wok-current: glibc/stuff/glibc-2.28-CVE-2025-4802.patch annotate

wok-current annotate glibc/stuff/glibc-2.28-CVE-2025-4802.patch @ rev 25785

Mass rebuild after bump to glibc 2.31, add epson printer and scanner package

author	Stanislas Leduc <shann@slitaz.org>
date	Tue Jul 15 20:40:17 2025 +0000 (3 months ago)
parents
children

rev	line source
shann@25785	1 From 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 Mon Sep 17 00:00:00 2001
shann@25785	2 From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
shann@25785	3 Date: Mon, 6 Nov 2023 17:25:49 -0300
shann@25785	4 Subject: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
shann@25785	5
shann@25785	6 It mimics the ld.so behavior.
shann@25785	7
shann@25785	8 Checked on x86_64-linux-gnu.
shann@25785	9 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
shann@25785	10 Adjust for backport to glibc 2.28
shann@25785	11 ---
shann@25785	12 elf/dl-support.c \| 32 ++++++++++++++++----------------
shann@25785	13 1 file changed, 16 insertions(+), 16 deletions(-)
shann@25785	14
shann@25785	15 diff --git a/elf/dl-support.c b/elf/dl-support.c
shann@25785	16 index 31a608df87..837fa1c836 100644
shann@25785	17 --- a/elf/dl-support.c
shann@25785	18 +++ b/elf/dl-support.c
shann@25785	19 @@ -317,12 +317,34 @@
shann@25785	20 if (HP_SMALL_TIMING_AVAIL)
shann@25785	21 HP_TIMING_NOW (_dl_cpuclock_offset);
shann@25785	22
shann@25785	23 - _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25785	24 -
shann@25785	25 /* Set up the data structures for the system-supplied DSO early,
shann@25785	26 so they can influence _dl_init_paths. */
shann@25785	27 setup_vdso (NULL, NULL);
shann@25785	28
shann@25785	29 + if (__libc_enable_secure)
shann@25785	30 + {
shann@25785	31 + static const char unsecure_envvars[] =
shann@25785	32 + UNSECURE_ENVVARS
shann@25785	33 +#ifdef EXTRA_UNSECURE_ENVVARS
shann@25785	34 + EXTRA_UNSECURE_ENVVARS
shann@25785	35 +#endif
shann@25785	36 + ;
shann@25785	37 + const char *cp = unsecure_envvars;
shann@25785	38 +
shann@25785	39 + while (cp < unsecure_envvars + sizeof (unsecure_envvars))
shann@25785	40 + {
shann@25785	41 + __unsetenv (cp);
shann@25785	42 + cp = (const char *) __rawmemchr (cp, '\0') + 1;
shann@25785	43 + }
shann@25785	44 +
shann@25785	45 +#if !HAVE_TUNABLES
shann@25785	46 + if (__access ("/etc/suid-debug", F_OK) != 0)
shann@25785	47 + __unsetenv ("MALLOC_CHECK_");
shann@25785	48 +#endif
shann@25785	49 + }
shann@25785	50 +
shann@25785	51 + _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
shann@25785	52 +
shann@25785	53 /* Initialize the data structures for the search paths for shared
shann@25785	54 objects. */
shann@25785	55 _dl_init_paths (getenv ("LD_LIBRARY_PATH"));
shann@25785	56 @@ -340,28 +362,6 @@
shann@25785	57 if (_dl_profile_output == NULL \|\| _dl_profile_output[0] == '\0')
shann@25785	58 _dl_profile_output
shann@25785	59 = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
shann@25785	60 -
shann@25785	61 - if (__libc_enable_secure)
shann@25785	62 - {
shann@25785	63 - static const char unsecure_envvars[] =
shann@25785	64 - UNSECURE_ENVVARS
shann@25785	65 -#ifdef EXTRA_UNSECURE_ENVVARS
shann@25785	66 - EXTRA_UNSECURE_ENVVARS
shann@25785	67 -#endif
shann@25785	68 - ;
shann@25785	69 - const char *cp = unsecure_envvars;
shann@25785	70 -
shann@25785	71 - while (cp < unsecure_envvars + sizeof (unsecure_envvars))
shann@25785	72 - {
shann@25785	73 - __unsetenv (cp);
shann@25785	74 - cp = (const char *) __rawmemchr (cp, '\0') + 1;
shann@25785	75 - }
shann@25785	76 -
shann@25785	77 -#if !HAVE_TUNABLES
shann@25785	78 - if (__access ("/etc/suid-debug", F_OK) != 0)
shann@25785	79 - __unsetenv ("MALLOC_CHECK_");
shann@25785	80 -#endif
shann@25785	81 - }
shann@25785	82
shann@25785	83 #ifdef DL_PLATFORM_INIT
shann@25785	84 DL_PLATFORM_INIT;
shann@25785	85
shann@25785	86 --
shann@25785	87 cgit

SliTaz Repositories

wok-current annotate glibc/stuff/glibc-2.28-CVE-2025-4802.patch @ rev 25785