tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity
Files
4d1291eaaabc6ff440fa1e76e0c9160fd8a3c21a
guix/gnu
History
John Kehayias d659fe8666 gnu: glibc: Graft with fix for unsafe env variable [security-fixes]. 
Before this change, the environment variable GUIX_LOCPATH is not in the unsafe
variable list, meaning that it is not unset in a privileged environment.  This
could lead to potential security issues.  A CVE number is pending for this
issue.  A similar upstream glibc issue was CVE-2023-4911.

* gnu/packages/base.scm (glibc)[replacement]: Add field to graft with ...
(glibc/fixed): ... this new package.
* gnu/packages/patches/glibc-guix-locpath.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.

Change-Id: I74d87ce543bfba7d5f424efb2b87926ca336c725
Reported-by: "Stefan" <stefan-guix@vodafonemail.de>
2026-02-20 01:08:07 -05:00
..
bootloader
system: Remove depthcharger bootloader.
2026-02-17 16:52:31 +01:00
build
activation: copy-account-skeletons: Make all copied skeletons writable.
2026-02-06 19:14:46 +08:00
home
home: services: sway: Refactor flatmap to append-map.
2026-02-15 14:12:30 -05:00
installer
installer: run-wifi-page: Handle null ‘service-items’.
2026-02-11 12:14:13 +08:00
machine
packages
gnu: glibc: Graft with fix for unsafe env variable [security-fixes].
2026-02-20 01:08:07 -05:00
services
gnu: postgresql-role: Avoid leaking passwords through kernel's command line facility.
2026-02-11 10:57:06 +01:00
system
system: Remove asus-c201.tmp.
2026-02-17 16:52:24 +01:00
tests
services: web: Add go-webdav.
2026-02-08 23:53:58 +01:00
artwork.scm
artwork: Update commit.
2026-01-25 21:30:59 +01:00
bootloader.scm
ci.scm
ci: Also build 64-bit hurd image.
2026-02-09 22:49:30 +01:00
compression.scm
home.scm
image.scm
installer.scm
local.mk
gnu: glibc: Graft with fix for unsafe env variable [security-fixes].
2026-02-20 01:08:07 -05:00
machine.scm
packages.scm
services.scm
system.scm
tests.scm