From f7d7d5a011d5518e0fe0b4342e29f428ad1140d7 Mon Sep 17 00:00:00 2001
From: mgb01105731 <mgb01105731@alibaba-inc.com>
Date: Wed, 28 May 2025 09:43:18 +0800
Subject: [PATCH] add patch to fix CVE-2025-4802

---
 1095-fix-CVE-2025-4802.patch | 69 ++++++++++++++++++++++++++++++++++++
 glibc.spec                   |  9 +++--
 2 files changed, 76 insertions(+), 2 deletions(-)
 create mode 100644 1095-fix-CVE-2025-4802.patch

diff --git a/1095-fix-CVE-2025-4802.patch b/1095-fix-CVE-2025-4802.patch
new file mode 100644
index 0000000..82d3e9b
--- /dev/null
+++ b/1095-fix-CVE-2025-4802.patch
@@ -0,0 +1,69 @@
+From 83fb4cf5959daa29a5c94a1971235e01f7cebac3 Mon Sep 17 00:00:00 2001
+From: mgb01105731 <mgb01105731@alibaba-inc.com>
+Date: Tue, 27 May 2025 22:20:47 -0400
+Subject: [PATCH 1/1] fix CVE-2025-4802 a23
+
+---
+ elf/dl-support.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/elf/dl-support.c b/elf/dl-support.c
+index 44a54dea..d57e6505 100644
+--- a/elf/dl-support.c
++++ b/elf/dl-support.c
+@@ -276,8 +276,6 @@ _dl_non_dynamic_init (void)
+   _dl_main_map.l_phdr = GL(dl_phdr);
+   _dl_main_map.l_phnum = GL(dl_phnum);
+ 
+-  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
+-
+   /* Set up the data structures for the system-supplied DSO early,
+      so they can influence _dl_init_paths.  */
+   setup_vdso (NULL, NULL);
+@@ -285,6 +283,22 @@ _dl_non_dynamic_init (void)
+   /* With vDSO setup we can initialize the function pointers.  */
+   setup_vdso_pointers ();
+ 
++  if (__libc_enable_secure)
++    {
++      static const char unsecure_envvars[] =
++	UNSECURE_ENVVARS
++	;
++      const char *cp = unsecure_envvars;
++
++      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
++	{
++	  __unsetenv (cp);
++	  cp = strchr (cp, '\0') + 1;
++	}
++    }
++
++  _dl_verbose = *(getenv ("LD_WARN") ?: "") == '\0' ? 0 : 1;
++
+   /* Initialize the data structures for the search paths for shared
+      objects.  */
+   _dl_init_paths (getenv ("LD_LIBRARY_PATH"), "LD_LIBRARY_PATH",
+@@ -306,20 +320,6 @@ _dl_non_dynamic_init (void)
+     _dl_profile_output
+       = &"/var/tmp\0/var/profile"[__libc_enable_secure ? 9 : 0];
+ 
+-  if (__libc_enable_secure)
+-    {
+-      static const char unsecure_envvars[] =
+-	UNSECURE_ENVVARS
+-	;
+-      const char *cp = unsecure_envvars;
+-
+-      while (cp < unsecure_envvars + sizeof (unsecure_envvars))
+-	{
+-	  __unsetenv (cp);
+-	  cp = strchr (cp, '\0') + 1;
+-	}
+-    }
+-
+ #ifdef DL_PLATFORM_INIT
+   DL_PLATFORM_INIT;
+ #endif
+-- 
+2.41.0
+
diff --git a/glibc.spec b/glibc.spec
index 2afc698..4c81d8e 100644
--- a/glibc.spec
+++ b/glibc.spec
@@ -1,4 +1,4 @@
-%define anolis_release 9
+%define anolis_release 10
 
 %bcond_without testsuite
 %bcond_without benchtests
@@ -105,8 +105,10 @@ Patch0189: 0089-CVE-2023-6780.patch
 Patch0190: 0090-CVE-2024-2961.patch
 # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=71af8ca864345d39b746d5cee84b94b430fad5db
 Patch0191: 0091-CVE-2024-33602.patch
-
+# #https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845
 Patch0192: 1094-Fix-CVE-2025-0395.patch
+# https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5451fa962cd0a90a0e2ec1d8910a559ace02bba0
+Patch0193: 1095-fix-CVE-2025-4802.patch
 
 # Part 3000 ~ 4999
 Patch3000: LoongArch-Redefine-macro-LEAF-ENTRY.patch
@@ -1125,6 +1127,9 @@ update_gconv_modules_cache ()
 %{_libdir}/libpthread_nonshared.a
 
 %changelog
+* Wed May 28 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 2.38-10
+- Add patch to fix CVE-2025-4802
+
 * Tue May 27 2025 mgb01105731 <mgb01105731@alibaba-inc.com> - 2.38-9
 - Add patch to fix CVE-2025-0395
 
-- 
Gitee