[Frugalware-git] frugalware-1.2: glibc-2.11.1-2locris1-i686

Thu, 22 Apr 2010 07:23:33 -0700 

Git-Url: 
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-1.2.git;a=commitdiff;h=d1d954afd82cb854be8ad2310e6bce7e31d9557a

commit d1d954afd82cb854be8ad2310e6bce7e31d9557a
Author: Miklos Vajna <vmik...@frugalware.org>
Date:   Thu Apr 22 15:05:25 2010 +0200

glibc-2.11.1-2locris1-i686

- add CVE-2010-0296.patch
- add CVE-2010-0830.patch
(cherry picked from commit 0e5a11362a18be367de41011e6be2da4a3e31f8f)

Conflicts:

source/base/glibc/FrugalBuild

diff --git a/source/base/glibc/CVE-2010-0296.patch 
b/source/base/glibc/CVE-2010-0296.patch
new file mode 100644
index 0000000..83d6413
--- /dev/null
+++ b/source/base/glibc/CVE-2010-0296.patch
@@ -0,0 +1,13 @@
+ misc/mntent_r.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+--- a/misc/mntent_r.c
++++ a/misc/mntent_r.c
+@@ -194,7 +194,7 @@ weak_alias (__getmntent_r, getmntent_r)
+     const char *rp = name;                                                  \
+                                                                             \
+     while (*rp != '\0')                                                       
      \
+-      if (*rp == ' ' || *rp == '\t' || *rp == '\\')                         \
++      if (*rp == ' ' || *rp == '\t' || *rp == '\n' || *rp == '\\')          \
+       break;                                                                \
+       else                                                                  \
+       ++rp;
diff --git a/source/base/glibc/CVE-2010-0830.patch 
b/source/base/glibc/CVE-2010-0830.patch
new file mode 100644
index 0000000..f690555
--- /dev/null
+++ b/source/base/glibc/CVE-2010-0830.patch
@@ -0,0 +1,17 @@
+Description: fix integer underflow that can trigger arbitrary code execution.
+Author: Kees Cook <k...@ubuntu.com>
+Bug-Ubuntu: https://launchpad.net/bugs/542197
+
+Index: eglibc-2.11.1/elf/dynamic-link.h
+===================================================================
+--- eglibc-2.11.1.orig/elf/dynamic-link.h      2010-03-25 15:42:22.700708465 
-0700
++++ eglibc-2.11.1/elf/dynamic-link.h   2010-03-25 15:45:26.840772712 -0700
+@@ -113,7 +113,7 @@
+
+   while (dyn->d_tag != DT_NULL)
+     {
+-      if (dyn->d_tag < DT_NUM)
++      if ((Elf32_Word) dyn->d_tag < DT_NUM)
+       info[dyn->d_tag] = dyn;
+       else if (dyn->d_tag >= DT_LOPROC &&
+              dyn->d_tag < DT_LOPROC + DT_THISPROCNUM)
diff --git a/source/base/glibc/FrugalBuild b/source/base/glibc/FrugalBuild
index 12b815c..c50c1e6 100644
--- a/source/base/glibc/FrugalBuild
+++ b/source/base/glibc/FrugalBuild
@@ -4,7 +4,7 @@

pkgname=glibc
pkgver=2.11.1
-pkgrel=1
+pkgrel=2locris1
pkgdesc="GNU C Library"
url="http://www.gnu.org/software/libc/libc.html";
depends=()
@@ -16,9 +16,11 @@ groups=('base' 'chroot-core')
archs=('i686' 'x86_64' 'ppc')
Fup2gnubz2
source=(http://ftp.gnu.org/pub/gnu/glibc/glibc-$pkgver.tar.bz2 \
-       fix-missing-etc-hosts.patch)
+       fix-missing-etc-hosts.patch CVE-2010-0296.patch CVE-2010-0830.patch)
sha1sums=('29f492ae56fd4ef79f32b45c29c0edb6aa8a35a7' \
-          'be4a7bea8af743331e2c6704faa24b6cb4e155d5')
+          'be4a7bea8af743331e2c6704faa24b6cb4e155d5' \
+          'd6503eeeb11b37b12a34f37c70e7c87944a0a093' \
+          '15de57c759cc5715542664edac92a5d7b84c1ecb')

build()
{
_______________________________________________
Frugalware-git mailing list
Frugalware-git@frugalware.org
http://frugalware.org/mailman/listinfo/frugalware-git

Reply via email to