Apply security fix from Florian Weimer

1 files changed, 4 insertions, 2 deletions

diff --git a/current/glibc/glibc-multilib.SlackBuild b/current/glibc/glibc-multilib.SlackBuild
index 9957a10..7f688a8 100755
--- a/current/glibc/glibc-multilib.SlackBuild
+++ b/current/glibc/glibc-multilib.SlackBuild
@@ -171,7 +171,7 @@ apply_patches() {
   zcat $CWD/glibc-2.10-dns-no-gethostbyname4.diff.gz | patch -p0 --verbose || exit 1
   # This reverts a patch that was made to glibc to fix "namespace leakage",
   # which seems to cause some build failures (e.g. with conntrack):
-  zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 --verbose || exit 1
+  zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 -l --verbose || exit 1
   # This partial security patch still applies and might be needed:
   zcat $CWD/glibc.git-96611391ad8823ba58405325d78cefeae5cdf699-CVE-2010-3847b.patch.gz | patch -p1 --verbose || exit 1
   # Make it harder for people to trick ldd into running code:
@@ -186,6 +186,8 @@ apply_patches() {
   ## Avoid the Intel optimized asm routines for now because they break
   ## the flash player.  We'll phase this in when it's safer to do so.
   #zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1
+  # Security hardening patch from Florian Weimer:
+  patch -p1 --verbose < $CWD/glibc.hardening.diff || exit 1
   if [ $BOOTSTRP -eq 1 ] ; then
     # Multilib - Disable check for forced unwind (Patch from eglibc) since we
     # do not have a multilib glibc yet to link to;
@@ -271,7 +273,7 @@ build_glibc() {
     --libdir=/usr/lib${LIBDIRSUFFIX} \
     --enable-kernel=3.2.29 \
     --with-headers=/usr/include \
-    --enable-add-ons=libidn,nptl \
+    --enable-add-ons \
     --enable-obsolete-rpc \
     --enable-profile \
     $DISABLE_NSCD \