From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37628) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJjOa-0006ts-B2 for guix-patches@gnu.org; Tue, 28 Nov 2017 12:10:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJjOU-0003m9-Cu for guix-patches@gnu.org; Tue, 28 Nov 2017 12:10:08 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:54471) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eJjOU-0003m5-8s for guix-patches@gnu.org; Tue, 28 Nov 2017 12:10:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eJjOU-0001q9-3f for guix-patches@gnu.org; Tue, 28 Nov 2017 12:10:02 -0500 Subject: [bug#29490] [PATCH] Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671." Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37518) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eJjOC-0006cW-MQ for guix-patches@gnu.org; Tue, 28 Nov 2017 12:09:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eJjO9-0003gf-E8 for guix-patches@gnu.org; Tue, 28 Nov 2017 12:09:44 -0500 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:54229) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1eJjO9-0003ga-A2 for guix-patches@gnu.org; Tue, 28 Nov 2017 12:09:41 -0500 From: Marius Bakke Date: Tue, 28 Nov 2017 18:09:37 +0100 Message-Id: <20171128170937.31110-1-mbakke@fastmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 29490@debbugs.gnu.org These issues has been classified as minor by Debian: https://security-tracker.debian.org/tracker/CVE-2017-15670 https://security-tracker.debian.org/tracker/CVE-2017-15671 ...and is not worth the cost of grafting and maintaining this patch. This reverts commit 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2. --- gnu/local.mk | 1 - gnu/packages/base.scm | 13 ----------- .../patches/glibc-CVE-2017-15670-15671.patch | 27 ---------------------- 3 files changed, 41 deletions(-) delete mode 100644 gnu/packages/patches/glibc-CVE-2017-15670-15671.patch diff --git a/gnu/local.mk b/gnu/local.mk index 0a46bfd3d..7b2fb7c7a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -682,7 +682,6 @@ dist_patch_DATA = \ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ - %D%/packages/patches/glibc-CVE-2017-15670-15671.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index 9cb628d8d..bc745351a 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -528,7 +528,6 @@ store.") (package (name "glibc") (version "2.25") - (replacement glibc/fixed) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -787,15 +786,6 @@ GLIBC/HURD for a Hurd host" (define-syntax glibc (identifier-syntax (glibc-for-target))) -(define glibc/fixed - (package - (inherit glibc) - (source (origin - (inherit (package-source glibc)) - (patches (append - (origin-patches (package-source glibc)) - (search-patches "glibc-CVE-2017-15670-15671.patch"))))))) - ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) @@ -815,7 +805,6 @@ GLIBC/HURD for a Hurd host" "glibc-o-largefile.patch" "glibc-vectorized-strcspn-guards.patch" "glibc-CVE-2015-5180.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -839,7 +828,6 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))))) @@ -862,7 +850,6 @@ GLIBC/HURD for a Hurd host" "glibc-CVE-2016-3075.patch" "glibc-CVE-2016-3706.patch" "glibc-CVE-2016-4429.patch" - "glibc-CVE-2017-15670-15671.patch" "glibc-CVE-2017-1000366-pt1.patch" "glibc-CVE-2017-1000366-pt2.patch" "glibc-CVE-2017-1000366-pt3.patch")))) diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch deleted file mode 100644 index 76d688c51..000000000 --- a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch +++ /dev/null @@ -1,27 +0,0 @@ -Fix CVE-2017-15670: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670 -https://sourceware.org/bugzilla/show_bug.cgi?id=22320 -https://bugzilla.redhat.com/show_bug.cgi?id=1504804 - -And CVE-2017-15671: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671 -https://sourceware.org/bugzilla/show_bug.cgi?id=22325 -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671 - -Copied from upstream: - - -diff --git a/posix/glob.c b/posix/glob.c ---- a/posix/glob.c -+++ b/posix/glob.c -@@ -843,7 +843,7 @@ - *p = '\0'; - } - else -- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) -+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) - = '\0'; - user_name = newp; - } -- 2.15.0