Djam/glibc40
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/glibc40.git synced 2025-02-23 15:52:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Automatic import for version 2.13-6.1

Browse source
This commit is contained in:
Rosa 2012-08-07 10:04:49 +00:00
parent b9b04af528
commit a88aa63556
7 changed files with 165 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.abf.yml
View file

@ -1,6 +1,6 @@
--- ---
sources: sources:
crypt_blowfish-1.0.2.tar.gz: e83e798528e72695e610e2a6419b57272d00fa0b crypt_blowfish-1.2.tar.gz: 306ff83af206fac786900ce5e4800516cae909d9
glibc-2.13.tar.xz: 38e7d510b41a2c36eb392c79eb5c80e0ec35a7f2 glibc-2.13.tar.xz: 38e7d510b41a2c36eb392c79eb5c80e0ec35a7f2
glibc-2.13.tar.xz.sig: c7953c5c032a3394af6711c21ee8972500f5667d glibc-2.13.tar.xz.sig: c7953c5c032a3394af6711c21ee8972500f5667d
glibc-manpages.tar.bz2: ca54bfb832b703c8e35170fcc1c1f5470b45ff0f glibc-manpages.tar.bz2: ca54bfb832b703c8e35170fcc1c1f5470b45ff0f

17
glibc-2.11.1-CVE-2011-1089.diff Normal file
View file

@ -0,0 +1,17 @@
https://bugzilla.redhat.com/show_bug.cgi?id=688980
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
--- misc/mntent_r.c 2011-11-25 13:33:42.000000000 +0000
+++ misc/mntent_r.c.oden 2011-11-25 13:33:38.000000000 +0000
@@ -263,8 +263,8 @@ __addmntent (FILE *stream, const struct
mntcopy.mnt_type,
mntcopy.mnt_opts,
mntcopy.mnt_freq,
- mntcopy.mnt_passno)
- < 0 ? 1 : 0);
+ mntcopy.mnt_passno) < 0
+ || fflush (stream) != 0);
}
weak_alias (__addmntent, addmntent)

8
glibc-2.3.6-avx-increase_BF_FRAME.patch
View file

@ -1,13 +1,11 @@
--- glibc-2.3.5/crypt/x86.S.avx 2006-07-06 11:16:18.000000000 -0600 --- crypt/x86.S 2011-07-16 11:09:42.000000000 -0400
+++ glibc-2.3.5/crypt/x86.S 2006-07-06 11:16:30.000000000 -0600 +++ crypt/x86.S.oden 2011-11-25 04:07:23.574489383 -0500
@@ -32,8 +32,8 @@ @@ -42,7 +42,7 @@
#define DO_ALIGN(log) .align (1 << (log)) #define DO_ALIGN(log) .align (1 << (log))
#endif #endif
-#define BF_FRAME 0x200 -#define BF_FRAME 0x200
-#define BF_CLEAN 0x300
+#define BF_FRAME 0x400 +#define BF_FRAME 0x400
+#define BF_CLEAN 0x500
#define ctx %esp #define ctx %esp
#define BF_ptr (ctx) #define BF_ptr (ctx)

146
glibc-2.7-mdv-wrapper_handle_sha.patch
View file

@ -1,78 +1,13 @@
--- crypt/wrapper.c.org 2008-06-17 13:29:30.000000000 -0600 diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.c glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.c
+++ crypt/wrapper.c 2008-06-17 15:33:47.000000000 -0600 --- glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.c 2011-07-16 11:06:53.000000000 -0400
@@ -43,6 +43,10 @@ extern char *_crypt_gensalt_extended_rn( +++ glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.c 2011-11-25 04:08:39.264489146 -0500
__CONST char *input, int size, char *output, int output_size); @@ -122,3 +122,78 @@ char *_crypt_gensalt_md5_rn(const char *
extern char *_crypt_gensalt_md5_rn(unsigned long count,
__CONST char *input, int size, char *output, int output_size);
+extern char *_crypt_gensalt_sha256c_rn(unsigned long count,
+ __CONST char *input, int size, char *output, int output_size);
+extern char *_crypt_gensalt_sha512c_rn(unsigned long count,
+ __CONST char *input, int size, char *output, int output_size);
#if defined(__GLIBC__) && defined(_LIBC)
/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
@@ -54,6 +58,11 @@ extern char *__md5_crypt_r(const char *k
extern char *__des_crypt_r(const char *key, const char *salt,
struct crypt_data *data);
extern struct crypt_data _ufc_foobar;
+/* support for sha256-crypt and sha512-crypt */
+extern char *__sha256_crypt_r (const char *key, const char *salt,
+ char *buffer, int buflen);
+extern char *__sha512_crypt_r (const char *key, const char *salt,
+ char *buffer, int buflen);
#endif
static int _crypt_data_alloc(void **data, int *size, int need)
@@ -142,6 +151,10 @@ char *__crypt_rn(__const char *key, __co
return _crypt_blowfish_rn(key, setting, (char *)data, size);
if (setting[0] == '$' && setting[1] == '1')
return __md5_crypt_r(key, setting, (char *)data, size);
+ if (setting[0] == '$' && setting[1] == '5')
+ return __sha256_crypt_r(key, setting, (char *)data, size);
+ if (setting[0] == '$' && setting[1] == '6')
+ return __sha512_crypt_r(key, setting, (char *)data, size);
if (setting[0] == '$') goto out_einval;
if (setting[0] == '_') {
if (size < sizeof(struct _crypt_extended_data)) goto out_erange;
@@ -181,6 +194,16 @@ char *__crypt_ra(__const char *key, __co
return NULL;
return __md5_crypt_r(key, setting, (char *)*data, *size);
}
+ if (setting[0] == '$' && setting[1] == '5') {
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+ return NULL;
+ return __sha256_crypt_r(key, setting, (char *)*data, *size);
+ }
+ if (setting[0] == '$' && setting[1] == '6') {
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+ return NULL;
+ return __sha512_crypt_r(key, setting, (char *)*data, *size);
+ }
if (setting[0] == '$') goto out_einval;
if (setting[0] == '_') {
if (_crypt_data_alloc(data, size,
@@ -271,6 +294,12 @@ char *__crypt_gensalt_rn(__CONST char *p
if (!strncmp(prefix, "$1$", 3))
use = _crypt_gensalt_md5_rn;
else
+ if (!strncmp(prefix, "$5$", 3))
+ use = _crypt_gensalt_sha256c_rn;
+ else
+ if (!strncmp(prefix, "$6$", 3))
+ use = _crypt_gensalt_sha512c_rn;
+ else
if (prefix[0] == '_')
use = _crypt_gensalt_extended_rn;
else
--- crypt/crypt_gensalt.c.org 2008-06-17 13:31:49.000000000 -0600
+++ crypt/crypt_gensalt.c 2008-06-17 15:30:35.000000000 -0600
@@ -109,3 +109,78 @@ char *_crypt_gensalt_md5_rn(unsigned lon
return output; return output;
} }
+ +
+char *_crypt_gensalt_sha256c_rn(unsigned long count, +char *_crypt_gensalt_sha256c_rn(unsigned long count,
+ __CONST char *input, int size, char *output, int output_size) + const char *input, int size, char *output, int output_size)
+{ +{
+ unsigned long value; + unsigned long value;
+ +
@ -110,7 +45,7 @@
+ +
+ +
+char *_crypt_gensalt_sha512c_rn(unsigned long count, +char *_crypt_gensalt_sha512c_rn(unsigned long count,
+ __CONST char *input, int size, char *output, int output_size) + const char *input, int size, char *output, int output_size)
+{ +{
+ unsigned long value; + unsigned long value;
+ +
@ -145,3 +80,72 @@
+ +
+ return output; + return output;
+} +}
diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.h glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.h
--- glibc-2.14-121-g5551a7b/crypt/crypt_gensalt.h 2011-07-16 10:58:39.000000000 -0400
+++ glibc-2.14-121-g5551a7b.oden/crypt/crypt_gensalt.h 2011-11-25 04:13:34.984489216 -0500
@@ -26,5 +26,8 @@ extern char *_crypt_gensalt_extended_rn(
const char *input, int size, char *output, int output_size);
extern char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count,
const char *input, int size, char *output, int output_size);
-
+extern char *_crypt_gensalt_sha256c_rn(unsigned long count,
+ const char *input, int size, char *output, int output_size);
+extern char *_crypt_gensalt_sha512c_rn(unsigned long count,
+ const char *input, int size, char *output, int output_size);
#endif
diff -Naurp glibc-2.14-121-g5551a7b/crypt/wrapper.c glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c
--- glibc-2.14-121-g5551a7b/crypt/wrapper.c 2011-11-25 04:08:23.654489356 -0500
+++ glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c 2011-11-25 04:08:39.264489146 -0500
@@ -55,6 +55,11 @@ extern char *__md5_crypt_r(const char *k
extern char *__des_crypt_r(const char *key, const char *salt,
struct crypt_data *data);
extern struct crypt_data _ufc_foobar;
+/* support for sha256-crypt and sha512-crypt */
+extern char *__sha256_crypt_r (const char *key, const char *salt,
+ char *buffer, int buflen);
+extern char *__sha512_crypt_r (const char *key, const char *salt,
+ char *buffer, int buflen);
#endif
static int _crypt_data_alloc(void **data, int *size, int need)
@@ -140,6 +145,10 @@ char *__crypt_rn(__const char *key, __co
return _crypt_blowfish_rn(key, setting, (char *)data, size);
if (setting[0] == '$' && setting[1] == '1')
return __md5_crypt_r(key, setting, (char *)data, size);
+ if (setting[0] == '$' && setting[1] == '5')
+ return __sha256_crypt_r(key, setting, (char *)data, size);
+ if (setting[0] == '$' && setting[1] == '6')
+ return __sha512_crypt_r(key, setting, (char *)data, size);
if (setting[0] == '$') goto out_einval;
if (setting[0] == '_') {
if (size < sizeof(struct _crypt_extended_data)) goto out_erange;
@@ -179,6 +188,16 @@ char *__crypt_ra(__const char *key, __co
return NULL;
return __md5_crypt_r(key, setting, (char *)*data, *size);
}
+ if (setting[0] == '$' && setting[1] == '5') {
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+ return NULL;
+ return __sha256_crypt_r(key, setting, (char *)*data, *size);
+ }
+ if (setting[0] == '$' && setting[1] == '6') {
+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
+ return NULL;
+ return __sha512_crypt_r(key, setting, (char *)*data, *size);
+ }
if (setting[0] == '$') goto out_einval;
if (setting[0] == '_') {
if (_crypt_data_alloc(data, size,
@@ -270,6 +289,12 @@ char *__crypt_gensalt_rn(const char *pre
if (!strncmp(prefix, "$1$", 3))
use = _crypt_gensalt_md5_rn;
else
+ if (!strncmp(prefix, "$5$", 3))
+ use = _crypt_gensalt_sha256c_rn;
+ else
+ if (!strncmp(prefix, "$6$", 3))
+ use = _crypt_gensalt_sha512c_rn;
+ else
if (prefix[0] == '_')
use = _crypt_gensalt_extended_rn;
else

30
glibc-2.9-avx-relocate_fcrypt.patch
View file

@ -1,6 +1,6 @@
diff -p -up glibc-2.9/crypt/crypt-entry.c.orig glibc-2.9/crypt/crypt-entry.c diff -Naurp glibc-2.14-121-g5551a7b/crypt/crypt-entry.c glibc-2.14-121-g5551a7b.oden/crypt/crypt-entry.c
--- glibc-2.9/crypt/crypt-entry.c.orig 2009-01-15 10:43:01.000000000 -0500 --- glibc-2.14-121-g5551a7b/crypt/crypt-entry.c 2011-11-25 05:00:43.214487962 -0500
+++ glibc-2.9/crypt/crypt-entry.c 2009-01-15 10:43:18.000000000 -0500 +++ glibc-2.14-121-g5551a7b.oden/crypt/crypt-entry.c 2011-11-25 05:04:42.044487854 -0500
@@ -164,18 +164,3 @@ crypt (key, salt) @@ -164,18 +164,3 @@ crypt (key, salt)
#endif #endif
@ -20,14 +20,16 @@ diff -p -up glibc-2.9/crypt/crypt-entry.c.orig glibc-2.9/crypt/crypt-entry.c
- return crypt (key, salt); - return crypt (key, salt);
-} -}
-#endif -#endif
diff -p -up glibc-2.9/crypt/wrapper.c.orig glibc-2.9/crypt/wrapper.c diff -Naurp glibc-2.14-121-g5551a7b/crypt/wrapper.c glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c
--- glibc-2.9/crypt/wrapper.c.orig 2009-01-15 10:43:01.000000000 -0500 --- glibc-2.14-121-g5551a7b/crypt/wrapper.c 2011-11-25 05:00:43.224487962 -0500
+++ glibc-2.9/crypt/wrapper.c 2009-01-15 10:43:18.000000000 -0500 +++ glibc-2.14-121-g5551a7b.oden/crypt/wrapper.c 2011-11-25 05:05:14.264487791 -0500
@@ -326,7 +326,22 @@ weak_alias(__crypt_gensalt_rn, crypt_gen @@ -324,7 +324,22 @@ weak_alias(__crypt, crypt)
weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn)
weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra) weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra)
weak_alias(__crypt_gensalt, crypt_gensalt) weak_alias(__crypt_gensalt, crypt_gensalt)
#endif -weak_alias(crypt, fcrypt)
- +#endif
+
+/* +/*
+ * To make fcrypt users happy. + * To make fcrypt users happy.
+ * They don't need to call init_des. + * They don't need to call init_des.
@ -37,13 +39,11 @@ diff -p -up glibc-2.9/crypt/wrapper.c.orig glibc-2.9/crypt/wrapper.c
+#else +#else
+char * +char *
+__fcrypt (key, salt) +__fcrypt (key, salt)
+ const char *key; + const char *key;
+ const char *salt; + const char *salt;
+{ +{
+ return crypt (key, salt); + return crypt (key, salt);
+} +}
+#endif #endif
+
#ifdef TEST #ifdef TEST
static struct {
char *hash;

37
glibc-CVE-2011-1659.diff Normal file
View file

@ -0,0 +1,37 @@
From 8126d90480fa3e0c5c5cd0d02cb1c93174b45485 Mon Sep 17 00:00:00 2001
From: Ulrich Drepper <drepper@gmail.com>
Date: Fri, 18 Mar 2011 05:29:20 -0400
Subject: [PATCH] Check size of pattern in wide character representation in fnmatch.
diff --git a/posix/fnmatch.c b/posix/fnmatch.c
index 0af5ee6..819a6a7 100644
--- a/posix/fnmatch.c
+++ b/posix/fnmatch.c
@@ -375,6 +375,11 @@ fnmatch (pattern, string, flags)
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
return -1;
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
+ {
+ __set_errno (ENOMEM);
+ return -2;
+ }
wpattern_malloc = wpattern
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
assert (mbsinit (&ps));
@@ -419,6 +424,12 @@ fnmatch (pattern, string, flags)
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
goto free_return;
+ if (__builtin_expect (n >= (size_t) -1 / sizeof (wchar_t), 0))
+ {
+ free (wpattern_malloc);
+ __set_errno (ENOMEM);
+ return -2;
+ }
wstring_malloc = wstring
= (wchar_t *) malloc ((n + 1) * sizeof (wchar_t));
--
1.7.3.4

21
glibc.spec
View file

@ -3,7 +3,7 @@
# <epoch>:<version>-<release> tags for glibc main package # <epoch>:<version>-<release> tags for glibc main package
%define glibcversion 2.13 %define glibcversion 2.13
%define __glibcrelease 7 %define __glibcrelease 6
%define glibcepoch 6 %define glibcepoch 6
# for added ports support for arches like arm # for added ports support for arches like arm
%define build_ports 0 %define build_ports 0
@ -33,7 +33,7 @@
%endif %endif
# crypt blowfish support # crypt blowfish support
%define crypt_bf_ver 1.0.2 %define crypt_bf_ver 1.2
# Define "cross" to an architecture to which glibc is to be # Define "cross" to an architecture to which glibc is to be
# cross-compiled # cross-compiled
@ -133,6 +133,7 @@
Summary: The GNU libc libraries Summary: The GNU libc libraries
Name: %{name} Name: %{name}
Version: %{glibcversion} Version: %{glibcversion}
%define subrel 1
Release: %{glibcrelease} Release: %{glibcrelease}
Epoch: %{glibcepoch} Epoch: %{glibcepoch}
License: LGPL License: LGPL
@ -300,6 +301,8 @@ Patch48: glibc-2.13-prelink.patch
Patch49: 0001-x86_64-fix-for-new-memcpy-behavior.patch Patch49: 0001-x86_64-fix-for-new-memcpy-behavior.patch
# shamlessly taken in linaro. just look dirty woraround # shamlessly taken in linaro. just look dirty woraround
Patch50: glibc_local-syscall-mcount.diff Patch50: glibc_local-syscall-mcount.diff
Patch51: glibc-CVE-2011-1659.diff
Patch52: glibc-2.11.1-CVE-2011-1089.diff
# Determine minium kernel versions # Determine minium kernel versions
%define enablekernel 2.6.9 %define enablekernel 2.6.9
@ -559,9 +562,9 @@ cp -a crypt_blowfish-%{crypt_bf_ver}/*.[chS] crypt/
## FreeSec support for extended/new-style/BSDI hashes in crypt(3) ## FreeSec support for extended/new-style/BSDI hashes in crypt(3)
%patch39 -p1 -b .mdv-owl-crypt_freesec %patch39 -p1 -b .mdv-owl-crypt_freesec
%patch40 -p1 -b .avx-relocate_fcrypt %patch40 -p1 -b .avx-relocate_fcrypt
%patch41 -p1 -b .avx-increase_BF_FRAME %patch41 -p0 -b .avx-increase_BF_FRAME
# add sha256-crypt and sha512-crypt support to the Openwall wrapper # add sha256-crypt and sha512-crypt support to the Openwall wrapper
%patch43 -p0 -b .mdv-wrapper_handle_sha %patch43 -p1 -b .mdv-wrapper_handle_sha
%if %{build_selinux} %if %{build_selinux}
# XXX kludge to build nscd with selinux support as it added -nostdinc # XXX kludge to build nscd with selinux support as it added -nostdinc
@ -569,6 +572,10 @@ cp -a crypt_blowfish-%{crypt_bf_ver}/*.[chS] crypt/
ln -s %{_includedir}/selinux selinux ln -s %{_includedir}/selinux selinux
%endif %endif
# security fixes
%patch51 -p1 -b .CVE-2011-1659
%patch52 -p0 -b .CVE-2011-1089
find . -type f -size 0 -o -name "*.orig" -exec rm -f {} \; find . -type f -size 0 -o -name "*.orig" -exec rm -f {} \;
# (Anssi 03/2008) FIXME: use _provides_exceptions # (Anssi 03/2008) FIXME: use _provides_exceptions
@ -1663,6 +1670,12 @@ fi
%changelog %changelog
* Fri Nov 25 2011 Oden Eriksson <oeriksson@mandriva.com> 6:2.13-6.1
- crypt_blowfish-1.2 (crypt_blowfish-1.1 fixed CVE-2011-2483)
- rediffed the needed patches
- P51: security fix for CVE-2011-1659 (upstream)
- P52: security fix for CVE-2011-1089 (upstream)
* Fri Aug 19 2011 Paulo Andrade <pcpa@mandriva.com.br> 6:2.13-6mnb2 * Fri Aug 19 2011 Paulo Andrade <pcpa@mandriva.com.br> 6:2.13-6mnb2
+ Revision: 695609 + Revision: 695609
- Install gconv modules (#64019) - Install gconv modules (#64019)