Commit Graph

26 Commits

Author SHA1 Message Date
Tuomas Tynkkynen
41fd1ed903 glibc: Check that 'cross.float' is defined
Because if we define it, then gcc compilation fails because it doesn't
support --with-float for aarch64.
2017-01-24 22:13:47 +02:00
Franz Pletz
3ba99f83a7
glibc: enable stackprotection hardening
Enables previously manually disabled stackprotector and stackguard
randomization.

From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511811:

    If glibc is built with the --enable-stackguard-randomization option,
    each application gets a random canary value (at runtime) from /dev/urandom.
    If --enable-stackguard-randomization is absent, applications get a static
    canary value of "0xff0a0000". This is very unfortunate, because the
    attacker may be able to bypass the stack protection mechanism, by placing
    those 4 bytes in the canary word, before the actual canary check is
    performed (for example in memcpy-based buffer overflows).
2016-09-12 02:36:11 +02:00
Tuomas Tynkkynen
e065baafba glibc: Make one exception for output order
Usages like '${stdenv.cc.libc}/lib/ld-linux-x86-64.so.2' are much more
common than the bin output.
2016-08-29 14:49:52 +03:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Tuomas Tynkkynen
d1c7eb8098 glibc: Uncomment 'meta.platforms' 2016-08-28 18:04:09 +03:00
obadz
9744c7768d glibc: 2.23 -> 2.24
- Removed patches that were merged upstream
- Removed --localdir from configureFlags as according to
  https://sourceware.org/bugzilla/show_bug.cgi?id=14259
  it was unused before
2016-08-19 15:05:41 +01:00
Eric Litak
251c97adee fix brace warnings in glibc 2016-05-31 16:28:05 -07:00
Scott R. Parish
64f5845418 glibc: patch 2.23 for CVE-2016-3075, CVE-2016-1234, CVE-2016-3706
This addresses the following security advisories:

+ CVE-2016-3075: Stack overflow in _nss_dns_getnetbyname_r
+ CVE-2016-1234: glob: buffer overflow with GLOB_ALTDIRFUNC due to incorrect
                 NAME_MAX limit assumption
+ CVE-2016-3706: getaddrinfo: stack overflow in hostent conversion

Patches cherry-picked from glibc's release/2.23/master branch.

The "glob-simplify-interface.patch" was a dependency for
"cve-2016-1234.patch".
2016-05-13 23:47:17 -07:00
Vladimír Čunát
09af15654f Merge master into closure-size
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Vladimír Čunát
59617de6d7 glibc: 2.22 -> 2.23
The two patches were included upstream.
(Even the one from guix, except for a whitespace difference.)
2016-02-21 10:31:14 +01:00
Eelco Dolstra
1ab14aad7a glibc: Drop hurd support
This hasn't been maintained since 2012.

Also, renamed glibc's kernelHeaders argument to linuxHeaders.
2016-02-18 21:11:15 +01:00
Eelco Dolstra
f98a5946b7 glibc: 2.21 -> 2.22 2016-02-18 20:54:52 +01:00
Nathan Zadoks
b5aa8a4e64 glibc: patch CVE-2015-7547
The glibc DNS client side resolver is vulnerable to a stack-based buffer
overflow when the getaddrinfo() library function is used. Software using
this function may be exploited with attacker-controlled domain names,
attacker-controlled DNS servers, or through a man-in-the-middle attack.
https://googleonlinesecurity.blogspot.co.uk/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
2016-02-16 16:15:07 +01:00
Vladimír Čunát
f9f6f41bff Merge branch 'master' into closure-size
TODO: there was more significant refactoring of qtbase and plasma 5.5
on master, and I'm deferring pointing to correct outputs to later.
2015-12-31 09:53:02 +01:00
Eelco Dolstra
6a766f47c2 glibc: Fix assertion failure when using incompatible locale data
Borrowed from

  http://git.savannah.gnu.org/cgit/guix.git/plain/gnu/packages/patches/glibc-locale-incompatibility.patch

https://github.com/NixOS/nix/issues/599

We may also want to apply

  http://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/patches/glibc-versioned-locpath.patch

but we'll need to ditch locale-archive first. (Apparently
locale-archive is not very useful anymore anyway.)
2015-12-02 11:27:39 +01:00
Vladimír Čunát
5227fb1dd5 Merge commit staging+systemd into closure-size
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
Vladimír Čunát
1fbbeff0c1 glibc: apply four security fixes from upstream
Fixes CVE-2014-8121, CVE-2015-1781 and two unnumbered problems (apparently).
All these commits should be contained in the 2.22 release,
but we don't want that yet due to unresolved locale incompatibilites.
2015-08-18 20:58:39 +02:00
Vladimír Čunát
d484c392aa stdenv multiple-outputs: change propagation rules
Now development stuff is propagated from the first output,
and userEnvPkgs from the one with binaries.

Also don't move *.la files (yet). It causes problems, and they're small.
2015-04-18 19:30:28 +02:00
Vladimír Čunát
bf414c9d4f Merge 'staging' into closure-size
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes

Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Vladimír Čunát
596bf235b6 glibc: security fix CVE-2014-8121, fixes #7207 2015-04-09 20:42:35 +02:00
Vladimír Čunát
54fc2db1b8 glibc: update 2.20 -> 2.21, including security fixes
Fixes #6578.
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html

- I had to disable one warning-error type.
- One of our patches needed modification - it seemed that just the context
  changed without affecting the purpose of the patch.
2015-03-03 11:31:01 +01:00
Ludovic Courtès
41b53577a8 unmaintain a bunch of packages 2015-01-13 22:33:49 +01:00
John Wiegley
28b6fb61e6 Change occurrences of gcc to the more general cc
This is done for the sake of Yosemite, which does not have gcc, and yet
this change is also compatible with Linux.
2014-12-26 11:06:21 -06:00
Vladimír Čunát
975a822778 glibc: improve nscd version check after e316672dcb 2014-11-11 11:06:57 +01:00
Eelco Dolstra
dac591aae6 glibc: Update to 2.20 2014-10-29 17:54:47 +01:00
Eelco Dolstra
1b55b07eeb glibc/2.19 -> glibc
We only have one version of Glibc so no need for a separate directory.
2014-10-29 13:42:59 +01:00