[Lunar-commits] <moonbase-core> glibc: Small module cleanup, new security patches.
Stefan Wold
ratler at lunar-linux.org
Tue Nov 19 00:11:58 CET 2013
commit 4863144890b76b7c5459cde8f8f501bed4cb7127
Author: Stefan Wold <ratler at lunar-linux.org>
Date: Sat, 16 Nov 2013 04:54:59 -0800
URL: https://github.com/lunar-linux/moonbase-core/commit/4863144890b76b7c5459cde8f8f501bed4cb7127
glibc: Small module cleanup, new security patches.
Removed systemd unit files for the time being because nscd currently
cause issues with add_priv_{user,group} if enabled. Until we have a
mechanism available in lunar to handle that we better leave it
disabled. What happens is that the nscd cache isn't updated quickly
enough after add_priv_{user,group} which cause issues for commands
depending on a user or group existing.
Also removed a few old fixes that no longer seems to be required.
---
libs/glibc/BUILD | +8/-17
libs/glibc/BUILD.x86_64 | +7/-20
libs/glibc/DETAILS | +25/-2
libs/glibc/PRE_BUILD | +14/-1
libs/glibc/nscd.service | +0/-18
libs/glibc/nscd.tmpfiles | +0/-4
6 files changed, 54 insertions(+), 62 deletions(-)
--- a/libs/glibc/BUILD
+++ b/libs/glibc/BUILD
@@ -1,3 +1,4 @@
+
# The fortify compiler option cause the build to fail
bad_flags -D_FORTIFY_SOURCE=2 &&
@@ -8,7 +9,7 @@
KVER=`installed_version kernel-headers` &&
# There is no other option but nptl
- OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=$KVER" &&
+ OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=$KVER --with-headers=/usr/include" &&
if [ -n "$MAKES" ] && [ "$MAKES" -gt 1 ] ; then
sedit "s/# PARALLELMFLAGS = -j 4/PARALLELMFLAGS = -j $MAKES/" Makefile.in
@@ -22,20 +23,10 @@
fi &&
unset LDFLAGS &&
- patch_it $SOURCE2 1 &&
- patch_it $SOURCE3 1 &&
- patch_it $SOURCE4 1 &&
- patch_it $SOURCE5 1 &&
-
- # disable final test
- sed -i '/test-installation.pl/d' Makefile &&
-
INSTALL_ROOT=$SOURCE_DIRECTORY/glibcroot &&
mkdir -p $INSTALL_ROOT &&
cd $INSTALL_ROOT &&
- OPTS+=" --with-headers=/usr/include" &&
-
../configure --prefix=/usr \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
@@ -136,12 +127,12 @@
# Remove the temporary libc
rm /lib/{ld,lib{c,dl,m,rt,pthread,nss_files,util,nsl,crypt}}-lunar.so &&
- # Install nscd and gai related files
- install -dm755 /usr/lib/{systemd/system,tmpfiles.d} &&
- install -m644 $SOURCE_DIRECTORY/nscd/nscd.conf /etc/nscd.conf &&
- install -m644 $SOURCE_DIRECTORY/posix/gai.conf /etc/gai.conf &&
- install -m644 $SCRIPT_DIRECTORY/nscd.service /usr/lib/systemd/system &&
- install -m644 $SCRIPT_DIRECTORY/nscd.tmpfiles /usr/lib/tmpfiles.d/nscd.conf &&
+ if [ ! -e /etc/nscd.conf ]; then
+ install -m644 $SOURCE_DIRECTORY/nscd/nscd.conf /etc/nscd.conf
+ fi &&
+ if [ ! -e /etc/gai.conf ]; then
+ install -m644 $SOURCE_DIRECTORY/posix/gai.conf /etc/gai.conf
+ fi &&
# Generate locale info
if [ -z "$GLIBC_LOCALES" ]; then
--- a/libs/glibc/BUILD.x86_64
+++ b/libs/glibc/BUILD.x86_64
@@ -8,7 +8,7 @@
KVER=`installed_version kernel-headers` &&
# There is no other option but nptl
- OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=$KVER" &&
+ OPTS+=" --enable-add-ons=nptl,libidn --with-__thread --with-tls --disable-profile --enable-kernel=$KVER --with-headers=/usr/include" &&
if [ -n "$MAKES" ] && [ "$MAKES" -gt 1 ] ; then
sedit "s/# PARALLELMFLAGS = -j 4/PARALLELMFLAGS = -j $MAKES/" Makefile.in
@@ -22,23 +22,10 @@
fi &&
unset LDFLAGS &&
- # fix the compile for x86_64
- sedit "s:s_floor-c s_ceil-c s_floorf-c s_ceilf-c:s_floorf-c s_ceilf-c:g" sysdeps/x86_64/fpu/multiarch/Makefile &&
-
- patch_it $SOURCE2 1 &&
- patch_it $SOURCE3 1 &&
- patch_it $SOURCE4 1 &&
- patch_it $SOURCE5 1 &&
-
- # disable final test
- sed -i '/test-installation.pl/d' Makefile &&
-
INSTALL_ROOT=$SOURCE_DIRECTORY/glibcroot &&
mkdir -p $INSTALL_ROOT &&
cd $INSTALL_ROOT &&
- OPTS+=" --with-headers=/usr/include" &&
-
../configure --prefix=/usr \
--infodir=/usr/share/info \
--mandir=/usr/share/man \
@@ -126,12 +113,12 @@
# Remove the temporary libc
rm /lib/{ld,lib{c,dl,m,rt,pthread,nss_files,util,nsl,crypt}}-lunar.so &&
- # Install nscd and gai related files
- install -dm755 /usr/lib/{systemd/system,tmpfiles.d} &&
- install -m644 $SOURCE_DIRECTORY/nscd/nscd.conf /etc/nscd.conf &&
- install -m644 $SOURCE_DIRECTORY/posix/gai.conf /etc/gai.conf &&
- install -m644 $SCRIPT_DIRECTORY/nscd.service /usr/lib/systemd/system &&
- install -m644 $SCRIPT_DIRECTORY/nscd.tmpfiles /usr/lib/tmpfiles.d/nscd.conf &&
+ if [ ! -e /etc/nscd.conf ]; then
+ install -m644 $SOURCE_DIRECTORY/nscd/nscd.conf /etc/nscd.conf
+ fi &&
+ if [ ! -e /etc/gai.conf ]; then
+ install -m644 $SOURCE_DIRECTORY/posix/gai.conf /etc/gai.conf
+ fi &&
# Generate locale info
if [ -z "$GLIBC_LOCALES" ]; then
--- a/libs/glibc/DETAILS
+++ b/libs/glibc/DETAILS
@@ -6,6 +6,14 @@
SOURCE3=$MODULE-2.11.1-__i686.patch.bz2
SOURCE4=$MODULE-2.15-fixes-1.patch.bz2
SOURCE5=$MODULE-2.15-math64crash.patch
+ SOURCE6=glibc-2.18-readdir_r-CVE-2013-4237.patch
+ SOURCE7=glibc-2.18-malloc-corrupt-CVE-2013-4332.patch
+ SOURCE8=glibc-2.18-strcoll-CVE-2012-4412+4424.patch
+ SOURCE9=glibc-2.18-ptr-mangle-CVE-2013-4788.patch
+ SOURCE10=glibc-2.18-getaddrinfo-CVE-2013-4458.patch
+ SOURCE11=glibc-2.18-getaddrinfo-assertion.patch
+ SOURCE12=glibc-2.18-scanf-parse-0e-0.patch
+ SOURCE13=glibc-2.18-strstr-hackfix.patch
SOURCE_URL[0]=$GNU_URL/$MODULE
SOURCE_URL[1]=ftp://ftp.gnu.org/pub/gnu/$MODULE
SOURCE_URL[2]=http://www.mirrorservice.org/sites/ftp.gnu.org/gnu/glibc
@@ -14,16 +22,31 @@
SOURCE4_URL=$PATCH_URL
SOURCE5_URL=$PATCH_URL
SOURCE6_URL=$PATCH_URL
+ SOURCE7_URL=$PATCH_URL
+ SOURCE8_URL=$PATCH_URL
+ SOURCE9_URL=$PATCH_URL
+ SOURCE10_URL=$PATCH_URL
+ SOURCE11_URL=$PATCH_URL
+ SOURCE12_URL=$PATCH_URL
+ SOURCE12_URL=$PATCH_URL
SOURCE_VFY=sha1:1f0e4e7ba5fe1f45ffd0548b6c36caef0bc7e51f
SOURCE2_VFY=sha1:86c3b8d2424a27e05937b50fb545b250834b69a9
SOURCE3_VFY=sha1:e3f36e2bb17e51e31035f2cd405d099c624d0e9e
SOURCE4_VFY=sha1:7e53ec5daaf29d13ff3e9a9b2450da1f93000add
SOURCE5_VFY=sha1:cbf649a7cf3648a5c4ce93ebe4d68a61349f3036
+ SOURCE6_VFY=sha1:7ecd9abb03495a620f0e4a2d45a6046310649fde
+ SOURCE7_VFY=sha1:d3dd647f2f292c44f31311ea3cf9e39db7ba798e
+ SOURCE8_VFY=sha1:04f38fe8508e2541c9d946a9d788c60f160c1cc0
+ SOURCE9_VFY=sha1:f0117b071f5f24c2522231aa9452342bea0d0c3f
+ SOURCE10_VFY=sha1:7c02334013be3cd41f242e8d65b27996d4df5f19
+ SOURCE11_VFY=sha1:ca210fa5c7751af73899f73d4cfbc901af4f70d8
+ SOURCE12_VFY=sha1:20ae27fd59e942442ef02f0624d9c30d568a0fde
+ SOURCE13_VFY=sha1:f928cedf0fb3d2bf046975680c637d6b09ad93cf
WEB_SITE=http://www.gnu.org/software/libc
ENTERED=20010922
- UPDATED=20130813
+ UPDATED=20131116
SHORT="C library for use with GNU/Hurd and GNU/Linux"
- PSAFE=no
+PSAFE=no
cat << EOF
glibc - Library for use with GNU/Hurd and GNU/Linux.
--- a/libs/glibc/PRE_BUILD
+++ b/libs/glibc/PRE_BUILD
@@ -1,3 +1,16 @@
default_pre_build &&
-sedit 's@^#\s*warning \+_FORTIFY_SOURCE requires compiling with optimization.*$@/* Disabled by lunar as there is no better solution: \0*/@' include/features.h
+sedit 's@^#\s*warning \+_FORTIFY_SOURCE requires compiling with optimization.*$@/* Disabled by lunar as there is no better solution: \0*/@' include/features.h &&
+
+patch_it $SOURCE2 1 &&
+patch_it $SOURCE3 1 &&
+patch_it $SOURCE4 1 &&
+patch_it $SOURCE5 1 &&
+patch_it $SOURCE6 1 &&
+patch_it $SOURCE7 1 &&
+patch_it $SOURCE8 1 &&
+patch_it $SOURCE9 1 &&
+patch_it $SOURCE10 1 &&
+patch_it $SOURCE11 1 &&
+patch_it $SOURCE12 1 &&
+patch_it $SOURCE13 1
--- a/libs/glibc/nscd.service
+++ /dev/null
@@ -1,18 +0,0 @@
-# systemd service file for nscd
-
-[Unit]
-Description=Name Service Cache Daemon
-
-[Service]
-Type=simple
-ExecStart=/usr/sbin/nscd --foreground
-ExecStop=/usr/sbin/nscd --shutdown
-ExecReload=/usr/sbin/nscd -i passwd
-ExecReload=/usr/sbin/nscd -i group
-ExecReload=/usr/sbin/nscd -i hosts
-ExecReload=/usr/sbin/nscd -i services
-Restart=always
-PIDFile=/run/nscd/nscd.pid
-
-[Install]
-WantedBy=multi-user.target
--- a/libs/glibc/nscd.tmpfiles
+++ /dev/null
@@ -1,4 +0,0 @@
-# Configuration to create /run/nscd directory
-# Used as part of systemd's tmpfiles
-
-d /run/nscd 0755 root root
More information about the Lunar-commits
mailing list