glibc: Import security fixes from upstream

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/rootfiles/core/94/filelists/armv5tel/glibc b/config/rootfiles/core/94/filelists/armv5tel/glibc
new file mode 120000 (symlink)
index 0000000..4c70d72
--- /dev/null
+++ b/config/rootfiles/core/94/filelists/armv5tel/glibc
@@ -0,0 +1 @@
+../../../../common/armv5tel/glibc
\ No newline at end of file

diff --git a/config/rootfiles/core/94/filelists/i586/glibc b/config/rootfiles/core/94/filelists/i586/glibc
new file mode 120000 (symlink)
index 0000000..943021f
--- /dev/null
+++ b/config/rootfiles/core/94/filelists/i586/glibc
@@ -0,0 +1 @@
+../../../../common/i586/glibc
\ No newline at end of file

diff --git a/lfs/glibc b/lfs/glibc
index 4ec71a788e6bf683d0204112c622621c34e1eeaf..6675065d4c5f503e5844eb9d8fa06b6a5a3b6db6 100644 (file)
--- a/lfs/glibc
+++ b/lfs/glibc
@@ -285,6 +285,7 @@ endif
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
+       cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1217186.patch
 
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
        cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch

diff --git a/src/patches/glibc/glibc-rh1217186.patch b/src/patches/glibc/glibc-rh1217186.patch
new file mode 100644 (file)
index 0000000..6c6c393
--- /dev/null
+++ b/src/patches/glibc/glibc-rh1217186.patch
@@ -0,0 +1,65 @@
+#
+# Author: Carlos O'Donell
+# Upstream status: Needs to go upstream (2015-05-07)
+#
+diff --git a/inet/rcmd.c b/inet/rcmd.c
+index acacaa0..9f2443b 100644
+--- a/inet/rcmd.c
++++ b/inet/rcmd.c
+@@ -803,29 +803,38 @@ __validuser2_sa(hostf, ra, ralen, luser, ruser, rhost)
+       *p = '\0';              /* <nul> terminate username (+host?) */
+ 
+       /* buf -> host(?) ; user -> username(?) */
++      if (*buf == '\0')
++        break;
++      if (*user == '\0')
++        user = luser;
++
++      /* First check the user part.  This is an optimization, since
++         one should always check the host first in order to detect
++         negative host checks (which we check for later).  */
++      ucheck = __icheckuser (user, ruser);
++
++      /* Either we found the user, or we didn't and this is a
++         negative host check.  We must do the negative host lookup
++         in order to preserve the semantics of stopping on this line
++         before processing others.  */
++      if (ucheck != 0 || *buf == '-') {
++
++          /* Next check host part */
++          hcheck = __checkhost_sa (ra, ralen, buf, rhost);
++
++          /* Negative '-host user(?)' match?  */
++          if (hcheck < 0)
++              break;
+ 
+-      /* First check host part */
+-      hcheck = __checkhost_sa (ra, ralen, buf, rhost);
+-
+-      if (hcheck < 0)
+-          break;
+-
+-      if (hcheck) {
+-          /* Then check user part */
+-          if (! (*user))
+-              user = luser;
+-
+-          ucheck = __icheckuser (user, ruser);
+-
+-          /* Positive 'host user' match? */
+-          if (ucheck > 0) {
++          /* Positive 'host user' match?  */
++          if (hcheck > 0 && ucheck > 0) {
+               retval = 0;
+               break;
+           }
+ 
+-          /* Negative 'host -user' match? */
+-          if (ucheck < 0)
+-              break;
++          /* Negative 'host -user' match?  */
++          if (hcheck > 0 && ucheck < 0)
++            break;
+ 
+           /* Neither, go on looking for match */
+       }