From 187a641195e473a9e6a4118bc118099fbc1e020d1a24443fa43046c9dd0fd6df Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 23 Jul 2013 13:31:56 +0000 Subject: [PATCH] Accepting request 184083 from home:Andreas_Schwab:Factory - disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207, bnc#830257) - nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale - glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt OBS-URL: https://build.opensuse.org/request/show/184083 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=300 --- disable-pt-chown.patch | 241 ++++++++++++++++++++++++++++++++++++++++ glibc-2.14-crypt.diff | 5 + glibc-testsuite.changes | 8 ++ glibc-testsuite.spec | 22 +--- glibc-utils.changes | 8 ++ glibc-utils.spec | 22 +--- glibc.changes | 8 ++ glibc.spec | 22 +--- nonascii-case.patch | 87 +++++++++++++++ 9 files changed, 375 insertions(+), 48 deletions(-) create mode 100644 disable-pt-chown.patch create mode 100644 nonascii-case.patch diff --git a/disable-pt-chown.patch b/disable-pt-chown.patch new file mode 100644 index 0000000..ee52371 --- /dev/null +++ b/disable-pt-chown.patch @@ -0,0 +1,241 @@ +2013-07-21 Siddhesh Poyarekar + Andreas Schwab + Roland McGrath + Joseph Myers + Carlos O'Donell + + [BZ #15755] + * config.h.in: Define HAVE_PT_CHOWN. + * config.make.in (build-pt-chown): New variable. + * configure.in (--enable-pt_chown): New configure option. + * configure: Regenerate. + * login/Makefile: Include Makeconfig. Build pt_chown only if + build-pt-chown is enabled. + * sysdeps/unix/grantpt.c (grantpt) [HAVE_PT_CHOWN]: Spawn + pt_chown to fix pty ownership. + * sysdeps/unix/sysv/linux/grantpt.c [HAVE_PT_CHOWN]: Define + CLOSE_ALL_FDS. + * manual/install.texi (Configuring and compiling): Mention + --enable-pt_chown. Add @findex for grantpt. + * INSTALL: Regenerate. + +Index: glibc-2.17/INSTALL +=================================================================== +--- glibc-2.17.orig/INSTALL ++++ glibc-2.17/INSTALL +@@ -128,6 +128,18 @@ will be used, and CFLAGS sets optimizati + this can be prevented though there generally is no reason since it + creates compatibility problems. + ++`--enable-pt_chown' ++ The file `pt_chown' is a helper binary for `grantpt' (*note ++ Pseudo-Terminals: Allocation.) that is installed setuid root to ++ fix up pseudo-terminal ownership. It is not built by default ++ because systems using the Linux kernel are commonly built with the ++ `devpts' filesystem enabled and mounted at `/dev/pts', which ++ manages pseudo-terminal ownership automatically. By using ++ `--enable-pt_chown', you may build `pt_chown' and install it ++ setuid and owned by `root'. The use of `pt_chown' introduces ++ additional security risks to the system and you should enable it ++ only if you understand and accept those risks. ++ + `--build=BUILD-SYSTEM' + `--host=HOST-SYSTEM' + These options are for cross-compiling. If you specify both +Index: glibc-2.17/config.h.in +=================================================================== +--- glibc-2.17.orig/config.h.in ++++ glibc-2.17/config.h.in +@@ -232,4 +232,7 @@ + /* The ARM hard-float ABI is being used. */ + #undef HAVE_ARM_PCS_VFP + ++/* The pt_chown binary is being built and used by grantpt. */ ++#undef HAVE_PT_CHOWN ++ + #endif +Index: glibc-2.17/config.make.in +=================================================================== +--- glibc-2.17.orig/config.make.in ++++ glibc-2.17/config.make.in +@@ -102,6 +102,7 @@ force-install = @force_install@ + link-obsolete-rpc = @link_obsolete_rpc@ + build-nscd = @build_nscd@ + use-nscd = @use_nscd@ ++build-pt-chown = @build_pt_chown@ + + # Build tools. + CC = @CC@ +Index: glibc-2.17/configure +=================================================================== +--- glibc-2.17.orig/configure ++++ glibc-2.17/configure +@@ -654,6 +654,7 @@ multi_arch + base_machine + add_on_subdirs + add_ons ++build_pt_chown + build_nscd + link_obsolete_rpc + libc_cv_nss_crypt +@@ -760,6 +761,7 @@ enable_obsolete_rpc + enable_systemtap + enable_build_nscd + enable_nscd ++enable_pt_chown + with_cpu + ' + ac_precious_vars='build_alias +@@ -1420,6 +1422,7 @@ Optional Features: + --enable-systemtap enable systemtap static probe points [default=no] + --disable-build-nscd disable building and installing the nscd daemon + --disable-nscd library functions will not contact the nscd daemon ++ --enable-pt_chown Enable building and installing pt_chown + + Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] +@@ -3935,6 +3938,19 @@ else + fi + + ++# Check whether --enable-pt_chown was given. ++if test "${enable_pt_chown+set}" = set; then : ++ enableval=$enable_pt_chown; build_pt_chown=$enableval ++else ++ build_pt_chown=no ++fi ++ ++ ++if test $build_pt_chown = yes; then ++ $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h ++ ++fi ++ + # The way shlib-versions is used to generate soversions.mk uses a + # fairly simplistic model for name recognition that can't distinguish + # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os +Index: glibc-2.17/configure.in +=================================================================== +--- glibc-2.17.orig/configure.in ++++ glibc-2.17/configure.in +@@ -315,6 +315,16 @@ AC_ARG_ENABLE([nscd], + [use_nscd=$enableval], + [use_nscd=yes]) + ++AC_ARG_ENABLE([pt_chown], ++ [AS_HELP_STRING([--enable-pt_chown], ++ [Enable building and installing pt_chown])], ++ [build_pt_chown=$enableval], ++ [build_pt_chown=no]) ++AC_SUBST(build_pt_chown) ++if test $build_pt_chown = yes; then ++ AC_DEFINE(HAVE_PT_CHOWN) ++fi ++ + # The way shlib-versions is used to generate soversions.mk uses a + # fairly simplistic model for name recognition that can't distinguish + # i486-pc-linux-gnu fully from i486-pc-gnu. So we mutate a $host_os +Index: glibc-2.17/login/Makefile +=================================================================== +--- glibc-2.17.orig/login/Makefile ++++ glibc-2.17/login/Makefile +@@ -29,9 +29,15 @@ routines := getutent getutent_r getutid + + CFLAGS-grantpt.c = -DLIBEXECDIR='"$(libexecdir)"' + +-others = utmpdump pt_chown ++others = utmpdump ++ ++include ../Makeconfig ++ ++ifeq (yes,$(build-pt-chown)) ++others += pt_chown + others-pie = pt_chown + install-others-programs = $(inst_libexecdir)/pt_chown ++endif + + subdir-dirs = programs + vpath %.c programs +Index: glibc-2.17/manual/install.texi +=================================================================== +--- glibc-2.17.orig/manual/install.texi ++++ glibc-2.17/manual/install.texi +@@ -155,6 +155,20 @@ if the used tools support it. By using + prevented though there generally is no reason since it creates + compatibility problems. + ++@pindex pt_chown ++@findex grantpt ++@item --enable-pt_chown ++The file @file{pt_chown} is a helper binary for @code{grantpt} ++(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to ++fix up pseudo-terminal ownership. It is not built by default because ++systems using the Linux kernel are commonly built with the @code{devpts} ++filesystem enabled and mounted at @file{/dev/pts}, which manages ++pseudo-terminal ownership automatically. By using ++@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it ++setuid and owned by @code{root}. The use of @file{pt_chown} introduces ++additional security risks to the system and you should enable it only if ++you understand and accept those risks. ++ + @item --build=@var{build-system} + @itemx --host=@var{host-system} + These options are for cross-compiling. If you specify both options and +Index: glibc-2.17/sysdeps/unix/grantpt.c +=================================================================== +--- glibc-2.17.orig/sysdeps/unix/grantpt.c ++++ glibc-2.17/sysdeps/unix/grantpt.c +@@ -173,9 +173,10 @@ grantpt (int fd) + retval = 0; + goto cleanup; + +- /* We have to use the helper program. */ ++ /* We have to use the helper program if it is available. */ + helper:; + ++#ifdef HAVE_PT_CHOWN + pid_t pid = __fork (); + if (pid == -1) + goto cleanup; +@@ -190,9 +191,9 @@ grantpt (int fd) + if (__dup2 (fd, PTY_FILENO) < 0) + _exit (FAIL_EBADF); + +-#ifdef CLOSE_ALL_FDS ++# ifdef CLOSE_ALL_FDS + CLOSE_ALL_FDS (); +-#endif ++# endif + + execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL); + _exit (FAIL_EXEC); +@@ -231,6 +232,7 @@ grantpt (int fd) + assert(! "getpt: internal error: invalid exit code from pt_chown"); + } + } ++#endif + + cleanup: + if (buf != _buf) +Index: glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c +=================================================================== +--- glibc-2.17.orig/sysdeps/unix/sysv/linux/grantpt.c ++++ glibc-2.17/sysdeps/unix/sysv/linux/grantpt.c +@@ -11,7 +11,7 @@ + + #include "pty-private.h" + +- ++#if HAVE_PT_CHOWN + /* Close all file descriptors except the one specified. */ + static void + close_all_fds (void) +@@ -38,6 +38,7 @@ close_all_fds (void) + __dup2 (STDOUT_FILENO, STDERR_FILENO); + } + } +-#define CLOSE_ALL_FDS() close_all_fds() ++# define CLOSE_ALL_FDS() close_all_fds() ++#endif + + #include diff --git a/glibc-2.14-crypt.diff b/glibc-2.14-crypt.diff index 82a0ec7..96e5a74 100644 --- a/glibc-2.14-crypt.diff +++ b/glibc-2.14-crypt.diff @@ -39,6 +39,11 @@ Index: glibc-2.17/crypt/Makefile include ../Makeconfig +@@ -77,3 +82,4 @@ endif + # This ensures they will load libc.so for needed symbols if loaded by + # a statically-linked program that hasn't already loaded it. + $(objpfx)libcrypt.so: $(common-objpfx)libc.so $(common-objpfx)libc_nonshared.a ++$(objpfx)libowcrypt.so: $(common-objpfx)libc.so $(common-objpfx)libc_nonshared.a Index: glibc-2.17/crypt/Versions =================================================================== --- glibc-2.17.orig/crypt/Versions diff --git a/glibc-testsuite.changes b/glibc-testsuite.changes index ed5849f..b5896e6 100644 --- a/glibc-testsuite.changes +++ b/glibc-testsuite.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de + +- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207, + bnc#830257) +- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale +- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt + ------------------------------------------------------------------- Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de diff --git a/glibc-testsuite.spec b/glibc-testsuite.spec index 9857f3c..54504c9 100644 --- a/glibc-testsuite.spec +++ b/glibc-testsuite.spec @@ -253,6 +253,8 @@ Patch1004: regexp-overrun.patch Patch1005: getaddrinfo-overflow.patch # PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd Patch1006: nscd-netgroup.patch +# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207) +Patch1007: disable-pt-chown.patch ### # Patches awaiting upstream approval @@ -273,6 +275,8 @@ Patch2014: strptime-W-week.patch Patch2015: printf-overrun.patch # PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp Patch2016: aarch64-sigsetjmp.patch +# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9 +Patch2017: nonascii-case.patch # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -480,6 +484,7 @@ rm nscd/s-stamp %patch1004 -p1 %patch1005 -p1 %patch1006 -p1 +%patch1007 -p1 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 # %patch2008 -p1 @@ -490,6 +495,7 @@ rm nscd/s-stamp %patch2014 -p1 %patch2015 -p1 %patch2016 -p1 +%patch2017 -p1 %patch3000 @@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir} ####################################################################### %if %{normal_build} -# Note: glibc_post_upgrade does: -# %%set_permissions %%{_libexecdir}/pt_chown -# since we cannot do it in our own post section - %post -p %{_sbindir}/glibc_post_upgrade -%if 0 -# Enabling the following lines will generate a -# requires on /bin/sh but glibc should not require any other binary -# packages. Therefore we do the change with the built-in lua: -# %%verifyscript -# %%verify_permissions -e %%{_libexecdir}/pt_chown -%endif - -%verifyscript -p -os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown") - %postun -p /sbin/ldconfig %endif # %{normal_build} @@ -1177,7 +1168,6 @@ exit 0 %endif %{_bindir}/locale %{_bindir}/localedef -%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown %dir %attr(0755,root,root) %{_libexecdir}/getconf %{_libexecdir}/getconf/* %{_sbindir}/glibc_post_upgrade diff --git a/glibc-utils.changes b/glibc-utils.changes index ed5849f..b5896e6 100644 --- a/glibc-utils.changes +++ b/glibc-utils.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de + +- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207, + bnc#830257) +- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale +- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt + ------------------------------------------------------------------- Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de diff --git a/glibc-utils.spec b/glibc-utils.spec index b278caf..d7845d4 100644 --- a/glibc-utils.spec +++ b/glibc-utils.spec @@ -252,6 +252,8 @@ Patch1004: regexp-overrun.patch Patch1005: getaddrinfo-overflow.patch # PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd Patch1006: nscd-netgroup.patch +# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207) +Patch1007: disable-pt-chown.patch ### # Patches awaiting upstream approval @@ -272,6 +274,8 @@ Patch2014: strptime-W-week.patch Patch2015: printf-overrun.patch # PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp Patch2016: aarch64-sigsetjmp.patch +# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9 +Patch2017: nonascii-case.patch # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -480,6 +484,7 @@ rm nscd/s-stamp %patch1004 -p1 %patch1005 -p1 %patch1006 -p1 +%patch1007 -p1 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 # %patch2008 -p1 @@ -490,6 +495,7 @@ rm nscd/s-stamp %patch2014 -p1 %patch2015 -p1 %patch2016 -p1 +%patch2017 -p1 %patch3000 @@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir} ####################################################################### %if %{normal_build} -# Note: glibc_post_upgrade does: -# %%set_permissions %%{_libexecdir}/pt_chown -# since we cannot do it in our own post section - %post -p %{_sbindir}/glibc_post_upgrade -%if 0 -# Enabling the following lines will generate a -# requires on /bin/sh but glibc should not require any other binary -# packages. Therefore we do the change with the built-in lua: -# %%verifyscript -# %%verify_permissions -e %%{_libexecdir}/pt_chown -%endif - -%verifyscript -p -os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown") - %postun -p /sbin/ldconfig %endif # %{normal_build} @@ -1177,7 +1168,6 @@ exit 0 %endif %{_bindir}/locale %{_bindir}/localedef -%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown %dir %attr(0755,root,root) %{_libexecdir}/getconf %{_libexecdir}/getconf/* %{_sbindir}/glibc_post_upgrade diff --git a/glibc.changes b/glibc.changes index ed5849f..b5896e6 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Jul 22 12:32:34 UTC 2013 - schwab@suse.de + +- disable-pt-chown.patch: disable use of pt_chown (CVE-2013-2207, + bnc#830257) +- nonascii-case.patch: fix strcasecmp in tr_TR.ISO-8859-9 locale +- glibc-2.14-crypt.diff: fix incomplete dependencies for libowcrypt + ------------------------------------------------------------------- Thu Jul 4 12:14:27 UTC 2013 - schwab@suse.de diff --git a/glibc.spec b/glibc.spec index f53aba6..e44831d 100644 --- a/glibc.spec +++ b/glibc.spec @@ -253,6 +253,8 @@ Patch1004: regexp-overrun.patch Patch1005: getaddrinfo-overflow.patch # PATCH-FIX-UPSTREAM Fix handling of netgroup cache in nscd Patch1006: nscd-netgroup.patch +# PATCH-FIX-UPSTREAM Disable use of pt_chown (CVE-2013-2207) +Patch1007: disable-pt-chown.patch ### # Patches awaiting upstream approval @@ -273,6 +275,8 @@ Patch2014: strptime-W-week.patch Patch2015: printf-overrun.patch # PATCH-FIX-UPSTREAM AArch64: Don't clobber argument for tail call to __sigjmp_save in sigsetjmp Patch2016: aarch64-sigsetjmp.patch +# PATCH-FIX-UPSTREAM Fix strcasecmp for tr_TR.ISO-8859-9 +Patch2017: nonascii-case.patch # Non-glibc patches # PATCH-FIX-OPENSUSE Remove debianisms from manpages @@ -480,6 +484,7 @@ rm nscd/s-stamp %patch1004 -p1 %patch1005 -p1 %patch1006 -p1 +%patch1007 -p1 # XXX Disable, it breaks the testsuite, test elf/tst-audit2 # %patch2008 -p1 @@ -490,6 +495,7 @@ rm nscd/s-stamp %patch2014 -p1 %patch2015 -p1 %patch2016 -p1 +%patch2017 -p1 %patch3000 @@ -979,23 +985,8 @@ rm -rf %{buildroot}/sbin %{buildroot}%{_includedir} ####################################################################### %if %{normal_build} -# Note: glibc_post_upgrade does: -# %%set_permissions %%{_libexecdir}/pt_chown -# since we cannot do it in our own post section - %post -p %{_sbindir}/glibc_post_upgrade -%if 0 -# Enabling the following lines will generate a -# requires on /bin/sh but glibc should not require any other binary -# packages. Therefore we do the change with the built-in lua: -# %%verifyscript -# %%verify_permissions -e %%{_libexecdir}/pt_chown -%endif - -%verifyscript -p -os.execute("/usr/bin/chkstat -n --warn --system -e %{_libexecdir}/pt_chown") - %postun -p /sbin/ldconfig %endif # %{normal_build} @@ -1177,7 +1168,6 @@ exit 0 %endif %{_bindir}/locale %{_bindir}/localedef -%verify(not mode caps) %attr(4755,root,root) %{_libexecdir}/pt_chown %dir %attr(0755,root,root) %{_libexecdir}/getconf %{_libexecdir}/getconf/* %{_sbindir}/glibc_post_upgrade diff --git a/nonascii-case.patch b/nonascii-case.patch new file mode 100644 index 0000000..946173d --- /dev/null +++ b/nonascii-case.patch @@ -0,0 +1,87 @@ + [BZ #15736] + * locale/categories.def (LC_CTYPE): Add "nonascii-case" element. + * string/Makefile (test-strcasecmp-ENV) + (test-strcasecmp-ifunc-ENV): Define. + * string/test-strcasecmp.c (test_main): Run tests in several + locales. + +Index: glibc-2.17/locale/categories.def +=================================================================== +--- glibc-2.17.orig/locale/categories.def ++++ glibc-2.17/locale/categories.def +@@ -133,6 +133,7 @@ DEFINE_CATEGORY + DEFINE_ELEMENT (_NL_CTYPE_TRANSLIT_IGNORE_LEN, "ctype-translit-ignore-len", std, word) + DEFINE_ELEMENT (_NL_CTYPE_TRANSLIT_IGNORE, "ctype-translit-ignore", std, string) + DEFINE_ELEMENT (_NL_CTYPE_MAP_TO_NONASCII, "map-to-nonascii", std, word) ++ DEFINE_ELEMENT (_NL_CTYPE_NONASCII_CASE, "nonascii-case", std, word) + ), _nl_postload_ctype) + + +Index: glibc-2.17/string/Makefile +=================================================================== +--- glibc-2.17.orig/string/Makefile ++++ glibc-2.17/string/Makefile +@@ -69,6 +69,8 @@ noinl-tester-ENV = LANGUAGE=C + tst-strxfrm-ENV = LOCPATH=$(common-objpfx)localedata + tst-strxfrm2-ENV = LOCPATH=$(common-objpfx)localedata + bug-strcoll1-ENV = LOCPATH=$(common-objpfx)localedata ++test-strcasecmp-ENV = LOCPATH=$(common-objpfx)localedata ++test-strcasecmp-ifunc-ENV = LOCPATH=$(common-objpfx)localedata + CFLAGS-inl-tester.c = -fno-builtin + CFLAGS-noinl-tester.c = -fno-builtin + CFLAGS-tst-strlen.c = -fno-builtin +Index: glibc-2.17/string/test-strcasecmp.c +=================================================================== +--- glibc-2.17.orig/string/test-strcasecmp.c ++++ glibc-2.17/string/test-strcasecmp.c +@@ -17,6 +17,7 @@ + License along with the GNU C Library; if not, see + . */ + ++#include + #include + #define TEST_MAIN + #define TEST_NAME "strcasecmp" +@@ -230,14 +231,18 @@ do_random_tests (void) + } + } + +-int +-test_main (void) ++static void ++test_locale (const char *locale) + { + size_t i; + +- test_init (); ++ if (setlocale (LC_CTYPE, locale) == NULL) ++ { ++ error (0, 0, "cannot set locale \"%s\"", locale); ++ ret = 1; ++ } + +- printf ("%23s", ""); ++ printf ("%-23s", locale); + FOR_EACH_IMPL (impl, 0) + printf ("\t%s", impl->name); + putchar ('\n'); +@@ -270,6 +275,19 @@ test_main (void) + } + + do_random_tests (); ++} ++ ++int ++test_main (void) ++{ ++ test_init (); ++ ++ test_locale ("C"); ++ test_locale ("en_US.ISO-8859-1"); ++ test_locale ("en_US.UTF-8"); ++ test_locale ("tr_TR.ISO-8859-9"); ++ test_locale ("tr_TR.UTF-8"); ++ + return ret; + } +