[bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.

From:	Liliana Marie Prikler
Subject:	[bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.
Date:	Sat, 07 Oct 2023 00:56:43 +0200
User-agent:	Evolution 3.46.4

Am Samstag, dem 07.10.2023 um 00:24 +0200 schrieb Ludovic Courtès:
> Hi Liliana,
> 
> Liliana Marie Prikler <liliana.prikler@gmail.com> skribis:
> 
> > * gnu/packages/patches/glibc-2.35-CVE-2023-4911.patch: New file.
> > * gnu/local.mk: Register it here.
> > * gnu/packages/base.scm (glibc/fixed): New variable.
> > (glibc): Use it as replacement.
> 
> I’ve tested it and it LGTM.
> 
> I found a bug where the grafted libreoffice ends up indirectly
> referring to the broken libc in addition to the fixed one:
> 
> --8<---------------cut here---------------start------------->8---
> $ ./pre-inst-env guix build libreoffice
> /gnu/store/1v6kgw1nrccc67yqlm1pzic1y32z63xb-libreoffice-7.5.4.2
> $ guix gc -R /gnu/store/1v6kgw1nrccc67yqlm1pzic1y32z63xb-libreoffice-
> 7.5.4.2|grep glibc-2.35
> /gnu/store/gsjczqir1wbz8p770zndrpw4rnppmxi3-glibc-2.35
> /gnu/store/ln6hxqjvz6m9gdd9s97pivlqck7hzs99-glibc-2.35
> $ ./pre-inst-env guix build libreoffice --no-grafts
> /gnu/store/f5iibn55pm70icnk16hd4a8hwchicrvf-libreoffice-7.5.4.2
> $ guix gc -R /gnu/store/f5iibn55pm70icnk16hd4a8hwchicrvf-libreoffice-
> 7.5.4.2|grep glibc-2.35
> /gnu/store/gsjczqir1wbz8p770zndrpw4rnppmxi3-glibc-2.35
> $ guix graph -t references --path
> /gnu/store/1v6kgw1nrccc67yqlm1pzic1y32z63xb-libreoffice-7.5.4.2
> /gnu/store/gsjczqir1wbz8p770zndrpw4rnppmxi3-glibc-2.35
> /gnu/store/1v6kgw1nrccc67yqlm1pzic1y32z63xb-libreoffice-7.5.4.2
> /gnu/store/y392yldk4pbk4z5q587bz5n61hzbcf4g-mariadb-10.10.2-dev
> /gnu/store/cilkyfnc5fxmpviyypci3d2881ik3nih-mariadb-10.10.2-lib
> /gnu/store/gsjczqir1wbz8p770zndrpw4rnppmxi3-glibc-2.35
> --8<---------------cut here---------------end--------------->8---
> 
> Not a showstopper but we’ll need to investigate.
Eww.

> Another concern: we’ll be grafting every single package.  It hurts
> performance so we may want to “ungraft” in core-updates and get it
> merged soon.
> 
> Thoughts?
Is core-updates ready otherwise?  If not, we might want to do a quick
"ungrafting" branch before that.

Cheers

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Liliana Marie Prikler, 2023/10/04
- [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Liliana Marie Prikler, 2023/10/05
- [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Ludovic Courtès, 2023/10/06
  - [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Liliana Marie Prikler <=
    - [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Ludovic Courtès, 2023/10/11
    - bug#66348: [PATCH RFC] gnu: glibc: Fix CVE-2023-4911., Liliana Marie Prikler, 2023/10/12

Prev by Date: [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.
Next by Date: [bug#66378] [PATCH 00/35] Add xremap
Previous by thread: [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.
Next by thread: [bug#66348] [PATCH RFC] gnu: glibc: Fix CVE-2023-4911.
Index(es):
- Date
- Thread