[glibc] 02/02: debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from upstream to disable HWCAP for AT_SECURE programs.
This is an automated email from the git hooks/post-receive script.
aurel32 pushed a commit to branch jessie
in repository glibc.
commit 882242b7f34b95b05462006e71fa729074bc05ef
Author: Aurelien Jarno <aurelien@aurel32.net>
Date: Sat Jun 17 00:51:33 2017 +0200
debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from upstream to disable HWCAP for AT_SECURE programs.
---
debian/changelog | 2 ++
debian/patches/any/cvs-hwcap-AT_SECURE.diff | 28 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 31 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index bbb1223..b0a6052 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ glibc (2.19-18+deb8u10) jessie-security; urgency=medium
debian/patches/any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff: add
patches to protect the dynamic linker against stack clashes
(CVE-2017-1000366).
+ * debian/patches/any/cvs-hwcap-AT_SECURE.diff: patch backported from
+ upstream to disable HWCAP for AT_SECURE programs.
-- Aurelien Jarno <aurel32@debian.org> Fri, 16 Jun 2017 23:13:21 +0200
diff --git a/debian/patches/any/cvs-hwcap-AT_SECURE.diff b/debian/patches/any/cvs-hwcap-AT_SECURE.diff
new file mode 100644
index 0000000..451fed6
--- /dev/null
+++ b/debian/patches/any/cvs-hwcap-AT_SECURE.diff
@@ -0,0 +1,28 @@
+2017-03-07 Siddhesh Poyarekar <siddhesh@sourceware.org>
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2404,7 +2404,8 @@ process_envvars (enum mode *modep)
+
+ case 10:
+ /* Mask for the important hardware capabilities. */
+- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "HWCAP_MASK", 10) == 0)
+ GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
+ 0, 0);
+ break;
+--- a/sysdeps/generic/unsecvars.h
++++ b/sysdeps/generic/unsecvars.h
+@@ -16,6 +16,7 @@
+ "LD_DEBUG\0" \
+ "LD_DEBUG_OUTPUT\0" \
+ "LD_DYNAMIC_WEAK\0" \
++ "LD_HWCAP_MASK\0" \
+ "LD_LIBRARY_PATH\0" \
+ "LD_ORIGIN_PATH\0" \
+ "LD_PRELOAD\0" \
diff --git a/debian/patches/series b/debian/patches/series
index ade96a1..d32c1dc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -277,3 +277,4 @@ any/cvs-hesiod-resolver.diff
any/local-CVE-2017-1000366-rtld-LD_LIBRARY_PATH.diff
any/local-CVE-2017-1000366-rtld-LD_PRELOAD.diff
any/local-CVE-2017-1000366-rtld-LD_AUDIT.diff
+any/cvs-hwcap-AT_SECURE.diff
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-glibc/glibc.git
Reply to: