Date: Wed, 26 Mar 2003 12:04:14 +0100 (CET) From: Miguel Mendez <flynn@energyhq.homeip.net> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/50313: Upgrade emulators/linux_base's glibc Message-ID: <200303261104.h2QB4EIg001616@narayan.energyhq.tk>
next in thread | raw e-mail | index | archive | help
>Number: 50313
>Category: ports
>Synopsis: Upgrade emulators/linux_base's glibc
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Mar 26 03:10:13 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Miguel Mendez
>Release: FreeBSD 5.0-RELEASE-p1 i386
>Organization:
>Environment:
System: FreeBSD narayan.energyhq.tk 5.0-RELEASE-p1 FreeBSD 5.0-RELEASE-p1 #0: Fri Feb 7 20:29:33 CET 2003 galerna@narayan.energyhq.tk:/usr/obj/usr/src/sys/NARAYAN i386
>Description:
Updated glibc packages are available to fix an integer overflow in the XDR
decoder.
The glibc package contains standard libraries that are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework that allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. Glibc contains an XDR encoder/decoder derived from Sun's RPC
implementation, which was demonstrated to be vulnerable to an integer
overflow.
An integer overflow is present in the xdrmem_getbytes() function of glibc
2.3.1 and earlier. Depending upon the application, this vulnerability
could cause buffer overflows and may be exploitable leading to arbitrary
code execution.
This is for i386 only, I saw no alpha updates :/ I've ifdef'ed it so we
have the older version in the alpha side of things.
>How-To-Repeat:
>Fix:
--- linux_base.diff begins here ---
diff -ruN linux_base.old/Makefile linux_base/Makefile
--- linux_base.old/Makefile Sat Feb 22 11:20:41 2003
+++ linux_base/Makefile Wed Mar 26 11:59:22 2003
@@ -7,7 +7,7 @@
PORTNAME= linux_base
PORTVERSION= 7.1
-PORTREVISION= 2
+PORTREVISION= 3
CATEGORIES= emulators linux
MASTER_SITES= ${MASTER_SITE_REDHAT_LINUX}
MASTER_SITE_SUBDIR= ${PORTVERSION}/${LANG}/os/${MACHINE_ARCH}/RedHat/RPMS
@@ -60,8 +60,13 @@
# Let's avoid hardcoding 'en' as the language.
LANG= en
+.if (${MACHINE_ARCH} == "i386")
+UPD_SET1= glibc-common-2.2.4-32.${MACHINE_ARCH}.rpm \
+ glibc-2.2.4-32.${MACHINE_ARCH}.rpm
+.else
UPD_SET1= glibc-common-2.2.4-31.${MACHINE_ARCH}.rpm \
glibc-2.2.4-31.${MACHINE_ARCH}.rpm
+.endif
UPD_SET2= zlib-1.1.3-25.7.${MACHINE_ARCH}.rpm
UPDATES= ${UPD_SET1} ${UPD_SET2}
diff -ruN linux_base.old/distinfo.i386 linux_base/distinfo.i386
--- linux_base.old/distinfo.i386 Tue Dec 10 04:04:57 2002
+++ linux_base/distinfo.i386 Wed Mar 26 11:56:09 2003
@@ -1,5 +1,4 @@
MD5 (rpm/redhat-release-7.1-1.noarch.rpm) = 50c7e24be0727971a1253bb75d30a1ed
-MD5 (rpm/redhat-release-7.1-1.noarch.rpm) = db4e20d62c96ae3cd7fb3d9da89f0ec0
MD5 (rpm/setup-2.4.7-1.noarch.rpm) = 4a4819c1e86d61a9ca67a5b4feb375b7
MD5 (rpm/filesystem-2.0.7-1.noarch.rpm) = c82cd42bdf4e8becfef3701f0f246270
MD5 (rpm/basesystem-7.0-2.noarch.rpm) = 9d4e753ef487d62e1672f52ef190447a
@@ -24,7 +23,7 @@
MD5 (rpm/rpm-4.0.2-8.i386.rpm) = 7c19ebfcbb9079ce77b9aa2d33c26ff2
MD5 (rpm/freetype-2.0.1-4.i386.rpm) = d0343a9d5f1d91ec254903ed164251cd
MD5 (rpm/XFree86-libs-4.0.3-5.i386.rpm) = 227caaee9e10162b6500e6e9544726b3
-MD5 (rpm/glibc-common-2.2.4-31.i386.rpm) = 7e45b087c1772f1dd45fc42b20b62309
-MD5 (rpm/glibc-2.2.4-31.i386.rpm) = ed5a12d2eba916b92a58d8538216d2fe
+MD5 (rpm/glibc-common-2.2.4-32.i386.rpm) = 5f8e424f8f8bea96b8148569fe76f676
+MD5 (rpm/glibc-2.2.4-32.i386.rpm) = 8acd0559a855451e799844642aba68a1
MD5 (rpm/zlib-1.1.3-25.7.i386.rpm) = 1c2a98b53ec5bd716b48d71643705055
MD5 (rpm/libstdc++-2.96-112.7.1.i386.rpm) = 31777243b5a7ede605bbe516aecc1528
--- linux_base.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303261104.h2QB4EIg001616>