gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.
* gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc/fixed): New variable. (glibc-2.24, glibc-2.23, glibc-2.22)[source](patches): Add 'glibc-CVE-2017-15670-15671.patch'.
This commit is contained in:
parent
65fc5bf07d
commit
60e29339d8
@ -665,6 +665,7 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
|
||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
|
||||
%D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
|
||||
%D%/packages/patches/glibc-CVE-2017-15670-15671.patch \
|
||||
%D%/packages/patches/glibc-bootstrap-system.patch \
|
||||
%D%/packages/patches/glibc-ldd-x86_64.patch \
|
||||
%D%/packages/patches/glibc-locales.patch \
|
||||
|
@ -528,6 +528,7 @@ store.")
|
||||
(package
|
||||
(name "glibc")
|
||||
(version "2.25")
|
||||
(replacement glibc/fixed)
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (string-append "mirror://gnu/glibc/glibc-"
|
||||
@ -786,6 +787,15 @@ GLIBC/HURD for a Hurd host"
|
||||
(define-syntax glibc
|
||||
(identifier-syntax (glibc-for-target)))
|
||||
|
||||
(define glibc/fixed
|
||||
(package
|
||||
(inherit glibc)
|
||||
(source (origin
|
||||
(inherit (package-source glibc))
|
||||
(patches (append
|
||||
(origin-patches (package-source glibc))
|
||||
(search-patches "glibc-CVE-2017-15670-15671.patch")))))))
|
||||
|
||||
;; Below are old libc versions, which we use mostly to build locale data in
|
||||
;; the old format (which the new libc cannot cope with.)
|
||||
|
||||
@ -805,6 +815,7 @@ GLIBC/HURD for a Hurd host"
|
||||
"glibc-o-largefile.patch"
|
||||
"glibc-vectorized-strcspn-guards.patch"
|
||||
"glibc-CVE-2015-5180.patch"
|
||||
"glibc-CVE-2017-15670-15671.patch"
|
||||
"glibc-CVE-2017-1000366-pt1.patch"
|
||||
"glibc-CVE-2017-1000366-pt2.patch"
|
||||
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
||||
@ -828,6 +839,7 @@ GLIBC/HURD for a Hurd host"
|
||||
"glibc-CVE-2016-3075.patch"
|
||||
"glibc-CVE-2016-3706.patch"
|
||||
"glibc-CVE-2016-4429.patch"
|
||||
"glibc-CVE-2017-15670-15671.patch"
|
||||
"glibc-CVE-2017-1000366-pt1.patch"
|
||||
"glibc-CVE-2017-1000366-pt2.patch"
|
||||
"glibc-CVE-2017-1000366-pt3.patch"))))))
|
||||
@ -850,6 +862,7 @@ GLIBC/HURD for a Hurd host"
|
||||
"glibc-CVE-2016-3075.patch"
|
||||
"glibc-CVE-2016-3706.patch"
|
||||
"glibc-CVE-2016-4429.patch"
|
||||
"glibc-CVE-2017-15670-15671.patch"
|
||||
"glibc-CVE-2017-1000366-pt1.patch"
|
||||
"glibc-CVE-2017-1000366-pt2.patch"
|
||||
"glibc-CVE-2017-1000366-pt3.patch"))))
|
||||
|
27
gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
Normal file
27
gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
Normal file
@ -0,0 +1,27 @@
|
||||
Fix CVE-2017-15670:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=22320
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=1504804
|
||||
|
||||
And CVE-2017-15671:
|
||||
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
|
||||
https://sourceware.org/bugzilla/show_bug.cgi?id=22325
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
|
||||
|
||||
Copied from upstream:
|
||||
<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
|
||||
|
||||
diff --git a/posix/glob.c b/posix/glob.c
|
||||
--- a/posix/glob.c
|
||||
+++ b/posix/glob.c
|
||||
@@ -843,7 +843,7 @@
|
||||
*p = '\0';
|
||||
}
|
||||
else
|
||||
- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
|
||||
+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
|
||||
= '\0';
|
||||
user_name = newp;
|
||||
}
|
Loading…
Reference in New Issue
Block a user