From 349756955a1b7300a3ad25f6648adee0891ac812 Mon Sep 17 00:00:00 2001 From: mgb01105731 Date: Tue, 27 May 2025 15:28:12 +0800 Subject: [PATCH] add patch to fix CVE-2025-4802 --- 1095-fix-CVE-2025-4802.patch | 69 ++++++++++++++++++++++++++++++++++++ glibc.spec | 7 +++- 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 1095-fix-CVE-2025-4802.patch diff --git a/1095-fix-CVE-2025-4802.patch b/1095-fix-CVE-2025-4802.patch new file mode 100644 index 0000000..5d96257 --- /dev/null +++ b/1095-fix-CVE-2025-4802.patch @@ -0,0 +1,69 @@ +From 2deb71a733498055a88a85b9f0dc11bcc7a1c406 Mon Sep 17 00:00:00 2001 +From: mgb01105731 +Date: Tue, 27 May 2025 03:46:23 -0400 +Subject: [PATCH 1/1] fix CVE-2025-4802 + +--- + elf/dl-support.c | 32 ++++++++++++++++---------------- + 1 file changed, 16 insertions(+), 16 deletions(-) + +diff --git a/elf/dl-support.c b/elf/dl-support.c +index 44a54dea..c568068e 100644 +--- a/elf/dl-support.c ++++ b/elf/dl-support.c +@@ -276,8 +276,6 @@ _dl_non_dynamic_init (void) + _dl_main_map.l_phdr = GL(dl_phdr); + _dl_main_map.l_phnum = GL(dl_phnum); + +- _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1; +- + /* Set up the data structures for the system-supplied DSO early, + so they can influence _dl_init_paths. */ + setup_vdso (NULL, NULL); +@@ -285,6 +283,22 @@ _dl_non_dynamic_init (void) + /* With vDSO setup we can initialize the function pointers. */ + setup_vdso_pointers (); + ++ if (__libc_enable_secure) ++ { ++ static const char unsecure_envvars[] = ++ UNSECURE_ENVVARS ++ ; ++ const char *cp = unsecure_envvars; ++ ++ while (cp < unsecure_envvars + sizeof (unsecure_envvars)) ++ { ++ __unsetenv (cp); ++ cp = strchr (cp, '\0') + 1; ++ } ++ } ++ ++ _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1; ++ + /* Initialize the data structures for the search paths for shared + objects. */ + _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH", +@@ -306,20 +320,6 @@ _dl_non_dynamic_init (void) + _dl_profile_output + = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0]; + +- if (__libc_enable_secure) +- { +- static const char unsecure_envvars[] = +- UNSECURE_ENVVARS +- ; +- const char *cp = unsecure_envvars; +- +- while (cp < unsecure_envvars + sizeof (unsecure_envvars)) +- { +- __unsetenv (cp); +- cp = strchr (cp, '\0') + 1; +- } +- } +- + #ifdef DL_PLATFORM_INIT + DL_PLATFORM_INIT; + #endif +-- +2.41.0 + diff --git a/glibc.spec b/glibc.spec index 90da0b2..f869c1b 100644 --- a/glibc.spec +++ b/glibc.spec @@ -1,4 +1,4 @@ -%define anolis_release 7 +%define anolis_release 8 %bcond_without testsuite %bcond_without benchtests @@ -113,6 +113,8 @@ Patch0192: 0092-fix-cve-2024-33599.patch Patch0193: 0093-fix-cve-2024-33600.patch #https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845 Patch0194: 1094-Fix-CVE-2025-0395.patch +# https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5451fa962cd0a90a0e2ec1d8910a559ace02bba0 +Patch0195: 1095-fix-CVE-2025-4802.patch # Part 3000 ~ 4999 Patch3000: LoongArch-Redefine-macro-LEAF-ENTRY.patch @@ -1116,6 +1118,9 @@ update_gconv_modules_cache () %{_libdir}/libpthread_nonshared.a %changelog +* Tue May 27 2025 mgb01105731 - 2.38-8 +- Add patch to fix CVE-2025-4802 + * Fri May 09 2025 mgb01105731 - 2.38-7 - Add patch to fix CVE-2025-0395 -- Gitee