From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 19 Jun 2017 17:09:55 +0200
Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
 programs [BZ #21624]

LD_LIBRARY_PATH can only be used to reorder system search paths, which
is not useful functionality.

This makes an exploitable unbounded alloca in _dl_init_paths unreachable
for AT_SECURE=1 programs.

patch from:
https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d
---
 ChangeLog  | 7 +++++++
 elf/rtld.c | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/elf/rtld.c b/elf/rtld.c
index 2446a87..2269dbe 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep)
 
 	case 12:
 	  /* The library search path.  */
-	  if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
+	  if (!__libc_enable_secure
+	      && memcmp (envline, "LIBRARY_PATH", 12) == 0)
 	    {
 	      library_path = &envline[13];
 	      break;
-- 
2.9.3

uix/'>summary</a><a href='/guix/refs/?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>refs</a><a class='active' href='/guix/log/gnu/packages/unicode.scm'>log</a><a href='/guix/tree/gnu/packages/unicode.scm?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>tree</a><a href='/guix/commit/gnu/packages/unicode.scm?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>commit</a><a href='/guix/diff/gnu/packages/unicode.scm?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/unicode.scm'>
<input type='hidden' name='id' value='7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>root</a>/<a href='/guix/log/gnu?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>gnu</a>/<a href='/guix/log/gnu/packages?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>packages</a>/<a href='/guix/log/gnu/packages/unicode.scm?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0'>unicode.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/unicode.scm?id=7eb9176a6e5b116bc244a08ddd72d15cfeeb3ba0&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2021-12-28 15:03:37 +0100'>2021-12-28</span></td><td><a href='/guix/commit/gnu/packages/unicode.scm?id=7074b9af03a91a79eb508f30fc28a709256d5aaf'>gnu: Add libunibreak.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/unicode.scm (libunibreak): New variable.

Signed-off-by: Nicolas Goaziou &lt;mail@nicolasgoaziou.fr&gt;
</span></span></td><td>Felix Gruber</td></tr>
<tr><td><span title='2021-12-28 15:03:17 +0100'>2021-12-28</span></td><td><a href='/guix/commit/gnu/packages/unicode.scm?id=e2e39d2c2fb68ef9960b628969f9f9f770cc61ac'>gnu: Add ucd-next.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/unicode.scm (ucd-next): New variable.

Signed-off-by: Nicolas Goaziou &lt;mail@nicolasgoaziou.fr&gt;
</span></span></td><td>Felix Gruber</td></tr>
<tr><td><span title='2021-09-25 09:34:36 +0200'>2021-09-25</span></td><td><a href='/guix/commit/gnu/packages/unicode.scm?id=719bbcc15e2216b59bde34f297b92ceb9d349ce0'>Update copyright assignments for Liliana Marie Prikler.</a><span class='msg-avail'>...<span class='msg-tooltip'>* doc/guix.texi: Update copyright name for Liliana Marie Prikler.
* gnu/packages/build-tools.scm: Update copyright name and email for Liliana
Marie Prikler.
* gnu/packages/convmv.scm: Likewise.
* gnu/packages/emacs-xyz.scm: Likewise.
* gnu/packages/emacs.scm: Likewise.
* gnu/packages/esolangs.scm: Likewise.
* gnu/packages/game-development.scm: Likewise.
* gnu/packages/games.scm: Likewise.
* gnu/packages/gnome-xyz.scm: Likewise.
* gnu/packages/gnome.scm: Likewise.
* gnu/packages/gstreamer.scm: Likewise.
* gnu/packages/guile-xyz.scm: Likewise.
* gnu/packages/minetest.scm: Likewise.
* gnu/packages/music.scm: Likewise.
* gnu/packages/patches/minetest-add-MINETEST_MOD_PATH.patch: Likewise.
* gnu/packages/patches/ppsspp-disable-upgrade-and-gold.patch: Likewise.
* gnu/packages/patches/webkitgtk-bind-all-fonts.patch: Likewise.
* gnu/packages/python-xyz.scm: Likewise.
* gnu/packages/unicode.scm: Likewise.
* gnu/packages/xorg.scm: Likewise.
* gnu/services/sound.scm: Likewise.
* guix/build-system/renpy.scm: Likewise.
* guix/build/emacs-utils.scm: Likewise.
* guix/build/renpy-build-system.scm: Likewise.
</span></span></td><td>Liliana Marie Prikler</td></tr>