[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/02: Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
|
From: |
Marius Bakke |
|
Subject: |
01/02: Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671." |
|
Date: |
Tue, 2 Jan 2018 11:06:15 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit 0c86790bfdf5a3e61bff6e289c1dcef16154a27b
Author: Marius Bakke <address@hidden>
Date: Tue Nov 28 18:04:36 2017 +0100
Revert "gnu: glibc: Fix CVE-2017-15670, CVE-2017-15671."
These issues has been classified as minor by Debian:
https://security-tracker.debian.org/tracker/CVE-2017-15670
https://security-tracker.debian.org/tracker/CVE-2017-15671
In addition, the patch only fixes one of the two CVEs it claims to fix. We
don't backport most CVEs, especially non-critical ones, so no need to carry
this (which is in 2.26). See discussion at <https://bugs.gnu.org/29490>.
This reverts commit 60e29339d8389e678bb9ca4bd3420ee9ee88bdf2.
---
gnu/local.mk | 1 -
gnu/packages/base.scm | 4 ----
.../patches/glibc-CVE-2017-15670-15671.patch | 27 ----------------------
3 files changed, 32 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 2a2def9..8b25cb8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -682,7 +682,6 @@ dist_patch_DATA =
\
%D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
%D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
%D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
- %D%/packages/patches/glibc-CVE-2017-15670-15671.patch \
%D%/packages/patches/glibc-bootstrap-system.patch \
%D%/packages/patches/glibc-ldd-x86_64.patch \
%D%/packages/patches/glibc-locales.patch \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index 53db5fe..ee92c49 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -852,7 +852,6 @@ GLIBC/HURD for a Hurd host"
"glibc-o-largefile.patch"
"glibc-vectorized-strcspn-guards.patch"
"glibc-CVE-2015-5180.patch"
- "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -873,7 +872,6 @@ GLIBC/HURD for a Hurd host"
"glibc-o-largefile.patch"
"glibc-vectorized-strcspn-guards.patch"
"glibc-CVE-2015-5180.patch"
- "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -897,7 +895,6 @@ GLIBC/HURD for a Hurd host"
"glibc-CVE-2016-3075.patch"
"glibc-CVE-2016-3706.patch"
"glibc-CVE-2016-4429.patch"
- "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))))
@@ -920,7 +917,6 @@ GLIBC/HURD for a Hurd host"
"glibc-CVE-2016-3075.patch"
"glibc-CVE-2016-3706.patch"
"glibc-CVE-2016-4429.patch"
- "glibc-CVE-2017-15670-15671.patch"
"glibc-CVE-2017-1000366-pt1.patch"
"glibc-CVE-2017-1000366-pt2.patch"
"glibc-CVE-2017-1000366-pt3.patch"))))
diff --git a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
b/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
deleted file mode 100644
index 76d688c..0000000
--- a/gnu/packages/patches/glibc-CVE-2017-15670-15671.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Fix CVE-2017-15670:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15670
-https://sourceware.org/bugzilla/show_bug.cgi?id=22320
-https://bugzilla.redhat.com/show_bug.cgi?id=1504804
-
-And CVE-2017-15671:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15671
-https://sourceware.org/bugzilla/show_bug.cgi?id=22325
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15671
-
-Copied from upstream:
-<https://git.savannah.gnu.org/cgit/gnulib.git/commit/?id=2d1bd71ec70a31b01d01b734faa66bb1ed28961f>
-
-diff --git a/posix/glob.c b/posix/glob.c
---- a/posix/glob.c
-+++ b/posix/glob.c
-@@ -843,7 +843,7 @@
- *p = '\0';
- }
- else
-- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
-+ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
- = '\0';
- user_name = newp;
- }