From bf6952b9c946b873a74982c57feeb69b08760bcb Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Fri, 5 Jan 2018 14:23:04 +0100
Subject: [PATCH] Drop glibc-fedora-elf-ORIGIN.patch

Fixed upstream in a different way (our patch was buggy, see CVE-2017-16997).
---
 glibc-fedora-elf-ORIGIN.patch | 101 ----------------------------------
 glibc.spec                    |   2 -
 2 files changed, 103 deletions(-)
 delete mode 100644 glibc-fedora-elf-ORIGIN.patch

diff --git a/glibc-fedora-elf-ORIGIN.patch b/glibc-fedora-elf-ORIGIN.patch
deleted file mode 100644
index 0f20ca8..0000000
--- a/glibc-fedora-elf-ORIGIN.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f Mon Sep 17 00:00:00 2001
-From: Andreas Schwab <schwab@redhat.com>
-Date: Mon, 9 May 2011 10:55:58 +0200
-Subject: [PATCH] Never leave $ORIGIN unexpanded
-
-* elf/dl-load.c (is_dst): Remove parameter secure, all callers
-changed.  Move check for valid use of $ORIGIN ...
-(_dl_dst_substitute): ... here.  Reset check_for_trusted when a
-path element is skipped.
-
----
- ChangeLog     |    7 +++++++
- elf/dl-load.c |   34 ++++++++++++++++------------------
- 2 files changed, 23 insertions(+), 18 deletions(-)
-
-diff --git a/elf/dl-load.c b/elf/dl-load.c
-index 18a83d2..6e16a9a 100644
---- a/elf/dl-load.c
-+++ b/elf/dl-load.c
-@@ -249,8 +249,7 @@ is_trusted_path_normalize (const char *path, size_t len)
- 
- 
- static size_t
--is_dst (const char *start, const char *name, const char *str,
--	int is_path, int secure)
-+is_dst (const char *start, const char *name, const char *str, int is_path)
- {
-   size_t len;
-   bool is_curly = false;
-@@ -279,12 +278,6 @@ is_dst (const char *start, const char *name, const char *str,
- 	   && (!is_path || name[len] != ':'))
-     return 0;
- 
--  if (__glibc_unlikely (secure)
--      && ((name[len] != '\0' && name[len] != '/'
--	   && (!is_path || name[len] != ':'))
--	  || (name != start + 1 && (!is_path || name[-2] != ':'))))
--    return 0;
--
-   return len;
- }
- 
-@@ -299,13 +292,10 @@ _dl_dst_count (const char *name, int is_path)
-     {
-       size_t len;
- 
--      /* $ORIGIN is not expanded for SUID/GUID programs (except if it
--	 is $ORIGIN alone) and it must always appear first in path.  */
-       ++name;
--      if ((len = is_dst (start, name, "ORIGIN", is_path,
--			 __libc_enable_secure)) != 0
--	  || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0
--	  || (len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+      if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0
-+	  || (len = is_dst (start, name, "PLATFORM", is_path)) != 0
-+	  || (len = is_dst (start, name, "LIB", is_path)) != 0)
- 	++cnt;
- 
-       name = strchr (name + len, '$');
-@@ -338,10 +328,18 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- 	  size_t len;
- 
- 	  ++name;
--	  if ((len = is_dst (start, name, "ORIGIN", is_path,
--			     __libc_enable_secure)) != 0)
-+	  if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0)
- 	    {
--	      repl = l->l_origin;
-+	      /* For SUID/GUID programs $ORIGIN must always appear
-+		 first in a path element.  */
-+	      if (__glibc_unlikely (__libc_enable_secure)
-+		  && ((name[len] != '\0' && name[len] != '/'
-+		       && (!is_path || name[len] != ':'))
-+		      || (name != start + 1 && (!is_path || name[-2] != ':'))))
-+		repl = (const char *) -1;
-+	      else
-+		repl = l->l_origin;
-+
- 	      check_for_trusted = (__libc_enable_secure
- 				   && l->l_type == lt_executable);
- 	    }
-@@ -351,9 +348,9 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- 	      check_for_trusted = (__libc_enable_secure
- 				   && l->l_type == lt_executable);
- 	    }
--	  else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0)
-+	  else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0)
- 	    repl = GLRO(dl_platform);
--	  else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0)
-+	  else if ((len = is_dst (start, name, "LIB", is_path)) != 0)
- 	    repl = DL_DST_LIB;
- 
- 	  if (repl != NULL && repl != (const char *) -1)
-@@ -373,6 +370,7 @@ _dl_dst_substitute (struct link_map *l, const char *name, char *result,
- 		 element, but keep an empty element at the end.  */
- 	      if (wp == result && is_path && *name == ':' && name[1] != '\0')
- 		++name;
-+	      check_for_trusted = false;
- 	    }
- 	  else
- 	    /* No DST we recognize.  */
diff --git a/glibc.spec b/glibc.spec
index d648aac..fa48deb 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -170,7 +170,6 @@ Patch0024: glibc-fedora-locarchive.patch
 Patch0025: glibc-fedora-streams-rh436349.patch
 Patch0028: glibc-fedora-localedata-rh61908.patch
 Patch0031: glibc-fedora-__libc_multiple_libcs.patch
-Patch0033: glibc-fedora-elf-ORIGIN.patch
 
 # Allow applications to call pthread_atfork without libpthread.so.
 Patch0046: glibc-rh1013801.patch
@@ -726,7 +725,6 @@ microbenchmark tests on the system.
 %patch2027 -p1
 %patch0028 -p1
 %patch0031 -p1
-%patch0033 -p1
 %patch0046 -p1
 %patch2031 -p1
 %patch0047 -p1