wok-current annotate glibc/stuff/CVE-2025-4802.patch @ rev 25785

Mass rebuild after bump to glibc 2.31, add epson printer and scanner package
author Stanislas Leduc <shann@slitaz.org>
date Tue Jul 15 20:40:17 2025 +0000 (3 months ago)
parents 4997842104b5
children
rev   line source
shann@25785 1 From bff3b0f16c991b825016afee53a85b4d2b4f6b72 Mon Sep 17 00:00:00 2001
shann@25775 2 From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
shann@25775 3 Date: Mon, 6 Nov 2023 17:25:49 -0300
shann@25775 4 Subject: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
shann@25775 5
shann@25775 6 It mimics the ld.so behavior.
shann@25775 7
shann@25775 8 Checked on x86_64-linux-gnu.
shann@25775 9 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
shann@25785 10
shann@25785 11 (cherry picked from commit 5451fa962cd0a90a0e2ec1d8910a559ace02bba0)
shann@25785 12
shann@25785 13 Changes:
shann@25785 14
shann@25785 15 git/elf/dl-support.c
shann@25785 16 (missing commit 55f41ef8de4a4d0c5762d78659e11202d3c765d4
shann@25785 17 ("elf: Remove LD_PROFILE for static binaries"),
shann@25785 18 missing removal of tunables support)
shann@25775 19 ---
shann@25785 20 elf/dl-support.c | 45 +++++++++++++++++++++------------------------
shann@25785 21 1 file changed, 21 insertions(+), 24 deletions(-)
shann@25775 22
shann@25775 23 diff --git a/elf/dl-support.c b/elf/dl-support.c
shann@25785 24 index 09079c124d..1963f8a28a 100644
shann@25775 25 --- a/elf/dl-support.c
shann@25775 26 +++ b/elf/dl-support.c
shann@25785 27 @@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
shann@25785 28 _dl_main_map.l_phdr = GL(dl_phdr);
shann@25785 29 _dl_main_map.l_phnum = GL(dl_phnum);
shann@25775 30
shann@25775 31 - _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25775 32 -
shann@25775 33 /* Set up the data structures for the system-supplied DSO early,
shann@25775 34 so they can influence _dl_init_paths. */
shann@25775 35 setup_vdso (NULL, NULL);
shann@25785 36 @@ -281,6 +279,27 @@ _dl_non_dynamic_init (void)
shann@25785 37 /* With vDSO setup we can initialize the function pointers. */
shann@25785 38 setup_vdso_pointers ();
shann@25775 39
shann@25775 40 + if (__libc_enable_secure)
shann@25775 41 + {
shann@25775 42 + static const char unsecure_envvars[] =
shann@25785 43 + UNSECURE_ENVVARS
shann@25785 44 + ;
shann@25775 45 + const char *cp = unsecure_envvars;
shann@25775 46 +
shann@25775 47 + while (cp < unsecure_envvars + sizeof (unsecure_envvars))
shann@25785 48 + {
shann@25785 49 + __unsetenv (cp);
shann@25785 50 + cp = strchr (cp, '\0') + 1;
shann@25785 51 + }
shann@25775 52 +
shann@25775 53 +#if !HAVE_TUNABLES
shann@25775 54 + if (__access ("/etc/suid-debug", F_OK) != 0)
shann@25785 55 + __unsetenv ("MALLOC_CHECK_");
shann@25775 56 +#endif
shann@25775 57 + }
shann@25775 58 +
shann@25775 59 + _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25775 60 +
shann@25775 61 /* Initialize the data structures for the search paths for shared
shann@25775 62 objects. */
shann@25785 63 _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
shann@25785 64 --
shann@25785 65 cgit
shann@25785 66
shann@25785 67 From 08aea7712d1470649537c8d2d17089ea40d478e5 Mon Sep 17 00:00:00 2001
shann@25785 68 From: Florian Weimer <fweimer@redhat.com>
shann@25785 69 Date: Mon, 23 Dec 2024 13:57:55 +0100
shann@25785 70 Subject: support: Add support_record_failure_barrier
shann@25785 71
shann@25785 72 This can be used to stop execution after a TEST_COMPARE_BLOB
shann@25785 73 failure, for example.
shann@25785 74
shann@25785 75 (cherry picked from commit d0b8aa6de4529231fadfe604ac2c434e559c2d9e)
shann@25785 76 ---
shann@25785 77 support/check.h | 3 +++
shann@25785 78 support/support_record_failure.c | 10 ++++++++++
shann@25785 79 2 files changed, 13 insertions(+)
shann@25785 80
shann@25785 81 diff --git a/support/check.h b/support/check.h
shann@25785 82 index 43f4208a0a..dac6f04b56 100644
shann@25785 83 --- a/support/check.h
shann@25785 84 +++ b/support/check.h
shann@25785 85 @@ -207,6 +207,9 @@ void support_record_failure_reset (void);
shann@25785 86 failures or not. */
shann@25785 87 int support_record_failure_is_failed (void);
shann@25775 88
shann@25785 89 +/* Terminate the process if any failures have been encountered so far. */
shann@25785 90 +void support_record_failure_barrier (void);
shann@25785 91 +
shann@25785 92 __END_DECLS
shann@25785 93
shann@25785 94 #endif /* SUPPORT_CHECK_H */
shann@25785 95 diff --git a/support/support_record_failure.c b/support/support_record_failure.c
shann@25785 96 index 7e57fe97fb..b00387ff80 100644
shann@25785 97 --- a/support/support_record_failure.c
shann@25785 98 +++ b/support/support_record_failure.c
shann@25785 99 @@ -112,3 +112,13 @@ support_record_failure_is_failed (void)
shann@25785 100 synchronization for reliable test error reporting anyway. */
shann@25785 101 return __atomic_load_n (&state->failed, __ATOMIC_RELAXED);
shann@25785 102 }
shann@25785 103 +
shann@25785 104 +void
shann@25785 105 +support_record_failure_barrier (void)
shann@25785 106 +{
shann@25785 107 + if (__atomic_load_n (&state->failed, __ATOMIC_RELAXED))
shann@25785 108 + {
shann@25785 109 + puts ("error: exiting due to previous errors");
shann@25785 110 + exit (1);
shann@25785 111 + }
shann@25785 112 +}
shann@25785 113 --
shann@25785 114 cgit
shann@25775 115