[CentOS] Glibc sources?

Sun Mar 1 22:18:22 UTC 2015
Jim Perrin <jperrin at centos.org>


On 02/27/2015 12:49 PM, ANDY KENNEDY wrote:
> All,
> 
> Please excuse any ignorance in this e-mail as I am not a RH/CentOS/Fedora user and may
> blunder my way through the correct terminology for my request.

No problem.

> I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
> gethostbyname().  My mission is to show that we are not affected by the latest exploit for
> the product we are shipping targeted for RHEL and CentOS.  To do so, I want to equip
> gethostbyname() with additional code.

Do you plan on shipping this updated glibc as part of the product, or is
this simply for testing? If you plan to distribute/ship an updated
glibc, that's probably going to raise a few eyebrows and anger a few
sysadmins.

> My objective is to rebuild from source the EXACT version of GlibC for CentOS 6.6.
> Afterwards, I will make my changes in the code, rebuild and complete my testing.
> 
> libc.so.6 reports:
> GNU C Library stable release version 2.12, by Roland McGrath et al.
> Copyright (C) 2010 Free Software Foundation, Inc.
> This is free software; see the source for copying conditions.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> Compiled by GNU CC version 4.4.7 20120313 (Red Hat 4.4.7-11).
> Compiled on a Linux 2.6.32 system on 2015-01-27.
> Available extensions:
>         The C stubs add-on version 2.1.2.
>         crypt add-on version 2.1 by Michael Glad and others
>         GNU Libidn by Simon Josefsson
>         Native POSIX Threads Library by Ulrich Drepper et al
>         BIND-8.2.3-T5B
>         RT using linux kernel aio
> libc ABIs: UNIQUE IFUNC
> For bug reporting instructions, please see:
> <http://www.gnu.org/software/libc/bugs.html>.
> 
> But, when looking through the source code for this version on the CentOS servers I only see:
> <http://vault.centos.org/6.6/updates/Source/SPackages/>
> [ ]	glibc-2.12-1.149.el6_6.4.src.rpm	07-Jan-2015 22:45 	15M	 
> [ ]	glibc-2.12-1.149.el6_6.5.src.rpm	27-Jan-2015 23:13 	15M	 
> 
> Please point me to the correct source tarball, and all required patches so that I can
> reconstruct my loaded version of GlibC.  A yum command is also acceptable.

Those src.rpms contain the source and the patches. You may want to read
over http://wiki.centos.org/HowTos/RebuildSRPM for info.

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77