From 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sat, 21 Oct 2017 23:00:01 +0200 Subject: [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671. * gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc/fixed): New variable. (glibc-2.24, glibc-2.23, glibc-2.22)[source](patches): Add 'glibc-CVE-2017-15670-15671.patch'. --- gnu/local.mk | 1 + gnu/packages/base.scm | 13 +++++++++ .../patches/glibc-CVE-2017-15670-15671.patch | 27 +++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 gnu/packages/patches/glibc-CVE-2017-15670-15671.patch diff --git a/gnu/local.mk b/gnu/local.mk index a4e3426f55..6b70300fff 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -665,6 +665,7 @@ dist_patch_DATA = \ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ + %D%/packages/patches/glibc-CVE-2017-15670-15671.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index bc745351af..9cb628d8d7 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -528,6 +528,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -786,6 +787,15 @@ GLIBC/HURD for a Hurd host" (define-syntax glibc (identifier-syntax (glibc-for-target))) +(define glibc/fixed + (package + (inherit glibc) + (source (origin + (inherit (package-source glibc)) + (patches (append + (origin-patches (package-source glibc)) + (search-patches "glibc-CVE-2017-15670-15671.patch"))))))) + ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) @@ -805,6 +815,7 @@ GLIBC/HURD for a Hurd host" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" "glibc-CVE-2015-5180.patch" + "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -828,6 +839,7 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" + "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -850,6 +862,7 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" + "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))) diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch new file mode 100644 index 0000000000..76d688c517 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch @@ -0,0 +1,27 @@ +Fix CVE-2017-15670: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 +https://sourceware.org/bugzilla/show_bug.cgi?id=22320 +https://bugzilla.redhat.com/show_bug.cgi?id=1504804 + +And CVE-2017-15671: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 +https://sourceware.org/bugzilla/show_bug.cgi?id=22325 +https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 + +Copied from upstream: + + +diff --git a/posix/glob.c b/posix/glob.c +--- a/posix/glob.c ++++ b/posix/glob.c +@@ -843,7 +843,7 @@ + *p = '\0'; + } + else +- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) ++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) + = '\0'; + user_name = newp; + }