r4454 - in glibc-package/trunk/debian: . patches patches/any
Author: aurel32
Date: 2011-01-12 14:32:01 +0000 (Wed, 12 Jan 2011)
New Revision: 4454
Added:
glibc-package/trunk/debian/patches/any/cvs-dont-expand-dst-twice.diff
glibc-package/trunk/debian/patches/any/cvs-ignore-origin-privileged.diff
Removed:
glibc-package/trunk/debian/patches/any/submitted-origin.diff
Modified:
glibc-package/trunk/debian/changelog
glibc-package/trunk/debian/patches/series
Log:
* Revert incorrect upstream patch for CVE-2010-3847 and use the correct
set of patches:
- Remove patches/any/submitted-origin.diff
- Add patches/any/cvs-dont-expand-dst-twice.diff
- Add debian/patches/any/cvs-ignore-origin-privileged.diff
- Keep debian/patches/any/cvs-audit-suid.diff
Modified: glibc-package/trunk/debian/changelog
===================================================================
--- glibc-package/trunk/debian/changelog 2011-01-12 14:00:50 UTC (rev 4453)
+++ glibc-package/trunk/debian/changelog 2011-01-12 14:32:01 UTC (rev 4454)
@@ -10,8 +10,14 @@
[ Aurelien Jarno ]
* Update patches/localedata/locale-et_EE.diff to switch Estonian currency
to euro. Closes: #608803.
+ * Revert incorrect upstream patch for CVE-2010-3847 and use the correct
+ set of patches:
+ - Remove patches/any/submitted-origin.diff
+ - Add patches/any/cvs-dont-expand-dst-twice.diff
+ - Add debian/patches/any/cvs-ignore-origin-privileged.diff
+ - Keep debian/patches/any/cvs-audit-suid.diff
- -- Aurelien Jarno <aurel32@debian.org> Wed, 12 Jan 2011 14:59:38 +0100
+ -- Aurelien Jarno <aurel32@debian.org> Wed, 12 Jan 2011 15:27:54 +0100
eglibc (2.11.2-7) unstable; urgency=low
Added: glibc-package/trunk/debian/patches/any/cvs-dont-expand-dst-twice.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-dont-expand-dst-twice.diff (rev 0)
+++ glibc-package/trunk/debian/patches/any/cvs-dont-expand-dst-twice.diff 2011-01-12 14:32:01 UTC (rev 4454)
@@ -0,0 +1,45 @@
+2010-10-18 Andreas Schwab <schwab@redhat.com>
+
+ * elf/dl-open.c (dl_open_worker): Don't expand DST here, let
+ _dl_map_object do it.
+
+diff --git a/elf/dl-open.c b/elf/dl-open.c
+index 754a263..c394b3f 100644
+--- a/elf/dl-open.c
++++ b/elf/dl-open.c
+@@ -221,35 +221,6 @@ dl_open_worker (void *a)
+
+ assert (_dl_debug_initialize (0, args->nsid)->r_state == RT_CONSISTENT);
+
+- /* Maybe we have to expand a DST. */
+- if (__builtin_expect (dst != NULL, 0))
+- {
+- size_t len = strlen (file);
+-
+- /* Determine how much space we need. We have to allocate the
+- memory locally. */
+- size_t required = DL_DST_REQUIRED (call_map, file, len,
+- _dl_dst_count (dst, 0));
+-
+- /* Get space for the new file name. */
+- char *new_file = (char *) alloca (required + 1);
+-
+- /* Generate the new file name. */
+- _dl_dst_substitute (call_map, file, new_file, 0);
+-
+- /* If the substitution failed don't try to load. */
+- if (*new_file == '\0')
+- _dl_signal_error (0, "dlopen", NULL,
+- N_("empty dynamic string token substitution"));
+-
+- /* Now we have a new file name. */
+- file = new_file;
+-
+- /* It does not matter whether call_map is set even if we
+- computed it only because of the DST. Since the path contains
+- a slash the value is not used. See dl-load.c. */
+- }
+-
+ /* Load the named object. */
+ struct link_map *new;
+ args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
Added: glibc-package/trunk/debian/patches/any/cvs-ignore-origin-privileged.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/cvs-ignore-origin-privileged.diff (rev 0)
+++ glibc-package/trunk/debian/patches/any/cvs-ignore-origin-privileged.diff 2011-01-12 14:32:01 UTC (rev 4454)
@@ -0,0 +1,20 @@
+2010-12-13 Andreas Schwab <schwab@redhat.com>
+
+ * elf/dl-object.c (_dl_new_object): Ignore origin of privileged
+ program.
+
+ * posix/fnmatch_loop.c (NEW_PATTERN): Fix use of alloca.
+diff --git a/elf/dl-object.c b/elf/dl-object.c
+index 5d15ce1..a34e902 100644
+--- a/elf/dl-object.c
++++ b/elf/dl-object.c
+@@ -220,6 +220,9 @@ _dl_new_object (char *realname, const char *libname, int type,
+ out:
+ new->l_origin = origin;
+ }
++ else if (INTUSE(__libc_enable_secure) && type == lt_executable)
++ /* The origin of a privileged program cannot be trusted. */
++ new->l_origin = (char *) -1;
+
+ return new;
+ }
Deleted: glibc-package/trunk/debian/patches/any/submitted-origin.diff
===================================================================
--- glibc-package/trunk/debian/patches/any/submitted-origin.diff 2011-01-12 14:00:50 UTC (rev 4453)
+++ glibc-package/trunk/debian/patches/any/submitted-origin.diff 2011-01-12 14:32:01 UTC (rev 4454)
@@ -1,82 +0,0 @@
-2010-10-18 Andreas Schwab <schwab@redhat.com>
-
- * elf/dl-load.c (is_dst): Remove last parameter.
- (_dl_dst_count): Ignore $ORIGIN in privileged programs.
- (_dl_dst_substitute): Likewise.
----
- elf/dl-load.c | 30 +++++++++++++-----------------
- 1 files changed, 13 insertions(+), 17 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index a7162eb..776f7e4 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -169,8 +169,7 @@ local_strdup (const char *s)
-
-
- static size_t
--is_dst (const char *start, const char *name, const char *str,
-- int is_path, int secure)
-+is_dst (const char *start, const char *name, const char *str, int is_path)
- {
- size_t len;
- bool is_curly = false;
-@@ -199,11 +198,6 @@ is_dst (const char *start, const char *name, const char *str,
- && (!is_path || name[len] != ':'))
- return 0;
-
-- if (__builtin_expect (secure, 0)
-- && ((name[len] != '\0' && (!is_path || name[len] != ':'))
-- || (name != start + 1 && (!is_path || name[-2] != ':'))))
-- return 0;
--
- return len;
- }
-
-@@ -218,13 +212,12 @@ _dl_dst_count (const char *name, int is_path)
- {
- size_t len;
-
-- /* $ORIGIN is not expanded for SUID/GUID programs (except if it
-- is $ORIGIN alone) and it must always appear first in path. */
-+ /* $ORIGIN is not expanded for SUID/GUID programs. */
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0
-- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
-- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0
-+ && !INTUSE(__libc_enable_secure))
-+ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
-+ || (len = is_dst (start, name, "LIB", is_path)) != 0)
- ++cnt;
-
- name = strchr (name + len, '$');
-@@ -256,9 +249,12 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- size_t len;
-
- ++name;
-- if ((len = is_dst (start, name, "ORIGIN", is_path,
-- INTUSE(__libc_enable_secure))) != 0)
-+ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
- {
-+ /* Ignore this path element in SUID/SGID programs. */
-+ if (INTUSE(__libc_enable_secure))
-+ repl = (const char *) -1;
-+ else
- #ifndef SHARED
- if (l == NULL)
- repl = _dl_get_origin ();
-@@ -266,9 +262,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- #endif
- repl = l->l_origin;
- }
-- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
- repl = GLRO(dl_platform);
-- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+ else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
- repl = DL_DST_LIB;
-
- if (repl != NULL && repl != (const char *) -1)
-
Modified: glibc-package/trunk/debian/patches/series
===================================================================
--- glibc-package/trunk/debian/patches/series 2011-01-12 14:00:50 UTC (rev 4453)
+++ glibc-package/trunk/debian/patches/series 2011-01-12 14:32:01 UTC (rev 4454)
@@ -265,5 +265,6 @@
any/cvs-__block.diff
any/cvs-sunrpc-license.diff
any/submitted-resolv.conf-thread.diff
-any/submitted-origin.diff
any/cvs-audit-suid.diff
+any/cvs-dont-expand-dst-twice.diff
+any/cvs-ignore-origin-privileged.diff
Reply to: