Merge commit 'e4134747f5666bcab8680aff67fa3b63384f9a0f'

author: Alyssa Ross <hi@alyssa.is> 2020-01-11 23:37:02 +0000
committer: Alyssa Ross <hi@alyssa.is> 2020-01-11 23:41:30 +0000
commit: 6c557e3f1c28cf87e9fba232811d6875dd1399c1 (patch)
tree: 035a071d5d8980df6de0fa42e2ef8fc0cce7055e /nixpkgs/pkgs/development/libraries/glibc/common.nix
parent: da7500bc026e937ac7fce7b50f67a0e1765737a7 (diff)
parent: e4134747f5666bcab8680aff67fa3b63384f9a0f (diff)
download: nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.gz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.bz2
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.lz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.xz
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.zst
nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/nixpkgs/pkgs/development/libraries/glibc/common.nix b/nixpkgs/pkgs/development/libraries/glibc/common.nix
index 8e8e445f0173..32be2205bcc1 100644
--- a/nixpkgs/pkgs/development/libraries/glibc/common.nix
+++ b/nixpkgs/pkgs/development/libraries/glibc/common.nix
@@ -92,13 +92,21 @@ stdenv.mkDerivation ({
         url = "https://salsa.debian.org/glibc-team/glibc/raw/49767c9f7de4828220b691b29de0baf60d8a54ec/debian/patches/localedata/locale-C.diff";
         sha256 = "0irj60hs2i91ilwg5w7sqrxb695c93xg0ik7yhhq9irprd7fidn4";
       })
+
+      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
+      ./CVE-2018-11236.patch
+      # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f51c8367685dc888a02f7304c729ed5277904aff
+      ./CVE-2018-11237.patch
+    ]
+    ++ lib.optionals stdenv.isx86_64 [
+      ./fix-x64-abi.patch
+      ./2.27-CVE-2019-19126.patch
     ]
-    ++ lib.optional stdenv.isx86_64 ./fix-x64-abi.patch
     ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch
     ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch
 
     # Remove after upgrading to glibc 2.28+
-    ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) (fetchpatch {
+    ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform || stdenv.hostPlatform.isMusl) (fetchpatch {
       url = "https://sourceware.org/git/?p=glibc.git;a=patch;h=780684eb04298977bc411ebca1eadeeba4877833";
       name = "correct-pwent-parsing-issue-and-resulting-build.patch";
       sha256 = "08fja894vzaj8phwfhsfik6jj2pbji7kypy3q8pgxvsd508zdv1q";
author	Alyssa Ross <hi@alyssa.is>	2020-01-11 23:37:02 +0000
committer	Alyssa Ross <hi@alyssa.is>	2020-01-11 23:41:30 +0000
commit	6c557e3f1c28cf87e9fba232811d6875dd1399c1 (patch)
tree	035a071d5d8980df6de0fa42e2ef8fc0cce7055e /nixpkgs/pkgs/development/libraries/glibc/common.nix
parent	da7500bc026e937ac7fce7b50f67a0e1765737a7 (diff)
parent	e4134747f5666bcab8680aff67fa3b63384f9a0f (diff)
download	nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.gz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.bz2 nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.lz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.xz nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.tar.zst nixlib-6c557e3f1c28cf87e9fba232811d6875dd1399c1.zip