This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via 59093c5ec474be7eb22c17a8f1cb0c1922f1f93a (commit) via 82a8499a6a05652886ab5ddbd82e536b6d8ed144 (commit) via 13ff7d0bfb5b886aa0a1a11cca8045d4e9ed3409 (commit) via 66d54d5bc104924f88f3a36e836ec50594b0476e (commit) via b8f45245a0c2c1c8e4b5ca3cda2f1023c3eb2e37 (commit) via 5d2075e2b080b49e72f38a4974342e3d2fd7d100 (commit) from 9d4e63229159a9e982774b04f1b3a5d651d62ab4 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 59093c5ec474be7eb22c17a8f1cb0c1922f1f93a Merge: 9d4e632 82a8499 Author: Arne Fitzenreiter arne_f@ipfire.org Date: Wed Oct 20 18:18:34 2010 +0200

Merge commit 'origin/master' into next

Conflicts: config/rootfiles/core/41/exclude config/rootfiles/core/41/filelists/files

-----------------------------------------------------------------------

Summary of changes: lfs/glibc | 2 + ...libc-2.3.6-dont_use_origin_on_privil_exec.patch | 67 ++++++++++++++++++++ 2 files changed, 69 insertions(+), 0 deletions(-) create mode 100644 src/patches/glibc-2.3.6-dont_use_origin_on_privil_exec.patch

Difference in files: diff --git a/lfs/glibc b/lfs/glibc index 82394a2..c540b98 100644 --- a/lfs/glibc +++ b/lfs/glibc @@ -95,6 +95,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) $(DIR_SRC)/glibc-build && cd $(DIR_SRC) && tar jxf $(DIR_DL)/$(DL_FILE) @mkdir $(DIR_SRC)/glibc-build + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/$(THISAPP)-dont_use_origin_on_privil_exec.patch + ifeq "$(ROOT)" "" cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/$(THISAPP)-linux_types-1.patch cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/$(THISAPP)-inotify-1.patch diff --git a/src/patches/glibc-2.3.6-dont_use_origin_on_privil_exec.patch b/src/patches/glibc-2.3.6-dont_use_origin_on_privil_exec.patch new file mode 100644 index 0000000..26c8ac8 --- /dev/null +++ b/src/patches/glibc-2.3.6-dont_use_origin_on_privil_exec.patch @@ -0,0 +1,67 @@ +diff -Naur glibc-2.3.6.org/elf/dl-load.c glibc-2.3.6/elf/dl-load.c +--- glibc-2.3.6.org/elf/dl-load.c 2005-04-06 04:50:10.000000000 +0200 ++++ glibc-2.3.6/elf/dl-load.c 2010-10-19 17:41:09.000000000 +0200 +@@ -176,8 +176,7 @@ + + + static size_t +-is_dst (const char *start, const char *name, const char *str, +- int is_path, int secure) ++is_dst (const char *start, const char *name, const char *str, int is_path) + { + size_t len; + bool is_curly = false; +@@ -206,11 +205,6 @@ + && (!is_path || name[len] != ':')) + return 0; + +- if (__builtin_expect (secure, 0) +- && ((name[len] != '\0' && (!is_path || name[len] != ':')) +- || (name != start + 1 && (!is_path || name[-2] != ':')))) +- return 0; +- + return len; + } + +@@ -225,13 +219,12 @@ + { + size_t len; + +- /* $ORIGIN is not expanded for SUID/GUID programs (except if it +- is $ORIGIN alone) and it must always appear first in path. */ ++ /* $ORIGIN is not expanded for SUID/GUID programs. */ + ++name; +- if ((len = is_dst (start, name, "ORIGIN", is_path, +- INTUSE(__libc_enable_secure))) != 0 +- || (len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0 +- || (len = is_dst (start, name, "LIB", is_path, 0)) != 0) ++ if (((len = is_dst (start, name, "ORIGIN", is_path)) != 0 ++ && !INTUSE(__libc_enable_secure)) ++ || (len = is_dst (start, name, "PLATFORM", is_path)) != 0 ++ || (len = is_dst (start, name, "LIB", is_path)) != 0) + ++cnt; + + name = strchr (name + len, '$'); +@@ -263,12 +256,17 @@ + size_t len; + + ++name; +- if ((len = is_dst (start, name, "ORIGIN", is_path, +- INTUSE(__libc_enable_secure))) != 0) +- repl = l->l_origin; +- else if ((len = is_dst (start, name, "PLATFORM", is_path, 0)) != 0) ++ if ((len = is_dst (start, name, "ORIGIN", is_path)) != 0) ++ { ++ // Ignore this path at SUID/GUID ++ if (INTUSE(__libc_enable_secure)) ++ repl = (const char *) -1; ++ else ++ repl = l->l_origin; ++ } ++ else if ((len = is_dst (start, name, "PLATFORM", is_path)) != 0) + repl = GLRO(dl_platform); +- else if ((len = is_dst (start, name, "LIB", is_path, 0)) != 0) ++ else if ((len = is_dst (start, name, "LIB", is_path)) != 0) + repl = DL_DST_LIB; + + if (repl != NULL && repl != (const char *) -1)

hooks/post-receive -- IPFire 2.x development tree