Slackware 14.1slackware-14.1

Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)

1 files changed, 241 insertions, 0 deletions

diff --git a/source/l/glibc/glibc.CVE-2013-2207.diff b/source/l/glibc/glibc.CVE-2013-2207.diff
new file mode 100644
index 000000000..c43ccf5cd
--- /dev/null
+++ b/source/l/glibc/glibc.CVE-2013-2207.diff
@@ -0,0 +1,241 @@
+From 5d96012d9978efe4bad88a38e2efcbeada9f7585 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Thu, 22 Aug 2013
+Subject: CVE-2013-2207, BZ #15755: Disable pt_chown.
+
+Using the setuid installed pt_chown and a weak check on whether a file
+descriptor is a tty, an attacker could fake a pty check using FUSE and
+trick pt_chown to grant ownership of a pty descriptor that the current
+user does not own.  It cannot access /dev/pts/ptmx however.
+
+Pre-conditions for the attack:
+
+ * Attacker with local user account
+ * Kernel with FUSE support
+ * "user_allow_other" in /etc/fuse.conf
+ * Victim with allocated slave in /dev/pts
+
+In most modern distributions pt_chown is not needed because devpts
+is enabled by default. The fix for this CVE is to disable building
+and using pt_chown by default. We still provide a configure option
+to enable the use of pt_chown but distributions do so at their own
+risk.
+
+---
+This patch was adapted for glibc 2.17 point release from:
+http://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1
+---
+
+ INSTALL                           |   12 ++++++++++++
+ config.h.in                       |    3 +++
+ config.make.in                    |    1 +
+ configure                         |   15 +++++++++++++++
+ configure.in                      |   10 ++++++++++
+ login/Makefile                    |    8 +++++++-
+ manual/install.texi               |   14 ++++++++++++++
+ sysdeps/unix/grantpt.c            |    8 +++++---
+ sysdeps/unix/sysv/linux/grantpt.c |    5 +++--
+ 9 files changed, 70 insertions(+), 6 deletions(-)
+---
+
+--- a/INSTALL
++++ b/INSTALL
+@@ -128,6 +128,18 @@ will be used, and CFLAGS sets optimizati
+      this can be prevented though there generally is no reason since it
+      creates compatibility problems.
+ 
++`--enable-pt_chown'
++     The file `pt_chown' is a helper binary for `grantpt' (*note
++     Pseudo-Terminals: Allocation.) that is installed setuid root to
++     fix up pseudo-terminal ownership.  It is not built by default
++     because systems using the Linux kernel are commonly built with the
++     `devpts' filesystem enabled and mounted at `/dev/pts', which
++     manages pseudo-terminal ownership automatically.  By using
++     `--enable-pt_chown', you may build `pt_chown' and install it
++     setuid and owned by `root'.  The use of `pt_chown' introduces
++     additional security risks to the system and you should enable it
++     only if you understand and accept those risks.
++
+ `--build=BUILD-SYSTEM'
+ `--host=HOST-SYSTEM'
+      These options are for cross-compiling.  If you specify both
+--- a/config.h.in
++++ b/config.h.in
+@@ -232,4 +232,7 @@
+ /* The ARM hard-float ABI is being used.  */
+ #undef HAVE_ARM_PCS_VFP
+ 
++/* The pt_chown binary is being built and used by grantpt.  */
++#undef HAVE_PT_CHOWN
++
+ #endif
+--- a/config.make.in
++++ b/config.make.in
+@@ -101,6 +101,7 @@ force-install = @force_install@
+ link-obsolete-rpc = @link_obsolete_rpc@
+ build-nscd = @build_nscd@
+ use-nscd = @use_nscd@
++build-pt-chown = @build_pt_chown@
+ 
+ # Build tools.
+ CC = @CC@
+--- a/configure
++++ b/configure
+@@ -653,6 +653,7 @@ multi_arch
+ base_machine
+ add_on_subdirs
+ add_ons
++build_pt_chown
+ build_nscd
+ link_obsolete_rpc
+ libc_cv_nss_crypt
+@@ -759,6 +760,7 @@ enable_obsolete_rpc
+ enable_systemtap
+ enable_build_nscd
+ enable_nscd
++enable_pt_chown
+ with_cpu
+ '
+       ac_precious_vars='build_alias
+@@ -1419,6 +1421,7 @@ Optional Features:
+   --enable-systemtap      enable systemtap static probe points [default=no]
+   --disable-build-nscd    disable building and installing the nscd daemon
+   --disable-nscd          library functions will not contact the nscd daemon
++  --enable-pt_chown       Enable building and installing pt_chown
+ 
+ Optional Packages:
+   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+@@ -3933,6 +3936,18 @@ else
+   use_nscd=yes
+ fi
+ 
++# Check whether --enable-pt_chown was given.
++if test "${enable_pt_chown+set}" = set; then :
++  enableval=$enable_pt_chown; build_pt_chown=$enableval
++else
++  build_pt_chown=no
++fi
++
++
++if test $build_pt_chown = yes; then
++  $as_echo "#define HAVE_PT_CHOWN 1" >>confdefs.h
++
++fi
+ 
+ # The way shlib-versions is used to generate soversions.mk uses a
+ # fairly simplistic model for name recognition that can't distinguish
+--- a/configure.in
++++ b/configure.in
+@@ -315,6 +315,16 @@ AC_ARG_ENABLE([nscd],
+ 	      [use_nscd=$enableval],
+ 	      [use_nscd=yes])
+ 
++AC_ARG_ENABLE([pt_chown],
++	      [AS_HELP_STRING([--enable-pt_chown],
++	       [Enable building and installing pt_chown])],
++	      [build_pt_chown=$enableval],
++	      [build_pt_chown=no])
++AC_SUBST(build_pt_chown)
++if test $build_pt_chown = yes; then
++  AC_DEFINE(HAVE_PT_CHOWN)
++fi
++
+ # The way shlib-versions is used to generate soversions.mk uses a
+ # fairly simplistic model for name recognition that can't distinguish
+ # i486-pc-linux-gnu fully from i486-pc-gnu.  So we mutate a $host_os
+--- a/login/Makefile
++++ b/login/Makefile
+@@ -29,9 +29,15 @@ routines := getutent getutent_r getutid
+ 
+ CFLAGS-grantpt.c = -DLIBEXECDIR='"$(libexecdir)"'
+ 
+-others = utmpdump pt_chown
++others = utmpdump
++
++include ../Makeconfig
++
++ifeq (yes,$(build-pt-chown))
++others += pt_chown
+ others-pie = pt_chown
+ install-others-programs = $(inst_libexecdir)/pt_chown
++endif
+ 
+ subdir-dirs = programs
+ vpath %.c programs
+--- a/manual/install.texi
++++ b/manual/install.texi
+@@ -155,6 +155,20 @@ if the used tools support it.  By using
+ prevented though there generally is no reason since it creates
+ compatibility problems.
+ 
++@pindex pt_chown
++@findex grantpt
++@item --enable-pt_chown
++The file @file{pt_chown} is a helper binary for @code{grantpt}
++(@pxref{Allocation, Pseudo-Terminals}) that is installed setuid root to
++fix up pseudo-terminal ownership.  It is not built by default because
++systems using the Linux kernel are commonly built with the @code{devpts}
++filesystem enabled and mounted at @file{/dev/pts}, which manages
++pseudo-terminal ownership automatically.  By using
++@samp{--enable-pt_chown}, you may build @file{pt_chown} and install it
++setuid and owned by @code{root}.  The use of @file{pt_chown} introduces
++additional security risks to the system and you should enable it only if
++you understand and accept those risks.
++
+ @item --build=@var{build-system}
+ @itemx --host=@var{host-system}
+ These options are for cross-compiling.  If you specify both options and
+--- a/sysdeps/unix/grantpt.c
++++ b/sysdeps/unix/grantpt.c
+@@ -173,9 +173,10 @@ grantpt (int fd)
+   retval = 0;
+   goto cleanup;
+ 
+-  /* We have to use the helper program.  */
++  /* We have to use the helper program if it is available..  */
+  helper:;
+ 
++#ifdef HAVE_PT_CHOWN
+   pid_t pid = __fork ();
+   if (pid == -1)
+     goto cleanup;
+@@ -190,9 +191,9 @@ grantpt (int fd)
+ 	if (__dup2 (fd, PTY_FILENO) < 0)
+ 	  _exit (FAIL_EBADF);
+ 
+-#ifdef CLOSE_ALL_FDS
++# ifdef CLOSE_ALL_FDS
+       CLOSE_ALL_FDS ();
+-#endif
++# endif
+ 
+       execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL);
+       _exit (FAIL_EXEC);
+@@ -231,6 +232,7 @@ grantpt (int fd)
+ 	    assert(! "getpt: internal error: invalid exit code from pt_chown");
+ 	  }
+     }
++#endif
+ 
+  cleanup:
+   if (buf != _buf)
+--- a/sysdeps/unix/sysv/linux/grantpt.c
++++ b/sysdeps/unix/sysv/linux/grantpt.c
+@@ -11,7 +11,7 @@
+ 
+ #include "pty-private.h"
+ 
+-
++#if HAVE_PT_CHOWN
+ /* Close all file descriptors except the one specified.  */
+ static void
+ close_all_fds (void)
+@@ -38,6 +38,7 @@ close_all_fds (void)
+       __dup2 (STDOUT_FILENO, STDERR_FILENO);
+     }
+ }
+-#define CLOSE_ALL_FDS() close_all_fds()
++# define CLOSE_ALL_FDS() close_all_fds()
++#endif
+ 
+ #include <sysdeps/unix/grantpt.c>