packages: glibc/glibc.spec, glibc/glibc-suid-audit-libs.patch (NEW) - rel 8...
baggins
baggins at pld-linux.org
Thu Oct 28 12:23:08 CEST 2010
Author: baggins Date: Thu Oct 28 10:23:08 2010 GMT
Module: packages Tag: HEAD
---- Log message:
- rel 8
- fix CVE-2010-3856, see http://seclists.org/bugtraq/2010/Oct/200 for details
---- Files affected:
packages/glibc:
glibc.spec (1.883 -> 1.884) , glibc-suid-audit-libs.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/glibc/glibc.spec
diff -u packages/glibc/glibc.spec:1.883 packages/glibc/glibc.spec:1.884
--- packages/glibc/glibc.spec:1.883 Thu Oct 21 00:16:27 2010
+++ packages/glibc/glibc.spec Thu Oct 28 12:23:02 2010
@@ -35,7 +35,7 @@
Summary(uk.UTF-8): GNU libc версії
Name: glibc
Version: 2.12.1
-Release: 7
+Release: 8
Epoch: 6
License: LGPL v2.1+
Group: Libraries
@@ -79,6 +79,7 @@
Patch30: %{name}-static-glro-init.patch
Patch31: %{name}-newmake.patch
Patch32: %{name}-origin.patch
+Patch33: %{name}-suid-audit-libs.patch
URL: http://www.gnu.org/software/libc/
%{?with_selinux:BuildRequires: audit-libs-devel}
BuildRequires: autoconf
@@ -927,6 +928,7 @@
%patch30 -p1
%patch31 -p1
%patch32 -p1
+%patch33 -p1
# cleanup backups after patching
find '(' -name '*~' -o -name '*.orig' ')' -print0 | xargs -0 -r -l512 rm -f
@@ -1691,6 +1693,10 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.884 2010/10/28 10:23:02 baggins
+- rel 8
+- fix CVE-2010-3856, see http://seclists.org/bugtraq/2010/Oct/200 for details
+
Revision 1.883 2010/10/20 22:16:27 qwiat
- added locale en at shaw
================================================================
Index: packages/glibc/glibc-suid-audit-libs.patch
diff -u /dev/null packages/glibc/glibc-suid-audit-libs.patch:1.1
--- /dev/null Thu Oct 28 12:23:08 2010
+++ packages/glibc/glibc-suid-audit-libs.patch Thu Oct 28 12:23:02 2010
@@ -0,0 +1,269 @@
+From libc-hacker-return-9651-listarch-libc-hacker=sources dot redhat dot com at sourceware dot org Fri Oct 22 17:17:33 2010
+Return-Path: <libc-hacker-return-9651-listarch-libc-hacker=sources dot redhat dot com at sourceware dot org>
+Delivered-To: listarch-libc-hacker at sources dot redhat dot com
+Received: (qmail 15374 invoked by alias); 22 Oct 2010 17:17:31 -0000
+Received: (qmail 15356 invoked by uid 22791); 22 Oct 2010 17:17:29 -0000
+X-SWARE-Spam-Status: No, hits=-6.1 required=5.0
+ tests=AWL,BAYES_00,RCVD_IN_DNSWL_HI,SPF_HELO_PASS,T_RP_MATCHES_RCVD
+X-Spam-Check-By: sourceware.org
+Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28)
+ by sourceware dot org (qpsmtpd/0 dot 43rc1) with ESMTP; Fri, 22 Oct 2010 17:17:24 +0000
+Received: from int-mx01.intmail.prod.int.phx2.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11])
+ by mx1 dot redhat dot com (8 dot 13 dot 8/8 dot 13 dot 8) with ESMTP id o9MHHMI2013888
+ (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
+ for <libc-hacker at sourceware dot org>; Fri, 22 Oct 2010 13:17:23 -0400
+Received: from hase.home (ovpn01.gateway.prod.ext.phx2.redhat.com [10.5.9.1])
+ by int-mx01 dot intmail dot prod dot int dot phx2 dot redhat dot com (8 dot 13 dot 8/8 dot 13 dot 8) with ESMTP id o9MHHLZN030282
+ for <libc-hacker at sourceware dot org>; Fri, 22 Oct 2010 13:17:21 -0400
+From: Andreas Schwab <schwab at redhat dot com>
+To: libc-hacker at sourceware dot org
+Subject: [PATCH] Require suid bit on audit objects in privileged programs
+X-Yow: This MUST be a good party -- My RIB CAGE is being painfully
+ pressed up against someone's MARTINI!!
+Date: Fri, 22 Oct 2010 19:17:20 +0200
+Message-ID: <m3bp6mb10f.fsf at hase.home>
+User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (gnu/linux)
+MIME-Version: 1.0
+Content-Type: text/plain; charset=us-ascii
+Mailing-List: contact libc-hacker-help at sourceware dot org; run by ezmlm
+Precedence: bulk
+List-Id: <libc-hacker.sourceware.org>
+List-Subscribe: <mailto:libc-hacker-subscribe at sourceware dot org>
+List-Archive: <http://sourceware.org/ml/libc-hacker/>
+List-Post: <mailto:libc-hacker at sourceware dot org>
+List-Help: <mailto:libc-hacker-help at sourceware dot org>, <http://sourceware dot org/ml/#faqs>
+Sender: libc-hacker-owner at sourceware dot org
+Delivered-To: mailing list libc-hacker at sourceware dot org
+
+2010-10-22 Andreas Schwab <schwab at redhat.com>
+
+ * include/dlfcn.h (__RTLD_SECURE): Define.
+ * elf/dl-load.c (_dl_map_object): Remove preloaded parameter. Use
+ mode & __RTLD_SECURE instead.
+ (open_path): Rename preloaded parameter to secure.
+ * sysdeps/generic/ldsodefs.h (_dl_map_object): Adjust declaration.
+ * elf/dl-open.c (dl_open_worker): Adjust call to _dl_map_object.
+ * elf/dl-deps.c (openaux): Likewise.
+ * elf/rtld.c (struct map_args): Remove is_preloaded.
+ (map_doit): Don't use it.
+ (dl_main): Likewise.
+ (do_preload): Use __RTLD_SECURE instead of is_preloaded.
+ (dlmopen_doit): Add __RTLD_SECURE to mode bits.
+---
+ elf/dl-deps.c | 2 +-
+ elf/dl-load.c | 20 +++++++++++---------
+ elf/dl-open.c | 2 +-
+ elf/rtld.c | 16 +++++++---------
+ include/dlfcn.h | 1 +
+ sysdeps/generic/ldsodefs.h | 6 ++----
+ 6 files changed, 23 insertions(+), 24 deletions(-)
+
+diff --git a/elf/dl-deps.c b/elf/dl-deps.c
+index e5b9cdf..1cab2d1 100644
+--- a/elf/dl-deps.c
++++ b/elf/dl-deps.c
+@@ -62,7 +62,7 @@ openaux (void *a)
+ {
+ struct openaux_args *args = (struct openaux_args *) a;
+
+- args->aux = _dl_map_object (args->map, args->name, 0,
++ args->aux = _dl_map_object (args->map, args->name,
+ (args->map->l_type == lt_executable
+ ? lt_library : args->map->l_type),
+ args->trace_mode, args->open_mode,
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index 776f7e4..9ab3520 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -1808,7 +1808,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
+ if MAY_FREE_DIRS is true. */
+
+ static int
+-open_path (const char *name, size_t namelen, int preloaded,
++open_path (const char *name, size_t namelen, int secure,
+ struct r_search_path_struct *sps, char **realname,
+ struct filebuf *fbp, struct link_map *loader, int whatcode,
+ bool *found_other_class)
+@@ -1890,7 +1890,7 @@ open_path (const char *name, size_t namelen, int preloaded,
+ /* Remember whether we found any existing directory. */
+ here_any |= this_dir->status[cnt] != nonexisting;
+
+- if (fd != -1 && __builtin_expect (preloaded, 0)
++ if (fd != -1 && __builtin_expect (secure, 0)
+ && INTUSE(__libc_enable_secure))
+ {
+ /* This is an extra security effort to make sure nobody can
+@@ -1959,7 +1959,7 @@ open_path (const char *name, size_t namelen, int preloaded,
+
+ struct link_map *
+ internal_function
+-_dl_map_object (struct link_map *loader, const char *name, int preloaded,
++_dl_map_object (struct link_map *loader, const char *name,
+ int type, int trace_mode, int mode, Lmid_t nsid)
+ {
+ int fd;
+@@ -2063,7 +2063,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
+ for (l = loader; l; l = l->l_loader)
+ if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
+ {
+- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
++ fd = open_path (name, namelen, mode & __RTLD_SECURE,
++ &l->l_rpath_dirs,
+ &realname, &fb, loader, LA_SER_RUNPATH,
+ &found_other_class);
+ if (fd != -1)
+@@ -2078,14 +2079,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
+ && main_map != NULL && main_map->l_type != lt_loaded
+ && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
+ "RPATH"))
+- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs,
++ fd = open_path (name, namelen, mode & __RTLD_SECURE,
++ &main_map->l_rpath_dirs,
+ &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
+ &found_other_class);
+ }
+
+ /* Try the LD_LIBRARY_PATH environment variable. */
+ if (fd == -1 && env_path_list.dirs != (void *) -1)
+- fd = open_path (name, namelen, preloaded, &env_path_list,
++ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list,
+ &realname, &fb,
+ loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
+ LA_SER_LIBPATH, &found_other_class);
+@@ -2094,12 +2096,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
+ if (fd == -1 && loader != NULL
+ && cache_rpath (loader, &loader->l_runpath_dirs,
+ DT_RUNPATH, "RUNPATH"))
+- fd = open_path (name, namelen, preloaded,
++ fd = open_path (name, namelen, mode & __RTLD_SECURE,
+ &loader->l_runpath_dirs, &realname, &fb, loader,
+ LA_SER_RUNPATH, &found_other_class);
+
+ if (fd == -1
+- && (__builtin_expect (! preloaded, 1)
++ && (__builtin_expect (! (mode & __RTLD_SECURE), 1)
+ || ! INTUSE(__libc_enable_secure)))
+ {
+ /* Check the list of libraries in the file /etc/ld.so.cache,
+@@ -2165,7 +2167,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
+ && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
+ || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
+ && rtld_search_dirs.dirs != (void *) -1)
+- fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
++ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs,
+ &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
+
+ /* Add another newline when we are tracing the library loading. */
+diff --git a/elf/dl-open.c b/elf/dl-open.c
+index c394b3f..cf8e8cc 100644
+--- a/elf/dl-open.c
++++ b/elf/dl-open.c
+@@ -223,7 +223,7 @@ dl_open_worker (void *a)
+
+ /* Load the named object. */
+ struct link_map *new;
+- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
++ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0,
+ mode | __RTLD_CALLMAP, args->nsid);
+
+ /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 201c9cf..4a8cee8 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -587,7 +587,6 @@ struct map_args
+ /* Argument to map_doit. */
+ char *str;
+ struct link_map *loader;
+- int is_preloaded;
+ int mode;
+ /* Return value of map_doit. */
+ struct link_map *map;
+@@ -625,16 +624,17 @@ static void
+ map_doit (void *a)
+ {
+ struct map_args *args = (struct map_args *) a;
+- args->map = _dl_map_object (args->loader, args->str,
+- args->is_preloaded, lt_library, 0, args->mode,
+- LM_ID_BASE);
++ args->map = _dl_map_object (args->loader, args->str, lt_library, 0,
++ args->mode, LM_ID_BASE);
+ }
+
+ static void
+ dlmopen_doit (void *a)
+ {
+ struct dlmopen_args *args = (struct dlmopen_args *) a;
+- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT,
++ args->map = _dl_open (args->fname,
++ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
++ | __RTLD_SECURE),
+ dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv),
+ __environ);
+ }
+@@ -804,8 +804,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where)
+
+ args.str = fname;
+ args.loader = main_map;
+- args.is_preloaded = 1;
+- args.mode = 0;
++ args.mode = __RTLD_SECURE;
+
+ unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
+
+@@ -1050,7 +1049,6 @@ of this helper program; chances are you did not intend to run this program.\n\
+
+ args.str = rtld_progname;
+ args.loader = NULL;
+- args.is_preloaded = 0;
+ args.mode = __RTLD_OPENEXEC;
+ (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
+ &args);
+@@ -1062,7 +1060,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ else
+ {
+ HP_TIMING_NOW (start);
+- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0,
++ _dl_map_object (NULL, rtld_progname, lt_library, 0,
+ __RTLD_OPENEXEC, LM_ID_BASE);
+ HP_TIMING_NOW (stop);
+
+diff --git a/include/dlfcn.h b/include/dlfcn.h
+index a67426d..af92483 100644
+--- a/include/dlfcn.h
++++ b/include/dlfcn.h
+@@ -9,6 +9,7 @@
+ #define __RTLD_OPENEXEC 0x20000000
+ #define __RTLD_CALLMAP 0x10000000
+ #define __RTLD_AUDIT 0x08000000
++#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */
+
+ #define __LM_ID_CALLER -2
+
+diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
+index fcc943b..fa4b6b2 100644
+--- a/sysdeps/generic/ldsodefs.h
++++ b/sysdeps/generic/ldsodefs.h
+@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *),
+
+ /* Open the shared object NAME and map in its segments.
+ LOADER's DT_RPATH is used in searching for NAME.
+- If the object is already opened, returns its existing map.
+- For preloaded shared objects PRELOADED is set to a non-zero
+- value to allow additional security checks. */
++ If the object is already opened, returns its existing map. */
+ extern struct link_map *_dl_map_object (struct link_map *loader,
+- const char *name, int preloaded,
++ const char *name,
+ int type, int trace_mode, int mode,
+ Lmid_t nsid)
+ internal_function attribute_hidden;
+--
+1.7.2.3
+
+
+--
+Andreas Schwab, schwab at redhat.com
+GPG Key fingerprint = D4E8 DBE3 3813 BB5D FA84 5EC7 45C6 250E 6F00 984E
+"And now for something completely different."
+
================================================================
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/glibc/glibc.spec?r1=1.883&r2=1.884&f=u
More information about the pld-cvs-commit
mailing list