From 2a83d2a8265314af3d8b16f86187897223567d6e Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 19 Jun 2017 23:13:53 +0300 Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. * gnu/packages/base.scm (glibc)[replacement]: New field. (glibc-2.25-fixed): New variable. (address@hidden, address@hidden, address@hidden, address@hidden)[source]: Add patch. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, cross-gcc-wrapper, glibc-final)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/base.scm | 39 +++++++++++++++++++---- gnu/packages/commencement.scm | 4 +++ gnu/packages/patches/glibc-CVE-2017-1000366.patch | 33 +++++++++++++++++++ 4 files changed, 71 insertions(+), 6 deletions(-) create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch diff --git a/gnu/local.mk b/gnu/local.mk index ae4a59af0..6b598335b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -632,6 +632,7 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index d135a18bf..fe066edcd 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright © 2014, 2015, 2016 Mark H Weaver ;;; Copyright © 2014 Alex Kost ;;; Copyright © 2014, 2015 Manolis Fragkiskos Ragkousis -;;; Copyright © 2016 Efraim Flashner +;;; Copyright © 2016, 2017 Efraim Flashner ;;; Copyright © 2016 Jan Nieuwenhuizen ;;; Copyright © 2017 Marius Bakke ;;; @@ -558,6 +558,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc-2.25-patched) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -904,34 +905,56 @@ GLIBC/HURD for a Hurd host" ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) +(define glibc-2.25-patched + (package + (inherit glibc) + (replacement #f) + (source (origin + (inherit (package-source glibc)) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) + (define-public glibc-2.24 (package (inherit glibc) (version "2.24") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")))))) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) (define-public glibc-2.23 (package (inherit glibc) (version "2.23") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")))))) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) (define-public glibc-2.22 (package (inherit glibc) (version "2.22") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -939,7 +962,8 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) @@ -948,7 +972,8 @@ GLIBC/HURD for a Hurd host" (lambda _ ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21 (substitute* "configure" - (("/bin/pwd") "pwd")))))))))) + (("/bin/pwd") "pwd")) + #t)))))))) (define-public glibc-2.21 (package @@ -961,12 +986,14 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")) - (patches (search-patches "glibc-ldd-x86_64.patch")))))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch")))))) (define-public glibc-locales (package (inherit glibc) (name "glibc-locales") + (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc)))))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 1b41feac1..42892bbe8 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -3,6 +3,7 @@ ;;; Copyright © 2014 Andreas Enge ;;; Copyright © 2012 Nikita Karetnikov ;;; Copyright © 2014, 2015 Mark H Weaver +;;; Copyright © 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -469,6 +470,7 @@ the bootstrap environment." (package-with-bootstrap-guile (package (inherit glibc) (name "glibc-intermediate") + (replacement #f) (arguments `(#:guile ,%bootstrap-guile #:implicit-inputs? #f @@ -540,6 +542,7 @@ the bootstrap environment." that makes it available under the native tool names." (package (inherit gcc) (name (string-append (package-name gcc) "-wrapped")) + (replacement #f) (source #f) (build-system trivial-build-system) (outputs '("out")) @@ -642,6 +645,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~a \"address@hidden"~%" ;; The final glibc, which embeds the statically-linked Bash built above. (package (inherit glibc-final-with-bootstrap-bash) (name "glibc") + (replacement #f) (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete "static-bash" diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/packages/patches/glibc-CVE-2017-1000366.patch new file mode 100644 index 000000000..106e81d91 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch @@ -0,0 +1,33 @@ +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 17:09:55 +0200 +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 + programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=1 programs. +--- + ChangeLog | 7 +++++++ + elf/rtld.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) + + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) == 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) == 0) + { + library_path = &envline[13]; + break; +-- +2.9.3 + -- 2.13.1