Accepting request 184086 from Base:System
- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207, bnc#830257) - nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale - glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt (forwarded request 184083 from Andreas_Schwab) OBS-URL: https://build.opensuse.org/request/show/184086 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/glibc?expand=0&rev=151
This commit is contained in:
commit
7058ebe27a
241
disable-pt-chown.patch
Normal file
241
disable-pt-chown.patch
Normal file
@ -0,0 +1,241 @@
|
|||||||
|
2013-07-21 Siddhesh Poyarekar <siddhesh@redhat.com>
|
||||||
|
Andreas Schwab <schwab@suse.de>
|
||||||
|
Roland McGrath <roland@hack.frob.com>
|
||||||
|
Joseph Myers <joseph@codesourcery.com>
|
||||||
|
Carlos O'Donell <carlos@redhat.com>
|
||||||
|
|
||||||
|
[BZ #15755]
|
||||||
|
* config.h.in: Define HAVE_PT_CHOWN.
|
||||||
|
* config.make.in (build-pt-chown): New variable.
|
||||||
|
* configure.in (--enable-pt_chown): New configure option.
|
||||||
|
* configure: Regenerate.
|
||||||
|
* login/Makefile: Include Makeconfig. Build pt_chown only if
|
||||||
|
build-pt-chown is enabled.
|
||||||
|
* sysdeps/unix/grantpt.c (grantpt) [HAVE_PT_CHOWN]: Spawn
|
||||||
|
pt_chown to fix pty ownership.
|
||||||
|
* sysdeps/unix/sysv/linux/grantpt.c [HAVE_PT_CHOWN]: Define
|
||||||
|
CLOSE_ALL_FDS.
|
||||||
|
* manual/install.texi (Configuring and compiling): Mention
|
||||||
|
--enable-pt_chown. Add @findex for grantpt.
|
||||||
|
* INSTALL: Regenerate.
|
||||||
|
|
||||||
|
Index: glibc-2.17/INSTALL
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/INSTALL
|
||||||
|
+++ glibc-2.17/INSTALL
|
||||||
|
@@ -128,6 +128,18 @@ will be used, and CFLAGS sets optimizati
|
||||||
|
this can be prevented though there generally is no reason since it
|
||||||
|
creates compatibility problems.
|
||||||
|
|
||||||
|
+`--enable-pt_chown'
|
||||||
|
+ The file `pt_chown' is a helper binary for `grantpt' (*note
|
||||||
|
+ Pseudo-Terminals: Allocation.) that is installed setuid root to
|
||||||
|
+ fix up pseudo-terminal ownership. It is not built by default
|
||||||
|
+ because systems using the Linux kernel are commonly built with the
|
||||||
|
+ `devpts' filesystem enabled and mounted at `/dev/pts', which
|
||||||
|
+ manages pseudo-terminal ownership automatically. By using
|
||||||
|
+ `--enable-pt_chown', you may build `pt_chown' and install it
|
||||||
|
+ setuid and owned by `root'. The use of `pt_chown' introduces
|
||||||
|
+ additional security risks to the system and you should enable it
|
||||||
|
+ only if you understand and accept those risks.
|
||||||
|
+
|
||||||
|
`--build=BUILD-SYSTEM'
|
||||||
|
`--host=HOST-SYSTEM'
|
||||||
|
These options are for cross-compiling. If you specify both
|
||||||
|
Index: glibc-2.17/config.h.in
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/config.h.in
|
||||||
|
+++ glibc-2.17/config.h.in
|
||||||
|
@@ -232,4 +232,7 @@
|
||||||
|
/* The ARM hard-float ABI is being used. */
|
||||||
|
#undef HAVE_ARM_PCS_VFP
|
||||||
|
|
||||||
|
+/* The pt_chown binary is being built and used by grantpt. */
|
||||||
|
+#undef HAVE_PT_CHOWN
|
||||||
|
+
|
||||||
|
#endif
|
||||||
|
Index: glibc-2.17/config.make.in
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/config.make.in
|
||||||
|
+++ glibc-2.17/config.make.in
|
||||||
|
@@ -102,6 +102,7 @@ force-install = @force_install@
|
||||||
|
link-obsolete-rpc = @link_obsolete_rpc@
|
||||||
|
build-nscd = @build_nscd@
|
||||||
|
use-nscd = @use_nscd@
|
||||||
|
+build-pt-chown = @build_pt_chown@
|
||||||
|
|
||||||
|
# Build tools.
|
||||||
|
CC = @CC@
|
||||||
|
Index: glibc-2.17/configure
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/configure
|
||||||
|
+++ glibc-2.17/configure
|
||||||
|
@@ -654,6 +654,7 @@ multi_arch
|
||||||
|
base_machine
|
||||||
|
add_on_subdirs
|
||||||
|
add_ons
|
||||||
|
+build_pt_chown
|
||||||
|
build_nscd
|
||||||
|
link_obsolete_rpc
|
||||||
|
libc_cv_nss_crypt
|
||||||
|
@@ -760,6 +761,7 @@ enable_obsolete_rpc
|
||||||
|
enable_systemtap
|
||||||
|
enable_build_nscd
|
||||||
|
enable_nscd
|
||||||
|
+enable_pt_chown
|
||||||
|
with_cpu
|
||||||
|
'
|
||||||
|
ac_precious_vars='build_alias
|
||||||
|
@@ -1420,6 +1422,7 @@ Optional Features:
|
||||||
|
--enable-systemtap enable systemtap static probe points [default=no]
|
||||||
|
--disable-build-nscd disable building and installing the nscd daemon
|
||||||
|
--disable-nscd library functions will not contact the nscd daemon
|
||||||
|
+ --enable-pt_chown Enable building and installing pt_chown
|
||||||
|
|
||||||
|
Optional Packages:
|
||||||
|
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
|
||||||
|
@@ -3935,6 +3938,19 @@ else
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
+# Check whether --enable-pt_chown was given.
|
||||||
|
+if test "${enable_pt_chown+set}" = set; then :
|
||||||
|
+ enableval=$enable_pt_chown; build_pt_chown=$enableval
|
||||||
|
+else
|
||||||
|
+ build_pt_chown=no
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+if test $build_pt_chown = yes; then
|
||||||
|
+ $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h
|
||||||
|
+
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
# The way shlib-versions is used to generate soversions.mk uses a
|
||||||
|
# fairly simplistic model for name recognition that can't distinguish
|
||||||
|
# i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os
|
||||||
|
Index: glibc-2.17/configure.in
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/configure.in
|
||||||
|
+++ glibc-2.17/configure.in
|
||||||
|
@@ -315,6 +315,16 @@ AC_ARG_ENABLE([nscd],
|
||||||
|
[use_nscd=$enableval],
|
||||||
|
[use_nscd=yes])
|
||||||
|
|
||||||
|
+AC_ARG_ENABLE([pt_chown],
|
||||||
|
+ [AS_HELP_STRING([--enable-pt_chown],
|
||||||
|
+ [Enable building and installing pt_chown])],
|
||||||
|
+ [build_pt_chown=$enableval],
|
||||||
|
+ [build_pt_chown=no])
|
||||||
|
+AC_SUBST(build_pt_chown)
|
||||||
|
+if test $build_pt_chown = yes; then
|
||||||
|
+ AC_DEFINE(HAVE_PT_CHOWN)
|
||||||
|
+fi
|
||||||
|
+
|
||||||
|
# The way shlib-versions is used to generate soversions.mk uses a
|
||||||
|
# fairly simplistic model for name recognition that can't distinguish
|
||||||
|
# i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os
|
||||||
|
Index: glibc-2.17/login/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/login/Makefile
|
||||||
|
+++ glibc-2.17/login/Makefile
|
||||||
|
@@ -29,9 +29,15 @@ routines := getutent getutent_r getutid
|
||||||
|
|
||||||
|
CFLAGS-grantpt.c = -DLIBEXECDIR='"$(libexecdir)"'
|
||||||
|
|
||||||
|
-others = utmpdump pt_chown
|
||||||
|
+others = utmpdump
|
||||||
|
+
|
||||||
|
+include ../Makeconfig
|
||||||
|
+
|
||||||
|
+ifeq (yes,$(build-pt-chown))
|
||||||
|
+others += pt_chown
|
||||||
|
others-pie = pt_chown
|
||||||
|
install-others-programs = $(inst_libexecdir)/pt_chown
|
||||||
|
+endif
|
||||||
|
|
||||||
|
subdir-dirs = programs
|
||||||
|
vpath %.c programs
|
||||||
|
Index: glibc-2.17/manual/install.texi
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/manual/install.texi
|
||||||
|
+++ glibc-2.17/manual/install.texi
|
||||||
|
@@ -155,6 +155,20 @@ if the used tools support it. By using
|
||||||
|
prevented though there generally is no reason since it creates
|
||||||
|
compatibility problems.
|
||||||
|
|
||||||
|
+@pindex pt_chown
|
||||||
|
+@findex grantpt
|
||||||
|
+@item --enable-pt_chown
|
||||||
|
+The file @file{pt_chown} is a helper binary for @code{grantpt}
|
||||||
|
+(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to
|
||||||
|
+fix up pseudo-terminal ownership. It is not built by default because
|
||||||
|
+systems using the Linux kernel are commonly built with the @code{devpts}
|
||||||
|
+filesystem enabled and mounted at @file{/dev/pts}, which manages
|
||||||
|
+pseudo-terminal ownership automatically. By using
|
||||||
|
+@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it
|
||||||
|
+setuid and owned by @code{root}. The use of @file{pt_chown} introduces
|
||||||
|
+additional security risks to the system and you should enable it only if
|
||||||
|
+you understand and accept those risks.
|
||||||
|
+
|
||||||
|
@item --build=@var{build-system}
|
||||||
|
@itemx --host=@var{host-system}
|
||||||
|
These options are for cross-compiling. If you specify both options and
|
||||||
|
Index: glibc-2.17/sysdeps/unix/grantpt.c
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/sysdeps/unix/grantpt.c
|
||||||
|
+++ glibc-2.17/sysdeps/unix/grantpt.c
|
||||||
|
@@ -173,9 +173,10 @@ grantpt (int fd)
|
||||||
|
retval = 0;
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
- /* We have to use the helper program. */
|
||||||
|
+ /* We have to use the helper program if it is available. */
|
||||||
|
helper:;
|
||||||
|
|
||||||
|
+#ifdef HAVE_PT_CHOWN
|
||||||
|
pid_t pid = __fork ();
|
||||||
|
if (pid == -1)
|
||||||
|
goto cleanup;
|
||||||
|
@@ -190,9 +191,9 @@ grantpt (int fd)
|
||||||
|
if (__dup2 (fd, PTY_FILENO) < 0)
|
||||||
|
_exit (FAIL_EBADF);
|
||||||
|
|
||||||
|
-#ifdef CLOSE_ALL_FDS
|
||||||
|
+# ifdef CLOSE_ALL_FDS
|
||||||
|
CLOSE_ALL_FDS ();
|
||||||
|
-#endif
|
||||||
|
+# endif
|
||||||
|
|
||||||
|
execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL);
|
||||||
|
_exit (FAIL_EXEC);
|
||||||
|
@@ -231,6 +232,7 @@ grantpt (int fd)
|
||||||
|
assert(! "getpt: internal error: invalid exit code from pt_chown");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
if (buf != _buf)
|
||||||
|
Index: glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/sysdeps/unix/sysv/linux/grantpt.c
|
||||||
|
+++ glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c
|
||||||
|
@@ -11,7 +11,7 @@
|
||||||
|
|
||||||
|
#include "pty-private.h"
|
||||||
|
|
||||||
|
-
|
||||||
|
+#if HAVE_PT_CHOWN
|
||||||
|
/* Close all file descriptors except the one specified. */
|
||||||
|
static void
|
||||||
|
close_all_fds (void)
|
||||||
|
@@ -38,6 +38,7 @@ close_all_fds (void)
|
||||||
|
__dup2 (STDOUT_FILENO, STDERR_FILENO);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
-#define CLOSE_ALL_FDS() close_all_fds()
|
||||||
|
+# define CLOSE_ALL_FDS() close_all_fds()
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
#include <sysdeps/unix/grantpt.c>
|
@ -39,6 +39,11 @@ Index: glibc-2.17/crypt/Makefile
|
|||||||
|
|
||||||
include ../Makeconfig
|
include ../Makeconfig
|
||||||
|
|
||||||
|
@@ -77,3 +82,4 @@ endif
|
||||||
|
# This ensures they will load libc.so for needed symbols if loaded by
|
||||||
|
# a statically-linked program that hasn't already loaded it.
|
||||||
|
$(objpfx)libcrypt.so: $(common-objpfx)libc.so $(common-objpfx)libc_nonshared.a
|
||||||
|
+$(objpfx)libowcrypt.so: $(common-objpfx)libc.so $(common-objpfx)libc_nonshared.a
|
||||||
Index: glibc-2.17/crypt/Versions
|
Index: glibc-2.17/crypt/Versions
|
||||||
===================================================================
|
===================================================================
|
||||||
--- glibc-2.17.orig/crypt/Versions
|
--- glibc-2.17.orig/crypt/Versions
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207,
|
||||||
|
bnc#830257)
|
||||||
|
- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale
|
||||||
|
- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
@ -253,6 +253,8 @@ Patch1004: regexp-overrun.patch
|
|||||||
Patch1005: getaddrinfo-overflow.patch
|
Patch1005: getaddrinfo-overflow.patch
|
||||||
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
||||||
Patch1006: nscd-netgroup.patch
|
Patch1006: nscd-netgroup.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207)
|
||||||
|
Patch1007: disable-pt-chown.patch
|
||||||
|
|
||||||
###
|
###
|
||||||
# Patches awaiting upstream approval
|
# Patches awaiting upstream approval
|
||||||
@ -273,6 +275,8 @@ Patch2014: strptime-W-week.patch
|
|||||||
Patch2015: printf-overrun.patch
|
Patch2015: printf-overrun.patch
|
||||||
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
||||||
Patch2016: aarch64-sigsetjmp.patch
|
Patch2016: aarch64-sigsetjmp.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9
|
||||||
|
Patch2017: nonascii-case.patch
|
||||||
|
|
||||||
# Non-glibc patches
|
# Non-glibc patches
|
||||||
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
||||||
@ -480,6 +484,7 @@ rm nscd/s-stamp
|
|||||||
%patch1004 -p1
|
%patch1004 -p1
|
||||||
%patch1005 -p1
|
%patch1005 -p1
|
||||||
%patch1006 -p1
|
%patch1006 -p1
|
||||||
|
%patch1007 -p1
|
||||||
|
|
||||||
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
||||||
# %patch2008 -p1
|
# %patch2008 -p1
|
||||||
@ -490,6 +495,7 @@ rm nscd/s-stamp
|
|||||||
%patch2014 -p1
|
%patch2014 -p1
|
||||||
%patch2015 -p1
|
%patch2015 -p1
|
||||||
%patch2016 -p1
|
%patch2016 -p1
|
||||||
|
%patch2017 -p1
|
||||||
|
|
||||||
%patch3000
|
%patch3000
|
||||||
|
|
||||||
@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir}
|
|||||||
#######################################################################
|
#######################################################################
|
||||||
|
|
||||||
%if %{normal_build}
|
%if %{normal_build}
|
||||||
# Note: glibc_post_upgrade does:
|
|
||||||
# %%set_permissions %%{_libexecdir}/pt_chown
|
|
||||||
# since we cannot do it in our own post section
|
|
||||||
|
|
||||||
%post -p %{_sbindir}/glibc_post_upgrade
|
%post -p %{_sbindir}/glibc_post_upgrade
|
||||||
|
|
||||||
%if 0
|
|
||||||
# Enabling the following lines will generate a
|
|
||||||
# requires on /bin/sh but glibc should not require any other binary
|
|
||||||
# packages. Therefore we do the change with the built-in lua:
|
|
||||||
# %%verifyscript
|
|
||||||
# %%verify_permissions -e %%{_libexecdir}/pt_chown
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%verifyscript -p <lua>
|
|
||||||
os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown")
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%endif # %{normal_build}
|
%endif # %{normal_build}
|
||||||
@ -1177,7 +1168,6 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
%{_bindir}/locale
|
%{_bindir}/locale
|
||||||
%{_bindir}/localedef
|
%{_bindir}/localedef
|
||||||
%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown
|
|
||||||
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
||||||
%{_libexecdir}/getconf/*
|
%{_libexecdir}/getconf/*
|
||||||
%{_sbindir}/glibc_post_upgrade
|
%{_sbindir}/glibc_post_upgrade
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207,
|
||||||
|
bnc#830257)
|
||||||
|
- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale
|
||||||
|
- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
@ -252,6 +252,8 @@ Patch1004: regexp-overrun.patch
|
|||||||
Patch1005: getaddrinfo-overflow.patch
|
Patch1005: getaddrinfo-overflow.patch
|
||||||
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
||||||
Patch1006: nscd-netgroup.patch
|
Patch1006: nscd-netgroup.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207)
|
||||||
|
Patch1007: disable-pt-chown.patch
|
||||||
|
|
||||||
###
|
###
|
||||||
# Patches awaiting upstream approval
|
# Patches awaiting upstream approval
|
||||||
@ -272,6 +274,8 @@ Patch2014: strptime-W-week.patch
|
|||||||
Patch2015: printf-overrun.patch
|
Patch2015: printf-overrun.patch
|
||||||
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
||||||
Patch2016: aarch64-sigsetjmp.patch
|
Patch2016: aarch64-sigsetjmp.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9
|
||||||
|
Patch2017: nonascii-case.patch
|
||||||
|
|
||||||
# Non-glibc patches
|
# Non-glibc patches
|
||||||
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
||||||
@ -480,6 +484,7 @@ rm nscd/s-stamp
|
|||||||
%patch1004 -p1
|
%patch1004 -p1
|
||||||
%patch1005 -p1
|
%patch1005 -p1
|
||||||
%patch1006 -p1
|
%patch1006 -p1
|
||||||
|
%patch1007 -p1
|
||||||
|
|
||||||
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
||||||
# %patch2008 -p1
|
# %patch2008 -p1
|
||||||
@ -490,6 +495,7 @@ rm nscd/s-stamp
|
|||||||
%patch2014 -p1
|
%patch2014 -p1
|
||||||
%patch2015 -p1
|
%patch2015 -p1
|
||||||
%patch2016 -p1
|
%patch2016 -p1
|
||||||
|
%patch2017 -p1
|
||||||
|
|
||||||
%patch3000
|
%patch3000
|
||||||
|
|
||||||
@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir}
|
|||||||
#######################################################################
|
#######################################################################
|
||||||
|
|
||||||
%if %{normal_build}
|
%if %{normal_build}
|
||||||
# Note: glibc_post_upgrade does:
|
|
||||||
# %%set_permissions %%{_libexecdir}/pt_chown
|
|
||||||
# since we cannot do it in our own post section
|
|
||||||
|
|
||||||
%post -p %{_sbindir}/glibc_post_upgrade
|
%post -p %{_sbindir}/glibc_post_upgrade
|
||||||
|
|
||||||
%if 0
|
|
||||||
# Enabling the following lines will generate a
|
|
||||||
# requires on /bin/sh but glibc should not require any other binary
|
|
||||||
# packages. Therefore we do the change with the built-in lua:
|
|
||||||
# %%verifyscript
|
|
||||||
# %%verify_permissions -e %%{_libexecdir}/pt_chown
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%verifyscript -p <lua>
|
|
||||||
os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown")
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%endif # %{normal_build}
|
%endif # %{normal_build}
|
||||||
@ -1177,7 +1168,6 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
%{_bindir}/locale
|
%{_bindir}/locale
|
||||||
%{_bindir}/localedef
|
%{_bindir}/localedef
|
||||||
%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown
|
|
||||||
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
||||||
%{_libexecdir}/getconf/*
|
%{_libexecdir}/getconf/*
|
||||||
%{_sbindir}/glibc_post_upgrade
|
%{_sbindir}/glibc_post_upgrade
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207,
|
||||||
|
bnc#830257)
|
||||||
|
- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale
|
||||||
|
- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de
|
||||||
|
|
||||||
|
22
glibc.spec
22
glibc.spec
@ -253,6 +253,8 @@ Patch1004: regexp-overrun.patch
|
|||||||
Patch1005: getaddrinfo-overflow.patch
|
Patch1005: getaddrinfo-overflow.patch
|
||||||
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
# PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd
|
||||||
Patch1006: nscd-netgroup.patch
|
Patch1006: nscd-netgroup.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207)
|
||||||
|
Patch1007: disable-pt-chown.patch
|
||||||
|
|
||||||
###
|
###
|
||||||
# Patches awaiting upstream approval
|
# Patches awaiting upstream approval
|
||||||
@ -273,6 +275,8 @@ Patch2014: strptime-W-week.patch
|
|||||||
Patch2015: printf-overrun.patch
|
Patch2015: printf-overrun.patch
|
||||||
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
# PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp
|
||||||
Patch2016: aarch64-sigsetjmp.patch
|
Patch2016: aarch64-sigsetjmp.patch
|
||||||
|
# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9
|
||||||
|
Patch2017: nonascii-case.patch
|
||||||
|
|
||||||
# Non-glibc patches
|
# Non-glibc patches
|
||||||
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
# PATCH-FIX-OPENSUSE Remove debianisms from manpages
|
||||||
@ -480,6 +484,7 @@ rm nscd/s-stamp
|
|||||||
%patch1004 -p1
|
%patch1004 -p1
|
||||||
%patch1005 -p1
|
%patch1005 -p1
|
||||||
%patch1006 -p1
|
%patch1006 -p1
|
||||||
|
%patch1007 -p1
|
||||||
|
|
||||||
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
# XXX Disable, it breaks the testsuite, test elf/tst-audit2
|
||||||
# %patch2008 -p1
|
# %patch2008 -p1
|
||||||
@ -490,6 +495,7 @@ rm nscd/s-stamp
|
|||||||
%patch2014 -p1
|
%patch2014 -p1
|
||||||
%patch2015 -p1
|
%patch2015 -p1
|
||||||
%patch2016 -p1
|
%patch2016 -p1
|
||||||
|
%patch2017 -p1
|
||||||
|
|
||||||
%patch3000
|
%patch3000
|
||||||
|
|
||||||
@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir}
|
|||||||
#######################################################################
|
#######################################################################
|
||||||
|
|
||||||
%if %{normal_build}
|
%if %{normal_build}
|
||||||
# Note: glibc_post_upgrade does:
|
|
||||||
# %%set_permissions %%{_libexecdir}/pt_chown
|
|
||||||
# since we cannot do it in our own post section
|
|
||||||
|
|
||||||
%post -p %{_sbindir}/glibc_post_upgrade
|
%post -p %{_sbindir}/glibc_post_upgrade
|
||||||
|
|
||||||
%if 0
|
|
||||||
# Enabling the following lines will generate a
|
|
||||||
# requires on /bin/sh but glibc should not require any other binary
|
|
||||||
# packages. Therefore we do the change with the built-in lua:
|
|
||||||
# %%verifyscript
|
|
||||||
# %%verify_permissions -e %%{_libexecdir}/pt_chown
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%verifyscript -p <lua>
|
|
||||||
os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown")
|
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%endif # %{normal_build}
|
%endif # %{normal_build}
|
||||||
@ -1177,7 +1168,6 @@ exit 0
|
|||||||
%endif
|
%endif
|
||||||
%{_bindir}/locale
|
%{_bindir}/locale
|
||||||
%{_bindir}/localedef
|
%{_bindir}/localedef
|
||||||
%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown
|
|
||||||
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
%dir %attr(0755,root,root) %{_libexecdir}/getconf
|
||||||
%{_libexecdir}/getconf/*
|
%{_libexecdir}/getconf/*
|
||||||
%{_sbindir}/glibc_post_upgrade
|
%{_sbindir}/glibc_post_upgrade
|
||||||
|
87
nonascii-case.patch
Normal file
87
nonascii-case.patch
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
[BZ #15736]
|
||||||
|
* locale/categories.def (LC_CTYPE): Add "nonascii-case" element.
|
||||||
|
* string/Makefile (test-strcasecmp-ENV)
|
||||||
|
(test-strcasecmp-ifunc-ENV): Define.
|
||||||
|
* string/test-strcasecmp.c (test_main): Run tests in several
|
||||||
|
locales.
|
||||||
|
|
||||||
|
Index: glibc-2.17/locale/categories.def
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/locale/categories.def
|
||||||
|
+++ glibc-2.17/locale/categories.def
|
||||||
|
@@ -133,6 +133,7 @@ DEFINE_CATEGORY
|
||||||
|
DEFINE_ELEMENT (_NL_CTYPE_TRANSLIT_IGNORE_LEN, "ctype-translit-ignore-len", std, word)
|
||||||
|
DEFINE_ELEMENT (_NL_CTYPE_TRANSLIT_IGNORE, "ctype-translit-ignore", std, string)
|
||||||
|
DEFINE_ELEMENT (_NL_CTYPE_MAP_TO_NONASCII, "map-to-nonascii", std, word)
|
||||||
|
+ DEFINE_ELEMENT (_NL_CTYPE_NONASCII_CASE, "nonascii-case", std, word)
|
||||||
|
), _nl_postload_ctype)
|
||||||
|
|
||||||
|
|
||||||
|
Index: glibc-2.17/string/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/string/Makefile
|
||||||
|
+++ glibc-2.17/string/Makefile
|
||||||
|
@@ -69,6 +69,8 @@ noinl-tester-ENV = LANGUAGE=C
|
||||||
|
tst-strxfrm-ENV = LOCPATH=$(common-objpfx)localedata
|
||||||
|
tst-strxfrm2-ENV = LOCPATH=$(common-objpfx)localedata
|
||||||
|
bug-strcoll1-ENV = LOCPATH=$(common-objpfx)localedata
|
||||||
|
+test-strcasecmp-ENV = LOCPATH=$(common-objpfx)localedata
|
||||||
|
+test-strcasecmp-ifunc-ENV = LOCPATH=$(common-objpfx)localedata
|
||||||
|
CFLAGS-inl-tester.c = -fno-builtin
|
||||||
|
CFLAGS-noinl-tester.c = -fno-builtin
|
||||||
|
CFLAGS-tst-strlen.c = -fno-builtin
|
||||||
|
Index: glibc-2.17/string/test-strcasecmp.c
|
||||||
|
===================================================================
|
||||||
|
--- glibc-2.17.orig/string/test-strcasecmp.c
|
||||||
|
+++ glibc-2.17/string/test-strcasecmp.c
|
||||||
|
@@ -17,6 +17,7 @@
|
||||||
|
License along with the GNU C Library; if not, see
|
||||||
|
<http://www.gnu.org/licenses/>. */
|
||||||
|
|
||||||
|
+#include <locale.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
#define TEST_MAIN
|
||||||
|
#define TEST_NAME "strcasecmp"
|
||||||
|
@@ -230,14 +231,18 @@ do_random_tests (void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-int
|
||||||
|
-test_main (void)
|
||||||
|
+static void
|
||||||
|
+test_locale (const char *locale)
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
- test_init ();
|
||||||
|
+ if (setlocale (LC_CTYPE, locale) == NULL)
|
||||||
|
+ {
|
||||||
|
+ error (0, 0, "cannot set locale \"%s\"", locale);
|
||||||
|
+ ret = 1;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- printf ("%23s", "");
|
||||||
|
+ printf ("%-23s", locale);
|
||||||
|
FOR_EACH_IMPL (impl, 0)
|
||||||
|
printf ("\t%s", impl->name);
|
||||||
|
putchar ('\n');
|
||||||
|
@@ -270,6 +275,19 @@ test_main (void)
|
||||||
|
}
|
||||||
|
|
||||||
|
do_random_tests ();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+test_main (void)
|
||||||
|
+{
|
||||||
|
+ test_init ();
|
||||||
|
+
|
||||||
|
+ test_locale ("C");
|
||||||
|
+ test_locale ("en_US.ISO-8859-1");
|
||||||
|
+ test_locale ("en_US.UTF-8");
|
||||||
|
+ test_locale ("tr_TR.ISO-8859-9");
|
||||||
|
+ test_locale ("tr_TR.UTF-8");
|
||||||
|
+
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user