diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2018-01-14 20:39:49 +0100 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2018-01-14 20:41:43 +0100 |
commit | 990ff97c6d82eb27486ec8dc3e9dbc453da88aa8 (patch) | |
tree | 716541c80702dd3f3812f6dac8916740f797b8dc | |
parent | 6ed0fe7e450def967685ec11b789bfe32002d1c1 (diff) | |
download | nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar.gz nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar.bz2 nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar.lz nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar.xz nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.tar.zst nixpkgs-990ff97c6d82eb27486ec8dc3e9dbc453da88aa8.zip |
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
-rw-r--r-- | pkgs/development/libraries/glibc/2.26-115to131.diff.gz | bin | 0 -> 20022 bytes | |||
-rw-r--r-- | pkgs/development/libraries/glibc/common.nix | 7 |
2 files changed, 5 insertions, 2 deletions
diff --git a/pkgs/development/libraries/glibc/2.26-115to131.diff.gz b/pkgs/development/libraries/glibc/2.26-115to131.diff.gz new file mode 100644 index 00000000000..3d866c567a7 --- /dev/null +++ b/pkgs/development/libraries/glibc/2.26-115to131.diff.gz Binary files differdiff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index cfec3209b98..f68970ae13e 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -20,7 +20,7 @@ let version = "2.26"; - patchSuffix = "-115"; + patchSuffix = "-131"; sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5"; cross = if buildPlatform != hostPlatform then hostPlatform else null; in @@ -48,6 +48,9 @@ stdenv.mkDerivation ({ */ ./2.26-75.patch.gz ./2.26-75to115.diff.gz + # contains fix for CVE-2018-1000001 as the last commit: + # https://sourceware.org/git/?p=glibc.git;a=commit;h=fabef2edbc + ./2.26-115to131.diff.gz /* Have rpcgen(1) look for cpp(1) in $PATH. */ ./rpcgen-path.patch @@ -73,7 +76,7 @@ stdenv.mkDerivation ({ and we lose early mismatch detection on 2.6.32. On major glibc updates we should check that the patched kernel supports - all the required features. ATM it's verified up to glibc-2.26-115. + all the required features. ATM it's verified up to glibc-2.26-131. # HOWTO: check glibc sources for changes in kernel requirements git log -p glibc-2.25.. sysdeps/unix/sysv/linux/x86_64/kernel-features.h sysdeps/unix/sysv/linux/kernel-features.h # get kernel sources (update the URL) |