diff options
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/base.scm | 15 | ||||
-rw-r--r-- | gnu/packages/patches/glibc-CVE-2014-5119.patch | 212 |
2 files changed, 7 insertions, 220 deletions
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index cbe115f8a8..5ecff76252 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -357,14 +357,14 @@ library for working with executable and object formats is also included.") (define-public glibc (package (name "glibc") - (version "2.19") + (version "2.20") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "18m2dssd6ja5arxmdxinc90xvpqcsnqjfwmjl2as07j0i3srff9d")) + "19bbyfc2gcxr9rihrkkbd3p362i608yhlyrr7icqsa6cmr16sjzq")) (snippet ;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is ;; required on LFS distros to avoid loading the distro's libc.so @@ -373,8 +373,7 @@ library for working with executable and object formats is also included.") (("use_ldconfig=yes") "use_ldconfig=no"))) (modules '((guix build utils))) - (patches (list (search-patch "glibc-CVE-2014-5119.patch") - (search-patch "glibc-ldd-x86_64.patch"))))) + (patches (list (search-patch "glibc-ldd-x86_64.patch"))))) (build-system gnu-build-system) ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc @@ -405,10 +404,10 @@ library for working with executable and object formats is also included.") (assoc-ref %build-inputs "linux-headers") "/include") - ;; The default is to assume a 2.4 Linux interface, but we'll - ;; always use something newer. See "kernel-features.h" in the - ;; GNU libc for details. - "--enable-kernel=2.6.30" + ;; This is the default for most architectures as of GNU libc 2.20, + ;; but we specify it explicitly for clarity and consistency. See + ;; "kernel-features.h" in the GNU libc for details. + "--enable-kernel=2.6.32" ;; Use our Bash instead of /bin/sh. (string-append "BASH_SHELL=" diff --git a/gnu/packages/patches/glibc-CVE-2014-5119.patch b/gnu/packages/patches/glibc-CVE-2014-5119.patch deleted file mode 100644 index de063a2da5..0000000000 --- a/gnu/packages/patches/glibc-CVE-2014-5119.patch +++ /dev/null @@ -1,212 +0,0 @@ -Remove support for loadable gconv transliteration modules. -The support for transliteration modules has been non-functional for -over a decade, and the removal is prompted by security defects. The -normal gconv conversion modules are still supported. Transliteration -with //TRANSLIT is still possible, and the //IGNORE specifier -continues to be supported. (CVE-2014-5119) - -Based on upstream commits a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8 -and f9df71e895d3552d557e783fdb9d133328195645 -by Florian Weimer <fweimer@redhat.com>. - ---- glibc-2.19/ChangeLog.orig 2014-02-07 04:04:38.000000000 -0500 -+++ glibc-2.19/ChangeLog 2014-08-26 14:35:12.368861387 -0400 -@@ -1,3 +1,10 @@ -+2014-08-26 Florian Weimer <fweimer@redhat.com> -+ -+ [BZ #17187] -+ * iconv/gconv_trans.c (struct known_trans, search_tree, lock, -+ trans_compare, open_translit, __gconv_translit_find): -+ Remove module loading code. -+ - 2014-02-06 Carlos O'Donell <carlos@redhat.com> - - [BZ #16529] ---- glibc-2.19/iconv/gconv_trans.c.orig 2014-02-07 04:04:38.000000000 -0500 -+++ glibc-2.19/iconv/gconv_trans.c 2014-08-26 14:37:26.269525364 -0400 -@@ -238,181 +238,12 @@ - return __GCONV_ILLEGAL_INPUT; - } - -- --/* Structure to represent results of found (or not) transliteration -- modules. */ --struct known_trans --{ -- /* This structure must remain the first member. */ -- struct trans_struct info; -- -- char *fname; -- void *handle; -- int open_count; --}; -- -- --/* Tree with results of previous calls to __gconv_translit_find. */ --static void *search_tree; -- --/* We modify global data. */ --__libc_lock_define_initialized (static, lock); -- -- --/* Compare two transliteration entries. */ --static int --trans_compare (const void *p1, const void *p2) --{ -- const struct known_trans *s1 = (const struct known_trans *) p1; -- const struct known_trans *s2 = (const struct known_trans *) p2; -- -- return strcmp (s1->info.name, s2->info.name); --} -- -- --/* Open (maybe reopen) the module named in the struct. Get the function -- and data structure pointers we need. */ --static int --open_translit (struct known_trans *trans) --{ -- __gconv_trans_query_fct queryfct; -- -- trans->handle = __libc_dlopen (trans->fname); -- if (trans->handle == NULL) -- /* Not available. */ -- return 1; -- -- /* Find the required symbol. */ -- queryfct = __libc_dlsym (trans->handle, "gconv_trans_context"); -- if (queryfct == NULL) -- { -- /* We cannot live with that. */ -- close_and_out: -- __libc_dlclose (trans->handle); -- trans->handle = NULL; -- return 1; -- } -- -- /* Get the context. */ -- if (queryfct (trans->info.name, &trans->info.csnames, &trans->info.ncsnames) -- != 0) -- goto close_and_out; -- -- /* Of course we also have to have the actual function. */ -- trans->info.trans_fct = __libc_dlsym (trans->handle, "gconv_trans"); -- if (trans->info.trans_fct == NULL) -- goto close_and_out; -- -- /* Now the optional functions. */ -- trans->info.trans_init_fct = -- __libc_dlsym (trans->handle, "gconv_trans_init"); -- trans->info.trans_context_fct = -- __libc_dlsym (trans->handle, "gconv_trans_context"); -- trans->info.trans_end_fct = -- __libc_dlsym (trans->handle, "gconv_trans_end"); -- -- trans->open_count = 1; -- -- return 0; --} -- -- - int - internal_function - __gconv_translit_find (struct trans_struct *trans) - { -- struct known_trans **found; -- const struct path_elem *runp; -- int res = 1; -- -- /* We have to have a name. */ -- assert (trans->name != NULL); -- -- /* Acquire the lock. */ -- __libc_lock_lock (lock); -- -- /* See whether we know this module already. */ -- found = __tfind (trans, &search_tree, trans_compare); -- if (found != NULL) -- { -- /* Is this module available? */ -- if ((*found)->handle != NULL) -- { -- /* Maybe we have to reopen the file. */ -- if ((*found)->handle != (void *) -1) -- /* The object is not unloaded. */ -- res = 0; -- else if (open_translit (*found) == 0) -- { -- /* Copy the data. */ -- *trans = (*found)->info; -- (*found)->open_count++; -- res = 0; -- } -- } -- } -- else -- { -- size_t name_len = strlen (trans->name) + 1; -- int need_so = 0; -- struct known_trans *newp; -- -- /* We have to continue looking for the module. */ -- if (__gconv_path_elem == NULL) -- __gconv_get_path (); -- -- /* See whether we have to append .so. */ -- if (name_len <= 4 || memcmp (&trans->name[name_len - 4], ".so", 3) != 0) -- need_so = 1; -- -- /* Create a new entry. */ -- newp = (struct known_trans *) malloc (sizeof (struct known_trans) -- + (__gconv_max_path_elem_len -- + name_len + 3) -- + name_len); -- if (newp != NULL) -- { -- char *cp; -- -- /* Clear the struct. */ -- memset (newp, '\0', sizeof (struct known_trans)); -- -- /* Store a copy of the module name. */ -- newp->info.name = cp = (char *) (newp + 1); -- cp = __mempcpy (cp, trans->name, name_len); -- -- newp->fname = cp; -- -- /* Search in all the directories. */ -- for (runp = __gconv_path_elem; runp->name != NULL; ++runp) -- { -- cp = __mempcpy (__stpcpy ((char *) newp->fname, runp->name), -- trans->name, name_len); -- if (need_so) -- memcpy (cp, ".so", sizeof (".so")); -- -- if (open_translit (newp) == 0) -- { -- /* We found a module. */ -- res = 0; -- break; -- } -- } -- -- if (res) -- newp->fname = NULL; -- -- /* In any case we'll add the entry to our search tree. */ -- if (__tsearch (newp, &search_tree, trans_compare) == NULL) -- { -- /* Yickes, this should not happen. Unload the object. */ -- res = 1; -- /* XXX unload here. */ -- } -- } -- } -- -- __libc_lock_unlock (lock); -- -- return res; -+ /* Transliteration module loading has been removed because it never -+ worked as intended and suffered from a security vulnerability. -+ Consequently, this function always fails. */ -+ return 1; - } |