[packages/glibc] add patch fixing firefox sandbox regression; rel 7

atler atler at pld-linux.org
Wed Apr 6 14:09:24 CEST 2022 

commit 570f02604f7dc273eddfb526cf8827300b8c514c
Author: Jan Palus <atler at pld-linux.org>
Date:   Wed Apr 6 14:07:46 2022 +0200

    add patch fixing firefox sandbox regression; rel 7
    
    from: https://patchwork.sourceware.org/project/glibc/patch/20220314175316.3239120-2-sam@gentoo.org/

 glibc.spec      |  5 +++--
 nss_crash.patch | 31 +++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)
---
diff --git a/glibc.spec b/glibc.spec
index f21aedd..866879e 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -50,7 +50,7 @@ Summary(tr.UTF-8):	GNU libc
 Summary(uk.UTF-8):	GNU libc версії
 Name:		glibc
 Version:	%{core_version}
-Release:	6
+Release:	7
 Epoch:		6
 License:	LGPL v2.1+
 Group:		Libraries
@@ -73,7 +73,7 @@ Patch0:		glibc-git.patch
 Patch2:		%{name}-pld.patch
 Patch3:		%{name}-crypt-blowfish.patch
 Patch4:		%{name}-no-bash-nls.patch
-
+Patch5:		nss_crash.patch
 Patch6:		%{name}-paths.patch
 
 Patch10:	%{name}-info.patch
@@ -950,6 +950,7 @@ exit 1
 %patch2 -p1
 %patch3 -p1
 %{!?with_bash_nls:%patch4 -p1}
+%patch5 -p1
 
 %patch6 -p1
 
diff --git a/nss_crash.patch b/nss_crash.patch
new file mode 100644
index 0000000..489aacc
--- /dev/null
+++ b/nss_crash.patch
@@ -0,0 +1,31 @@
+diff --git a/nss/nss_database.c b/nss/nss_database.c
+index d56c5b798d..a0522ea7d2 100644
+--- a/nss/nss_database.c
++++ b/nss/nss_database.c
+@@ -424,17 +424,21 @@ nss_database_check_reload_and_get (struct nss_database_state *local,
+      errors here are very unlikely, but the chance that we're entering
+      a container is also very unlikely, so we err on the side of both
+      very unlikely things not happening at the same time.  */
+-  if (__stat64_time64 ("/", &str) != 0
+-      || (local->root_ino != 0
+-	  && (str.st_ino != local->root_ino
+-	      ||  str.st_dev != local->root_dev)))
+-    {
++  if (__stat64_time64 ("/", &str) != 0) {
++    __libc_lock_unlock (local->lock);
++    return false;
++  }
++
++  if (local->root_ino != 0 && (str.st_ino != local->root_ino
++                              || str.st_dev != local->root_dev))
++   {
+       /* Change detected; disable reloading and return current state.  */
+       atomic_store_release (&local->data.reload_disabled, 1);
+       *result = local->data.services[database_index];
+       __libc_lock_unlock (local->lock);
+       return true;
+     }
++
+   local->root_ino = str.st_ino;
+   local->root_dev = str.st_dev;
+   __libc_lock_unlock (local->lock);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/glibc.git/commitdiff/570f02604f7dc273eddfb526cf8827300b8c514c

More information about the pld-cvs-commit mailing list