This is the mail archive of the
libc-help@sourceware.org
mailing list for the glibc project.
Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
- From: czezz <czezz at o2 dot pl>
- To: libc-help at sourceware dot org<libc-help at sourceware dot org>, Carlos O'Donell<carlos at redhat dot com>, libc-stable at sourceware dot org
- Date: Mon, 30 Mar 2015 16:45:23 +0200
- Subject: Re: glibc 2.5 - patch for GHOST (CVE-2015-0235)
- Authentication-results: sourceware.org; auth=none
- References: <1de689ab dot 4c262918 dot 54db86d1 dot e1dc3 at o2 dot pl> <54DB9333 dot 3080104 at redhat dot com> <2e9c1776 dot 4b615d65 dot 54dc6523 dot aaa44 at o2 dot pl> <54DCC0BF dot 8000000 at redhat dot com>
Hello,
I would very appreciate if someone could tell me if I have created .diff file in a correct way/manner.
I executed:
git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > glibc.CVE-2015-0235.diff
Here it is: https://www.dropbox.com/s/15rndtw0t0lfi05/glibc.CVE-2015-0235.diff?dl=0
Secondly I tried to add this patch to my Slackware 12 glibc repository (taken from following link).
mirrors.slackware.com/slackware/slackware-12.0/patches/source/glibc/glibc.SlackBuild
NOTE!!! This is glibc 2.5 repository and it already contains following patches:
Â
 # Use old-style locale directories rather than a single (and strangely
 # formatted) /usr/lib/locale/locale-archive file:
 zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1
 # Fix NIS netgroups:
 zcat $CWD/glibc.nis-netgroups.diff.gz | patch -p1 --verbose || exit 1
 # Evidently glibc never expected Linux kernel versions to be in the
 # format 1.2.3.4. This patch makes glibc consider the kernel version
 # to be only the first three digit groups found, and drops any
 # trailing non-digit characters:
 zcat $CWD/glibc.kernelversion.diff.gz | patch -p1 --verbose || exit 1
 # Support ru_RU.CP1251 locale:
 zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1
 # Support sa_IN locale:
 zcat $CWD/glibc.sa_IN.diff.gz | patch -p1 --verbose || exit 1
 # Fix missing MAX macro in getcwd.c:
 zcat $CWD/glibc.getcwd.max.macro.diff.gz | patch -p1 --verbose || exit 1
 # This fixes a security issue in glibc 2.12.1 and earlier:
 zcat $CWD/glibc.CVE-2010-3847.diff.gz | patch -p1 --verbose || exit 1
 # This fixes a security issue in glibc 2.12.1 and earlier:
 zcat $CWD/glibc.CVE-2010-3856.diff.gz | patch -p1 --verbose || exit 1
At the end I have added mine:
 echo "adding patch: glibc.CVE-2015-0235.diff.gz "
 zcat $CWD/glibc.CVE-2015-0235.diff.gz | patch -p1 --verbose || exit 1
But then during patching I faced that many problems - you can see it hereunder.
I guess this is either wrongly built .diff file by me or I am missing some previous patches before I add glibc.CVE-2015-0235.diff ?
I would say it is the second case as I can see two last patches comment: "This fixes a security issue in glibc 2.12.1 and earlier". Can someone please help me to figure it out ?
adding patch: glibc.CVE-2015-0235.diff.gz:
Â
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/Makefile
|+++ b/nss/Makefile
--------------------------
Patching file nss/Makefile using Plan A...
Hunk #1 FAILED at 37.
1 out of 1 hunk FAILED -- saving rejects to file nss/Makefile.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/digits_dots.c
|+++ b/nss/digits_dots.c
--------------------------
Patching file nss/digits_dots.c using Plan A...
Hunk #1 succeeded at 47 (offset 1 line).
Hunk #2 succeeded at 86.
Hunk #3 succeeded at 115 (offset 1 line).
Hunk #4 succeeded at 154.
Hunk #5 succeeded at 198 (offset 1 line).
Hunk #6 succeeded at 208.
Hunk #7 succeeded at 224 (offset 1 line).
Hunk #8 succeeded at 234.
Hunk #9 succeeded at 247 (offset 1 line).
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- a/nss/getXXbyYY_r.c
|+++ b/nss/getXXbyYY_r.c
--------------------------
Patching file nss/getXXbyYY_r.c using Plan A...
Hunk #1 succeeded at 149 (offset -30 lines).
Hunk #2 FAILED at 261.
1 out of 2 hunks FAILED -- saving rejects to file nss/getXXbyYY_r.c.rej
Hmm... The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|
|--- /dev/null
|+++ b/nss/test-digits-dots.c
--------------------------
Patching file nss/test-digits-dots.c using Plan A...
Hunk #1 succeeded at 1.
done
Best regards,
czezz
Dnia 12 lutego 2015 16:03 "Carlos O'Donell" <carlos@redhat.com> napisaÅ(a):
>
> > On 02/12/2015 03:32 AM, czezz wrote:
> > thank you for your answer.
>
> I have moved this discussion to libc-help.
>
> It seems you are quite new at this process. I would suggest
> that you seek help from a local experienced developer who
> can guide you through the process you are attempting.
>
> One way to get the glibc sources and patch is like this:
>
> mkdir -p ~/src
> cd ~/src
> git clone
> git clone git://sourceware.org/git/glibc.git
> cd glibc
> git diff d5dd6189d506068ed11c8bfa1e1e9bffde04decd^..d5dd6189d506068ed11c8bfa1e1e9bffde04decd > ghost.patch
>
> The other way is by direct URL referencing the commit id:
>
> https://sourceware.org/git/?p=glibc.git;a=commitdiff_plain;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd;hp=fef94eab0bd308d5059a2588c753bf9a4926845d
>
> Cheers,
> Carlos.