[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27429: Stack clash (CVE-2017-1000366 etc)
From: |
Mark H Weaver |
Subject: |
bug#27429: Stack clash (CVE-2017-1000366 etc) |
Date: |
Mon, 26 Jun 2017 07:19:12 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) |
Hi Ludovic,
address@hidden (Ludovic Courtès) writes:
> Mark H Weaver <address@hidden> skribis:
>
>> I tried to copy the .drv files for the grafted 'glibc-final' and
>> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to
>> ask Hydra to build it, but both "guix copy" and "guix archive --export"
>> failed:
>>
>> address@hidden ~$ guix copy address@hidden
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv
>> sending 11 store items to 'localhost'...
>> guix copy: error: corrupt input while restoring archive from #<closed: file
>> 231bbd0>
>> address@hidden ~$ guix archive --export
>> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv
>> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv >
>> GRAFTED-GLIBC-DRVS.nar
>> guix archive: error: corrupt input while restoring archive from #<closed:
>> file 17e9d20>
>
> Apparently they got built at some point.
Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build
a grafted 'hello' for all three hydra-supported platforms. This
entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'.
I then ran:
guix challenge --substitute-urls=https://hydra.gnu.org /gnu/store/...
to generate narinfo requests for the relevant outputs, on the theory
that this would cause guix-publish to build NARs. (Am I right?)
> As for the problems above: error reporting in ‘guix copy’ is suboptimal
> (help welcome!), and the ‘guix archive --export’ problem looks like a
> bug; could you report it?
Sure.
>> I'm concerned that i686 and armhf users are going to have a rude
>> awakening when they not only have to build two variants of glibc, but
>> also a bunch of the early bootstrap because the NARs are not available
>> on Hydra. It would be good if someone could take care of that.
>
> Doing:
>
> $ ./pre-inst-env guix build -e '(begin (use-modules (guix))
> (package-replacement (@@ (gnu packages commencement) glibc-final)))' -s
> i686-linux --log-file --no-grafts
> https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv
>
>
> I see that glibc fails to build on i686 (but I think you’ve just fixed
> it?):
Yes, I fixed the i686 problem in commit
ffc015bea26f24d862e7e877d907fbe1ab9a9967. FYI, this problem was
reported as a separate bug, which is now closed:
https://bugs.gnu.org/27489
Thanks,
Mark
- bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)], (continued)
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/23
- bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/24
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/26
- bug#27429: Stack clash (CVE-2017-1000366 etc),
Mark H Weaver <=
- bug#27429: Stack clash (CVE-2017-1000366 etc), Ludovic Courtès, 2017/06/27
- bug#27429: Stack clash (CVE-2017-1000366 etc), Leo Famulari, 2017/06/28
bug#27429: Stack clash (CVE-2017-1000366 etc), Mark H Weaver, 2017/06/19
bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check, Danny Milosavljevic, 2017/06/25