[arch-commits] Commit in glibc/trunk (8 files)
Allan McRae
allan at archlinux.org
Fri Dec 17 00:55:50 UTC 2010
Date: Thursday, December 16, 2010 @ 19:55:50
Author: allan
Revision: 103261
binutils-2.21 toolchain rebuild, bump to latest upstream, build outside source directory, remove patches included upstream, update patch for origin privilege expliot from Fedora, keep scsi.h, provide gai.conf
Added:
glibc/trunk/glibc-2.12.2-ignore-origin-of-privileged-program.patch
Modified:
glibc/trunk/PKGBUILD
glibc/trunk/glibc.install
Deleted:
glibc/trunk/glibc-2.12.1-but-I-am-an-i686.patch
glibc/trunk/glibc-2.12.1-fix-IPTOS_CLASS-definition.patch
glibc/trunk/glibc-2.12.1-make-3.82-compatibility.patch
glibc/trunk/glibc-2.12.1-never-expand-origin-when-privileged.patch
glibc/trunk/glibc-2.12.1-require-suid-on-audit.patch
--------------------------------------------------------+
PKGBUILD | 70 +---
glibc-2.12.1-but-I-am-an-i686.patch | 22 -
glibc-2.12.1-fix-IPTOS_CLASS-definition.patch | 34 --
glibc-2.12.1-make-3.82-compatibility.patch | 29 -
glibc-2.12.1-never-expand-origin-when-privileged.patch | 85 -----
glibc-2.12.1-require-suid-on-audit.patch | 218 ---------------
glibc-2.12.2-ignore-origin-of-privileged-program.patch | 26 +
glibc.install | 5
8 files changed, 52 insertions(+), 437 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-12-17 00:51:31 UTC (rev 103260)
+++ PKGBUILD 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,22 +1,20 @@
# $Id$
-# Maintainer: Jan de Groot <jgc at archlinux.org>
# Maintainer: Allan McRae <allan at archlinux.org>
# toolchain build order: linux-api-headers->glibc->binutils->gcc->binutils->glibc
# NOTE: valgrind requires rebuilt with each new glibc version
pkgname=glibc
-pkgver=2.12.1
-pkgrel=4
-_glibcdate=20101025
+pkgver=2.12.2
+pkgrel=1
+_glibcdate=20101214
pkgdesc="GNU C Library"
arch=('i686' 'x86_64')
url="http://www.gnu.org/software/libc"
license=('GPL' 'LGPL')
groups=('base')
-depends=('linux-api-headers>=2.6.34' 'tzdata')
+depends=('linux-api-headers>=2.6.36.2' 'tzdata')
makedepends=('gcc>=4.4')
-replaces=('glibc-xen')
backup=(etc/locale.gen
etc/nscd.conf)
options=('!strip')
@@ -25,25 +23,17 @@
glibc-2.10-dont-build-timezone.patch
glibc-2.10-bz4781.patch
glibc-__i686.patch
- glibc-2.12.1-make-3.82-compatibility.patch
glibc-2.12.1-static-shared-getpagesize.patch
- glibc-2.12.1-but-I-am-an-i686.patch
- glibc-2.12.1-fix-IPTOS_CLASS-definition.patch
- glibc-2.12.1-never-expand-origin-when-privileged.patch
- glibc-2.12.1-require-suid-on-audit.patch
+ glibc-2.12.2-ignore-origin-of-privileged-program.patch
nscd
locale.gen.txt
locale-gen)
-md5sums=('b12192eff7306f2a6e919641b847e7cf'
+md5sums=('e2d03fb95c9f838177284192dea063dc'
'4dadb9203b69a3210d53514bb46f41c3'
'0c5540efc51c0b93996c51b57a8540ae'
'40cd342e21f71f5e49e32622b25acc52'
- '1deecaa78c0909f7175732da2af796b5'
'a3ac6f318d680347bb6e2805d42b73b2'
- 'de17165e3fa721c4e056dacfc9ee1e52'
- 'fdc0908c9971fcf9b32e1185954b6eeb'
- 'e154dbe21d4e24968ab257ffd9c106f2'
- 'bbc99319ad78fe9eb1ac217efc770ac6'
+ 'b042647ea7d6f22ad319e12e796bd13e'
'b587ee3a70c9b3713099295609afde49'
'07ac979b6ab5eeb778d55f041529d623'
'476e9113489f93b348b21e144b6a8fcf')
@@ -51,7 +41,7 @@
mksource() {
git clone git://sourceware.org/git/glibc.git
pushd glibc
- git checkout -b glibc-2.12-arch origin/release/2.12/master
+ git checkout -b glibc-2.12-arch origin/release/2.12/master || return 1
popd
tar -cvJf glibc-${pkgver}_${_glibcdate}.tar.xz glibc/*
}
@@ -69,31 +59,18 @@
# http://sourceware.org/ml/libc-alpha/2009-07/msg00072.html
patch -Np1 -i ${srcdir}/glibc-__i686.patch
- # http://sourceware.org/git/?p=glibc.git;a=patch;h=32cf4069
- patch -Np1 -i ${srcdir}/glibc-2.12.1-make-3.82-compatibility.patch
-
# http://sourceware.org/bugzilla/show_bug.cgi?id=11929
# using Fedora "fix" as patch in that bug report causes breakages...
patch -Np1 -i ${srcdir}/glibc-2.12.1-static-shared-getpagesize.patch
-
- # fedora "fix" for excess linker optimization on i686
- # proper fix will be in binutils-2.21
- patch -Np1 -i ${srcdir}/glibc-2.12.1-but-I-am-an-i686.patch
# http://www.exploit-db.com/exploits/15274/
- # http://sourceware.org/git/?p=glibc.git;a=patch;h=2232b90f (only fedora branch...)
- patch -Np1 -i ${srcdir}/glibc-2.12.1-never-expand-origin-when-privileged.patch
+ # http://sourceware.org/git/?p=glibc.git;a=patch;h=d14e6b09 (only fedora branch...)
+ patch -Np1 -i ${srcdir}/glibc-2.12.2-ignore-origin-of-privileded-program.patch
- # http://www.exploit-db.com/exploits/15304/
- # http://sourceware.org/git/?p=glibc.git;a=patch;h=8e9f92e9
- patch -Np1 -i ${srcdir}/glibc-2.12.1-require-suid-on-audit.patch
-
- # http://sources.redhat.com/git/?p=glibc.git;a=patch;h=15bac72b
- patch -Np1 -i ${srcdir}/glibc-2.12.1-fix-IPTOS_CLASS-definition.patch
-
install -dm755 ${pkgdir}/etc
touch ${pkgdir}/etc/ld.so.conf
+ cd ${srcdir}
mkdir glibc-build
cd glibc-build
@@ -104,12 +81,15 @@
echo "slibdir=/lib" >> configparms
- ../configure --prefix=/usr \
- --enable-add-ons=nptl,libidn --without-cvs \
- --enable-kernel=2.6.18 --disable-profile \
- --with-headers=/usr/include --libexecdir=/usr/lib \
- --enable-bind-now --with-tls --with-__thread \
- --libdir=/usr/lib --without-gd --disable-multi-arch
+ ${srcdir}/glibc/configure --prefix=/usr \
+ --libdir=/usr/lib --libexecdir=/usr/lib \
+ --with-headers=/usr/include \
+ --enable-add-ons=nptl,libidn \
+ --enable-kernel=2.6.27 \
+ --with-tls --with-__thread \
+ --enable-bind-now --without-gd \
+ --without-cvs --disable-profile \
+ --disable-multi-arch
make
@@ -118,20 +98,18 @@
}
package() {
- cd ${srcdir}/glibc/glibc-build
+ cd ${srcdir}/glibc-build
make install_root=${pkgdir} install
- # provided by kernel-headers
- rm ${pkgdir}/usr/include/scsi/scsi.h
+ rm ${pkgdir}/etc/ld.so.{cache,conf}
- rm ${pkgdir}/etc/ld.so.conf
-
install -dm755 ${pkgdir}/etc/rc.d
install -dm755 ${pkgdir}/usr/sbin
install -dm755 ${pkgdir}/usr/lib/locale
install -m644 ${srcdir}/glibc/nscd/nscd.conf ${pkgdir}/etc/nscd.conf
install -m755 ${srcdir}/nscd ${pkgdir}/etc/rc.d/nscd
install -m755 ${srcdir}/locale-gen ${pkgdir}/usr/sbin
+ install -m755 ${srcdir}/glibc/posix/gai.conf ${pkgdir}/etc/gai.conf
sed -i -e 's/^\tserver-user/#\tserver-user/' ${pkgdir}/etc/nscd.conf
@@ -146,7 +124,7 @@
if [[ ${CARCH} = "x86_64" ]]; then
# fix for the linker
sed -i '/RTLDLIST/s%lib64%lib%' ${pkgdir}/usr/bin/ldd
- #Comply with multilib binaries, they look for the linker in /lib64
+ # Comply with multilib binaries, they look for the linker in /lib64
mkdir ${pkgdir}/lib64
cd ${pkgdir}/lib64
ln -v -s ../lib/ld* .
Deleted: glibc-2.12.1-but-I-am-an-i686.patch
===================================================================
--- glibc-2.12.1-but-I-am-an-i686.patch 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc-2.12.1-but-I-am-an-i686.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,22 +0,0 @@
---- glibc-2.12-62-gb08c89d/sysdeps/i386/i686/Makefile
-+++ glibc-2.12.90-6/sysdeps/i386/i686/Makefile
-@@ -9,19 +9,3 @@ stack-align-test-flags += -msse
- ifeq ($(subdir),string)
- sysdep_routines += cacheinfo
- endif
--
--ifeq (yes,$(config-asflags-i686))
--CFLAGS-.o += -Wa,-mtune=i686
--CFLAGS-.os += -Wa,-mtune=i686
--CFLAGS-.op += -Wa,-mtune=i686
--CFLAGS-.og += -Wa,-mtune=i686
--CFLAGS-.ob += -Wa,-mtune=i686
--CFLAGS-.oS += -Wa,-mtune=i686
--
--ASFLAGS-.o += -Wa,-mtune=i686
--ASFLAGS-.os += -Wa,-mtune=i686
--ASFLAGS-.op += -Wa,-mtune=i686
--ASFLAGS-.og += -Wa,-mtune=i686
--ASFLAGS-.ob += -Wa,-mtune=i686
--ASFLAGS-.oS += -Wa,-mtune=i686
--endif
Deleted: glibc-2.12.1-fix-IPTOS_CLASS-definition.patch
===================================================================
--- glibc-2.12.1-fix-IPTOS_CLASS-definition.patch 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc-2.12.1-fix-IPTOS_CLASS-definition.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,34 +0,0 @@
-From 15bac72bac03faeb3b725b1d208c62160f0c3ad7 Mon Sep 17 00:00:00 2001
-From: Ulrich Drepper <drepper at redhat.com>
-Date: Wed, 11 Aug 2010 07:44:03 -0700
-Subject: [PATCH] Fix IPTOS_CLASS definition.
-
----
- ChangeLog | 4 ++++
- NEWS | 4 ++--
- sysdeps/generic/netinet/ip.h | 5 ++---
- 3 files changed, 8 insertions(+), 5 deletions(-)
-
-diff --git a/sysdeps/generic/netinet/ip.h b/sysdeps/generic/netinet/ip.h
-index a837b98..4955fee 100644
---- a/sysdeps/generic/netinet/ip.h
-+++ b/sysdeps/generic/netinet/ip.h
-@@ -1,5 +1,4 @@
--/* Copyright (C) 1991,92,93,95,96,97,98,99,2000,2009 Free Software
-- Foundation, Inc.
-+/* Copyright (C) 1991-1993,1995-2000,2009,2010 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
-@@ -194,7 +193,7 @@ struct ip_timestamp
- */
-
- #define IPTOS_CLASS_MASK 0xe0
--#define IPTOS_CLASS(class) ((tos) & IPTOS_CLASS_MASK)
-+#define IPTOS_CLASS(class) ((class) & IPTOS_CLASS_MASK)
- #define IPTOS_CLASS_CS0 0x00
- #define IPTOS_CLASS_CS1 0x20
- #define IPTOS_CLASS_CS2 0x40
---
-1.7.2
-
Deleted: glibc-2.12.1-make-3.82-compatibility.patch
===================================================================
--- glibc-2.12.1-make-3.82-compatibility.patch 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc-2.12.1-make-3.82-compatibility.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,29 +0,0 @@
-From 32cf40699346d37fabfa887bbd95e95004799ae1 Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab at redhat.com>
-Date: Mon, 6 Sep 2010 14:55:59 +0200
-Subject: [PATCH 1/1] Don't mix pattern rules with normal rules
-
----
- ChangeLog | 4 ++++
- manual/Makefile | 5 ++++-
- 2 files changed, 8 insertions(+), 1 deletions(-)
-
-diff --git a/manual/Makefile b/manual/Makefile
-index c5866eb..b1f5fa7 100644
---- a/manual/Makefile
-+++ b/manual/Makefile
-@@ -232,7 +232,10 @@ ifdef objpfx
- .PHONY: stubs
- stubs: $(objpfx)stubs
- endif
--$(objpfx)stubs ../po/manual.pot $(objpfx)stamp%:
-+$(objpfx)stubs ../po/manual.pot:
-+ $(make-target-directory)
-+ touch $@
-+$(objpfx)stamp%:
- $(make-target-directory)
- touch $@
-
---
-1.7.2
-
Deleted: glibc-2.12.1-never-expand-origin-when-privileged.patch
===================================================================
--- glibc-2.12.1-never-expand-origin-when-privileged.patch 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc-2.12.1-never-expand-origin-when-privileged.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,85 +0,0 @@
-From 2232b90f0bd3a41b4d63cac98a5b60abbfaccd46 Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab at redhat.com>
-Date: Mon, 18 Oct 2010 11:46:00 +0200
-Subject: [PATCH] Never expand $ORIGIN in privileged programs
-
----
- ChangeLog | 6 ++++++
- elf/dl-load.c | 30 +++++++++++++-----------------
- 2 files changed, 19 insertions(+), 17 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index 0adddf5..1cc6f25 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -169,8 +169,7 @@ local_strdup (const char *s)
-
-
- static size_t
--is_dst (const char *start, const char *name, const char *str,
-- int is_path, int secure)
-+is_dst (const char *start, const char *name, const char *str, int is_path)
- {
- size_t len;
- bool is_curly = false;
-@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str,
- && (!is_path || name[len] != ':'))
- return 0;
-
-- if (__builtin_expect (secure, 0)
-- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
-- || (name != start + 1 && (!is_path || name[-2] != ':'))))
-- return 0;
--
- return len;
- }
-
-@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path)
- {
- size_t len;
-
-- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
-- is $ORIGIN alone) and it must always appear first in path. */
-+ /* $ORIGIN is not expanded for SUID/GUID programs. */
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0
-- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
-- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
-+ && !INTUSE(__libc_enable_secure))
-+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
-+ || (len = is_dst (start, name, "LIB", is_path)) != 0)
- ++cnt;
-
- name = strchr (name + len, '$');
-@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- size_t len;
-
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0)
-+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
- {
-+ /* Ignore this path element in SUID/SGID programs. */
-+ if (INTUSE(__libc_enable_secure))
-+ repl = (const char *) -1;
-+ else
- #ifndef SHARED
- if (l == NULL)
- repl = _dl_get_origin ();
-@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- #endif
- repl = l->l_origin;
- }
-- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
- repl = GLRO(dl_platform);
-- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
- repl = DL_DST_LIB;
-
- if (repl != NULL && repl != (const char *) -1)
---
-1.7.2
-
Deleted: glibc-2.12.1-require-suid-on-audit.patch
===================================================================
--- glibc-2.12.1-require-suid-on-audit.patch 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc-2.12.1-require-suid-on-audit.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,218 +0,0 @@
-From 8e9f92e9d5d7737afdacf79b76d98c4c42980508 Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab at redhat.com>
-Date: Sun, 24 Oct 2010 21:43:15 -0400
-Subject: [PATCH 1/1] Require suid bit on audit objects in privileged programs
-
----
- ChangeLog | 15 +++++++++++++++
- elf/dl-deps.c | 2 +-
- elf/dl-load.c | 20 +++++++++++---------
- elf/dl-open.c | 2 +-
- elf/rtld.c | 16 +++++++---------
- include/dlfcn.h | 1 +
- sysdeps/generic/ldsodefs.h | 6 ++----
- 7 files changed, 38 insertions(+), 24 deletions(-)
-
-diff --git a/elf/dl-deps.c b/elf/dl-deps.c
-index a58de5c..a51fb6e 100644
---- a/elf/dl-deps.c
-+++ b/elf/dl-deps.c
-@@ -62,7 +62,7 @@ openaux (void *a)
- {
- struct openaux_args *args = (struct openaux_args *) a;
-
-- args->aux = _dl_map_object (args->map, args->name, 0,
-+ args->aux = _dl_map_object (args->map, args->name,
- (args->map->l_type == lt_executable
- ? lt_library : args->map->l_type),
- args->trace_mode, args->open_mode,
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index a7162eb..aa8738f 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -1812,7 +1812,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
- if MAY_FREE_DIRS is true. */
-
- static int
--open_path (const char *name, size_t namelen, int preloaded,
-+open_path (const char *name, size_t namelen, int secure,
- struct r_search_path_struct *sps, char **realname,
- struct filebuf *fbp, struct link_map *loader, int whatcode,
- bool *found_other_class)
-@@ -1894,7 +1894,7 @@ open_path (const char *name, size_t namelen, int preloaded,
- /* Remember whether we found any existing directory. */
- here_any |= this_dir->status[cnt] != nonexisting;
-
-- if (fd != -1 && __builtin_expect (preloaded, 0)
-+ if (fd != -1 && __builtin_expect (secure, 0)
- && INTUSE(__libc_enable_secure))
- {
- /* This is an extra security effort to make sure nobody can
-@@ -1963,7 +1963,7 @@ open_path (const char *name, size_t namelen, int preloaded,
-
- struct link_map *
- internal_function
--_dl_map_object (struct link_map *loader, const char *name, int preloaded,
-+_dl_map_object (struct link_map *loader, const char *name,
- int type, int trace_mode, int mode, Lmid_t nsid)
- {
- int fd;
-@@ -2067,7 +2067,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- for (l = loader; l; l = l->l_loader)
- if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
- {
-- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
-+ &l->l_rpath_dirs,
- &realname, &fb, loader, LA_SER_RUNPATH,
- &found_other_class);
- if (fd != -1)
-@@ -2082,14 +2083,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- && main_map != NULL && main_map->l_type != lt_loaded
- && cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
- "RPATH"))
-- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
-+ &main_map->l_rpath_dirs,
- &realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
- &found_other_class);
- }
-
- /* Try the LD_LIBRARY_PATH environment variable. */
- if (fd == -1 && env_path_list.dirs != (void *) -1)
-- fd = open_path (name, namelen, preloaded, &env_path_list,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list,
- &realname, &fb,
- loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
- LA_SER_LIBPATH, &found_other_class);
-@@ -2098,12 +2100,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- if (fd == -1 && loader != NULL
- && cache_rpath (loader, &loader->l_runpath_dirs,
- DT_RUNPATH, "RUNPATH"))
-- fd = open_path (name, namelen, preloaded,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
- &loader->l_runpath_dirs, &realname, &fb, loader,
- LA_SER_RUNPATH, &found_other_class);
-
- if (fd == -1
-- && (__builtin_expect (! preloaded, 1)
-+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1)
- || ! INTUSE(__libc_enable_secure)))
- {
- /* Check the list of libraries in the file /etc/ld.so.cache,
-@@ -2169,7 +2171,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
- && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
- || __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
- && rtld_search_dirs.dirs != (void *) -1)
-- fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
-+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs,
- &realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
-
- /* Add another newline when we are tracing the library loading. */
-diff --git a/elf/dl-open.c b/elf/dl-open.c
-index c394b3f..cf8e8cc 100644
---- a/elf/dl-open.c
-+++ b/elf/dl-open.c
-@@ -223,7 +223,7 @@ dl_open_worker (void *a)
-
- /* Load the named object. */
- struct link_map *new;
-- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
-+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0,
- mode | __RTLD_CALLMAP, args->nsid);
-
- /* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
-diff --git a/elf/rtld.c b/elf/rtld.c
-index 5ecc4fe..06b534a 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -589,7 +589,6 @@ struct map_args
- /* Argument to map_doit. */
- char *str;
- struct link_map *loader;
-- int is_preloaded;
- int mode;
- /* Return value of map_doit. */
- struct link_map *map;
-@@ -627,16 +626,17 @@ static void
- map_doit (void *a)
- {
- struct map_args *args = (struct map_args *) a;
-- args->map = _dl_map_object (args->loader, args->str,
-- args->is_preloaded, lt_library, 0, args->mode,
-- LM_ID_BASE);
-+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0,
-+ args->mode, LM_ID_BASE);
- }
-
- static void
- dlmopen_doit (void *a)
- {
- struct dlmopen_args *args = (struct dlmopen_args *) a;
-- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT,
-+ args->map = _dl_open (args->fname,
-+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
-+ | __RTLD_SECURE),
- dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv),
- __environ);
- }
-@@ -806,8 +806,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where)
-
- args.str = fname;
- args.loader = main_map;
-- args.is_preloaded = 1;
-- args.mode = 0;
-+ args.mode = __RTLD_SECURE;
-
- unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
-
-@@ -1054,7 +1053,6 @@ of this helper program; chances are you did not intend to run this program.\n\
-
- args.str = rtld_progname;
- args.loader = NULL;
-- args.is_preloaded = 0;
- args.mode = __RTLD_OPENEXEC;
- (void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
- &args);
-@@ -1066,7 +1064,7 @@ of this helper program; chances are you did not intend to run this program.\n\
- else
- {
- HP_TIMING_NOW (start);
-- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0,
-+ _dl_map_object (NULL, rtld_progname, lt_library, 0,
- __RTLD_OPENEXEC, LM_ID_BASE);
- HP_TIMING_NOW (stop);
-
-diff --git a/include/dlfcn.h b/include/dlfcn.h
-index a67426d..af92483 100644
---- a/include/dlfcn.h
-+++ b/include/dlfcn.h
-@@ -9,6 +9,7 @@
- #define __RTLD_OPENEXEC 0x20000000
- #define __RTLD_CALLMAP 0x10000000
- #define __RTLD_AUDIT 0x08000000
-+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */
-
- #define __LM_ID_CALLER -2
-
-diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
-index fcc943b..fa4b6b2 100644
---- a/sysdeps/generic/ldsodefs.h
-+++ b/sysdeps/generic/ldsodefs.h
-@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *),
-
- /* Open the shared object NAME and map in its segments.
- LOADER's DT_RPATH is used in searching for NAME.
-- If the object is already opened, returns its existing map.
-- For preloaded shared objects PRELOADED is set to a non-zero
-- value to allow additional security checks. */
-+ If the object is already opened, returns its existing map. */
- extern struct link_map *_dl_map_object (struct link_map *loader,
-- const char *name, int preloaded,
-+ const char *name,
- int type, int trace_mode, int mode,
- Lmid_t nsid)
- internal_function attribute_hidden;
---
-1.7.2
-
Added: glibc-2.12.2-ignore-origin-of-privileged-program.patch
===================================================================
--- glibc-2.12.2-ignore-origin-of-privileged-program.patch (rev 0)
+++ glibc-2.12.2-ignore-origin-of-privileged-program.patch 2010-12-17 00:55:50 UTC (rev 103261)
@@ -0,0 +1,26 @@
+From d14e6b09d60d52cc12f0396c3106b14e1bd0fe8f Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab at redhat.com>
+Date: Thu, 9 Dec 2010 15:00:59 +0100
+Subject: [PATCH 1/1] Ignore origin of privileged program
+
+---
+ ChangeLog | 5 +++++
+ elf/dl-object.c | 3 +++
+ 2 files changed, 8 insertions(+), 0 deletions(-)
+
+diff --git a/elf/dl-object.c b/elf/dl-object.c
+index 22a1635..7674d49 100644
+--- a/elf/dl-object.c
++++ b/elf/dl-object.c
+@@ -214,6 +214,9 @@ _dl_new_object (char *realname, const char *libname, int type,
+ out:
+ new->l_origin = origin;
+ }
++ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
++ /* The origin of a privileged program cannot be trusted. */
++ new->l_origin = (char *) -1;
+
+ return new;
+ }
+--
+1.7.2
Modified: glibc.install
===================================================================
--- glibc.install 2010-12-17 00:51:31 UTC (rev 103260)
+++ glibc.install 2010-12-17 00:55:50 UTC (rev 103261)
@@ -1,6 +1,5 @@
-infodir=/usr/share/info
-filelist=(libc.info libc.info-1 libc.info-2 libc.info-3 libc.info-4 libc.info-5 libc.info-6 libc.info-7
- libc.info-8 libc.info-9 libc.info-10 libc.info-11)
+infodir=usr/share/info
+filelist=(libc.info{,-1,-2,-3,-4,-5,-6,-7,-8,-9,-10,-11})
post_upgrade() {
sbin/ldconfig -r .
More information about the arch-commits
mailing list