diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2017-06-19 23:13:53 +0300 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2017-06-24 02:42:37 -0400 |
commit | 665d6a59161769e10b52ffcbcd5cd2db22f32681 (patch) | |
tree | 0953395f1fc352e029b4c5e3cc052f1bcb9fa620 /gnu/packages/base.scm | |
parent | 13f7f2fd2b208c29361ef2290f55911879a6adf2 (diff) | |
download | guix-665d6a59161769e10b52ffcbcd5cd2db22f32681.tar guix-665d6a59161769e10b52ffcbcd5cd2db22f32681.tar.gz |
gnu: glibc: Add mitigations for CVE-2017-1000366.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field.
(glibc-2.25-patched): New variable.
(glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)[source]: Add patches.
[replacement]: New field.
(glibc-locales)[replacement]: New field.
* gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch,
gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
Modified-By: Mark H Weaver <mhw@netris.org>
Diffstat (limited to 'gnu/packages/base.scm')
-rw-r--r-- | gnu/packages/base.scm | 47 |
1 files changed, 40 insertions, 7 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index fb874ff3f9..2767909805 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014 Alex Kost <alezost@gmail.com> ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com> -;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il> +;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com> ;;; @@ -558,6 +558,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc-2.25-patched) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -904,34 +905,62 @@ GLIBC/HURD for a Hurd host" ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) +(define glibc-2.25-patched + (package + (inherit glibc) + (replacement #f) + (source (origin + (inherit (package-source glibc)) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))))) + (define-public glibc-2.24 (package (inherit glibc) (version "2.24") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")))))) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))))) (define-public glibc-2.23 (package (inherit glibc) (version "2.23") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")))))) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))))) (define-public glibc-2.22 (package (inherit glibc) (version "2.22") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -939,7 +968,10 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) + (patches (search-patches "glibc-ldd-x86_64.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) @@ -955,19 +987,20 @@ GLIBC/HURD for a Hurd host" (package (inherit glibc-2.22) (version "2.21") + (replacement #f) (source (origin - (inherit (package-source glibc)) + (inherit (package-source glibc-2.22)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")) - (patches (search-patches "glibc-ldd-x86_64.patch")))))) + "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")))))) (define-public glibc-locales (package (inherit glibc) (name "glibc-locales") + (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc)))))) |