* [PATCH 0/1] libarchive: Fix CVE-2016-1541
@ 2016-05-10 20:29 Leo Famulari
2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari
` (2 more replies)
0 siblings, 3 replies; 10+ messages in thread
From: Leo Famulari @ 2016-05-10 20:29 UTC (permalink / raw)
To: guix-devel
There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According
to MITRE description, it "allows remote attackers to execute arbitrary
code via crafted entry-size values in a ZIP archive."
Yikes!
This patch applies the upstream patch [1].
Requesting your review, since soooo many packages depend on libarchive.
I will follow this commit with an "ungrafting" commit on core-updates.
[0]
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541
[1]
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
Leo Famulari (1):
gnu: libarchive: Fix CVE-2016-1541.
gnu/local.mk | 1 +
gnu/packages/backup.scm | 9 +++
.../patches/libarchive-CVE-2016-1541.patch | 67 ++++++++++++++++++++++
3 files changed, 77 insertions(+)
create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch
--
2.8.2
^ permalink raw reply [flat|nested] 10+ messages in thread* [PATCH 1/1] gnu: libarchive: Fix CVE-2016-1541. 2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari @ 2016-05-10 20:29 ` Leo Famulari 2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès 2016-05-15 6:45 ` Leo Famulari 2 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2016-05-10 20:29 UTC (permalink / raw) To: guix-devel * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive/fixed): New variable. * gnu/packages/patches/libarchive-CVE-2016-1541.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/backup.scm | 9 +++ .../patches/libarchive-CVE-2016-1541.patch | 67 ++++++++++++++++++++++ 3 files changed, 77 insertions(+) create mode 100644 gnu/packages/patches/libarchive-CVE-2016-1541.patch diff --git a/gnu/local.mk b/gnu/local.mk index f2436ed..ca1832e 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -572,6 +572,7 @@ dist_patch_DATA = \ gnu/packages/patches/liba52-use-mtune-not-mcpu.patch \ gnu/packages/patches/libarchive-bsdtar-test.patch \ gnu/packages/patches/libarchive-CVE-2013-0211.patch \ + gnu/packages/patches/libarchive-CVE-2016-1541.patch \ gnu/packages/patches/libarchive-fix-lzo-test-case.patch \ gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \ gnu/packages/patches/libbonobo-activation-test-race.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index a7b48f1..917bee7 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -136,6 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") + (replacement libarchive/fixed) (version "3.1.2") (source (origin @@ -193,6 +194,14 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) +(define libarchive/fixed + (package + (inherit libarchive) + (source (origin + (inherit (package-source libarchive)) + (patches (cons (search-patch "libarchive-CVE-2016-1541.patch") + (origin-patches (package-source libarchive)))))))) + (define-public rdup (package (name "rdup") diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch new file mode 100644 index 0000000..6ac8773 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2016-1541.patch @@ -0,0 +1,67 @@ +Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) + +Taken from upstream source repository: +https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 + +When reading OS X metadata entries in Zip archives that were stored +without compression, libarchive would use the uncompressed entry size +to allocate a buffer but would use the compressed entry size to limit +the amount of data copied into that buffer. Since the compressed +and uncompressed sizes are provided by data in the archive itself, +an attacker could manipulate these values to write data beyond +the end of the allocated buffer. + +This fix provides three new checks to guard against such +manipulation and to make libarchive generally more robust when +handling this type of entry: + 1. If an OS X metadata entry is stored without compression, + abort the entire archive if the compressed and uncompressed + data sizes do not match. + 2. When sanity-checking the size of an OS X metadata entry, + abort this entry if either the compressed or uncompressed + size is larger than 4MB. + 3. When copying data into the allocated buffer, check the copy + size against both the compressed entry size and uncompressed + entry size. +--- + libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 0f8262c..0a0be96 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + + switch(rsrc->compression) { + case 0: /* No compression. */ ++ if (rsrc->uncompressed_size != rsrc->compressed_size) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Malformed OS X metadata entry: inconsistent size"); ++ return (ARCHIVE_FATAL); ++ } + #ifdef HAVE_ZLIB_H + case 8: /* Deflate compression. */ + #endif +@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + (intmax_t)rsrc->uncompressed_size); + return (ARCHIVE_WARN); + } ++ if (rsrc->compressed_size > (4 * 1024 * 1024)) { ++ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, ++ "Mac metadata is too large: %jd > 4M bytes", ++ (intmax_t)rsrc->compressed_size); ++ return (ARCHIVE_WARN); ++ } + + metadata = malloc((size_t)rsrc->uncompressed_size); + if (metadata == NULL) { +@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, + bytes_avail = remaining_bytes; + switch(rsrc->compression) { + case 0: /* No compression. */ ++ if ((size_t)bytes_avail > metadata_bytes) ++ bytes_avail = metadata_bytes; + memcpy(mp, p, bytes_avail); + bytes_used = (size_t)bytes_avail; + metadata_bytes -= bytes_used; -- 2.8.2 ^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari 2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari @ 2016-05-11 13:44 ` Ludovic Courtès 2016-05-12 1:55 ` Leo Famulari 2016-05-15 6:45 ` Leo Famulari 2 siblings, 1 reply; 10+ messages in thread From: Ludovic Courtès @ 2016-05-11 13:44 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari <leo@famulari.name> skribis: > There is a buffer overflow in libarchive, CVE-2016-1541 [0]. According > to MITRE description, it "allows remote attackers to execute arbitrary > code via crafted entry-size values in a ZIP archive." > > Yikes! > > This patch applies the upstream patch [1]. > > Requesting your review, since soooo many packages depend on libarchive. LGTM. > I will follow this commit with an "ungrafting" commit on core-updates. Cool! Thank you! Ludo’. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès @ 2016-05-12 1:55 ` Leo Famulari 2016-05-12 5:22 ` Jan Nieuwenhuizen 2016-05-12 7:24 ` Manolis Ragkousis 0 siblings, 2 replies; 10+ messages in thread From: Leo Famulari @ 2016-05-12 1:55 UTC (permalink / raw) To: Ludovic Courtès; +Cc: guix-devel On Wed, May 11, 2016 at 03:44:59PM +0200, Ludovic Courtès wrote: > Leo Famulari <leo@famulari.name> skribis: > > This patch applies the upstream patch [1]. > > LGTM. Done as e7806e6ca. > > I will follow this commit with an "ungrafting" commit on core-updates. > > Cool! There are conflicts in cross gnu/packages/cross-base.scm when merging master (e7806e6ca) into core-updates (f10e7ef47). These are the commits that are conflicting: Core-updates: 55de892b4 (gnu: glibc: Rename linux-headers input to kernel-headers). Master: efc4eb147 (gnu: cross: Use CROSS_*_INCLUDE_PATH for system headers) and maybe the follow-up typo fix in 0a0884c9 (gnu: cross: Fix typo). I could try to resolve the conflict myself, but I think it's better if Jan and Manolis work together, or at least give me some instructions. Here are the specific conflicts I'm not sure how to resolve: 182 <<<<<<< HEAD 183 (string-prefix? kernel x))) 184 185 (setenv "CROSS_CPATH" 186 (string-append libc "/include:" 187 kernel "/include")) 188 ======= 189 (string-prefix? linux x))) 190 (let ((cpath (string-append 191 libc "/include" 192 ":" linux "/include"))) 193 (for-each (cut setenv <> cpath) 194 '("CROSS_C_INCLUDE_PATH" 195 "CROSS_CPLUS_INCLUDE_PATH" 196 "CROSS_OBJC_INCLUDE_PATH" 197 "CROSS_OBJCPLUS_INCLUDE_PATH"))) 198 >>>>>>> master 347 <<<<<<< HEAD 348 (let ((kernel (assoc-ref inputs "kernel-headers"))) 349 (setenv "CROSS_CPATH" 350 (string-append kernel "/include")) 351 ======= 352 (let* ((linux (assoc-ref inputs "linux-headers")) 353 (cpath (string-append linux "/include"))) 354 (for-each (cut setenv <> cpath) 355 '("CROSS_C_INCLUDE_PATH" 356 "CROSS_CPLUS_INCLUDE_PATH" 357 "CROSS_OBJC_INCLUDE_PATH" 358 "CROSS_OBJCPLUS_INCLUDE_PATH")) 359 >>>>>>> master The other conflicts are just comments that need 's/linux/kernel'. ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-12 1:55 ` Leo Famulari @ 2016-05-12 5:22 ` Jan Nieuwenhuizen 2016-05-13 6:45 ` Leo Famulari 2016-05-12 7:24 ` Manolis Ragkousis 1 sibling, 1 reply; 10+ messages in thread From: Jan Nieuwenhuizen @ 2016-05-12 5:22 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari writes: > There are conflicts in cross gnu/packages/cross-base.scm when merging > master (e7806e6ca) into core-updates (f10e7ef47). > > These are the commits that are conflicting: > > Core-updates: 55de892b4 (gnu: glibc: Rename linux-headers input to > kernel-headers). > > Master: efc4eb147 (gnu: cross: Use CROSS_*_INCLUDE_PATH for system > headers) and maybe the follow-up typo fix in 0a0884c9 (gnu: cross: Fix > typo). > > I could try to resolve the conflict myself, but I think it's better if > Jan and Manolis work together, or at least give me some instructions. I looked into it. If you modify the patch, changing `linux' to `kernel' except in one place (define (cross? x) ==>except this line ;; Return #t if X is a cross-libc or cross Linux. (or (string-prefix? libc x) (string-prefix? kernel x))) it applies cleanly. Here's what I did to do that mechanically. git reset --hard origin/master git rebase origin/core-updates ... cp .git/rebase-apply/patch patch sed -i s/linux/kernel/gi patch sed -i 's/or cross kernel/or cross Linux/' patch git reset --hard HEAD patch -p1 < patch If I can help any better, please let me know. Greetings, Jan -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-12 5:22 ` Jan Nieuwenhuizen @ 2016-05-13 6:45 ` Leo Famulari 2016-05-13 18:16 ` Jan Nieuwenhuizen 2016-05-14 17:26 ` Manolis Ragkousis 0 siblings, 2 replies; 10+ messages in thread From: Leo Famulari @ 2016-05-13 6:45 UTC (permalink / raw) To: Jan Nieuwenhuizen; +Cc: guix-devel [-- Attachment #1: Type: text/plain, Size: 402 bytes --] On Thu, May 12, 2016 at 07:22:30AM +0200, Jan Nieuwenhuizen wrote: > Leo Famulari writes: > > > There are conflicts in cross gnu/packages/cross-base.scm when merging > > master (e7806e6ca) into core-updates (f10e7ef47). Thanks Manolis and Jan. I think I resolved the conflict properly. I've attached the file that results after I resolve the conflict. Can you tell me if it's doing the right thing? [-- Attachment #2: cross-base.scm --] [-- Type: text/plain, Size: 16963 bytes --] ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. (define-module (gnu packages cross-base) #:use-module (guix licenses) #:use-module (gnu packages) #:use-module (gnu packages gcc) #:use-module (gnu packages base) #:use-module (gnu packages commencement) #:use-module (gnu packages linux) #:use-module (guix packages) #:use-module (guix download) #:use-module (guix utils) #:use-module (guix build-system gnu) #:use-module (guix build-system trivial) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) #:export (cross-binutils cross-libc cross-gcc)) (define %xgcc ;; GCC package used as the basis for cross-compilation. It doesn't have to ;; be 'gcc' and can be a specific variant such as 'gcc-4.8'. gcc) (define (cross p target) (package (inherit p) (name (string-append (package-name p) "-cross-" target)) (arguments (substitute-keyword-arguments (package-arguments p) ((#:configure-flags flags) `(cons ,(string-append "--target=" target) ,flags)))))) (define (package-with-patch original patch) "Return package ORIGINAL with PATCH applied." (package (inherit original) (source (origin (inherit (package-source original)) (patches (list patch)))))) (define (cross-binutils target) "Return a cross-Binutils for TARGET." (let ((binutils (package (inherit binutils) (arguments (substitute-keyword-arguments (package-arguments binutils) ((#:configure-flags flags) ;; Build with `--with-sysroot' so that ld honors ;; DT_RUNPATH entries when searching for a needed ;; library. This works because as a side effect ;; `genscripts.sh' sets `USE_LIBPATH=yes', which tells ;; elf32.em to use DT_RUNPATH in its search list. ;; See <http://sourceware.org/ml/binutils/2013-05/msg00312.html>. ;; ;; In theory choosing / as the sysroot could lead ld ;; to pick up native libs instead of target ones. In ;; practice the RUNPATH of target libs only refers to ;; target libs, not native libs, so this is safe. `(cons "--with-sysroot=/" ,flags))))))) ;; For Xtensa, apply Qualcomm's patch. (cross (if (string-prefix? "xtensa-" target) (package-with-patch binutils (search-patch "ath9k-htc-firmware-binutils.patch")) binutils) target))) (define (cross-gcc-arguments target libc) "Return build system arguments for a cross-gcc for TARGET, using LIBC (which may be either a libc package or #f.)" ;; Set the current target system so that 'glibc-dynamic-linker' returns the ;; right name. (parameterize ((%current-target-system target)) ;; Disable stripping as this can break binaries, with object files of ;; libgcc.a showing up as having an unknown architecture. See ;; <http://lists.fedoraproject.org/pipermail/arm/2010-August/000663.html> ;; for instance. (let ((args `(#:strip-binaries? #f ,@(package-arguments %xgcc)))) (substitute-keyword-arguments args ((#:configure-flags flags) `(append (list ,(string-append "--target=" target) ,@(if libc `( ;; Disable libcilkrts because it is not ;; ported to GNU/Hurd. "--disable-libcilkrts") `( ;; Disable features not needed at this stage. "--disable-shared" "--enable-static" "--enable-languages=c,c++" ;; libstdc++ cannot be built at this stage ;; ("Link tests are not allowed after ;; GCC_NO_EXECUTABLES."). "--disable-libstdc++-v3" "--disable-threads" ;libgcc, would need libc "--disable-libatomic" "--disable-libmudflap" "--disable-libgomp" "--disable-libssp" "--disable-libquadmath" "--disable-decimal-float" ;would need libc "--disable-libcilkrts" ))) ,(if libc flags `(remove (cut string-match "--enable-languages.*" <>) ,flags)))) ((#:make-flags flags) (if libc `(let ((libc (assoc-ref %build-inputs "libc"))) ;; FLAGS_FOR_TARGET are needed for the target libraries to receive ;; the -Bxxx for the startfiles. (cons (string-append "FLAGS_FOR_TARGET=-B" libc "/lib") ,flags)) flags)) ((#:phases phases) (let ((phases `(alist-cons-after 'install 'make-cross-binutils-visible (lambda* (#:key outputs inputs #:allow-other-keys) (let* ((out (assoc-ref outputs "out")) (libexec (string-append out "/libexec/gcc/" ,target)) (binutils (string-append (assoc-ref inputs "binutils-cross") "/bin/" ,target "-")) (wrapper (string-append (assoc-ref inputs "ld-wrapper-cross") "/bin/" ,target "-ld"))) (for-each (lambda (file) (symlink (string-append binutils file) (string-append libexec "/" file))) '("as" "nm")) (symlink wrapper (string-append libexec "/ld")) #t)) (alist-replace 'install (lambda _ ;; Unlike our 'strip' phase, this will do the right thing ;; for cross-compilers. (zero? (system* "make" "install-strip"))) ,phases)))) (if libc `(alist-cons-before 'configure 'set-cross-path (lambda* (#:key inputs #:allow-other-keys) ;; Add the cross kernel headers to CROSS_CPATH, and remove them ;; from CPATH. (let ((libc (assoc-ref inputs "libc")) (kernel (assoc-ref inputs "xkernel-headers"))) (define (cross? x) ;; Return #t if X is a cross-libc or cross Linux. (or (string-prefix? libc x) (string-prefix? kernel x))) (let ((cpath (string-append libc "/include" ":" kernel "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" "CROSS_OBJC_INCLUDE_PATH" "CROSS_OBJCPLUS_INCLUDE_PATH"))) (setenv "CROSS_LIBRARY_PATH" (string-append libc "/lib")) (for-each (lambda (var) (and=> (getenv var) (lambda (value) (let* ((path (search-path-as-string->list value)) (native-path (list->search-path-as-string (remove cross? path) ":"))) (setenv var native-path))))) '("C_INCLUDE_PATH" "CPLUS_INCLUDE_PATH" "OBJC_INCLUDE_PATH" "OBJCPLUS_INCLUDE_PATH" "LIBRARY_PATH")) #t)) ,phases) phases))))))) (define (cross-gcc-patches target) "Return GCC patches needed for TARGET." (cond ((string-prefix? "xtensa-" target) ;; Patch by Qualcomm needed to build the ath9k-htc firmware. (search-patches "ath9k-htc-firmware-gcc.patch")) (else '()))) (define* (cross-gcc target #:optional (xbinutils (cross-binutils target)) libc) "Return a cross-compiler for TARGET, where TARGET is a GNU triplet. Use XBINUTILS as the associated cross-Binutils. If LIBC is false, then build a GCC that does not target a libc; otherwise, target that libc." (package (inherit %xgcc) (name (string-append "gcc-cross-" (if libc "" "sans-libc-") target)) (source (origin (inherit (package-source %xgcc)) (patches (append (origin-patches (package-source %xgcc)) (cons (search-patch "gcc-cross-environment-variables.patch") (cross-gcc-patches target)))))) ;; For simplicity, use a single output. Otherwise libgcc_s & co. are not ;; found by default, etc. (outputs '("out")) (arguments `(#:implicit-inputs? #f #:modules ((guix build gnu-build-system) (guix build utils) (ice-9 regex) (srfi srfi-1) (srfi srfi-26)) ,@(cross-gcc-arguments target libc))) (native-inputs `(("ld-wrapper-cross" ,(make-ld-wrapper (string-append "ld-wrapper-" target) #:target target #:binutils xbinutils)) ("binutils-cross" ,xbinutils) ;; Call it differently so that the builder can check whether the "libc" ;; input is #f. ("libc-native" ,@(assoc-ref %final-inputs "libc")) ;; Remaining inputs. ,@(let ((inputs (append (package-inputs %xgcc) (alist-delete "libc" %final-inputs)))) (if libc `(("libc" ,libc) ("xkernel-headers" ;the target headers ,@(assoc-ref (package-propagated-inputs libc) "kernel-headers")) ,@inputs) inputs)))) (inputs '()) ;; Only search target inputs, not host inputs. ;; Note: See <http://bugs.gnu.org/22186> for why not 'CPATH'. (search-paths (list (search-path-specification (variable "CROSS_C_INCLUDE_PATH") (files '("include"))) (search-path-specification (variable "CROSS_CPLUS_INCLUDE_PATH") (files '("include"))) (search-path-specification (variable "CROSS_OBJC_INCLUDE_PATH") (files '("include"))) (search-path-specification (variable "CROSS_OBJCPLUS_INCLUDE_PATH") (files '("include"))) (search-path-specification (variable "CROSS_LIBRARY_PATH") (files '("lib" "lib64"))))) (native-search-paths '()))) (define* (cross-libc target #:optional (xgcc (cross-gcc target)) (xbinutils (cross-binutils target))) "Return a libc cross-built for TARGET, a GNU triplet. Use XGCC and XBINUTILS and the cross tool chain." (define xlinux-headers (package (inherit linux-libre-headers) (name (string-append (package-name linux-libre-headers) "-cross-" target)) (arguments (substitute-keyword-arguments `(#:implicit-cross-inputs? #f ,@(package-arguments linux-libre-headers)) ((#:phases phases) `(alist-replace 'build (lambda _ (setenv "ARCH" ,(system->linux-architecture target)) (format #t "`ARCH' set to `~a' (cross compiling)~%" (getenv "ARCH")) (and (zero? (system* "make" "defconfig")) (zero? (system* "make" "mrproper" "headers_check")))) ,phases)))) (native-inputs `(("cross-gcc" ,xgcc) ("cross-binutils" ,xbinutils) ,@(package-native-inputs linux-libre-headers))))) (package (inherit glibc) (name (string-append "glibc-cross-" target)) (arguments (substitute-keyword-arguments `(;; Disable stripping (see above.) #:strip-binaries? #f ;; This package is used as a target input, but it should not have ;; the usual cross-compilation inputs since that would include ;; itself. #:implicit-cross-inputs? #f ,@(package-arguments glibc)) ((#:configure-flags flags) `(cons ,(string-append "--host=" target) ,flags)) ((#:phases phases) `(alist-cons-before 'configure 'set-cross-kernel-headers-path (lambda* (#:key inputs #:allow-other-keys) (let* ((kernel (assoc-ref inputs "kernel-headers")) (cpath (string-append kernel "/include"))) (for-each (cut setenv <> cpath) '("CROSS_C_INCLUDE_PATH" "CROSS_CPLUS_INCLUDE_PATH" "CROSS_OBJC_INCLUDE_PATH" "CROSS_OBJCPLUS_INCLUDE_PATH")) #t)) ,phases)))) ;; Shadow the native "kernel-headers" because glibc's recipe expects the ;; "kernel-headers" input to point to the right thing. (propagated-inputs `(("kernel-headers" ,xlinux-headers))) ;; FIXME: 'static-bash' should really be an input, not a native input, but ;; to do that will require building an intermediate cross libc. (inputs '()) (native-inputs `(("cross-gcc" ,xgcc) ("cross-binutils" ,xbinutils) ,@(package-inputs glibc) ;FIXME: static-bash ,@(package-native-inputs glibc))))) \f ;;; ;;; Concrete cross toolchains. ;;; (define-public xgcc-mips64el (let* ((triplet "mips64el-linux-gnuabi64") ;N64 ABI (xgcc (cross-gcc triplet (cross-binutils triplet) (cross-libc triplet)))) ;; Don't attempt to build this cross-compiler on i686; ;; see <http://bugs.gnu.org/19598>. (package (inherit xgcc) (supported-systems (fold delete (package-supported-systems xgcc) '("mips64el-linux" "i686-linux")))))) (define-public xgcc-avr ;; AVR cross-compiler, used to build AVR-Libc. (let ((triplet "avr")) (cross-gcc triplet (cross-binutils triplet)))) (define-public xgcc-xtensa ;; Bare-bones Xtensa cross-compiler, used to build the Atheros firmware. (cross-gcc "xtensa-elf")) (define-public xgcc-armhf (let* ((triplet "arm-linux-gnueabihf") (xgcc (cross-gcc triplet (cross-binutils triplet) (cross-libc triplet)))) (package (inherit xgcc) (supported-systems (delete "armhf-linux" %supported-systems))))) ;; (define-public xgcc-armel ;; (let ((triplet "armel-linux-gnueabi")) ;; (cross-gcc triplet ;; (cross-binutils triplet) ;; (cross-libc triplet)))) ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-13 6:45 ` Leo Famulari @ 2016-05-13 18:16 ` Jan Nieuwenhuizen 2016-05-14 17:26 ` Manolis Ragkousis 1 sibling, 0 replies; 10+ messages in thread From: Jan Nieuwenhuizen @ 2016-05-13 18:16 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Leo Famulari writes: > I've attached the file that results after I resolve the conflict. Can > you tell me if it's doing the right thing? Yes that looks fine. Thanks, Greetings, Jan -- Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.nl ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-13 6:45 ` Leo Famulari 2016-05-13 18:16 ` Jan Nieuwenhuizen @ 2016-05-14 17:26 ` Manolis Ragkousis 1 sibling, 0 replies; 10+ messages in thread From: Manolis Ragkousis @ 2016-05-14 17:26 UTC (permalink / raw) To: Leo Famulari; +Cc: Guix-devel Okay from me as well. Thank you Manolis ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-12 1:55 ` Leo Famulari 2016-05-12 5:22 ` Jan Nieuwenhuizen @ 2016-05-12 7:24 ` Manolis Ragkousis 1 sibling, 0 replies; 10+ messages in thread From: Manolis Ragkousis @ 2016-05-12 7:24 UTC (permalink / raw) To: Leo Famulari; +Cc: guix-devel Hey Leo, Thanks for telling me. Modify it to > 189 (string-prefix? kernel x))) > 190 (let ((cpath (string-append > 191 libc "/include" > 192 ":" kernel "/include"))) > 193 (for-each (cut setenv <> cpath) > 194 '("CROSS_C_INCLUDE_PATH" > 195 "CROSS_CPLUS_INCLUDE_PATH" > 196 "CROSS_OBJC_INCLUDE_PATH" > 197 "CROSS_OBJCPLUS_INCLUDE_PATH"))) > 352 (let* ((kernel (assoc-ref inputs "kernel-headers")) > 353 (cpath (string-append kernel "/include"))) > 354 (for-each (cut setenv <> cpath) > 355 '("CROSS_C_INCLUDE_PATH" > 356 "CROSS_CPLUS_INCLUDE_PATH" > 357 "CROSS_OBJC_INCLUDE_PATH" > 358 "CROSS_OBJCPLUS_INCLUDE_PATH")) Update the patch and tell me if there are any more problems. Thank you, Manolis ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH 0/1] libarchive: Fix CVE-2016-1541 2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari 2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari 2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès @ 2016-05-15 6:45 ` Leo Famulari 2 siblings, 0 replies; 10+ messages in thread From: Leo Famulari @ 2016-05-15 6:45 UTC (permalink / raw) To: guix-devel On Tue, May 10, 2016 at 04:29:08PM -0400, Leo Famulari wrote: > I will follow this commit with an "ungrafting" commit on core-updates. Done as 4fa05a81983d4aa33837e1c01457442be7b58aad ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-05-15 6:45 UTC | newest] Thread overview: 10+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-05-10 20:29 [PATCH 0/1] libarchive: Fix CVE-2016-1541 Leo Famulari 2016-05-10 20:29 ` [PATCH 1/1] gnu: " Leo Famulari 2016-05-11 13:44 ` [PATCH 0/1] " Ludovic Courtès 2016-05-12 1:55 ` Leo Famulari 2016-05-12 5:22 ` Jan Nieuwenhuizen 2016-05-13 6:45 ` Leo Famulari 2016-05-13 18:16 ` Jan Nieuwenhuizen 2016-05-14 17:26 ` Manolis Ragkousis 2016-05-12 7:24 ` Manolis Ragkousis 2016-05-15 6:45 ` Leo Famulari
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).