summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schlemmer <azarah@gentoo.org>2002-07-13 06:42:28 +0000
committerMartin Schlemmer <azarah@gentoo.org>2002-07-13 06:42:28 +0000
commitd0254d8bf8a573de710249eeae23181aee0704e8 (patch)
treef36cb06a0eca391985a2e1e26abbe94aa526d005 /sys-libs
parentfew tweaks suggested in #4756 (diff)
downloadgentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.tar.gz
gentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.tar.bz2
gentoo-2-d0254d8bf8a573de710249eeae23181aee0704e8.zip
buffer overflow fix
Diffstat (limited to 'sys-libs')
-rw-r--r--sys-libs/glibc/ChangeLog14
-rw-r--r--sys-libs/glibc/files/digest-glibc-2.2.5-r52
-rw-r--r--sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff13
-rw-r--r--sys-libs/glibc/glibc-2.2.5-r5.ebuild192
4 files changed, 218 insertions, 3 deletions
diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index c7e3ff22c1ad..67b3718ed26b 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,10 +1,18 @@
# ChangeLog for sys-libs/glibc
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.8 2002/07/06 23:56:15 azarah Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.9 2002/07/13 06:42:28 azarah Exp $
-*glibc-2.2.5-r5 (6 Jul 2002)
+*glibc-2.2.5-r5 (14 Jul 2002)
- 6 Jul 2002; Martin Schlemmer <azarah@gentoo.org> glibc-2.2.5-r5.ebuild :
+ 14 Jul 2002; Martin Schlemmer <azarah@gentoo.org> glibc-2.2.5-r5.ebuild :
+
+ A buffer overflow vulnerability exists in multiple implementations of DNS
+ resolver libraries. This affects glibc-2.2.5 and earlier. See bug #4923
+ and:
+
+ http://www.cert.org/advisories/CA-2002-19.html
+
+ for details.
Seems gcc-3.1.1 is even more strict than 3.1 .. patch glibc for gcc-3.1.1.
This is also correct for previous gcc versions.
diff --git a/sys-libs/glibc/files/digest-glibc-2.2.5-r5 b/sys-libs/glibc/files/digest-glibc-2.2.5-r5
new file mode 100644
index 000000000000..acc05c85ba28
--- /dev/null
+++ b/sys-libs/glibc/files/digest-glibc-2.2.5-r5
@@ -0,0 +1,2 @@
+MD5 5be613d02b934d8e305dd2f93062fa6c glibc-2.2.5.tar.bz2 12404613
+MD5 33b9ae01d51263867d338adfba105278 glibc-linuxthreads-2.2.5.tar.bz2 168269
diff --git a/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff b/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff
new file mode 100644
index 000000000000..5704c8a6259d
--- /dev/null
+++ b/sys-libs/glibc/files/glibc-2.2.5-dns-network-overflow.diff
@@ -0,0 +1,13 @@
+--- libc/resolv/nss_dns/dns-network.c Fri Jul 12 10:18:13 2002
++++ libc/resolv/nss_dns/dns-network.c Fri Jul 12 10:20:10 2002
+@@ -328,7 +328,9 @@
+ }
+ cp += n;
+ *alias_pointer++ = bp;
+- bp += strlen (bp) + 1;
++ n = strlen (bp) + 1;
++ bp += n;
++ linebuflen -= n;
+ result->n_addrtype = class == C_IN ? AF_INET : AF_UNSPEC;
+ ++have_answer;
+ }
diff --git a/sys-libs/glibc/glibc-2.2.5-r5.ebuild b/sys-libs/glibc/glibc-2.2.5-r5.ebuild
new file mode 100644
index 000000000000..0fe63c5c6b39
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.2.5-r5.ebuild
@@ -0,0 +1,192 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.2.5-r5.ebuild,v 1.4 2002/07/13 06:42:28 azarah Exp $
+inherit flag-o-matic
+
+filter-flags "-fomit-frame-pointer -malign-double"
+
+S=${WORKDIR}/${P}
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+SRC_URI="ftp://sources.redhat.com/pub/glibc/releases/glibc-${PV}.tar.bz2
+ ftp://sources.redhat.com/pub/glibc/releases/glibc-linuxthreads-${PV}.tar.bz2"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+KEYWORDS="*"
+LICENSE="GPL-2"
+SLOT="2.2"
+
+#portage-1.8.9 needed for smart library merging feature (avoids segfaults on glibc upgrade)
+#drobbins, 18 Mar 2002: we now rely on the system profile to select the correct linus-headers
+DEPEND="sys-kernel/linux-headers
+ nls? ( sys-devel/gettext )"
+RDEPEND="sys-kernel/linux-headers"
+
+if [ -z "`use build`" ]
+then
+ RDEPEND="${RDEPEND}
+ sys-apps/baselayout"
+else
+ RDEPEND="${RDEPEND}
+ >=sys-apps/portage-1.8.9_pre1
+ sys-apps/baselayout"
+fi
+
+PROVIDE="virtual/glibc"
+
+#lock glibc at -O2 -- linuxthreads needs it and we want to be conservative here
+export CFLAGS="$CFLAGS -O2"
+export CXXFLAGS="$CFLAGS"
+
+src_unpack() {
+ unpack glibc-${PV}.tar.bz2 || die
+ cd ${S}
+ #extract pre-made man pages. Otherwise we need perl, which is a no-no.
+ mkdir man; cd man
+ tar xjf ${FILESDIR}/glibc-manpages-${PV}.tar.bz2 || die
+ cd ${S}
+ unpack glibc-linuxthreads-${PV}.tar.bz2 || die
+
+ # This patch apparently eliminates compiler warnings for some versions of gcc.
+ # For information about the string2 patch, see:
+ # http://lists.gentoo.org/pipermail/gentoo-dev/2001-June/001559.html
+ patch -p0 < ${FILESDIR}/glibc-2.2.4-string2.h.diff || die
+
+ # This next one is a new patch to fix thread signal handling. See:
+ # http://sources.redhat.com/ml/libc-hacker/2002-02/msg00120.html
+ # (Added by drobbins on 05 Mar 2002)
+ patch -p0 < ${FILESDIR}/glibc-2.2.5-threadsig.diff || die
+
+ # This next patch fixes a test that will timeout due to ReiserFS' slow handling of sparse files
+ cd ${S}/io; patch -p0 < ${FILESDIR}/glibc-2.2.2-test-lfs-timeout.patch || die
+
+ # The following spinlock error should only bite if you compile without any -O in CFLAGS, so a tweak
+ # shouldn't be necessary. The solution is to add -O2. According to Andreas Jaeger of SuSE, "glibc
+ # *needs* to be compiled with optimization" (emphasis mine). So let's fix the optimization settings,
+ # not tweak glibc.
+ # (drobbins, 10 Feb 2002)
+ # http://sources.redhat.com/ml/bug-glibc/2001-09/msg00041.html
+ # http://sources.redhat.com/ml/bug-glibc/2001-09/msg00042.html
+ # cd ${S}/linuxthreads
+ # cp spinlock.c spinlock.c.orig
+ # sed -e 's/"=m" (lock->__status) : "0" (lock->__status/"+m" (lock->__status/g' spinlock.c.orig > spinlock.c
+
+ # The glob() buffer overflow in glibc 2.2.4 was fixed in 2.2.5; commenting out.
+ # http://lwn.net/2001/1220/a/glibc-vulnerability.php3
+ # cd ${S}
+ # patch -p1 < ${FILESDIR}/glibc-2.2.4-glob-overflow.diff || die
+
+ # A buffer overflow vulnerability exists in multiple implementations of DNS
+ # resolver libraries. This affects glibc-2.2.5 and earlier. See bug #4923
+ # and:
+ #
+ # http://www.cert.org/advisories/CA-2002-19.html
+ cd ${S}; patch -p1 < ${FILESDIR}/${P}-dns-network-overflow.diff || die
+
+ if [ ${ARCH} == "x86" ]; then
+ # This patch fixes the nvidia-glx probs, openoffice and vmware probs and such..
+ # http://sources.redhat.com/ml/libc-hacker/2002-02/msg00152.html
+ cd ${S}
+ patch -p1 < ${FILESDIR}/glibc-divdi3.diff || die
+ fi
+
+ # Some gcc-3.1.1 fixes. This works fine for other versions of gcc as well,
+ # and should generally be ok, as it just fixes define order that causes scope
+ # problems with gcc-3.1.1.
+ # (Azarah, 14 Jul 2002)
+ patch -p1 < ${FILESDIR}/glibc-2.2.5-gcc311.patch || die
+}
+
+src_compile() {
+ local myconf=""
+ # If we build for the build system we use the kernel headers from the target
+ use build && myconf="${myconf} --with-header=${ROOT}usr/include"
+ use nls || myconf="${myconf} --disable-nls"
+
+ rm -rf buildhere
+ mkdir buildhere
+ cd buildhere
+ ../configure --host=${CHOST} \
+ --with-gd=no \
+ --without-cvs \
+ --enable-add-ons=linuxthreads \
+ --disable-profile \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --libexecdir=/usr/lib/misc \
+ ${myconf} || die
+ #This next option breaks the Sun JDK and the IBM JDK
+ #We should really keep compatibility with older kernels, anyway
+ #--enable-kernel=2.4.0
+
+ make PARALLELMFLAGS="${MAKEOPTS}" || die
+ make check
+}
+
+
+src_install() {
+ export LC_ALL=C
+ make PARALLELMFLAGS="${MAKEOPTS}" \
+ install_root=${D} \
+ install -C buildhere || die
+
+ if [ -z "`use build`" ]
+ then
+ make PARALLELMFLAGS="${MAKEOPTS}" \
+ install_root=${D} \
+ info -C buildhere || die
+
+ make PARALLELMFLAGS="${MAKEOPTS}" \
+ install_root=${D} \
+ localedata/install-locales -C buildhere || die
+
+ #install linuxthreads man pages
+ dodir /usr/share/man/man3
+ doman ${S}/man/*.3thr
+ install -m 644 nscd/nscd.conf ${D}/etc
+ dodoc BUGS ChangeLog* CONFORMANCE COPYING* FAQ INTERFACE \
+ NEWS NOTES PROJECTS README*
+ else
+ rm -rf ${D}/usr/share ${D}/usr/lib/gconv
+ fi
+
+ if [ "`use pic`" ]
+ then
+ find ${S}/buildhere -name "*_pic.a" -exec cp {} ${D}/lib \;
+ find ${S}/buildhere -name "*.map" -exec cp {} ${D}/lib \;
+ for i in ${D}/lib/*.map
+ do
+ mv ${i} ${i%.map}_pic.map
+ done
+ fi
+
+ #is this next line actually needed or does the makefile get it right?
+ #It previously has 0755 perms which was killing things.
+ chmod 4755 ${D}/usr/lib/misc/pt_chown
+ rm -f ${D}/etc/ld.so.cache
+
+ #prevent overwriting of the /etc/localtime symlink. We'll handle the
+ #creation of the "factory" symlink in pkg_postinst().
+ rm -f ${D}/etc/localtime
+
+ #some things want this, notably ash.
+ dosym /usr/lib/libbsd-compat.a /usr/lib/libbsd.a
+}
+
+pkg_postinst() {
+ # Correct me if I am wrong here, but my /etc/localtime is a file
+ # created by zic ....
+ # I am thinking that it should only be recreated if no /etc/localtime
+ # exists, or if it is an invalid symlink.
+ #
+ # For invalid symlink:
+ # -f && -e will fail
+ # -L will succeed
+ #
+ if [ ! -e ${ROOT}/etc/localtime ]
+ then
+ echo "Please remember to set your timezone using the zic command."
+ rm -f ${ROOT}/etc/localtime
+ ln -s ../usr/share/zoneinfo/Factory ${ROOT}/etc/localtime
+ fi
+}
+