wok-current view glibc/stuff/CVE-2025-4802.patch @ rev 25785
Mass rebuild after bump to glibc 2.31, add epson printer and scanner package
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Jul 15 20:40:17 2025 +0000 (3 months ago) |
| parents | 4997842104b5 |
| children |
line source
1 From bff3b0f16c991b825016afee53a85b4d2b4f6b72 Mon Sep 17 00:00:00 2001
2 From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
3 Date: Mon, 6 Nov 2023 17:25:49 -0300
4 Subject: elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static
6 It mimics the ld.so behavior.
8 Checked on x86_64-linux-gnu.
9 Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
11 (cherry picked from commit 5451fa962cd0a90a0e2ec1d8910a559ace02bba0)
13 Changes:
15 git/elf/dl-support.c
16 (missing commit 55f41ef8de4a4d0c5762d78659e11202d3c765d4
17 ("elf: Remove LD_PROFILE for static binaries"),
18 missing removal of tunables support)
19 ---
20 elf/dl-support.c | 45 +++++++++++++++++++++------------------------
21 1 file changed, 21 insertions(+), 24 deletions(-)
23 diff --git a/elf/dl-support.c b/elf/dl-support.c
24 index 09079c124d..1963f8a28a 100644
25 --- a/elf/dl-support.c
26 +++ b/elf/dl-support.c
27 @@ -272,8 +272,6 @@ _dl_non_dynamic_init (void)
28 _dl_main_map.l_phdr = GL(dl_phdr);
29 _dl_main_map.l_phnum = GL(dl_phnum);
31 - _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
32 -
33 /* Set up the data structures for the system-supplied DSO early,
34 so they can influence _dl_init_paths. */
35 setup_vdso (NULL, NULL);
36 @@ -281,6 +279,27 @@ _dl_non_dynamic_init (void)
37 /* With vDSO setup we can initialize the function pointers. */
38 setup_vdso_pointers ();
40 + if (__libc_enable_secure)
41 + {
42 + static const char unsecure_envvars[] =
43 + UNSECURE_ENVVARS
44 + ;
45 + const char *cp = unsecure_envvars;
46 +
47 + while (cp < unsecure_envvars + sizeof (unsecure_envvars))
48 + {
49 + __unsetenv (cp);
50 + cp = strchr (cp, '\0') + 1;
51 + }
52 +
53 +#if !HAVE_TUNABLES
54 + if (__access ("/etc/suid-debug", F_OK) != 0)
55 + __unsetenv ("MALLOC_CHECK_");
56 +#endif
57 + }
58 +
59 + _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
60 +
61 /* Initialize the data structures for the search paths for shared
62 objects. */
63 _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
64 --
65 cgit
67 From 08aea7712d1470649537c8d2d17089ea40d478e5 Mon Sep 17 00:00:00 2001
68 From: Florian Weimer <fweimer@redhat.com>
69 Date: Mon, 23 Dec 2024 13:57:55 +0100
70 Subject: support: Add support_record_failure_barrier
72 This can be used to stop execution after a TEST_COMPARE_BLOB
73 failure, for example.
75 (cherry picked from commit d0b8aa6de4529231fadfe604ac2c434e559c2d9e)
76 ---
77 support/check.h | 3 +++
78 support/support_record_failure.c | 10 ++++++++++
79 2 files changed, 13 insertions(+)
81 diff --git a/support/check.h b/support/check.h
82 index 43f4208a0a..dac6f04b56 100644
83 --- a/support/check.h
84 +++ b/support/check.h
85 @@ -207,6 +207,9 @@ void support_record_failure_reset (void);
86 failures or not. */
87 int support_record_failure_is_failed (void);
89 +/* Terminate the process if any failures have been encountered so far. */
90 +void support_record_failure_barrier (void);
91 +
92 __END_DECLS
94 #endif /* SUPPORT_CHECK_H */
95 diff --git a/support/support_record_failure.c b/support/support_record_failure.c
96 index 7e57fe97fb..b00387ff80 100644
97 --- a/support/support_record_failure.c
98 +++ b/support/support_record_failure.c
99 @@ -112,3 +112,13 @@ support_record_failure_is_failed (void)
100 synchronization for reliable test error reporting anyway. */
101 return __atomic_load_n (&state->failed, __ATOMIC_RELAXED);
102 }
103 +
104 +void
105 +support_record_failure_barrier (void)
106 +{
107 + if (__atomic_load_n (&state->failed, __ATOMIC_RELAXED))
108 + {
109 + puts ("error: exiting due to previous errors");
110 + exit (1);
111 + }
112 +}
113 --
114 cgit