1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-21 13:10:33 +00:00
Commit graph

164 commits

Author SHA1 Message Date
Scott R. Parish 64f5845418 glibc: patch 2.23 for CVE-2016-3075, CVE-2016-1234, CVE-2016-3706
This addresses the following security advisories:

+ CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r
+ CVE-2016-1234: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect
                 NAME_MAX limit assumption
+ CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion

Patches cherry-picked from glibc's release/2.23/master branch.

The "glob-simplify-interface.patch" was a dependency for
"cve-2016-1234.patch".
2016-05-13 23:47:17 -07:00
Vladimír Čunát ab15a62c68 Merge branch 'master' into closure-size
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Vladimír Čunát 09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Eelco Dolstra d5bb6a1f9c glibc: Enable separate debug symbols
The importance of glibc makes it worthwhile to provide debug
symbols. However, this revealed an issue with separateDebugInfo: it
was indiscriminately adding --build-id to all ld invocations, while in
fact it should only do that for final links. Glibc also uses non-final
("relocatable") links, leading to subsequent failure to apply a build
ID ("Cannot create .note.gnu.build-id section, --build-id
ignored"). So now ld-wrapper.sh only passes --build-id for final
links.
2016-02-28 02:57:37 +01:00
Vladimír Čunát 59617de6d7 glibc: 2.22 -> 2.23
The two patches were included upstream.
(Even the one from guix, except for a whitespace difference.)
2016-02-21 10:31:14 +01:00
Eelco Dolstra 1ab14aad7a glibc: Drop hurd support
This hasn't been maintained since 2012.

Also, renamed glibc's kernelHeaders argument to linuxHeaders.
2016-02-18 21:11:15 +01:00
Eelco Dolstra f98a5946b7 glibc: 2.21 -> 2.22 2016-02-18 20:54:52 +01:00
Nathan Zadoks fc48bf5a2c glibc: fix cve-2015-7547.patch so it applies cleanly 2016-02-16 17:23:35 +01:00
Nathan Zadoks b5aa8a4e64 glibc: patch CVE-2015-7547
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
2016-02-16 16:15:07 +01:00
Vladimír Čunát f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Vladimír Čunát 244f985461 glibc-multi: fix with multiple outputs 2015-12-05 17:40:37 +01:00
Vladimír Čunát fb3c062e54 glibc-info: fix #11476 build with multiple outputs 2015-12-05 08:59:30 +01:00
Eelco Dolstra 6a766f47c2 glibc: Fix assertion failure when using incompatible locale data
Borrowed from

  http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch

https://github.com/NixOS/nix/issues/599

We may also want to apply

  http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/glibc-versioned-locpath.patch

but we'll need to ditch locale-archive first. (Apparently
locale-archive is not very useful anymore anyway.)
2015-12-02 11:27:39 +01:00
Vladimír Čunát 333d69a5f0 Merge staging into closure-size
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Nikolay Amiantov 8db98ceb01 glibc_multi: fix ldd for 64-bit ELFs 2015-10-07 16:46:26 +03:00
Nikolay Amiantov 1283e3da5d glibc_multi: fix ldd for 64-bit ELFs 2015-10-07 15:44:12 +03:00
Vladimír Čunát 5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Vladimír Čunát 1fbbeff0c1 glibc: apply four security fixes from upstream
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently).
All these commits should be contained in the 2.22 release,
but we don't want that yet due to unresolved locale incompatibilites.
2015-08-18 20:58:39 +02:00
Vladimír Čunát eb4a88d8fd glibc-locales: check that all we build is supported
Until now, if e.g. the user passed "en_US.UTF-8" instead of "en_US.UTF-8/UTF-8",
the locales would be generated without failing but wouldn't work well.
Now we guard against such mistakes. Real life examples:
https://github.com/fish-shell/fish-shell/issues/1927
2015-07-31 15:39:52 +02:00
Vladimír Čunát f83d12a382 Merge 'master' into staging 2015-05-24 20:39:58 +02:00
Marco Schlumpp a88c5a8037 glibc: fixed a warning caused by nix-locale-archive.patch
If a function shouldn't accept any parameters, use "(void)" instead of "()".
Close #7843. Vcunat purged unimportant changes from this commit.
2015-05-15 11:14:50 +02:00
Eric Seidel 662a6b1ca6 remove all references to stdenv.cc.cc.is{GNU,Clang}
use the new `stdenv.cc.is{GNU,Clang}` instead, which will always be
defined.
2015-05-11 14:44:50 -07:00
Vladimír Čunát 375bc8def7 Merge staging into closure-size 2015-05-05 11:49:03 +02:00
Lluís Batlle i Rossell 51b1297c8a glibc: fix libgcc_s.so
It used to be a symlink, but now it is a link script. It's crucial to get
proper linking, specially on amrv5tel, where libgcc contains lot of code
related to the limited instruction set of the platform.

Without this fix, g++ shared lib linking was broken, because a "-lgcc" was
not propagated wherever "-lgcc_s" was required. The g++ spec only mentions
"-lgcc_s" and the "-lgcc" is introduced with the libgcc_s.so link script,
only available in the glibc path after this fix.

As a reminder, we put libgcc* in the glibc output to avoid having a
runtime dependency on the gcc path only because of the everywhere linked
libgcc. This problem was specially visible in platforms like armv5tel,
where most programs end up linked to libgcc. Platforms with a more rich
instruction set may rarely end up requiring a link to libgcc.
2015-04-29 10:09:07 +02:00
Vladimír Čunát a56da607b1 glibcLocales: fix evaluation and build with outputs 2015-04-21 09:02:41 +02:00
Vladimír Čunát d484c392aa stdenv multiple-outputs: change propagation rules
Now development stuff is propagated from the first output,
and userEnvPkgs from the one with binaries.

Also don't move *.la files (yet). It causes problems, and they're small.
2015-04-18 19:30:28 +02:00
Vladimír Čunát bf414c9d4f Merge 'staging' into closure-size
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes

Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Vladimír Čunát 596bf235b6 glibc: security fix CVE-2014-8121, fixes #7207 2015-04-09 20:42:35 +02:00
Vladimír Čunát 54fc2db1b8 glibc: update 2.20 -> 2.21, including security fixes
Fixes #6578.
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

- I had to disable one warning-error type.
- One of our patches needed modification - it seemed that just the context
  changed without affecting the purpose of the patch.
2015-03-03 11:31:01 +01:00
Vladimír Čunát 3d9e9f6571 glibc: fix -lgcc_s linking
https://github.com/NixOS/nixpkgs/commit/65221567c12eb20d12#commitcomment-9515597
2015-02-22 20:01:03 +01:00
Ambroz Bizjak e191e227d2 glibc: Disable copying libgcc when cross compiling.
It seems this is only needed for native bootstrapping.
2015-02-05 21:25:40 +01:00
Peter Simons ec6b82a0c2 Merge branch 'master' into staging. 2015-01-19 18:41:17 +01:00
Michael Raskin c163baca3b Clean up glibcLocales environment handling -- manual merge of patch by wmertens (except Haskell part) 2015-01-19 11:06:11 +03:00
Eric Seidel f3c6827373 rename all occurrences of stdenv.cc.gcc to stdenv.cc.cc 2015-01-14 20:27:55 -08:00
Shea Levy 16fe4be790 Add isGNU attribute to gccs 2015-01-14 20:26:57 -08:00
Ludovic Courtès 41b53577a8 unmaintain a bunch of packages 2015-01-13 22:33:49 +01:00
John Wiegley 28b6fb61e6 Change occurrences of gcc to the more general cc
This is done for the sake of Yosemite, which does not have gcc, and yet
this change is also compatible with Linux.
2014-12-26 11:06:21 -06:00
Emery Hemingway be2060f1e7 glibc_multi: fix package name (close #5284)
"multi" should be between the "glibc" and the version
2014-12-10 18:31:31 +01:00
Vladimír Čunát 975a822778 glibc: improve nscd version check after e316672dcb 2014-11-11 11:06:57 +01:00
Eelco Dolstra 65221567c1 glibc: Include a copy of libgcc_s.so.1
This prevents failures like "libgcc_s.so.1 must be installed for
pthread_cancel to work" that occur because Glibc assumes libgcc_s.so.1
to be in Glibc's libdir.

This solution is pretty hacky, because the libgcc_s.so.1 from
bootstrap-tools might be too old. So if we update GCC, programs might
end up using an outdated libgcc_s.so.1. Ideally, we would build
libgcc_s.so.1 *before* Glibc, which might not be impossible...

Fixes #3548.
2014-11-11 10:23:26 +01:00
Eelco Dolstra dac591aae6 glibc: Update to 2.20 2014-10-29 17:54:47 +01:00
Eelco Dolstra 1b55b07eeb glibc/2.19 -> glibc
We only have one version of Glibc so no need for a separate directory.
2014-10-29 13:42:59 +01:00
Vladimír Čunát e316672dcb glibc: put back the nscd check, by $out instead of date
I don't know why they feel they need to check the compatibility by build date,
so I would keep check against $out, which is a better nix equivalent.

Also, expression refactoring (put comments out of hash-changing bash).
2014-09-13 14:06:27 +02:00
Alexander Kjeldaas dd673de2a7 glibc: make compilation more pure
Remove datetime from nscd.
2014-09-13 13:53:43 +02:00
Vladimír Čunát 8da52a642a Merge branch 'staging' into v/modular
Conflicts (easy):
	pkgs/development/interpreters/perl/5.10/setup-hook.sh
	pkgs/development/interpreters/perl/5.8/setup-hook.sh
	pkgs/development/libraries/gtk+/2.x.nix
2014-08-31 12:23:18 +02:00
Vladimír Čunát e51f73652d Merge recent master into staging
Hydra: ?compare=1149952

Conflicts:
	nixos/doc/manual/configuration.xml (changed split file)
	nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
	pkgs/development/libraries/readline/readline6.3.nix (auto-solved)
2014-08-30 10:04:02 +02:00
Vladimír Čunát a283bec71c glibc: fix CVE-2014-5119 by Debian patch 2014-08-30 09:44:07 +02:00
Vladimír Čunát a70180ba73 mutiout: make it builtin 2014-08-30 08:27:43 +02:00
Michael Raskin d87b867a24 Merge pull request #3225 from hrdinka/move-glibc-multi
glibc_multi: move glibc_multi script out of all-packages.nix
2014-08-29 01:08:04 +04:00
Vladimír Čunát 3ec413cece WIP 2014-08-25 15:30:46 +02:00