gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.

author Marius Bakke <mbakke@fastmail.com>

Sat, 21 Oct 2017 21:00:01 +0000 (23:00 +0200)

committer Marius Bakke <mbakke@fastmail.com>

Sun, 22 Oct 2017 21:13:09 +0000 (23:13 +0200)
author Marius Bakke <mbakke@fastmail.com>
Sat, 21 Oct 2017 21:00:01 +0000 (23:00 +0200)
committer Marius Bakke <mbakke@fastmail.com>
Sun, 22 Oct 2017 21:13:09 +0000 (23:13 +0200)
diff --git a/gnu/local.mk b/gnu/local.mk

index a4e3426..6b70300 100644 (file)
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -665,6 +665,7 @@ dist_patch_DATA =                                           \
    %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch                \
    %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch                \
    %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch                \
+  %D%/packages/patches/glibc-CVE-2017-15670-15671.patch                \
    %D%/packages/patches/glibc-bootstrap-system.patch            \
    %D%/packages/patches/glibc-ldd-x86_64.patch                  \
    %D%/packages/patches/glibc-locales.patch                     \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm

index bc74535..9cb628d 100644 (file)
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -528,6 +528,7 @@ store.")
    (package
     (name "glibc")
     (version "2.25")
+   (replacement glibc/fixed)
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -786,6 +787,15 @@ GLIBC/HURD for a Hurd host"
  (define-syntax glibc
    (identifier-syntax (glibc-for-target)))
  
+(define glibc/fixed
+  (package
+    (inherit glibc)
+    (source (origin
+              (inherit (package-source glibc))
+              (patches (append
+                        (origin-patches (package-source glibc))
+                        (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
+
  ;; Below are old libc versions, which we use mostly to build locale data in
  ;; the old format (which the new libc cannot cope with.)
  
@@ -805,6 +815,7 @@ GLIBC/HURD for a Hurd host"
                                         "glibc-o-largefile.patch"
                                         "glibc-vectorized-strcspn-guards.patch"
                                         "glibc-CVE-2015-5180.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                         "glibc-CVE-2017-1000366-pt1.patch"
                                         "glibc-CVE-2017-1000366-pt2.patch"
                                         "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -828,6 +839,7 @@ GLIBC/HURD for a Hurd host"
                                         "glibc-CVE-2016-3075.patch"
                                         "glibc-CVE-2016-3706.patch"
                                         "glibc-CVE-2016-4429.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                         "glibc-CVE-2017-1000366-pt1.patch"
                                         "glibc-CVE-2017-1000366-pt2.patch"
                                         "glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -850,6 +862,7 @@ GLIBC/HURD for a Hurd host"
                                         "glibc-CVE-2016-3075.patch"
                                         "glibc-CVE-2016-3706.patch"
                                         "glibc-CVE-2016-4429.patch"
+                                       "glibc-CVE-2017-15670-15671.patch"
                                         "glibc-CVE-2017-1000366-pt1.patch"
                                         "glibc-CVE-2017-1000366-pt2.patch"
                                         "glibc-CVE-2017-1000366-pt3.patch"))))
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch

new file mode 100644 (file)

index 0000000..76d688c
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-15670:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
+https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+https://bugzilla.redhat.com/show_bug.cgi?id=1504804
+
+And CVE-2017-15671:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
+https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
+
+Copied from upstream:
+<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
+
+diff --git a/posix/glob.c b/posix/glob.c
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -843,7 +843,7 @@
+                 *p = '\0';
+               }
+             else
+-              *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++              *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+                 = '\0';
+             user_name = newp;
+           }
author	Marius Bakke <mbakke@fastmail.com>
	Sat, 21 Oct 2017 21:00:01 +0000 (23:00 +0200)
committer	Marius Bakke <mbakke@fastmail.com>
	Sun, 22 Oct 2017 21:13:09 +0000 (23:13 +0200)
gnu/local.mk		patch \| blob \| blame \| history
gnu/packages/base.scm		patch \| blob \| blame \| history
gnu/packages/patches/glibc-CVE-2017-15670-15671.patch	[new file with mode: 0644]	patch \| blob