srcpkgs/glibc/patches/glibc-upstream-15.patch

   1 From 6043d77a47de297b62084c1c261cdada082bf09c Mon Sep 17 00:00:00 2001
   2 From: Andreas Schwab <schwab@suse.de>
   3 Date: Mon, 28 Aug 2017 19:49:18 +0200
   4 Subject: [PATCH 15] ldd: never run file directly
   5
   6 (cherry picked from commit eedca9772e99c72ab4c3c34e43cc764250aa3e3c)
   7 ---
   8  ChangeLog       |  6 ++++++
   9  NEWS            |  9 +++++++++
  10  elf/ldd.bash.in | 14 +-------------
  11  3 files changed, 16 insertions(+), 13 deletions(-)
  12
  13 diff --git a/ChangeLog b/ChangeLog
  14 index ad05da8ade..fa27c6f66f 100644
  15 --- a/ChangeLog
  16 +++ b/ChangeLog
  17 @@ -1,3 +1,9 @@
  18 +2017-08-16  Andreas Schwab  <schwab@suse.de>
  19 +
  20 +       [BZ #16750]
  21 +       CVE-2009-5064
  22 +       * elf/ldd.bash.in: Never run file directly.
  23 +
  24  2017-08-10  Florian Weimer  <fweimer@redhat.com>
  25
  26         * inet/net-internal.h (__inet6_scopeid_pton): Remove
  27 diff --git a/NEWS b/NEWS
  28 index 0534c5296e..756e849643 100644
  29 --- a/NEWS
  30 +++ b/NEWS
  31 @@ -7,8 +7,17 @@ using `glibc' in the "product" field.
  32  \f
  33  Version 2.26.1
  34
  35 +Security related changes:
  36 +
  37 +  CVE-2009-5064: The ldd script would sometimes run the program under
  38 +  examination directly, without preventing code execution through the
  39 +  dynamic linker.  (The glibc project disputes that this is a security
  40 +  vulnerability; only trusted binaries must be examined using the ldd
  41 +  script.)
  42 +
  43  The following bugs are resolved with this release:
  44
  45 +  [16750] ldd: Never run file directly.
  46    [21242] assert: Suppress pedantic warning caused by statement expression
  47    [21780] posix: Set p{read,write}v2 to return ENOTSUP
  48    [21871] x86-64: Use _dl_runtime_resolve_opt only with AVX512F
  49 diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
  50 index 7dd1fccf24..686785e235 100644
  51 --- a/elf/ldd.bash.in
  52 +++ b/elf/ldd.bash.in
  53 @@ -164,18 +164,6 @@ warning: you do not have execution permission for" "\`$file'" >&2
  54        fi
  55      done
  56      case $ret in
  57 -    0)
  58 -      # If the program exits with exit code 5, it means the process has been
  59 -      # invoked with __libc_enable_secure.  Fall back to running it through
  60 -      # the dynamic linker.
  61 -      try_trace "$file"
  62 -      rc=$?
  63 -      if [ $rc = 5 ]; then
  64 -       try_trace "$RTLD" "$file"
  65 -       rc=$?
  66 -      fi
  67 -      [ $rc = 0 ] || result=1
  68 -      ;;
  69      1)
  70        # This can be a non-ELF binary or no binary at all.
  71        nonelf "$file" || {
  72 @@ -183,7 +171,7 @@ warning: you do not have execution permission for" "\`$file'" >&2
  73         result=1
  74        }
  75        ;;
  76 -    2)
  77 +    0|2)
  78        try_trace "$RTLD" "$file" || result=1
  79        ;;
  80      *)
  81