mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-05-19 07:35:54 +02:00
gnu: glibc: Graft with fix for unsafe env variable [security-fixes].
Before this change, the environment variable GUIX_LOCPATH is not in the unsafe variable list, meaning that it is not unset in a privileged environment. This could lead to potential security issues. A CVE number is pending for this issue. A similar upstream glibc issue was CVE-2023-4911. * gnu/packages/base.scm (glibc)[replacement]: Add field to graft with ... (glibc/fixed): ... this new package. * gnu/packages/patches/glibc-guix-locpath.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. Change-Id: I74d87ce543bfba7d5f424efb2b87926ca336c725 Reported-by: "Stefan" <stefan-guix@vodafonemail.de>
This commit is contained in:
John Kehayias
@@ -1482,6 +1482,7 @@ dist_patch_DATA = \
|
||||
%D%/packages/patches/glibc-cross-objcopy.patch \
|
||||
%D%/packages/patches/glibc-cross-objdump.patch \
|
||||
%D%/packages/patches/glibc-dl-cache.patch \
|
||||
%D%/packages/patches/glibc-guix-locpath.patch \
|
||||
%D%/packages/patches/glibc-hidden-visibility-ldconfig.patch \
|
||||
%D%/packages/patches/glibc-hurd-clock_gettime_monotonic.patch \
|
||||
%D%/packages/patches/glibc-hurd-clock_t_centiseconds.patch \
|
||||
|
||||
Reference in New Issue
Block a user