Patch'es that will (hopefully) be mentioned in 2.4.4..

Rudolf Floers r.floers at web.de
Sat Dec 23 21:01:17 PST 2000


> > I was talking to Gerard this morning about adding the recent security
> > patch'es (ala ed and glibc) to LFS...at least in the fashion of at least
> > mentioning it to the user that it is a good idea
> > 
> > Ed - http://www.debian.org/security/2000/20001129
> > Glibc - http://www.debian.org/security/2000/20000902
> > 
> > After looking at Debian's Security repository it started to make me
> > wonder at such packages like modutils and make that were listed...
> > 
> > Not just that, but most of the patch'es provided by Distro's are
> > specific to it, adding all there "extra" features, there doesn't seem to
> > be a simple patch from the pristine sources for ed, glibc, etc... makes me
> > wonder the point of general linux security ;)


attached are 5 patches for glibc-2.1.3.
they are from the trustix glibc-2.1.3-13tr.src.rpm (ftp.trustix.com).

if somebody would point me to really working exploits for glibc-2.1.3, i could test the patches (and perhaps have some fun gaining root on a few machines ;-)))

tia
RF

-------------- next part --------------
--- glibc-2.1.3/md5-crypt/md5-crypt.c	2000/03/04 00:47:30	1.1
+++ glibc-2.1.3/md5-crypt/md5-crypt.c	2000/08/24 06:10:02	1.8
@@ -1,5 +1,5 @@
 /* One way encryption based on MD5 sum.
-   Copyright (C) 1996, 1997, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper at cygnus.com>, 1996.
 
@@ -18,6 +18,7 @@
    write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
    Boston, MA 02111-1307, USA.  */
 
+#include <assert.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
@@ -37,9 +38,9 @@
 
 
 /* Prototypes for local functions.  */
-extern char *__md5_crypt_r __P ((const char *key, const char *salt,
-				 char *buffer, int buflen));
-extern char *__md5_crypt __P ((const char *key, const char *salt));
+extern char *__md5_crypt_r (const char *key, const char *salt,
+			    char *buffer, int buflen);
+extern char *__md5_crypt (const char *key, const char *salt);
 
 
 /* This entry point is equivalent to the `crypt' function in Unix
@@ -51,13 +52,16 @@
      char *buffer;
      int buflen;
 {
-  unsigned char alt_result[16];
+  unsigned char alt_result[16]
+    __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
   struct md5_ctx ctx;
   struct md5_ctx alt_ctx;
   size_t salt_len;
   size_t key_len;
   size_t cnt;
   char *cp;
+  char *copied_key = NULL;
+  char *copied_salt = NULL;
 
   /* Find beginning of salt string.  The prefix should normally always
      be present.  Just in case it is not.  */
@@ -68,6 +72,26 @@
   salt_len = MIN (strcspn (salt, "$"), 8);
   key_len = strlen (key);
 
+  if ((key - (char *) 0) % __alignof__ (md5_uint32) != 0)
+    {
+      char *tmp = (char *) alloca (key_len + __alignof__ (md5_uint32));
+      key = copied_key =
+	memcpy (tmp + __alignof__ (md5_uint32)
+		- (tmp - (char *) 0) % __alignof__ (md5_uint32),
+		key, key_len);
+      assert ((key - (char *) 0) % __alignof__ (md5_uint32) == 0);
+    }
+
+  if ((salt - (char *) 0) % __alignof__ (md5_uint32) != 0)
+    {
+      char *tmp = (char *) alloca (salt_len + __alignof__ (md5_uint32));
+      salt = copied_salt =
+	memcpy (tmp + __alignof__ (md5_uint32)
+		- (tmp - (char *) 0) % __alignof__ (md5_uint32),
+		salt, salt_len);
+      assert ((salt - (char *) 0) % __alignof__ (md5_uint32) == 0);
+    }
+
   /* Prepare for the real work.  */
   __md5_init_ctx (&ctx);
 
@@ -195,21 +219,30 @@
 
   /* Clear the buffer for the intermediate result so that people
      attaching to processes or reading core dumps cannot get any
-     information.  */
-  memset (alt_result, '\0', sizeof (alt_result));
+     information.  We do it in this way to clear correct_words[]
+     inside the MD5 implementation as well.  */
+  __md5_init_ctx (&ctx);
+  __md5_finish_ctx (&ctx, alt_result);
+  memset (&ctx, '\0', sizeof (ctx));
+  memset (&alt_ctx, '\0', sizeof (alt_ctx));
+  if (copied_key != NULL)
+    memset (copied_key, '\0', key_len);
+  if (copied_salt != NULL)
+    memset (copied_salt, '\0', salt_len);
 
   return buffer;
 }
 
 
+static char *buffer;
+
 char *
 __md5_crypt (const char *key, const char *salt)
 {
   /* We don't want to have an arbitrary limit in the size of the
      password.  We can compute the size of the result in advance and
      so we can prepare the buffer we pass to `md5_crypt_r'.  */
-  static char *buffer = NULL;
-  static int buflen = 0;
+  static int buflen;
   int needed = 3 + strlen (salt) + 1 + 26 + 1;
 
   if (buflen < needed)
@@ -220,4 +253,12 @@
     }
 
   return __md5_crypt_r (key, salt, buffer, buflen);
+}
+
+
+static void
+__attribute__ ((__destructor__))
+free_mem (void)
+{
+  free (buffer);
 }
--- glibc-2.1.3/md5-crypt/md5.c	2000/03/04 00:47:30	1.1
+++ glibc-2.1.3/md5-crypt/md5.c	2000/07/04 18:22:44	1.2
@@ -1,6 +1,6 @@
-/* md5.c - Functions to compute MD5 message digest of files or memory blocks
+/* Functions to compute MD5 message digest of files or memory blocks.
    according to the definition of MD5 in RFC 1321 from April 1992.
-   Copyright (C) 1995, 1996, 1997, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1995, 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -217,6 +217,8 @@
      size_t len;
      struct md5_ctx *ctx;
 {
+  //const void aligned_buffer = buffer;
+
   /* When we already have some bits in our internal buffer concatenate
      both inputs first.  */
   if (ctx->buflen != 0)
@@ -224,16 +226,20 @@
       size_t left_over = ctx->buflen;
       size_t add = 128 - left_over > len ? len : 128 - left_over;
 
+      /* Only put full words in the buffer.  */
+      add -= add % __alignof__ (md5_uint32);
+
       memcpy (&ctx->buffer[left_over], buffer, add);
       ctx->buflen += add;
 
-      if (left_over + add > 64)
+      if (ctx->buflen > 64)
 	{
-	  md5_process_block (ctx->buffer, (left_over + add) & ~63, ctx);
+	  md5_process_block (ctx->buffer, ctx->buflen & ~63, ctx);
+
+	  ctx->buflen &= 63;
 	  /* The regions in the following copy operation cannot overlap.  */
 	  memcpy (ctx->buffer, &ctx->buffer[(left_over + add) & ~63],
-		  (left_over + add) & 63);
-	  ctx->buflen = (left_over + add) & 63;
+		  ctx->buflen);
 	}
 
       buffer = (const char *) buffer + add;
@@ -251,8 +257,17 @@
   /* Move remaining bytes in internal buffer.  */
   if (len > 0)
     {
-      memcpy (ctx->buffer, buffer, len);
-      ctx->buflen = len;
+      size_t left_over = ctx->buflen;
+
+      memcpy (&ctx->buffer[left_over], buffer, len);
+      left_over += len;
+      if (left_over >= 64)
+	{
+	  md5_process_block (ctx->buffer, 64, ctx);
+	  left_over -= 64;
+	  memcpy (ctx->buffer, &ctx->buffer[64], left_over);
+	}
+      ctx->buflen = left_over;
     }
 }
 
--- glibc-2.1.3/md5-crypt/md5.h	2000/03/04 00:47:30	1.1
+++ glibc-2.1.3/md5-crypt/md5.h	2000/07/04 18:22:44	1.2
@@ -1,6 +1,6 @@
 /* Declaration of functions and data types used for MD5 sum computing
    library functions.
-   Copyright (C) 1995, 1996, 1997, 1999 Free Software Foundation, Inc.
+   Copyright (C) 1995, 1996, 1997, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -87,7 +87,7 @@
 
   md5_uint32 total[2];
   md5_uint32 buflen;
-  char buffer[128];
+  char buffer[128] __attribute__ ((__aligned__ (__alignof__ (md5_uint32))));
 };
 
 /*
-------------- next part --------------
2000-08-27  Ulrich Drepper  <drepper at redhat.com>

	* intl/dcgettext.c (DCGETTEXT): Remove _nl_find_language in code
	to determine invalid locale name.
	* locale/findlocale.c (_nl_find_locale): Likewise.

2000-08-21  Ulrich Drepper  <drepper at redhat.com>

	* catgets/catgets.c (catopen): Filter out env_var values with / if
	necessary.

	* locale/findlocale.c (_nl_find_locale): Move test for unusable
	locale name after all getenvs.

--- glibc-2.1.3/catgets/catgets.c	2000/01/29 11:56:33	1.15
+++ glibc-2.1.3/catgets/catgets.c	2000/08/21 20:55:30	1.16
@@ -50,7 +50,8 @@
 	/* Use the LANG environment variable.  */
 	env_var = getenv ("LANG");
 
-      if (env_var == NULL)
+      if (env_var == NULL || *env_var == '\0'
+	  || (__libc_enable_secure && strchr (env_var, '/') != NULL))
 	env_var = "C";
 
       env_var_len = strlen (env_var) + 1;
--- glibc-2.1.3/locale/findlocale.c	1999/11/08 23:45:13	1.10.2.1
+++ glibc-2.1.3/locale/findlocale.c	2000/08/21 21:02:42	1.10.2.2
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997, 1998, 1999 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper at gnu.org>, 1996.
 
@@ -54,11 +54,7 @@
   const char *revision;
   struct loaded_l10nfile *locale_file;
 
-  if ((*name)[0] == '\0'
-      /* In SUID binaries we must not allow people to access files
-	 outside the dedicated locale directories.  */
-      || (__libc_enable_secure
-	  && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL))
+  if ((*name)[0] == '\0')
     {
       /* The user decides which locale to use by setting environment
 	 variables.  */
@@ -67,9 +63,12 @@
 	*name = getenv (_nl_category_names[category]);
       if (*name == NULL || (*name)[0] == '\0')
 	*name = getenv ("LANG");
-      if (*name == NULL || (*name)[0] == '\0')
-	*name = (char *) _nl_C_name;
     }
+
+  if (*name == NULL || (*name)[0] == '\0'
+      || (__builtin_expect (__libc_enable_secure, 0)
+	  && strchr (*name, '/') != NULL))
+    *name = (char *) _nl_C_name;
 
   if (strcmp (*name, _nl_C_name) == 0 || strcmp (*name, _nl_POSIX_name) == 0)
     {
--- glibc-2.1.3/intl/dcgettext.c	Sun Aug 27 23:15:33 2000
+++ glibc-2.1.3/intl/dcgettext.c	Sun Aug 27 23:16:34 2000
@@ -371,10 +371,7 @@
 
 	  /* When this is a SUID binary we must not allow accessing files
 	     outside the dedicated directories.  */
-	  if (ENABLE_SECURE
-	      && (memchr (single_locale, '/',
-			  _nl_find_language (single_locale) - single_locale)
-		  != NULL))
+	  if (ENABLE_SECURE && strchr (single_locale, '/') != NULL)
 	    /* Ingore this entry.  */
 	    continue;
 	}
-------------- next part --------------
2000-08-03  Ulrich Drepper  <drepper at redhat.com>

	* pthread.c (__pthread_set_own_extricate_if): Remove locking.

--- glibc-2.1.3/linuxthreads/pthread.c.jj	Wed Mar 22 22:26:01 2000
+++ glibc-2.1.3/linuxthreads/pthread.c	Fri Aug 25 09:37:26 2000
@@ -775,9 +775,7 @@ weak_alias (__pthread_getconcurrency, pt
 
 void __pthread_set_own_extricate_if(pthread_descr self, pthread_extricate_if *peif)
 {
-  __pthread_lock(self->p_lock, self);
   THREAD_SETMEM(self, p_extricate, peif);
-  __pthread_unlock(self->p_lock);
 }
 
 /* Primitives for controlling thread execution */
-------------- next part --------------
2000-05-03  Ulrich Drepper  <drepper at redhat.com>

	* sysdeps/generic/dl-environ.c (unsetenv): Follow change to the
	real unsetenv implementation from 1999-07-29 [PR libc/1714].

--- glibc-2.1.3/sysdeps/generic/dl-environ.c.jj	Thu Jul 23 16:56:52 1998
+++ glibc-2.1.3/sysdeps/generic/dl-environ.c	Tue May  9 13:48:11 2000
@@ -1,5 +1,5 @@
-/*Environment handling for dynamic loader.
-   Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
+/* Environment handling for dynamic loader.
+   Copyright (C) 1995, 1996, 1997, 1998, 2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -55,7 +55,8 @@ unsetenv (const char *name)
   const size_t len = strlen (name);
   char **ep;
 
-  for (ep = _environ; *ep != NULL; ++ep)
+  ep = _environ;
+  while (*ep != NULL)
     if (!strncmp (*ep, name, len) && (*ep)[len] == '=')
       {
 	/* Found it.  Remove this pointer by moving later ones back.  */
@@ -66,4 +67,6 @@ unsetenv (const char *name)
 	while (*dp++);
 	/* Continue the loop in case NAME appears again.  */
       }
+    else
+      ++ep;
 }
-------------- next part --------------
2000-08-09  Jakub Jelinek  <jakub at redhat.com>

	* time/tzfile.c (__tzfile_compute): __tzstring zones
	from zone_names.

--- glibc-2.1.3/time/tzfile.c.jj	Fri May  7 16:41:44 1999
+++ glibc-2.1.3/time/tzfile.c	Fri Aug 25 09:55:20 2000
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991,92,93,95,96,97,98,99 Free Software Foundation, Inc.
+/* Copyright (C) 1991,92,93,95,96,97,98,99,2000 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -498,7 +498,7 @@ __tzfile_compute (time_t timer, int use_
 	/* There is no daylight saving time.  */
 	__tzname[1] = __tzname[0];
       tp->tm_isdst = info->isdst;
-      tp->tm_zone = &zone_names[info->idx];
+      tp->tm_zone = __tzstring (&zone_names[info->idx]);
       tp->tm_gmtoff = info->offset;
     }
 
-------------- next part --------------
Summary: The GNU libc libraries.
Name: glibc
Version: 2.1.3
Release: 13tr
Copyright: LGPL
Group: Libraries/Runtime
Source: %{name}-%{version}.tar.gz
# Other sources are available at:
#   http://www.ozemail.com.au/~geoffk/glibc-crypt/glibc-crypt-2.1.tar.gz
# In the source tarball the file diff-CYGNUS-to-REDHAT.patch contains all
# diffs applied by Red Hat to the current CVS version of glibc
Patch1: glibc-2.1.3-security.patch
Patch2: glibc-2.1.3-locale.patch
Patch3: glibc-2.1.3-crypt.patch
Patch4: glibc-2.1.3-tzfile.patch
Patch5: glibc-2.1.3-pthread.patch
Buildroot: /var/tmp/glibc-%{PACKAGE_VERSION}-root
Obsoletes: zoneinfo, libc-static, libc-devel, libc-profile, libc-headers,
Obsoletes:  linuxthreads, gencat, locale
Autoreq: false
%ifarch alpha
Provides: ld.so.2
%else
%endif
%ifarch sparc
Obsoletes: libc
%endif

%description
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.  The glibc package also contains
national language (locale) support and timezone databases.

%package devel
Summary: Header and object files for development using standard C libraries.
Group: Libraries/Development
Conflicts: texinfo < 3.11
Prereq: /sbin/install-info
Obsoletes: libc-debug, libc-headers, libc-devel, linuxthreads-devel
Obsoletes: glibc-debug
Prereq: kernel-headers
Requires: kernel-headers >= 2.2.1
Autoreq: true

%description devel
The glibc-devel package contains the header and object files necessary
for developing programs which use the standard C libraries (which are
used by nearly all programs).  If you are developing programs which
will use the standard C libraries, your system needs to have these
standard header and object files available in order to create the
executables.

Install glibc-devel if you are going to develop programs which will
use the standard C libraries.

%package profile
Summary: The GNU libc libraries, including support for gprof profiling.
Group: Libraries/Development
Obsoletes: libc-profile
Autoreq: true

%description profile
The glibc-profile package includes the GNU libc libraries and support
for profiling using the gprof program.  Profiling is analyzing a
program's functions to see how much CPU time they use and determining
which functions are calling other functions during execution.  To use
gprof to profile a program, your program needs to use the GNU libc
libraries included in glibc-profile (instead of the standard GNU libc
libraries included in the glibc package).

If you are going to use the gprof program to profile a program, you'll
need to install the glibc-profile program.

%package -n nscd
Summary: A Name Service Caching Daemon (nscd).
Group: System/Daemons
Conflicts: kernel < 2.2.0
Prereq: /sbin/chkconfig
Autoreq: true

%description -n nscd
Nscd caches name service lookups and can dramatically improve
performance with NIS+, and may help with DNS as well. Note that you
can't use nscd with 2.0 kernels because of bugs in the kernel-side
thread support. Unfortunately, nscd happens to hit these bugs
particularly hard.

Install nscd if you need a name service lookup caching daemon, and
you're not using a version 2.0 kernel.

%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
 
%ifarch armv4l
rm -rf glibc-compat
%endif

find . -type f -size 0 -o -name "*.orig" -exec rm -f {} \;

%build
rm -rf build-$RPM_ARCH-linux
mkdir build-$RPM_ARCH-linux ; cd build-$RPM_ARCH-linux
%ifarch i586 i686
BuildFlags="-mpentium -D__USE_STRING_INLINES -fstrict-aliasing -mcpu=%{_target_cpu}"
%endif
%ifarch sparcv9
BuildFlags="-mv8 -mtune=ultrasparc"
%endif
CC=gcc CFLAGS="$BuildFlags -g -O3" ../configure --prefix=/usr \
	--enable-add-ons=yes --without-cvs  \
	%{_target_cpu}-trustix-linux
make -r CFLAGS="$BuildFlags -g -O3" PARALLELMFLAGS=-s

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT
make install_root=$RPM_BUILD_ROOT install -C build-$RPM_ARCH-linux
cd build-$RPM_ARCH-linux && \
    make install_root=$RPM_BUILD_ROOT install-locales -C ../localedata objdir=`pwd` && \
    cd ..

# compatibility hack: this locale has vanished from glibc, but some other
# programs are still using it. Normally we would handle it in the %pre
# section but with glibc that is simply not an option
mkdir -p $RPM_BUILD_ROOT/usr/share/locale/ru_RU/LC_MESSAGES

# Remove the files we don't want to distribute
rm -f $RPM_BUILD_ROOT/usr/lib/libNoVersion*

# the man pages for the linuxthreads require special attention
make -C linuxthreads/man
mkdir -p $RPM_BUILD_ROOT/usr/man/man3
install -m 0644 linuxthreads/man/*.3thr $RPM_BUILD_ROOT/usr/man/man3
gzip -9nvf $RPM_BUILD_ROOT/usr/man/man3/*

gzip -9nvf $RPM_BUILD_ROOT/usr/info/libc*

ln -sf libbsd-compat.a $RPM_BUILD_ROOT/usr/lib/libbsd.a

install -m 644 redhat/nsswitch.conf $RPM_BUILD_ROOT/etc/nsswitch.conf

# Take care of setuids
# -- new security review sez that this shouldn't be needed anymore
#chmod 755 $RPM_BUILD_ROOT/usr/libexec/pt_chown

# This is for ncsd - in glibc 2.1
install -m 644 nscd/nscd.conf $RPM_BUILD_ROOT/etc
mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
install -m 755 nscd/nscd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/nscd

# The database support
mkdir -p $RPM_BUILD_ROOT/var/db
install -m 644 nss/db-Makefile $RPM_BUILD_ROOT/var/db/Makefile

# Strip binaries
strip $RPM_BUILD_ROOT/sbin/* || :
strip $RPM_BUILD_ROOT/usr/bin/* || :
strip $RPM_BUILD_ROOT/usr/sbin/* || :

# BUILD THE FILE LIST
find $RPM_BUILD_ROOT -type f -or -type l | 
	sed -e 's|.*/etc|%config &|' > rpm.filelist.in
for n in /usr/share /usr/include; do 
    find ${RPM_BUILD_ROOT}${n} -type d | \
	grep -v '^/usr/share$' | \
	sed "s/^/%dir /" >> rpm.filelist.in
done

# primary filelist
sed "s|$RPM_BUILD_ROOT||" < rpm.filelist.in | 
	grep -v '/etc/localtime'  | \
	grep -v '/etc/nsswitch.conf'  | \
	sort > rpm.filelist

grep '/usr/lib/lib.*_p\.a' < rpm.filelist > profile.filelist
egrep "(/usr/include)|(/usr/info)" < rpm.filelist | 
	grep -v /usr/info/dir > devel.filelist

mv rpm.filelist rpm.filelist.full
grep -v '/usr/lib/lib.*_p.a' rpm.filelist.full | 
	egrep -v "(/usr/include)|(/usr/info)" > rpm.filelist

grep '/usr/lib/lib.*\.a' < rpm.filelist >> devel.filelist
grep '/usr/lib/.*\.o' < rpm.filelist >> devel.filelist
grep '/usr/lib/lib.*\.so' < rpm.filelist >> devel.filelist
grep '/usr/man/man' < rpm.filelist >> devel.filelist

mv rpm.filelist rpm.filelist.full
grep -v '/usr/lib/lib.*\.a' < rpm.filelist.full |
	grep -v '/usr/lib/.*\.o' |
	grep -v '/usr/lib/lib.*\.so'|
	grep -v '/usr/man/man' | 
	grep -v 'nscd' > rpm.filelist

# /etc/localtime - we're proud of our timezone
rm -f $RPM_BUILD_ROOT/etc/localtime
cp -f $RPM_BUILD_ROOT/usr/share/zoneinfo/US/Eastern $RPM_BUILD_ROOT/etc/localtime
#ln -sf ../usr/share/zoneinfo/US/Eastern $RPM_BUILD_ROOT/etc/localtime

# the last bit: more documentation
rm -rf documentation
mkdir documentation
cp linuxthreads/ChangeLog  documentation/ChangeLog.threads
cp linuxthreads/Changes documentation/Changes.threads
cp linuxthreads/README documentation/README.threads
cp linuxthreads/FAQ.html documentation/FAQ-threads.html
cp -r linuxthreads/Examples documentation/examples.threads
cp crypt/README documentation/README.crypt
cp db2/README documentation/README.db2
cp db2/mutex/README documentation/README.db2.mutex
cp timezone/README documentation/README.timezone
cp ChangeLog* documentation
gzip -9 documentation/ChangeLog*

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%post devel
/sbin/install-info /usr/info/libc.info.gz /usr/info/dir

%pre devel
# this used to be a link and it is causing nightmares now
if [ -L /usr/include/scsi ] ; then
    rm -f /usr/include/scsi
fi

%preun devel
if [ "$1" = 0 ]; then
    /sbin/install-info --delete /usr/info/libc.info.gz /usr/info/dir
fi

%post -n nscd
/sbin/chkconfig --add nscd

%preun -n nscd
if [ $1 = 0 ] ; then
    /sbin/chkconfig --del nscd
fi

%clean
rm -rf "$RPM_BUILD_ROOT"
rm -f *.filelist*

%files -f rpm.filelist
%defattr(-,root,root)
%config(noreplace) /etc/localtime
%config(noreplace) /etc/nsswitch.conf
%doc README NEWS INSTALL FAQ BUGS NOTES PROJECTS
%doc documentation/* README.template README.libm
%doc login/README.utmpd hesiod/README.hesiod
%dir /var/db

%ifnarch sparcv9
%files -f devel.filelist devel
%defattr(-,root,root)

%files -f profile.filelist profile
%defattr(-,root,root)

%files -n nscd
%defattr(-,root,root)
%config /etc/nscd.conf
/etc/rc.d/init.d/nscd
/usr/sbin/nscd
%endif

%define date    %(echo `LC_ALL="C" date +"%a %b %d %Y"`)

%changelog
* Sun Sep 13 2000 Erlend Midttun <erlendbm at trustix.com>
- Adopted into TSL

* Tue Sep  5 2000 Jakub Jelinek <jakub at redhat.com>
- reinstall the thread deadlock fix, it is innocent.
  Use the Feb, 29th tarball of glibc, not Mar, 27th, as that
  change breaks JDK.

* Tue Sep  5 2000 Jakub Jelinek <jakub at redhat.com>
- back out the thread deadlock fix, it breaks some JDKs.

* Sun Sep  3 2000 Erlend Midttun <erlendbm at trustix.com>
- Adopted into TSL

* Fri Sep  1 2000 Jakub Jelinek <jakub at redhat.com>
- two more locale related security fixes

* Thu Aug 31 2000 Jakub Jelinek <jakub at redhat.com>
- don't allow LANG/LC_* to contain / in suid/sgid programs
- Solar Designer's crypt alignment patch

* Fri Aug 25 2000 Jakub Jelinek <jakub at redhat.com>
- properly unset LD_ variables in setuid/setgid applications
- fix timezone handling with certain settings of TZ environment variable
- avoid thread deadlocks in certain situations (#13785)

* Fri Feb 25 2000 Cristian Gafton <gafton at redhat.com>
- fix c_stubs add-on to work around various assert()s in glibc
- add Davem's patch for _NPROCESSORS_ONLN on Sparc

* Fri Feb 25 2000 Cristian Gafton <gafton at redhat.com>
- add the c_stubs add-on
- sparc patch from davem

* Thu Feb 24 2000 Cristian Gafton <gafton at redhat.com>
- fix locale problems on 64 bit arches

* Tue Feb 22 2000 Cristian Gafton <gafton at redhat.com>
- cygnus sync up for fixes to nscd

* Thu Feb 17 2000 Cristian Gafton <gafton at redhat.com>
- updated to include new China timezones
- sync up with the locale changes from Cygnus

* Tue Feb 01 2000 Cristian Gafton <gafton at redhat.com>
- updated from cygnus branch
- fix syslog so that it will continuously try to fallback from SOK_DGRAM to
  SOCK_STREAM and backwards

* Mon Jan 31 2000 Cristian Gafton <gafton at redhat.com>
- update from cygnus branch
- compress man pages for the linuxthreads stuff

* Fri Jan 21 2000 Cristian Gafton <gafton at redhat.com>
- add Jakub's patch so we back out even more

* Thu Jan 20 2000 Cristian Gafton <gafton at redhat.com>
- back out the setrlimit changes (well, sort of)

* Mon Jan 03 2000 Cristian Gafton <gafton at redhat.com>
- make release from CVS server directly now


More information about the lfs-security mailing list