gnu: glibc: Update to 2.30.
* gnu/packages/patches/glibc-CVE-2019-19126.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/base.scm (glibc): Update to 2.30. [source](patches): Adjust for 2.30. (glibc-2.29): New public variable.
This commit is contained in:
Marius Bakke
parent
5d229b4963
commit
0b3df5c913
|
|
@ -906,6 +906,7 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/glibc-CVE-2018-11237.patch \
|
||||
%D%/packages/patches/glibc-CVE-2019-7309.patch \
|
||||
%D%/packages/patches/glibc-CVE-2019-9169.patch \
|
||||
%D%/packages/patches/glibc-CVE-2019-19126.patch \
|
||||
%D%/packages/patches/glibc-allow-kernel-2.6.32.patch \
|
||||
%D%/packages/patches/glibc-boot-2.16.0.patch \
|
||||
%D%/packages/patches/glibc-boot-2.2.5.patch \
|
||||
|
|
|
|||
|
|
@ -567,13 +567,13 @@ the store.")
|
|||
;; version 2.28, GNU/Hurd used a different glibc branch.
|
||||
(package
|
||||
(name "glibc")
|
||||
(version "2.29")
|
||||
(version "2.30")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
|
||||
"1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"))
|
||||
(snippet
|
||||
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
|
||||
;; required on LFS distros to avoid loading the distro's libc.so
|
||||
|
|
@ -585,9 +585,7 @@ the store.")
|
|||
#t))
|
||||
(modules '((guix build utils)))
|
||||
(patches (search-patches "glibc-ldd-x86_64.patch"
|
||||
"glibc-CVE-2019-7309.patch"
|
||||
"glibc-CVE-2019-9169.patch"
|
||||
"glibc-2.29-git-updates.patch"
|
||||
"glibc-CVE-2019-19126.patch"
|
||||
"glibc-hidden-visibility-ldconfig.patch"
|
||||
"glibc-versioned-locpath.patch"
|
||||
"glibc-allow-kernel-2.6.32.patch"
|
||||
|
|
@ -819,6 +817,26 @@ with the Linux kernel.")
|
|||
;; Below are old libc versions, which we use mostly to build locale data in
|
||||
;; the old format (which the new libc cannot cope with.)
|
||||
|
||||
(define-public glibc-2.29
|
||||
(package
|
||||
(inherit glibc)
|
||||
(version "2.29")
|
||||
(source (origin
|
||||
(inherit (package-source glibc))
|
||||
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
|
||||
(patches (search-patches "glibc-ldd-x86_64.patch"
|
||||
"glibc-CVE-2019-7309.patch"
|
||||
"glibc-CVE-2019-9169.patch"
|
||||
"glibc-2.29-git-updates.patch"
|
||||
"glibc-hidden-visibility-ldconfig.patch"
|
||||
"glibc-versioned-locpath.patch"
|
||||
"glibc-allow-kernel-2.6.32.patch"
|
||||
"glibc-reinstate-prlimit64-fallback.patch"
|
||||
"glibc-supported-locales.patch"))))))
|
||||
|
||||
(define-public glibc-2.28
|
||||
(package
|
||||
(inherit glibc)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,22 @@
|
|||
Fix CVE-2019-19126:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
|
||||
|
||||
Taken from upstream:
|
||||
https://sourceware.org/git/?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398
|
||||
|
||||
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
||||
index 975cbe2..df2cdfd 100644
|
||||
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
||||
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
|
||||
@@ -31,7 +31,8 @@
|
||||
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
|
||||
#define EXTRA_LD_ENVVARS \
|
||||
case 21: \
|
||||
- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
||||
+ if (!__libc_enable_secure \
|
||||
+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
|
||||
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|
||||
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
|
||||
break;
|
||||
Loading…
Reference in New Issue