From mboxrd@z Thu Jan  1 00:00:00 1970
From: Leo Famulari <leo@famulari.name>
Subject: bug#27429: Stack clash (CVE-2017-1000366 etc)
Date: Wed, 21 Jun 2017 19:52:27 -0400
Message-ID: <20170621235227.GA4510@jasmine.lan>
References: <20170619222550.GA29289@jasmine.lan>
	<20170620004920.GB31586@jasmine.lan>
	<20170620071857.GA2768@macbook42.flashner.co.il>
	<87shiumj05.fsf@netris.org>
	<20170621084134.GA2870@macbook42.flashner.co.il>
	<20170621095045.GB2870@macbook42.flashner.co.il>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V"
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:46561)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNpQq-0007NX-2C
	for bug-guix@gnu.org; Wed, 21 Jun 2017 19:53:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNpQl-0002zi-8b
	for bug-guix@gnu.org; Wed, 21 Jun 2017 19:53:08 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:57703)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dNpQk-0002yn-OP
	for bug-guix@gnu.org; Wed, 21 Jun 2017 19:53:03 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dNpQk-0001li-AS
	for bug-guix@gnu.org; Wed, 21 Jun 2017 19:53:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.27429.B27429.14980891566765@debbugs.gnu.org>
Content-Disposition: inline
In-Reply-To: <20170621095045.GB2870@macbook42.flashner.co.il>
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: Efraim Flashner <efraim@flashner.co.il>
Cc: 27429@debbugs.gnu.org


--xHFwDpU9dbj6ez1V
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote:
> Had to make a small change to the patch, it turns out it couldn't build
> the source for glibc@2.21, so I changed the source to inherit from
> glibc@2.22 and not just from glibc. It doesn't change anything for the
> actual glibc@2.25.
>=20
> --=20
> Efraim Flashner   <efraim@flashner.co.il>   =D7=90=D7=A4=D7=A8=D7=99=D7=
=9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8
> GPG key =3D A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
> Confidentiality cannot be guaranteed on emails sent or received unencrypt=
ed

> From ef14fa6db5eaedabbaa092cbed2b6f8ee903837c Mon Sep 17 00:00:00 2001
> From: Efraim Flashner <efraim@flashner.co.il>
> Date: Mon, 19 Jun 2017 23:13:53 +0300
> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366.
>=20
> * gnu/packages/base.scm (glibc/linux)[replacement]: New field.
> (glibc-2.25-fixed): New variable.
> (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches.
> [replacement]: New field.
> (glibc-locales)[replacement]: New field.
> * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New fie=
ld.
> * gnu/packages/patches/glibc-CVE-2017-1000366.patch,
> gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch,
> gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.

Thanks, I'm building a bare-bones disk image to test this patch.

--xHFwDpU9dbj6ez1V
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllLBrAACgkQJkb6MLrK
fwjF5A/+N10tVo1r1mrK5Olzv/OxqFu9apXfczseIAfeB4e20EJ3wp+uu/fOX6Ku
zgqkDR91KAeBaAVFB/hudM64v/7GNMGkiLI09om2z9BnMKKYAC7v5lMLQOT9vqoj
p1Jn3TARjT665MDRT2BB+0aLAwU2lpG0MLE3zzqFkhyW0bfrXFxLDbZLxAdzWWS1
XeV+RWhgeDmlkDAlBbzSZVm7HBDuBOBAZcWihGZU7zZ5Yj3GX7x1nwu0fH0zsSkC
ta8Mh8CMK13ZRBEQG7ZoMx8IVE10+0BwplGasmQB5qF1zRiTqbXsbz1sPIPtKO9S
gZ6p//8hUIxsfuk0nG951icbctPVkYHTz/nwpSgoLYLl9TqK5JrHbq6Hv/iZKCBG
/dK/H+WPF/0N5q8tD+G2MyZgfE2p3gvdYJStIdcZmBiz3w3IhKQoCmNtZxuczU36
qwFVsdCxegb1RcDZAKfhTApZ/psnWXplIY383xepuMBVVMDFoNGI4REdaWNkp+WB
kPVQeQdTN+/B2CfgiRDxazewwlJ1CDicLIYGGBUQF+Qt7EpRW5AVJSz9A/MWPUdO
00+n2k9/GQRiV8ZfrLe6xPe3QdD3LW/laBl8ef2fPwPNWeasDd6MlnV7ebU/aUg3
akGFwvtKhfyWG4rqEDs1MSbdFmK1MPuo+qfXh5emncz5x4HI1Lk=
=Bygl
-----END PGP SIGNATURE-----

--xHFwDpU9dbj6ez1V--