webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-21 00:12:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

glibc: Import security fixes from upstream

Browse Source 
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Michael Tremer
2015-08-17 20:49:34 +01:00
parent fb71017b7b
commit 9eb008dc92
4 changed files with 68 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
config/rootfiles/core/94/filelists/armv5tel/glibc Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/armv5tel/glibc

1
config/rootfiles/core/94/filelists/i586/glibc Symbolic link
View File

@@ -0,0 +1 @@
../../../../common/i586/glibc

1
lfs/glibc
View File

@@ -285,6 +285,7 @@ endif
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1183533.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1207995.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1209375.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc/glibc-rh1217186.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-resolv-stack_chk_fail.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/glibc-remove-ctors-dtors-output-sections.patch

65
src/patches/glibc/glibc-rh1217186.patch Normal file
View File

@@ -0,0 +1,65 @@
#
# Author: Carlos O'Donell
# Upstream status: Needs to go upstream (2015-05-07)
#
diff --git a/inet/rcmd.c b/inet/rcmd.c
index acacaa0..9f2443b 100644
--- a/inet/rcmd.c
+++ b/inet/rcmd.c
@@ -803,29 +803,38 @@ __validuser2_sa(hostf, ra, ralen, luser, ruser, rhost)
*p = '\0'; /* <nul> terminate username (+host?) */
/* buf -> host(?) ; user -> username(?) */
+ if (*buf == '\0')
+ break;
+ if (*user == '\0')
+ user = luser;
+
+ /* First check the user part. This is an optimization, since
+ one should always check the host first in order to detect
+ negative host checks (which we check for later). */
+ ucheck = __icheckuser (user, ruser);
+
+ /* Either we found the user, or we didn't and this is a
+ negative host check. We must do the negative host lookup
+ in order to preserve the semantics of stopping on this line
+ before processing others. */
+ if (ucheck != 0 || *buf == '-') {
+
+ /* Next check host part */
+ hcheck = __checkhost_sa (ra, ralen, buf, rhost);
+
+ /* Negative '-host user(?)' match? */
+ if (hcheck < 0)
+ break;
- /* First check host part */
- hcheck = __checkhost_sa (ra, ralen, buf, rhost);
-
- if (hcheck < 0)
- break;
-
- if (hcheck) {
- /* Then check user part */
- if (! (*user))
- user = luser;
-
- ucheck = __icheckuser (user, ruser);
-
- /* Positive 'host user' match? */
- if (ucheck > 0) {
+ /* Positive 'host user' match? */
+ if (hcheck > 0 && ucheck > 0) {
retval = 0;
break;
}
- /* Negative 'host -user' match? */
- if (ucheck < 0)
- break;
+ /* Negative 'host -user' match? */
+ if (hcheck > 0 && ucheck < 0)
+ break;
/* Neither, go on looking for match */
}