LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 01-28-2015, 09:35 AM   #1
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 458

Rep: Reputation: 78
Patch testing - glibc with the posted patch in security thread


Hello,

For those who want to test the glibc patch posted by mancha in the Slackware security thread.

http://www.linuxquestions.org/questi...00/page22.html

1. Download your version of glibc source. For example:
Code:
wget -r --no-parent http://slackware.osuosl.org/slackware64-14.1/source/l/glibc/
2. Download the patch posted by mancha in the glibc directory (downloaded in the first step):
glibc-patch

3. Edit the glibc.SlackBuild script and run it to build your new glibc package. Add the following line at the end of the patching section in the script:
Code:
patch -p1 --verbose < $TEMP-DIR/glibc-2.17_CVE-2015-0235.diff || exit 1
Note the $TEMP-DIR is the directory of the glibc source which you downloaded in the first step.
The patch line can be added after these lines in glibc.SlackBuild script:
Code:
  # posix_memalign/memalign/aligned_alloc (CVE-2013-4332).
  zcat $CWD/glibc.CVE-2013-4332.diff.gz | patch -p1 --verbose || exit 1

IMPORTANT - DO NOT USE THIS FOR PRODUCTION SYSTEM. I TESTED IT ONLY IN MY LAB WHERE THE PATCH WAS SUCCESSFUL!
The purpose was to test the vulnerability.

Thanks Mancha!
 
Old 01-28-2015, 11:40 AM   #2
mancha
Member
 
Registered: Aug 2012
Posts: 484

Rep: Reputation: Disabled
Hi Hua.

You're welcome for the patches.

Updating glibc should not be done by those unfamiliar with the process - it is not for novices. If you're not comfortable with this,
wait for Slackware to push official upgrades.

That said, thank you for putting together a brief "how-to". I do have an important correction, though. For Slackware 14.1, you should
use the build files from the patches directory (not the L dir) so you have Slackware's latest glibc security update from 20141024.

The following are instructions for Slackware 14.1:
  1. Get build files and new patches

    Code:
    # mkdir mypackages && cd mypackages
    # lftp -c "open http://slackware.osuosl.org/slackware-14.1/patches/source; mirror -c --parallel=3 -n -X *.mirrorlist glibc"
    # cd glibc
    # wget http://sf.net/projects/mancha/files/sec/glibc-2.17_CVE-2014-7817.diff
    # wget http://sf.net/projects/mancha/files/sec/glibc-2.17_CVE-2014-9402.diff
    # wget http://sf.net/projects/mancha/files/sec/glibc-2.17_CVE-2015-0235.diff
  2. Edit Slackbuild

    Using your favorite editor open glibc.SlackBuild and change the BUILD (line 27) to "9_patched". Also, add the following four
    lines to the end of apply_patches() (line 207). It should look like this after adding the lines in red:

    Code:
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2014-5119.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2014-6040.diff || exit 1
      # Security hardening patch from Florian Weimer:
      patch -p1 --verbose < $CWD/glibc-2.17_hardening.diff || exit 1
      # Bugfix patch for optimization in gcc-4.8+:
      patch -p1 --verbose < $CWD/glibc-2.17_gcc48-unsafe-optim.diff || exit 1
      # New security patches
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2014-7817.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2014-9402.diff || exit 1
      patch -p1 --verbose < $CWD/glibc-2.17_CVE-2015-0235.diff || exit 1
    }
    
    # This is going to be the initial $DESTDIR:
    export PKG=$TMP/package-glibc-incoming-tree
  3. Build

    Code:
    # sh glibc.SlackBuild
New packages will be in /glibc-$COOKIE. A similar process can be followed for those running current.


--mancha
 
2 members found this post helpful.
Old 01-28-2015, 03:29 PM   #3
hua
Member
 
Registered: Oct 2006
Location: Slovak Republic
Distribution: Slackware 14.2, current
Posts: 458

Original Poster
Rep: Reputation: 78
Thanks for the correction. I can see that the official patches are already available.
Thanks guys!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Glibc-2.17 PAX+PIE patch fluffybunnyuk Linux From Scratch 0 05-13-2013 09:45 AM
How do i patch 2.4.21-37 kernel with antidote2 security patch suchi Linux - Kernel 4 09-05-2006 02:29 AM
LXer: Patch testing LXer Syndicated Linux News 0 02-22-2006 05:46 AM
syntax error in glibc patch Furlinastis Linux From Scratch 1 11-01-2005 10:59 PM
glibc patch for sscanf.c jarin scott Linux - Software 2 08-03-2003 02:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 03:26 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration