Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=fa52640db95c0cc524aeae23e053b71fc77600ee
commit fa52640db95c0cc524aeae23e053b71fc77600ee Author: crazy <[email protected]> Date: Wed Jun 21 22:03:04 2017 +0200 glibc-2.25-6-x86_64 * added fix for CVE-2017-1000366 diff --git a/source/base/glibc/CVE-2017-1000366.patch b/source/base/glibc/CVE-2017-1000366.patch new file mode 100644 index 0000000..29bd713 --- /dev/null +++ b/source/base/glibc/CVE-2017-1000366.patch @@ -0,0 +1,28 @@ +From: Florian Weimer <[email protected]> +Date: Mon, 19 Jun 2017 15:09:55 +0000 (+0200) +Subject: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] +X-Git-Url: http://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d;hp=b08a6a0dea63742313ed3d9577c1e2d83436b196 + +CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=1 programs. +--- + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) + + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) == 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) == 0) + { + library_path = &envline[13]; + break; diff --git a/source/base/glibc/FrugalBuild b/source/base/glibc/FrugalBuild index d95cc74..85b635e 100644 --- a/source/base/glibc/FrugalBuild +++ b/source/base/glibc/FrugalBuild @@ -8,7 +8,7 @@ pkgname=glibc pkgver=2.25 -pkgrel=5 +pkgrel=6 pkgdesc="GNU C Library" url="http://www.gnu.org/software/libc/libc.html"; depends=() @@ -22,13 +22,15 @@ _dlurl="http://ftp.gnu.org/pub/gnu/glibc"; source=($_dlurl/glibc-$pkgver.tar.xz \ 0001-Revert-Allow-IFUNC-relocation-against-unrelocated-sh.patch \ 0002-Revert-Check-IFUNC-definition-in-unrelocated-shared-.patch \ - 0003-Revert-Clean-up-NPTL-longjmp-to-be-compat-only.patch) + 0003-Revert-Clean-up-NPTL-longjmp-to-be-compat-only.patch \ + CVE-2017-1000366.patch) ## see https://sourceware.org/bugzilla/show_bug.cgi?id=21041 for the 3 reverts ## there is 1 more canditate but I'll wait upstream to see how they fix.. sha1sums=('5fff5a94ef4470bf48fe1b79093185f19f5c827a' \ 'ff24a7227b5402133eed1e3c6e4104352d2d5afd' \ '4995b808bba5cf50059ba3d46772b392033c9bbd' \ - '7fa7be35da7635bd7abc9e43a82c69dbcf55c80f') + '7fa7be35da7635bd7abc9e43a82c69dbcf55c80f' \ + 'f05eba204ac75d8309f98fa1fd95b6de27787528') options+=('scriptlet' 'noccache' 'static' 'nostrip') _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
