added a patch to fix insecure tempfile handling, closes bug 66358

12 files changed, 95 insertions, 16 deletions

diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index fa8ffae2b402..3a6e322df081 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.267 2004/10/07 18:01:56 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.268 2004/10/07 22:24:27 lv Exp $
+
+*glibc-2.3.2-r12 (07 Oct 2004)
+
+  07 Oct 2004; Travis Tilley <lv@gentoo.org>
+  +files/2.3.3/glibc-2.3.3-tempfile.patch, -glibc-2.3.2-r11.ebuild,
+  +glibc-2.3.2-r12.ebuild, -glibc-2.3.3.20040420-r1.ebuild,
+  +glibc-2.3.3.20040420-r2.ebuild, -glibc-2.3.4.20040619-r1.ebuild,
+  +glibc-2.3.4.20040619-r2.ebuild, +glibc-2.3.4.20040808-r1.ebuild,
+  -glibc-2.3.4.20040808.ebuild, glibc-2.3.4.20041006.ebuild:
+  added a patch to fix insecure tempfile handling, closes bug 66358
 
 *glibc-2.3.4.20041006 (07 Oct 2004)
 
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 443f2b1a71ca..941a882610e8 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -1,16 +1,12 @@
-MD5 47c6d2f73520e690ed18a73a550aa537 ChangeLog 55150
+MD5 b383caa587f160cc68703e407ba35922 ChangeLog 55621
 MD5 7cf88dee2671dcc30659d07241b8d918 glibc-2.2.5-r9.ebuild 10915
-MD5 69d5deb42d1f5687791ceaa46ef56215 glibc-2.3.2-r11.ebuild 20433
-MD5 0def963a028a28e5da9ee21a22c5f3b6 glibc-2.3.3.20040420-r1.ebuild 21667
-MD5 5ddcb90cbbcf07775bcaade32c13602e glibc-2.3.4.20040619-r1.ebuild 20900
-MD5 0d44990df643b53604420f37d27d257b glibc-2.3.4.20040808.ebuild 21812
 MD5 567094e03359ffc1c95af7356395228d metadata.xml 162
-MD5 07468513831debe9b18825a9d0af6ac4 glibc-2.3.4.20041006.ebuild 25699
+MD5 19295cee1b8f439518988ac275d03a4a glibc-2.3.4.20041006.ebuild 25801
+MD5 3603fa6448052edcf78a329d10746461 glibc-2.3.2-r12.ebuild 20530
+MD5 daf5c4924c0a0ccc6e55f7588b1b4d52 glibc-2.3.3.20040420-r2.ebuild 21765
+MD5 af6f1491a70a6ee80e8d867d8ee0f98f glibc-2.3.4.20040619-r2.ebuild 20997
+MD5 43a24ddba5c5ea34820574a67e844521 glibc-2.3.4.20040808-r1.ebuild 21916
 MD5 9cc1e6b6f749dba7c8759bd07266f7d9 files/digest-glibc-2.2.5-r9 143
-MD5 2d5306ef875573750af642a9f93b634a files/digest-glibc-2.3.2-r11 312
-MD5 42af7e35fe2404a49954f91fd1aee891 files/digest-glibc-2.3.3.20040420-r1 312
-MD5 470f57fe18dd0a94cb4a4d6cf51528af files/digest-glibc-2.3.4.20040619-r1 307
-MD5 2f05d3181e9a9ded61e074147af47e8e files/digest-glibc-2.3.4.20040808 382
 MD5 e4393f4721a207750581d6265d5f7f40 files/fix-sysctl_h.patch 376
 MD5 52cfc7627fc62dfb26d8d163aac361f6 files/glibc-2.2.2-test-lfs-timeout.patch 320
 MD5 135f8145885a2f4f9876fe973f33ddf6 files/glibc-2.2.4-string2.h.diff 5221
@@ -25,6 +21,10 @@ MD5 2013443f5192d4b999953ba4248d288c files/nscd.conf 1158
 MD5 d8830438ea871dbfd1acf7a3d0299159 files/test-__thread.c 53
 MD5 4404ee4b6e3017819d8f36082e0265e5 files/test-sysctl_h.c 54
 MD5 f3cca6c94da241279d9867de19ff65d2 files/digest-glibc-2.3.4.20041006 382
+MD5 2d5306ef875573750af642a9f93b634a files/digest-glibc-2.3.2-r12 312
+MD5 42af7e35fe2404a49954f91fd1aee891 files/digest-glibc-2.3.3.20040420-r2 312
+MD5 470f57fe18dd0a94cb4a4d6cf51528af files/digest-glibc-2.3.4.20040619-r2 307
+MD5 2f05d3181e9a9ded61e074147af47e8e files/digest-glibc-2.3.4.20040808-r1 382
 MD5 f75ebd335c4b882013cc12229d39c9f7 files/2.2.5/glibc-2.2.5-alpha-gcc3-fix.diff 475
 MD5 843eaa26ae2c49e894aa365b6f463546 files/2.2.5/glibc-2.2.5-alpha-pcdyn-fix.diff 471
 MD5 5182f441608833569cb9e78536baf8af files/2.2.5/glibc-2.2.5-arm-errlist-fix.diff 2210
@@ -106,6 +106,7 @@ MD5 847afe57e19abff1d5c49f6bb7084a3d files/2.3.3/mips-syscall.h.diff 1199
 MD5 84fa9a725c22975d735a2f91543a5cca files/2.3.3/mips-sysify.diff 2138
 MD5 81d95470c5766e56e27ad8b6967d2a16 files/2.3.3/semtimedop.diff 602
 MD5 ae9425cd4199cccd69c6d22633583dc1 files/2.3.3/ssp.c 4041
+MD5 ff0a2716aebc6fb8a2e3b3f2c9be8bba files/2.3.3/glibc-2.3.3-tempfile.patch 1787
 MD5 89a6d0d924c8b05c4e06bdffb7c69b41 files/2.3.4/glibc-2.3.4-arm-ioperm.patch 4037
 MD5 03e0e9a2235886c0abbe98bdafd0d5ce files/2.3.4/glibc-2.3.4-hardened-sysdep-shared.patch 382
 MD5 659a9d64935d67a5938d0cb4e5fe4899 files/2.3.4/glibc-2.3.4-hppa-hardened-disable__init_arrays.patch 2310
diff --git a/sys-libs/glibc/files/2.3.3/glibc-2.3.3-tempfile.patch b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-tempfile.patch
new file mode 100644
index 000000000000..bfca2af527f5
--- /dev/null
+++ b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-tempfile.patch
@@ -0,0 +1,53 @@
+--- glibc-2.3.2.orig/debug/catchsegv.sh	2004-10-05 01:25:30.683814576 -0400
++++ glibc-2.3.2/debug/catchsegv.sh	2004-10-05 01:26:57.567606232 -0400
+@@ -49,9 +49,7 @@
+   esac
+ fi
+ 
+-segv_output=`basename "$prog"`.segv.$$
+-# Make sure this output file does not exist.
+-rm -f "$segv_output"
++segv_output=`mktemp \`basename "$prog".segv.XXXXXX\`` || exit 1
+ 
+ # Redirect stderr to avoid termination message from shell.
+ (exec 3>&2 2>/dev/null
+@@ -64,7 +62,7 @@
+ # Check for output.  Even if the program terminated correctly it might
+ # be that a minor process (clone) failed.  Therefore we do not check the
+ # exit code.
+-if test -f "$segv_output"; then
++if test -s "$segv_output"; then
+   # The program caught a signal.  The output is in the file with the
+   # name we have in SEGFAULT_OUTPUT_NAME.  In the output the names of
+   # functions in shared objects are available, but names in the static
+@@ -101,7 +99,7 @@
+ 	    ;;
+      esac
+    done)
+-   rm -f "$segv_output"
+ fi
++rm -f "$segv_output"
+ 
+ exit $exval
+--- glibc-2.3.2.orig/libio/oldtmpfile.c	2004-10-05 01:25:31.045759552 -0400
++++ glibc-2.3.2/libio/oldtmpfile.c	2004-10-05 01:27:55.304828840 -0400
+@@ -36,7 +36,7 @@
+   int fd;
+   FILE *f;
+ 
+-  if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0))
++  if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1))
+     return NULL;
+   fd = __gen_tempname (buf, __GT_FILE);
+   if (fd < 0)
+--- glibc-2.3.2.orig/sysdeps/generic/tmpfile.c	2004-10-05 01:25:40.103382584 -0400
++++ glibc-2.3.2/sysdeps/generic/tmpfile.c	2004-10-05 01:28:55.235717960 -0400
+@@ -43,7 +43,7 @@
+   int fd;
+   FILE *f;
+ 
+-  if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 0))
++  if (__path_search (buf, FILENAME_MAX, NULL, "tmpf", 1))
+     return NULL;
+   fd = __gen_tempname (buf, GEN_THIS);
+   if (fd < 0)
diff --git a/sys-libs/glibc/files/digest-glibc-2.3.2-r11 b/sys-libs/glibc/files/digest-glibc-2.3.2-r12
index 07e3a8d0f559..07e3a8d0f559 100644
--- a/sys-libs/glibc/files/digest-glibc-2.3.2-r11
+++ b/sys-libs/glibc/files/digest-glibc-2.3.2-r12
diff --git a/sys-libs/glibc/files/digest-glibc-2.3.3.20040420-r1 b/sys-libs/glibc/files/digest-glibc-2.3.3.20040420-r2
index ad49f7b719bf..ad49f7b719bf 100644
--- a/sys-libs/glibc/files/digest-glibc-2.3.3.20040420-r1
+++ b/sys-libs/glibc/files/digest-glibc-2.3.3.20040420-r2
diff --git a/sys-libs/glibc/files/digest-glibc-2.3.4.20040619-r1 b/sys-libs/glibc/files/digest-glibc-2.3.4.20040619-r2
index a26412bcbe0b..a26412bcbe0b 100644
--- a/sys-libs/glibc/files/digest-glibc-2.3.4.20040619-r1
+++ b/sys-libs/glibc/files/digest-glibc-2.3.4.20040619-r2
diff --git a/sys-libs/glibc/files/digest-glibc-2.3.4.20040808 b/sys-libs/glibc/files/digest-glibc-2.3.4.20040808-r1
index c5328e8b876d..c5328e8b876d 100644
--- a/sys-libs/glibc/files/digest-glibc-2.3.4.20040808
+++ b/sys-libs/glibc/files/digest-glibc-2.3.4.20040808-r1
diff --git a/sys-libs/glibc/glibc-2.3.2-r11.ebuild b/sys-libs/glibc/glibc-2.3.2-r12.ebuild
index 2d6351ffd75c..cc4e04c4c4b6 100644
--- a/sys-libs/glibc/glibc-2.3.2-r11.ebuild
+++ b/sys-libs/glibc/glibc-2.3.2-r12.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.2-r11.ebuild,v 1.14 2004/09/29 05:24:47 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.2-r12.ebuild,v 1.1 2004/10/07 22:24:28 lv Exp $
 
 inherit eutils flag-o-matic gcc
 
@@ -424,6 +424,9 @@ src_unpack() {
 	# Fix info leakage #59526
 	cd ${S}; epatch ${FILESDIR}/glibc-sec-hotfix-20040804.patch
 
+	# Improved handled temporary files. bug #66358
+	epatch ${FILESDIR}/2.3.3/${PN}-2.3.3-tempfile.patch
+
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
 }
diff --git a/sys-libs/glibc/glibc-2.3.3.20040420-r1.ebuild b/sys-libs/glibc/glibc-2.3.3.20040420-r2.ebuild
index d14c4859eb84..bb433949d791 100644
--- a/sys-libs/glibc/glibc-2.3.3.20040420-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.3.3.20040420-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.3.20040420-r1.ebuild,v 1.7 2004/09/29 05:24:47 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.3.20040420-r2.ebuild,v 1.1 2004/10/07 22:24:28 lv Exp $
 
 inherit eutils flag-o-matic gcc
 
@@ -465,6 +465,9 @@ src_unpack() {
 	cd ${S}
 	epatch ${FILESDIR}/2.3.4/glibc-2.3.4-hardened-sysdep-shared.patch
 
+	# Improved handled temporary files. bug #66358
+	epatch ${FILESDIR}/2.3.3/${PN}-2.3.3-tempfile.patch
+
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
 }
diff --git a/sys-libs/glibc/glibc-2.3.4.20040619-r1.ebuild b/sys-libs/glibc/glibc-2.3.4.20040619-r2.ebuild
index 0dc66746cd70..06156e1999ec 100644
--- a/sys-libs/glibc/glibc-2.3.4.20040619-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.3.4.20040619-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20040619-r1.ebuild,v 1.19 2004/09/29 05:24:47 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20040619-r2.ebuild,v 1.1 2004/10/07 22:24:28 lv Exp $
 
 inherit eutils flag-o-matic gcc
 
@@ -548,6 +548,9 @@ src_unpack() {
 	# Remaining patches
 	cd ${S}
 
+	# Improved handled temporary files. bug #66358
+	epatch ${FILESDIR}/2.3.3/${PN}-2.3.3-tempfile.patch
+
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
 }
diff --git a/sys-libs/glibc/glibc-2.3.4.20040808.ebuild b/sys-libs/glibc/glibc-2.3.4.20040808-r1.ebuild
index cb9556aa4ae0..6b958305ddf9 100644
--- a/sys-libs/glibc/glibc-2.3.4.20040808.ebuild
+++ b/sys-libs/glibc/glibc-2.3.4.20040808-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20040808.ebuild,v 1.26 2004/10/07 13:42:56 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20040808-r1.ebuild,v 1.1 2004/10/07 22:24:28 lv Exp $
 
 inherit eutils flag-o-matic gcc
 
@@ -517,6 +517,9 @@ src_unpack() {
 	# fix for using nptl's pthread.h with g++
 	epatch ${FILESDIR}/2.3.4/glibc-2.3.4-nptl-pthread.h-g++-fix.patch
 
+	# Improved handled temporary files. bug #66358
+	epatch ${FILESDIR}/2.3.3/${PN}-2.3.3-tempfile.patch
+
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
 }
diff --git a/sys-libs/glibc/glibc-2.3.4.20041006.ebuild b/sys-libs/glibc/glibc-2.3.4.20041006.ebuild
index d1da60ea8f4f..c5856f2d2218 100644
--- a/sys-libs/glibc/glibc-2.3.4.20041006.ebuild
+++ b/sys-libs/glibc/glibc-2.3.4.20041006.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20041006.ebuild,v 1.1 2004/10/07 18:01:56 lv Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.3.4.20041006.ebuild,v 1.2 2004/10/07 22:24:28 lv Exp $
 
 inherit eutils flag-o-matic gcc
 
@@ -546,6 +546,9 @@ src_unpack() {
 	# multicast DNS aka rendezvous support
 	epatch ${FILESDIR}/2.3.4/glibc-2.3.3-mdns-resolver.diff
 
+	# Improved handled temporary files. bug #66358
+	epatch ${FILESDIR}/2.3.3/${PN}-2.3.3-tempfile.patch
+
 	# Fix permissions on some of the scripts
 	chmod u+x ${S}/scripts/*.sh
 }