MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 14:54:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

glibc: 2.25-49 -> 2.26-75

Browse source 
Security: the NEWS claims a couple more CVEs are fixed than what we
patched, though perhaps nothing critical.

I personally don't find DNS fragmentation attacks that interesting
anymore, as it's just about weaker improvements for cases that choose
not to use DNSSEC.

Largest expected caveat: upstream bumped the minimal supportable kernel
to 3.2.0.  That's the oldest kernel still supported upstream, released
in Jan 2012, but most notably RHEL 6 and derivates still use a heavily
patched 2.6.32 kernel and those systems are still supported and in use
(production support is scheduled to last till the end of 2020!).
This commit is contained in:
Vladimír Čunát 2017-08-26 11:35:11 +02:00
parent 0c01c58aec
commit 9bb67d5c1e
No known key found for this signature in database
GPG key ID: E747DF1F9575A3AA
3 changed files with 7 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
pkgs/development/libraries/glibc/2.25-49.patch.gz
View file

Binary file not shown.

BIN
pkgs/development/libraries/glibc/2.26-75.patch.gz Normal file
View file

Binary file not shown.

17
pkgs/development/libraries/glibc/common.nix
View file

@ -19,9 +19,9 @@
} @ args: } @ args:
let let
version = "2.25"; version = "2.26";
patchSuffix = "-49"; patchSuffix = "-75";
sha256 = "067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0"; sha256 = "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5";
cross = if buildPlatform != hostPlatform then hostPlatform else null; cross = if buildPlatform != hostPlatform then hostPlatform else null;
in in
@ -46,7 +46,7 @@ stdenv.mkDerivation ({
glibc-2.25-49-gbc5ace67fe glibc-2.25-49-gbc5ace67fe
$ git show --reverse glibc-2.25..release/2.25/master | gzip -n -9 --rsyncable - > 2.25-49.patch.gz $ git show --reverse glibc-2.25..release/2.25/master | gzip -n -9 --rsyncable - > 2.25-49.patch.gz
*/ */
./2.25-49.patch.gz ./2.26-75.patch.gz
/* Have rpcgen(1) look for cpp(1) in $PATH. */ /* Have rpcgen(1) look for cpp(1) in $PATH. */
./rpcgen-path.patch ./rpcgen-path.patch
@ -100,15 +100,12 @@ stdenv.mkDerivation ({
(if profilingLibraries (if profilingLibraries
then "--enable-profile" then "--enable-profile"
else "--disable-profile") else "--disable-profile")
] ++ lib.optionals (cross == null && withLinuxHeaders) [ ] ++ lib.optionals withLinuxHeaders [
"--enable-kernel=2.6.32" "--enable-kernel=3.2.0" # can't get below with glibc >= 2.26
] ++ lib.optionals (cross != null) [ ] ++ lib.optionals (cross != null) [
(if cross.withTLS then "--with-tls" else "--without-tls") (if cross.withTLS then "--with-tls" else "--without-tls")
(if cross ? float && cross.float == "soft" then "--without-fp" else "--with-fp") (if cross ? float && cross.float == "soft" then "--without-fp" else "--with-fp")
] ++ lib.optionals (cross != null ] ++ lib.optionals (cross != null) [
&& cross.platform ? kernelMajor
&& cross.platform.kernelMajor == "2.6") [
"--enable-kernel=2.6.0"
"--with-__thread" "--with-__thread"
] ++ lib.optionals (cross == null && stdenv.isArm) [ ] ++ lib.optionals (cross == null && stdenv.isArm) [
"--host=arm-linux-gnueabi" "--host=arm-linux-gnueabi"