diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2021-02-09 20:43:33 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2021-02-10 08:59:53 +0100 |
commit | 39e07c298747c13cc4ee3600f81d7c53118b166e (patch) | |
tree | 0f178d36dc6890c596c432803cfcb18926e95bc9 /testing/source/glibc/patches | |
parent | 970784a8a8c9a4f10fcc9014c5d51643d021ff82 (diff) | |
download | current-39e07c298747c13cc4ee3600f81d7c53118b166e.tar.gz current-39e07c298747c13cc4ee3600f81d7c53118b166e.tar.xz |
Tue Feb 9 20:43:33 UTC 202120210209204333
a/exfatprogs-1.1.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20210208_b79d239-noarch-1.txz: Upgraded.
a/procps-ng-3.3.17-x86_64-1.txz: Upgraded.
ap/man-db-2.9.4-x86_64-1.txz: Upgraded.
ap/slackpkg-15.0-noarch-2.txz: Rebuilt.
Allow new-config after slackpkg upgrade itself. Thanks to PiterPUNK.
d/git-2.30.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_62-x86_64-1.txz: Upgraded.
l/jasper-2.0.25-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.16-x86_64-1.txz: Upgraded.
xfce/thunar-4.16.3-x86_64-1.txz: Upgraded.
testing/packages/aaa_glibc-solibs-2.33-x86_64-1_testing.txz: Added.
testing/packages/glibc-2.33-x86_64-1_testing.txz: Added.
This is here for some actual testing - don't go just jumping into this one
all willy-nilly, especially if you're on 32-bit. The internal implementation
of some glibc functions has changed in ways that can break sandboxes that
restrict the allowable functions. So far this is known to affect
qt5-webengine and openssl, and in the case of openssl upgrading to this
version of glibc will lock out ssh access to the machine. I've seen one
mention of the openssh issue online as a comment posted to LWN's article
about the release of glibc-2.33. It says that a patch was submitted upstream,
but I haven't been able to locate a copy yet.
On the qt5 issue, alienBOB has given me a link to this patch:
https://src.fedoraproject.org/rpms/qt5-qtwebengine/blob/09e1adb883639325aa8115dc1fc3e8f5088a2438/f/qtwebengine-everywhere-src-5.15.2-%231904652.patch
If anyone has a fix for openssl on 32-bit, kindly post it to LQ.
testing/packages/glibc-i18n-2.33-x86_64-1_testing.txz: Added.
testing/packages/glibc-profile-2.33-x86_64-1_testing.txz: Added.
Diffstat (limited to 'testing/source/glibc/patches')
-rw-r--r-- | testing/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/testing/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch b/testing/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch new file mode 100644 index 000000000..458369251 --- /dev/null +++ b/testing/source/glibc/patches/0001-nsswitch-return-result-when-nss-database-is-locked.patch @@ -0,0 +1,47 @@ +From c3479fb7939898ec22c655c383454d6e8b982a67 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyfox@gentoo.org> +Date: Fri, 5 Feb 2021 07:32:18 +0000 +Subject: [PATCH] nsswitch: return result when nss database is locked [BZ + #27343] + +Before the change nss_database_check_reload_and_get() did not populate +the '*result' value when it returned success in a case of chroot +detection. This caused initgroups() to use garage pointer in the +following test (extracted from unbound): + +``` + +int main() { + // load some NSS modules + struct passwd * pw = getpwnam("root"); + + chdir("/tmp"); + chroot("/tmp"); + chdir("/"); + // access nsswitch.conf in a chroot + initgroups("root", 0); +} +``` + +Reviewed-by: DJ Delorie <dj@redhat.com> +--- + nss/nss_database.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/nss/nss_database.c b/nss/nss_database.c +index cf0306adc4..e1bef6bd75 100644 +--- a/nss/nss_database.c ++++ b/nss/nss_database.c +@@ -398,8 +398,9 @@ nss_database_check_reload_and_get (struct nss_database_state *local, + && (str.st_ino != local->root_ino + || str.st_dev != local->root_dev))) + { +- /* Change detected; disable reloading. */ ++ /* Change detected; disable reloading and return current state. */ + atomic_store_release (&local->data.reload_disabled, 1); ++ *result = local->data.services[database_index]; + __libc_lock_unlock (local->lock); + __nss_module_disable_loading (); + return true; +-- +2.27.0 |