From 4e7ac1a760eb33435c347a8f6518aa31312dd2ef Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 6 Aug 2012 22:52:46 +0200 Subject: [PATCH] libsafe: Remove package. This has not been updated since 2001 and we don't believe that this is a security benefit anymore. --- config/rootfiles/common/libsafe | 4 - lfs/libsafe | 78 ------- make.sh | 1 - src/patches/libsafe-alpha.diff | 232 -------------------- src/patches/libsafe-functioncaching.diff | 258 ----------------------- 5 files changed, 573 deletions(-) delete mode 100644 config/rootfiles/common/libsafe delete mode 100644 lfs/libsafe delete mode 100644 src/patches/libsafe-alpha.diff delete mode 100644 src/patches/libsafe-functioncaching.diff diff --git a/config/rootfiles/common/libsafe b/config/rootfiles/common/libsafe deleted file mode 100644 index 8275e4aa4a..0000000000 --- a/config/rootfiles/common/libsafe +++ /dev/null @@ -1,4 +0,0 @@ -etc/ld.so.preload -lib/libsafe.so.2 -lib/libsafe.so.2.0.16 -#usr/man/man8/libsafe.8 diff --git a/lfs/libsafe b/lfs/libsafe deleted file mode 100644 index 24c398c61f..0000000000 --- a/lfs/libsafe +++ /dev/null @@ -1,78 +0,0 @@ -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see . # -# # -############################################################################### - -############################################################################### -# Definitions -############################################################################### - -include Config - -VER = 2.0-16 - -THISAPP = libsafe_$(VER) -DL_FILE = $(THISAPP).orig.tar.gz -DL_FROM = $(URL_IPFIRE) -DIR_APP = $(DIR_SRC)/libsafe-$(VER) -TARGET = $(DIR_INFO)/$(THISAPP) - -############################################################################### -# Top-level Rules -############################################################################### - -objects = $(DL_FILE) - -$(DL_FILE) = $(DL_FROM)/$(DL_FILE) - -$(DL_FILE)_MD5 = 6b7b6e6df84d4afb469ccc66d04fc24d - -install : $(TARGET) - -check : $(patsubst %,$(DIR_CHK)/%,$(objects)) - -download :$(patsubst %,$(DIR_DL)/%,$(objects)) - -md5 : $(subst %,%_MD5,$(objects)) - -############################################################################### -# Downloading, checking, md5sum -############################################################################### - -$(patsubst %,$(DIR_CHK)/%,$(objects)) : - @$(CHECK) - -$(patsubst %,$(DIR_DL)/%,$(objects)) : - @$(LOAD) - -$(subst %,%_MD5,$(objects)) : - @$(MD5) - -############################################################################### -# Installation Details -############################################################################### - -$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) - @$(PREBUILD) - @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/libsafe-functioncaching.diff - cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/libsafe-alpha.diff - cd $(DIR_APP) && make libsafe $(MAKETUNING) - cd $(DIR_APP) && yes | make install - @rm -rf $(DIR_APP) - @$(POSTBUILD) diff --git a/make.sh b/make.sh index 19edce62e3..38a8698972 100755 --- a/make.sh +++ b/make.sh @@ -589,7 +589,6 @@ buildipfire() { ipfiremake traceroute ipfiremake vlan ipfiremake wireless - ipfiremake libsafe ipfiremake pakfire ipfiremake spandsp ipfiremake lzo diff --git a/src/patches/libsafe-alpha.diff b/src/patches/libsafe-alpha.diff deleted file mode 100644 index dfeb9f227a..0000000000 --- a/src/patches/libsafe-alpha.diff +++ /dev/null @@ -1,232 +0,0 @@ ---- libsafe-2.0-16-orig/src/intercept.c 2003-03-15 16:02:12.000000000 +0100 -+++ libsafe-2.0-16/src/intercept.c 2003-03-15 16:12:22.000000000 +0100 -@@ -165,7 +165,8 @@ - */ - char *strcpy(char *dest, const char *src) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -196,7 +197,8 @@ - - char *strncpy(char *dest, const char *src, size_t n) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_strncpy) - real_strncpy = (strncpy_t) getLibraryFunction("strncpy"); -@@ -219,7 +221,8 @@ - - char *stpcpy(char *dest, const char *src) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -251,7 +254,8 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscpy(wchar_t *dest, const wchar_t *src) - { -- size_t max_bytes, max_wchars, len; -+ size_t max_wchars, len; -+ uint max_bytes; - - if (!real_wcscpy) - real_wcscpy = (wcscpy_t) getLibraryFunction("wcscpy"); -@@ -291,7 +295,8 @@ - - wchar_t *wcpcpy(wchar_t *dest, const wchar_t *src) - { -- size_t max_bytes, max_wchars, len; -+ size_t max_wchars, len; -+ uint max_bytes; - - if (!real_wcpcpy) - real_wcpcpy = (wcpcpy_t) getLibraryFunction("wcpcpy"); -@@ -333,9 +338,15 @@ - /* - * This is needed! See the strcpy() for the reason. -ab. - */ --void *memcpy(void *dest, const void *src, size_t n) -+void *memcpy(void *dest, const void *src, size_t hack) - { -- size_t max_size; -+ /* -+ * a size_t IS an unsigned long everywhere, though it sometimes -+ * doesn't state so, making printf misinterpret it. -+ */ -+ unsigned long n = hack; -+ uint max_size; -+ - - if (!real_memcpy) - real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -@@ -344,11 +355,11 @@ - return real_memcpy(dest, src, n); - - if ((max_size = _libsafe_stackVariableP(dest)) == 0) { -- LOG(5, "memcpy( , , %d)\n", n); -+ LOG(5, "memcpy( , , %ld)\n", n); - return real_memcpy(dest, src, n); - } - -- LOG(4, "memcpy( , , %d) stack limit=%d)\n", n, max_size); -+ LOG(4, "memcpy( , , %ld) stack limit=%d)\n", n, max_size); - if (n > max_size) - _libsafe_die("Overflow caused by memcpy()"); - return real_memcpy(dest, src, n); -@@ -357,7 +368,7 @@ - - char *strcat(char *dest, const char *src) - { -- size_t max_size; -+ uint max_size; - uint dest_len, src_len; - - if (!real_memcpy) -@@ -388,7 +399,7 @@ - - char *strncat(char *dest, const char *src, size_t n) - { -- size_t max_size; -+ uint max_size; - uint dest_len, src_len; - - if (!real_strncat) -@@ -1008,12 +1019,31 @@ - if (is_printf_convspec[(int)*p]) { - caddr_t addr; - c++; -+#if 0 -+ /* -+ * cannot add va_list (ap here) with a number on alpha. -+ * this is faster than the other method, and might be -+ * a good idea to enable this on !alpha arch. -+ */ - if (pnum) { - addr = *((caddr_t*)(ap + (atoi(pnum)-1)*sizeof(char*))); - } - else { - addr = *((caddr_t*)(ap + c*sizeof(char*))); - } -+#else -+ { -+ va_list apc; -+ uint nb = c + 1; -+ -+ va_copy(apc, ap); -+ if (pnum) -+ nb = atoi(pnum); -+ addr = NULL; -+ while (nb--) -+ addr = va_arg(apc, caddr_t); -+ } -+#endif - if (*p == 'n') { - if (_libsafe_raVariableP((void *)(addr))) { - _libsafe_die("printf(\"%%n\")"); -@@ -1172,12 +1202,32 @@ - if (is_printf_convspec[(int)*p]) { - caddr_t addr; - c++; -+#if 0 -+ /* -+ * cannot add va_list (ap here) with a number on alpha. -+ * this is faster than the other method, and might be -+ * a good idea to enable this on !alpha arch. -+ */ -+ - if (pnum) { - addr = *((caddr_t*)(ap + (atoi(pnum)-1)*sizeof(char*))); - } - else { - addr = *((caddr_t*)(ap + c*sizeof(char*))); - } -+#else -+ { -+ va_list apc; -+ uint nb = c + 1; -+ -+ va_copy(apc, ap); -+ if (pnum) -+ nb = atoi(pnum); -+ addr = NULL; -+ while (nb--) -+ addr = va_arg(apc, caddr_t); -+ } -+#endif - if (*p == 'n') { - if (_libsafe_raVariableP((void *)(addr))) { - _libsafe_die("printf(\"%%n\")"); -@@ -1194,7 +1244,7 @@ - - int sprintf(char *str, const char *format, ...) - { -- size_t max_size; -+ uint max_size; - va_list ap; - int res; - -@@ -1242,7 +1292,7 @@ - - int snprintf(char *str, size_t size, const char *format, ...) - { -- size_t max_size; -+ uint max_size; - va_list ap; - int res; - -@@ -1288,7 +1338,7 @@ - - int vsprintf(char *str, const char *format, va_list ap) - { -- size_t max_size; -+ uint max_size; - int res; - - if (!real_vsprintf) -@@ -1325,7 +1375,7 @@ - - int vsnprintf(char *str, size_t size, const char *format, va_list ap) - { -- size_t max_size; -+ uint max_size; - int res; - - if (!real_vsnprintf) -@@ -1360,7 +1410,7 @@ - - char *getwd(char *buf) - { -- size_t max_size; -+ uint max_size; - char *res; - - if (!real_getwd) -@@ -1384,7 +1434,8 @@ - - char *gets(char *s) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - - if (!real_gets) - real_gets = (gets_t) getLibraryFunction("gets"); -@@ -1409,7 +1460,8 @@ - - char *realpath(char *path, char resolved_path[]) - { -- size_t max_size, len; -+ uint max_size; -+ size_t len; - char *res; - char buf[MAXPATHLEN + 1]; - diff --git a/src/patches/libsafe-functioncaching.diff b/src/patches/libsafe-functioncaching.diff deleted file mode 100644 index db003a4cfc..0000000000 --- a/src/patches/libsafe-functioncaching.diff +++ /dev/null @@ -1,258 +0,0 @@ -From: Goswin Brederlow -Subject: Bug#129345: patch to prevent a loop between libdl and libsafe causing libdl to crash -To: 129345@bugs.debian.org -Date: 01 Sep 2002 23:54:35 +0200 -Reply-To: Goswin Brederlow , - 129345@bugs.debian.org -Resent-From: Goswin Brederlow - - -------- -[D. Coe edited this patch slightly -- moved an unrelated change into the -Makefile itself [it changed the debugging comments only], and corrected a -spelling error and reworded the comments. The original patch is in the -bug tracking system, if you want to see it as submitted by Goswin.] -------- -------- -D. Coe subsequently modified the patch further, because in some cases -the initializations did not occur (e.g. when IO_vfscanf or memcpy was -called from ps or top (likely one of the libraries they use). maybe -they do something that disables libsafe's library globals initialization? - - -In any case, I've adopted both strategise in this new patch; the addresses -are preloaded as Goswin had coded, but they are also individually checked -each time needed (as was the case before Goswin's patch), and are initialized -at that point if necessary. Hopefully this will let ps and top work -and also continue to work around the libdl problem. -------- - -Hi, - -if libsafe is invoked from inside libdl (or only inside dlerror()?) -and a real_XXX function is not yet looked up it will reenter -libdl. That causes memory corruption resulting in a read from 0x0 and -thus segfault. - -The patch below makes libsafe cache all needed symbols once upon -init. That not only causes less lookups than before but should prevent -fatal loops. Failures of the initial lookups might not be reported -correctly but terminate in some odd way if the functions needed to -report are not yet looked up. - -MfG - Goswin - ----------------------------------------------------------------------- -diff -Nurd libsafe-2.0-16/src/intercept.c libsafe-2.0-16-mrvn/src/intercept.c ---- libsafe-2.0-16/src/intercept.c 2002-05-31 19:37:34.000000000 +0200 -+++ libsafe-2.0-16-mrvn/src/intercept.c 2002-09-01 23:44:55.000000000 +0200 -@@ -128,14 +128,29 @@ - } - - --/* Starting with version 2.0, we keep a single global copy of the pointer to -- * the real memcpy() function. This allows us to call -- * getLibraryFunction("memcpy") just once instead of multiple times, since -- * memcpy() is needed in four different functions below. -+/* Starting with Debian version 2.0-16-2, we keep a global copy of the pointer -+ * to each real functions. Otherwise a getLibraryFunction might -+ * be triggered from inside dlsym() and cause memory corruption reulting in a -+ * segfault. - */ --static memcpy_t real_memcpy = NULL; -- -- -+static memcpy_t real_memcpy = NULL; -+static _IO_vfscanf_t real_IO_vfscanf = NULL; -+static vfprintf_t real_vfprintf = NULL; -+static vsnprintf_t real_vsnprintf = NULL; -+static vsprintf_t real_vsprintf = NULL; -+static gets_t real_gets = NULL; -+static getwd_t real_getwd = NULL; -+static realpath_t real_realpath = NULL; -+static stpcpy_t real_stpcpy = NULL; -+static strcat_t real_strcat = NULL; -+static strcpy_t real_strcpy = NULL; -+static strncat_t real_strncat = NULL; -+static strncpy_t real_strncpy = NULL; -+static wcscpy_t real_wcscpy = NULL; -+static wcpcpy_t real_wcpcpy = NULL; -+#ifndef MISSING_WCSNLEN -+static wcscat_t real_wcscat = NULL; -+#endif - /* - * -------------- system library implementations ------------------- - * Here is the story: if a C source file includes and is -@@ -150,7 +165,6 @@ - */ - char *strcpy(char *dest, const char *src) - { -- static strcpy_t real_strcpy = NULL; - size_t max_size, len; - - if (!real_memcpy) -@@ -182,7 +196,6 @@ - - char *strncpy(char *dest, const char *src, size_t n) - { -- static strncpy_t real_strncpy = NULL; - size_t max_size, len; - - if (!real_strncpy) -@@ -206,7 +219,6 @@ - - char *stpcpy(char *dest, const char *src) - { -- static stpcpy_t real_stpcpy = NULL; - size_t max_size, len; - - if (!real_memcpy) -@@ -239,7 +251,6 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscpy(wchar_t *dest, const wchar_t *src) - { -- static wcscpy_t real_wcscpy = NULL; - size_t max_bytes, max_wchars, len; - - if (!real_wcscpy) -@@ -280,7 +291,6 @@ - - wchar_t *wcpcpy(wchar_t *dest, const wchar_t *src) - { -- static wcpcpy_t real_wcpcpy = NULL; - size_t max_bytes, max_wchars, len; - - if (!real_wcpcpy) -@@ -347,7 +357,6 @@ - - char *strcat(char *dest, const char *src) - { -- static strcat_t real_strcat = NULL; - size_t max_size; - uint dest_len, src_len; - -@@ -379,7 +388,6 @@ - - char *strncat(char *dest, const char *src, size_t n) - { -- static strncat_t real_strncat = NULL; - size_t max_size; - uint dest_len, src_len; - -@@ -408,7 +416,6 @@ - #ifndef MISSING_WCSNLEN - wchar_t *wcscat(wchar_t *dest, const wchar_t *src) - { -- static wcscat_t real_wcscat = NULL; - size_t max_bytes; - uint dest_len, src_len; - -@@ -861,7 +868,6 @@ - */ - int vfprintf(FILE *fp, const char *format, va_list ap) - { -- static vfprintf_t real_vfprintf = NULL; - int res; - char *p, *pnum; - int c = -1; /* Next var arg to be used */ -@@ -1026,7 +1032,6 @@ - */ - int _IO_vfprintf(FILE *fp, const char *format, va_list ap) - { -- static vfprintf_t real_vfprintf = NULL; - int res; - char *p, *pnum; - int c = -1; /* Next var arg to be used */ -@@ -1189,8 +1194,6 @@ - - int sprintf(char *str, const char *format, ...) - { -- static vsprintf_t real_vsprintf = NULL; -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - va_list ap; - int res; -@@ -1239,7 +1242,6 @@ - - int snprintf(char *str, size_t size, const char *format, ...) - { -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - va_list ap; - int res; -@@ -1286,8 +1288,6 @@ - - int vsprintf(char *str, const char *format, va_list ap) - { -- static vsprintf_t real_vsprintf = NULL; -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - int res; - -@@ -1325,7 +1325,6 @@ - - int vsnprintf(char *str, size_t size, const char *format, va_list ap) - { -- static vsnprintf_t real_vsnprintf = NULL; - size_t max_size; - int res; - -@@ -1361,7 +1360,6 @@ - - char *getwd(char *buf) - { -- static getwd_t real_getwd = NULL; - size_t max_size; - char *res; - -@@ -1386,7 +1384,6 @@ - - char *gets(char *s) - { -- static gets_t real_gets = NULL; - size_t max_size, len; - - if (!real_gets) -@@ -1412,7 +1409,6 @@ - - char *realpath(char *path, char resolved_path[]) - { -- static realpath_t real_realpath = NULL; - size_t max_size, len; - char *res; - char buf[MAXPATHLEN + 1]; -@@ -1445,7 +1441,6 @@ - - int _IO_vfscanf (_IO_FILE *s, const char *format, _IO_va_list argptr, int *errp) - { -- static _IO_vfscanf_t real_IO_vfscanf = NULL; - int res, save_count; - caddr_t ra_array[MAXLEVELS], fp_array[MAXLEVELS]; - -@@ -1529,6 +1524,25 @@ - - fclose(fp); - } -+ -+ real_memcpy = (memcpy_t) getLibraryFunction("memcpy"); -+ real_IO_vfscanf = (_IO_vfscanf_t) getLibraryFunction("_IO_vfscanf"); -+ real_vfprintf = (vfprintf_t) getLibraryFunction("vfprintf"); -+ real_vsnprintf = (vsnprintf_t) getLibraryFunction("vsnprintf"); -+ real_vsprintf = (vsprintf_t) getLibraryFunction("vsprintf"); -+ real_gets = (gets_t) getLibraryFunction("gets"); -+ real_getwd = (getwd_t) getLibraryFunction("getwd"); -+ real_realpath = (realpath_t) getLibraryFunction("realpath"); -+ real_stpcpy = (stpcpy_t) getLibraryFunction("stpcpy"); -+ real_strcat = (strcat_t) getLibraryFunction("strcat"); -+ real_strcpy = (strcpy_t) getLibraryFunction("strcpy"); -+ real_strncat = (strncat_t) getLibraryFunction("strncat"); -+ real_strncpy = (strncpy_t) getLibraryFunction("strncpy"); -+ real_wcscpy = (wcscpy_t) getLibraryFunction("wcscpy"); -+ real_wcpcpy = (wcpcpy_t) getLibraryFunction("wcpcpy"); -+#ifndef MISSING_WCSNLEN -+ real_wcscat = (wcscat_t) getLibraryFunction("wcscat"); -+#endif - } - - -- 2.39.2