1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-25 03:17:13 +00:00
Commit graph

19 commits

Author SHA1 Message Date
Scott R. Parish 64f5845418 glibc: patch 2.23 for CVE-2016-3075, CVE-2016-1234, CVE-2016-3706
This addresses the following security advisories:

+ CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r
+ CVE-2016-1234: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect
                 NAME_MAX limit assumption
+ CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion

Patches cherry-picked from glibc's release/2.23/master branch.

The "glob-simplify-interface.patch" was a dependency for
"cve-2016-1234.patch".
2016-05-13 23:47:17 -07:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Vladimír Čunát 59617de6d7 glibc: 2.22 -> 2.23
The two patches were included upstream.
(Even the one from guix, except for a whitespace difference.)
2016-02-21 10:31:14 +01:00
Eelco Dolstra 1ab14aad7a glibc: Drop hurd support
This hasn't been maintained since 2012.

Also, renamed glibc's kernelHeaders argument to linuxHeaders.
2016-02-18 21:11:15 +01:00
Eelco Dolstra f98a5946b7 glibc: 2.21 -> 2.22 2016-02-18 20:54:52 +01:00
Nathan Zadoks b5aa8a4e64 glibc: patch CVE-2015-7547
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
2016-02-16 16:15:07 +01:00
Vladimír Čunát f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Eelco Dolstra 6a766f47c2 glibc: Fix assertion failure when using incompatible locale data
Borrowed from

  http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch

https://github.com/NixOS/nix/issues/599

We may also want to apply

  http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/glibc-versioned-locpath.patch

but we'll need to ditch locale-archive first. (Apparently
locale-archive is not very useful anymore anyway.)
2015-12-02 11:27:39 +01:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Vladimír Čunát 1fbbeff0c1 glibc: apply four security fixes from upstream
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently).
All these commits should be contained in the 2.22 release,
but we don't want that yet due to unresolved locale incompatibilites.
2015-08-18 20:58:39 +02:00
Vladimír Čunát d484c392aa stdenv multiple-outputs: change propagation rules
Now development stuff is propagated from the first output,
and userEnvPkgs from the one with binaries.

Also don't move *.la files (yet). It causes problems, and they're small.
2015-04-18 19:30:28 +02:00
Vladimír Čunát bf414c9d4f Merge 'staging' into closure-size
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes

Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Vladimír Čunát 596bf235b6 glibc: security fix CVE-2014-8121, fixes #7207 2015-04-09 20:42:35 +02:00
Vladimír Čunát 54fc2db1b8 glibc: update 2.20 -> 2.21, including security fixes
Fixes #6578.
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

- I had to disable one warning-error type.
- One of our patches needed modification - it seemed that just the context
  changed without affecting the purpose of the patch.
2015-03-03 11:31:01 +01:00
Ludovic Courtès 41b53577a8 unmaintain a bunch of packages 2015-01-13 22:33:49 +01:00
John Wiegley 28b6fb61e6 Change occurrences of gcc to the more general cc
This is done for the sake of Yosemite, which does not have gcc, and yet
this change is also compatible with Linux.
2014-12-26 11:06:21 -06:00
Vladimír Čunát 975a822778 glibc: improve nscd version check after e316672dcb 2014-11-11 11:06:57 +01:00
Eelco Dolstra dac591aae6 glibc: Update to 2.20 2014-10-29 17:54:47 +01:00
Eelco Dolstra 1b55b07eeb glibc/2.19 -> glibc
We only have one version of Glibc so no need for a separate directory.
2014-10-29 13:42:59 +01:00
Renamed from pkgs/development/libraries/glibc/2.19/common.nix (Browse further)