From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43465)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e619h-00057Y-Mn
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:18:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e619e-0003lb-Gl
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:18:05 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:45995)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e619e-0003kK-CN
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:18:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e619e-0007Qo-4I
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:18:02 -0400
Subject: [bug#28933] [PATCH] gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671.
Resent-Message-ID: <handler.28933.B.150862067528552@debbugs.gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:43408)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1e619L-000563-Pl
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:17:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <mbakke@fastmail.com>) id 1e619I-0002i6-AM
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:17:43 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:56863)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <mbakke@fastmail.com>) id 1e619I-0002cA-4l
	for guix-patches@gnu.org; Sat, 21 Oct 2017 17:17:40 -0400
From: Marius Bakke <mbakke@fastmail.com>
Date: Sat, 21 Oct 2017 23:17:32 +0200
Message-Id: <20171021211732.13039-1-mbakke@fastmail.com>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 28933@debbugs.gnu.org

* gnu/packages/patches/glibc-CVE-2017-15670-15671.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/base.scm (glibc/linux)[replacement]: New field.
(glibc/fixed): New variable.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/base.scm                              | 10 ++++++++
 .../patches/glibc-CVE-2017-15670-15671.patch       | 27 ++++++++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 gnu/packages/patches/glibc-CVE-2017-15670-15671.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a4e3426f5..6b70300ff 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -665,6 +665,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch		\
   %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch		\
+  %D%/packages/patches/glibc-CVE-2017-15670-15671.patch		\
   %D%/packages/patches/glibc-bootstrap-system.patch		\
   %D%/packages/patches/glibc-ldd-x86_64.patch			\
   %D%/packages/patches/glibc-locales.patch			\
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index bc745351a..9c2ca149a 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -528,6 +528,7 @@ store.")
   (package
    (name "glibc")
    (version "2.25")
+   (replacement glibc/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-"
@@ -786,6 +787,15 @@ GLIBC/HURD for a Hurd host"
 (define-syntax glibc
   (identifier-syntax (glibc-for-target)))
 
+(define glibc/fixed
+  (package
+    (inherit glibc)
+    (source (origin
+              (inherit (package-source glibc))
+              (patches (append
+                        (origin-patches (package-source glibc))
+                        (search-patches "glibc-CVE-2017-15670-15671.patch")))))))
+
 ;; Below are old libc versions, which we use mostly to build locale data in
 ;; the old format (which the new libc cannot cope with.)
 
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
new file mode 100644
index 000000000..76d688c51
--- /dev/null
+++ b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-15670:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
+https://sourceware.org/bugzilla/show_bug.cgi?id=22320
+https://bugzilla.redhat.com/show_bug.cgi?id=1504804
+
+And CVE-2017-15671:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
+https://sourceware.org/bugzilla/show_bug.cgi?id=22325
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
+
+Copied from upstream:
+<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
+
+diff --git a/posix/glob.c b/posix/glob.c
+--- a/posix/glob.c
++++ b/posix/glob.c
+@@ -843,7 +843,7 @@
+ 		  *p = '\0';
+ 		}
+ 	      else
+-		*((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++		*((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ 		  = '\0';
+ 	      user_name = newp;
+ 	    }
-- 
2.14.2