gnu: glibc: Update to 2.30.

* gnu/packages/patches/glibc-CVE-2019-19126.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/base.scm (glibc): Update to 2.30.
[source](patches): Adjust for 2.30.
(glibc-2.29): New public variable.
This commit is contained in:
Marius Bakke 2019-11-29 17:44:25 +01:00
parent 5d229b4963
commit 0b3df5c913
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 46 additions and 5 deletions

View file

@ -906,6 +906,7 @@ dist_patch_DATA = \
%D%/packages/patches/glibc-CVE-2018-11237.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \
%D%/packages/patches/glibc-CVE-2019-9169.patch \
%D%/packages/patches/glibc-CVE-2019-19126.patch \
%D%/packages/patches/glibc-allow-kernel-2.6.32.patch \
%D%/packages/patches/glibc-boot-2.16.0.patch \
%D%/packages/patches/glibc-boot-2.2.5.patch \

View file

@ -567,13 +567,13 @@ (define-public glibc
;; version 2.28, GNU/Hurd used a different glibc branch.
(package
(name "glibc")
(version "2.29")
(version "2.30")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
(sha256
(base32
"0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
"1bxqpg91d02qnaz837a5kamm0f43pr1il4r9pknygywsar713i72"))
(snippet
;; Disable 'ldconfig' and /etc/ld.so.cache. The latter is
;; required on LFS distros to avoid loading the distro's libc.so
@ -585,9 +585,7 @@ (define-public glibc
#t))
(modules '((guix build utils)))
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-CVE-2019-7309.patch"
"glibc-CVE-2019-9169.patch"
"glibc-2.29-git-updates.patch"
"glibc-CVE-2019-19126.patch"
"glibc-hidden-visibility-ldconfig.patch"
"glibc-versioned-locpath.patch"
"glibc-allow-kernel-2.6.32.patch"
@ -819,6 +817,26 @@ (define (linker-script? file)
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
(define-public glibc-2.29
(package
(inherit glibc)
(version "2.29")
(source (origin
(inherit (package-source glibc))
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
(sha256
(base32
"0jzh58728flfh939a8k9pi1zdyalfzlxmwra7k0rzji5gvavivpk"))
(patches (search-patches "glibc-ldd-x86_64.patch"
"glibc-CVE-2019-7309.patch"
"glibc-CVE-2019-9169.patch"
"glibc-2.29-git-updates.patch"
"glibc-hidden-visibility-ldconfig.patch"
"glibc-versioned-locpath.patch"
"glibc-allow-kernel-2.6.32.patch"
"glibc-reinstate-prlimit64-fallback.patch"
"glibc-supported-locales.patch"))))))
(define-public glibc-2.28
(package
(inherit glibc)

View file

@ -0,0 +1,22 @@
Fix CVE-2019-19126:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19126
https://sourceware.org/bugzilla/show_bug.cgi?id=25204
Taken from upstream:
https://sourceware.org/git/?p=glibc.git;a=commit;h=37c90e117310728a4ad1eb998c0bbe7d79c4a398
diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
index 975cbe2..df2cdfd 100644
--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
+++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h
@@ -31,7 +31,8 @@
environment variable, LD_PREFER_MAP_32BIT_EXEC. */
#define EXTRA_LD_ENVVARS \
case 21: \
- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
+ if (!__libc_enable_secure \
+ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \
GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \
|= bit_arch_Prefer_MAP_32BIT_EXEC; \
break;