This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via fe61c90bae82c12508f142bff209db4ba87f0d0d (commit) via 038b134d7230163d65f6461c3d211378c747af97 (commit) via b0f38bbb44958bb1581812dc201ed04daf29c101 (commit) via 0771353a948e22a0269a7b1351e4544090a30c95 (commit) via 8e66c6717df2afb90eb4a890a1e9cbe673344977 (commit) via 01841414e4fde4542a1fb7083b39bc115b452b50 (commit) via ed91fe311d3d726fc2387bf446a30716129396df (commit) via b98d319ebafa3987cbe0533ee5333ed30c24942b (commit) from 918f28d16180a7107247ab47104f6632c1e2830d (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit fe61c90bae82c12508f142bff209db4ba87f0d0d Merge: b0f38bb 038b134 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 4 13:17:37 2011 +0100
Merge remote-tracking branch 'arne_f/htop'
commit 038b134d7230163d65f6461c3d211378c747af97 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Sun Dec 4 11:05:52 2011 +0100
htop: Updated to 1.0.
Fixes #293
commit b0f38bbb44958bb1581812dc201ed04daf29c101 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 4 01:53:36 2011 +0100
glibc: Drop timezone data and use tzdata package instead.
commit 0771353a948e22a0269a7b1351e4544090a30c95 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 4 01:53:19 2011 +0100
glibc: Remove obsolete patch.
commit 8e66c6717df2afb90eb4a890a1e9cbe673344977 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 4 01:53:04 2011 +0100
tzdata: New package.
commit 01841414e4fde4542a1fb7083b39bc115b452b50 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Dec 4 01:00:23 2011 +0100
gmp: Add sse2 optimized version of library.
commit ed91fe311d3d726fc2387bf446a30716129396df Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Dec 3 19:53:13 2011 +0100
gmp: Fix setting ABI variable (+ arm).
commit b98d319ebafa3987cbe0533ee5333ed30c24942b Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Dec 3 11:53:46 2011 +0100
ncurses: Require same version for -libs and -base.
-----------------------------------------------------------------------
Summary of changes: glibc/glibc.nm | 7 +- glibc/patches/glibc-2.10.1-sanitize_env.patch.off | 1062 --------------------- gmp/gmp.nm | 113 ++- htop/htop.nm | 4 +- ncurses/ncurses.nm | 4 +- tzdata/tzdata.nm | 56 ++ 6 files changed, 160 insertions(+), 1086 deletions(-) delete mode 100644 glibc/patches/glibc-2.10.1-sanitize_env.patch.off create mode 100644 tzdata/tzdata.nm
Difference in files: diff --git a/glibc/glibc.nm b/glibc/glibc.nm index 3fdba7b..26a6d3b 100644 --- a/glibc/glibc.nm +++ b/glibc/glibc.nm @@ -3,11 +3,9 @@ # Copyright (C) - IPFire Development Team info@ipfire.org # ###############################################################################
-# TODO tzdata - name = glibc version = 2.14 -release = 3 +release = 4
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Base @@ -193,6 +191,7 @@ build # Timezone cp -v --remove-destination %{BUILDROOT}/usr/share/zoneinfo/GMT \ %{BUILDROOT}/etc/localtime + rm -rf %{BUILDROOT}/usr/share/zoneinfo
# Configuration cp -vf %{DIR_SOURCE}/{ld.so.conf,nsswitch.conf} %{BUILDROOT}/etc @@ -230,6 +229,8 @@ packages package glibc-common # XXX description and summary are missing
+ requires = tzdata + files /usr/bin /usr/sbin diff --git a/glibc/patches/glibc-2.10.1-sanitize_env.patch.off b/glibc/patches/glibc-2.10.1-sanitize_env.patch.off deleted file mode 100644 index 5d0e942..0000000 --- a/glibc/patches/glibc-2.10.1-sanitize_env.patch.off +++ /dev/null @@ -1,1062 +0,0 @@ -From: http://sisyphus.ru/srpm/Sisyphus/glibc/patches/10 - -I added MUDFLAP_OPTIONS to sysdeps/generic/unsecvars.h. - -diff -Naur glibc-2.8-20080929.orig/argp/argp-help.c glibc-2.8-20080929/argp/argp-help.c ---- glibc-2.8-20080929.orig/argp/argp-help.c 2007-03-15 20:08:18.000000000 +0000 -+++ glibc-2.8-20080929/argp/argp-help.c 2008-10-15 00:30:49.000000000 +0000 -@@ -165,7 +165,7 @@ - static void - fill_in_uparams (const struct argp_state *state) - { -- const char *var = getenv ("ARGP_HELP_FMT"); -+ const char *var = __secure_getenv ("ARGP_HELP_FMT"); - - #define SKIPWS(p) do { while (isspace (*p)) p++; } while (0); - -diff -Naur glibc-2.8-20080929.orig/catgets/catgets.c glibc-2.8-20080929/catgets/catgets.c ---- glibc-2.8-20080929.orig/catgets/catgets.c 2002-05-15 03:46:42.000000000 +0000 -+++ glibc-2.8-20080929/catgets/catgets.c 2008-10-15 00:30:49.000000000 +0000 -@@ -50,7 +50,7 @@ - || (__libc_enable_secure && strchr (env_var, '/') != NULL)) - env_var = "C"; - -- nlspath = getenv ("NLSPATH"); -+ nlspath = __secure_getenv ("NLSPATH"); - if (nlspath != NULL && *nlspath != '\0') - { - /* Append the system dependent directory. */ -diff -Naur glibc-2.8-20080929.orig/debug/pcprofile.c glibc-2.8-20080929/debug/pcprofile.c ---- glibc-2.8-20080929.orig/debug/pcprofile.c 2001-07-06 04:54:45.000000000 +0000 -+++ glibc-2.8-20080929/debug/pcprofile.c 2008-10-15 00:30:49.000000000 +0000 -@@ -38,7 +38,7 @@ - { - /* See whether the environment variable `PCPROFILE_OUTPUT' is defined. - If yes, it should name a FIFO. We open it and mark ourself as active. */ -- const char *outfile = getenv ("PCPROFILE_OUTPUT"); -+ const char *outfile = __secure_getenv ("PCPROFILE_OUTPUT"); - - if (outfile != NULL && *outfile != '\0') - { -diff -Naur glibc-2.8-20080929.orig/debug/segfault.c glibc-2.8-20080929/debug/segfault.c ---- glibc-2.8-20080929.orig/debug/segfault.c 2007-08-22 06:52:12.000000000 +0000 -+++ glibc-2.8-20080929/debug/segfault.c 2008-10-15 00:30:49.000000000 +0000 -@@ -149,7 +149,7 @@ - install_handler (void) - { - struct sigaction sa; -- const char *sigs = getenv ("SEGFAULT_SIGNALS"); -+ const char *sigs = __secure_getenv ("SEGFAULT_SIGNALS"); - const char *name; - - sa.sa_handler = (void *) catch_segfault; -@@ -157,7 +157,7 @@ - sa.sa_flags = SA_RESTART; - - /* Maybe we are expected to use an alternative stack. */ -- if (getenv ("SEGFAULT_USE_ALTSTACK") != 0) -+ if (__secure_getenv ("SEGFAULT_USE_ALTSTACK") != 0) - { - void *stack_mem = malloc (2 * SIGSTKSZ); - struct sigaltstack ss; -@@ -203,7 +203,7 @@ - } - - /* Preserve the output file name if there is any given. */ -- name = getenv ("SEGFAULT_OUTPUT_NAME"); -+ name = __secure_getenv ("SEGFAULT_OUTPUT_NAME"); - if (name != NULL && name[0] != '\0') - { - int ret = access (name, R_OK | W_OK); -diff -Naur glibc-2.8-20080929.orig/elf/Versions glibc-2.8-20080929/elf/Versions ---- glibc-2.8-20080929.orig/elf/Versions 2008-03-08 05:42:26.000000000 +0000 -+++ glibc-2.8-20080929/elf/Versions 2008-10-15 00:30:49.000000000 +0000 -@@ -60,6 +60,8 @@ - _dl_make_stack_executable; - # Only here for gdb while a better method is developed. - _dl_debug_state; -+ # For sanitizing environment. -+ __libc_security_mask; - # Pointer protection. - __pointer_chk_guard; - } -diff -Naur glibc-2.8-20080929.orig/elf/dl-support.c glibc-2.8-20080929/elf/dl-support.c ---- glibc-2.8-20080929.orig/elf/dl-support.c 2007-06-20 03:18:16.000000000 +0000 -+++ glibc-2.8-20080929/elf/dl-support.c 2008-10-15 00:30:49.000000000 +0000 -@@ -163,6 +163,7 @@ - internal_function - _dl_aux_init (ElfW(auxv_t) *av) - { -+ int security_mask = 0; - int seen = 0; - uid_t uid = 0; - gid_t gid = 0; -@@ -196,25 +197,27 @@ - break; - #endif - case AT_UID: -+ if (seen & 1) break; - uid ^= av->a_un.a_val; - seen |= 1; - break; - case AT_EUID: -+ if (seen & 2) break; - uid ^= av->a_un.a_val; - seen |= 2; - break; - case AT_GID: -+ if (seen & 4) break; - gid ^= av->a_un.a_val; - seen |= 4; - break; - case AT_EGID: -+ if (seen & 8) break; - gid ^= av->a_un.a_val; - seen |= 8; - break; - case AT_SECURE: -- seen = -1; -- __libc_enable_secure = av->a_un.a_val; -- __libc_enable_secure_decided = 1; -+ security_mask |= av->a_un.a_val != 0; - break; - # ifdef DL_PLATFORM_AUXV - DL_PLATFORM_AUXV -@@ -222,7 +225,9 @@ - } - if (seen == 0xf) - { -- __libc_enable_secure = uid != 0 || gid != 0; -+ security_mask |= ((uid != 0) << 1) | ((gid != 0) << 2); -+ __libc_security_mask = security_mask; -+ __libc_enable_secure = __libc_security_mask != 0; - __libc_enable_secure_decided = 1; - } - } -@@ -239,19 +244,19 @@ - if (!_dl_pagesize) - _dl_pagesize = __getpagesize (); - -- _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1; -+ _dl_verbose = *(__secure_getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1; - - /* Initialize the data structures for the search paths for shared - objects. */ -- _dl_init_paths (getenv ("LD_LIBRARY_PATH")); -+ _dl_init_paths (__secure_getenv ("LD_LIBRARY_PATH")); - -- _dl_lazy = *(getenv ("LD_BIND_NOW") ?: "") == '\0'; -+ _dl_lazy = *(__secure_getenv ("LD_BIND_NOW") ?: "") == '\0'; - -- _dl_bind_not = *(getenv ("LD_BIND_NOT") ?: "") != '\0'; -+ _dl_bind_not = *(__secure_getenv ("LD_BIND_NOT") ?: "") != '\0'; - -- _dl_dynamic_weak = *(getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; -+ _dl_dynamic_weak = *(__secure_getenv ("LD_DYNAMIC_WEAK") ?: "") == '\0'; - -- _dl_profile_output = getenv ("LD_PROFILE_OUTPUT"); -+ _dl_profile_output = __secure_getenv ("LD_PROFILE_OUTPUT"); - if (_dl_profile_output == NULL || _dl_profile_output[0] == '\0') - _dl_profile_output - = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0]; -@@ -264,6 +269,8 @@ - EXTRA_UNSECURE_ENVVARS - #endif - ; -+ static const char restricted_envvars[] = -+ RESTRICTED_ENVVARS; - const char *cp = unsecure_envvars; - - while (cp < unsecure_envvars + sizeof (unsecure_envvars)) -@@ -272,8 +279,31 @@ - cp = (const char *) __rawmemchr (cp, '\0') + 1; - } - -- if (__access ("/etc/suid-debug", F_OK) != 0) -- __unsetenv ("MALLOC_CHECK_"); -+ if (__libc_security_mask & 2) -+ { -+ static const char unsecure_uid_envvars[] = -+ UNSECURE_UID_ENVVARS; -+ -+ cp = unsecure_uid_envvars; -+ while (cp < unsecure_uid_envvars + sizeof (unsecure_uid_envvars)) -+ { -+ __unsetenv (cp); -+ cp = (const char *) __rawmemchr (cp, '\0') + 1; -+ } -+ } -+ -+ /* This loop is buggy: it will only check the first occurrence of each -+ variable (but will correctly remove all in case of a match). This -+ may be a problem if the list is later re-ordered or accessed by an -+ application with something other than the glibc getenv(). */ -+ cp = restricted_envvars; -+ while (cp < restricted_envvars + sizeof (restricted_envvars)) -+ { -+ const char *value = getenv (cp); -+ if (value && (value[0] == '.' || strchr(value, '/'))) -+ __unsetenv (cp); -+ cp = (const char *) __rawmemchr (cp, '\0') + 1; -+ } - } - - #ifdef DL_PLATFORM_INIT -diff -Naur glibc-2.8-20080929.orig/elf/dl-sysdep.c glibc-2.8-20080929/elf/dl-sysdep.c ---- glibc-2.8-20080929.orig/elf/dl-sysdep.c 2008-03-08 07:28:36.000000000 +0000 -+++ glibc-2.8-20080929/elf/dl-sysdep.c 2008-10-15 00:30:49.000000000 +0000 -@@ -54,8 +54,10 @@ - #ifdef NEED_DL_BASE_ADDR - ElfW(Addr) _dl_base_addr; - #endif --int __libc_enable_secure attribute_relro = 0; -+int __libc_enable_secure attribute_relro = 1; - INTVARDEF(__libc_enable_secure) -+int __libc_security_mask attribute_relro = 0x7fffffff; -+INTVARDEF(__libc_security_mask) - int __libc_multiple_libcs = 0; /* Defining this here avoids the inclusion - of init-first. */ - /* This variable contains the lowest stack address ever used. */ -@@ -80,6 +82,10 @@ - # define DL_STACK_END(cookie) ((void *) (cookie)) - #endif - -+#ifdef HAVE_AUX_XID -+#undef HAVE_AUX_XID -+#endif -+ - ElfW(Addr) - _dl_sysdep_start (void **start_argptr, - void (*dl_main) (const ElfW(Phdr) *phdr, ElfW(Word) phnum, -@@ -89,19 +95,19 @@ - ElfW(Word) phnum = 0; - ElfW(Addr) user_entry; - ElfW(auxv_t) *av; --#ifdef HAVE_AUX_SECURE -+ int security_mask = 0; -+#if 0 - # define set_seen(tag) (tag) /* Evaluate for the side effects. */ --# define set_seen_secure() ((void) 0) - #else - uid_t uid = 0; - gid_t gid = 0; - unsigned int seen = 0; --# define set_seen_secure() (seen = -1) - # ifdef HAVE_AUX_XID - # define set_seen(tag) (tag) /* Evaluate for the side effects. */ - # else - # define M(type) (1 << (type)) - # define set_seen(tag) seen |= M ((tag)->a_type) -+# define is_seen(tag) seen & M ((tag)->a_type) - # endif - #endif - #ifdef NEED_DL_SYSINFO -@@ -135,21 +141,18 @@ - _dl_base_addr = av->a_un.a_val; - break; - #endif --#ifndef HAVE_AUX_SECURE - case AT_UID: - case AT_EUID: -+ if (is_seen (av)) break; - uid ^= av->a_un.a_val; - break; - case AT_GID: - case AT_EGID: -+ if (is_seen (av)) break; - gid ^= av->a_un.a_val; - break; --#endif - case AT_SECURE: --#ifndef HAVE_AUX_SECURE -- seen = -1; --#endif -- INTUSE(__libc_enable_secure) = av->a_un.a_val; -+ security_mask |= av->a_un.a_val != 0; - break; - case AT_PLATFORM: - GLRO(dl_platform) = (void *) av->a_un.a_val; -@@ -178,8 +181,6 @@ - #endif - } - --#ifndef HAVE_AUX_SECURE -- if (seen != -1) - { - /* Fill in the values we have not gotten from the kernel through the - auxiliary vector. */ -@@ -191,12 +192,12 @@ - SEE (GID, gid, gid); - SEE (EGID, gid, egid); - # endif -- -- /* If one of the two pairs of IDs does not match this is a setuid -- or setgid run. */ -- INTUSE(__libc_enable_secure) = uid | gid; - } --#endif -+ /* If one of the two pairs of IDs does not match -+ this is a setuid or setgid run. */ -+ security_mask |= ((uid != 0) << 1) | ((gid != 0) << 2); -+ INTUSE(__libc_security_mask) = security_mask; -+ INTUSE(__libc_enable_secure) = security_mask != 0; - - #ifndef HAVE_AUX_PAGESIZE - if (GLRO(dl_pagesize) == 0) -diff -Naur glibc-2.8-20080929.orig/elf/enbl-secure.c glibc-2.8-20080929/elf/enbl-secure.c ---- glibc-2.8-20080929.orig/elf/enbl-secure.c 2005-12-14 08:46:07.000000000 +0000 -+++ glibc-2.8-20080929/elf/enbl-secure.c 2008-10-15 00:30:49.000000000 +0000 -@@ -27,11 +27,17 @@ - int __libc_enable_secure_decided; - /* Safest assumption, if somehow the initializer isn't run. */ - int __libc_enable_secure = 1; -+int __libc_security_mask = 0x7fffffff; - - void - __libc_init_secure (void) - { - if (__libc_enable_secure_decided == 0) -- __libc_enable_secure = (__geteuid () != __getuid () -- || __getegid () != __getgid ()); -+ { -+ __libc_security_mask = -+ ((__geteuid () != __getuid ()) << 1) | -+ ((__getegid () != __getgid ()) << 2); -+ __libc_enable_secure = __libc_security_mask != 0; -+ __libc_security_mask |= __libc_enable_secure; -+ } - } -diff -Naur glibc-2.8-20080929.orig/elf/rtld.c glibc-2.8-20080929/elf/rtld.c ---- glibc-2.8-20080929.orig/elf/rtld.c 2008-03-08 07:29:40.000000000 +0000 -+++ glibc-2.8-20080929/elf/rtld.c 2008-10-15 00:30:49.000000000 +0000 -@@ -2500,6 +2500,7 @@ - GLRO(dl_profile_output) - = &"/var/tmp\0/var/profile"[INTUSE(__libc_enable_secure) ? 9 : 0]; - -+ if (__builtin_expect (!INTUSE(__libc_enable_secure), 1)) - while ((envline = _dl_next_ld_env_entry (&runp)) != NULL) - { - size_t len = 0; -@@ -2566,8 +2567,7 @@ - case 9: - /* Test whether we want to see the content of the auxiliary - array passed up from the kernel. */ -- if (!INTUSE(__libc_enable_secure) -- && memcmp (envline, "SHOW_AUXV", 9) == 0) -+ if (memcmp (envline, "SHOW_AUXV", 9) == 0) - _dl_show_auxv (); - break; - -@@ -2580,8 +2580,7 @@ - - case 11: - /* Path where the binary is found. */ -- if (!INTUSE(__libc_enable_secure) -- && memcmp (envline, "ORIGIN_PATH", 11) == 0) -+ if (memcmp (envline, "ORIGIN_PATH", 11) == 0) - GLRO(dl_origin_path) = &envline[12]; - break; - -@@ -2600,8 +2599,7 @@ - break; - } - -- if (!INTUSE(__libc_enable_secure) -- && memcmp (envline, "DYNAMIC_WEAK", 12) == 0) -+ if (memcmp (envline, "DYNAMIC_WEAK", 12) == 0) - GLRO(dl_dynamic_weak) = 1; - break; - -@@ -2611,8 +2609,7 @@ - #ifdef EXTRA_LD_ENVVARS_13 - EXTRA_LD_ENVVARS_13 - #endif -- if (!INTUSE(__libc_enable_secure) -- && memcmp (envline, "USE_LOAD_BIAS", 13) == 0) -+ if (memcmp (envline, "USE_LOAD_BIAS", 13) == 0) - { - GLRO(dl_use_load_bias) = envline[14] == '1' ? -1 : 0; - break; -@@ -2624,8 +2621,7 @@ - - case 14: - /* Where to place the profiling data file. */ -- if (!INTUSE(__libc_enable_secure) -- && memcmp (envline, "PROFILE_OUTPUT", 14) == 0 -+ if (memcmp (envline, "PROFILE_OUTPUT", 14) == 0 - && envline[15] != '\0') - GLRO(dl_profile_output) = &envline[15]; - break; -@@ -2669,16 +2665,39 @@ - EXTRA_UNSECURE_ENVVARS - #endif - UNSECURE_ENVVARS; -+ static const char restricted_envvars[] = -+ RESTRICTED_ENVVARS; - const char *nextp; - -- nextp = unsecure_envvars; -- do -+ for (nextp = unsecure_envvars; *nextp != '\0'; -+ nextp = (char *) rawmemchr (nextp, '\0') + 1) - { - unsetenv (nextp); -- /* We could use rawmemchr but this need not be fast. */ -- nextp = (char *) (strchr) (nextp, '\0') + 1; - } -- while (*nextp != '\0'); -+ -+ if (__builtin_expect (INTUSE(__libc_security_mask) & 2, 0)) -+ { -+ static const char unsecure_uid_envvars[] = -+ UNSECURE_UID_ENVVARS; -+ -+ for (nextp = unsecure_uid_envvars; *nextp != '\0'; -+ nextp = (char *) rawmemchr (nextp, '\0') + 1) -+ { -+ unsetenv (nextp); -+ } -+ } -+ -+ /* This loop is buggy: it will only check the first occurrence of each -+ variable (but will correctly remove all in case of a match). This -+ may be a problem if the list is later re-ordered or accessed by an -+ application with something other than the glibc getenv(). */ -+ for (nextp = restricted_envvars; *nextp != '\0'; -+ nextp = (char *) rawmemchr (nextp, '\0') + 1) -+ { -+ const char *value = getenv (nextp); -+ if (value && (value[0] == '.' || strchr(value, '/'))) -+ unsetenv (nextp); -+ } - - if (__access ("/etc/suid-debug", F_OK) != 0) - { -diff -Naur glibc-2.8-20080929.orig/gmon/gmon.c glibc-2.8-20080929/gmon/gmon.c ---- glibc-2.8-20080929.orig/gmon/gmon.c 2008-03-19 06:43:31.000000000 +0000 -+++ glibc-2.8-20080929/gmon/gmon.c 2008-10-15 00:30:49.000000000 +0000 -@@ -326,8 +326,8 @@ - # define O_NOFOLLOW 0 - #endif - -- env = getenv ("GMON_OUT_PREFIX"); -- if (env != NULL && !__libc_enable_secure) -+ env = __secure_getenv ("GMON_OUT_PREFIX"); -+ if (env != NULL) - { - size_t len = strlen (env); - char buf[len + 20]; -diff -Naur glibc-2.8-20080929.orig/iconv/gconv_cache.c glibc-2.8-20080929/iconv/gconv_cache.c ---- glibc-2.8-20080929.orig/iconv/gconv_cache.c 2007-07-28 19:00:25.000000000 +0000 -+++ glibc-2.8-20080929/iconv/gconv_cache.c 2008-10-15 00:30:49.000000000 +0000 -@@ -55,7 +55,7 @@ - - /* We cannot use the cache if the GCONV_PATH environment variable is - set. */ -- __gconv_path_envvar = getenv ("GCONV_PATH"); -+ __gconv_path_envvar = __secure_getenv ("GCONV_PATH"); - if (__gconv_path_envvar != NULL) - return -1; - -diff -Naur glibc-2.8-20080929.orig/include/unistd.h glibc-2.8-20080929/include/unistd.h ---- glibc-2.8-20080929.orig/include/unistd.h 2006-07-31 05:57:52.000000000 +0000 -+++ glibc-2.8-20080929/include/unistd.h 2008-10-15 00:30:49.000000000 +0000 -@@ -142,10 +142,12 @@ - and some functions contained in the C library ignore various - environment variables that normally affect them. */ - extern int __libc_enable_secure attribute_relro; -+extern int __libc_security_mask attribute_relro; - extern int __libc_enable_secure_decided; - #ifdef IS_IN_rtld - /* XXX The #ifdef should go. */ - extern int __libc_enable_secure_internal attribute_relro attribute_hidden; -+extern int __libc_security_mask_internal attribute_relro attribute_hidden; - #endif - - -diff -Naur glibc-2.8-20080929.orig/intl/dcigettext.c glibc-2.8-20080929/intl/dcigettext.c ---- glibc-2.8-20080929.orig/intl/dcigettext.c 2008-03-31 00:37:17.000000000 +0000 -+++ glibc-2.8-20080929/intl/dcigettext.c 2008-10-15 00:30:49.000000000 +0000 -@@ -1391,7 +1391,7 @@ - - if (!output_charset_cached) - { -- const char *value = getenv ("OUTPUT_CHARSET"); -+ const char *value = __secure_getenv ("OUTPUT_CHARSET"); - - if (value != NULL && value[0] != '\0') - { -diff -Naur glibc-2.8-20080929.orig/io/getdirname.c glibc-2.8-20080929/io/getdirname.c ---- glibc-2.8-20080929.orig/io/getdirname.c 2001-07-06 04:54:53.000000000 +0000 -+++ glibc-2.8-20080929/io/getdirname.c 2008-10-15 00:30:49.000000000 +0000 -@@ -31,7 +31,7 @@ - char *pwd; - struct stat64 dotstat, pwdstat; - -- pwd = getenv ("PWD"); -+ pwd = __secure_getenv ("PWD"); - if (pwd != NULL - && stat64 (".", &dotstat) == 0 - && stat64 (pwd, &pwdstat) == 0 -diff -Naur glibc-2.8-20080929.orig/libidn/toutf8.c glibc-2.8-20080929/libidn/toutf8.c ---- glibc-2.8-20080929.orig/libidn/toutf8.c 2005-02-22 01:25:30.000000000 +0000 -+++ glibc-2.8-20080929/libidn/toutf8.c 2008-10-15 00:30:49.000000000 +0000 -@@ -74,7 +74,7 @@ - const char * - stringprep_locale_charset (void) - { -- const char *charset = getenv ("CHARSET"); /* flawfinder: ignore */ -+ const char *charset = __secure_getenv ("CHARSET"); - - if (charset && *charset) - return charset; -diff -Naur glibc-2.8-20080929.orig/locale/newlocale.c glibc-2.8-20080929/locale/newlocale.c ---- glibc-2.8-20080929.orig/locale/newlocale.c 2008-03-31 00:37:03.000000000 +0000 -+++ glibc-2.8-20080929/locale/newlocale.c 2008-10-15 00:30:49.000000000 +0000 -@@ -104,7 +104,7 @@ - locale_path = NULL; - locale_path_len = 0; - -- locpath_var = getenv ("LOCPATH"); -+ locpath_var = __secure_getenv ("LOCPATH"); - if (locpath_var != NULL && locpath_var[0] != '\0') - { - if (__argz_create_sep (locpath_var, ':', -diff -Naur glibc-2.8-20080929.orig/locale/setlocale.c glibc-2.8-20080929/locale/setlocale.c ---- glibc-2.8-20080929.orig/locale/setlocale.c 2008-03-31 00:37:03.000000000 +0000 -+++ glibc-2.8-20080929/locale/setlocale.c 2008-10-15 00:30:49.000000000 +0000 -@@ -246,7 +246,7 @@ - locale_path = NULL; - locale_path_len = 0; - -- locpath_var = getenv ("LOCPATH"); -+ locpath_var = __secure_getenv ("LOCPATH"); - if (locpath_var != NULL && locpath_var[0] != '\0') - { - if (__argz_create_sep (locpath_var, ':', -diff -Naur glibc-2.8-20080929.orig/malloc/arena.c glibc-2.8-20080929/malloc/arena.c ---- glibc-2.8-20080929.orig/malloc/arena.c 2007-12-12 00:11:27.000000000 +0000 -+++ glibc-2.8-20080929/malloc/arena.c 2008-10-15 00:30:49.000000000 +0000 -@@ -494,10 +494,10 @@ - # undef NO_STARTER - # endif - #endif -+ s = NULL; - #ifdef _LIBC - secure = __libc_enable_secure; -- s = NULL; -- if (__builtin_expect (_environ != NULL, 1)) -+ if (! secure && __builtin_expect (_environ != NULL, 1)) - { - char **runp = _environ; - char *envline; -@@ -520,26 +520,20 @@ - s = &envline[7]; - break; - case 8: -- if (! secure) -- { - if (memcmp (envline, "TOP_PAD_", 8) == 0) - mALLOPt(M_TOP_PAD, atoi(&envline[9])); - else if (memcmp (envline, "PERTURB_", 8) == 0) - mALLOPt(M_PERTURB, atoi(&envline[9])); -- } - break; - case 9: -- if (! secure && memcmp (envline, "MMAP_MAX_", 9) == 0) -+ if (memcmp (envline, "MMAP_MAX_", 9) == 0) - mALLOPt(M_MMAP_MAX, atoi(&envline[10])); - break; - case 15: -- if (! secure) -- { - if (memcmp (envline, "TRIM_THRESHOLD_", 15) == 0) - mALLOPt(M_TRIM_THRESHOLD, atoi(&envline[16])); - else if (memcmp (envline, "MMAP_THRESHOLD_", 15) == 0) - mALLOPt(M_MMAP_THRESHOLD, atoi(&envline[16])); -- } - break; - default: - break; -diff -Naur glibc-2.8-20080929.orig/malloc/memusage.c glibc-2.8-20080929/malloc/memusage.c ---- glibc-2.8-20080929.orig/malloc/memusage.c 2006-12-08 17:13:24.000000000 +0000 -+++ glibc-2.8-20080929/malloc/memusage.c 2008-10-15 00:30:49.000000000 +0000 -@@ -214,7 +214,7 @@ - static void - me (void) - { -- const char *env = getenv ("MEMUSAGE_PROG_NAME"); -+ const char *env = __secure_getenv ("MEMUSAGE_PROG_NAME"); - size_t prog_len = strlen (__progname); - - initialized = -1; -@@ -250,7 +250,7 @@ - if (!start_sp) - start_sp = GETSP (); - -- outname = getenv ("MEMUSAGE_OUTPUT"); -+ outname = __secure_getenv ("MEMUSAGE_OUTPUT"); - if (outname != NULL && outname[0] != '\0' - && (access (outname, R_OK | W_OK) == 0 || errno == ENOENT)) - { -@@ -273,7 +273,7 @@ - /* Determine the buffer size. We use the default if the - environment variable is not present. */ - buffer_size = DEFAULT_BUFFER_SIZE; -- if (getenv ("MEMUSAGE_BUFFER_SIZE") != NULL) -+ if (__secure_getenv ("MEMUSAGE_BUFFER_SIZE") != NULL) - { - buffer_size = atoi (getenv ("MEMUSAGE_BUFFER_SIZE")); - if (buffer_size == 0 || buffer_size > DEFAULT_BUFFER_SIZE) -@@ -281,7 +281,7 @@ - } - - /* Possibly enable timer-based stack pointer retrieval. */ -- if (getenv ("MEMUSAGE_NO_TIMER") == NULL) -+ if (__secure_getenv ("MEMUSAGE_NO_TIMER") == NULL) - { - struct sigaction act; - -@@ -302,7 +302,7 @@ - } - } - -- if (!not_me && getenv ("MEMUSAGE_TRACE_MMAP") != NULL) -+ if (!not_me && __secure_getenv ("MEMUSAGE_TRACE_MMAP") != NULL) - trace_mmap = true; - } - } -diff -Naur glibc-2.8-20080929.orig/nis/nis_defaults.c glibc-2.8-20080929/nis/nis_defaults.c ---- glibc-2.8-20080929.orig/nis/nis_defaults.c 2006-10-11 16:22:34.000000000 +0000 -+++ glibc-2.8-20080929/nis/nis_defaults.c 2008-10-15 00:30:49.000000000 +0000 -@@ -358,7 +358,7 @@ - - char *cptr = defaults; - if (cptr == NULL) -- cptr = getenv ("NIS_DEFAULTS"); -+ cptr = __secure_getenv ("NIS_DEFAULTS"); - - if (cptr != NULL) - { -@@ -385,7 +385,7 @@ - - char *cptr = defaults; - if (cptr == NULL) -- cptr = getenv ("NIS_DEFAULTS"); -+ cptr = __secure_getenv ("NIS_DEFAULTS"); - - if (cptr != NULL) - { -@@ -417,7 +417,7 @@ - return searchttl (defaults); - } - -- cptr = getenv ("NIS_DEFAULTS"); -+ cptr = __secure_getenv ("NIS_DEFAULTS"); - if (cptr == NULL) - return DEFAULT_TTL; - -@@ -445,7 +445,7 @@ - result = searchaccess (param, result); - else - { -- cptr = getenv ("NIS_DEFAULTS"); -+ cptr = __secure_getenv ("NIS_DEFAULTS"); - if (cptr != NULL && strstr (cptr, "access=") != NULL) - result = searchaccess (cptr, result); - } -diff -Naur glibc-2.8-20080929.orig/nis/nis_local_names.c glibc-2.8-20080929/nis/nis_local_names.c ---- glibc-2.8-20080929.orig/nis/nis_local_names.c 2006-04-07 06:52:01.000000000 +0000 -+++ glibc-2.8-20080929/nis/nis_local_names.c 2008-10-15 00:30:49.000000000 +0000 -@@ -30,7 +30,7 @@ - - char *cptr; - if (__nisgroup[0] == '\0' -- && (cptr = getenv ("NIS_GROUP")) != NULL -+ && (cptr = __secure_getenv ("NIS_GROUP")) != NULL - && strlen (cptr) < NIS_MAXNAMELEN) - { - char *cp = stpcpy (__nisgroup, cptr); -diff -Naur glibc-2.8-20080929.orig/nis/nis_subr.c glibc-2.8-20080929/nis/nis_subr.c ---- glibc-2.8-20080929.orig/nis/nis_subr.c 2007-07-28 20:43:36.000000000 +0000 -+++ glibc-2.8-20080929/nis/nis_subr.c 2008-10-15 00:30:49.000000000 +0000 -@@ -178,7 +178,7 @@ - } - - /* Get the search path, where we have to search "name" */ -- path = getenv ("NIS_PATH"); -+ path = __secure_getenv ("NIS_PATH"); - if (path == NULL) - path = strdupa ("$"); - else -diff -Naur glibc-2.8-20080929.orig/posix/execvp.c glibc-2.8-20080929/posix/execvp.c ---- glibc-2.8-20080929.orig/posix/execvp.c 2007-01-03 23:01:15.000000000 +0000 -+++ glibc-2.8-20080929/posix/execvp.c 2008-10-15 00:30:49.000000000 +0000 -@@ -90,7 +90,7 @@ - { - size_t pathlen; - size_t alloclen = 0; -- char *path = getenv ("PATH"); -+ char *path = __secure_getenv ("PATH"); - if (path == NULL) - { - pathlen = confstr (_CS_PATH, (char *) NULL, 0); -@@ -116,11 +116,11 @@ - if (path == NULL) - { - /* There is no `PATH' in the environment. -- The default search path is the current directory -- followed by the path `confstr' returns for `_CS_PATH'. */ -+ The default search path is what `confstr' returns -+ for `_CS_PATH'. */ - path = name + pathlen + len + 1; -- path[0] = ':'; -- (void) confstr (_CS_PATH, path + 1, pathlen); -+ path[0] = '\0'; -+ (void) confstr (_CS_PATH, path, pathlen); - } - - /* Copy the file name at the top. */ -diff -Naur glibc-2.8-20080929.orig/posix/glob.c glibc-2.8-20080929/posix/glob.c ---- glibc-2.8-20080929.orig/posix/glob.c 2007-10-15 04:59:03.000000000 +0000 -+++ glibc-2.8-20080929/posix/glob.c 2008-10-15 00:30:49.000000000 +0000 -@@ -557,7 +557,7 @@ - && (dirname[2] == '\0' || dirname[2] == '/'))) - { - /* Look up home directory. */ -- const char *home_dir = getenv ("HOME"); -+ const char *home_dir = __secure_getenv ("HOME"); - # ifdef _AMIGA - if (home_dir == NULL || home_dir[0] == '\0') - home_dir = "SYS:"; -diff -Naur glibc-2.8-20080929.orig/posix/wordexp.c glibc-2.8-20080929/posix/wordexp.c ---- glibc-2.8-20080929.orig/posix/wordexp.c 2007-01-25 00:43:39.000000000 +0000 -+++ glibc-2.8-20080929/posix/wordexp.c 2008-10-15 00:30:49.000000000 +0000 -@@ -320,7 +320,7 @@ - results are unspecified. We do a lookup on the uid if - HOME is unset. */ - -- home = getenv ("HOME"); -+ home = __secure_getenv ("HOME"); - if (home != NULL) - { - *word = w_addstr (*word, word_length, max_length, home); -@@ -1493,7 +1493,7 @@ - } - } - else -- value = getenv (env); -+ value = __secure_getenv (env); - - if (value == NULL && (flags & WRDE_UNDEF)) - { -@@ -2262,7 +2262,7 @@ - /* Find out what the field separators are. - * There are two types: whitespace and non-whitespace. - */ -- ifs = getenv ("IFS"); -+ ifs = __secure_getenv ("IFS"); - - if (ifs == NULL) - /* IFS unset - use <space><tab><newline>. */ -diff -Naur glibc-2.8-20080929.orig/resolv/res_hconf.c glibc-2.8-20080929/resolv/res_hconf.c ---- glibc-2.8-20080929.orig/resolv/res_hconf.c 2007-11-23 03:03:31.000000000 +0000 -+++ glibc-2.8-20080929/resolv/res_hconf.c 2008-10-15 00:30:49.000000000 +0000 -@@ -304,7 +304,7 @@ - - memset (&_res_hconf, '\0', sizeof (_res_hconf)); - -- hconf_name = getenv (ENV_HOSTCONF); -+ hconf_name = __secure_getenv (ENV_HOSTCONF); - if (hconf_name == NULL) - hconf_name = _PATH_HOSTCONF; - -@@ -323,23 +323,23 @@ - fclose (fp); - } - -- envval = getenv (ENV_SPOOF); -+ envval = __secure_getenv (ENV_SPOOF); - if (envval) - arg_spoof (ENV_SPOOF, 1, envval); - -- envval = getenv (ENV_MULTI); -+ envval = __secure_getenv (ENV_MULTI); - if (envval) - arg_bool (ENV_MULTI, 1, envval, HCONF_FLAG_MULTI); - -- envval = getenv (ENV_REORDER); -+ envval = __secure_getenv (ENV_REORDER); - if (envval) - arg_bool (ENV_REORDER, 1, envval, HCONF_FLAG_REORDER); - -- envval = getenv (ENV_TRIM_ADD); -+ envval = __secure_getenv (ENV_TRIM_ADD); - if (envval) - arg_trimdomain_list (ENV_TRIM_ADD, 1, envval); - -- envval = getenv (ENV_TRIM_OVERR); -+ envval = __secure_getenv (ENV_TRIM_OVERR); - if (envval) - { - _res_hconf.num_trimdomains = 0; -diff -Naur glibc-2.8-20080929.orig/resolv/res_init.c glibc-2.8-20080929/resolv/res_init.c ---- glibc-2.8-20080929.orig/resolv/res_init.c 2008-04-07 17:20:25.000000000 +0000 -+++ glibc-2.8-20080929/resolv/res_init.c 2008-10-15 00:30:49.000000000 +0000 -@@ -201,7 +201,7 @@ - #endif - - /* Allow user to override the local domain definition */ -- if ((cp = getenv("LOCALDOMAIN")) != NULL) { -+ if ((cp = __secure_getenv("LOCALDOMAIN")) != NULL) { - (void)strncpy(statp->defdname, cp, sizeof(statp->defdname) - 1); - statp->defdname[sizeof(statp->defdname) - 1] = '\0'; - haveenv++; -@@ -470,7 +470,7 @@ - #endif /* !RFC1535 */ - } - -- if ((cp = getenv("RES_OPTIONS")) != NULL) -+ if ((cp = __secure_getenv("RES_OPTIONS")) != NULL) - res_setoptions(statp, cp, "env"); - statp->options |= RES_INIT; - return (0); -diff -Naur glibc-2.8-20080929.orig/resolv/res_query.c glibc-2.8-20080929/resolv/res_query.c ---- glibc-2.8-20080929.orig/resolv/res_query.c 2007-02-09 23:43:25.000000000 +0000 -+++ glibc-2.8-20080929/resolv/res_query.c 2008-10-15 00:30:49.000000000 +0000 -@@ -474,7 +474,7 @@ - - if (statp->options & RES_NOALIASES) - return (NULL); -- file = getenv("HOSTALIASES"); -+ file = __secure_getenv("HOSTALIASES"); - if (file == NULL || (fp = fopen(file, "r")) == NULL) - return (NULL); - setbuf(fp, NULL); -diff -Naur glibc-2.8-20080929.orig/stdlib/fmtmsg.c glibc-2.8-20080929/stdlib/fmtmsg.c ---- glibc-2.8-20080929.orig/stdlib/fmtmsg.c 2006-05-15 18:41:18.000000000 +0000 -+++ glibc-2.8-20080929/stdlib/fmtmsg.c 2008-10-15 00:30:49.000000000 +0000 -@@ -205,8 +205,8 @@ - static void - init (void) - { -- const char *msgverb_var = getenv ("MSGVERB"); -- const char *sevlevel_var = getenv ("SEV_LEVEL"); -+ const char *msgverb_var = __secure_getenv ("MSGVERB"); -+ const char *sevlevel_var = __secure_getenv ("SEV_LEVEL"); - - if (msgverb_var != NULL && msgverb_var[0] != '\0') - { -diff -Naur glibc-2.8-20080929.orig/sunrpc/rpc_svcout.c glibc-2.8-20080929/sunrpc/rpc_svcout.c ---- glibc-2.8-20080929.orig/sunrpc/rpc_svcout.c 2005-11-21 15:43:03.000000000 +0000 -+++ glibc-2.8-20080929/sunrpc/rpc_svcout.c 2008-10-15 00:30:49.000000000 +0000 -@@ -897,7 +897,7 @@ - f_print (fout, "\t\t_rpcpmstart = 1;\n"); - if (logflag) - open_log_file (infile, "\t\t"); -- f_print (fout, "\t\tif ((netid = getenv("NLSPROVIDER")) == NULL) {\n"); -+ f_print (fout, "\t\tif ((netid = __secure_getenv("NLSPROVIDER")) == NULL) {\n"); - sprintf (_errbuf, "cannot get transport name"); - print_err_message ("\t\t\t"); - f_print (fout, "\t\t} else if ((nconf = getnetconfigent(netid)) == NULL) {\n"); -diff -Naur glibc-2.8-20080929.orig/sysdeps/generic/unsecvars.h glibc-2.8-20080929/sysdeps/generic/unsecvars.h ---- glibc-2.8-20080929.orig/sysdeps/generic/unsecvars.h 2006-10-11 16:24:05.000000000 +0000 -+++ glibc-2.8-20080929/sysdeps/generic/unsecvars.h 2008-10-15 00:32:09.000000000 +0000 -@@ -2,25 +2,87 @@ - all stuffed in a single string which means they have to be terminated - with a '\0' explicitly. */ - #define UNSECURE_ENVVARS \ -- "GCONV_PATH\0" \ -- "GETCONF_DIR\0" \ -- "HOSTALIASES\0" \ -- "LD_AUDIT\0" \ -- "LD_DEBUG\0" \ -- "LD_DEBUG_OUTPUT\0" \ -- "LD_DYNAMIC_WEAK\0" \ -- "LD_LIBRARY_PATH\0" \ -- "LD_ORIGIN_PATH\0" \ -- "LD_PRELOAD\0" \ -- "LD_PROFILE\0" \ -- "LD_SHOW_AUXV\0" \ -- "LD_USE_LOAD_BIAS\0" \ -- "LOCALDOMAIN\0" \ -- "LOCPATH\0" \ -- "MALLOC_TRACE\0" \ -- "NIS_PATH\0" \ -- "NLSPATH\0" \ -- "RESOLV_HOST_CONF\0" \ -- "RES_OPTIONS\0" \ -- "TMPDIR\0" \ -+ "ARGP_HELP_FMT\0" \ -+ "DATEMSK\0" \ -+ "GCONV_PATH\0" \ -+ "GETCONF_DIR\0" \ -+ "GMON_OUT_PREFIX\0" \ -+ "HESIOD_CONFIG\0" \ -+ "HES_DOMAIN\0" \ -+ "HOSTALIASES\0" \ -+ "LD_AUDIT\0" \ -+ "LD_BIND_NOT\0" \ -+ "LD_BIND_NOW\0" \ -+ "LD_DEBUG\0" \ -+ "LD_DEBUG_OUTPUT\0" \ -+ "LD_DYNAMIC_WEAK\0" \ -+ "LD_HWCAP_MASK\0" \ -+ "LD_LIBRARY_PATH\0" \ -+ "LD_ORIGIN_PATH\0" \ -+ "LD_POINTER_GUARD\0" \ -+ "LD_PRELOAD\0" \ -+ "LD_PROFILE\0" \ -+ "LD_PROFILE_OUTPUT\0" \ -+ "LD_SHOW_AUXV\0" \ -+ "LD_TRACE_LOADED_OBJECTS\0" \ -+ "LD_TRACE_PRELINKING\0" \ -+ "LD_USE_LOAD_BIAS\0" \ -+ "LD_VERBOSE\0" \ -+ "LD_WARN\0" \ -+ "LOCALDOMAIN\0" \ -+ "LOCPATH\0" \ -+ "MALLOC_CHECK_\0" \ -+ "MALLOC_MMAP_MAX_\0" \ -+ "MALLOC_MMAP_THRESHOLD_\0" \ -+ "MALLOC_PERTURB_\0" \ -+ "MALLOC_TOP_PAD_\0" \ -+ "MALLOC_TRACE\0" \ -+ "MALLOC_TRIM_THRESHOLD_\0" \ -+ "MEMUSAGE_BUFFER_SIZE\0" \ -+ "MEMUSAGE_NO_TIMER\0" \ -+ "MEMUSAGE_OUTPUT\0" \ -+ "MEMUSAGE_PROG_NAME\0" \ -+ "MEMUSAGE_TRACE_MMAP\0" \ -+ "MSGVERB\0" \ -+ "MUDFLAP_OPTIONS\0" \ -+ "NIS_DEFAULTS\0" \ -+ "NIS_GROUP\0" \ -+ "NIS_PATH\0" \ -+ "NLSPATH\0" \ -+ "PCPROFILE_OUTPUT\0" \ -+ "POSIXLY_CORRECT\0" \ -+ "PWD\0" \ -+ "RESOLV_ADD_TRIM_DOMAINS\0" \ -+ "RESOLV_HOST_CONF\0" \ -+ "RESOLV_MULTI\0" \ -+ "RESOLV_OVERRIDE_TRIM_DOMAINS\0" \ -+ "RESOLV_REORDER\0" \ -+ "RESOLV_SPOOF_CHECK\0" \ -+ "RES_OPTIONS\0" \ -+ "SEGFAULT_OUTPUT_NAME\0" \ -+ "SEGFAULT_SIGNALS\0" \ -+ "SEGFAULT_USE_ALTSTACK\0" \ -+ "SEV_LEVEL\0" \ -+ "TZ\0" \ - "TZDIR\0" -+ -+#define UNSECURE_UID_ENVVARS \ -+ "TMPDIR\0" -+ -+#define RESTRICTED_ENVVARS \ -+ "LANG\0" \ -+ "LANGUAGE\0" \ -+ "LC_ADDRESS\0" \ -+ "LC_ALL\0" \ -+ "LC_COLLATE\0" \ -+ "LC_CTYPE\0" \ -+ "LC_IDENTIFICATION\0" \ -+ "LC_MEASUREMENT\0" \ -+ "LC_MESSAGES\0" \ -+ "LC_MONETARY\0" \ -+ "LC_NAME\0" \ -+ "LC_NUMERIC\0" \ -+ "LC_PAPER\0" \ -+ "LC_TELEPHONE\0" \ -+ "LC_TIME\0" \ -+ "LC_XXX\0" -diff -Naur glibc-2.8-20080929.orig/sysdeps/posix/spawni.c glibc-2.8-20080929/sysdeps/posix/spawni.c ---- glibc-2.8-20080929.orig/sysdeps/posix/spawni.c 2006-06-04 22:16:05.000000000 +0000 -+++ glibc-2.8-20080929/sysdeps/posix/spawni.c 2008-10-15 00:30:49.000000000 +0000 -@@ -227,16 +227,15 @@ - } - - /* We have to search for FILE on the path. */ -- path = getenv ("PATH"); -+ path = __secure_getenv ("PATH"); - if (path == NULL) - { - /* There is no `PATH' in the environment. -- The default search path is the current directory -- followed by the path `confstr' returns for `_CS_PATH'. */ -+ The default search path is ehat `confstr' returns -+ for `_CS_PATH'. */ - len = confstr (_CS_PATH, (char *) NULL, 0); -- path = (char *) __alloca (1 + len); -- path[0] = ':'; -- (void) confstr (_CS_PATH, path + 1, len); -+ path = (char *) __alloca (len); -+ (void) confstr (_CS_PATH, path, len); - } - - len = strlen (file) + 1; -diff -Naur glibc-2.8-20080929.orig/sysdeps/unix/sysv/linux/dl-librecon.h glibc-2.8-20080929/sysdeps/unix/sysv/linux/dl-librecon.h ---- glibc-2.8-20080929.orig/sysdeps/unix/sysv/linux/dl-librecon.h 2004-03-05 10:14:48.000000000 +0000 -+++ glibc-2.8-20080929/sysdeps/unix/sysv/linux/dl-librecon.h 2008-10-15 00:30:49.000000000 +0000 -@@ -53,7 +53,7 @@ - - #define DL_OSVERSION_INIT \ - do { \ -- char *assume_kernel = getenv ("LD_ASSUME_KERNEL"); \ -+ char *assume_kernel = __secure_getenv ("LD_ASSUME_KERNEL"); \ - if (assume_kernel) \ - _dl_osversion_init (assume_kernel); \ - } while (0) -diff -Naur glibc-2.8-20080929.orig/sysdeps/unix/sysv/linux/i386/dl-librecon.h glibc-2.8-20080929/sysdeps/unix/sysv/linux/i386/dl-librecon.h ---- glibc-2.8-20080929.orig/sysdeps/unix/sysv/linux/i386/dl-librecon.h 2004-10-14 01:53:55.000000000 +0000 -+++ glibc-2.8-20080929/sysdeps/unix/sysv/linux/i386/dl-librecon.h 2008-10-15 00:30:49.000000000 +0000 -@@ -57,6 +57,7 @@ - /* Extra unsecure variables. The names are all stuffed in a single - string which means they have to be terminated with a '\0' explicitly. */ - #define EXTRA_UNSECURE_ENVVARS \ -+ "LD_LIBRARY_VERSION\0" \ - "LD_AOUT_LIBRARY_PATH\0" \ - "LD_AOUT_PRELOAD\0" - -diff -Naur glibc-2.8-20080929.orig/time/getdate.c glibc-2.8-20080929/time/getdate.c ---- glibc-2.8-20080929.orig/time/getdate.c 2007-12-10 01:40:43.000000000 +0000 -+++ glibc-2.8-20080929/time/getdate.c 2008-10-15 00:30:49.000000000 +0000 -@@ -115,7 +115,7 @@ - struct stat64 st; - int mday_ok = 0; - -- datemsk = getenv ("DATEMSK"); -+ datemsk = __secure_getenv ("DATEMSK"); - if (datemsk == NULL || *datemsk == '\0') - return 1; - -diff -Naur glibc-2.8-20080929.orig/time/tzfile.c glibc-2.8-20080929/time/tzfile.c ---- glibc-2.8-20080929.orig/time/tzfile.c 2007-11-06 01:03:43.000000000 +0000 -+++ glibc-2.8-20080929/time/tzfile.c 2008-10-15 00:30:49.000000000 +0000 -@@ -149,7 +149,7 @@ - unsigned int len, tzdir_len; - char *new, *tmp; - -- tzdir = getenv ("TZDIR"); -+ tzdir = __secure_getenv ("TZDIR"); - if (tzdir == NULL || *tzdir == '\0') - { - tzdir = default_tzdir; -diff -Naur glibc-2.8-20080929.orig/time/tzset.c glibc-2.8-20080929/time/tzset.c ---- glibc-2.8-20080929.orig/time/tzset.c 2008-03-19 06:43:34.000000000 +0000 -+++ glibc-2.8-20080929/time/tzset.c 2008-10-15 00:30:49.000000000 +0000 -@@ -383,8 +383,11 @@ - return; - is_initialized = 1; - -- /* Examine the TZ environment variable. */ -- tz = getenv ("TZ"); -+ /* Examine the TZ environment variable. This doesn't really have to be -+ a __secure_getenv() call as __tzfile_read() tries to only read files -+ found under a trusted directory, but this helps reduce the amount of -+ security-critical code. */ -+ tz = __secure_getenv ("TZ"); - if (tz == NULL && !explicit) - /* Use the site-wide default. This is a file name which means we - would not see changes to the file if we compare only the file diff --git a/gmp/gmp.nm b/gmp/gmp.nm index 730e1f4..51f20d4 100644 --- a/gmp/gmp.nm +++ b/gmp/gmp.nm @@ -5,7 +5,7 @@
name = gmp version = 5.0.1 -release = 0 +release = 2
groups = System/Libraries url = http://gmplib.org/ @@ -22,7 +22,7 @@ description emphasizes speed over simplicity/elegance in its operations. end
-source_dl = +source_dl = ftp://ftp.gmplib.org/pub/%{thisapp}/ sources = %{thisapp}.tar.bz2
build @@ -31,32 +31,111 @@ build m4 end
+ # Build different versions of gmp to enhance the speed + # of the OS. + build_versions = base + + export ABI = standard + + if "%{DISTRO_ARCH}" == "x86_64" + ABI = 64 + end + + if "%{DISTRO_ARCH}" == "i686" + # Build sse2 enabled version of gmp. + build_versions += sse2 + + ABI = 32 + end + + configure_options += \ + --prefix=/usr \ + --enable-cxx \ + --enable-mpbsd \ + --disable-static + + prepare_cmds + for version in %{build_versions}; do + mkdir build-${version} + + cd build-${version} + ln -svf ../configure . + cd .. + done + end + build - if [ "%{MACHINE}" = "x86_64" ]; then - ABI=64 - else - ABI=32 - fi + for version in %{build_versions}; do + cd build-${version} + + CFLAGS="%{CFLAGS}" + CXXFLAFS="%{CXXFLAGS}" + if [ "${version}" = "sse2" ]; then + # Enable sse2. + CFLAGS="${CFLAGS} -march=pentium4" + CXXFLAGS="${CXXFLAGS} -march=pentium4" + fi + + CFLAGS="${CFLAGS}" \ + CXXFLAGS="${CXXFLAGS}" \ + ./configure \ + %{configure_options}
- ABI=%{ABI} \ - ./configure \ - --prefix=/usr \ - --enable-cxx \ - --enable-mpbsd \ - --disable-static + # Kill RPATHs. + sed -e 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' \ + -e 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' \ + -e 's|-lstdc++ -lm|-lstdc++|' \ + -i libtool
- make %{PARALLELISMFLAGS} + make %{PARALLELISMFLAGS} \ + CFLAGS="${CFLAGS}" \ + CXXFLAGS="${CXXFLAGS}" + + cd .. + done end
test - make check + for version in %{build_versions}; do + cd build-${version} + + make check + + cd .. + done + end + + install + for version in %{build_versions}; do + cd build-${version} + + if [ "${version}" = "sse2" ]; then + # Manually install sse2 libs. + mkdir -pv %{BUILDROOT}/usr/lib/sse2 + + install -m 755 .libs/libgmp.so.*.* %{BUILDROOT}/usr/lib/sse2 + cp -a .libs/libgmp.so.[^.]* %{BUILDROOT}/usr/lib/sse2 + chmod 755 %{BUILDROOT}/usr/lib/sse2/libgmp.so.[^.]* + + install -m 755 .libs/libgmpxx.so.*.* %{BUILDROOT}/usr/lib/sse2 + cp -a .libs/libgmpxx.so.? %{BUILDROOT}/usr/lib/sse2 + chmod 755 %{BUILDROOT}/usr/lib/sse2/libgmpxx.so.? + + install -m 755 .libs/libmp.so.*.* %{BUILDROOT}/usr/lib/sse2 + cp -a .libs/libmp.so.? %{BUILDROOT}/usr/lib/sse2 + chmod 755 %{BUILDROOT}/usr/lib/sse2/libmp.so.? + else + make install DESTDIR="%{BUILDROOT}" + fi + + cd .. + done end end
packages package %{name} - end - + package %{name}-devel template DEVEL end diff --git a/htop/htop.nm b/htop/htop.nm index efd8b87..db39ba0 100644 --- a/htop/htop.nm +++ b/htop/htop.nm @@ -4,7 +4,7 @@ ###############################################################################
name = htop -version = 0.9 +version = 1.0 release = 1
groups = Base Applications/System @@ -17,7 +17,7 @@ description top(1). end
-source_dl = +source_dl = http://sourceforge.net/projects/htop/files
build requires diff --git a/ncurses/ncurses.nm b/ncurses/ncurses.nm index e35e83b..3707d4a 100644 --- a/ncurses/ncurses.nm +++ b/ncurses/ncurses.nm @@ -5,7 +5,7 @@
name = ncurses version = 5.9 -release = 4 +release = 5
groups = System/Base url = http://invisible-island.net/ncurses/ncurses.html @@ -126,7 +126,7 @@ packages template LIBS requires - %{name}-base + %{name}-base=%{thisver} end end diff --git a/tzdata/tzdata.nm b/tzdata/tzdata.nm new file mode 100644 index 0000000..79ef3ed --- /dev/null +++ b/tzdata/tzdata.nm @@ -0,0 +1,56 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +tzdata_version = 2011n +tzcode_version = 2011i + +name = tzdata +version = %{tzdata_version} +release = 1 +arch = noarch + +groups = System/Base +url = ftp://munnari.oz.au/pub/ +license = Public Domain +summary = Timezone data. + +description + This package contains data files with rules for various timezones around + the world. +end + +source_dl += ftp://elsie.nci.nih.gov/pub/ +sources = tzdata-base-0.tar.bz2 tzdata%{tzdata_version}.tar.gz tzcode%{tzcode_version}.tar.gz + +build + requires + gawk + perl + end + + DIR_APP = %{DIR_SRC}/tzdata + + prepare + %{MACRO_EXTRACT} %{DIR_DL}/tzdata-base-0.tar.bz2 + cd %{DIR_APP} + + mkdir tzdata%{tzdata_version} tzcode%{tzcode_version} + %{MACRO_EXTRACT} %{DIR_DL}/tzdata%{tzdata_version}.tar.gz -C tzdata%{tzdata_version} + %{MACRO_EXTRACT} %{DIR_DL}/tzcode%{tzcode_version}.tar.gz -C tzcode%{tzcode_version} + + sed -e 's|@objpfx@|'`pwd`'/obj/|' \ + -e 's|@datadir@|/usr/share|' \ + -e 's|@install_root@|%{BUILDROOT}|' \ + Makeconfig.in > Makeconfig + end + + #test + # make check + #end +end + +packages + package %{name} +end
hooks/post-receive -- IPFire 3.x development tree