diff options
-rwxr-xr-x | current/glibc/glibc-multilib.SlackBuild | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/current/glibc/glibc-multilib.SlackBuild b/current/glibc/glibc-multilib.SlackBuild index 9957a10..7f688a8 100755 --- a/current/glibc/glibc-multilib.SlackBuild +++ b/current/glibc/glibc-multilib.SlackBuild @@ -171,7 +171,7 @@ apply_patches() { zcat $CWD/glibc-2.10-dns-no-gethostbyname4.diff.gz | patch -p0 --verbose || exit 1 # This reverts a patch that was made to glibc to fix "namespace leakage", # which seems to cause some build failures (e.g. with conntrack): - zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 --verbose || exit 1 + zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 -l --verbose || exit 1 # This partial security patch still applies and might be needed: zcat $CWD/glibc.git-96611391ad8823ba58405325d78cefeae5cdf699-CVE-2010-3847b.patch.gz | patch -p1 --verbose || exit 1 # Make it harder for people to trick ldd into running code: @@ -186,6 +186,8 @@ apply_patches() { ## Avoid the Intel optimized asm routines for now because they break ## the flash player. We'll phase this in when it's safer to do so. #zcat $CWD/glibc.disable.broken.optimized.memcpy.diff.gz | patch -p1 --verbose || exit 1 + # Security hardening patch from Florian Weimer: + patch -p1 --verbose < $CWD/glibc.hardening.diff || exit 1 if [ $BOOTSTRP -eq 1 ] ; then # Multilib - Disable check for forced unwind (Patch from eglibc) since we # do not have a multilib glibc yet to link to; @@ -271,7 +273,7 @@ build_glibc() { --libdir=/usr/lib${LIBDIRSUFFIX} \ --enable-kernel=3.2.29 \ --with-headers=/usr/include \ - --enable-add-ons=libidn,nptl \ + --enable-add-ons \ --enable-obsolete-rpc \ --enable-profile \ $DISABLE_NSCD \ |