Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=d1d954afd82cb854be8ad2310e6bce7e31d9557a
commit d1d954afd82cb854be8ad2310e6bce7e31d9557a Author: Miklos Vajna <vmik...@frugalware.org> Date: Thu Apr 22 15:05:25 2010 +0200 glibc-2.11.1-2locris1-i686 - add CVE-2010-0296.patch - add CVE-2010-0830.patch (cherry picked from commit 0e5a11362a18be367de41011e6be2da4a3e31f8f) Conflicts: source/base/glibc/FrugalBuild diff --git a/source/base/glibc/CVE-2010-0296.patch b/source/base/glibc/CVE-2010-0296.patch new file mode 100644 index 0000000..83d6413 --- /dev/null +++ b/source/base/glibc/CVE-2010-0296.patch @@ -0,0 +1,13 @@ + misc/mntent_r.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) +--- a/misc/mntent_r.c ++++ a/misc/mntent_r.c +@@ -194,7 +194,7 @@ weak_alias (__getmntent_r, getmntent_r) + const char *rp = name; \ + \ + while (*rp != '\0') \ +- if (*rp == ' ' || *rp == '\t' || *rp == '\\') \ ++ if (*rp == ' ' || *rp == '\t' || *rp == '\n' || *rp == '\\') \ + break; \ + else \ + ++rp; diff --git a/source/base/glibc/CVE-2010-0830.patch b/source/base/glibc/CVE-2010-0830.patch new file mode 100644 index 0000000..f690555 --- /dev/null +++ b/source/base/glibc/CVE-2010-0830.patch @@ -0,0 +1,17 @@ +Description: fix integer underflow that can trigger arbitrary code execution. +Author: Kees Cook <k...@ubuntu.com> +Bug-Ubuntu: https://launchpad.net/bugs/542197 + +Index: eglibc-2.11.1/elf/dynamic-link.h +=================================================================== +--- eglibc-2.11.1.orig/elf/dynamic-link.h 2010-03-25 15:42:22.700708465 -0700 ++++ eglibc-2.11.1/elf/dynamic-link.h 2010-03-25 15:45:26.840772712 -0700 +@@ -113,7 +113,7 @@ + + while (dyn->d_tag != DT_NULL) + { +- if (dyn->d_tag < DT_NUM) ++ if ((Elf32_Word) dyn->d_tag < DT_NUM) + info[dyn->d_tag] = dyn; + else if (dyn->d_tag >= DT_LOPROC && + dyn->d_tag < DT_LOPROC + DT_THISPROCNUM) diff --git a/source/base/glibc/FrugalBuild b/source/base/glibc/FrugalBuild index 12b815c..c50c1e6 100644 --- a/source/base/glibc/FrugalBuild +++ b/source/base/glibc/FrugalBuild @@ -4,7 +4,7 @@ pkgname=glibc pkgver=2.11.1 -pkgrel=1 +pkgrel=2locris1 pkgdesc="GNU C Library" url="http://www.gnu.org/software/libc/libc.html" depends=() @@ -16,9 +16,11 @@ groups=('base' 'chroot-core') archs=('i686' 'x86_64' 'ppc') Fup2gnubz2 source=(http://ftp.gnu.org/pub/gnu/glibc/glibc-$pkgver.tar.bz2 \ - fix-missing-etc-hosts.patch) + fix-missing-etc-hosts.patch CVE-2010-0296.patch CVE-2010-0830.patch) sha1sums=('29f492ae56fd4ef79f32b45c29c0edb6aa8a35a7' \ - 'be4a7bea8af743331e2c6704faa24b6cb4e155d5') + 'be4a7bea8af743331e2c6704faa24b6cb4e155d5' \ + 'd6503eeeb11b37b12a34f37c70e7c87944a0a093' \ + '15de57c759cc5715542664edac92a5d7b84c1ecb') build() { _______________________________________________ Frugalware-git mailing list Frugalware-git@frugalware.org http://frugalware.org/mailman/listinfo/frugalware-git