Commit f55813bb authored by stskeeps's avatar stskeeps

Merge branch 'eglibc_2.19-0ubuntu6.9.debian' into 'master'

[security] Upgrade to eglibc_2.19-0ubuntu6.9 and apply Debian/Ubuntu patches before Mer specific ones. MER#1633

Fixes CVE-2015-1781, CVE-2014-8121, CVE-2015-5277, CVE-2015-8776,
CVE-2015-8777, CVE-2015-8778, CVE-2015-8779, CVE-2016-3075, CVE-2016-2856,
CVE-2013-2207.
Signed-off-by: tigeli's avatarPasi Sjöholm <pasi.sjoholm@siirappi.com>

See merge request !10
parents 75de86f9 90a189d2
diff --git a/elf/dl-load.c b/elf/dl-load.c Index: eglibc-2.19/elf/dl-load.c
index 1be7a3c..49f070f 100644 ===================================================================
--- a/elf/dl-load.c --- eglibc-2.19.orig/elf/dl-load.c
+++ b/elf/dl-load.c +++ eglibc-2.19/elf/dl-load.c
@@ -482,7 +482,7 @@ static size_t max_dirnamelen; @@ -482,7 +482,7 @@ static size_t max_dirnamelen;
static struct r_search_path_elem ** static struct r_search_path_elem **
fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep,
...@@ -11,7 +11,7 @@ index 1be7a3c..49f070f 100644 ...@@ -11,7 +11,7 @@ index 1be7a3c..49f070f 100644
{ {
char *cp; char *cp;
size_t nelems = 0; size_t nelems = 0;
@@ -520,9 +520,23 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, @@ -520,9 +520,23 @@ fillin_rpath (char *rpath, struct r_sear
} }
/* See if this directory is already known. */ /* See if this directory is already known. */
...@@ -38,7 +38,7 @@ index 1be7a3c..49f070f 100644 ...@@ -38,7 +38,7 @@ index 1be7a3c..49f070f 100644
if (dirp != NULL) if (dirp != NULL)
{ {
@@ -540,22 +554,43 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, @@ -540,22 +554,43 @@ fillin_rpath (char *rpath, struct r_sear
size_t cnt; size_t cnt;
enum r_dir_status init_val; enum r_dir_status init_val;
size_t where_len = where ? strlen (where) + 1 : 0; size_t where_len = where ? strlen (where) + 1 : 0;
...@@ -87,7 +87,7 @@ index 1be7a3c..49f070f 100644 ...@@ -87,7 +87,7 @@ index 1be7a3c..49f070f 100644
/* We have to make sure all the relative directories are /* We have to make sure all the relative directories are
never ignored. The current directory might change and never ignored. The current directory might change and
@@ -566,7 +601,8 @@ fillin_rpath (char *rpath, struct r_search_path_elem **result, const char *sep, @@ -566,7 +601,8 @@ fillin_rpath (char *rpath, struct r_sear
dirp->what = what; dirp->what = what;
if (__builtin_expect (where != NULL, 1)) if (__builtin_expect (where != NULL, 1))
...@@ -97,7 +97,7 @@ index 1be7a3c..49f070f 100644 ...@@ -97,7 +97,7 @@ index 1be7a3c..49f070f 100644
+ (ncapstr * sizeof (enum r_dir_status)), + (ncapstr * sizeof (enum r_dir_status)),
where, where_len); where, where_len);
else else
@@ -668,7 +704,7 @@ decompose_rpath (struct r_search_path_struct *sps, @@ -668,7 +704,7 @@ decompose_rpath (struct r_search_path_st
_dl_signal_error (ENOMEM, NULL, NULL, errstring); _dl_signal_error (ENOMEM, NULL, NULL, errstring);
} }
...@@ -115,11 +115,11 @@ index 1be7a3c..49f070f 100644 ...@@ -115,11 +115,11 @@ index 1be7a3c..49f070f 100644
if (env_path_list.dirs[0] == NULL) if (env_path_list.dirs[0] == NULL)
{ {
diff --git a/elf/dl-support.c b/elf/dl-support.c Index: eglibc-2.19/elf/dl-support.c
index e435436..723814a 100644 ===================================================================
--- a/elf/dl-support.c --- eglibc-2.19.orig/elf/dl-support.c
+++ b/elf/dl-support.c +++ eglibc-2.19/elf/dl-support.c
@@ -58,6 +58,9 @@ const char *_dl_profile_output; @@ -61,6 +61,9 @@ const char *_dl_profile_output;
ignored. */ ignored. */
const char *_dl_inhibit_rpath; const char *_dl_inhibit_rpath;
...@@ -129,11 +129,11 @@ index e435436..723814a 100644 ...@@ -129,11 +129,11 @@ index e435436..723814a 100644
/* The map for the object we will profile. */ /* The map for the object we will profile. */
struct link_map *_dl_profile_map; struct link_map *_dl_profile_map;
diff --git a/elf/rtld.c b/elf/rtld.c Index: eglibc-2.19/elf/rtld.c
index 6dcbabc..ea3af55 100644 ===================================================================
--- a/elf/rtld.c --- eglibc-2.19.orig/elf/rtld.c
+++ b/elf/rtld.c +++ eglibc-2.19/elf/rtld.c
@@ -994,6 +994,15 @@ dl_main (const ElfW(Phdr) *phdr, @@ -991,6 +991,15 @@ dl_main (const ElfW(Phdr) *phdr,
_dl_argc -= 2; _dl_argc -= 2;
INTUSE(_dl_argv) += 2; INTUSE(_dl_argv) += 2;
} }
...@@ -149,7 +149,7 @@ index 6dcbabc..ea3af55 100644 ...@@ -149,7 +149,7 @@ index 6dcbabc..ea3af55 100644
else if (! strcmp (INTUSE(_dl_argv)[1], "--audit") && _dl_argc > 2) else if (! strcmp (INTUSE(_dl_argv)[1], "--audit") && _dl_argc > 2)
{ {
process_dl_audit (INTUSE(_dl_argv)[2]); process_dl_audit (INTUSE(_dl_argv)[2]);
@@ -1028,6 +1037,7 @@ of this helper program; chances are you did not intend to run this program.\n\ @@ -1025,6 +1034,7 @@ of this helper program; chances are you
--inhibit-cache Do not use " LD_SO_CACHE "\n\ --inhibit-cache Do not use " LD_SO_CACHE "\n\
--library-path PATH use given PATH instead of content of the environment\n\ --library-path PATH use given PATH instead of content of the environment\n\
variable LD_LIBRARY_PATH\n\ variable LD_LIBRARY_PATH\n\
...@@ -157,14 +157,14 @@ index 6dcbabc..ea3af55 100644 ...@@ -157,14 +157,14 @@ index 6dcbabc..ea3af55 100644
--inhibit-rpath LIST ignore RUNPATH and RPATH information in object names\n\ --inhibit-rpath LIST ignore RUNPATH and RPATH information in object names\n\
in LIST\n\ in LIST\n\
--audit LIST use objects named in LIST as auditors\n"); --audit LIST use objects named in LIST as auditors\n");
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h Index: eglibc-2.19/sysdeps/generic/ldsodefs.h
index ffeb093..3116188 100644 ===================================================================
--- a/sysdeps/generic/ldsodefs.h --- eglibc-2.19.orig/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h +++ eglibc-2.19/sysdeps/generic/ldsodefs.h
@@ -593,6 +593,12 @@ struct rtld_global_ro @@ -600,6 +600,12 @@ struct rtld_global_ro
/* List of auditing interfaces. */
/* 0 if internal pointer values should not be guarded, 1 if they should. */ struct audit_ifaces *_dl_audit;
EXTERN int _dl_pointer_guard; unsigned int _dl_naudit;
+#endif +#endif
+ +
+ /* prefix for RPATH + RUNPATH components. */ + /* prefix for RPATH + RUNPATH components. */
......
* Sun Aug 28 2016 Pasi Sjöholm <pasi.sjoholm@siirappi.com> - 2.19+6.9
- Upgrade to eglibc_2.19-0ubuntu6.9 and apply Debian/Ubuntu patches
before Mer specific ones.
- Fixes CVE-2015-1781, CVE-2014-8121, CVE-2015-5277, CVE-2015-8776,
CVE-2015-8777, CVE-2015-8778, CVE-2015-8779, CVE-2016-3075, CVE-2016-2856,
CVE-2013-2207. MER#1633
* Fri Feb 26 2016 Niels Breet <niels.breet@jolla.com> - 2.19+6.7 * Fri Feb 26 2016 Niels Breet <niels.breet@jolla.com> - 2.19+6.7
- Packaging fix. Contributes MER#1515 - Packaging fix. Contributes MER#1515
......
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
Summary: Embedded GLIBC (EGLIBC) is a variant of the GNU C Library (GLIBC) Summary: Embedded GLIBC (EGLIBC) is a variant of the GNU C Library (GLIBC)
Name: glibc Name: glibc
Version: 2.19+6.7 Version: 2.19+6.9
Release: 1 Release: 1
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
...@@ -20,7 +20,7 @@ License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ ...@@ -20,7 +20,7 @@ License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
Group: System/Libraries Group: System/Libraries
URL: http://www.eglibc.org/ URL: http://www.eglibc.org/
Source0: https://launchpad.net/ubuntu/+archive/primary/+files/eglibc_2.19.orig.tar.xz Source0: https://launchpad.net/ubuntu/+archive/primary/+files/eglibc_2.19.orig.tar.xz
Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.7.debian.tar.xz Source1: http://archive.ubuntu.com/ubuntu/pool/main/e/eglibc/eglibc_2.19-0ubuntu6.9.debian.tar.xz
Source11: build-locale-archive.c Source11: build-locale-archive.c
# glibc-arm-alignment-fix.patch: safe but probably not needed anymore # glibc-arm-alignment-fix.patch: safe but probably not needed anymore
...@@ -198,6 +198,17 @@ If unsure if you need this, don't install this package. ...@@ -198,6 +198,17 @@ If unsure if you need this, don't install this package.
%setup -q -n %{glibcsrcdir} %{?glibc_release_unpack} %setup -q -n %{glibcsrcdir} %{?glibc_release_unpack}
xz -dc %SOURCE1 | tar xf - xz -dc %SOURCE1 | tar xf -
# Not well formatted locales --cvm
sed -i "s|^localedata/locale-eo_EO.diff$||g" debian/patches/series
sed -i "s|^localedata/locale-ia.diff$||g" debian/patches/series
# This screws up armv6, as it doesn't have ARMv7 instructions/Thumb2
%ifarch armv6l
sed -i "s|^arm/local-linaro-cortex-strings.diff$||g" debian/patches/series
%endif
sed -i "s|^kfreebsd.*$||g" debian/patches/series
QUILT_PATCHES=debian/patches quilt push -a
# glibc-arm-alignment-fix.patch # glibc-arm-alignment-fix.patch
%patch1 -p1 %patch1 -p1
%ifarch %{arm} %ifarch %{arm}
...@@ -229,17 +240,6 @@ xz -dc %SOURCE1 | tar xf - ...@@ -229,17 +240,6 @@ xz -dc %SOURCE1 | tar xf -
# eglibc-2.19-sb2-workaround.patch # eglibc-2.19-sb2-workaround.patch
%patch13 -p1 %patch13 -p1
# Not well formatted locales --cvm
sed -i "s|^localedata/locale-eo_EO.diff$||g" debian/patches/series
sed -i "s|^localedata/locale-ia.diff$||g" debian/patches/series
# This screws up armv6, as it doesn't have ARMv7 instructions/Thumb2
%ifarch armv6l
sed -i "s|^arm/local-linaro-cortex-strings.diff$||g" debian/patches/series
%endif
sed -i "s|^kfreebsd.*$||g" debian/patches/series
QUILT_PATCHES=debian/patches quilt push -a
cat > find_provides.sh <<EOF cat > find_provides.sh <<EOF
#!/bin/sh #!/bin/sh
/usr/lib/rpm/find-provides | grep -v GLIBC_PRIVATE /usr/lib/rpm/find-provides | grep -v GLIBC_PRIVATE
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment