* glibc 2.5 - patch for GHOST (CVE-2015-0235) @ 2015-01-01 0:00 czezz 2015-01-01 0:00 ` Carlos O'Donell 0 siblings, 1 reply; 3+ messages in thread From: czezz @ 2015-01-01 0:00 UTC (permalink / raw) To: libc-stable Hello, I still use old Slackware 12 that runs glibc 2.5 branch. Due to latest vulnerability: GHOST (CVE-2015-0235) I want to patch my glibc. However, I cannot find sources of the patch for this issue. Could you please give me information where can I download it ? Best regards, czezz ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: glibc 2.5 - patch for GHOST (CVE-2015-0235) 2015-01-01 0:00 glibc 2.5 - patch for GHOST (CVE-2015-0235) czezz @ 2015-01-01 0:00 ` Carlos O'Donell [not found] ` <2e9c1776.4b615d65.54dc6523.aaa44@o2.pl> 0 siblings, 1 reply; 3+ messages in thread From: Carlos O'Donell @ 2015-01-01 0:00 UTC (permalink / raw) To: czezz, libc-stable On 02/11/2015 11:44 AM, czezz wrote: > Hello, I still use old Slackware 12 that runs glibc 2.5 branch. Due > to latest vulnerability: GHOST (CVE-2015-0235) I want to patch my > glibc. However, I cannot find sources of the patch for this issue. > > Could you please give me information where can I download it ? The fix is commit d5dd6189d506068ed11c8bfa1e1e9bffde04decd. c. ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <2e9c1776.4b615d65.54dc6523.aaa44@o2.pl>]
[parent not found: <54DCC0BF.8000000@redhat.com>]
* Re: glibc 2.5 - patch for GHOST (CVE-2015-0235) [not found] ` <54DCC0BF.8000000@redhat.com> @ 2015-01-01 0:00 ` czezz 0 siblings, 0 replies; 3+ messages in thread From: czezz @ 2015-01-01 0:00 UTC (permalink / raw) To: =?UTF-8?Q?libc-help Hello, I would very appreciate if someone could tell me if I have created .diff file in a correct way/manner. I executed: git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > glibc.CVE-2015-0235.diff Here it is: https://www.dropbox.com/s/15rndtw0t0lfi05/glibc.CVE-2015-0235.diff?dl=0 Secondly I tried to add this patch to my Slackware 12 glibc repository (taken from following link). mirrors.slackware.com/slackware/slackware-12.0/patches/source/glibc/glibc.SlackBuild NOTE!!! This is glibc 2.5 repository and it already contains following patches: # Use old-style locale directories rather than a single (and strangely # formatted) /usr/lib/locale/locale-archive file: zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1 # Fix NIS netgroups: zcat $CWD/glibc.nis-netgroups.diff.gz | patch -p1 --verbose || exit 1 # Evidently glibc never expected Linux kernel versions to be in the # format 1.2.3.4. This patch makes glibc consider the kernel version # to be only the first three digit groups found, and drops any # trailing non-digit characters: zcat $CWD/glibc.kernelversion.diff.gz | patch -p1 --verbose || exit 1 # Support ru_RU.CP1251 locale: zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1 # Support sa_IN locale: zcat $CWD/glibc.sa_IN.diff.gz | patch -p1 --verbose || exit 1 # Fix missing MAX macro in getcwd.c: zcat $CWD/glibc.getcwd.max.macro.diff.gz | patch -p1 --verbose || exit 1 # This fixes a security issue in glibc 2.12.1 and earlier: zcat $CWD/glibc.CVE-2010-3847.diff.gz | patch -p1 --verbose || exit 1 # This fixes a security issue in glibc 2.12.1 and earlier: zcat $CWD/glibc.CVE-2010-3856.diff.gz | patch -p1 --verbose || exit 1 At the end I have added mine: echo "adding patch: glibc.CVE-2015-0235.diff.gz " zcat $CWD/glibc.CVE-2015-0235.diff.gz | patch -p1 --verbose || exit 1 But then during patching I faced that many problems - you can see it hereunder. I guess this is either wrongly built .diff file by me or I am missing some previous patches before I add glibc.CVE-2015-0235.diff ? I would say it is the second case as I can see two last patches comment: "This fixes a security issue in glibc 2.12.1 and earlier". Can someone please help me to figure it out ? adding patch: glibc.CVE-2015-0235.diff.gz: Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- a/nss/Makefile |+++ b/nss/Makefile -------------------------- Patching file nss/Makefile using Plan A... Hunk #1 FAILED at 37. 1 out of 1 hunk FAILED -- saving rejects to file nss/Makefile.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- a/nss/digits_dots.c |+++ b/nss/digits_dots.c -------------------------- Patching file nss/digits_dots.c using Plan A... Hunk #1 succeeded at 47 (offset 1 line). Hunk #2 succeeded at 86. Hunk #3 succeeded at 115 (offset 1 line). Hunk #4 succeeded at 154. Hunk #5 succeeded at 198 (offset 1 line). Hunk #6 succeeded at 208. Hunk #7 succeeded at 224 (offset 1 line). Hunk #8 succeeded at 234. Hunk #9 succeeded at 247 (offset 1 line). Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- |--- a/nss/getXXbyYY_r.c |+++ b/nss/getXXbyYY_r.c -------------------------- Patching file nss/getXXbyYY_r.c using Plan A... Hunk #1 succeeded at 149 (offset -30 lines). Hunk #2 FAILED at 261. 1 out of 2 hunks FAILED -- saving rejects to file nss/getXXbyYY_r.c.rej Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -------------------------- | |--- /dev/null |+++ b/nss/test-digits-dots.c -------------------------- Patching file nss/test-digits-dots.c using Plan A... Hunk #1 succeeded at 1. done Best regards, czezz Dnia 12 lutego 2015 16:03 "Carlos O'Donell" <carlos@redhat.com> napisał(a): > > > On 02/12/2015 03:32 AM, czezz wrote: > > thank you for your answer. > > I have moved this discussion to libc-help. > > It seems you are quite new at this process. I would suggest > that you seek help from a local experienced developer who > can guide you through the process you are attempting. > > One way to get the glibc sources and patch is like this: > > mkdir -p ~/src > cd ~/src > git clone > git clone git://sourceware.org/git/glibc.git > cd glibc > git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > ghost.patch > > The other way is by direct URL referencing the commit id: > > https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd;hp=fef94eab0bd308d5059a2588c753bf9a4926845d > > Cheers, > Carlos. ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-30 14:45 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2015-01-01 0:00 glibc 2.5 - patch for GHOST (CVE-2015-0235) czezz 2015-01-01 0:00 ` Carlos O'Donell [not found] ` <2e9c1776.4b615d65.54dc6523.aaa44@o2.pl> [not found] ` <54DCC0BF.8000000@redhat.com> 2015-01-01 0:00 ` czezz
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).