Applied upstream security hardening patches from git.

1 files changed, 7 insertions, 1 deletions

diff --git a/source/current/glibc/glibc-multilib.SlackBuild b/source/current/glibc/glibc-multilib.SlackBuild
index 9538358..f670782 100755
--- a/source/current/glibc/glibc-multilib.SlackBuild
+++ b/source/current/glibc/glibc-multilib.SlackBuild
@@ -30,7 +30,7 @@
 
 VERSION=${VERSION:-2.25}
 CHECKOUT=${CHECKOUT:-""}
-BUILD=${BUILD:-2alien}
+BUILD=${BUILD:-3alien}
 
 # I was considering disabling NSCD, but MoZes talked me out of it.  :)
 #DISABLE_NSCD=" --disable-nscd "
@@ -167,6 +167,12 @@ apply_patches() {
   # Revert patches that cause spurious warnings about IFUNC symbols:
   zcat $CWD/glibc.IFUNC.i386.revert.diff.gz | patch -p1 --verbose || exit 1
   zcat $CWD/glibc.IFUNC.x86_64.revert.diff.gz | patch -p1 --verbose || exit 1
+  # Upstream git patches for security hardening (CVE-2017-1000366):
+  zcat $CWD/glibc.3776f38f.diff.gz | patch -p1 --verbose || exit 1
+  zcat $CWD/glibc.46703a39.diff.gz | patch -p1 --verbose || exit 1
+  zcat $CWD/glibc.CVE-2017-1000366.3c7cd212.diff.gz | patch -p1 --verbose || exit 1
+  zcat $CWD/glibc.adc7e06f.diff.gz | patch -p1 --verbose || exit 1
+  zcat $CWD/glibc.c69d4a0f.diff.gz | patch -p1 --verbose || exit 1
   if [ $BOOTSTRP -eq 1 ] ; then
     # Multilib - Disable check for forced unwind (Patch from eglibc) since we
     # do not have a multilib glibc yet to link to;