diff options
author | Eric Hameleers <alien@slackware.com> | 2014-10-24 09:38:45 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2014-10-24 09:38:45 +0000 |
commit | 6653971eff6ab28dc22ead519e3c9931f371183e (patch) | |
tree | 9a26e7590bd95c2e03cdc6cc47ed5b07f9cb26d8 /current | |
parent | f83e64984e39a66630f293c0b18d0eccb37cf848 (diff) | |
download | multilib-6653971eff6ab28dc22ead519e3c9931f371183e.tar.gz multilib-6653971eff6ab28dc22ead519e3c9931f371183e.tar.xz |
Apply security fix from Florian Weimer
Diffstat (limited to 'current')
-rwxr-xr-x | current/glibc/glibc-multilib.SlackBuild | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/current/glibc/glibc-multilib.SlackBuild b/current/glibc/glibc-multilib.SlackBuild index 9957a10..7f688a8 100755 --- a/current/glibc/glibc-multilib.SlackBuild +++ b/current/glibc/glibc-multilib.SlackBuild @@ -171,7 +171,7 @@ apply_patches() { zcat $CWD/glibc-2.10-dns-no-gethostbyname4.diff.gz | patch -p0 --verbose || exit 1 # This reverts a patch that was made to glibc to fix "namespace leakage", # which seems to cause some build failures (e.g. with conntrack): - zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 --verbose || exit 1 + zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 -l --verbose || exit 1 # This partial security patch still applies and might be needed: zcat $CWD/glibc.git-96611391ad8823ba58405325d78cefeae5cdf699-CVE-2010-3847b.patch.gz | patch -p1 --verbose || exit 1 # Make it harder for people to trick ldd into running code: @@ -186,6 +186,8 @@ apply_patches() { ## Avoid the Intel optimized asm routines for now because they break ## the flash player. We'll phase this in when it's safer to do so. #zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1 + # Security hardening patch from Florian Weimer: + patch -p1 --verbose < $CWD/glibc.hardening.diff || exit 1 if [ $BOOTSTRP -eq 1 ] ; then # Multilib - Disable check for forced unwind (Patch from eglibc) since we # do not have a multilib glibc yet to link to; @@ -271,7 +273,7 @@ build_glibc() { --libdir=/usr/lib${LIBDIRSUFFIX} \ --enable-kernel=3.2.29 \ --with-headers=/usr/include \ - --enable-add-ons=libidn,nptl \ + --enable-add-ons \ --enable-obsolete-rpc \ --enable-profile \ $DISABLE_NSCD \ |