glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001

/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
This commit is contained in:
Vladimír Čunát 2018-01-14 20:39:49 +01:00
parent 6ed0fe7e45
commit 990ff97c6d
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
2 changed files with 5 additions and 2 deletions

Binary file not shown.

View File

@ -20,7 +20,7 @@
let
version = "2.26";
patchSuffix = "-115";
patchSuffix = "-131";
sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
cross = if buildPlatform != hostPlatform then hostPlatform else null;
in
@ -48,6 +48,9 @@ stdenv.mkDerivation ({
*/
./2.26-75.patch.gz
./2.26-75to115.diff.gz
# contains fix for CVE-2018-1000001 as the last commit:
# https://sourceware.org/git/?p=glibc.git;a=commit;h=fabef2edbc
./2.26-115to131.diff.gz
/* Have rpcgen(1) look for cpp(1) in $PATH. */
./rpcgen-path.patch
@ -73,7 +76,7 @@ stdenv.mkDerivation ({
and we lose early mismatch detection on 2.6.32.
On major glibc updates we should check that the patched kernel supports
all the required features. ATM it's verified up to glibc-2.26-115.
all the required features. ATM it's verified up to glibc-2.26-131.
# HOWTO: check glibc sources for changes in kernel requirements
git log -p glibc-2.25.. sysdeps/unix/sysv/linux/x86_64/kernel-features.h sysdeps/unix/sysv/linux/kernel-features.h
# get kernel sources (update the URL)