summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch71
-rw-r--r--meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.24.bbappend4
2 files changed, 0 insertions, 75 deletions
diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch b/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
deleted file mode 100644
index 8ce5ca2bc..000000000
--- a/meta-agl-bsp/meta-core/recipes-core/glibc/files/CVE-2017-1000366.backport.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-# Source: https://sourceware.org/git/?p=glibc.git;a=patch;h=87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac
-# Modified: removed Changelog and NEWS from patch to apply across multiple revisions
-# Upstream status: backport
-#
-# 2017-09-05 jsmoeller@linuxfoundation.org
-
-From 87bd4186da10371f46e2f1a7bf7c0a45bb04f1ac Mon Sep 17 00:00:00 2001
-From: Florian Weimer <fweimer@redhat.com>
-Date: Mon, 19 Jun 2017 18:33:26 +0200
-Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
- programs [BZ #21624]
-
-LD_LIBRARY_PATH can only be used to reorder system search paths, which
-is not useful functionality.
-
-This makes an exploitable unbounded alloca in _dl_init_paths unreachable
-for AT_SECURE=1 programs.
-
-(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
----
- ChangeLog | 7 +++++++
- NEWS | 1 +
- elf/rtld.c | 3 ++-
- 3 files changed, 10 insertions(+), 1 deletion(-)
-
-# removed to apply on older version ...
-#
-#diff --git a/ChangeLog b/ChangeLog
-#index 1795e28..e37f14f 100644
-#--- a/ChangeLog
-#+++ b/ChangeLog
-#@@ -1,3 +1,10 @@
-#+2017-06-19 Florian Weimer <fweimer@redhat.com>
-#+
-#+ [BZ #21624]
-#+ CVE-2017-1000366
-#+ * elf/rtld.c (process_envvars): Ignore LD_LIBRARY_PATH for
-#+ __libc_enable_secure.
-#+
-# 2017-02-01 Andreas Schwab <schwab@linux-m68k.org>
-#
-# * sysdeps/m68k/m680x0/m68020/atomic-machine.h
-#diff --git a/NEWS b/NEWS
-#index 82a718f..d42af91 100644
-#--- a/NEWS
-#+++ b/NEWS
-#@@ -25,6 +25,7 @@ The following bugs are resolved with this release:
-#
-# [21289] Fix symbol redirect for fts_set
-# [21386] Assertion in fork for distinct parent PID is incorrect
-#+ [21624] Unsafe alloca allows local attackers to alias stack and heap (CVE-2017-1000366)
-#
-# Version 2.24
-#
-diff --git a/elf/rtld.c b/elf/rtld.c
-index 647661c..215a9ae 100644
---- a/elf/rtld.c
-+++ b/elf/rtld.c
-@@ -2437,7 +2437,8 @@ process_envvars (enum mode *modep)
-
- case 12:
- /* The library search path. */
-- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
-+ if (!__libc_enable_secure
-+ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
- {
- library_path = &envline[13];
- break;
---
-2.9.3
-
diff --git a/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.24.bbappend b/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.24.bbappend
deleted file mode 100644
index 99786fb19..000000000
--- a/meta-agl-bsp/meta-core/recipes-core/glibc/glibc_2.24.bbappend
+++ /dev/null
@@ -1,4 +0,0 @@
-FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
-
-# include fix for CVE-2017-1000366
-SRC_URI_append = " file://CVE-2017-1000366.backport.patch" \ No newline at end of file