glibc: 2.25-49 -> 2.26-75

Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.

I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.

Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0.  That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
This commit is contained in:
Vladimír Čunát 2017-08-26 11:35:11 +02:00
parent 0c01c58aec
commit 9bb67d5c1e
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
3 changed files with 7 additions and 10 deletions

Binary file not shown.

View File

@ -19,9 +19,9 @@
} @ args:
let
version = "2.25";
patchSuffix = "-49";
sha256 = "067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0";
version = "2.26";
patchSuffix = "-75";
sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
cross = if buildPlatform != hostPlatform then hostPlatform else null;
in
@ -46,7 +46,7 @@ stdenv.mkDerivation ({
glibc-2.25-49-gbc5ace67fe
$ git show --reverse glibc-2.25..release/2.25/master | gzip -n -9 --rsyncable - > 2.25-49.patch.gz
*/
./2.25-49.patch.gz
./2.26-75.patch.gz
/* Have rpcgen(1) look for cpp(1) in $PATH. */
./rpcgen-path.patch
@ -100,15 +100,12 @@ stdenv.mkDerivation ({
(if profilingLibraries
then "--enable-profile"
else "--disable-profile")
] ++ lib.optionals (cross == null && withLinuxHeaders) [
"--enable-kernel=2.6.32"
] ++ lib.optionals withLinuxHeaders [
"--enable-kernel=3.2.0" # can't get below with glibc >= 2.26
] ++ lib.optionals (cross != null) [
(if cross.withTLS then "--with-tls" else "--without-tls")
(if cross ? float && cross.float == "soft" then "--without-fp" else "--with-fp")
] ++ lib.optionals (cross != null
&& cross.platform ? kernelMajor
&& cross.platform.kernelMajor == "2.6") [
"--enable-kernel=2.6.0"
] ++ lib.optionals (cross != null) [
"--with-__thread"
] ++ lib.optionals (cross == null && stdenv.isArm) [
"--host=arm-linux-gnueabi"