diff options
author | Vladimír Čunát <vcunat@gmail.com> | 2017-08-26 11:35:11 +0200 |
---|---|---|
committer | Vladimír Čunát <vcunat@gmail.com> | 2017-11-05 19:10:42 +0100 |
commit | 9bb67d5c1e546968fa3d195f0bcad82414243566 (patch) | |
tree | 95473a32def5d86d4dcd0e9dccd5df37d78c22ce /pkgs/development/libraries | |
parent | 0c01c58aec109d856aeb09fc3479b4af902174a2 (diff) | |
download | nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar.gz nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar.bz2 nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar.lz nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar.xz nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.tar.zst nixlib-9bb67d5c1e546968fa3d195f0bcad82414243566.zip |
glibc: 2.25-49 -> 2.26-75
Security: the NEWS claims a couple more CVEs are fixed than what we patched, though perhaps nothing critical. I personally don't find DNS fragmentation attacks that interesting anymore, as it's just about weaker improvements for cases that choose not to use DNSSEC. Largest expected caveat: upstream bumped the minimal supportable kernel to 3.2.0. That's the oldest kernel still supported upstream, released in Jan 2012, but most notably RHEL 6 and derivates still use a heavily patched 2.6.32 kernel and those systems are still supported and in use (production support is scheduled to last till the end of 2020!).
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/glibc/2.25-49.patch.gz | bin | 89721 -> 0 bytes | |||
-rw-r--r-- | pkgs/development/libraries/glibc/2.26-75.patch.gz | bin | 0 -> 289084 bytes | |||
-rw-r--r-- | pkgs/development/libraries/glibc/common.nix | 17 |
3 files changed, 7 insertions, 10 deletions
diff --git a/pkgs/development/libraries/glibc/2.25-49.patch.gz b/pkgs/development/libraries/glibc/2.25-49.patch.gz deleted file mode 100644 index 6796347e3795..000000000000 --- a/pkgs/development/libraries/glibc/2.25-49.patch.gz +++ /dev/null Binary files differdiff --git a/pkgs/development/libraries/glibc/2.26-75.patch.gz b/pkgs/development/libraries/glibc/2.26-75.patch.gz new file mode 100644 index 000000000000..e2a8867e4fff --- /dev/null +++ b/pkgs/development/libraries/glibc/2.26-75.patch.gz Binary files differdiff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 5c7bbb32c330..7894d75fbe67 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -19,9 +19,9 @@ } @ args: let - version = "2.25"; - patchSuffix = "-49"; - sha256 = "067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0"; + version = "2.26"; + patchSuffix = "-75"; + sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5"; cross = if buildPlatform != hostPlatform then hostPlatform else null; in @@ -46,7 +46,7 @@ stdenv.mkDerivation ({ glibc-2.25-49-gbc5ace67fe $ git show --reverse glibc-2.25..release/2.25/master | gzip -n -9 --rsyncable - > 2.25-49.patch.gz */ - ./2.25-49.patch.gz + ./2.26-75.patch.gz /* Have rpcgen(1) look for cpp(1) in $PATH. */ ./rpcgen-path.patch @@ -100,15 +100,12 @@ stdenv.mkDerivation ({ (if profilingLibraries then "--enable-profile" else "--disable-profile") - ] ++ lib.optionals (cross == null && withLinuxHeaders) [ - "--enable-kernel=2.6.32" + ] ++ lib.optionals withLinuxHeaders [ + "--enable-kernel=3.2.0" # can't get below with glibc >= 2.26 ] ++ lib.optionals (cross != null) [ (if cross.withTLS then "--with-tls" else "--without-tls") (if cross ? float && cross.float == "soft" then "--without-fp" else "--with-fp") - ] ++ lib.optionals (cross != null - && cross.platform ? kernelMajor - && cross.platform.kernelMajor == "2.6") [ - "--enable-kernel=2.6.0" + ] ++ lib.optionals (cross != null) [ "--with-__thread" ] ++ lib.optionals (cross == null && stdenv.isArm) [ "--host=arm-linux-gnueabi" |