[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
14/94: gnu: glibc: Update to 2.30.
|
From: |
guix-commits |
|
Subject: |
14/94: gnu: glibc: Update to 2.30. |
|
Date: |
Thu, 5 Dec 2019 12:15:28 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit 0b3df5c913af91bc196bb8cb41783126e55bf5a0
Author: Marius Bakke <address@hidden>
Date: Fri Nov 29 17:44:25 2019 +0100
gnu: glibc: Update to 2.30.
* gnu/packages/patches/glibc-CVE-2019-19126.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/base.scm (glibc): Update to 2.30.
[source](patches): Adjust for 2.30.
(glibc-2.29): New public variable.
---
gnu/local.mk | 1 +
gnu/packages/base.scm | 28 ++++++++++++++++++++-----
gnu/packages/patches/glibc-CVE-2019-19126.patch | 22 +++++++++++++++++++
3 files changed, 46 insertions(+), 5 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index fef7fd1..25dfef3 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -906,6 +906,7 @@ dist_patch_DATA =
\
%D%/packages/patches/glibc-CVE-2018-11237.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \
%D%/packages/patches/glibc-CVE-2019-9169.patch \
+ %D%/packages/patches/glibc-CVE-2019-19126.patch \
%D%/packages/patches/glibc-allow-kernel-2.6.32.patch \
%D%/packages/patches/glibc-boot-2.16.0.patch \
%D%/packages/patches/glibc-boot-2.2.5.patch \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index a444213..caaa042 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -567,13 +567,13 @@ the store.")
;; version 2.28, GNU/Hurd used a different glibc branch.
(package
(name "glibc")
- (version "2.29")
+ (version "2.30")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
(sha256
(base32
- "0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
+ "1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@@ -585,9 +585,7 @@ the store.")
#t))
(modules '((guix build utils)))
(patches (search-patches "glibc-ldd-x86_64.patch"
- "glibc-CVE-2019-7309.patch"
- "glibc-CVE-2019-9169.patch"
- "glibc-2.29-git-updates.patch"
+ "glibc-CVE-2019-19126.patch"
"glibc-hidden-visibility-ldconfig.patch"
"glibc-versioned-locpath.patch"
"glibc-allow-kernel-2.6.32.patch"
@@ -819,6 +817,26 @@ with the Linux kernel.")
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
+(define-public glibc-2.29
+ (package
+ (inherit glibc)
+ (version "2.29")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "mirror://gnu/glibc/glibc-" version
".tar.xz"))
+ (sha256
+ (base32
+ "0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-CVE-2019-7309.patch"
+ "glibc-CVE-2019-9169.patch"
+ "glibc-2.29-git-updates.patch"
+ "glibc-hidden-visibility-ldconfig.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-allow-kernel-2.6.32.patch"
+
"glibc-reinstate-prlimit64-fallback.patch"
+ "glibc-supported-locales.patch"))))))
+
(define-public glibc-2.28
(package
(inherit glibc)
diff --git a/gnu/packages/patches/glibc-CVE-2019-19126.patch
b/gnu/packages/patches/glibc-CVE-2019-19126.patch
new file mode 100644
index 0000000..5b9ac58
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2019-19126.patch
@@ -0,0 +1,22 @@
+Fix CVE-2019-19126:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
+https://sourceware.org/bugzilla/show_bug.cgi?id=25204
+
+Taken from upstream:
+https://sourceware.org/git/?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398
+
+diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+index 975cbe2..df2cdfd 100644
+--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+@@ -31,7 +31,8 @@
+ environment variable, LD_PREFER_MAP_32BIT_EXEC. */
+ #define EXTRA_LD_ENVVARS \
+ case 21: \
+- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
++ if (!__libc_enable_secure \
++ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
+ GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
+ |= bit_arch_Prefer_MAP_32BIT_EXEC; \
+ break;
- 28/94: gnu: libtasn1: Update to 4.15.0., (continued)
- 28/94: gnu: libtasn1: Update to 4.15.0., guix-commits, 2019/12/05
- 39/94: gnu: python-fonttools: Update to 4.2.0., guix-commits, 2019/12/05
- 49/94: gnu: libxcomposite: Do not build static libraries., guix-commits, 2019/12/05
- 41/94: gnu: harfbuzz: Update to 2.6.4., guix-commits, 2019/12/05
- 54/94: gnu: libxpm: Do not build static libraries., guix-commits, 2019/12/05
- 74/94: gnu: xcb-util: Do not build static libraries., guix-commits, 2019/12/05
- 78/94: gnu: xcb-util-renderutil: Do not build static libraries., guix-commits, 2019/12/05
- 73/94: gnu: libxaw: Do not build static libraries., guix-commits, 2019/12/05
- 86/94: gnu: xorgproto: Update to 2019.2., guix-commits, 2019/12/05
- 13/94: gnu: jbig2dec: Update to 0.17., guix-commits, 2019/12/05
- 14/94: gnu: glibc: Update to 2.30.,
guix-commits <=
- 15/94: gnu: zstd: Update to 1.4.4., guix-commits, 2019/12/05
- 22/94: gnu: readline: Add a version parameter to patch procedures., guix-commits, 2019/12/05
- 18/94: gnu: libffi: Update to 3.3., guix-commits, 2019/12/05
- 31/94: gnu: Remove cmake/fixed., guix-commits, 2019/12/05
- 24/94: gnu: icu4c: Update to 65.1., guix-commits, 2019/12/05
- 36/94: gnu: libspiro: Update to 20190731., guix-commits, 2019/12/05
- 35/94: gnu: meson: Update to 0.52.1., guix-commits, 2019/12/05
- 34/94: gnu: doxygen: Update to 1.8.16., guix-commits, 2019/12/05
- 32/94: gnu: CMake: Update to 3.16.0., guix-commits, 2019/12/05
- 38/94: gnu: libxslt: Update to 1.1.34., guix-commits, 2019/12/05