diff --git a/glibc-rh921760.patch b/glibc-rh921760.patch new file mode 100644 index 0000000..d7bb572 --- /dev/null +++ b/glibc-rh921760.patch @@ -0,0 +1,55 @@ +commit 7a86be6e5f18ba99b25d75c555ce56fe1fcea325 +Author: Siddhesh Poyarekar +Date: Thu Mar 28 11:45:47 2013 +0530 + + Don't add input group during initgroups_dyn in hesiod + + Fixes BZ #15304. + + The *initgroups_dyn functions are called with a group argument. This + group gid is usually skipped while populating the grouplist since the + caller adds that group id in advance. + + The hesiod initgroups_dyn implementation however adds the group gid to + the list if it does not already exist. While it works fine for the + usual initgroups, it breaks nscd since it calls initgroups_dyn with -1 + as the gid (to have all groups included). + +diff --git a/hesiod/nss_hesiod/hesiod-grp.c b/hesiod/nss_hesiod/hesiod-grp.c +index c2ae166..b11952f 100644 +--- a/hesiod/nss_hesiod/hesiod-grp.c ++++ b/hesiod/nss_hesiod/hesiod-grp.c +@@ -191,33 +191,6 @@ _nss_hesiod_initgroups_dyn (const char *user, gid_t group, long int *start, + return errno == ENOENT ? NSS_STATUS_NOTFOUND : NSS_STATUS_UNAVAIL; + } + +- if (!internal_gid_in_list (groups, group, *start)) +- { +- if (__builtin_expect (*start == *size, 0)) +- { +- /* Need a bigger buffer. */ +- gid_t *newgroups; +- long int newsize; +- +- if (limit > 0 && *size == limit) +- /* We reached the maximum. */ +- goto done; +- +- if (limit <= 0) +- newsize = 2 * *size; +- else +- newsize = MIN (limit, 2 * *size); +- +- newgroups = realloc (groups, newsize * sizeof (*groups)); +- if (newgroups == NULL) +- goto done; +- *groupsp = groups = newgroups; +- *size = newsize; +- } +- +- groups[(*start)++] = group; +- } +- + save_errno = errno; + + p = *list; diff --git a/glibc.spec b/glibc.spec index 00cc1e9..b40d6c4 100644 --- a/glibc.spec +++ b/glibc.spec @@ -27,7 +27,7 @@ Summary: The GNU libc libraries Name: glibc Version: %{glibcversion} -Release: 4%{?dist} +Release: 5%{?dist} # GPLv2+ is used in a bunch of programs, LGPLv2+ is used for libraries. # Things that are linked directly into dynamically linked programs # and shared libraries (e.g. crt files, lib*_nonshared.a) have an additional @@ -115,6 +115,8 @@ Patch0035: %{name}-rh911307.patch # Upstream BZ 15078 Patch2029: %{name}-rh905877.patch +Patch1030: %{name}-rh921760.patch + # # Patches submitted, but not yet approved upstream. # Each should be associated with a BZ. @@ -405,6 +407,7 @@ package or when debugging this package. %patch2028 -p1 %patch0035 -p1 %patch2029 -p1 +%patch1030 -p1 # On powerpc32, hp timing is only available in power4/power6 # libs, not in base, so pre-power4 dynamic linker is incompatible @@ -1204,6 +1207,9 @@ rm -f *.filelist* %endif %changelog +* Thu Mar 28 2013 Siddhesh Poyarekar - 2.17-5 + - Don't add input group during initgroups_dyn in hesiod (#921760). + * Sun Mar 17 2013 Carlos O'Donell - 2.17-4 - Fixed i386 glibc builds (#917161). - Fixed multibyte character processing crash in regexp (#905877, CVE-2013-0242)