GNU bug report logs -
#29000
[PATCH] gnu: glibc: Ungraft fix for CVE-2017-15670, CVE-2017-15671.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Wed, 25 Oct 2017 18:57:02 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 29000 in the body.
You can then email your comments to 29000 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org
:
bug#29000
; Package
guix-patches
.
(Wed, 25 Oct 2017 18:57:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>
:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org
.
(Wed, 25 Oct 2017 18:57:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/base.scm (glibc)[replacement]: Remove field.
[source]: Add 'glibc-CVE-2017-15670-15671.patch'.
(glibc/fixed): Remove variable.
---
gnu/packages/base.scm | 11 +----------
1 file changed, 1 insertion(+), 10 deletions(-)
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 9cb628d8d..e1826f57b 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -528,7 +528,6 @@ store.")
(package
(name "glibc")
(version "2.25")
- (replacement glibc/fixed)
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-"
@@ -549,6 +548,7 @@ store.")
"glibc-o-largefile.patch"
"glibc-memchr-overflow-i686.patch"
"glibc-vectorized-strcspn-guards.patch"
+ "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))
@@ -787,15 +787,6 @@ GLIBC/HURD for a Hurd host"
(define-syntax glibc
(identifier-syntax (glibc-for-target)))
-(define glibc/fixed
- (package
- (inherit glibc)
- (source (origin
- (inherit (package-source glibc))
- (patches (append
- (origin-patches (package-source glibc))
- (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
-
;; Below are old libc versions, which we use mostly to build locale data in
;; the old format (which the new libc cannot cope with.)
--
2.14.3
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29000
; Package
guix-patches
.
(Wed, 25 Oct 2017 19:05:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 29000 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
It would be nice to ungraft glibc soon, in my opinion.
Grafting the entire distribution causes some user experience issues that
many of us are used to, but that are not really that great, especially
for new users.
The issue is build farm capacity.
I wonder how long it takes to rebuild everything for Intel-compatible
systems on berlin.guixsd.org?
Maybe fast enough that rebuilding the world for this change would not
disrupt Guix development too much... except that rebuilding the world
for armhf would take a very long time, during which we could not be
building the other regular changes for armhf.
Ideas and discussion welcome!
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29000
; Package
guix-patches
.
(Thu, 26 Oct 2017 22:33:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 29000 <at> debbugs.gnu.org (full text, mbox):
Hello!
Leo Famulari <leo <at> famulari.name> skribis:
> It would be nice to ungraft glibc soon, in my opinion.
Yes. I think if you do that in ‘core-updates’, we can start building
it; it’s long overdue anyway. How does that sound?
> Grafting the entire distribution causes some user experience issues that
> many of us are used to, but that are not really that great, especially
> for new users.
Honestly, I feel that this bad user experience is a shame, and fixing it
is among my priorities. It should be possible to have grafts without
their current negative effects on the UI.
> The issue is build farm capacity.
Yes, though even with infinite build farm capacity, we wouldn’t want to
force people to rebuild/redownload the world too often.
That said…
> I wonder how long it takes to rebuild everything for Intel-compatible
> systems on berlin.guixsd.org?
Good question. An interesting project would be to measure latency
between push date and substitute availability date, for instance.
berlin is pretty powerful now, so now we should see whether ‘guix
offload’ incurs too much overhead.
> Maybe fast enough that rebuilding the world for this change would not
> disrupt Guix development too much... except that rebuilding the world
> for armhf would take a very long time, during which we could not be
> building the other regular changes for armhf.
Yes, that’s another problem, but I hope we’ll alleviate it soon by
buying ARM machines.
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org
:
bug#29000
; Package
guix-patches
.
(Thu, 26 Oct 2017 22:34:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 29000 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> skribis:
> * gnu/packages/base.scm (glibc)[replacement]: Remove field.
> [source]: Add 'glibc-CVE-2017-15670-15671.patch'.
> (glibc/fixed): Remove variable.
OK for core-updates, thanks!
bug closed, send any further explanations to
29000 <at> debbugs.gnu.org and Leo Famulari <leo <at> famulari.name>
Request was from
Leo Famulari <leo <at> famulari.name>
to
control <at> debbugs.gnu.org
.
(Fri, 01 Feb 2019 12:46:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Sat, 02 Mar 2019 12:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 28 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.