summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2017-10-21 23:00:01 +0200
committerMarius Bakke <mbakke@fastmail.com>2017-10-22 23:13:09 +0200
commit60e29339d8389e678bb9ca4bd3420ee9ee88bdf2 (patch)
tree299e17e7b1c9144cf49b396f83d0dc7decb562d1
parent65fc5bf07dff1eb90b6feb161fb4e37360c6e54d (diff)
downloadpatches-60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.tar
patches-60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.tar.gz
gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.
* gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc/fixed): New variable. (glibc-2.24, glibc-2.23, glibc-2.22)[source](patches): Add 'glibc-CVE-2017-15670-15671.patch'.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/base.scm13
-rw-r--r--gnu/packages/patches/glibc-CVE-2017-15670-15671.patch27
3 files changed, 41 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a4e3426f55..6b70300fff 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -665,6 +665,7 @@ dist_patch_DATA = \
%D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
%D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
%D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
+ %D%/packages/patches/glibc-CVE-2017-15670-15671.patch \
%D%/packages/patches/glibc-bootstrap-system.patch \
%D%/packages/patches/glibc-ldd-x86_64.patch \
%D%/packages/patches/glibc-locales.patch \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index bc745351af..9cb628d8d7 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -528,6 +528,7 @@ store.")
(package
(name "glibc")
(version "2.25")
+ (replacement glibc/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -786,6 +787,15 @@ GLIBC/HURD for a Hurd host"
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
+(define glibc/fixed
+ (package
+ (inherit glibc)
+ (source (origin
+ (inherit (package-source glibc))
+ (patches (append
+ (origin-patches (package-source glibc))
+ (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
+
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
@@ -805,6 +815,7 @@ GLIBC/HURD for a Hurd host"
"glibc-o-largefile.patch"
"glibc-vectorized-strcspn-guards.patch"
"glibc-CVE-2015-5180.patch"
+ "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -828,6 +839,7 @@ GLIBC/HURD for a Hurd host"
"glibc-CVE-2016-3075.patch"
"glibc-CVE-2016-3706.patch"
"glibc-CVE-2016-4429.patch"
+ "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -850,6 +862,7 @@ GLIBC/HURD for a Hurd host"
"glibc-CVE-2016-3075.patch"
"glibc-CVE-2016-3706.patch"
"glibc-CVE-2016-4429.patch"
+ "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
new file mode 100644
index 0000000000..76d688c517
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-15670:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
+https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+https://bugzilla.redhat.com/show_bug.cgi?id=1504804
+
+And CVE-2017-15671:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
+https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
+
+Copied from upstream:
+<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
+
+diff --git a/posix/glob.c b/posix/glob.c
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -843,7 +843,7 @@
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }