forked from rpms/glibc
2.12.90-18
This commit is contained in:
parent
8d5389e12f
commit
85da696179
@ -1,6 +1,25 @@
|
||||
--- glibc-2.12-192-g7c08a05/ChangeLog
|
||||
+++ glibc-2.12.90-17/ChangeLog
|
||||
@@ -18,6 +18,12 @@
|
||||
@@ -1,3 +1,18 @@
|
||||
+2010-10-22 Andreas Schwab <schwab@redhat.com>
|
||||
+
|
||||
+ * include/dlfcn.h (__RTLD_SECURE): Define.
|
||||
+ * elf/dl-load.c (_dl_map_object): Remove preloaded parameter. Use
|
||||
+ mode & __RTLD_SECURE instead.
|
||||
+ (open_path): Remove preloaded parameter to secure.
|
||||
+ * sysdeps/generic/ldsodefs.h (_dl_map_object): Adjust declaration.
|
||||
+ * elf/dl-open.c (dl_open_worker): Adjust call to _dl_map_object.
|
||||
+ * elf/dl-deps.c (openaux): Likewise.
|
||||
+ * elf/rtld.c (struct map_args): Remove is_preloaded.
|
||||
+ (map_doit): Don't use it.
|
||||
+ (dl_main): Likewise.
|
||||
+ (do_preload): Use __RTLD_SECURE instead of is_preloaded.
|
||||
+ (dlmopen_doit): Add __RTLD_SECURE to mode bits.
|
||||
+
|
||||
2010-10-16 Jakub Jelinek <jakub@redhat.com>
|
||||
|
||||
[BZ #3268]
|
||||
@@ -18,6 +33,12 @@
|
||||
* scripts/data/localplt-s390-linux-gnu.data: New file.
|
||||
* scripts/data/localplt-s390x-linux-gnu.data: New file.
|
||||
|
||||
@ -13,7 +32,7 @@
|
||||
2010-10-13 Jakub Jelinek <jakub@redhat.com>
|
||||
|
||||
[BZ #3268]
|
||||
@@ -123,6 +129,11 @@
|
||||
@@ -123,6 +144,11 @@
|
||||
* string/str-two-way.h (two_way_long_needle): Always clear memory
|
||||
when skipping input due to the shift table.
|
||||
|
||||
@ -25,7 +44,7 @@
|
||||
2010-10-03 Ulrich Drepper <drepper@gmail.com>
|
||||
|
||||
[BZ #12005]
|
||||
@@ -165,6 +176,34 @@
|
||||
@@ -165,6 +191,34 @@
|
||||
* sysdeps/unix/sysv/linux/internal_statvfs.c (INTERNAL_STATVFS):
|
||||
Mask out sign-bit copies when constructing f_fsid.
|
||||
|
||||
@ -60,7 +79,7 @@
|
||||
2010-09-24 Petr Baudis <pasky@suse.cz>
|
||||
|
||||
* debug/stack_chk_fail_local.c: Add missing licence exception.
|
||||
@@ -218,6 +257,13 @@
|
||||
@@ -218,6 +272,13 @@
|
||||
|
||||
* resolv/res_init.c (__res_vinit): Count the default server we added.
|
||||
|
||||
@ -74,7 +93,7 @@
|
||||
2010-09-08 Chung-Lin Tang <cltang@codesourcery.com>
|
||||
Ulrich Drepper <drepper@redhat.com>
|
||||
|
||||
@@ -956,6 +1002,32 @@
|
||||
@@ -956,6 +1017,32 @@
|
||||
call returning > 0 value.
|
||||
* sysdeps/unix/sysv/linux/getlogin.c (getlogin): Likewise.
|
||||
|
||||
@ -107,7 +126,7 @@
|
||||
2010-06-07 Andreas Schwab <schwab@redhat.com>
|
||||
|
||||
* dlfcn/Makefile: Remove explicit dependencies on libc.so and
|
||||
@@ -1008,6 +1080,24 @@
|
||||
@@ -1008,6 +1095,24 @@
|
||||
* hurd/hurd/fd.h (__file_name_lookup_at): Update comment.
|
||||
* sysdeps/mach/hurd/linkat.c (linkat): Pass O_NOLINK in FLAGS.
|
||||
|
||||
@ -519,6 +538,15 @@
|
||||
Note: l_idx != IDX_STILL_USED -> object will be removed. */
|
||||
--- glibc-2.12-192-g7c08a05/elf/dl-deps.c
|
||||
+++ glibc-2.12.90-17/elf/dl-deps.c
|
||||
@@ -62,7 +62,7 @@ openaux (void *a)
|
||||
{
|
||||
struct openaux_args *args = (struct openaux_args *) a;
|
||||
|
||||
- args->aux = _dl_map_object (args->map, args->name, 0,
|
||||
+ args->aux = _dl_map_object (args->map, args->name,
|
||||
(args->map->l_type == lt_executable
|
||||
? lt_library : args->map->l_type),
|
||||
args->trace_mode, args->open_mode,
|
||||
@@ -478,6 +478,7 @@ _dl_map_object_deps (struct link_map *map,
|
||||
nneeded * sizeof needed[0]);
|
||||
atomic_write_barrier ();
|
||||
@ -657,6 +685,96 @@
|
||||
repl = DL_DST_LIB;
|
||||
|
||||
if (repl != NULL && repl != (const char *) -1)
|
||||
@@ -1812,7 +1808,7 @@ open_verify (const char *name, struct filebuf *fbp, struct link_map *loader,
|
||||
if MAY_FREE_DIRS is true. */
|
||||
|
||||
static int
|
||||
-open_path (const char *name, size_t namelen, int preloaded,
|
||||
+open_path (const char *name, size_t namelen, int secure,
|
||||
struct r_search_path_struct *sps, char **realname,
|
||||
struct filebuf *fbp, struct link_map *loader, int whatcode,
|
||||
bool *found_other_class)
|
||||
@@ -1894,7 +1890,7 @@ open_path (const char *name, size_t namelen, int preloaded,
|
||||
/* Remember whether we found any existing directory. */
|
||||
here_any |= this_dir->status[cnt] != nonexisting;
|
||||
|
||||
- if (fd != -1 && __builtin_expect (preloaded, 0)
|
||||
+ if (fd != -1 && __builtin_expect (secure, 0)
|
||||
&& INTUSE(__libc_enable_secure))
|
||||
{
|
||||
/* This is an extra security effort to make sure nobody can
|
||||
@@ -1963,7 +1959,7 @@ open_path (const char *name, size_t namelen, int preloaded,
|
||||
|
||||
struct link_map *
|
||||
internal_function
|
||||
-_dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||||
+_dl_map_object (struct link_map *loader, const char *name,
|
||||
int type, int trace_mode, int mode, Lmid_t nsid)
|
||||
{
|
||||
int fd;
|
||||
@@ -2067,7 +2063,8 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||||
for (l = loader; l; l = l->l_loader)
|
||||
if (cache_rpath (l, &l->l_rpath_dirs, DT_RPATH, "RPATH"))
|
||||
{
|
||||
- fd = open_path (name, namelen, preloaded, &l->l_rpath_dirs,
|
||||
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
|
||||
+ &l->l_rpath_dirs,
|
||||
&realname, &fb, loader, LA_SER_RUNPATH,
|
||||
&found_other_class);
|
||||
if (fd != -1)
|
||||
@@ -2082,14 +2079,15 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||||
&& main_map != NULL && main_map->l_type != lt_loaded
|
||||
&& cache_rpath (main_map, &main_map->l_rpath_dirs, DT_RPATH,
|
||||
"RPATH"))
|
||||
- fd = open_path (name, namelen, preloaded, &main_map->l_rpath_dirs,
|
||||
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
|
||||
+ &main_map->l_rpath_dirs,
|
||||
&realname, &fb, loader ?: main_map, LA_SER_RUNPATH,
|
||||
&found_other_class);
|
||||
}
|
||||
|
||||
/* Try the LD_LIBRARY_PATH environment variable. */
|
||||
if (fd == -1 && env_path_list.dirs != (void *) -1)
|
||||
- fd = open_path (name, namelen, preloaded, &env_path_list,
|
||||
+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &env_path_list,
|
||||
&realname, &fb,
|
||||
loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
|
||||
LA_SER_LIBPATH, &found_other_class);
|
||||
@@ -2098,12 +2096,12 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||||
if (fd == -1 && loader != NULL
|
||||
&& cache_rpath (loader, &loader->l_runpath_dirs,
|
||||
DT_RUNPATH, "RUNPATH"))
|
||||
- fd = open_path (name, namelen, preloaded,
|
||||
+ fd = open_path (name, namelen, mode & __RTLD_SECURE,
|
||||
&loader->l_runpath_dirs, &realname, &fb, loader,
|
||||
LA_SER_RUNPATH, &found_other_class);
|
||||
|
||||
if (fd == -1
|
||||
- && (__builtin_expect (! preloaded, 1)
|
||||
+ && (__builtin_expect (! (mode & __RTLD_SECURE), 1)
|
||||
|| ! INTUSE(__libc_enable_secure)))
|
||||
{
|
||||
/* Check the list of libraries in the file /etc/ld.so.cache,
|
||||
@@ -2169,7 +2167,7 @@ _dl_map_object (struct link_map *loader, const char *name, int preloaded,
|
||||
&& ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
|
||||
|| __builtin_expect (!(l->l_flags_1 & DF_1_NODEFLIB), 1))
|
||||
&& rtld_search_dirs.dirs != (void *) -1)
|
||||
- fd = open_path (name, namelen, preloaded, &rtld_search_dirs,
|
||||
+ fd = open_path (name, namelen, mode & __RTLD_SECURE, &rtld_search_dirs,
|
||||
&realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
|
||||
|
||||
/* Add another newline when we are tracing the library loading. */
|
||||
--- glibc-2.12-192-g7c08a05/elf/dl-open.c
|
||||
+++ glibc-2.12.90-17/elf/dl-open.c
|
||||
@@ -252,7 +252,7 @@ dl_open_worker (void *a)
|
||||
|
||||
/* Load the named object. */
|
||||
struct link_map *new;
|
||||
- args->map = new = _dl_map_object (call_map, file, 0, lt_loaded, 0,
|
||||
+ args->map = new = _dl_map_object (call_map, file, lt_loaded, 0,
|
||||
mode | __RTLD_CALLMAP, args->nsid);
|
||||
|
||||
/* If the pointer returned is NULL this means the RTLD_NOLOAD flag is
|
||||
--- glibc-2.12-192-g7c08a05/elf/dl-support.c
|
||||
+++ glibc-2.12.90-17/elf/dl-support.c
|
||||
@@ -80,10 +80,8 @@ unsigned long long _dl_load_adds;
|
||||
@ -796,7 +914,47 @@
|
||||
|
||||
/* This is the structure which defines all variables global to ld.so
|
||||
(except those which cannot be added for some reason). */
|
||||
@@ -922,10 +920,8 @@ dl_main (const ElfW(Phdr) *phdr,
|
||||
@@ -589,7 +587,6 @@ struct map_args
|
||||
/* Argument to map_doit. */
|
||||
char *str;
|
||||
struct link_map *loader;
|
||||
- int is_preloaded;
|
||||
int mode;
|
||||
/* Return value of map_doit. */
|
||||
struct link_map *map;
|
||||
@@ -627,16 +624,17 @@ static void
|
||||
map_doit (void *a)
|
||||
{
|
||||
struct map_args *args = (struct map_args *) a;
|
||||
- args->map = _dl_map_object (args->loader, args->str,
|
||||
- args->is_preloaded, lt_library, 0, args->mode,
|
||||
- LM_ID_BASE);
|
||||
+ args->map = _dl_map_object (args->loader, args->str, lt_library, 0,
|
||||
+ args->mode, LM_ID_BASE);
|
||||
}
|
||||
|
||||
static void
|
||||
dlmopen_doit (void *a)
|
||||
{
|
||||
struct dlmopen_args *args = (struct dlmopen_args *) a;
|
||||
- args->map = _dl_open (args->fname, RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT,
|
||||
+ args->map = _dl_open (args->fname,
|
||||
+ (RTLD_LAZY | __RTLD_DLOPEN | __RTLD_AUDIT
|
||||
+ | __RTLD_SECURE),
|
||||
dl_main, LM_ID_NEWLM, _dl_argc, INTUSE(_dl_argv),
|
||||
__environ);
|
||||
}
|
||||
@@ -806,8 +804,7 @@ do_preload (char *fname, struct link_map *main_map, const char *where)
|
||||
|
||||
args.str = fname;
|
||||
args.loader = main_map;
|
||||
- args.is_preloaded = 1;
|
||||
- args.mode = 0;
|
||||
+ args.mode = __RTLD_SECURE;
|
||||
|
||||
unsigned int old_nloaded = GL(dl_ns)[LM_ID_BASE]._ns_nloaded;
|
||||
|
||||
@@ -922,10 +919,8 @@ dl_main (const ElfW(Phdr) *phdr,
|
||||
/* Process the environment variable which control the behaviour. */
|
||||
process_envvars (&mode);
|
||||
|
||||
@ -807,7 +965,24 @@
|
||||
|
||||
if (*user_entry == (ElfW(Addr)) ENTRY_POINT)
|
||||
{
|
||||
@@ -2172,6 +2168,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
@@ -1054,7 +1049,6 @@ of this helper program; chances are you did not intend to run this program.\n\
|
||||
|
||||
args.str = rtld_progname;
|
||||
args.loader = NULL;
|
||||
- args.is_preloaded = 0;
|
||||
args.mode = __RTLD_OPENEXEC;
|
||||
(void) _dl_catch_error (&objname, &err_str, &malloced, map_doit,
|
||||
&args);
|
||||
@@ -1066,7 +1060,7 @@ of this helper program; chances are you did not intend to run this program.\n\
|
||||
else
|
||||
{
|
||||
HP_TIMING_NOW (start);
|
||||
- _dl_map_object (NULL, rtld_progname, 0, lt_library, 0,
|
||||
+ _dl_map_object (NULL, rtld_progname, lt_library, 0,
|
||||
__RTLD_OPENEXEC, LM_ID_BASE);
|
||||
HP_TIMING_NOW (stop);
|
||||
|
||||
@@ -2172,6 +2166,10 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
we need it in the memory handling later. */
|
||||
GLRO(dl_initial_searchlist) = *GL(dl_ns)[LM_ID_BASE]._ns_main_searchlist;
|
||||
|
||||
@ -818,7 +993,7 @@
|
||||
if (prelinked)
|
||||
{
|
||||
if (main_map->l_info [ADDRIDX (DT_GNU_CONFLICT)] != NULL)
|
||||
@@ -2244,6 +2244,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
@@ -2244,6 +2242,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
lnp->dont_free = 1;
|
||||
lnp = lnp->next;
|
||||
}
|
||||
@ -826,7 +1001,7 @@
|
||||
|
||||
if (l != &GL(dl_rtld_map))
|
||||
_dl_relocate_object (l, l->l_scope, GLRO(dl_lazy) ? RTLD_LAZY : 0,
|
||||
@@ -2291,10 +2292,6 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
@@ -2291,10 +2290,6 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
|
||||
lossage);
|
||||
}
|
||||
|
||||
@ -961,6 +1136,16 @@
|
||||
+++ glibc-2.12.90-17/include/bits/wchar-ldbl.h
|
||||
@@ -0,0 +1 @@
|
||||
+#include <wcsmbs/bits/wchar-ldbl.h>
|
||||
--- glibc-2.12-192-g7c08a05/include/dlfcn.h
|
||||
+++ glibc-2.12.90-17/include/dlfcn.h
|
||||
@@ -9,6 +9,7 @@
|
||||
#define __RTLD_OPENEXEC 0x20000000
|
||||
#define __RTLD_CALLMAP 0x10000000
|
||||
#define __RTLD_AUDIT 0x08000000
|
||||
+#define __RTLD_SECURE 0x04000000 /* Apply additional security checks. */
|
||||
|
||||
#define __LM_ID_CALLER -2
|
||||
|
||||
--- glibc-2.12-192-g7c08a05/include/features.h
|
||||
+++ glibc-2.12.90-17/include/features.h
|
||||
@@ -308,8 +308,13 @@
|
||||
@ -2164,6 +2349,22 @@
|
||||
#define CACHEMAGIC "ld.so-1.7.0"
|
||||
|
||||
/* libc5 and glibc 2.0/2.1 use the same format. For glibc 2.2 another
|
||||
--- glibc-2.12-192-g7c08a05/sysdeps/generic/ldsodefs.h
|
||||
+++ glibc-2.12.90-17/sysdeps/generic/ldsodefs.h
|
||||
@@ -824,11 +824,9 @@ extern void _dl_receive_error (receiver_fct fct, void (*operate) (void *),
|
||||
|
||||
/* Open the shared object NAME and map in its segments.
|
||||
LOADER's DT_RPATH is used in searching for NAME.
|
||||
- If the object is already opened, returns its existing map.
|
||||
- For preloaded shared objects PRELOADED is set to a non-zero
|
||||
- value to allow additional security checks. */
|
||||
+ If the object is already opened, returns its existing map. */
|
||||
extern struct link_map *_dl_map_object (struct link_map *loader,
|
||||
- const char *name, int preloaded,
|
||||
+ const char *name,
|
||||
int type, int trace_mode, int mode,
|
||||
Lmid_t nsid)
|
||||
internal_function attribute_hidden;
|
||||
--- glibc-2.12-192-g7c08a05/sysdeps/i386/Makefile
|
||||
+++ glibc-2.12.90-17/sysdeps/i386/Makefile
|
||||
@@ -2,6 +2,8 @@
|
||||
|
@ -24,7 +24,7 @@
|
||||
Summary: The GNU libc libraries
|
||||
Name: glibc
|
||||
Version: %{glibcversion}
|
||||
Release: 17
|
||||
Release: 18
|
||||
# GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries.
|
||||
# Things that are linked directly into dynamically linked programs
|
||||
# and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional
|
||||
@ -1024,6 +1024,9 @@ rm -f *.filelist*
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Oct 22 2010 Andreas Schwab <schwab@redhat.com> - 2.12.90-18
|
||||
- Require suid bit on audit objects in privileged programs (CVE-2010-3856)
|
||||
|
||||
* Tue Oct 19 2010 Andreas Schwab <schwab@redhat.com> - 2.12.90-17
|
||||
- Update from master
|
||||
- Fix some fma issues, implement fmal (BZ#3268, #43358)
|
||||
|
2
sources
2
sources
@ -1,3 +1,3 @@
|
||||
171419240b84038ad702f3fdbe366e05 glibc-2.12-192-g7c08a05-fedora.tar.xz
|
||||
2b95e57b363f70e6b741cd90796e3dcf glibc-2.12-192-g7c08a05-fedora.tar.xz
|
||||
9017b142271e99972afd7ec99f615a91 glibc-2.12-192-g7c08a05.tar.xz
|
||||
43ebb24d464d4d21e657daf0465d19d7 glibc-ports-2.12-37-g16d6bc0.tar.xz
|
||||
|
Loading…
Reference in New Issue
Block a user