* glibc 2.5 - patch for GHOST (CVE-2015-0235)
@ 2015-01-01 0:00 czezz
2015-01-01 0:00 ` Carlos O'Donell
0 siblings, 1 reply; 3+ messages in thread
From: czezz @ 2015-01-01 0:00 UTC (permalink / raw)
To: libc-stable
Hello,
I still use old Slackware 12 that runs glibc 2.5 branch.
Due to latest vulnerability: GHOST (CVE-2015-0235) I want to patch my glibc. However, I cannot find sources of the patch for this issue.
Could you please give me information where can I download it ?
Best regards,
czezz
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
2015-01-01 0:00 glibc 2.5 - patch for GHOST (CVE-2015-0235) czezz
@ 2015-01-01 0:00 ` Carlos O'Donell
[not found] ` <2e9c1776.4b615d65.54dc6523.aaa44@o2.pl>
0 siblings, 1 reply; 3+ messages in thread
From: Carlos O'Donell @ 2015-01-01 0:00 UTC (permalink / raw)
To: czezz, libc-stable
On 02/11/2015 11:44 AM, czezz wrote:
> Hello, I still use old Slackware 12 that runs glibc 2.5 branch. Due
> to latest vulnerability: GHOST (CVE-2015-0235) I want to patch my
> glibc. However, I cannot find sources of the patch for this issue.
>
> Could you please give me information where can I download it ?
The fix is commit d5dd6189d506068ed11c8bfa1e1e9bffde04decd.
c.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
[not found] ` <54DCC0BF.8000000@redhat.com>
@ 2015-01-01 0:00 ` czezz
0 siblings, 0 replies; 3+ messages in thread
From: czezz @ 2015-01-01 0:00 UTC (permalink / raw)
To: =?UTF-8?Q?libc-help
Hello,
I would very appreciate if someone could tell me if I have created .diff file in a correct way/manner.
I executed:
git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > glibc.CVE-2015-0235.diff
Here it is: https://www.dropbox.com/s/15rndtw0t0lfi05/glibc.CVE-2015-0235.diff?dl=0
Secondly I tried to add this patch to my Slackware 12 glibc repository (taken from following link).
mirrors.slackware.com/slackware/slackware-12.0/patches/source/glibc/glibc.SlackBuild
NOTE!!! This is glibc 2.5 repository and it already contains following patches:
# Use old-style locale directories rather than a single (and strangely
# formatted) /usr/lib/locale/locale-archive file:
zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1
# Fix NIS netgroups:
zcat $CWD/glibc.nis-netgroups.diff.gz | patch -p1 --verbose || exit 1
# Evidently glibc never expected Linux kernel versions to be in the
# format 1.2.3.4. This patch makes glibc consider the kernel version
# to be only the first three digit groups found, and drops any
# trailing non-digit characters:
zcat $CWD/glibc.kernelversion.diff.gz | patch -p1 --verbose || exit 1
# Support ru_RU.CP1251 locale:
zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1
# Support sa_IN locale:
zcat $CWD/glibc.sa_IN.diff.gz | patch -p1 --verbose || exit 1
# Fix missing MAX macro in getcwd.c:
zcat $CWD/glibc.getcwd.max.macro.diff.gz | patch -p1 --verbose || exit 1
# This fixes a security issue in glibc 2.12.1 and earlier:
zcat $CWD/glibc.CVE-2010-3847.diff.gz | patch -p1 --verbose || exit 1
# This fixes a security issue in glibc 2.12.1 and earlier:
zcat $CWD/glibc.CVE-2010-3856.diff.gz | patch -p1 --verbose || exit 1
At the end I have added mine:
echo "adding patch: glibc.CVE-2015-0235.diff.gz "
zcat $CWD/glibc.CVE-2015-0235.diff.gz | patch -p1 --verbose || exit 1
But then during patching I faced that many problems - you can see it hereunder.
I guess this is either wrongly built .diff file by me or I am missing some previous patches before I add glibc.CVE-2015-0235.diff ?
I would say it is the second case as I can see two last patches comment: "This fixes a security issue in glibc 2.12.1 and earlier". Can someone please help me to figure it out ?
adding patch: glibc.CVE-2015-0235.diff.gz:
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/Makefile
|+++ b/nss/Makefile
--------------------------
Patching file nss/Makefile using Plan A...
Hunk #1 FAILED at 37.
1 out of 1 hunk FAILED -- saving rejects to file nss/Makefile.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/digits_dots.c
|+++ b/nss/digits_dots.c
--------------------------
Patching file nss/digits_dots.c using Plan A...
Hunk #1 succeeded at 47 (offset 1 line).
Hunk #2 succeeded at 86.
Hunk #3 succeeded at 115 (offset 1 line).
Hunk #4 succeeded at 154.
Hunk #5 succeeded at 198 (offset 1 line).
Hunk #6 succeeded at 208.
Hunk #7 succeeded at 224 (offset 1 line).
Hunk #8 succeeded at 234.
Hunk #9 succeeded at 247 (offset 1 line).
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/getXXbyYY_r.c
|+++ b/nss/getXXbyYY_r.c
--------------------------
Patching file nss/getXXbyYY_r.c using Plan A...
Hunk #1 succeeded at 149 (offset -30 lines).
Hunk #2 FAILED at 261.
1 out of 2 hunks FAILED -- saving rejects to file nss/getXXbyYY_r.c.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|
|--- /dev/null
|+++ b/nss/test-digits-dots.c
--------------------------
Patching file nss/test-digits-dots.c using Plan A...
Hunk #1 succeeded at 1.
done
Best regards,
czezz
Dnia 12 lutego 2015 16:03 "Carlos O'Donell" <carlos@redhat.com> napisał(a):
>
> > On 02/12/2015 03:32 AM, czezz wrote:
> > thank you for your answer.
>
> I have moved this discussion to libc-help.
>
> It seems you are quite new at this process. I would suggest
> that you seek help from a local experienced developer who
> can guide you through the process you are attempting.
>
> One way to get the glibc sources and patch is like this:
>
> mkdir -p ~/src
> cd ~/src
> git clone
> git clone git://sourceware.org/git/glibc.git
> cd glibc
> git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > ghost.patch
>
> The other way is by direct URL referencing the commit id:
>
> https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd;hp=fef94eab0bd308d5059a2588c753bf9a4926845d
>
> Cheers,
> Carlos.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-03-30 14:45 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-01-01 0:00 glibc 2.5 - patch for GHOST (CVE-2015-0235) czezz
2015-01-01 0:00 ` Carlos O'Donell
[not found] ` <2e9c1776.4b615d65.54dc6523.aaa44@o2.pl>
[not found] ` <54DCC0BF.8000000@redhat.com>
2015-01-01 0:00 ` czezz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).