1.so
-lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.12.1.so
--rwxr-xr-x root/root lib/libcidn-2.12.1.so
-lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.12.1.so
--rwxr-xr-x root/root lib/libcrypt-2.12.1.so
-lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.12.1.so
--rwxr-xr-x root/root lib/libdl-2.12.1.so
-lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.12.1.so
--rwxr-xr-x root/root lib/libm-2.12.1.so
-lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.12.1.so
+-rwxr-xr-x root/root lib/libanl-2.12.2.so
+lrwxrwxrwx root/root lib/libanl.so.1 -> libanl-2.12.2.so
+-rwxr-xr-x root/root lib/libc-2.12.2.so
+lrwxrwxrwx root/root lib/libc.so.6 -> libc-2.12.2.so
+-rwxr-xr-x root/root lib/libcidn-2.12.2.so
+lrwxrwxrwx root/root lib/libcidn.so.1 -> libcidn-2.12.2.so
+-rwxr-xr-x root/root lib/libcrypt-2.12.2.so
+lrwxrwxrwx root/root lib/libcrypt.so.1 -> libcrypt-2.12.2.so
+-rwxr-xr-x root/root lib/libdl-2.12.2.so
+lrwxrwxrwx root/root lib/libdl.so.2 -> libdl-2.12.2.so
+-rwxr-xr-x root/root lib/libm-2.12.2.so
+lrwxrwxrwx root/root lib/libm.so.6 -> libm-2.12.2.so
-rwxr-xr-x root/root lib/libmemusage.so
--rwxr-xr-x root/root lib/libnsl-2.12.1.so
-lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.12.1.so
--rwxr-xr-x root/root lib/libnss_compat-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.12.1.so
--rwxr-xr-x root/root lib/libnss_dns-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.12.1.so
--rwxr-xr-x root/root lib/libnss_files-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.12.1.so
--rwxr-xr-x root/root lib/libnss_hesiod-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.12.1.so
--rwxr-xr-x root/root lib/libnss_nis-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.12.1.so
--rwxr-xr-x root/root lib/libnss_nisplus-2.12.1.so
-lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.12.1.so
+-rwxr-xr-x root/root lib/libnsl-2.12.2.so
+lrwxrwxrwx root/root lib/libnsl.so.1 -> libnsl-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_compat-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_compat.so.2 -> libnss_compat-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_dns-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_dns.so.2 -> libnss_dns-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_files-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_files.so.2 -> libnss_files-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_hesiod-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_hesiod.so.2 -> libnss_hesiod-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_nis-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_nis.so.2 -> libnss_nis-2.12.2.so
+-rwxr-xr-x root/root lib/libnss_nisplus-2.12.2.so
+lrwxrwxrwx root/root lib/libnss_nisplus.so.2 -> libnss_nisplus-2.12.2.so
-rwxr-xr-x root/root lib/libpcprofile.so
--rwxr-xr-x root/root lib/libpthread-2.12.1.so
-lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.12.1.so
--rwxr-xr-x root/root lib/libresolv-2.12.1.so
-lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.12.1.so
--rwxr-xr-x root/root lib/librt-2.12.1.so
-lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.12.1.so
+-rwxr-xr-x root/root lib/libpthread-2.12.2.so
+lrwxrwxrwx root/root lib/libpthread.so.0 -> libpthread-2.12.2.so
+-rwxr-xr-x root/root lib/libresolv-2.12.2.so
+lrwxrwxrwx root/root lib/libresolv.so.2 -> libresolv-2.12.2.so
+-rwxr-xr-x root/root lib/librt-2.12.2.so
+lrwxrwxrwx root/root lib/librt.so.1 -> librt-2.12.2.so
-rwxr-xr-x root/root lib/libthread_db-1.0.so
lrwxrwxrwx root/root lib/libthread_db.so.1 -> libthread_db-1.0.so
--rwxr-xr-x root/root lib/libutil-2.12.1.so
-lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.12.1.so
+-rwxr-xr-x root/root lib/libutil-2.12.2.so
+lrwxrwxrwx root/root lib/libutil.so.1 -> libutil-2.12.2.so
drwxr-xr-x root/root sbin/
-rwxr-xr-x root/root sbin/ldconfig
-rwxr-xr-x root/root sbin/sln
diff --git a/glibc/.md5sum b/glibc/.md5sum
index f2a761c..f729ce5 100644
--- a/glibc/.md5sum
+++ b/glibc/.md5sum
@@ -1,8 +1,7 @@
-733615b9c7f778639725ca40dbb781c6 CVE-2010-3847.patch
-e64fc10ef089b48de254b5322b54cd42 CVE-2010-3856.patch
6c8b3f5c56d80eba760cc896e7462b0e Optimize-__getpagesize-a-bit.patch
-4802b783766b5b487c601a19b5ce35f1 glibc-2.12.1.tar.xz
+e0043f4f8e1aa61acc62fdf0f4d6133d glibc-2.12.2.tar.xz
6144e4b4074fc01deea1549de4920df1 glibc-fedora_i686.patch
+e9da82fa084dff26de7c484ce0c89a9a glibc-ignore_origin.patch
96156bec8e05de67384dc93e72bdc313 host.conf
fbbc215a9b15ba4846f326cc88108057 hosts
34fe6c5433cd6cda30123b7bb73ef378 kernel-headers-2.6.35.tar.xz
diff --git a/glibc/CVE-2010-3847.patch b/glibc/CVE-2010-3847.patch
deleted file mode 100644
index 3b2bd1c..0000000
--- a/glibc/CVE-2010-3847.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-# http://seclists.org/fulldisclosure/2010/Oct/257
-# http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
-
-Path elements containing $ORIGIN should always be ignored in privileged
-programs.
-
-Andreas.
-
-2010-10-18 Andreas Schwab <schwab@redhat.com>
-
- * elf/dl-load.c (is_dst): Remove last parameter.
- (_dl_dst_count): Ignore $ORIGIN in privileged programs.
- (_dl_dst_substitute): Likewise.
----
- elf/dl-load.c | 30 +++++++++++++-----------------
- 1 files changed, 13 insertions(+), 17 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index a7162eb..776f7e4 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -169,8 +169,7 @@ local_strdup (const char *s)
-
-
- static size_t
--is_dst (const char *start, const char *name, const char *str,
-- int is_path, int secure)
-+is_dst (const char *start, const char *name, const char *str, int is_path)
- {
- size_t len;
- bool is_curly = false;
-@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str,
- && (!is_path || name[len] != ':'))
- return 0;
-
-- if (__builtin_expect (secure, 0)
-- && ((name[len] != '' && (!is_path || name[len] != ':'))
-- || (name != start + 1 && (!is_path || name[-2] != ':'))))
-- return 0;
--
- return len;
- }
-
-@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path)
- {
- size_t len;
-
-- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
-- is $ORIGIN alone) and it must always appear first in path. */
-+ /* $ORIGIN is not expanded for SUID/GUID programs. */
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0
-- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
-- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
-+ && !INTUSE(__libc_enable_secure))
-+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
-+ || (len = is_dst (start, name, "LIB", is_path)) != 0)
- ++cnt;
-
- name = strchr (name + len, '$');
-@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- size_t len;
-
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0)
-+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
- {
-+ /* Ignore this path element in SUID/SGID programs. */
-+ if (INTUSE(__libc_enable_secure))
-+ repl = (const char *) -1;
-+ else
- #ifndef SHARED
- if (l == NULL)
- repl = _dl_get_origin ();
-@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- #endif
- repl = l->l_origin;
- }
-- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
- repl = GLRO(dl_platform);
-- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
- repl = DL_DST_LIB;
-
- if (repl != NULL && repl != (const char *) -1)
---
-1.7.2.3
-
-
---
-Andreas Schwab, schwab@redhat.com
-GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E
-"And now for something completely different."
-
diff --git a/glibc/CVE-2010-3856.patch b/glibc/CVE-2010-3856.patch
deleted file mode 100644
index 0a621c9..0000000
--- a/glibc/CVE-2010-3856.patch
+++ /dev/null
@@ -1,227 +0,0 @@
-# http://seclists.org/fulldisclosure/2010/Oct/344
-# http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html
-
-2010-10-22 Andreas Schwab <schwab@redhat.com>
-
- * include/dlfcn.h (__RTLD_SECURE): Define.
- * elf/dl-load.c (_dl_map_object): Remove preloaded parameter. Use
- mode & __RTLD_SECURE instead.
- (open_path): Rename preloaded parameter to secure.
- * sysdeps/generic/ldsodefs.h (_dl_map_object): Adjust declaration.
- * elf/dl-open.c (dl_open_worker): Adjust call to _dl_map_object.
- * elf/dl-deps.c (openaux): Likewise.
- * elf/rtld.c (struct map_args): Remove is_preloaded.
- (map_doit): Don't use it.
- (dl_main): Likewise.
- (do_preload): Use __RTLD_SECURE instead of is_preloaded.
- (dlmopen_doit): Add __RTLD_SECURE to mode bits.
----
- elf/dl-deps.c | 2 +-
- elf/dl-load.c | 20 +++++++++++---------
- elf/dl-open.c | 2 +-
- elf/rtld.c | 16 +++++++---------
- include/dlfcn.h | 1 +
- sysdeps/generic/ldsodefs.h | 6 ++----
- 6 files changed, 23 insertions(+), 24 deletions(-)
-
-diff --git a/elf/dl-deps.c b/elf/dl-deps.c
-index e5b9cdf..1cab2d1 100644
---- a/elf/dl-deps.c
-+++ b/elf/dl-deps.c
-@@ -62,7 +62,7 @@ openaux (void *a)
- {
- struct openaux_args *args = (struct openaux_args *) a;
-
-- args->aux = _dl_map_object (args->map, args->name, 0,
-+ args->aux = _dl_map_object (args->map, args->name,
- (args->map->l_type == lt_executable
- ? lt_library : args->map->l_type),
- args->trace_mode, args->open_mode,
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index 776f7e4..9ab3520 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -1808,7 +1808,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
- if MAY_FREE_DIRS is true. */
-
- static int
--open_path (const char *name, size_t namelen, int preloaded,
-+open_path (const char *name, size_t namelen, int secure,
- struct r_search_path_struct *sps, char **realname,
- struct filebuf *fbp, struct link_map *loader, int whatcode,
- bool *found_other_class)
-@@ -1890,7 +1890,7 @@ open_path (const char *name, size_t namelen, int preloaded,
- /* Remember whether we found any existing directory. */
- here_any |= this_dir->status[cnt] != nonexisting;
-
-- if (fd != -1 && __builtin_expect (preloaded, 0)
-+ if (fd != -1 && __builtin_expect (secure, 0)
- && INTUSE(__libc_enable_secure))
- {
- /* This is an extra security effort to make sure nobody can
-@@ -1959,7 +1959,7 @@ open_path (const char *name, size_t namelen, int preloaded,
-
- struct link_map *
- internal_function
--_dl_map_object (struct link_map *loader, const char *name, int preloaded,
-+_dl_map_object (struct link_map *loader, const char *name,
- int type, int trace_mode, int mode, Lmid_t nsid)
- {
- int fd;
-@@ -2063,7 +2063,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- for (l = loader; l; l = l->l_loader)
- if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
- {
-- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
-+ &l->l_rpath_dirs,
- &realname, &fb, loader, LA_SER_RUNPATH,
- &found_other_class);
- if (fd != -1)
-@@ -2078,14 +2079,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- && main_map != NULL && main_map->l_type != lt_loaded
- && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
- "RPATH"))
-- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
-+ &main_map->l_rpath_dirs,
- &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
- &found_other_class);
- }
-
- /* Try the LD_LIBRARY_PATH environment variable. */
- if (fd == -1 && env_path_list.dirs != (void *) -1)
-- fd = open_path (name, namelen, preloaded, &env_path_list,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list,
- &realname, &fb,
- loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
- LA_SER_LIBPATH, &found_other_class);
-@@ -2094,12 +2096,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- if (fd == -1 && loader != NULL
- && cache_rpath (loader, &loader->l_runpath_dirs,
- DT_RUNPATH, "RUNPATH"))
-- fd = open_path (name, namelen, preloaded,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
- &loader->l_runpath_dirs, &realname, &fb, loader,
- LA_SER_RUNPATH, &found_other_class);
-
- if (fd == -1
-- && (__builtin_expect (! preloaded, 1)
-+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1)
- || ! INTUSE(__libc_enable_secure)))
- {
- /* Check the list of libraries in the file /etc/ld.so.cache,
-@@ -2165,7 +2167,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
- || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
- && rtld_search_dirs.dirs != (void *) -1)
-- fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs,
- &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
-
- /* Add another newline when we are tracing the library loading. */
-diff --git a/elf/dl-open.c b/elf/dl-open.c
-index c394b3f..cf8e8cc 100644
---- a/elf/dl-open.c
-+++ b/elf/dl-open.c
-@@ -223,7 +223,7 @@ dl_open_worker (void *a)
-
- /* Load the named object. */
- struct link_map *new;
-- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
-+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0,
- mode | __RTLD_CALLMAP, args->nsid);
-
- /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
-diff --git a/elf/rtld.c b/elf/rtld.c
-index 201c9cf..4a8cee8 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -587,7 +587,6 @@ struct map_args
- /* Argument to map_doit. */
- char *str;
- struct link_map *loader;
-- int is_preloaded;
- int mode;
- /* Return value of map_doit. */
- struct link_map *map;
-@@ -625,16 +624,17 @@ static void
- map_doit (void *a)
- {
- struct map_args *args = (struct map_args *) a;
-- args->map = _dl_map_object (args->loader, args->str,
-- args->is_preloaded, lt_library, 0, args->mode,
-- LM_ID_BASE);
-+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0,
-+ args->mode, LM_ID_BASE);
- }
-
- static void
- dlmopen_doit (void *a)
- {
- struct dlmopen_args *args = (struct dlmopen_args *) a;
-- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT,
-+ args->map = _dl_open (args->fname,
-+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
-+ | __RTLD_SECURE),
- dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv),
- __environ);
- }
-@@ -804,8 +804,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where)
-
- args.str = fname;
- args.loader = main_map;
-- args.is_preloaded = 1;
-- args.mode = 0;
-+ args.mode = __RTLD_SECURE;
-
- unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
-
-@@ -1050,7 +1049,6 @@ of this helper program; chances are you did not intend to run this program.

-
- args.str = rtld_progname;
- args.loader = NULL;
-- args.is_preloaded = 0;
- args.mode = __RTLD_OPENEXEC;
- (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
- &args);
-@@ -1062,7 +1060,7 @@ of this helper program; chances are you did not intend to run this program.

- else
- {
- HP_TIMING_NOW (start);
-- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0,
-+ _dl_map_object (NULL, rtld_progname, lt_library, 0,
- __RTLD_OPENEXEC, LM_ID_BASE);
- HP_TIMING_NOW (stop);
-
-diff --git a/include/dlfcn.h b/include/dlfcn.h
-index a67426d..af92483 100644
---- a/include/dlfcn.h
-+++ b/include/dlfcn.h
-@@ -9,6 +9,7 @@
- #define __RTLD_OPENEXEC 0x20000000
- #define __RTLD_CALLMAP 0x10000000
- #define __RTLD_AUDIT 0x08000000
-+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */
-
- #define __LM_ID_CALLER -2
-
-diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
-index fcc943b..fa4b6b2 100644
---- a/sysdeps/generic/ldsodefs.h
-+++ b/sysdeps/generic/ldsodefs.h
-@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *),
-
- /* Open the shared object NAME and map in its segments.
- LOADER's DT_RPATH is used in searching for NAME.
-- If the object is already opened, returns its existing map.
-- For preloaded shared objects PRELOADED is set to a non-zero
-- value to allow additional security checks. */
-+ If the object is already opened, returns its existing map. */
- extern struct link_map *_dl_map_object (struct link_map *loader,
-- const char *name, int preloaded,
-+ const char *name,
- int type, int trace_mode, int mode,
- Lmid_t nsid)
- internal_function attribute_hidden;
-
diff --git a/glibc/Pkgfile b/glibc/Pkgfile
index e0931c3..7d1e1ab 100644
--- a/glibc/Pkgfile
+++ b/glibc/Pkgfile
@@ -3,13 +3,13 @@
# Maintainer: CRUX System Team, core-ports at crux dot nu

name=glibc
-version=2.12.1
+version=2.12.2
release=2
source=(http://ftp.gnu.org/gnu/glibc/glibc-$version.tar.xz
http://crux.nu/files/distfiles/kernel-headers-2.6.35.tar.xz
glibc-fedora_i686.patch
+ glibc-ignore_origin.patch
Optimize-__getpagesize-a-bit.patch
- CVE-2010-3847.patch CVE-2010-3856.patch
hosts resolv.conf nsswitch.conf host.conf ld.so.conf)

build() {
@@ -20,10 +20,7 @@ build() {

patch -p1 -d $name-$version -i $SRC/$name-fedora_i686.patch
patch -R -p1 -d $name-$version -i $SRC/Optimize-__getpagesize-a-bit.patch
- patch -p1 -d $name-$version -i $SRC/CVE-2010-3847.patch
- patch -p1 -d $name-$version -i $SRC/CVE-2010-3856.patch
-
- sed -i '/^all-subdirs/,+6s/manual//' $name-$version/Makeconfig
+ patch -p1 -d $name-$version -i $SRC/$name-ignore_origin.patch

mkdir build
cd build
diff --git a/glibc/glibc-ignore_origin.patch b/glibc/glibc-ignore_origin.patch
new file mode 100644
index 0000000..cbf6756
--- /dev/null
+++ b/glibc/glibc-ignore_origin.patch
@@ -0,0 +1,26 @@
+# http://sourceware.org/ml/libc-hacker/2010-12/msg00001.html
+# new fix for http://seclists.org/fulldisclosure/2010/Oct/257
+
+2010-12-09 Andreas Schwab <schwab@redhat.com>
+
+ * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
+ program.
+---
+ elf/dl-object.c | 3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/elf/dl-object.c b/elf/dl-object.c
+index 5d15ce1..a34e902 100644
+--- a/elf/dl-object.c
++++ b/elf/dl-object.c
+@@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type,
+ out:
+ new->l_origin = origin;
+ }
++ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
++ /* The origin of a privileged program cannot be trusted. */
++ new->l_origin = (char *) -1;
+
+ return new;
+ }
+
diff --git a/glibc/post-install b/glibc/post-install
new file mode 100644
index 0000000..fae8589
--- /dev/null
+++ b/glibc/post-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+/sbin/telinit U
+
_______________________________________________
CRUX mailing list
CRUX@lists.crux.nu
http://lists.crux.nu/mailman/listinfo/crux
 

Thread Tools




All times are GMT. The time now is 10:41 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org