aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/base.scm
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2017-06-19 23:13:53 +0300
committerMark H Weaver <mhw@netris.org>2017-06-24 02:42:37 -0400
commit665d6a59161769e10b52ffcbcd5cd2db22f32681 (patch)
tree0953395f1fc352e029b4c5e3cc052f1bcb9fa620 /gnu/packages/base.scm
parent13f7f2fd2b208c29361ef2290f55911879a6adf2 (diff)
downloadguix-665d6a59161769e10b52ffcbcd5cd2db22f32681.tar
guix-665d6a59161769e10b52ffcbcd5cd2db22f32681.tar.gz
gnu: glibc: Add mitigations for CVE-2017-1000366.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc-2.25-patched): New variable. (glibc-2.24, glibc-2.23, glibc-2.22, glibc-2.21)[source]: Add patches. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. Modified-By: Mark H Weaver <mhw@netris.org>
Diffstat (limited to 'gnu/packages/base.scm')
-rw-r--r--gnu/packages/base.scm47
1 files changed, 40 insertions, 7 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index fb874ff3f9..2767909805 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -5,7 +5,7 @@
;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
;;;
@@ -558,6 +558,7 @@ store.")
(package
(name "glibc")
(version "2.25")
+ (replacement glibc-2.25-patched)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -904,34 +905,62 @@ GLIBC/HURD for a Hurd host"
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
+(define glibc-2.25-patched
+ (package
+ (inherit glibc)
+ (replacement #f)
+ (source (origin
+ (inherit (package-source glibc))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"))))))
+
(define-public glibc-2.24
(package
(inherit glibc)
(version "2.24")
+ (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))))))
+ "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"))))))
(define-public glibc-2.23
(package
(inherit glibc)
(version "2.23")
+ (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))))))
+ "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-o-largefile.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"))))))
(define-public glibc-2.22
(package
(inherit glibc)
(version "2.22")
+ (replacement #f)
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -939,7 +968,10 @@ GLIBC/HURD for a Hurd host"
(sha256
(base32
"0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb"))
- (patches (search-patches "glibc-ldd-x86_64.patch"))))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"))))
(arguments
(substitute-keyword-arguments (package-arguments glibc)
((#:phases phases)
@@ -955,19 +987,20 @@ GLIBC/HURD for a Hurd host"
(package
(inherit glibc-2.22)
(version "2.21")
+ (replacement #f)
(source (origin
- (inherit (package-source glibc))
+ (inherit (package-source glibc-2.22))
(uri (string-append "mirror://gnu/glibc/glibc-"
version ".tar.xz"))
(sha256
(base32
- "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))
- (patches (search-patches "glibc-ldd-x86_64.patch"))))))
+ "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))))))
(define-public glibc-locales
(package
(inherit glibc)
(name "glibc-locales")
+ (replacement #f)
(source (origin (inherit (package-source glibc))
(patches (cons (search-patch "glibc-locales.patch")
(origin-patches (package-source glibc))))))