[packages/glibc] - update to 2.21; fixes CVE-2015-1472, CVE-2104-7817, CVE-2012-3406, CVE-2014-9402 (we had some of t
arekm
arekm at pld-linux.org
Fri Feb 6 18:58:31 CET 2015
commit 6bb391cfc4d57b539d6824976c2d89b45cd0c6e1
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Fri Feb 6 18:58:24 2015 +0100
- update to 2.21; fixes CVE-2015-1472, CVE-2104-7817, CVE-2012-3406, CVE-2014-9402 (we had some of these fixed already); morelocales patch needs update
glibc-Os-fail-workaround.patch | 14 --
glibc-autoconf.patch | 2 +-
glibc-format.patch | 48 -----
glibc-git.patch | 404 -----------------------------------------
glibc-no-bash-nls.patch | 79 ++------
glibc-origin.patch | 26 ---
glibc.spec | 23 +--
7 files changed, 22 insertions(+), 574 deletions(-)
---
diff --git a/glibc.spec b/glibc.spec
index 57977c9..52c602d 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -27,7 +27,7 @@
%undefine with_memusage
%endif
-%define core_version 2.20
+%define core_version 2.21
%define llh_version 7:2.6.32.1-1
Summary: GNU libc
@@ -41,12 +41,12 @@ Summary(tr.UTF-8): GNU libc
Summary(uk.UTF-8): GNU libc версії
Name: glibc
Version: %{core_version}
-Release: 8
+Release: 0.1
Epoch: 6
License: LGPL v2.1+
Group: Libraries
Source0: http://ftp.gnu.org/gnu/glibc/%{name}-%{version}.tar.xz
-# Source0-md5: 948a6e06419a01bd51e97206861595b0
+# Source0-md5: 9cb398828e8f84f57d1f7d5588cf40cd
Source2: nscd.init
Source3: nscd.sysconfig
Source4: nscd.logrotate
@@ -57,7 +57,6 @@ Source6: %{name}-localedb-gen
Source7: %{name}-LD-path.c
Source8: nscd.upstart
Source9: nscd.tmpfiles
-Patch0: %{name}-git.patch
# against GNU TP (libc domain)
#Patch1: %{name}-pl.po-update.patch
Patch2: %{name}-pld.patch
@@ -70,7 +69,6 @@ Patch8: %{name}-missing-nls.patch
Patch9: %{name}-nss_include_dirs.patch
Patch10: %{name}-info.patch
Patch11: %{name}-autoconf.patch
-Patch12: %{name}-format.patch
Patch14: %{name}-sparc-errno_fix.patch
Patch15: %{name}-new-charsets.patch
@@ -89,8 +87,7 @@ Patch27: %{name}-locale-C.patch.xz
Patch28: %{name}-locale-C-pld.patch
Patch29: %{name}-arm-alignment-fix.patch
Patch30: glibc-rh1124987.patch
-Patch31: %{name}-origin.patch
-Patch32: %{name}-Os-fail-workaround.patch
+
Patch33: fix-broken-echo.patch
Patch38: 1055_all_glibc-resolv-dynamic.patch
URL: http://www.gnu.org/software/libc/
@@ -104,7 +101,7 @@ BuildRequires: binutils >= 2:2.15.90.0.3
%endif
%{!?with_cross:BuildRequires: dietlibc-static}
BuildRequires: gawk
-BuildRequires: gcc >= 6:4.3
+BuildRequires: gcc >= 6:4.6
%{?with_memusage:BuildRequires: gd-devel >= 2.0.1}
BuildRequires: gettext-tools >= 0.10.36
%{?with_selinux:BuildRequires: libselinux-devel >= 1.18}
@@ -957,7 +954,6 @@ echo "Minimal supported kernel is 2.6.32" >&2
exit 1
%endif
-%patch0 -p1
%patch2 -p1
%patch3 -p0
%{!?with_bash_nls:%patch4 -p1}
@@ -969,12 +965,12 @@ exit 1
%patch10 -p1
%patch11 -p1
-%patch12 -p1
%patch14 -p0
%patch15 -p1
%patch16 -p1
-%patch17 -p1
+# TODO
+#%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
@@ -986,8 +982,7 @@ exit 1
%patch28 -p1
%patch29 -p1
%patch30 -p1
-%patch31 -p1
-%patch32 -p1
+
%patch33 -p1
%patch38 -p1
@@ -1134,7 +1129,7 @@ install %{SOURCE9} $RPM_BUILD_ROOT%{systemdtmpfilesdir}/nscd.conf
rm -rf documentation
install -d documentation
-for f in ChangeLog.old DESIGN-{barrier,condvar,rwlock,sem}.txt TODO{,-kernel,-testing}; do
+for f in ChangeLog.old DESIGN-{barrier,condvar,rwlock,systemtap-probes}.txt TODO{,-kernel,-testing}; do
cp -af nptl/$f documentation/$f.nptl
done
cp -af crypt/README.ufc-crypt ChangeLog* documentation
diff --git a/glibc-Os-fail-workaround.patch b/glibc-Os-fail-workaround.patch
deleted file mode 100644
index 3678cbc..0000000
--- a/glibc-Os-fail-workaround.patch
+++ /dev/null
@@ -1,14 +0,0 @@
---- glibc-2.13/sysdeps/unix/sysv/linux/faccessat.c~ 2011-02-06 19:53:12.355202896 +0100
-+++ glibc-2.13/sysdeps/unix/sysv/linux/faccessat.c 2011-02-06 19:53:14.418536233 +0100
-@@ -17,6 +17,11 @@
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
-
-+#ifndef __USE_EXTERN_INLINES
-+# define __USE_EXTERN_INLINES
-+# include <sys/stat.h>
-+# undef __USE_EXTERN_INLINES
-+#endif
- #include <errno.h>
- #include <fcntl.h>
- #include <stddef.h>
diff --git a/glibc-autoconf.patch b/glibc-autoconf.patch
index b3332ee..78574ee 100644
--- a/glibc-autoconf.patch
+++ b/glibc-autoconf.patch
@@ -3,7 +3,7 @@
@@ -2,11 +2,6 @@
dnl the internal functions defined and used by the main configure script
dnl match those expected by the fragments.
- m4_define([GLIBC_AUTOCONF_VERSION], [2.68])
+ m4_define([GLIBC_AUTOCONF_VERSION], [2.69])
-m4_if(m4_defn([AC_AUTOCONF_VERSION]), GLIBC_AUTOCONF_VERSION, [],
- [m4_fatal(m4_flatten(
-Exactly version GLIBC_AUTOCONF_VERSION of Autoconf is required but you have
diff --git a/glibc-format.patch b/glibc-format.patch
deleted file mode 100644
index dd3c5f5..0000000
--- a/glibc-format.patch
+++ /dev/null
@@ -1,48 +0,0 @@
---- glibc-2.17/stdio-common/test-vfprintf.c~ 2012-12-25 04:02:13.000000000 +0100
-+++ glibc-2.17/stdio-common/test-vfprintf.c 2013-01-09 22:34:39.763896649 +0100
-@@ -92,7 +92,7 @@
- fprintf (fp, "%s", large);
- fprintf (fp, "%.*s", 30000, large);
- large[20000] = '\0';
-- fprintf (fp, large);
-+ fprintf (fp, "%s", large);
- fprintf (fp, "%-1.300000000s", "hello");
-
- if (fflush (fp) != 0 || ferror (fp) != 0 || fclose (fp) != 0)
---- glibc-2.17/posix/regexbug1.c~ 2012-12-25 04:02:13.000000000 +0100
-+++ glibc-2.17/posix/regexbug1.c 2013-01-09 22:36:56.763888226 +0100
-@@ -18,7 +18,7 @@
- {
- char buf[100];
- regerror (reerr, &re, buf, sizeof buf);
-- error (EXIT_FAILURE, 0, buf);
-+ error (EXIT_FAILURE, 0, "%s", buf);
- }
-
- if (regexec (&re, "002", 2, ma, 0) != 0)
-@@ -35,7 +35,7 @@
- {
- char buf[100];
- regerror (reerr, &re, buf, sizeof buf);
-- error (EXIT_FAILURE, 0, buf);
-+ error (EXIT_FAILURE, 0, "%s", buf);
- }
-
- if (regexec (&re, "002", 2, ma, 0) != 0)
---- glibc-2.17/misc/tst-error1.c~ 2012-12-25 04:02:13.000000000 +0100
-+++ glibc-2.17/misc/tst-error1.c 2013-01-09 22:38:17.262508638 +0100
-@@ -15,10 +15,10 @@
- static const char str[] = "hello world! ";
- for (int i = 0; i < 1000; ++i)
- memcpy (&buf[i * (sizeof (str) - 1)], str, sizeof (str));
-- error (0, 0, str);
-- error (0, 0, buf);
-- error (0, 0, buf);
-- error (0, 0, str);
-+ error (0, 0, "%s", str);
-+ error (0, 0, "%s", buf);
-+ error (0, 0, "%s", buf);
-+ error (0, 0, "%s", str);
- return 0;
- }
-
diff --git a/glibc-git.patch b/glibc-git.patch
deleted file mode 100644
index f7483b8..0000000
--- a/glibc-git.patch
+++ /dev/null
@@ -1,404 +0,0 @@
-commit 58b930ae216bfa98cd60212b954b07b9963d6d04
-Author: Siddhesh Poyarekar <siddhesh at redhat.com>
-Date: Wed Sep 10 21:51:50 2014 +0530
-
- Return failure in getnetgrent only when all netgroups have been searched (#17363)
-
- The netgroups lookup code fails when one of the groups in the search
- tree is empty. In such a case it only returns the leaves of the tree
- after the blank netgroup. This is because the line parser returns a
- NOTFOUND status when the netgroup exists but is empty. The
- __getnetgrent_internal implementation needs to be fixed to try
- remaining groups if the current group is entry. This patch implements
- this fix. Tested on x86_64.
-
- [BZ #17363]
- * inet/getnetgrent_r.c (__internal_getnetgrent_r): Try next
- group if the current group is empty.
-
-diff --git a/inet/getnetgrent_r.c b/inet/getnetgrent_r.c
-index f6d064d..e101537 100644
---- a/inet/getnetgrent_r.c
-+++ b/inet/getnetgrent_r.c
-@@ -297,7 +297,10 @@ __internal_getnetgrent_r (char **hostp, char **userp, char **domainp,
- {
- status = DL_CALL_FCT (*fct, (datap, buffer, buflen, &errno));
-
-- if (status == NSS_STATUS_RETURN)
-+ if (status == NSS_STATUS_RETURN
-+ /* The service returned a NOTFOUND, but there are more groups that we
-+ need to resolve before we give up. */
-+ || (status == NSS_STATUS_NOTFOUND && datap->needed_groups != NULL))
- {
- /* This was the last one for this group. Look at next group
- if available. */
-commit 984c0ea97f649c869130a1ff099098e2b6f70aad
-Author: Tim Lammens <tim.lammens at gmail.com>
-Date: Thu Sep 11 10:35:54 2014 +0530
-
- Fix memory leak in libio/wfileops.c do_ftell_wide [BZ #17370]
-
-diff --git a/libio/wfileops.c b/libio/wfileops.c
-index f123add..ebc06e8 100644
---- a/libio/wfileops.c
-+++ b/libio/wfileops.c
-@@ -711,6 +711,7 @@ do_ftell_wide (_IO_FILE *fp)
- return WEOF;
-
- offset += outstop - out;
-+ free (out);
- }
-
- /* We don't trust _IO_read_end to represent the current file offset
-commit 52ffbdf25a1100986f4ae27bb0febbe5a722ab25
-Author: Florian Weimer <fweimer at redhat.com>
-Date: Wed Sep 10 20:29:15 2014 +0200
-
- malloc: additional unlink hardening for non-small bins [BZ #17344]
-
- Turn two asserts into a conditional call to malloc_printerr. The
- memory locations are accessed later anyway, so the performance
- impact is minor.
-
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index 6ee3840..6cbe9f3 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -1418,8 +1418,10 @@ typedef struct malloc_chunk *mbinptr;
- BK->fd = FD; \
- if (!in_smallbin_range (P->size) \
- && __builtin_expect (P->fd_nextsize != NULL, 0)) { \
-- assert (P->fd_nextsize->bk_nextsize == P); \
-- assert (P->bk_nextsize->fd_nextsize == P); \
-+ if (__builtin_expect (P->fd_nextsize->bk_nextsize != P, 0) \
-+ || __builtin_expect (P->bk_nextsize->fd_nextsize != P, 0)) \
-+ malloc_printerr (check_action, \
-+ "corrupted double-linked list (not small)", P);\
- if (FD->fd_nextsize == NULL) { \
- if (P->fd_nextsize == P) \
- FD->fd_nextsize = FD->bk_nextsize = FD; \
-commit a7b872687073decdcc7effc2289877d69058aca9
-Author: Andreas Schwab <schwab at linux-m68k.org>
-Date: Sat Sep 13 10:10:29 2014 +0200
-
- Handle zero prefix length in getifaddrs (BZ #17371)
-
-diff --git a/sysdeps/unix/sysv/linux/ifaddrs.c b/sysdeps/unix/sysv/linux/ifaddrs.c
-index 2c04e17..a47b2ed 100644
---- a/sysdeps/unix/sysv/linux/ifaddrs.c
-+++ b/sysdeps/unix/sysv/linux/ifaddrs.c
-@@ -770,20 +770,17 @@ getifaddrs_internal (struct ifaddrs **ifap)
-
- if (cp != NULL)
- {
-- char c;
- unsigned int preflen;
-
-- if ((max_prefixlen > 0) &&
-- (ifam->ifa_prefixlen > max_prefixlen))
-+ if (ifam->ifa_prefixlen > max_prefixlen)
- preflen = max_prefixlen;
- else
- preflen = ifam->ifa_prefixlen;
-
-- for (i = 0; i < ((preflen - 1) / 8); i++)
-+ for (i = 0; i < preflen / 8; i++)
- *cp++ = 0xff;
-- c = 0xff;
-- c <<= ((128 - preflen) % 8);
-- *cp = c;
-+ if (preflen % 8)
-+ *cp = 0xff << (8 - preflen % 8);
- }
- }
- }
-commit 545583d664b64ff234b99aca0d85e99c8a55808f
-Author: Siddhesh Poyarekar <siddhesh at redhat.com>
-Date: Tue Sep 16 14:20:45 2014 +0530
-
- Fix memory leak in error path of do_ftell_wide (BZ #17370)
-
-diff --git a/libio/wfileops.c b/libio/wfileops.c
-index ebc06e8..c5ec5f7 100644
---- a/libio/wfileops.c
-+++ b/libio/wfileops.c
-@@ -708,7 +708,10 @@ do_ftell_wide (_IO_FILE *fp)
- sequences must be complete since they are accepted as
- wchar_t; if not, then that is an error. */
- if (__glibc_unlikely (status != __codecvt_ok))
-- return WEOF;
-+ {
-+ free (out);
-+ return WEOF;
-+ }
-
- offset += outstop - out;
- free (out);
-commit 04b76b5aa8b2d1d19066e42dd1a56a38f34e274c
-Author: Andreas Schwab <schwab at suse.de>
-Date: Thu Oct 30 12:18:48 2014 +0100
-
- Don't error out writing a multibyte character to an unbuffered stream (bug 17522)
-
-diff --git a/libio/Makefile b/libio/Makefile
-index 56952ce..2742128 100644
---- a/libio/Makefile
-+++ b/libio/Makefile
-@@ -61,7 +61,7 @@ tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc \
- bug-memstream1 bug-wmemstream1 \
- tst-setvbuf1 tst-popen1 tst-fgetwc bug-wsetpos tst-fseek \
- tst-fwrite-error tst-ftell-partial-wide tst-ftell-active-handler \
-- tst-ftell-append
-+ tst-ftell-append tst-fputws
- ifeq (yes,$(build-shared))
- # Add test-fopenloc only if shared library is enabled since it depends on
- # shared localedata objects.
-diff --git a/libio/tst-fputws.c b/libio/tst-fputws.c
-new file mode 100644
-index 0000000..09f53df
---- /dev/null
-+++ b/libio/tst-fputws.c
-@@ -0,0 +1,39 @@
-+/* Test that we can write a multibyte character to an unbuffered stream.
-+ Copyright (C) 2014 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <locale.h>
-+#include <stdio.h>
-+#include <wchar.h>
-+
-+static int
-+do_test (void)
-+{
-+ const wchar_t str[] = L"\xbe\n";
-+
-+ setlocale (LC_ALL, "en_US.UTF-8");
-+ setvbuf (stdout, NULL, _IONBF, 0);
-+
-+ if (fputws (str, stdout) < 0)
-+ return 1;
-+
-+ return 0;
-+}
-+
-+#define TEST_FUNCTION do_test ()
-+
-+#include <test-skeleton.c>
-diff --git a/libio/wfileops.c b/libio/wfileops.c
-index c5ec5f7..6a088b1 100644
---- a/libio/wfileops.c
-+++ b/libio/wfileops.c
-@@ -75,17 +75,32 @@ _IO_wdo_write (fp, data, to_do)
- {
- enum __codecvt_result result;
- const wchar_t *new_data;
-+ char mb_buf[MB_LEN_MAX];
-+ char *write_base, *write_ptr, *buf_end;
-+
-+ if (fp->_IO_write_ptr - fp->_IO_write_base < sizeof (mb_buf))
-+ {
-+ /* Make sure we have room for at least one multibyte
-+ character. */
-+ write_ptr = write_base = mb_buf;
-+ buf_end = mb_buf + sizeof (mb_buf);
-+ }
-+ else
-+ {
-+ write_ptr = fp->_IO_write_ptr;
-+ write_base = fp->_IO_write_base;
-+ buf_end = fp->_IO_buf_end;
-+ }
-
- /* Now convert from the internal format into the external buffer. */
- result = (*cc->__codecvt_do_out) (cc, &fp->_wide_data->_IO_state,
- data, data + to_do, &new_data,
-- fp->_IO_write_ptr,
-- fp->_IO_buf_end,
-- &fp->_IO_write_ptr);
-+ write_ptr,
-+ buf_end,
-+ &write_ptr);
-
- /* Write out what we produced so far. */
-- if (_IO_new_do_write (fp, fp->_IO_write_base,
-- fp->_IO_write_ptr - fp->_IO_write_base) == EOF)
-+ if (_IO_new_do_write (fp, write_base, write_ptr - write_base) == EOF)
- /* Something went wrong. */
- return WEOF;
-
-commit a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c
-Author: Carlos O'Donell <carlos at redhat.com>
-Date: Wed Nov 19 11:44:12 2014 -0500
-
- CVE-2014-7817: wordexp fails to honour WRDE_NOCMD.
-
- The function wordexp() fails to properly handle the WRDE_NOCMD
- flag when processing arithmetic inputs in the form of "$((... ``))"
- where "..." can be anything valid. The backticks in the arithmetic
- epxression are evaluated by in a shell even if WRDE_NOCMD forbade
- command substitution. This allows an attacker to attempt to pass
- dangerous commands via constructs of the above form, and bypass
- the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
- in exec_comm(), the only place that can execute a shell. All other
- checks for WRDE_NOCMD are superfluous and removed.
-
- We expand the testsuite and add 3 new regression tests of roughly
- the same form but with a couple of nested levels.
-
- On top of the 3 new tests we add fork validation to the WRDE_NOCMD
- testing. If any forks are detected during the execution of a wordexp()
- call with WRDE_NOCMD, the test is marked as failed. This is slightly
- heuristic since vfork might be used in the future, but it provides a
- higher level of assurance that no shells were executed as part of
- command substitution with WRDE_NOCMD in effect. In addition it doesn't
- require libpthread or libdl, instead we use the public implementation
- namespace function __register_atfork (already part of the public ABI
- for libpthread).
-
- Tested on x86_64 with no regressions.
-
-diff --git a/posix/wordexp-test.c b/posix/wordexp-test.c
-index 4957006..bdd65e4 100644
---- a/posix/wordexp-test.c
-+++ b/posix/wordexp-test.c
-@@ -27,6 +27,25 @@
-
- #define IFS " \n\t"
-
-+extern void *__dso_handle __attribute__ ((__weak__, __visibility__ ("hidden")));
-+extern int __register_atfork (void (*) (void), void (*) (void), void (*) (void), void *);
-+
-+static int __app_register_atfork (void (*prepare) (void), void (*parent) (void), void (*child) (void))
-+{
-+ return __register_atfork (prepare, parent, child,
-+ &__dso_handle == NULL ? NULL : __dso_handle);
-+}
-+
-+/* Number of forks seen. */
-+static int registered_forks;
-+
-+/* For each fork increment the fork count. */
-+static void
-+register_fork (void)
-+{
-+ registered_forks++;
-+}
-+
- struct test_case_struct
- {
- int retval;
-@@ -206,6 +225,12 @@ struct test_case_struct
- { WRDE_SYNTAX, NULL, "$((2+))", 0, 0, { NULL, }, IFS },
- { WRDE_SYNTAX, NULL, "`", 0, 0, { NULL, }, IFS },
- { WRDE_SYNTAX, NULL, "$((010+4+))", 0, 0, { NULL }, IFS },
-+ /* Test for CVE-2014-7817. We test 3 combinations of command
-+ substitution inside an arithmetic expression to make sure that
-+ no commands are executed and error is returned. */
-+ { WRDE_CMDSUB, NULL, "$((`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-+ { WRDE_CMDSUB, NULL, "$((1+`echo 1`))", WRDE_NOCMD, 0, { NULL, }, IFS },
-+ { WRDE_CMDSUB, NULL, "$((1+$((`echo 1`))))", WRDE_NOCMD, 0, { NULL, }, IFS },
-
- { -1, NULL, NULL, 0, 0, { NULL, }, IFS },
- };
-@@ -258,6 +283,15 @@ main (int argc, char *argv[])
- return -1;
- }
-
-+ /* If we are not allowed to do command substitution, we install
-+ fork handlers to verify that no forks happened. No forks should
-+ happen at all if command substitution is disabled. */
-+ if (__app_register_atfork (register_fork, NULL, NULL) != 0)
-+ {
-+ printf ("Failed to register fork handler.\n");
-+ return -1;
-+ }
-+
- for (test = 0; test_case[test].retval != -1; test++)
- if (testit (&test_case[test]))
- ++fail;
-@@ -367,6 +401,9 @@ testit (struct test_case_struct *tc)
-
- printf ("Test %d (%s): ", ++tests, tc->words);
-
-+ if (tc->flags & WRDE_NOCMD)
-+ registered_forks = 0;
-+
- if (tc->flags & WRDE_APPEND)
- {
- /* initial wordexp() call, to be appended to */
-@@ -378,6 +415,13 @@ testit (struct test_case_struct *tc)
- }
- retval = wordexp (tc->words, &we, tc->flags);
-
-+ if ((tc->flags & WRDE_NOCMD)
-+ && (registered_forks > 0))
-+ {
-+ printf ("FAILED fork called for WRDE_NOCMD\n");
-+ return 1;
-+ }
-+
- if (tc->flags & WRDE_DOOFFS)
- start_offs = sav_we.we_offs;
-
-diff --git a/posix/wordexp.c b/posix/wordexp.c
-index b6b65dd..26f3a26 100644
---- a/posix/wordexp.c
-+++ b/posix/wordexp.c
-@@ -893,6 +893,10 @@ exec_comm (char *comm, char **word, size_t *word_length, size_t *max_length,
- pid_t pid;
- int noexec = 0;
-
-+ /* Do nothing if command substitution should not succeed. */
-+ if (flags & WRDE_NOCMD)
-+ return WRDE_CMDSUB;
-+
- /* Don't fork() unless necessary */
- if (!comm || !*comm)
- return 0;
-@@ -2082,9 +2086,6 @@ parse_dollars (char **word, size_t *word_length, size_t *max_length,
- }
- }
-
-- if (flags & WRDE_NOCMD)
-- return WRDE_CMDSUB;
--
- (*offset) += 2;
- return parse_comm (word, word_length, max_length, words, offset, flags,
- quoted? NULL : pwordexp, ifs, ifs_white);
-@@ -2196,9 +2197,6 @@ parse_dquote (char **word, size_t *word_length, size_t *max_length,
- break;
-
- case '`':
-- if (flags & WRDE_NOCMD)
-- return WRDE_CMDSUB;
--
- ++(*offset);
- error = parse_backtick (word, word_length, max_length, words,
- offset, flags, NULL, NULL, NULL);
-@@ -2357,12 +2355,6 @@ wordexp (const char *words, wordexp_t *pwordexp, int flags)
- break;
-
- case '`':
-- if (flags & WRDE_NOCMD)
-- {
-- error = WRDE_CMDSUB;
-- goto do_error;
-- }
--
- ++words_offset;
- error = parse_backtick (&word, &word_length, &max_length, words,
- &words_offset, flags, pwordexp, ifs,
diff --git a/glibc-no-bash-nls.patch b/glibc-no-bash-nls.patch
index 29a2f93..c0a3e03 100644
--- a/glibc-no-bash-nls.patch
+++ b/glibc-no-bash-nls.patch
@@ -1,12 +1,12 @@
---- glibc-2.10.1/elf/ldd.bash.in 2009-06-08 23:02:27.663745478 +0300
-+++ glibc-2.10.1/elf/ldd.bash.in 2009-06-08 23:04:15.706861781 +0300
+--- glibc-2.21/elf/ldd.bash.in.org 2015-02-06 16:35:42.258090169 +0100
++++ glibc-2.21/elf/ldd.bash.in 2015-02-06 16:35:57.491784092 +0100
@@ -1,4 +1,4 @@
-#! @BASH@
-+#! /bin/sh
- # Copyright (C) 1996-2014 Free Software Foundation, Inc.
++#!/bin/sh
+ # Copyright (C) 1996-2015 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
-@@ -35,16 +35,16 @@
+@@ -35,16 +35,16 @@ while test $# -gt 0; do
case "$1" in
--vers | --versi | --versio | --version)
echo 'ldd @PKGVERSION@@VERSION@'
@@ -14,7 +14,7 @@
+ printf "Copyright (C) %s Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- " "2014"
+ " "2015"
- printf $"Written by %s and %s.
+ printf "Written by %s and %s.
" "Roland McGrath" "Ulrich Drepper"
@@ -106,59 +106,15 @@
result=1
fi
done
---- glibc-2.20/elf/sotruss.sh.orig 2015-01-10 09:10:21.870731775 +0100
-+++ glibc-2.20/elf/sotruss.sh 2015-01-10 09:12:10.734060537 +0100
+--- glibc-2.21/elf/sotruss.sh~ 2015-02-06 16:36:52.000000000 +0100
++++ glibc-2.21/elf/sotruss.sh 2015-02-06 16:40:23.484746243 +0100
@@ -1,4 +1,4 @@
-#! @BASH@
-+#! /bin/sh
- # Copyright (C) 2011-2014 Free Software Foundation, Inc.
++#!/bin/sh
+ # Copyright (C) 2011-2015 Free Software Foundation, Inc.
# This file is part of the GNU C Library.
-@@ -29,7 +29,7 @@
- lib='@PREFIX@/$LIB/audit/sotruss-lib.so'
-
- do_help() {
-- echo $"Usage: sotruss [OPTION...] [--] EXECUTABLE [EXECUTABLE-OPTION...]
-+ echo "Usage: sotruss [OPTION...] [--] EXECUTABLE [EXECUTABLE-OPTION...]
- -F, --from FROMLIST Trace calls from objects on FROMLIST
- -T, --to TOLIST Trace calls to objects on TOLIST
-
-@@ -43,28 +43,28 @@
- --version Print program version"
-
- echo
-- printf $"Mandatory arguments to long options are also mandatory for any corresponding\nshort options.\n"
-+ printf "Mandatory arguments to long options are also mandatory for any corresponding\nshort options.\n"
- echo
-
-- printf $"For bug reporting instructions, please see:\\n%s.\\n" \
-+ printf "For bug reporting instructions, please see:\\n%s.\\n" \
- "@REPORT_BUGS_TO@"
- exit 0
- }
-
- do_missing_arg() {
-- printf >&2 $"%s: option requires an argument -- '%s'\n" sotruss "$1"
-- printf >&2 $"Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
-+ printf >&2 "%s: option requires an argument -- '%s'\n" sotruss "$1"
-+ printf >&2 "Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
- exit 1
- }
-
- do_ambiguous() {
-- printf >&2 $"%s: option is ambiguous; possibilities:"
-+ printf >&2 "%s: option is ambiguous; possibilities:"
- while test $# -gt 0; do
- printf >&2 " '%s'" $1
- shift
- done
- printf >&2 "\n"
-- printf >&2 $"Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
-+ printf >&2 "Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
- exit 1
- }
-
-@@ -72,18 +72,18 @@
+@@ -72,18 +72,18 @@ while test $# -gt 0; do
case "$1" in
--v | --ve | --ver | --vers | --versi | --versio | --version)
echo "sotruss @PKGVERSION@@VERSION@"
@@ -166,7 +122,7 @@
+ printf "Copyright (C) %s Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
- " "2014"
+ " "2015"
- printf $"Written by %s.\n" "Ulrich Drepper"
+ printf "Written by %s.\n" "Ulrich Drepper"
exit 0
@@ -180,14 +136,3 @@
[--follow] [--from FROMLIST] [--output FILENAME] [--to TOLIST]
[--help] [--usage] [--version] [--]
EXECUTABLE [EXECUTABLE-OPTION...]\n" sotruss
-@@ -131,8 +131,8 @@
- break
- ;;
- -*)
-- printf >&2 $"%s: unrecognized option '%c%s'\n" sotruss '-' ${1#-}
-- printf >&2 $"Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
-+ printf >&2 "%s: unrecognized option '%c%s'\n" sotruss '-' ${1#-}
-+ printf >&2 "Try \`%s --help' or \`%s --usage' for more information.\n" sotruss sotruss
- exit 1
- ;;
- *)
diff --git a/glibc-origin.patch b/glibc-origin.patch
deleted file mode 100644
index ce089b4..0000000
--- a/glibc-origin.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From d14e6b09d60d52cc12f0396c3106b14e1bd0fe8f Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab at redhat.com>
-Date: Thu, 9 Dec 2010 15:00:59 +0100
-Subject: [PATCH 1/1] Ignore origin of privileged program
-
----
- ChangeLog | 5 +++++
- elf/dl-object.c | 3 +++
- 2 files changed, 8 insertions(+), 0 deletions(-)
-
-diff --git a/elf/dl-object.c b/elf/dl-object.c
-index 22a1635..7674d49 100644
---- a/elf/dl-object.c
-+++ b/elf/dl-object.c
-@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const char *libname, int type,
- out:
- new->l_origin = origin;
- }
-+ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
-+ /* The origin of a privileged program cannot be trusted. */
-+ new->l_origin = (char *) -1;
-
- return new;
- }
---
-1.7.2
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/glibc.git/commitdiff/6bb391cfc4d57b539d6824976c2d89b45cd0c6e1
More information about the pld-cvs-commit
mailing list