From 990ff97c6d82eb27486ec8dc3e9dbc453da88aa8 Mon Sep 17 00:00:00 2001
From: Vladimír Čunát <vcunat@gmail.com>
Date: Sun, 14 Jan 2018 20:39:49 +0100
Subject: glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001

/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
---
 pkgs/development/libraries/glibc/2.26-115to131.diff.gz | Bin 0 -> 20022 bytes
 pkgs/development/libraries/glibc/common.nix            |   7 +++++--
 2 files changed, 5 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/development/libraries/glibc/2.26-115to131.diff.gz

(limited to 'pkgs/development/libraries/glibc')

diff --git a/pkgs/development/libraries/glibc/2.26-115to131.diff.gz b/pkgs/development/libraries/glibc/2.26-115to131.diff.gz
new file mode 100644
index 00000000000..3d866c567a7
Binary files /dev/null and b/pkgs/development/libraries/glibc/2.26-115to131.diff.gz differ
diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix
index cfec3209b98..f68970ae13e 100644
--- a/pkgs/development/libraries/glibc/common.nix
+++ b/pkgs/development/libraries/glibc/common.nix
@@ -20,7 +20,7 @@
 
 let
   version = "2.26";
-  patchSuffix = "-115";
+  patchSuffix = "-131";
   sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
   cross = if buildPlatform != hostPlatform then hostPlatform else null;
 in
@@ -48,6 +48,9 @@ stdenv.mkDerivation ({
       */
       ./2.26-75.patch.gz
       ./2.26-75to115.diff.gz
+      # contains fix for CVE-2018-1000001 as the last commit:
+      # https://sourceware.org/git/?p=glibc.git;a=commit;h=fabef2edbc
+      ./2.26-115to131.diff.gz
 
       /* Have rpcgen(1) look for cpp(1) in $PATH.  */
       ./rpcgen-path.patch
@@ -73,7 +76,7 @@ stdenv.mkDerivation ({
         and we lose early mismatch detection on 2.6.32.
 
         On major glibc updates we should check that the patched kernel supports
-        all the required features.  ATM it's verified up to glibc-2.26-115.
+        all the required features.  ATM it's verified up to glibc-2.26-131.
         # HOWTO: check glibc sources for changes in kernel requirements
         git log -p glibc-2.25.. sysdeps/unix/sysv/linux/x86_64/kernel-features.h sysdeps/unix/sysv/linux/kernel-features.h
         # get kernel sources (update the URL)
-- 
cgit 1.4.1