[CentOS] Glibc sources?

Mon Mar 2 16:38:26 UTC 2015
ANDY KENNEDY <ANDY.KENNEDY at adtran.com>

> > I'm tasked with reconstructing the CentOS version of the GlibC library for testing with
> > gethostbyname().  My mission is to show that we are not affected by the latest exploit for
> > the product we are shipping targeted for RHEL and CentOS.  To do so, I want to equip
> > gethostbyname() with additional code.
> 
> Do you plan on shipping this updated glibc as part of the product, or is
> this simply for testing? If you plan to distribute/ship an updated
> glibc, that's probably going to raise a few eyebrows and anger a few
> sysadmins.

No release.  Only testing.

> 
> > My objective is to rebuild from source the EXACT version of GlibC for CentOS 6.6.
> > Afterwards, I will make my changes in the code, rebuild and complete my testing.
> >
> > libc.so.6 reports:
> > GNU C Library stable release version 2.12, by Roland McGrath et al.
> > Copyright (C) 2010 Free Software Foundation, Inc.
> > This is free software; see the source for copying conditions.
> > There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> > PARTICULAR PURPOSE.
> > Compiled by GNU CC version 4.4.7 20120313 (Red Hat 4.4.7-11).
> > Compiled on a Linux 2.6.32 system on 2015-01-27.
> > Available extensions:
> >         The C stubs add-on version 2.1.2.
> >         crypt add-on version 2.1 by Michael Glad and others
> >         GNU Libidn by Simon Josefsson
> >         Native POSIX Threads Library by Ulrich Drepper et al
> >         BIND-8.2.3-T5B
> >         RT using linux kernel aio
> > libc ABIs: UNIQUE IFUNC
> > For bug reporting instructions, please see:
> > <http://www.gnu.org/software/libc/bugs.html>.
> >
> > But, when looking through the source code for this version on the CentOS servers I only see:
> > <http://vault.centos.org/6.6/updates/Source/SPackages/>
> > [ ]	glibc-2.12-1.149.el6_6.4.src.rpm	07-Jan-2015 22:45 	15M
> > [ ]	glibc-2.12-1.149.el6_6.5.src.rpm	27-Jan-2015 23:13 	15M
> >
> > Please point me to the correct source tarball, and all required patches so that I can
> > reconstruct my loaded version of GlibC.  A yum command is also acceptable.
> 
> Those src.rpms contain the source and the patches. You may want to read
> over http://wiki.centos.org/HowTos/RebuildSRPM for info.

Great!  Thank you Jim Perrin, Frank Cox, Earl A Ramirez and Stphen Harris for your
responses.

Andy