pyrox.dev
glibc: 2.26-115 -> 2.26-131 to fix CVE-2018-1000001
/cc https://github.com/NixOS/nixpkgs/issues/33826#issuecomment-357436030
pkgs/development/libraries/glibc/2.26-115to131.diff.gz
pkgs/development/libraries/glibc/2.26-115to131.diff.gz
This is a binary file and will not be displayed.
+5
-2
pkgs/development/libraries/glibc/common.nix
+5
-2
pkgs/development/libraries/glibc/common.nix
···
20
20
21
21
let
22
22
version = "2.26";
23
-
patchSuffix = "-115";
23
+
patchSuffix = "-131";
24
24
sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
25
25
cross = if buildPlatform != hostPlatform then hostPlatform else null;
26
26
in
···
48
48
*/
49
49
./2.26-75.patch.gz
50
50
./2.26-75to115.diff.gz
51
+
# contains fix for CVE-2018-1000001 as the last commit:
52
+
# https://sourceware.org/git/?p=glibc.git;a=commit;h=fabef2edbc
53
+
./2.26-115to131.diff.gz
51
54
52
55
/* Have rpcgen(1) look for cpp(1) in $PATH. */
53
56
./rpcgen-path.patch
···
73
76
and we lose early mismatch detection on 2.6.32.
74
77
75
78
On major glibc updates we should check that the patched kernel supports
76
-
all the required features. ATM it's verified up to glibc-2.26-115.
79
+
all the required features. ATM it's verified up to glibc-2.26-131.
77
80
# HOWTO: check glibc sources for changes in kernel requirements
78
81
git log -p glibc-2.25.. sysdeps/unix/sysv/linux/x86_64/kernel-features.h sysdeps/unix/sysv/linux/kernel-features.h
79
82
# get kernel sources (update the URL)