diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2002-07-13 06:42:28 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2002-07-13 06:42:28 +0000 |
commit | d0254d8bf8a573de710249eeae23181aee0704e8 (patch) | |
tree | f36cb06a0eca391985a2e1e26abbe94aa526d005 /sys-libs | |
parent | few tweaks suggested in #4756 (diff) | |
download | gentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.tar.gz gentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.tar.bz2 gentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.zip |
buffer overflow fix
Diffstat (limited to 'sys-libs')
-rw-r--r-- | sys-libs/glibc/ChangeLog | 14 | ||||
-rw-r--r-- | sys-libs/glibc/files/digest-glibc-2.2.5-r5 | 2 | ||||
-rw-r--r-- | sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff | 13 | ||||
-rw-r--r-- | sys-libs/glibc/glibc-2.2.5-r5.ebuild | 192 |
4 files changed, 218 insertions, 3 deletions
diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog index c7e3ff22c1ad..67b3718ed26b 100644 --- a/sys-libs/glibc/ChangeLog +++ b/sys-libs/glibc/ChangeLog @@ -1,10 +1,18 @@ # ChangeLog for sys-libs/glibc # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.8 2002/07/06 23:56:15 azarah Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.9 2002/07/13 06:42:28 azarah Exp $ -*glibc-2.2.5-r5 (6 Jul 2002) +*glibc-2.2.5-r5 (14 Jul 2002) - 6 Jul 2002; Martin Schlemmer <azarah@gentoo.org> glibc-2.2.5-r5.ebuild : + 14 Jul 2002; Martin Schlemmer <azarah@gentoo.org> glibc-2.2.5-r5.ebuild : + + A buffer overflow vulnerability exists in multiple implementations of DNS + resolver libraries. This affects glibc-2.2.5 and earlier. See bug #4923 + and: + + http://www.cert.org/advisories/CA-2002-19.html + + for details. Seems gcc-3.1.1 is even more strict than 3.1 .. patch glibc for gcc-3.1.1. This is also correct for previous gcc versions. diff --git a/sys-libs/glibc/files/digest-glibc-2.2.5-r5 b/sys-libs/glibc/files/digest-glibc-2.2.5-r5 new file mode 100644 index 000000000000..acc05c85ba28 --- /dev/null +++ b/sys-libs/glibc/files/digest-glibc-2.2.5-r5 @@ -0,0 +1,2 @@ +MD5 5be613d02b934d8e305dd2f93062fa6c glibc-2.2.5.tar.bz2 12404613 +MD5 33b9ae01d51263867d338adfba105278 glibc-linuxthreads-2.2.5.tar.bz2 168269 diff --git a/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff b/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff new file mode 100644 index 000000000000..5704c8a6259d --- /dev/null +++ b/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff @@ -0,0 +1,13 @@ +--- libc/resolv/nss_dns/dns-network.c Fri Jul 12 10:18:13 2002 ++++ libc/resolv/nss_dns/dns-network.c Fri Jul 12 10:20:10 2002 +@@ -328,7 +328,9 @@ + } + cp += n; + *alias_pointer++ = bp; +- bp += strlen (bp) + 1; ++ n = strlen (bp) + 1; ++ bp += n; ++ linebuflen -= n; + result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC; + ++have_answer; + } diff --git a/sys-libs/glibc/glibc-2.2.5-r5.ebuild b/sys-libs/glibc/glibc-2.2.5-r5.ebuild new file mode 100644 index 000000000000..0fe63c5c6b39 --- /dev/null +++ b/sys-libs/glibc/glibc-2.2.5-r5.ebuild @@ -0,0 +1,192 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License, v2 or later +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.2.5-r5.ebuild,v 1.4 2002/07/13 06:42:28 azarah Exp $ +inherit flag-o-matic + +filter-flags "-fomit-frame-pointer -malign-double" + +S=${WORKDIR}/${P} +DESCRIPTION="GNU libc6 (also called glibc2) C library" +SRC_URI="ftp://sources.redhat.com/pub/glibc/releases/glibc-${PV}.tar.bz2 + ftp://sources.redhat.com/pub/glibc/releases/glibc-linuxthreads-${PV}.tar.bz2" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" +KEYWORDS="*" +LICENSE="GPL-2" +SLOT="2.2" + +#portage-1.8.9 needed for smart library merging feature (avoids segfaults on glibc upgrade) +#drobbins, 18 Mar 2002: we now rely on the system profile to select the correct linus-headers +DEPEND="sys-kernel/linux-headers + nls? ( sys-devel/gettext )" +RDEPEND="sys-kernel/linux-headers" + +if [ -z "`use build`" ] +then + RDEPEND="${RDEPEND} + sys-apps/baselayout" +else + RDEPEND="${RDEPEND} + >=sys-apps/portage-1.8.9_pre1 + sys-apps/baselayout" +fi + +PROVIDE="virtual/glibc" + +#lock glibc at -O2 -- linuxthreads needs it and we want to be conservative here +export CFLAGS="$CFLAGS -O2" +export CXXFLAGS="$CFLAGS" + +src_unpack() { + unpack glibc-${PV}.tar.bz2 || die + cd ${S} + #extract pre-made man pages. Otherwise we need perl, which is a no-no. + mkdir man; cd man + tar xjf ${FILESDIR}/glibc-manpages-${PV}.tar.bz2 || die + cd ${S} + unpack glibc-linuxthreads-${PV}.tar.bz2 || die + + # This patch apparently eliminates compiler warnings for some versions of gcc. + # For information about the string2 patch, see: + # http://lists.gentoo.org/pipermail/gentoo-dev/2001-June/001559.html + patch -p0 < ${FILESDIR}/glibc-2.2.4-string2.h.diff || die + + # This next one is a new patch to fix thread signal handling. See: + # http://sources.redhat.com/ml/libc-hacker/2002-02/msg00120.html + # (Added by drobbins on 05 Mar 2002) + patch -p0 < ${FILESDIR}/glibc-2.2.5-threadsig.diff || die + + # This next patch fixes a test that will timeout due to ReiserFS' slow handling of sparse files + cd ${S}/io; patch -p0 < ${FILESDIR}/glibc-2.2.2-test-lfs-timeout.patch || die + + # The following spinlock error should only bite if you compile without any -O in CFLAGS, so a tweak + # shouldn't be necessary. The solution is to add -O2. According to Andreas Jaeger of SuSE, "glibc + # *needs* to be compiled with optimization" (emphasis mine). So let's fix the optimization settings, + # not tweak glibc. + # (drobbins, 10 Feb 2002) + # http://sources.redhat.com/ml/bug-glibc/2001-09/msg00041.html + # http://sources.redhat.com/ml/bug-glibc/2001-09/msg00042.html + # cd ${S}/linuxthreads + # cp spinlock.c spinlock.c.orig + # sed -e 's/"=m" (lock->__status) : "0" (lock->__status/"+m" (lock->__status/g' spinlock.c.orig > spinlock.c + + # The glob() buffer overflow in glibc 2.2.4 was fixed in 2.2.5; commenting out. + # http://lwn.net/2001/1220/a/glibc-vulnerability.php3 + # cd ${S} + # patch -p1 < ${FILESDIR}/glibc-2.2.4-glob-overflow.diff || die + + # A buffer overflow vulnerability exists in multiple implementations of DNS + # resolver libraries. This affects glibc-2.2.5 and earlier. See bug #4923 + # and: + # + # http://www.cert.org/advisories/CA-2002-19.html + cd ${S}; patch -p1 < ${FILESDIR}/${P}-dns-network-overflow.diff || die + + if [ ${ARCH} == "x86" ]; then + # This patch fixes the nvidia-glx probs, openoffice and vmware probs and such.. + # http://sources.redhat.com/ml/libc-hacker/2002-02/msg00152.html + cd ${S} + patch -p1 < ${FILESDIR}/glibc-divdi3.diff || die + fi + + # Some gcc-3.1.1 fixes. This works fine for other versions of gcc as well, + # and should generally be ok, as it just fixes define order that causes scope + # problems with gcc-3.1.1. + # (Azarah, 14 Jul 2002) + patch -p1 < ${FILESDIR}/glibc-2.2.5-gcc311.patch || die +} + +src_compile() { + local myconf="" + # If we build for the build system we use the kernel headers from the target + use build && myconf="${myconf} --with-header=${ROOT}usr/include" + use nls || myconf="${myconf} --disable-nls" + + rm -rf buildhere + mkdir buildhere + cd buildhere + ../configure --host=${CHOST} \ + --with-gd=no \ + --without-cvs \ + --enable-add-ons=linuxthreads \ + --disable-profile \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --libexecdir=/usr/lib/misc \ + ${myconf} || die + #This next option breaks the Sun JDK and the IBM JDK + #We should really keep compatibility with older kernels, anyway + #--enable-kernel=2.4.0 + + make PARALLELMFLAGS="${MAKEOPTS}" || die + make check +} + + +src_install() { + export LC_ALL=C + make PARALLELMFLAGS="${MAKEOPTS}" \ + install_root=${D} \ + install -C buildhere || die + + if [ -z "`use build`" ] + then + make PARALLELMFLAGS="${MAKEOPTS}" \ + install_root=${D} \ + info -C buildhere || die + + make PARALLELMFLAGS="${MAKEOPTS}" \ + install_root=${D} \ + localedata/install-locales -C buildhere || die + + #install linuxthreads man pages + dodir /usr/share/man/man3 + doman ${S}/man/*.3thr + install -m 644 nscd/nscd.conf ${D}/etc + dodoc BUGS ChangeLog* CONFORMANCE COPYING* FAQ INTERFACE \ + NEWS NOTES PROJECTS README* + else + rm -rf ${D}/usr/share ${D}/usr/lib/gconv + fi + + if [ "`use pic`" ] + then + find ${S}/buildhere -name "*_pic.a" -exec cp {} ${D}/lib \; + find ${S}/buildhere -name "*.map" -exec cp {} ${D}/lib \; + for i in ${D}/lib/*.map + do + mv ${i} ${i%.map}_pic.map + done + fi + + #is this next line actually needed or does the makefile get it right? + #It previously has 0755 perms which was killing things. + chmod 4755 ${D}/usr/lib/misc/pt_chown + rm -f ${D}/etc/ld.so.cache + + #prevent overwriting of the /etc/localtime symlink. We'll handle the + #creation of the "factory" symlink in pkg_postinst(). + rm -f ${D}/etc/localtime + + #some things want this, notably ash. + dosym /usr/lib/libbsd-compat.a /usr/lib/libbsd.a +} + +pkg_postinst() { + # Correct me if I am wrong here, but my /etc/localtime is a file + # created by zic .... + # I am thinking that it should only be recreated if no /etc/localtime + # exists, or if it is an invalid symlink. + # + # For invalid symlink: + # -f && -e will fail + # -L will succeed + # + if [ ! -e ${ROOT}/etc/localtime ] + then + echo "Please remember to set your timezone using the zic command." + rm -f ${ROOT}/etc/localtime + ln -s ../usr/share/zoneinfo/Factory ${ROOT}/etc/localtime + fi +} + |