diff options
author | Donny Davies <woodchip@gentoo.org> | 2001-12-21 23:15:57 +0000 |
---|---|---|
committer | Donny Davies <woodchip@gentoo.org> | 2001-12-21 23:15:57 +0000 |
commit | 85e159c136df1a287986d44325f7dedc38767b95 (patch) | |
tree | ef3357ed16c3ce4ecf0b201fb6721af6a3fefc4d /sys-libs | |
parent | fix docs (diff) | |
download | historical-85e159c136df1a287986d44325f7dedc38767b95.tar.gz historical-85e159c136df1a287986d44325f7dedc38767b95.tar.bz2 historical-85e159c136df1a287986d44325f7dedc38767b95.zip |
* Security update *
Added patch to address recently discovered buffer overflow in glibc's
filename globbing code. Upgrade reccomended!!
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/glibc/files/digest-glibc-2.2.4-r7 | 3 | ||||
-rw-r--r-- | sys-libs/glibc/files/glibc-2.2.4-glob-overflow.diff | 97 | ||||
-rw-r--r-- | sys-libs/glibc/glibc-2.2.4-r7.ebuild | 158 |
3 files changed, 258 insertions, 0 deletions
diff --git a/sys-libs/glibc/files/digest-glibc-2.2.4-r7 b/sys-libs/glibc/files/digest-glibc-2.2.4-r7 new file mode 100644 index 000000000000..1b2829c6102e --- /dev/null +++ b/sys-libs/glibc/files/digest-glibc-2.2.4-r7 @@ -0,0 +1,3 @@ +MD5 3a41315c8e571ae4b196dbe834738d95 glibc-2.2.4.tar.bz2 12222464 +MD5 08939bf73423d03b901fd61228127752 glibc-linuxthreads-2.2.4.tar.bz2 167936 +MD5 c40895f13d7d06fc8435410971568c5b glibc-manpages-2.2.4.tar.bz2 16384 diff --git a/sys-libs/glibc/files/glibc-2.2.4-glob-overflow.diff b/sys-libs/glibc/files/glibc-2.2.4-glob-overflow.diff new file mode 100644 index 000000000000..12ab097206db --- /dev/null +++ b/sys-libs/glibc/files/glibc-2.2.4-glob-overflow.diff @@ -0,0 +1,97 @@ +2001-11-29 Jakub Jelinek <jakub@redhat.com> + + * sysdeps/generic/glob.c (next_brace_sub): Return NULL if braces + don't match, fix {{a,b},c} globbing, clean up. + Patch by Flavio Veloso <flaviovs@magnux.com>. + * posix/globtest.sh: Add new tests. + + +--- libc/posix/globtest.sh.jj Thu Aug 23 18:48:53 2001 ++++ libc/posix/globtest.sh Thu Nov 29 13:32:05 2001 +@@ -146,6 +146,32 @@ if test $failed -ne 0; then + result=1 + fi + ++failed=0 ++${elf_objpfx}${rtld_installed_name} --library-path ${library_path} \ ++${common_objpfx}posix/globtest -b "$testdir" "{file{1,2},-file3}" | ++sort > $testout ++cat <<"EOF" | cmp - $testout >> $logfile || failed=1 ++`-file3' ++`file1' ++`file2' ++EOF ++if test $failed -ne 0; then ++ echo "Braces test 2 failed" >> $logfile ++ result=1 ++fi ++ ++failed=0 ++${elf_objpfx}${rtld_installed_name} --library-path ${library_path} \ ++${common_objpfx}posix/globtest -b "$testdir" "{" | ++sort > $testout ++cat <<"EOF" | cmp - $testout >> $logfile || failed=1 ++GLOB_NOMATCH ++EOF ++if test $failed -ne 0; then ++ echo "Braces test 3 failed" >> $logfile ++ result=1 ++fi ++ + # Test NOCHECK + failed=0 + ${elf_objpfx}${rtld_installed_name} --library-path ${library_path} \ + + +--- libc/sysdeps/generic/glob.c.jj Thu Aug 23 18:49:29 2001 ++++ libc/sysdeps/generic/glob.c Thu Nov 29 13:17:21 2001 +@@ -355,42 +355,14 @@ static + inline + #endif + const char * +-next_brace_sub (begin) +- const char *begin; ++next_brace_sub (cp) ++ const char *cp; + { + unsigned int depth = 0; +- const char *cp = begin; +- +- while (1) +- { +- if (depth == 0) +- { +- if (*cp != ',' && *cp != '}' && *cp != '\0') +- { +- if (*cp == '{') +- ++depth; +- ++cp; +- continue; +- } +- } +- else +- { +- while (*cp != '\0' && (*cp != '}' || depth > 0)) +- { +- if (*cp == '}') +- --depth; +- ++cp; +- } +- if (*cp == '\0') +- /* An incorrectly terminated brace expression. */ +- return NULL; +- +- continue; +- } +- break; +- } +- +- return cp; ++ while (*cp != '\0' && (*cp != '}' || depth--) && (*cp != ',' || depth)) ++ if (*cp++ == '{') ++ depth++; ++ return *cp != '\0' ? cp : NULL; + } + + #endif /* !GLOB_ONLY_P */ + diff --git a/sys-libs/glibc/glibc-2.2.4-r7.ebuild b/sys-libs/glibc/glibc-2.2.4-r7.ebuild new file mode 100644 index 000000000000..443373e0eedd --- /dev/null +++ b/sys-libs/glibc/glibc-2.2.4-r7.ebuild @@ -0,0 +1,158 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# Maintainer: Daniel Robbins <drobbins@gentoo.org> +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.2.4-r7.ebuild,v 1.1 2001/12/21 23:15:57 woodchip Exp $ + +S=${WORKDIR}/${P} +DESCRIPTION="GNU libc6 (also called glibc2) C library" +SRC_URI="ftp://sources.redhat.com/pub/glibc/releases/glibc-${PV}.tar.bz2 + ftp://sources.redhat.com/pub/glibc/releases/glibc-linuxthreads-${PV}.tar.bz2 + http://www.ibiblio.org/glibc-manpages-${PV}.tar.bz2" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +#Specific Linux headers are now required so that we build from a stable "base" +#portage-1.7.8 needed for smart library merging feature (avoids segfaults on glibc upgrade) +LHV=2.4.16 +DEPEND=">=sys-apps/portage-1.7.8 ~sys-kernel/linux-headers-${LHV} nls? ( sys-devel/gettext ) gd? ( media-libs/libgd )" +RDEPEND="~sys-kernel/linux-headers-${LHV}" + +if [ -z "`use build`" ] +then + RDEPEND="$RDEPEND gd? ( sys-libs/zlib media-libs/libpng ) sys-apps/baselayout" +else + RDEPEND="$RDEPEND sys-apps/baselayout" +fi + +PROVIDE="virtual/glibc" + +src_unpack() { + unpack glibc-${PV}.tar.bz2 + cd ${S} + #extract pre-made man pages. Otherwise we need perl, which is a no-no. + mkdir man; cd man + tar xjf ${DISTDIR}/glibc-manpages-${PV}.tar.bz2 + cd ${S} + unpack glibc-linuxthreads-${PV}.tar.bz2 + for i in mtrace-intl-perl + do + echo "Applying $i patch..." + patch -p0 < ${FILESDIR}/glibc-2.2.2-${i}.diff || die + done + #For information about the string2 patch, see: http://lists.gentoo.org/pipermail/gentoo-dev/2001-June/001559.html + patch -p0 < ${FILESDIR}/glibc-2.2.3-string2.diff || die + cd io + #To my knowledge, this next patch fixes a test that will timeout due to ReiserFS' slow handling of sparse files + patch -p0 < ${FILESDIR}/glibc-2.2.2-test-lfs-timeout.patch || die + #now we need to fix a problem where glibc doesn't compile with absolutely no -O optimizations. + #we'll need to keep our eyes on this one to see how things are in later versions of linuxthreads: + #for more info, see: + # http://gcc.gnu.org/ml/gcc-prs/2001-06/msg00044.html + # http://www.mail-archive.com/bug-glibc@gnu.org/msg01820.html + cd ${S}/linuxthreads + cp spinlock.c spinlock.c.orig + sed -e 's/ : "0" (lock->__status)//g' spinlock.c.orig > spinlock.c + #This patch addresses a nasty buffer overflow in glob(), remotely exploitable too. See: + #http://lwn.net/2001/1220/a/glibc-vulnerability.php3 + cd ${S} + patch -p1 < ${FILESDIR}/glibc-2.2.4-glob-overflow.diff || die +} + +src_compile() { + local myconf + # If we build for the build system we use the kernel headers from the target + [ "`use build`" ] && myconf="--with-header=${ROOT}usr/include" + if [ "`use gd`" ] && [ -z "`use bootstrap`" ] && [ -z "`use build`" ] + then + myconf="${myconf} --with-gd=yes" + else + myconf="${myconf} --with-gd=no" + fi + [ -z "`use nls`" ] && myconf="${myconf} --disable-nls" + rm -rf buildhere + mkdir buildhere + cd buildhere + ../configure --host=${CHOST} --without-cvs --enable-add-ons=linuxthreads --disable-profile --prefix=/usr \ + --mandir=/usr/share/man --infodir=/usr/share/info --libexecdir=/usr/lib/misc ${myconf} || die + + #This next option breaks the Sun JDK and the IBM JDK + #We should really keep compatibility with older kernels, anyway + #--enable-kernel=2.4.0 + make PARALLELMFLAGS="${MAKEOPTS}" || die + make check +} + + +src_install() { + export LC_ALL=C + make PARALLELMFLAGS="${MAKEOPTS}" install_root=${D} install -C buildhere || die + if [ -z "`use build`" ] + then + dodir /etc/rc.d/init.d + make PARALLELMFLAGS="${MAKEOPTS}" install_root=${D} info -C buildhere || die + make PARALLELMFLAGS="${MAKEOPTS}" install_root=${D} localedata/install-locales -C buildhere || die + #install linuxthreads man pages + dodir /usr/share/man/man3 + doman ${S}/man/*.3thr + install -m 644 nscd/nscd.conf ${D}/etc + dodoc BUGS ChangeLog* CONFORMANCE COPYING* FAQ INTERFACE NEWS NOTES PROJECTS README* + else + rm -rf ${D}/usr/share ${D}/usr/lib/gconv + fi + if [ "`use pic`" ] + then + find ${S}/buildhere -name "*_pic.a" -exec cp {} ${D}/lib \; + find ${S}/buildhere -name "*.map" -exec cp {} ${D}/lib \; + for i in ${D}/lib/*.map + do + mv ${i} ${i%.map}_pic.map + done + fi + rm ${D}/lib/ld-linux.so.2 + rm ${D}/lib/libc.so.6 + rm ${D}/lib/libpthread.so.0 + #is this next line actually needed or does the makefile get it right. It previously has 0755 perms which was + #killing things. + chmod 4755 ${D}/usr/lib/misc/pt_chown + rm -f ${D}/etc/ld.so.cache + + #prevent overwriting of the /etc/localtime symlink. We'll handle the + #creation of the "factory" symlink in pkg_postinst(). + rm -f ${D}/etc/localtime +} + +pkg_preinst() +{ + local mytarget + echo "Backing up existing critical libraries..." + [ ! -d ${ROOT}lib/old ] && mkdir ${ROOT}lib/old + for file in ld-linux.so.2 libc.so.6 libpthread.so.0 + do + if [ -f ${ROOT}lib/${file} ] + then + #all this "mytarget" stuff allows us to create a backup + #library in /lib/old with the *real* version name + #rather than the *generic* version name. + + mytarget="`readlink ${ROOT}lib/${file}`" + mytarget="`basename $mytarget`" + /bin/cp ${ROOT}lib/${file} ${ROOT}lib/old/${mytarget} + /sbin/sln ${ROOT}lib/old/${mytarget} ${ROOT}lib/${file} + fi + done + return 0 +} + +pkg_postinst() +{ + /sbin/sln ld-${PV}.so ${ROOT}lib/ld-linux.so.2 + /sbin/sln libc-${PV}.so ${ROOT}lib/libc.so.6 + /sbin/sln libpthread-0.9.so ${ROOT}lib/libpthread.so.0 + /sbin/ldconfig -r ${ROOT} + #we do the localtime symlink here so that we don't overwrite any + #existing one during merge. + if [ ! -e ${ROOT}etc/localtime ] + then + echo "Please remember to set your timezone using the zic command." + ln -s ../usr/share/zoneinfo/Factory ${ROOT}/etc/localtime + fi +} |