From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 19 Jun 2017 22:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.149791116523469 (code B ref -1); Mon, 19 Jun 2017 22:27:01 +0000 Received: (at submit) by debbugs.gnu.org; 19 Jun 2017 22:26:05 +0000 Received: from localhost ([127.0.0.1]:56682 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN57V-00066S-2L for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:26:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:53889) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN57S-00065y-OU for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:26:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN57M-0003JR-NL for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:25:57 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58165) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN57M-0003JK-JV for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:25:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44838) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN57L-0003DV-F1 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN57I-0003Gc-SB for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:55 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:36253) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN57I-0003Et-66 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:52 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 547C820BC3; Mon, 19 Jun 2017 18:25:51 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 19 Jun 2017 18:25:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=lUc bs5qdDp2sJUwf02+VlMcKQK0KznzAIOPRW55ZnW8=; b=lololZFQMhcSh0+OkhN yiagGmB3iO9knb9aWSO8j1xvsGsLKjeBGhEAYUPiSYb4/riwZ4YBGAZbMDUO8Sgy 6FL6XI3Ow2t7tiK7NTCVZzLgZoGOVzHn1m/t75J5jLk8a3cAJacMG6Zfv6rKdzoj lb/7Qz25f/FJALb6rUx/TSmU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=lUcbs5qdDp2sJUwf02+VlMcKQK0KznzAIOPRW55Zn W8=; b=My0034r2equOSs5A7dYXZ1Ad7NPe44GkOj21ZF+vJjUQD1JIjPYbcLHUb vW658rTWEt1jsE4t4ReGKX9t4AFE39oHnDG6IvD58DcRPsU9Ssl2pYNPd+VIr29Q H/8RCXr7mPMt5qv/RoG/Vy7SmaTMVcxZWvnANm5j4ggWgjCZd2bwdnwhyWZmX2Um nDo6pDacXX3AmmN2pjMEMLhdCRdA8J6bB/Rv7/g6xhtyQG6AEeCF3iDxXIcN409b FfmPtBRU0xfmagV+Re2lcXQGkmmR9jH0WqiucvNfSTikCLQdH9NjaYX1Gi3QbU5x EDdfSb46wR38mNToZUf8kRz7WHnLw== X-ME-Sender: X-Sasl-enc: FM6zQbOrTWwQTcdiF3heAZ8STDqiJrxHolKXqPnhetZz 1497911151 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 129DD7E545 for ; Mon, 19 Jun 2017 18:25:51 -0400 (EDT) Date: Mon, 19 Jun 2017 18:25:50 -0400 From: Leo Famulari Message-ID: <20170619222550.GA29289@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.4 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This is a place to discuss the "stack crash" bugs as they apply to our packages. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIT2oACgkQJkb6MLrK fwgcVxAAwDdV1X/XqNDGjbBvaqWB6ZhCMHA6yI3OukdtkmEoO+SHcXcdJdVjfHUJ JdD4nRPEvowrHY4CSm1ls5AOgKYcL3MVZHGz+cDYs+Lo4gbdCnM87d1/6HqmyLKc p6xydZ1DfY3dIIraOGZ/cb9Y7a49WDnjl/b9wzEAuL/YIS5uDWr2W7VIJeTXR18z dcHb8UNfKmFjAg1dHQgxSenjl5Q0fUKlzjH5cwmX7x8WHepJrY51CKfbLDazGx2r 86azNANb0Mh7uPPhGxEgTbn0e2yiMbGGChYeohmbG0/SaWTRTxMV9JbdBdn2WJUy HHHevWvMp+FOlHKU/hcmqrHQkFTAYfgkSzdrk1d8t/rIL3N80ZxFrmb7KHXW6unH Lwnv7p+XLhTFkNIpF8/TR9XyWcoldBsltDP85pQmZAFoYfqPxsuVNie/9pWAdy7d 40sdeyHEMJqcC/PwDXmAoLluHLXfBWQ7w94gD4GxLjIp83vS+nERSvWNCrkN8NxP a5KS5F5iK0uLyGNJWKk8zm4WlmceupEhDuyRyTAv58L2IxINPxzIYao+1FmHR6yM dcIPiQmD7UJ3d6MoaUi9i9jclDXA3xHmtywcicYkHSLJ4elYLU4frej3M7JLxurt zjbrGy4TDYdKXI8UU8Cl10fTtCMXT+WbZrWlHD2BoTMTXemF7wI= =ypcD -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 19 Jun 2017 23:06:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149791351527077 (code B ref 27429); Mon, 19 Jun 2017 23:06:02 +0000 Received: (at 27429) by debbugs.gnu.org; 19 Jun 2017 23:05:15 +0000 Received: from localhost ([127.0.0.1]:56704 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN5jP-00072e-Hv for submit@debbugs.gnu.org; Mon, 19 Jun 2017 19:05:15 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:44529) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN5jN-00072V-25 for 27429@debbugs.gnu.org; Mon, 19 Jun 2017 19:05:14 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DC3802094F; Mon, 19 Jun 2017 19:05:11 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 19 Jun 2017 19:05:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=6FERI39hWGKvZvofQSBWV9TYLpWkB9+WY62BmH tYSec=; b=CimogB27PXthrV7PtweDLcRkRx9oTx9QB3e7SHKxYRjEtNQZmaYvAu wYOcHgcLIPoaIlZck6Hck/b98SSVeqTEMkUl4VS0DHFW6vnNEN0vMqIou/aJ47yj D0p3pK4aIHcwocZU/igJydqKKjrFL3DX3RpMLrz8jc8EEoGEgvR7w= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=6FERI39hWGKvZvofQS BWV9TYLpWkB9+WY62BmHtYSec=; b=APhgtWyTFQZcWo3AUxgnqXkwyRlydGzhuc 72DmJlbsan7yUhy9PdNYF52Olar+VS2uNQYmNHBix5rGhSNgDheQBMU/eYZRtVog OU5itR2soV2u/tTiDysv/5DFWedq4N0uSuA47frf+bU/DAUA/sJiZ14kiE2hNMbC 1hdCLV2HXFFbuDA9dvIuJpUBBV+zeQH8vWbS6KrJJtQrzNYvpbocqGwAZPfD4Mc4 DDfgDPLotqLakejrQzR6hlv9YYo4xp4xiJt+PahZGOcUstlOYveNp+zifl+CMgtG Gj2VCbvtuMJqOGUnfbZr8w5DEgUp3bfwsO+EDF9tre7wGYSNCNVA== X-ME-Sender: X-Sasl-enc: d4URM/9hTYKsrAUS6vE3gA/m7w2PrTVi8eWg+oYAnLBw 1497913511 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 9EE8424772 for <27429@debbugs.gnu.org>; Mon, 19 Jun 2017 19:05:11 -0400 (EDT) Date: Mon, 19 Jun 2017 19:05:10 -0400 From: Leo Famulari Message-ID: <20170619230510.GA16724@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="opJtzjQTFsWo+cga" Content-Disposition: inline In-Reply-To: <20170619222550.GA29289@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --opJtzjQTFsWo+cga Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I'm currently testing the patch for CVE-2017-1000369 in Exim: https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21 "To reach the start of the stack with the end of the heap (man brk), we permanently leak memory through multiple -p command-line arguments that are malloc()ated by Exim but never free()d (CVE-2017-1000369) -- we call such a malloc()ated chunk of heap memory a "memleak-chunk"." https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt --opJtzjQTFsWo+cga Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIWKIACgkQJkb6MLrK fwjGbhAAtGi7ju9SYU5rGssDK+pk+0TJslBqPo8jwA/ba0qX0yqX2at8W7QB1sKV cTKl4Mk+l91yv4z3jFnN24tGCbbq+6RqN4V84tBe1K2A/wMGXi9F8kGqvKVKHbNA LY3CBP12nsBw4NVjTqYjv53YvOHdYGEFwciSdv0+k+E1a+10Bc8jgcLfiDUL4L6a JyjMoGYjiKXKySSgCr3RHTzRMW6YG0IzlLcq32CMrtah0dhRvmAwGRSV89pR55YB PSLoUSvSNdXLkRaUUMN3VIyO2M7cuv3u99ytMpaj1eubU7kkR+l9f6bhUhWn2RYc N+B7yNJSj/pLI41IpN9kVaGFutHVRjnGPCYqaVu0KwCxjntZ13jbD+g6ReyBJ4zn ajLY6wqi4SXtANbO5IcliS/aIYOe8441DzNYNZ3AHaVlUWielRuq8xj3bJqpsxCZ 2F2C+fG+xSrr/WiDO8zJqBmkdPcEpRX5iSzrm1t1bIEYrYSB46yeb05dOhhZrvam 1/0domfmu2ctUgIf/CVBA6XdoAQOTIksMsrEuBZlzqhDH/dobZ+KD9EDSH7MYgNZ RmuScBUaMtRG2+D42bKuT81IeA6qsw/g/cMhccU/xkkyX+q9EHS48uD2x70+Rt7l Q3nifYkQHpxkJNCHq4kM3ThLloYkxC8dNFPxUwqk3wk5RAePNwk= =eUdb -----END PGP SIGNATURE----- --opJtzjQTFsWo+cga-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 00:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14979193328953 (code B ref 27429); Tue, 20 Jun 2017 00:43:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jun 2017 00:42:12 +0000 Received: from localhost ([127.0.0.1]:56752 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN7FE-0002KL-BQ for submit@debbugs.gnu.org; Mon, 19 Jun 2017 20:42:12 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:38735) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN7FC-0002KB-3o for 27429@debbugs.gnu.org; Mon, 19 Jun 2017 20:42:10 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id DB050207A8; Mon, 19 Jun 2017 20:42:06 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 19 Jun 2017 20:42:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=hcFCyzUlG1qFVzTlrFU94k+3tCQBHR+REFHeNr Rs/3U=; b=E+02DhNuJJyzUJrWnZh6/qmexcPKqGh4aQyBfScLJPKkeOw1qrEL37 Md8Bw4G4EROVxspzLrOtOuY/btRMAREW5eeHty6YfwQVEKOVcPtt7HgYmZNSTq8t +Q77RTDIw+Ws5SU8n9cd5mHDMqcy3CkkWanwx0uQyZnY1kgwfIjz4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=hcFCyzUlG1qFVzTlrF U94k+3tCQBHR+REFHeNrRs/3U=; b=rGSVxJn1O2PEStyY6sU+zOLcvuHzpFSy80 lm7GUP9E3pJuNXUUL8jJy3Dq+cqhJTj1pzX+n0LjLQ1F0jxal7q3PYOEEPvs2uys +oUHd1nu2y9TAaDWYQ1W0KpbELDSyd2ciJXJB+Nz/kBuRwn5AusZjSN0KVa67zkt WxfHzs3MKG6ffcIcIAUL+8mJtewfYt2/dMgHMdNXutZLcvc+HzvdJt0Uc1fOwTkT ScTNezMIUn/Tja+jd1YFejbh9+F9iN5Y6iSGHtJiYjmb4bRP41IAfwHx5qk4oINN muDEY1ELtEblr7DduykVTgwrkOGMypUeI5UvR1kmDp7oZ6m9Wnjw== X-ME-Sender: X-Sasl-enc: fBqSBO8VYP5MjPdpprJQ4/e7uHVY/jGRR4kngsbs0VUI 1497919326 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 9A5C97E46B for <27429@debbugs.gnu.org>; Mon, 19 Jun 2017 20:42:06 -0400 (EDT) Date: Mon, 19 Jun 2017 20:42:05 -0400 From: Leo Famulari Message-ID: <20170620004205.GA31586@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170619230510.GA16724@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="9amGYk9869ThD9tj" Content-Disposition: inline In-Reply-To: <20170619230510.GA16724@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --9amGYk9869ThD9tj Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 19, 2017 at 07:05:10PM -0400, Leo Famulari wrote: > I'm currently testing the patch for CVE-2017-1000369 in Exim: >=20 > https://git.exim.org/exim.git/commit/65e061b76867a9ea7aeeb535341b790b90ae= 6c21 >=20 > "To reach the start of the stack with the end of the heap (man brk), we > permanently leak memory through multiple -p command-line arguments that > are malloc()ated by Exim but never free()d (CVE-2017-1000369) -- we call > such a malloc()ated chunk of heap memory a "memleak-chunk"." >=20 > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Pushed as 4dd8d280857607d1ee41ae03c62c5e629ad75c37. --9amGYk9869ThD9tj Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIb10ACgkQJkb6MLrK fwhT6w//UpCp8g1w4CXUlrhsP2GupuLUyEo/0+fTtCaYmXocSfYWIHXQD7yAjfFl UwcKPWRDoawUfnRX1XsUsG9VX+G1x48mO/79V3zjMBfn1CGfH4R+7Ec2C64b+zzo D6Nh4dwJE4Si6mm2ogKj+kcQTw0DVk042ahIQS40gco1VxosJerAUwr/qghfTF1E thsDeyd1y9nJc2eO0U8DcKo4E3ek0hDqYdqw0ua2xoU7HiCP6QqHvLhWUXXuPeGJ bbD9uJmJHSX1CraIg32zvDms1gAXZNRybsEZ6Q7oX2eWKSTtmmSSc/oQkpUazWIf A9PMlYEZXasSgPMqKz4vooMDCdaAOriuEn+RBoNjYnofZT8vUY8R7nr3e8P+V/0U kdatwjgl3SJNbexXeZ4MyWyxX7XVsIKITojqhTjNkk75jcMERuGc2QbO1ZJFhn3A Ac+v0Kkxc11/78QkaHQDPE1GN8lDjramPHPeHMnUqI8wftIxYIcppcZhmFCCU5t8 S8Z8WI7SakV6mJkUzqUQnYP9Hc0/t5L7s0wifICVDxmdsx0ule0CNc2QPuaDrEuc wjIXCW0Sx+1i4UoK6SRK+cmvONBai5nPwsWMlGtbOZdBNz9CjHquiGRknw8vSsq3 +wnZM5CbFxP/8tbSpO1Ui/1TfAcNSycS7W4funXl38Ho7esyDoE= =YJFR -----END PGP SIGNATURE----- --9amGYk9869ThD9tj-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 00:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.14979197759656 (code B ref -1); Tue, 20 Jun 2017 00:50:01 +0000 Received: (at submit) by debbugs.gnu.org; 20 Jun 2017 00:49:35 +0000 Received: from localhost ([127.0.0.1]:56757 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN7MN-0002Vf-4B for submit@debbugs.gnu.org; Mon, 19 Jun 2017 20:49:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:51688) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN7MK-0002VQ-V1 for submit@debbugs.gnu.org; Mon, 19 Jun 2017 20:49:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN7ME-00022Z-PC for submit@debbugs.gnu.org; Mon, 19 Jun 2017 20:49:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:56161) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN7ME-00022U-LQ for submit@debbugs.gnu.org; Mon, 19 Jun 2017 20:49:26 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42658) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN7MD-0004s8-Iv for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN7MA-00021G-Eq for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:25 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:42569) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN7MA-000218-AN for bug-guix@gnu.org; Mon, 19 Jun 2017 20:49:22 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id D751F20B31; Mon, 19 Jun 2017 20:49:21 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 19 Jun 2017 20:49:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=WAhxLfpDaEUlOdwSgpsH7libmeCTu9Hw0zBTTT qS1RE=; b=GjMtd5cqd0jS8SjhW4ceR1wi79mpTFVJra90PtoleTlNT/UVULu0Nf fhhlc4IURx0H681Il/oBx062n3WnIutuy26DgHedlriZ8qEO7slh6ZIX0OC/rctD ZjiuIV1M+bd3pjSAWE4Xnm3/0x9PdFOQ/tHSrXqk2sY3Nm4fWZg3g= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=WAhxLfpDaEUlOdwSgp sH7libmeCTu9Hw0zBTTTqS1RE=; b=UdGt3IX26CID3jQBkJ5beqxLGQgrTb1SkO /QVo75cKZx8dUgtAAoXyIlRURBL1XpBspnb11YXzRP+TuFWP3xmI/EEMP2Vmkxzy k2qekeOMW8AKQlH14TkhJrU0HI6aCeF3mACoOuyfnt0dSxjzEPAdqZ7K0Tqfogn1 HfQP+B7MsL/392dsPpewwKPXGjaLQUyKMWW/glDJ5MiGOBZoru65SYMJjPd0hA7n OZjfEg6WhRsScnFnuTJP+LxmHd4UpeII1P1r42UokNJCkjKiYp8AZR9kre5ISt7x DI+xc/IAv9badr+ph3Bt4IWlzWI5pubZO5r15lwzMLMlNOckPvoA== X-ME-Sender: X-Sasl-enc: WzCB6LkwoSaoYXe4eX+qE5JbgH2l0RVQcW7EPCUTKsfu 1497919761 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id A1955249CC for ; Mon, 19 Jun 2017 20:49:21 -0400 (EDT) Date: Mon, 19 Jun 2017 20:49:20 -0400 From: Leo Famulari Message-ID: <20170620004920.GB31586@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="z6Eq5LdranGa6ru8" Content-Disposition: inline In-Reply-To: <20170619222550.GA29289@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.4 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --z6Eq5LdranGa6ru8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On the glibc bugs (CVE-2016-1000366), civodul said: [21:02:26] lfam: i *think* GuixSD is immune to the LD_LIBRARY_PATH one, FWIW [...] [21:02:43] lfam: because of the way is_trusted_path works in glibc https://gnunet.org/bot/log/guix/2017-06-19#T1422600 Relevant upstream commits: CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 programs [BZ #21624] https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d ld.so: Reject overly long LD_PRELOAD path elements https://sourceware.org/git/?p=glibc.git;a=commit;h=6d0ba622891bed9d8394eef1935add53003b12e8 ld.so: Reject overly long LD_AUDIT path elements: https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9 --z6Eq5LdranGa6ru8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIcRAACgkQJkb6MLrK fwgONg/+OnFiZM44mhmrP18ZFHlG25wwkyrOsCg4idsUlqiNDH1dJdthO1GUO+gh 1AeSs+sqgbZNo6MF4zw0Etn3XDPWzMmRcg+RmKezCSWcFcWa6/GKR2sugKJaHRXS 2uWcfPMq+56clhp39tYmUwIb53reF8diZbzXs/BSOWAQ+9G+pTbHk36lX3DBTSH0 lx+PT4BXl0HdpcrerVjthvqbolOqOjFP50pbdC9/IJqkLXWTb5i0jTDmhamr+WvM bm/MAch7c1RHJJwBFFcWjeet1lH0gGUlzrgFdHiwMBRjGNv3EYvXabbTBp0KgnHS hm+XGBpVOzKw1QavuotKOntCqZo9xaB7ME01GCf7iKBucnBLSsWsIX9E4Z7MY5r2 5ZO8PTR2XYnWgWz2MP4r/GSYpkDRM66MCGp0AA5uwJYo/2xTObAVgnDnB7cLOTf5 PNhi+CaQzWyIkEIeOukQUhqm8IPAE5GJbzO9bDgwNJXny9q44PwySmOBFsK9xfjR uBrXF2OAD8FNTmUoQgS6mmSuMU+WwD+2ad8hG0atPOst01mwe8AdZU8ozoAEEWsi 8xKG8aU9QRfAiNHdWjXRThtgtuK8rtOvLPLFcu5173iUhZG00Rwcy31ubXrU04Kn xuSrKaCHzHQz2OsQbPZag6U3Pbhg4aUiIeeuT6LUxr5u1fFpdTk= =L8BO -----END PGP SIGNATURE----- --z6Eq5LdranGa6ru8-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 03:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14979295195508 (code B ref 27429); Tue, 20 Jun 2017 03:32:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jun 2017 03:31:59 +0000 Received: from localhost ([127.0.0.1]:56841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN9tX-0001Qm-2A for submit@debbugs.gnu.org; Mon, 19 Jun 2017 23:31:59 -0400 Received: from world.peace.net ([50.252.239.5]:43804) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN9tU-0001QY-Qu for 27429@debbugs.gnu.org; Mon, 19 Jun 2017 23:31:57 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dN9tO-0004w6-NZ; Mon, 19 Jun 2017 23:31:50 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> Date: Mon, 19 Jun 2017 23:31:38 -0400 In-Reply-To: <20170619222550.GA29289@jasmine.lan> (Leo Famulari's message of "Mon, 19 Jun 2017 18:25:50 -0400") Message-ID: <87efuf8hd1.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > This is a place to discuss the "stack crash" bugs as they apply to our > packages. > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt I pushed commit 91c623aae0f10992aa46957b9072679534e4cd28 which adds a kernel-side mitigation in the form of a larger stack guard gap (1 MiB) to linux-libre-4.11, 4.9, and 4.4. 4.1 is still vulnerable. So far I've been unable to find a backported patch for that kernel. Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 07:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149794315725995 (code B ref 27429); Tue, 20 Jun 2017 07:20:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jun 2017 07:19:17 +0000 Received: from localhost ([127.0.0.1]:56904 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNDRO-0006l6-Ds for submit@debbugs.gnu.org; Tue, 20 Jun 2017 03:19:17 -0400 Received: from flashner.co.il ([178.62.234.194]:52253) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNDRJ-0006kY-Uw for 27429@debbugs.gnu.org; Tue, 20 Jun 2017 03:19:09 -0400 Received: from localhost (85.64.232.168.dynamic.barak-online.net [85.64.232.168]) by flashner.co.il (Postfix) with ESMTPSA id E8D014002A; Tue, 20 Jun 2017 07:18:59 +0000 (UTC) Date: Tue, 20 Jun 2017 10:18:57 +0300 From: Efraim Flashner Message-ID: <20170620071857.GA2768@macbook42.flashner.co.il> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="mojUlQ0s9EVzWg2t" Content-Disposition: inline In-Reply-To: <20170620004920.GB31586@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --mojUlQ0s9EVzWg2t Content-Type: multipart/mixed; boundary="RnlQjJ0d97Da+TV1" Content-Disposition: inline --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 19, 2017 at 08:49:20PM -0400, Leo Famulari wrote: > On the glibc bugs (CVE-2016-1000366), civodul said: >=20 > [21:02:26] lfam: i *think* GuixSD is immune to the LD_LIBRARY_P= ATH one, FWIW > [...] > [21:02:43] lfam: because of the way is_trusted_path works in gl= ibc >=20 > https://gnunet.org/bot/log/guix/2017-06-19#T1422600 >=20 > Relevant upstream commits: >=20 > CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=3D1 programs [BZ #= 21624] > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3Df6110a8fee2ca36f= 8e2d2abecf3cba9fa7b8ea7d >=20 > ld.so: Reject overly long LD_PRELOAD path elements > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D6d0ba622891bed9d= 8394eef1935add53003b12e8 >=20 > ld.so: Reject overly long LD_AUDIT path elements: > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D81b82fb966ffbd94= 353f793ad17116c6088dedd9 I don't know if this is true or not, but I have a patch here locally that seems to work against the CVE. I haven't downloaded the other patches and added them, but with all the '(replacement #f)''s in place it should just work to add them in to the glibc packages we have. I'll wait and see before pushing the patch. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --RnlQjJ0d97Da+TV1 Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-glibc-Patch-CVE-2017-1000366.patch" Content-Transfer-Encoding: quoted-printable =46rom 2a83d2a8265314af3d8b16f86187897223567d6e Mon Sep 17 00:00:00 2001 =46rom: Efraim Flashner Date: Mon, 19 Jun 2017 23:13:53 +0300 Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. * gnu/packages/base.scm (glibc)[replacement]: New field. (glibc-2.25-fixed): New variable. (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patch. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, cross-gcc-wrapper, glibc-final)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. --- gnu/local.mk | 1 + gnu/packages/base.scm | 39 +++++++++++++++++++= ---- gnu/packages/commencement.scm | 4 +++ gnu/packages/patches/glibc-CVE-2017-1000366.patch | 33 +++++++++++++++++++ 4 files changed, 71 insertions(+), 6 deletions(-) create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch diff --git a/gnu/local.mk b/gnu/local.mk index ae4a59af0..6b598335b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -632,6 +632,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index d135a18bf..fe066edcd 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright =C2=A9 2014, 2015, 2016 Mark H Weaver ;;; Copyright =C2=A9 2014 Alex Kost ;;; Copyright =C2=A9 2014, 2015 Manolis Fragkiskos Ragkousis -;;; Copyright =C2=A9 2016 Efraim Flashner +;;; Copyright =C2=A9 2016, 2017 Efraim Flashner ;;; Copyright =C2=A9 2016 Jan Nieuwenhuizen ;;; Copyright =C2=A9 2017 Marius Bakke ;;; @@ -558,6 +558,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc-2.25-patched) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -904,34 +905,56 @@ GLIBC/HURD for a Hurd host" ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) =20 +(define glibc-2.25-patched + (package + (inherit glibc) + (replacement #f) + (source (origin + (inherit (package-source glibc)) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) + (define-public glibc-2.24 (package (inherit glibc) (version "2.24") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))))= )) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) =20 (define-public glibc-2.23 (package (inherit glibc) (version "2.23") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))))= )) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch")))))) =20 (define-public glibc-2.22 (package (inherit glibc) (version "2.22") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -939,7 +962,8 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) @@ -948,7 +972,8 @@ GLIBC/HURD for a Hurd host" (lambda _ ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21 (substitute* "configure" - (("/bin/pwd") "pwd")))))))))) + (("/bin/pwd") "pwd")) + #t)))))))) =20 (define-public glibc-2.21 (package @@ -961,12 +986,14 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")) - (patches (search-patches "glibc-ldd-x86_64.patch")))))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch")))))) =20 (define-public glibc-locales (package (inherit glibc) (name "glibc-locales") + (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc))= )))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 1b41feac1..42892bbe8 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -3,6 +3,7 @@ ;;; Copyright =C2=A9 2014 Andreas Enge ;;; Copyright =C2=A9 2012 Nikita Karetnikov ;;; Copyright =C2=A9 2014, 2015 Mark H Weaver +;;; Copyright =C2=A9 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -469,6 +470,7 @@ the bootstrap environment." (package-with-bootstrap-guile (package (inherit glibc) (name "glibc-intermediate") + (replacement #f) (arguments `(#:guile ,%bootstrap-guile #:implicit-inputs? #f @@ -540,6 +542,7 @@ the bootstrap environment." that makes it available under the native tool names." (package (inherit gcc) (name (string-append (package-name gcc) "-wrapped")) + (replacement #f) (source #f) (build-system trivial-build-system) (outputs '("out")) @@ -642,6 +645,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~= a \"$@\"~%" ;; The final glibc, which embeds the statically-linked Bash built above. (package (inherit glibc-final-with-bootstrap-bash) (name "glibc") + (replacement #f) (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete "static-bash" diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/packag= es/patches/glibc-CVE-2017-1000366.patch new file mode 100644 index 000000000..106e81d91 --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch @@ -0,0 +1,33 @@ +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 17:09:55 +0200 +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=3D1 + programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=3D1 programs. +--- + ChangeLog | 7 +++++++ + elf/rtld.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) +=20 + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) + { + library_path =3D &envline[13]; + break; +--=20 +2.9.3 + --=20 2.13.1 --RnlQjJ0d97Da+TV1-- --mojUlQ0s9EVzWg2t Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAllIzGEACgkQQarn3Mo9 g1FzuxAAvRG+ui8M9sxPboaKvsTsgEvulQeZD3+c9un+7v3erEktS9tAw7U4Ka7D DJLZPfHf8GjjaJXWvI2cHbUGBpcUQLUCr+gIndc1ZMCFwdrulf+gLgByH7DK1bAI ArJrNv0mlkDxOa+WZlYBzfmEdYmACmw9gE99cugOb0bfkoHPk68DkqFzakV0a0EO x+xsEgvw4P2Oi3Mp4E4UejEjow/0gQ3fNj+103aV8js1lZ8tgWobqlndK6TXuQ8z 2zQYlTSoyogezL0HAA8cOFH/8q7x3luoziGlZyWKNh1WMgIZKonj0K4Jj8fhBFcw ScuFEQQ8A6bXldIaCynVCw7v+KhtJVtFznPruID+ws3sLNXn6WCAgoMQuahqSYEl h2v702feebC+/PYTGcPXdmEryx+GJ1wIsW/GQZBvD+PplGXuDBfhWrO2CLEGUTih /GO5HzpQZm7/t7zNmHPL37jwbccfWLuKRh6Mw9CRFugb60UfMURAMAQYUt2tg+fd PuSlc2FpYYU2ipneiWas1vrqAyX9HLTFDFDJhISuB7AwFQlkftb/FV4mpt2fegDH PJMeF+38zW4bNXGkKeSL6n7Fs7kOUa2Q9Hyi5TE7t08BhF6ZTb5rnF8kKx51rtrJ Lb5SrSW+8rpi+s8Fn3MDTjAEnrMtNfzOxFrVFwB8RzJs4PvHg9c= =k91r -----END PGP SIGNATURE----- --mojUlQ0s9EVzWg2t-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 13:17:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149796459031961 (code B ref 27429); Tue, 20 Jun 2017 13:17:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jun 2017 13:16:30 +0000 Received: from localhost ([127.0.0.1]:56997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJ1C-0008JQ-46 for submit@debbugs.gnu.org; Tue, 20 Jun 2017 09:16:30 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:58325) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNJ16-0008JE-77 for 27429@debbugs.gnu.org; Tue, 20 Jun 2017 09:16:28 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 7AAFA209CD; Tue, 20 Jun 2017 09:16:23 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Tue, 20 Jun 2017 09:16:23 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=EqyAiwYeVnKCt29yJ90wz3R+zibTHa7zdjN7/U vMScA=; b=reysnAZgXm3HuJpX7ZJadKcfREtRz1CqE2IX8gMrPQfillTCjrhuLT dShr9xTlA4oGVQgUfKuftWPEh5maYKUsj/by8GClShnZXpV06jPONPF1nBUWnG+h YetJehy6j77TyKIAYb+xkwajb2YDttuGjc86NGzarGovEPh5iJlyc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=EqyAiwYeVnKCt29yJ9 0wz3R+zibTHa7zdjN7/UvMScA=; b=WtdkxU00ww2DPt/9YqZoUuwvoyHfSSVoP2 xcavSCrhhFZbCEQiiNyQ1V2Yf7dFISNCbYzPUtb/bf2Ahp2yt84txZjYmd5+hI9F zQxoSSLIC+Ye3xKJkqSaRm9etcyshgufRuVCi2hhyPRYk1tZszX3uarVRshqfF6A w5MrAbpsJRlz9vVgIqyOyYWv+BITyS2CXAGRajbC8OnYrd/vMLWzhGA/3EPNWGwW p+y9UOwUPauhz7KYHH2OT4lXH94Bfzr6TnEL3X7sJye52SkgLAErppGxlYj6zX34 3/y40kpZLSacJush7vSu74z27K2EEu+cpwjVKgJanPIpWS/OLk7A== X-ME-Sender: X-Sasl-enc: 3xErcp32QLStPC5Du69U648Hbv9GJmce7+cA2atI0on1 1497964583 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 3A624246E7; Tue, 20 Jun 2017 09:16:23 -0400 (EDT) Date: Tue, 20 Jun 2017 09:16:21 -0400 From: Leo Famulari Message-ID: <20170620131621.GA25394@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4Ckj6UjgE2iN1+kY" Content-Disposition: inline In-Reply-To: <20170620071857.GA2768@macbook42.flashner.co.il> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --4Ckj6UjgE2iN1+kY Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 20, 2017 at 10:18:57AM +0300, Efraim Flashner wrote: > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. >=20 > * gnu/packages/base.scm (glibc)[replacement]: New field. > (glibc-2.25-fixed): New variable. > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patch. > [replacement]: New field. > (glibc-locales)[replacement]: New field. > * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, > cross-gcc-wrapper, glibc-final)[replacement]: New field. > * gnu/packages/patches/glibc-CVE-2017-1000366.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. I'm not sure which glibc packages should be grafted and which should not. But this patch doesn't seem to have an effect for me. With the patch applied: $ ./pre-inst-env guix build glibc /gnu/store/d13m5axwk9vra6r50rq5wlmvi4vmlfcf-glibc-2.25-debug /gnu/store/yk29yl8088c8qbj2259mf3879r107dsa-glibc-2.25 $ guix gc --references $(./pre-inst-env guix build gnupg) /gnu/store/3qz6h4fgjn7n0p6vhqbk0lpv6pil0gr7-pcsc-lite-1.8.22 /gnu/store/5c9hjca0fjn0wq0ycx3b1zzza1ra6crq-npth-1.4 /gnu/store/a8p0j9m2i9jh8pczv2rp4bvmidi026d1-libassuan-2.4.3 /gnu/store/dcc4b6r7npjmhdsah1g6nw1j9wdy635y-sqlite-3.17.0 /gnu/store/dhc2iy059hi91fk55dcv79z09kp6500y-gcc-5.4.0-lib /gnu/store/g5iwy1hp055y3aipasfxnh7dfnigzi82-gnupg-2.1.21 /gnu/store/hag795ji8p9vqikwp8cibfibpsa39s3n-libgcrypt-1.7.6 /gnu/store/j92kxc1l8h879cc4ss1gbhsq73ddnbsg-libgpg-error-1.26 /gnu/store/jsflzpi7pnc7m5p7cln8bjcma4lsi6hd-gnutls-3.5.D /gnu/store/jwkcd7siv6fcyl0qsg607bg9c8ap0gqr-zlib-1.2.11 /gnu/store/k7029k5va68lkapbzcycdzj7m5bjb4b8-bash-4.4.12 /gnu/store/rmjlycdgiq8pfy5hfi42qhw3k7p6kdav-glibc-2.25 /gnu/store/sjm2c0dymn3mjl7g0jqbjdbibnqh0iaw-readline-7.0 /gnu/store/xa7q8aspczcmvh0hqyy790mwzgwmfwr3-openldap-2.4.44 /gnu/store/z0xz1z70rwp273chi1gyb9cxzblylzba-libksba-1.3.5 The grafted glibc doesn't appear to be referenced. --4Ckj6UjgE2iN1+kY Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllJICIACgkQJkb6MLrK fwhH9RAA8GVjmrUCHcQ4MAcHR9o2oEnyT2bisp34vcuVFKNmHDe1xK1AKeQt3UXj C31vy8+dtAEB4W6PyW5JzHt5LZ1K7lfc64BaIv2Q3Y3KBbToq/JfiozKvsd5LO8R HYLI6/yeRfuVijNYqDZ+nAqb3kBZECajTOyFMm+wDtGQ5SzxjwShZqtUDeTOxywc 386HY30OyR3xgD7QAvJOXHYlwlb2tKo/XLrlq9GTwkkiRwxs5/KDNcr7+YRQrmWJ enB3dIMaPrwgtEFxPR2NEG936C0tw6DjS5ABq6iapbWlXemwnXSy9VAL9AXXnK5k 5IAaHY3D/CcYl8qkzaEOTg+rN2Djemk89mZqy3mZ7FqNB/90kEAIBSP22V0ru0cL 2XdKlJbCQUyLze5FH4XaNgc3yOsohhZ39QDQHrYY9HZ//RnGT0diSRqj6uRRg/PJ uazzuYRL1jHU0irujiNRAbdKLyKvOh9EdAFjzNc5H/rSe0V8RWTvhi+q7Cd4bcgh 4rbjk+4efJVmHVBb9cuDogY8Ci2c2MK2Wr3mrMgNWLwGLRw8PwqAJ8RySBDW0mN4 7K0p7xotoPPtszPlJGxSTIKUDnDZbevhVXYRfL287VyFPF3lVgsN8tb/73GFqCJq 8WfNoF6Xp4X/WVWdRDvEU92JKT1ELGFGf2gaHVDWy0mUHyKurls= =bN6H -----END PGP SIGNATURE----- --4Ckj6UjgE2iN1+kY-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 20 Jun 2017 21:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner Cc: 27429@debbugs.gnu.org, Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149799511313910 (code B ref 27429); Tue, 20 Jun 2017 21:46:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jun 2017 21:45:13 +0000 Received: from localhost ([127.0.0.1]:58564 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNQxQ-0003cE-Vr for submit@debbugs.gnu.org; Tue, 20 Jun 2017 17:45:13 -0400 Received: from world.peace.net ([50.252.239.5]:41648) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNQxM-0003bQ-42 for 27429@debbugs.gnu.org; Tue, 20 Jun 2017 17:45:08 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dNQn9-0005he-UP; Tue, 20 Jun 2017 17:34:32 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> Date: Tue, 20 Jun 2017 17:44:42 -0400 In-Reply-To: <20170620071857.GA2768@macbook42.flashner.co.il> (Efraim Flashner's message of "Tue, 20 Jun 2017 10:18:57 +0300") Message-ID: <87shiumj05.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Hi Efraim, Thanks so much for working on this! Grafting glibc is something we haven't done before to my knowledge, and it is a bit tricky because of all of the inherited versions of glibc. At present, those inherited versions are not expressed in such a way to make grafting work. One important tool is the 'package/inherit' macro, which I added to (guix packages) in early May to facilitate another graft. In order to graft 'glibc' properly, we'll first need to use 'package/inherit' in a couple of places, I think. Efraim Flashner writes: > From 2a83d2a8265314af3d8b16f86187897223567d6e Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Mon, 19 Jun 2017 23:13:53 +0300 > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. > > * gnu/packages/base.scm (glibc)[replacement]: New field. Please write (glibc/linux) instead of (glibc) above, since that's the variable whose definition is being changed. See below for more comments. > (glibc-2.25-fixed): New variable. > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patch. > [replacement]: New field. > (glibc-locales)[replacement]: New field. > * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, > cross-gcc-wrapper, glibc-final)[replacement]: New field. > * gnu/packages/patches/glibc-CVE-2017-1000366.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > --- > gnu/local.mk | 1 + > gnu/packages/base.scm | 39 +++++++++++++++++= ++---- > gnu/packages/commencement.scm | 4 +++ > gnu/packages/patches/glibc-CVE-2017-1000366.patch | 33 +++++++++++++++++= ++ > 4 files changed, 71 insertions(+), 6 deletions(-) > create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch > > diff --git a/gnu/local.mk b/gnu/local.mk > index ae4a59af0..6b598335b 100644 > --- a/gnu/local.mk > +++ b/gnu/local.mk > @@ -632,6 +632,7 @@ dist_patch_DATA =3D \ > %D%/packages/patches/ghostscript-runpath.patch \ > %D%/packages/patches/glib-networking-ssl-cert-file.patch \ > %D%/packages/patches/glib-tests-timer.patch \ > + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ > %D%/packages/patches/glibc-bootstrap-system.patch \ > %D%/packages/patches/glibc-ldd-x86_64.patch \ > %D%/packages/patches/glibc-locales.patch \ Your changes to (gnu packages base) look good to me, so I've omitted them. In particular, you are right to add (replacement #f) in the places where you've done so. > diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm > index 1b41feac1..42892bbe8 100644 > --- a/gnu/packages/commencement.scm > +++ b/gnu/packages/commencement.scm > @@ -3,6 +3,7 @@ > ;;; Copyright =C2=A9 2014 Andreas Enge > ;;; Copyright =C2=A9 2012 Nikita Karetnikov > ;;; Copyright =C2=A9 2014, 2015 Mark H Weaver > +;;; Copyright =C2=A9 2017 Efraim Flashner > ;;; > ;;; This file is part of GNU Guix. > ;;; > @@ -469,6 +470,7 @@ the bootstrap environment." > (package-with-bootstrap-guile > (package (inherit glibc) > (name "glibc-intermediate") > + (replacement #f) > (arguments > `(#:guile ,%bootstrap-guile > #:implicit-inputs? #f > @@ -540,6 +542,7 @@ the bootstrap environment." > that makes it available under the native tool names." > (package (inherit gcc) > (name (string-append (package-name gcc) "-wrapped")) > + (replacement #f) > (source #f) > (build-system trivial-build-system) > (outputs '("out")) > @@ -642,6 +645,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a= /~a \"$@\"~%" > ;; The final glibc, which embeds the statically-linked Bash built abov= e. > (package (inherit glibc-final-with-bootstrap-bash) > (name "glibc") > + (replacement #f) > (inputs `(("static-bash" ,static-bash-for-glibc) > ,@(alist-delete > "static-bash" The problem here is that almost all of the software in Guix is linked against glibc-final, and you've suppressed the replacement for it. This is where the 'package/inherit' macro becomes useful. I think we need to enable grafting for both 'glibc-final-with-bootstrap-bash' and 'glibc-final', by replacing (package (inherit GLIBC-FOO) ...) with: (package/inherit GLIBC-FOO ...) and remove the (replacement #f) override from those two packages, because 'package/inherit' will implicitly override 'replacement' as appropriate. Would you like to try this? > diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/pack= ages/patches/glibc-CVE-2017-1000366.patch > new file mode 100644 > index 000000000..106e81d91 > --- /dev/null > +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch > @@ -0,0 +1,33 @@ > +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 > +From: Florian Weimer > +Date: Mon, 19 Jun 2017 17:09:55 +0200 > +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE= =3D1 > + programs [BZ #21624] > + > +LD_LIBRARY_PATH can only be used to reorder system search paths, which > +is not useful functionality. > + > +This makes an exploitable unbounded alloca in _dl_init_paths unreachable > +for AT_SECURE=3D1 programs. > +--- > + ChangeLog | 7 +++++++ > + elf/rtld.c | 3 ++- > + 2 files changed, 9 insertions(+), 1 deletion(-) > + > +diff --git a/elf/rtld.c b/elf/rtld.c > +index 2446a87..2269dbe 100644 > +--- a/elf/rtld.c > ++++ b/elf/rtld.c > +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) > +=20 > + case 12: > + /* The library search path. */ > +- if (memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) > ++ if (!__libc_enable_secure > ++ && memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) > + { > + library_path =3D &envline[13]; > + break; > +--=20 > +2.9.3 > + What about the other two patches? Namely, quoting Leo: > ld.so: Reject overly long LD_PRELOAD path elements > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D6d0ba622891bed9d= 8394eef1935add53003b12e8 >=20 > ld.so: Reject overly long LD_AUDIT path elements: > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D81b82fb966ffbd94= 353f793ad17116c6088dedd9 One more thing: since this grafting of 'glibc' is unprecedented and has the potential for breakage, I think it should be tested as follows: someone running GuixSD should reconfigure their entire system using the grafted 'glibc', and they should boot into it to make sure nothing obvious is broken, before we commit. Also, we should check the references and make sure that the fixed glibc is actually being used. Thank you! Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 21 Jun 2017 08:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149803451527830 (code B ref 27429); Wed, 21 Jun 2017 08:42:02 +0000 Received: (at 27429) by debbugs.gnu.org; 21 Jun 2017 08:41:55 +0000 Received: from localhost ([127.0.0.1]:58843 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNbCu-0007Eh-8S for submit@debbugs.gnu.org; Wed, 21 Jun 2017 04:41:54 -0400 Received: from flashner.co.il ([178.62.234.194]:41203) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNbCo-0007EO-QH for 27429@debbugs.gnu.org; Wed, 21 Jun 2017 04:41:46 -0400 Received: from localhost (85.64.232.168.dynamic.barak-online.net [85.64.232.168]) by flashner.co.il (Postfix) with ESMTPSA id 8129440068; Wed, 21 Jun 2017 08:41:36 +0000 (UTC) Date: Wed, 21 Jun 2017 11:41:34 +0300 From: Efraim Flashner Message-ID: <20170621084134.GA2870@macbook42.flashner.co.il> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Y7xTucakfITjPcLV" Content-Disposition: inline In-Reply-To: <87shiumj05.fsf@netris.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --Y7xTucakfITjPcLV Content-Type: multipart/mixed; boundary="ibTvN161/egqYuK8" Content-Disposition: inline --ibTvN161/egqYuK8 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jun 20, 2017 at 05:44:42PM -0400, Mark H Weaver wrote: > Hi Efraim, >=20 > Thanks so much for working on this! >=20 > Grafting glibc is something we haven't done before to my knowledge, and > it is a bit tricky because of all of the inherited versions of glibc. > At present, those inherited versions are not expressed in such a way to > make grafting work. >=20 > One important tool is the 'package/inherit' macro, which I added to > (guix packages) in early May to facilitate another graft. In order to > graft 'glibc' properly, we'll first need to use 'package/inherit' in a > couple of places, I think. >=20 I like your optimism :) > Efraim Flashner writes: >=20 > > From 2a83d2a8265314af3d8b16f86187897223567d6e Mon Sep 17 00:00:00 2001 > > From: Efraim Flashner > > Date: Mon, 19 Jun 2017 23:13:53 +0300 > > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. > > > > * gnu/packages/base.scm (glibc)[replacement]: New field. >=20 > Please write (glibc/linux) instead of (glibc) above, since that's the > variable whose definition is being changed. noted >=20 > See below for more comments. >=20 > > (glibc-2.25-fixed): New variable. > > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patch. > > [replacement]: New field. > > (glibc-locales)[replacement]: New field. > > * gnu/packages/commencement.scm (glibc-final-with-bootstrap-bash, > > cross-gcc-wrapper, glibc-final)[replacement]: New field. > > * gnu/packages/patches/glibc-CVE-2017-1000366.patch: New file. > > * gnu/local.mk (dist_patch_DATA): Add it. > > --- > > gnu/local.mk | 1 + > > gnu/packages/base.scm | 39 +++++++++++++++= ++++---- > > gnu/packages/commencement.scm | 4 +++ > > gnu/packages/patches/glibc-CVE-2017-1000366.patch | 33 +++++++++++++++= ++++ > > 4 files changed, 71 insertions(+), 6 deletions(-) > > create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch > > > > diff --git a/gnu/local.mk b/gnu/local.mk > > index ae4a59af0..6b598335b 100644 > > --- a/gnu/local.mk > > +++ b/gnu/local.mk > > @@ -632,6 +632,7 @@ dist_patch_DATA =3D \ > > %D%/packages/patches/ghostscript-runpath.patch \ > > %D%/packages/patches/glib-networking-ssl-cert-file.patch \ > > %D%/packages/patches/glib-tests-timer.patch \ > > + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ > > %D%/packages/patches/glibc-bootstrap-system.patch \ > > %D%/packages/patches/glibc-ldd-x86_64.patch \ > > %D%/packages/patches/glibc-locales.patch \ >=20 > Your changes to (gnu packages base) look good to me, so I've omitted > them. In particular, you are right to add (replacement #f) in the > places where you've done so. >=20 > > diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.= scm > > index 1b41feac1..42892bbe8 100644 > > --- a/gnu/packages/commencement.scm > > +++ b/gnu/packages/commencement.scm > > @@ -3,6 +3,7 @@ > > ;;; Copyright =C2=A9 2014 Andreas Enge > > ;;; Copyright =C2=A9 2012 Nikita Karetnikov > > ;;; Copyright =C2=A9 2014, 2015 Mark H Weaver > > +;;; Copyright =C2=A9 2017 Efraim Flashner > > ;;; > > ;;; This file is part of GNU Guix. > > ;;; > > @@ -469,6 +470,7 @@ the bootstrap environment." > > (package-with-bootstrap-guile > > (package (inherit glibc) > > (name "glibc-intermediate") > > + (replacement #f) > > (arguments > > `(#:guile ,%bootstrap-guile > > #:implicit-inputs? #f > > @@ -540,6 +542,7 @@ the bootstrap environment." > > that makes it available under the native tool names." > > (package (inherit gcc) > > (name (string-append (package-name gcc) "-wrapped")) > > + (replacement #f) > > (source #f) > > (build-system trivial-build-system) > > (outputs '("out")) > > @@ -642,6 +645,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,= ~a/~a \"$@\"~%" > > ;; The final glibc, which embeds the statically-linked Bash built ab= ove. > > (package (inherit glibc-final-with-bootstrap-bash) > > (name "glibc") > > + (replacement #f) > > (inputs `(("static-bash" ,static-bash-for-glibc) > > ,@(alist-delete > > "static-bash" >=20 > The problem here is that almost all of the software in Guix is linked > against glibc-final, and you've suppressed the replacement for it. This > is where the 'package/inherit' macro becomes useful. >=20 > I think we need to enable grafting for both > 'glibc-final-with-bootstrap-bash' and 'glibc-final', by replacing >=20 > (package (inherit GLIBC-FOO) > ...) >=20 > with: >=20 > (package/inherit GLIBC-FOO > ...) >=20 > and remove the (replacement #f) override from those two packages, > because 'package/inherit' will implicitly override 'replacement' as > appropriate. >=20 > Would you like to try this? I haven't looked closely at this part of the code yet so its like magic to me still. >=20 > > diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/pa= ckages/patches/glibc-CVE-2017-1000366.patch > > new file mode 100644 > > index 000000000..106e81d91 > > --- /dev/null > > +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch > > @@ -0,0 +1,33 @@ > > +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 > > +From: Florian Weimer > > +Date: Mon, 19 Jun 2017 17:09:55 +0200 > > +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECUR= E=3D1 > > + programs [BZ #21624] > > + > > +LD_LIBRARY_PATH can only be used to reorder system search paths, which > > +is not useful functionality. > > + > > +This makes an exploitable unbounded alloca in _dl_init_paths unreachab= le > > +for AT_SECURE=3D1 programs. > > +--- > > + ChangeLog | 7 +++++++ > > + elf/rtld.c | 3 ++- > > + 2 files changed, 9 insertions(+), 1 deletion(-) > > + > > +diff --git a/elf/rtld.c b/elf/rtld.c > > +index 2446a87..2269dbe 100644 > > +--- a/elf/rtld.c > > ++++ b/elf/rtld.c > > +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) > > +=20 > > + case 12: > > + /* The library search path. */ > > +- if (memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) > > ++ if (!__libc_enable_secure > > ++ && memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) > > + { > > + library_path =3D &envline[13]; > > + break; > > +--=20 > > +2.9.3 > > + >=20 > What about the other two patches? Namely, quoting Leo: >=20 > > ld.so: Reject overly long LD_PRELOAD path elements > > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D6d0ba622891bed= 9d8394eef1935add53003b12e8 > >=20 > > ld.so: Reject overly long LD_AUDIT path elements: > > https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D81b82fb966ffbd= 94353f793ad17116c6088dedd9 now added >=20 > One more thing: since this grafting of 'glibc' is unprecedented and has > the potential for breakage, I think it should be tested as follows: > someone running GuixSD should reconfigure their entire system using the > grafted 'glibc', and they should boot into it to make sure nothing > obvious is broken, before we commit. >=20 > Also, we should check the references and make sure that the fixed glibc > is actually being used. >=20 > Thank you! >=20 > Mark After making the changes I built glibc, by which I mean I built at least gettext-boot0, glibc-final, perl, glibc, expat, and probably a bit more. On my 10 year old laptop it took about 2 hours. @ build-succeeded /gnu/store/974hryqa5fprrymyjkmcfrzn3qmv0dgq-glibc-2.25.dr= v - /gnu/store/kczijfli8cb0qjyrfzbrd06bdrpic7lx-glibc-2.25-debug /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25 real 125m16.297s user 0m32.896s sys 0m3.840s efraim@macbook42:~/workspace/guix$ guix gc --references /gnu/store/7gqx6nd6= 4hn9wdqmppp8h42ncfx246c0-glibc-2.25/ /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25 /gnu/store/946hwcxnd9w13gyqprs0fzkmyyz4hdar-bash-static-4.4.12 /gnu/store/n4fmp3fj1yam5ijwa64irg7glvzsq4i1-bash-4.4.12 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25o This doubling of glibc, bash and bash-static is the same as I got from 'guix gc --references $(./pre-inst-env guix build glibc)' on another machine efraim@macbook42:~/workspace/guix$ guix gc --references /gnu/store/zfcrz72z= nwk4arq03vbbczxgw5i7lsp9-glibc-2.25/ /gnu/store/02426nwiy32cscm4h83729vn5ws1gs2i-bash-static-4.4.12 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 efraim@macbook42:~/workspace/guix$ ./pre-inst-env guix build --fallback -e = '(@@ (gnu packages commencement) glibc-final)' ;;; note: source file /home/efraim/workspace/guix/gnu/packages/commencement= =2Escm ;;; newer than compiled /home/efraim/workspace/guix/gnu/packages/comm= encement.go ;;; note: source file /home/efraim/workspace/guix/gnu/packages/base.scm ;;; newer than compiled /home/efraim/workspace/guix/gnu/packages/base= =2Ego /gnu/store/kbp13s4y4mbzww7vvld33di28im94xfi-glibc-2.25-debug /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 efraim@macbook42:~/workspace/guix$ ./pre-inst-env guix build --fallback pyt= hon =2E..snip... grafting '/gnu/store/3aw9x28la9nh8fzkm665d7fywxzbl15j-python-3.5.3' -> '/gn= u/store/66bdsmrgxjgr76f192fsqklzj76g33pf-python-3.5.3'... grafting '/gnu/store/9bv7jbk734bsk5zacq23wzp60xz06xs6-python-3.5.3-tk' -> '= /gnu/store/7hgx1fw4kyc41c5dj963z2d1nsmdli6z-python-3.5.3-tk'... @ build-succeeded /gnu/store/pymxw6dzibylr5qwhdxzc7il0h07kk9z-python-3.5.3.= drv - /gnu/store/66bdsmrgxjgr76f192fsqklzj76g33pf-python-3.5.3 /gnu/store/7hgx1fw4kyc41c5dj963z2d1nsmdli6z-python-3.5.3-tk efraim@macbook42:~/workspace/guix$ guix gc --references $(./pre-inst-env gu= ix build python) ;;; note: source file /home/efraim/workspace/guix/gnu/packages/base.scm ;;; newer than compiled /home/efraim/workspace/guix/gnu/packages/base= =2Ego ;;; note: source file /home/efraim/workspace/guix/gnu/packages/commencement= =2Escm ;;; newer than compiled /home/efraim/workspace/guix/gnu/packages/comm= encement.go /gnu/store/66bdsmrgxjgr76f192fsqklzj76g33pf-python-3.5.3 /gnu/store/7v66jlv8y005p2z5754jc1c6xf3rqybh-tk-8.6.6 /gnu/store/hiaxc08awfb6ygpssmlki8sjsxjcak5z-tcl-8.6.6 /gnu/store/p8k2id55pynzjmaixlns94phvr7mz5ls-gcc-5.4.0-lib /gnu/store/smddwh4gb0bf50js321vm88pvjlcfx04-libx11-1.6.5 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 /gnu/store/328cimicdjz4w6hr0z7fzvcr9j6ijjvg-readline-7.0 /gnu/store/66bdsmrgxjgr76f192fsqklzj76g33pf-python-3.5.3 /gnu/store/8zhlrp7mq6ibmda8n530xn3ym6l3zhyq-openssl-1.0.2k /gnu/store/alygmq7pjlrwchpyi4ycxx0w6qgg8kfx-ncurses-6.0 /gnu/store/fd8d47zyhv6m0adv9w2lawhajav3s3ww-xz-5.2.2 /gnu/store/mmmv339r8ymx4fabffzwadjasfc0a5lx-zlib-1.2.11 /gnu/store/n4fmp3fj1yam5ijwa64irg7glvzsq4i1-bash-4.4.12 /gnu/store/nk2f8advrn50jmx0gx24lkqqjswgy0bj-coreutils-8.26 /gnu/store/p8k2id55pynzjmaixlns94phvr7mz5ls-gcc-5.4.0-lib /gnu/store/pwhhnz4mjky9l3mdswybsgsgl74k7qb9-sqlite-3.17.0 /gnu/store/wcrf85ndv977kky8fazvgbjaybgz758j-libffi-3.2.1 /gnu/store/y6mlqxch93asizcni9f50y4r1y48wbgj-gdbm-1.12 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 efraim@macbook42:~/workspace/guix$ guix gc --references /gnu/store/66bdsmrg= xjgr76f192fsqklzj76g33pf-python-3.5.3/ /gnu/store/328cimicdjz4w6hr0z7fzvcr9j6ijjvg-readline-7.0 /gnu/store/66bdsmrgxjgr76f192fsqklzj76g33pf-python-3.5.3 /gnu/store/8zhlrp7mq6ibmda8n530xn3ym6l3zhyq-openssl-1.0.2k /gnu/store/alygmq7pjlrwchpyi4ycxx0w6qgg8kfx-ncurses-6.0 /gnu/store/fd8d47zyhv6m0adv9w2lawhajav3s3ww-xz-5.2.2 /gnu/store/mmmv339r8ymx4fabffzwadjasfc0a5lx-zlib-1.2.11 /gnu/store/n4fmp3fj1yam5ijwa64irg7glvzsq4i1-bash-4.4.12 /gnu/store/nk2f8advrn50jmx0gx24lkqqjswgy0bj-coreutils-8.26 /gnu/store/p8k2id55pynzjmaixlns94phvr7mz5ls-gcc-5.4.0-lib /gnu/store/pwhhnz4mjky9l3mdswybsgsgl74k7qb9-sqlite-3.17.0 /gnu/store/wcrf85ndv977kky8fazvgbjaybgz758j-libffi-3.2.1 /gnu/store/y6mlqxch93asizcni9f50y4r1y48wbgj-gdbm-1.12 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 So to me it looks like its working. Anyone want to try reconfiguring their system to make sure it doesn't break GuixSD? :) --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --ibTvN161/egqYuK8 Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-glibc-Patch-CVE-2017-1000366.patch" Content-Transfer-Encoding: quoted-printable =46rom 3ca1693715648ac23fd35f8246a3f1d5afd6ce34 Mon Sep 17 00:00:00 2001 =46rom: Efraim Flashner Date: Mon, 19 Jun 2017 23:13:53 +0300 Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc-2.25-fixed): New variable. (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366.patch, gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 5 +- gnu/packages/base.scm | 47 ++++- gnu/packages/commencement.scm | 6 +- gnu/packages/patches/glibc-CVE-2017-1000366.patch | 36 ++++ .../patches/glibc-reject-long-LD-AUDIT.patch | 206 +++++++++++++++++= ++++ .../patches/glibc-reject-long-LD-PRELOAD.patch | 124 +++++++++++++ 6 files changed, 414 insertions(+), 10 deletions(-) create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch create mode 100644 gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch create mode 100644 gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch diff --git a/gnu/local.mk b/gnu/local.mk index f0eed694d..d4d6c1c25 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -631,11 +631,14 @@ dist_patch_DATA =3D \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ %D%/packages/patches/glibc-memchr-overflow-i686.patch \ %D%/packages/patches/glibc-o-largefile.patch \ + %D%/packages/patches/glibc-reject-long-LD-AUDIT.patch \ + %D%/packages/patches/glibc-reject-long-LD-PRELOAD.patch \ %D%/packages/patches/glibc-versioned-locpath.patch \ %D%/packages/patches/glog-gcc-5-demangling.patch \ %D%/packages/patches/gmp-arm-asm-nothumb.patch \ @@ -657,7 +660,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/guile-present-coding.patch \ %D%/packages/patches/guile-relocatable.patch \ %D%/packages/patches/guile-rsvg-pkgconfig.patch \ - gnu/packages/patches/guile-ssh-channel-finalization.patch \ + %D%/packages/patches/guile-ssh-channel-finalization.patch \ %D%/packages/patches/guile-ssh-double-free.patch \ %D%/packages/patches/guile-ssh-rexec-bug.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index d135a18bf..47838d89b 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright =C2=A9 2014, 2015, 2016 Mark H Weaver ;;; Copyright =C2=A9 2014 Alex Kost ;;; Copyright =C2=A9 2014, 2015 Manolis Fragkiskos Ragkousis -;;; Copyright =C2=A9 2016 Efraim Flashner +;;; Copyright =C2=A9 2016, 2017 Efraim Flashner ;;; Copyright =C2=A9 2016 Jan Nieuwenhuizen ;;; Copyright =C2=A9 2017 Marius Bakke ;;; @@ -558,6 +558,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc-2.25-patched) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -904,34 +905,62 @@ GLIBC/HURD for a Hurd host" ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) =20 +(define glibc-2.25-patched + (package + (inherit glibc) + (replacement #f) + (source (origin + (inherit (package-source glibc)) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) + (define-public glibc-2.24 (package (inherit glibc) (version "2.24") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))))= )) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) =20 (define-public glibc-2.23 (package (inherit glibc) (version "2.23") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))))= )) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) =20 (define-public glibc-2.22 (package (inherit glibc) (version "2.22") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -939,7 +968,10 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) @@ -948,7 +980,8 @@ GLIBC/HURD for a Hurd host" (lambda _ ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21 (substitute* "configure" - (("/bin/pwd") "pwd")))))))))) + (("/bin/pwd") "pwd")) + #t)))))))) =20 (define-public glibc-2.21 (package @@ -960,13 +993,13 @@ GLIBC/HURD for a Hurd host" version ".tar.xz")) (sha256 (base32 - "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")) - (patches (search-patches "glibc-ldd-x86_64.patch")))))) + "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))))= )) =20 (define-public glibc-locales (package (inherit glibc) (name "glibc-locales") + (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc))= )))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 1b41feac1..eea246756 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -3,6 +3,7 @@ ;;; Copyright =C2=A9 2014 Andreas Enge ;;; Copyright =C2=A9 2012 Nikita Karetnikov ;;; Copyright =C2=A9 2014, 2015 Mark H Weaver +;;; Copyright =C2=A9 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -467,7 +468,7 @@ the bootstrap environment." ;; built just below; the only difference is that this one uses the ;; bootstrap Bash. (package-with-bootstrap-guile - (package (inherit glibc) + (package/inherit glibc (name "glibc-intermediate") (arguments `(#:guile ,%bootstrap-guile @@ -540,6 +541,7 @@ the bootstrap environment." that makes it available under the native tool names." (package (inherit gcc) (name (string-append (package-name gcc) "-wrapped")) + (replacement #f) (source #f) (build-system trivial-build-system) (outputs '("out")) @@ -640,7 +642,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~= a \"$@\"~%" =20 (define glibc-final ;; The final glibc, which embeds the statically-linked Bash built above. - (package (inherit glibc-final-with-bootstrap-bash) + (package/inherit glibc-final-with-bootstrap-bash (name "glibc") (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/packag= es/patches/glibc-CVE-2017-1000366.patch new file mode 100644 index 000000000..71e80968b --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch @@ -0,0 +1,36 @@ +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 17:09:55 +0200 +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=3D1 + programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=3D1 programs. + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3Df6110a8fee2ca36f8= e2d2abecf3cba9fa7b8ea7d +--- + ChangeLog | 7 +++++++ + elf/rtld.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) +=20 + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) + { + library_path =3D &envline[13]; + break; +--=20 +2.9.3 + diff --git a/gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch b/gnu/pa= ckages/patches/glibc-reject-long-LD-AUDIT.patch new file mode 100644 index 000000000..3d8f6d2bf --- /dev/null +++ b/gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch @@ -0,0 +1,206 @@ +From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:32:12 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements + +Also only process the last LD_AUDIT entry. + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D81b82fb966ffbd943= 53f793ad17116c6088dedd9 + +--- + ChangeLog | 11 +++++++ + elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++----= ----- + 2 files changed, 106 insertions(+), 15 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 86ae20c..65647fb 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p) + return *p !=3D '\0'; + } +=20 +-/* List of auditing DSOs. */ ++/* LD_AUDIT variable contents. Must be processed before the ++ audit_list below. */ ++const char *audit_list_string; ++ ++/* Cyclic list of auditing DSOs. audit_list->next is the first ++ element. */ + static struct audit_list + { + const char *name; + struct audit_list *next; + } *audit_list; +=20 ++/* Iterator for audit_list_string followed by audit_list. */ ++struct audit_list_iter ++{ ++ /* Tail of audit_list_string still needing processing, or NULL. */ ++ const char *audit_list_tail; ++ ++ /* The list element returned in the previous iteration. NULL before ++ the first element. */ ++ struct audit_list *previous; ++ ++ /* Scratch buffer for returning a name which is part of ++ audit_list_string. */ ++ char fname[SECURE_NAME_LIMIT]; ++}; ++ ++/* Initialize an audit list iterator. */ ++static void ++audit_list_iter_init (struct audit_list_iter *iter) ++{ ++ iter->audit_list_tail =3D audit_list_string; ++ iter->previous =3D NULL; ++} ++ ++/* Iterate through both audit_list_string and audit_list. */ ++static const char * ++audit_list_iter_next (struct audit_list_iter *iter) ++{ ++ if (iter->audit_list_tail !=3D NULL) ++ { ++ /* First iterate over audit_list_string. */ ++ while (*iter->audit_list_tail !=3D '\0') ++ { ++ /* Split audit list at colon. */ ++ size_t len =3D strcspn (iter->audit_list_tail, ":"); ++ if (len > 0 && len < sizeof (iter->fname)) ++ { ++ memcpy (iter->fname, iter->audit_list_tail, len); ++ iter->fname[len] =3D '\0'; ++ } ++ else ++ /* Do not return this name to the caller. */ ++ iter->fname[0] =3D '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ iter->audit_list_tail +=3D len; ++ if (*iter->audit_list_tail =3D=3D ':') ++ ++iter->audit_list_tail; ++ ++ /* If the name is valid, return it. */ ++ if (dso_name_valid_for_suid (iter->fname)) ++ return iter->fname; ++ /* Otherwise, wrap around and try the next name. */ ++ } ++ /* Fall through to the procesing of audit_list. */ ++ } ++ ++ if (iter->previous =3D=3D NULL) ++ { ++ if (audit_list =3D=3D NULL) ++ /* No pre-parsed audit list. */ ++ return NULL; ++ /* Start of audit list. The first list element is at ++ audit_list->next (cyclic list). */ ++ iter->previous =3D audit_list->next; ++ return iter->previous->name; ++ } ++ if (iter->previous =3D=3D audit_list) ++ /* Cyclic list wrap-around. */ ++ return NULL; ++ iter->previous =3D iter->previous->next; ++ return iter->previous->name; ++} ++ + #ifndef HAVE_INLINED_SYSCALLS + /* Set nonzero during loading and initialization of executable and + libraries, cleared before the executable's entry point runs. This +@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not in= tend to run this program.\n\ + GL(dl_rtld_map).l_tls_modid =3D _dl_next_tls_modid (); +=20 + /* If we have auditing DSOs to load, do it now. */ +- if (__glibc_unlikely (audit_list !=3D NULL)) ++ bool need_security_init =3D true; ++ if (__glibc_unlikely (audit_list !=3D NULL) ++ || __glibc_unlikely (audit_list_string !=3D NULL)) + { +- /* Iterate over all entries in the list. The order is important. = */ + struct audit_ifaces *last_audit =3D NULL; +- struct audit_list *al =3D audit_list->next; ++ struct audit_list_iter al_iter; ++ audit_list_iter_init (&al_iter); +=20 + /* Since we start using the auditing DSOs right away we need to + initialize the data structures now. */ +@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not int= end to run this program.\n\ + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); ++ need_security_init =3D false; +=20 +- do ++ while (true) + { ++ const char *name =3D audit_list_iter_next (&al_iter); ++ if (name =3D=3D NULL) ++ break; ++ + int tls_idx =3D GL(dl_tls_max_dtv_idx); +=20 + /* Now it is time to determine the layout of the static TLS +@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not inte= nd to run this program.\n\ + no DF_STATIC_TLS bit is set. The reason is that we know + glibc will use the static model. */ + struct dlmopen_args dlmargs; +- dlmargs.fname =3D al->name; ++ dlmargs.fname =3D name; + dlmargs.map =3D NULL; +=20 + const char *objname; +@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not inte= nd to run this program.\n\ + not_loaded: + _dl_error_printf ("\ + ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignore= d.\n", +- al->name, err_str); ++ name, err_str); + if (malloced) + free ((char *) err_str); + } +@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit= interface: %s; ignored.\n", + goto not_loaded; + } + } +- +- al =3D al->next; + } +- while (al !=3D audit_list->next); +=20 + /* If we have any auditing modules, announce that we already + have two objects loaded. */ +@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit = interface: %s; ignored.\n", + if (tcbp =3D=3D NULL) + tcbp =3D init_tls (); +=20 +- if (__glibc_likely (audit_list =3D=3D NULL)) ++ if (__glibc_likely (need_security_init)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); +@@ -2346,9 +2428,7 @@ process_dl_audit (char *str) + char *p; +=20 + while ((p =3D (strsep) (&str, ":")) !=3D NULL) +- if (p[0] !=3D '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') =3D=3D NULL)) ++ if (dso_name_valid_for_suid (p)) + { + /* This is using the local malloc, not the system malloc. The + memory can never be freed. */ +@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep) + break; + } + if (memcmp (envline, "AUDIT", 5) =3D=3D 0) +- process_dl_audit (&envline[6]); ++ audit_list_string =3D &envline[6]; + break; +=20 + case 7: +--=20 +2.9.3 + diff --git a/gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch b/gnu/= packages/patches/glibc-reject-long-LD-PRELOAD.patch new file mode 100644 index 000000000..4b859c4bf --- /dev/null +++ b/gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch @@ -0,0 +1,124 @@ +From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:31:04 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dpatch;h=3D6d0ba622891bed9d83= 94eef1935add53003b12e8 + +--- + ChangeLog | 7 ++++++ + elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++-------= ----- + 2 files changed, 73 insertions(+), 16 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2269dbe..86ae20c 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local + strong_alias (__pointer_chk_guard_local, __pointer_chk_guard) + #endif +=20 ++/* Length limits for names and paths, to protect the dynamic linker, ++ particularly when __libc_enable_secure is active. */ ++#ifdef NAME_MAX ++# define SECURE_NAME_LIMIT NAME_MAX ++#else ++# define SECURE_NAME_LIMIT 255 ++#endif ++#ifdef PATH_MAX ++# define SECURE_PATH_LIMIT PATH_MAX ++#else ++# define SECURE_PATH_LIMIT 1024 ++#endif ++ ++/* Check that AT_SECURE=3D0, or that the passed name does not contain ++ directories and is not overly long. Reject empty names ++ unconditionally. */ ++static bool ++dso_name_valid_for_suid (const char *p) ++{ ++ if (__glibc_unlikely (__libc_enable_secure)) ++ { ++ /* Ignore pathnames with directories for AT_SECURE=3D1 ++ programs, and also skip overlong names. */ ++ size_t len =3D strlen (p); ++ if (len >=3D SECURE_NAME_LIMIT || memchr (p, '/', len) !=3D NULL) ++ return false; ++ } ++ return *p !=3D '\0'; ++} +=20 + /* List of auditing DSOs. */ + static struct audit_list +@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro; + /* Nonzero if information about versions has to be printed. */ + static int version_info attribute_relro; +=20 ++/* The LD_PRELOAD environment variable gives list of libraries ++ separated by white space or colons that are loaded before the ++ executable's dependencies and prepended to the global scope list. ++ (If the binary is running setuid all elements containing a '/' are ++ ignored since it is insecure.) Return the number of preloads ++ performed. */ ++unsigned int ++handle_ld_preload (const char *preloadlist, struct link_map *main_map) ++{ ++ unsigned int npreloads =3D 0; ++ const char *p =3D preloadlist; ++ char fname[SECURE_PATH_LIMIT]; ++ ++ while (*p !=3D '\0') ++ { ++ /* Split preload list at space/colon. */ ++ size_t len =3D strcspn (p, " :"); ++ if (len > 0 && len < sizeof (fname)) ++ { ++ memcpy (fname, p, len); ++ fname[len] =3D '\0'; ++ } ++ else ++ fname[0] =3D '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ p +=3D len; ++ if (*p !=3D '\0') ++ ++p; ++ ++ if (dso_name_valid_for_suid (fname)) ++ npreloads +=3D do_preload (fname, main_map, "LD_PRELOAD"); ++ } ++ return npreloads; ++} ++ + static void + dl_main (const ElfW(Phdr) *phdr, + ElfW(Word) phnum, +@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit= interface: %s; ignored.\n", +=20 + if (__glibc_unlikely (preloadlist !=3D NULL)) + { +- /* The LD_PRELOAD environment variable gives list of libraries +- separated by white space or colons that are loaded before the +- executable's dependencies and prepended to the global scope +- list. If the binary is running setuid all elements +- containing a '/' are ignored since it is insecure. */ +- char *list =3D strdupa (preloadlist); +- char *p; +- + HP_TIMING_NOW (start); +- +- /* Prevent optimizing strsep. Speed is not important here. */ +- while ((p =3D (strsep) (&list, " :")) !=3D NULL) +- if (p[0] !=3D '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') =3D=3D NULL)) +- npreloads +=3D do_preload (p, main_map, "LD_PRELOAD"); +- ++ npreloads +=3D handle_ld_preload (preloadlist, main_map); + HP_TIMING_NOW (stop); + HP_TIMING_DIFF (diff, start, stop); + HP_TIMING_ACCUM_NT (load_time, diff); +--=20 +2.9.3 + --=20 2.13.1 --ibTvN161/egqYuK8-- --Y7xTucakfITjPcLV Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAllKMT0ACgkQQarn3Mo9 g1E67hAAhi6odGAdpLIkshD9lz8aSZ0QsYDsj3vk+KPEsvzv84jEoDRIoAnyTcAz c84+ZFj2hfYvptbIt+MLX0e+gpGNHWXkVt/oqXxwvCuHACJON9ey+rM1MDg6Jt4j VDgiqJF71joA93aDv3lIUx70nCV0oNDJ4qHASqdKXqRxprHW9IbFAeZrtUAIRold n9xPpscQ2kwOa4aCmWUZbQWKpnWjF4IgXaWGoSxBLyQ1vbKh6iAvQyXfO36EyAUg Sir/X3hCW7yvB2Q/zPA/9N2QrtMlIZRdZOxOUr9fXHCdREOIHjkzBMWXxbR4zoYB zHevzYF7g+sqUUAtkvl9oQeVL1b7V4zPvlFLRaoZz6LvWlsy1N5Z4KBazz8lOSJE /VRsPVKdIn6LlZJjgJPCEx+eE5AY5gt1ubNOhgg0bH59+EcdDbOacngS/kfeyFx2 +jgOg0jRDAG1BhPWYb538mle3etorKcjIoGvQzRp+ZPgFW2fjMc0zXKLRqB6o5uV HmC3TxgutBb+fO3elHw6HUPYkDOBkJtea3TFE7eFpSCB9YONL2aaajYE4VLDsWsi WKqGNmBBbJQ4mvCVxa3UQMvZBmx1C7nk4gDG2w8fqZC9iePWLlntCrb97L5wba9l XSENJJE7yiTT7sKZaPBD3zoHPuxKRuXOvNpZpN4EtmFaqgIiRX4= =3iqd -----END PGP SIGNATURE----- --Y7xTucakfITjPcLV-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Efraim Flashner Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 21 Jun 2017 09:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14980386731285 (code B ref 27429); Wed, 21 Jun 2017 09:52:02 +0000 Received: (at 27429) by debbugs.gnu.org; 21 Jun 2017 09:51:13 +0000 Received: from localhost ([127.0.0.1]:58876 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNcHz-0000KX-3l for submit@debbugs.gnu.org; Wed, 21 Jun 2017 05:51:13 -0400 Received: from flashner.co.il ([178.62.234.194]:42140) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNcHu-0000Jl-HC for 27429@debbugs.gnu.org; Wed, 21 Jun 2017 05:51:06 -0400 Received: from localhost (85.64.232.168.dynamic.barak-online.net [85.64.232.168]) by flashner.co.il (Postfix) with ESMTPSA id 1CA2E40068; Wed, 21 Jun 2017 09:50:48 +0000 (UTC) Date: Wed, 21 Jun 2017 12:50:45 +0300 From: Efraim Flashner Message-ID: <20170621095045.GB2870@macbook42.flashner.co.il> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="veXX9dWIonWZEC6h" Content-Disposition: inline In-Reply-To: <20170621084134.GA2870@macbook42.flashner.co.il> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --veXX9dWIonWZEC6h Content-Type: multipart/mixed; boundary="w7PDEPdKQumQfZlR" Content-Disposition: inline --w7PDEPdKQumQfZlR Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Had to make a small change to the patch, it turns out it couldn't build the source for glibc@2.21, so I changed the source to inherit from glibc@2.22 and not just from glibc. It doesn't change anything for the actual glibc@2.25. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --w7PDEPdKQumQfZlR Content-Type: text/plain; charset=utf-8 Content-Disposition: attachment; filename="0001-gnu-glibc-Patch-CVE-2017-1000366.patch" Content-Transfer-Encoding: quoted-printable =46rom ef14fa6db5eaedabbaa092cbed2b6f8ee903837c Mon Sep 17 00:00:00 2001 =46rom: Efraim Flashner Date: Mon, 19 Jun 2017 23:13:53 +0300 Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. * gnu/packages/base.scm (glibc/linux)[replacement]: New field. (glibc-2.25-fixed): New variable. (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. [replacement]: New field. (glibc-locales)[replacement]: New field. * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New field. * gnu/packages/patches/glibc-CVE-2017-1000366.patch, gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/local.mk | 5 +- gnu/packages/base.scm | 49 ++++- gnu/packages/commencement.scm | 6 +- gnu/packages/patches/glibc-CVE-2017-1000366.patch | 36 ++++ .../patches/glibc-reject-long-LD-AUDIT.patch | 206 +++++++++++++++++= ++++ .../patches/glibc-reject-long-LD-PRELOAD.patch | 124 +++++++++++++ 6 files changed, 415 insertions(+), 11 deletions(-) create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366.patch create mode 100644 gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch create mode 100644 gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch diff --git a/gnu/local.mk b/gnu/local.mk index f0eed694d..d4d6c1c25 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -631,11 +631,14 @@ dist_patch_DATA =3D \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ %D%/packages/patches/glibc-memchr-overflow-i686.patch \ %D%/packages/patches/glibc-o-largefile.patch \ + %D%/packages/patches/glibc-reject-long-LD-AUDIT.patch \ + %D%/packages/patches/glibc-reject-long-LD-PRELOAD.patch \ %D%/packages/patches/glibc-versioned-locpath.patch \ %D%/packages/patches/glog-gcc-5-demangling.patch \ %D%/packages/patches/gmp-arm-asm-nothumb.patch \ @@ -657,7 +660,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/guile-present-coding.patch \ %D%/packages/patches/guile-relocatable.patch \ %D%/packages/patches/guile-rsvg-pkgconfig.patch \ - gnu/packages/patches/guile-ssh-channel-finalization.patch \ + %D%/packages/patches/guile-ssh-channel-finalization.patch \ %D%/packages/patches/guile-ssh-double-free.patch \ %D%/packages/patches/guile-ssh-rexec-bug.patch \ %D%/packages/patches/gtk2-respect-GUIX_GTK2_PATH.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index d135a18bf..70f57b9ff 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -5,7 +5,7 @@ ;;; Copyright =C2=A9 2014, 2015, 2016 Mark H Weaver ;;; Copyright =C2=A9 2014 Alex Kost ;;; Copyright =C2=A9 2014, 2015 Manolis Fragkiskos Ragkousis -;;; Copyright =C2=A9 2016 Efraim Flashner +;;; Copyright =C2=A9 2016, 2017 Efraim Flashner ;;; Copyright =C2=A9 2016 Jan Nieuwenhuizen ;;; Copyright =C2=A9 2017 Marius Bakke ;;; @@ -558,6 +558,7 @@ store.") (package (name "glibc") (version "2.25") + (replacement glibc-2.25-patched) (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -904,34 +905,62 @@ GLIBC/HURD for a Hurd host" ;; Below are old libc versions, which we use mostly to build locale data in ;; the old format (which the new libc cannot cope with.) =20 +(define glibc-2.25-patched + (package + (inherit glibc) + (replacement #f) + (source (origin + (inherit (package-source glibc)) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) + (define-public glibc-2.24 (package (inherit glibc) (version "2.24") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r"))))= )) + "1lxmprg9gm73gvafxd503x70z32phwjzcy74i0adfi6ixzla7m4r")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) =20 (define-public glibc-2.23 (package (inherit glibc) (version "2.23") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl"))))= )) + "1s8krs3y2n6pzav7ic59dz41alqalphv7vww4138ag30wh0fpvwl")) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-versioned-locpath.patch" + "glibc-o-largefile.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))))) =20 (define-public glibc-2.22 (package (inherit glibc) (version "2.22") + (replacement #f) (source (origin (inherit (package-source glibc)) (uri (string-append "mirror://gnu/glibc/glibc-" @@ -939,7 +968,10 @@ GLIBC/HURD for a Hurd host" (sha256 (base32 "0j49682pm2nh4qbdw35bas82p1pgfnz4d2l7iwfyzvrvj0318wzb")) - (patches (search-patches "glibc-ldd-x86_64.patch")))) + (patches (search-patches "glibc-CVE-2017-1000366.patch" + "glibc-ldd-x86_64.patch" + "glibc-reject-long-LD-AUDIT.patch" + "glibc-reject-long-LD-PRELOAD.patch= ")))) (arguments (substitute-keyword-arguments (package-arguments glibc) ((#:phases phases) @@ -948,25 +980,26 @@ GLIBC/HURD for a Hurd host" (lambda _ ;; Use `pwd' instead of `/bin/pwd' for glibc-2.21 (substitute* "configure" - (("/bin/pwd") "pwd")))))))))) + (("/bin/pwd") "pwd")) + #t)))))))) =20 (define-public glibc-2.21 (package (inherit glibc-2.22) (version "2.21") (source (origin - (inherit (package-source glibc)) + (inherit (package-source glibc-2.22)) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf")) - (patches (search-patches "glibc-ldd-x86_64.patch")))))) + "1f135546j34s9bfkydmx2nhh9vwxlx60jldi80zmsnln6wj3dsxf"))))= )) =20 (define-public glibc-locales (package (inherit glibc) (name "glibc-locales") + (replacement #f) (source (origin (inherit (package-source glibc)) (patches (cons (search-patch "glibc-locales.patch") (origin-patches (package-source glibc))= )))) diff --git a/gnu/packages/commencement.scm b/gnu/packages/commencement.scm index 1b41feac1..eea246756 100644 --- a/gnu/packages/commencement.scm +++ b/gnu/packages/commencement.scm @@ -3,6 +3,7 @@ ;;; Copyright =C2=A9 2014 Andreas Enge ;;; Copyright =C2=A9 2012 Nikita Karetnikov ;;; Copyright =C2=A9 2014, 2015 Mark H Weaver +;;; Copyright =C2=A9 2017 Efraim Flashner ;;; ;;; This file is part of GNU Guix. ;;; @@ -467,7 +468,7 @@ the bootstrap environment." ;; built just below; the only difference is that this one uses the ;; bootstrap Bash. (package-with-bootstrap-guile - (package (inherit glibc) + (package/inherit glibc (name "glibc-intermediate") (arguments `(#:guile ,%bootstrap-guile @@ -540,6 +541,7 @@ the bootstrap environment." that makes it available under the native tool names." (package (inherit gcc) (name (string-append (package-name gcc) "-wrapped")) + (replacement #f) (source #f) (build-system trivial-build-system) (outputs '("out")) @@ -640,7 +642,7 @@ exec ~a/bin/~a-~a -B~a/lib -Wl,-dynamic-linker -Wl,~a/~= a \"$@\"~%" =20 (define glibc-final ;; The final glibc, which embeds the statically-linked Bash built above. - (package (inherit glibc-final-with-bootstrap-bash) + (package/inherit glibc-final-with-bootstrap-bash (name "glibc") (inputs `(("static-bash" ,static-bash-for-glibc) ,@(alist-delete diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366.patch b/gnu/packag= es/patches/glibc-CVE-2017-1000366.patch new file mode 100644 index 000000000..71e80968b --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366.patch @@ -0,0 +1,36 @@ +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 17:09:55 +0200 +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=3D1 + programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=3D1 programs. + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3Df6110a8fee2ca36f8= e2d2abecf3cba9fa7b8ea7d +--- + ChangeLog | 7 +++++++ + elf/rtld.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) +=20 + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) =3D=3D 0) + { + library_path =3D &envline[13]; + break; +--=20 +2.9.3 + diff --git a/gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch b/gnu/pa= ckages/patches/glibc-reject-long-LD-AUDIT.patch new file mode 100644 index 000000000..3d8f6d2bf --- /dev/null +++ b/gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch @@ -0,0 +1,206 @@ +From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:32:12 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements + +Also only process the last LD_AUDIT entry. + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dcommit;h=3D81b82fb966ffbd943= 53f793ad17116c6088dedd9 + +--- + ChangeLog | 11 +++++++ + elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++----= ----- + 2 files changed, 106 insertions(+), 15 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 86ae20c..65647fb 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p) + return *p !=3D '\0'; + } +=20 +-/* List of auditing DSOs. */ ++/* LD_AUDIT variable contents. Must be processed before the ++ audit_list below. */ ++const char *audit_list_string; ++ ++/* Cyclic list of auditing DSOs. audit_list->next is the first ++ element. */ + static struct audit_list + { + const char *name; + struct audit_list *next; + } *audit_list; +=20 ++/* Iterator for audit_list_string followed by audit_list. */ ++struct audit_list_iter ++{ ++ /* Tail of audit_list_string still needing processing, or NULL. */ ++ const char *audit_list_tail; ++ ++ /* The list element returned in the previous iteration. NULL before ++ the first element. */ ++ struct audit_list *previous; ++ ++ /* Scratch buffer for returning a name which is part of ++ audit_list_string. */ ++ char fname[SECURE_NAME_LIMIT]; ++}; ++ ++/* Initialize an audit list iterator. */ ++static void ++audit_list_iter_init (struct audit_list_iter *iter) ++{ ++ iter->audit_list_tail =3D audit_list_string; ++ iter->previous =3D NULL; ++} ++ ++/* Iterate through both audit_list_string and audit_list. */ ++static const char * ++audit_list_iter_next (struct audit_list_iter *iter) ++{ ++ if (iter->audit_list_tail !=3D NULL) ++ { ++ /* First iterate over audit_list_string. */ ++ while (*iter->audit_list_tail !=3D '\0') ++ { ++ /* Split audit list at colon. */ ++ size_t len =3D strcspn (iter->audit_list_tail, ":"); ++ if (len > 0 && len < sizeof (iter->fname)) ++ { ++ memcpy (iter->fname, iter->audit_list_tail, len); ++ iter->fname[len] =3D '\0'; ++ } ++ else ++ /* Do not return this name to the caller. */ ++ iter->fname[0] =3D '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ iter->audit_list_tail +=3D len; ++ if (*iter->audit_list_tail =3D=3D ':') ++ ++iter->audit_list_tail; ++ ++ /* If the name is valid, return it. */ ++ if (dso_name_valid_for_suid (iter->fname)) ++ return iter->fname; ++ /* Otherwise, wrap around and try the next name. */ ++ } ++ /* Fall through to the procesing of audit_list. */ ++ } ++ ++ if (iter->previous =3D=3D NULL) ++ { ++ if (audit_list =3D=3D NULL) ++ /* No pre-parsed audit list. */ ++ return NULL; ++ /* Start of audit list. The first list element is at ++ audit_list->next (cyclic list). */ ++ iter->previous =3D audit_list->next; ++ return iter->previous->name; ++ } ++ if (iter->previous =3D=3D audit_list) ++ /* Cyclic list wrap-around. */ ++ return NULL; ++ iter->previous =3D iter->previous->next; ++ return iter->previous->name; ++} ++ + #ifndef HAVE_INLINED_SYSCALLS + /* Set nonzero during loading and initialization of executable and + libraries, cleared before the executable's entry point runs. This +@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not in= tend to run this program.\n\ + GL(dl_rtld_map).l_tls_modid =3D _dl_next_tls_modid (); +=20 + /* If we have auditing DSOs to load, do it now. */ +- if (__glibc_unlikely (audit_list !=3D NULL)) ++ bool need_security_init =3D true; ++ if (__glibc_unlikely (audit_list !=3D NULL) ++ || __glibc_unlikely (audit_list_string !=3D NULL)) + { +- /* Iterate over all entries in the list. The order is important. = */ + struct audit_ifaces *last_audit =3D NULL; +- struct audit_list *al =3D audit_list->next; ++ struct audit_list_iter al_iter; ++ audit_list_iter_init (&al_iter); +=20 + /* Since we start using the auditing DSOs right away we need to + initialize the data structures now. */ +@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not int= end to run this program.\n\ + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); ++ need_security_init =3D false; +=20 +- do ++ while (true) + { ++ const char *name =3D audit_list_iter_next (&al_iter); ++ if (name =3D=3D NULL) ++ break; ++ + int tls_idx =3D GL(dl_tls_max_dtv_idx); +=20 + /* Now it is time to determine the layout of the static TLS +@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not inte= nd to run this program.\n\ + no DF_STATIC_TLS bit is set. The reason is that we know + glibc will use the static model. */ + struct dlmopen_args dlmargs; +- dlmargs.fname =3D al->name; ++ dlmargs.fname =3D name; + dlmargs.map =3D NULL; +=20 + const char *objname; +@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not inte= nd to run this program.\n\ + not_loaded: + _dl_error_printf ("\ + ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignore= d.\n", +- al->name, err_str); ++ name, err_str); + if (malloced) + free ((char *) err_str); + } +@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit= interface: %s; ignored.\n", + goto not_loaded; + } + } +- +- al =3D al->next; + } +- while (al !=3D audit_list->next); +=20 + /* If we have any auditing modules, announce that we already + have two objects loaded. */ +@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit = interface: %s; ignored.\n", + if (tcbp =3D=3D NULL) + tcbp =3D init_tls (); +=20 +- if (__glibc_likely (audit_list =3D=3D NULL)) ++ if (__glibc_likely (need_security_init)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); +@@ -2346,9 +2428,7 @@ process_dl_audit (char *str) + char *p; +=20 + while ((p =3D (strsep) (&str, ":")) !=3D NULL) +- if (p[0] !=3D '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') =3D=3D NULL)) ++ if (dso_name_valid_for_suid (p)) + { + /* This is using the local malloc, not the system malloc. The + memory can never be freed. */ +@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep) + break; + } + if (memcmp (envline, "AUDIT", 5) =3D=3D 0) +- process_dl_audit (&envline[6]); ++ audit_list_string =3D &envline[6]; + break; +=20 + case 7: +--=20 +2.9.3 + diff --git a/gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch b/gnu/= packages/patches/glibc-reject-long-LD-PRELOAD.patch new file mode 100644 index 000000000..4b859c4bf --- /dev/null +++ b/gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch @@ -0,0 +1,124 @@ +From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:31:04 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements + +patch from: +https://sourceware.org/git/?p=3Dglibc.git;a=3Dpatch;h=3D6d0ba622891bed9d83= 94eef1935add53003b12e8 + +--- + ChangeLog | 7 ++++++ + elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++-------= ----- + 2 files changed, 73 insertions(+), 16 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2269dbe..86ae20c 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local + strong_alias (__pointer_chk_guard_local, __pointer_chk_guard) + #endif +=20 ++/* Length limits for names and paths, to protect the dynamic linker, ++ particularly when __libc_enable_secure is active. */ ++#ifdef NAME_MAX ++# define SECURE_NAME_LIMIT NAME_MAX ++#else ++# define SECURE_NAME_LIMIT 255 ++#endif ++#ifdef PATH_MAX ++# define SECURE_PATH_LIMIT PATH_MAX ++#else ++# define SECURE_PATH_LIMIT 1024 ++#endif ++ ++/* Check that AT_SECURE=3D0, or that the passed name does not contain ++ directories and is not overly long. Reject empty names ++ unconditionally. */ ++static bool ++dso_name_valid_for_suid (const char *p) ++{ ++ if (__glibc_unlikely (__libc_enable_secure)) ++ { ++ /* Ignore pathnames with directories for AT_SECURE=3D1 ++ programs, and also skip overlong names. */ ++ size_t len =3D strlen (p); ++ if (len >=3D SECURE_NAME_LIMIT || memchr (p, '/', len) !=3D NULL) ++ return false; ++ } ++ return *p !=3D '\0'; ++} +=20 + /* List of auditing DSOs. */ + static struct audit_list +@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro; + /* Nonzero if information about versions has to be printed. */ + static int version_info attribute_relro; +=20 ++/* The LD_PRELOAD environment variable gives list of libraries ++ separated by white space or colons that are loaded before the ++ executable's dependencies and prepended to the global scope list. ++ (If the binary is running setuid all elements containing a '/' are ++ ignored since it is insecure.) Return the number of preloads ++ performed. */ ++unsigned int ++handle_ld_preload (const char *preloadlist, struct link_map *main_map) ++{ ++ unsigned int npreloads =3D 0; ++ const char *p =3D preloadlist; ++ char fname[SECURE_PATH_LIMIT]; ++ ++ while (*p !=3D '\0') ++ { ++ /* Split preload list at space/colon. */ ++ size_t len =3D strcspn (p, " :"); ++ if (len > 0 && len < sizeof (fname)) ++ { ++ memcpy (fname, p, len); ++ fname[len] =3D '\0'; ++ } ++ else ++ fname[0] =3D '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ p +=3D len; ++ if (*p !=3D '\0') ++ ++p; ++ ++ if (dso_name_valid_for_suid (fname)) ++ npreloads +=3D do_preload (fname, main_map, "LD_PRELOAD"); ++ } ++ return npreloads; ++} ++ + static void + dl_main (const ElfW(Phdr) *phdr, + ElfW(Word) phnum, +@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit= interface: %s; ignored.\n", +=20 + if (__glibc_unlikely (preloadlist !=3D NULL)) + { +- /* The LD_PRELOAD environment variable gives list of libraries +- separated by white space or colons that are loaded before the +- executable's dependencies and prepended to the global scope +- list. If the binary is running setuid all elements +- containing a '/' are ignored since it is insecure. */ +- char *list =3D strdupa (preloadlist); +- char *p; +- + HP_TIMING_NOW (start); +- +- /* Prevent optimizing strsep. Speed is not important here. */ +- while ((p =3D (strsep) (&list, " :")) !=3D NULL) +- if (p[0] !=3D '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') =3D=3D NULL)) +- npreloads +=3D do_preload (p, main_map, "LD_PRELOAD"); +- ++ npreloads +=3D handle_ld_preload (preloadlist, main_map); + HP_TIMING_NOW (stop); + HP_TIMING_DIFF (diff, start, stop); + HP_TIMING_ACCUM_NT (load_time, diff); +--=20 +2.9.3 + --=20 2.13.1 --w7PDEPdKQumQfZlR-- --veXX9dWIonWZEC6h Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAllKQW4ACgkQQarn3Mo9 g1GZEA/9ErplZWQ2bNCYU9NE54O+2EClMDfmBb7i3AvVYaSwHlweie9eq7AiVvX3 Wrg9yiBa7FgTkglMayZQs+/hR81mOXwo/am4Kt3ABH3Db5lt/BhTLNfs1ovMP43b K+oshr+fBPKLhKJ/Dzco9R7pySrS9juovCh0OgziJsVFA4ymRGYavcNPS5D/jxFI SQYIPTt7dAHocZQd21f6ReI9VxdEMdq376+LChw9/Kt8p7VmUgIExjdW+A42sQ0g NDZX8TYSEGsNI1AkXUb1xOZVW8DwH5FnmOfFWJkTPR4Vc5q4sGW8UWUks11Leoqz YGMmeunCjR8e3rDJFVxJn8G8QBSs/x92NNEk/kKsNs1pPweVa9WFcMXmLOtUJmFz 9br8UMYyMwRPcIzSs830brIUsLvElAZnQFotwm36Un+nKBVooyZEQupjEOzo4BME ohMR3j6TMsCFIRMwav7pda//GCBylydWTSeGC75VjqabsdRUMM9dpvIQ4ZUIGy8g +db3soKwm9FuPVc51aGbBGfDpd3NfsnBwcdeK+rN+oyIpSbOS43W7t6w+dLT0fow exmOWSUsjYWrJCjnql6CCnSOhLYzOGeJwZnlWxlEKoAoZSxNxoIM3b7EnpRYH4Ky evbdn2zOYdCIc3Kwmqx47vsEmgkQ+kMaweLaZWln2NMxL5x70Ak= =D2yG -----END PGP SIGNATURE----- --veXX9dWIonWZEC6h-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 21 Jun 2017 23:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner Cc: Mark H Weaver , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14980891566765 (code B ref 27429); Wed, 21 Jun 2017 23:53:02 +0000 Received: (at 27429) by debbugs.gnu.org; 21 Jun 2017 23:52:36 +0000 Received: from localhost ([127.0.0.1]:60380 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNpQK-0001l3-EL for submit@debbugs.gnu.org; Wed, 21 Jun 2017 19:52:36 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:51951) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNpQE-0001kq-Ux for 27429@debbugs.gnu.org; Wed, 21 Jun 2017 19:52:34 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0E14920995; Wed, 21 Jun 2017 19:52:30 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 21 Jun 2017 19:52:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=+I1iLlUKsiDQ2m5OM7YEK834ymzWianN8ZBc7l IfKo0=; b=zCKIF4u+KIrbHi1PK1sX6TMHp//tly4BskyPxiLQ/tD4MhGkHVTa9v tnVt+UBqOxP1EJ8D92Ouu6MjfpB8jetWVQsn5pb2v+G3qtIAyM9TH6V1AoZtCybF 3/EaWQUUajY4O5N1qzme9ZH+s4C29xEpXo4vKpFu1JFO/66jzlBYU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=+I1iLlUKsiDQ2m5OM7 YEK834ymzWianN8ZBc7lIfKo0=; b=mzkbg4lby3YQo7XqFfD3tJ5WXDK2xTUg+G rzjwyHWtosiAGdTHksk2gLRT1lfiDBCh7MHuXt1pEftNfA0MhOZeWYy5DMac2gk9 p1Rr8e/e3Shv6Uqv7FVKxRXZFOREja8tkuSNUIWwt4l7n/5QsE8sfJOpKD97kXZH VrwQCbMvYRKcIMFskd4+LgDtzrNtOeTjyGhxvle6P3RARPeeYQh4t+HTCTcRLX8g TAfWvBDZi/WH4nQbyX5j5piKq7FjrDo2gAqHDl28ZBq8KHZtN7lpu8R9DZHuKRS7 0oPSDVznL5WQalSF5us6XZePc5Rhm6xmx8wL+Bnaf5aTov8psbNA== X-ME-Sender: X-Sasl-enc: lmGe1PdoqXzAx0fkSYM+Tl7SkPoRAMcGymUrcG5MvFy5 1498089149 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id BFFE87E429; Wed, 21 Jun 2017 19:52:29 -0400 (EDT) Date: Wed, 21 Jun 2017 19:52:27 -0400 From: Leo Famulari Message-ID: <20170621235227.GA4510@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline In-Reply-To: <20170621095045.GB2870@macbook42.flashner.co.il> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote: > Had to make a small change to the patch, it turns out it couldn't build > the source for glibc@2.21, so I changed the source to inherit from > glibc@2.22 and not just from glibc. It doesn't change anything for the > actual glibc@2.25. >=20 > --=20 > Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7= =9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 > GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > Confidentiality cannot be guaranteed on emails sent or received unencrypt= ed > From ef14fa6db5eaedabbaa092cbed2b6f8ee903837c Mon Sep 17 00:00:00 2001 > From: Efraim Flashner > Date: Mon, 19 Jun 2017 23:13:53 +0300 > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. >=20 > * gnu/packages/base.scm (glibc/linux)[replacement]: New field. > (glibc-2.25-fixed): New variable. > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. > [replacement]: New field. > (glibc-locales)[replacement]: New field. > * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New fie= ld. > * gnu/packages/patches/glibc-CVE-2017-1000366.patch, > gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, > gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. Thanks, I'm building a bare-bones disk image to test this patch. --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllLBrAACgkQJkb6MLrK fwjF5A/+N10tVo1r1mrK5Olzv/OxqFu9apXfczseIAfeB4e20EJ3wp+uu/fOX6Ku zgqkDR91KAeBaAVFB/hudM64v/7GNMGkiLI09om2z9BnMKKYAC7v5lMLQOT9vqoj p1Jn3TARjT665MDRT2BB+0aLAwU2lpG0MLE3zzqFkhyW0bfrXFxLDbZLxAdzWWS1 XeV+RWhgeDmlkDAlBbzSZVm7HBDuBOBAZcWihGZU7zZ5Yj3GX7x1nwu0fH0zsSkC ta8Mh8CMK13ZRBEQG7ZoMx8IVE10+0BwplGasmQB5qF1zRiTqbXsbz1sPIPtKO9S gZ6p//8hUIxsfuk0nG951icbctPVkYHTz/nwpSgoLYLl9TqK5JrHbq6Hv/iZKCBG /dK/H+WPF/0N5q8tD+G2MyZgfE2p3gvdYJStIdcZmBiz3w3IhKQoCmNtZxuczU36 qwFVsdCxegb1RcDZAKfhTApZ/psnWXplIY383xepuMBVVMDFoNGI4REdaWNkp+WB kPVQeQdTN+/B2CfgiRDxazewwlJ1CDicLIYGGBUQF+Qt7EpRW5AVJSz9A/MWPUdO 00+n2k9/GQRiV8ZfrLe6xPe3QdD3LW/laBl8ef2fPwPNWeasDd6MlnV7ebU/aUg3 akGFwvtKhfyWG4rqEDs1MSbdFmK1MPuo+qfXh5emncz5x4HI1Lk= =Bygl -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 22 Jun 2017 00:05:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner Cc: Mark H Weaver , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14980898617904 (code B ref 27429); Thu, 22 Jun 2017 00:05:02 +0000 Received: (at 27429) by debbugs.gnu.org; 22 Jun 2017 00:04:21 +0000 Received: from localhost ([127.0.0.1]:60386 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNpbh-00023P-JL for submit@debbugs.gnu.org; Wed, 21 Jun 2017 20:04:21 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:43333) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNpbe-00023G-62 for 27429@debbugs.gnu.org; Wed, 21 Jun 2017 20:04:20 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 0D25D207D6; Wed, 21 Jun 2017 20:04:18 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 21 Jun 2017 20:04:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=gLfPF5qhtVQNiuX4FZu8UmW+A7lvLKHZuWpTGC PZ1Oc=; b=gzsunijkcfgJYyjtfOETNe/pmQbfzrv2bK5p+357eo6s4ePFVfnwN0 tCURTGhMGL8wHfurLRbTuefmedHQKEY6mxBY0azBBwwK680IBJWHMv40PkA3243J c0U0tRisUpMMut5H2YSo9mzFEBuSxStb3XLny87emVmtYdaE1Bzno= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=gLfPF5qhtVQNiuX4FZ u8UmW+A7lvLKHZuWpTGCPZ1Oc=; b=qtIOuzeX0F/wv3K6w5SMYNcZRd569ull+C wJxTdyJekdp/BdDrwj1FUuYYoQNS1X06cloDfGF7qf3ngqP1TrPZN+hvkg4ogQ6c xV2AOKEXm68OU/JyFtpfMT2e8hbgtvZvsi2Vrdocd/enAbly8PMxLqqs7RZ2UJVY pJ1C7oa5TSrUAokEVSNfDXPtKPefWu0GEriDuByYhJsIcJqFXI9vG+aFILC0fUPS duHigE514z9wqW1FdRDQ7bufBlpUOXEaHvHiNQ3z/ePrEw8Bdr1GGaspcFHKFXTL LqkwKEt9cXwqXvyVAXPWqOcGWohXg9N9zVCx9rmZgnNpUojOcKeQ== X-ME-Sender: X-Sasl-enc: F1ssUfXElDLPVDmqJY335AiU8VoKTgHHvO8Bnn1KuRF3 1498089857 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id C04CD7E72B; Wed, 21 Jun 2017 20:04:17 -0400 (EDT) Date: Wed, 21 Jun 2017 20:03:36 -0400 From: Leo Famulari Message-ID: <20170622000336.GB4510@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="GID0FwUMdk1T2AWN" Content-Disposition: inline In-Reply-To: <20170621235227.GA4510@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --GID0FwUMdk1T2AWN Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 21, 2017 at 07:52:27PM -0400, Leo Famulari wrote: > On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote: > > Had to make a small change to the patch, it turns out it couldn't build > > the source for glibc@2.21, so I changed the source to inherit from > > glibc@2.22 and not just from glibc. It doesn't change anything for the > > actual glibc@2.25. > >=20 > > --=20 > > Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7= =9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 > > GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 > > Confidentiality cannot be guaranteed on emails sent or received unencry= pted >=20 > > From ef14fa6db5eaedabbaa092cbed2b6f8ee903837c Mon Sep 17 00:00:00 2001 > > From: Efraim Flashner > > Date: Mon, 19 Jun 2017 23:13:53 +0300 > > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. > >=20 > > * gnu/packages/base.scm (glibc/linux)[replacement]: New field. > > (glibc-2.25-fixed): New variable. > > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. > > [replacement]: New field. > > (glibc-locales)[replacement]: New field. > > * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New f= ield. > > * gnu/packages/patches/glibc-CVE-2017-1000366.patch, > > gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, > > gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. > > * gnu/local.mk (dist_patch_DATA): Add them. >=20 > Thanks, I'm building a bare-bones disk image to test this patch. Hm, I noticed the bootstrap binaries being downloaded, so I don't think this patch applies the graft without causing a full rebuild. --GID0FwUMdk1T2AWN Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllLCVgACgkQJkb6MLrK fwg7/BAAtG0IAViE6NOGmPCm8j1qX7B+a+ctqDC7GkuZYrQTAajc/VeXX9DT+K+j FY5lTeUKOJOmzutbuXC88BHyGURficKkE2urGfxGXmPIW4ZcKoiKVH3HSIuIHNuX dx5HEMImOypy6PKIP+iWmQlYOZAdjdLZUnqgbHwoqamSeW0sBUL8kR3YvMOTL8RL zLGClZPPVbKl1CkNTy6EKnfyavq8bnaXKIC0W67k4bJy5BQ+eQ/+8s7MKWOER7LH 6tzTVOWbXCn32q0gd6+Kh7fbpm0xNffwBY+Jjer/g3whVK08iJ81KOTdKlmU5Knm ikDD03of6J905Y0BEnHjhnFw8UX4PwWLscyCyLloBRwx89lvgabUh1O+aGjY25sb R+wF3SOo3SffLiJoDFebA3a/gZwtKBboTEryBgkJmbUlJwiwzhc9+cO6R1uYUmux mlE5yxwP7UuwAfNyU/lPE6PSwhod5CPEyxGz6YKLuXFvBZZY3saVtsNowWKVz8UZ 8ZeS+tDo3RPf0UsxUX0E2fNZtW2wf2HpWh6zjHZUKWWsMyUbiVKdfa3iUleTWbjl TYQhRR67kiPu9BaYJFyUL/ihn2rtKPVXaF0XfAC+IP6d/i/plvfAU0uJB2xJSw5v 4JLhuNVBALHEMbCSJbSYY2kdqFho5YdCyeyHIRvF3NI7rfvQ8kA= =sl+S -----END PGP SIGNATURE----- --GID0FwUMdk1T2AWN-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 22 Jun 2017 06:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149811387732237 (code B ref 27429); Thu, 22 Jun 2017 06:45:01 +0000 Received: (at 27429) by debbugs.gnu.org; 22 Jun 2017 06:44:37 +0000 Received: from localhost ([127.0.0.1]:60536 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNvr2-0008Nt-Ve for submit@debbugs.gnu.org; Thu, 22 Jun 2017 02:44:37 -0400 Received: from world.peace.net ([50.252.239.5]:45387) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dNvqy-0008Nb-HH for 27429@debbugs.gnu.org; Thu, 22 Jun 2017 02:44:35 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dNvhk-0008QQ-1M; Thu, 22 Jun 2017 02:35:00 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> Date: Thu, 22 Jun 2017 02:44:11 -0400 In-Reply-To: <20170622000336.GB4510@jasmine.lan> (Leo Famulari's message of "Wed, 21 Jun 2017 20:03:36 -0400") Message-ID: <87zid0iksk.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > On Wed, Jun 21, 2017 at 07:52:27PM -0400, Leo Famulari wrote: >> On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote: >> > Had to make a small change to the patch, it turns out it couldn't build >> > the source for glibc@2.21, so I changed the source to inherit from >> > glibc@2.22 and not just from glibc. It doesn't change anything for the >> > actual glibc@2.25. >> >=20 >> > --=20 >> > Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99= =D7=9D =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 >> > GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 >> > Confidentiality cannot be guaranteed on emails sent or received unencr= ypted >>=20 >> > From ef14fa6db5eaedabbaa092cbed2b6f8ee903837c Mon Sep 17 00:00:00 2001 >> > From: Efraim Flashner >> > Date: Mon, 19 Jun 2017 23:13:53 +0300 >> > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. >> >=20 >> > * gnu/packages/base.scm (glibc/linux)[replacement]: New field. >> > (glibc-2.25-fixed): New variable. >> > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. >> > [replacement]: New field. >> > (glibc-locales)[replacement]: New field. >> > * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New = field. The commit log should mention the two packages that were converted to use 'package/inherit'. >> > * gnu/packages/patches/glibc-CVE-2017-1000366.patch, >> > gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, >> > gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. >> > * gnu/local.mk (dist_patch_DATA): Add them. Also, this patch includes some other unrelated fixes, such as changing "gnu" to "%D%" in local.mk. It would be good to split those off into separate commits. >> Thanks, I'm building a bare-bones disk image to test this patch. > > Hm, I noticed the bootstrap binaries being downloaded, so I don't think > this patch applies the graft without causing a full rebuild. It's likely that this is because of the new behavior of Hydra, where NARs that haven't been fetched in the last 14 days are deleted, and then those substitutes will fail the next time they are requested. In this system fetching substitutes that are not often requested will often fail. One must try to fetch them, and then wait a while for Hydra to rebuild the NARs, and then try again later. FWIW, I don't like this approach, but it's what we have for now. Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 22 Jun 2017 16:18:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.1498148262584 (code B ref 27429); Thu, 22 Jun 2017 16:18:01 +0000 Received: (at 27429) by debbugs.gnu.org; 22 Jun 2017 16:17:42 +0000 Received: from localhost ([127.0.0.1]:33361 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO4nd-00009M-Rl for submit@debbugs.gnu.org; Thu, 22 Jun 2017 12:17:42 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:37323) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO4nc-00009F-NM for 27429@debbugs.gnu.org; Thu, 22 Jun 2017 12:17:41 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 8EFF2208AB; Thu, 22 Jun 2017 12:17:40 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 22 Jun 2017 12:17:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=hDBoHeouIDZ4OiAun2EjAT817f5TFqmg6j7EqK WW7zY=; b=AEgbG3G1vKsif603p9x6JiPDD6UYJ6HVdjtY/qED4l6L463j0xiwcH wnVilcq6M+t3ItxGAarUYJ9xk7OH+/JyBNbvHtmLJSKmG2brKXiAp1QKjDmd+huH SodSBKk3F5KDahA/N1Pn8ZWC76qfMMFZcPXe3fcDCVM12ltZqjXvY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=hDBoHeouIDZ4OiAun2 EjAT817f5TFqmg6j7EqKWW7zY=; b=CpPgD7FHEB17Gp1j+ovx2+vrh8bkksl1hn DAV5b8vYw5oIBZh/sKYXRq0NC9SqkTnybH+RvYEsXKtnGEGnSKHs85WIZ30O1o3Z XRPdFQiukuJQNB5uM+LuM0whcK8vDrra5cM7WTHiwYYxWycFw7zoOc42VCf2ETTH CkbaVs38dfZsqkjRfRkd/Bl61twg9gs5I+58vmniqB7KryXdRxo0MUJIDw77zC0g XYbXKzrC8utYSsr29hnCo5s3KqxgfPQnuaThz4j7dR9d1rkxrNnbUwPkpsrWXOIl 02RmCObDFw/LEDvAovDGdneYRNkGNNcg9u1CIEHysXv7A3LMOYvA== X-ME-Sender: X-Sasl-enc: 6vYyKIMTh1K4pYT7XP8sO1epTFixycXSMq28djPy4SFg 1498148260 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 4B8597E76A; Thu, 22 Jun 2017 12:17:40 -0400 (EDT) Date: Thu, 22 Jun 2017 12:17:37 -0400 From: Leo Famulari Message-ID: <20170622161737.GC15580@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="rQ2U398070+RC21q" Content-Disposition: inline In-Reply-To: <87zid0iksk.fsf@netris.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --rQ2U398070+RC21q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 22, 2017 at 02:44:11AM -0400, Mark H Weaver wrote: > Leo Famulari writes: > > Hm, I noticed the bootstrap binaries being downloaded, so I don't think > > this patch applies the graft without causing a full rebuild. >=20 > It's likely that this is because of the new behavior of Hydra, where > NARs that haven't been fetched in the last 14 days are deleted, and then > those substitutes will fail the next time they are requested. >=20 > In this system fetching substitutes that are not often requested will > often fail. One must try to fetch them, and then wait a while for Hydra > to rebuild the NARs, and then try again later. FWIW, I don't like this > approach, but it's what we have for now. Okay, I'm trying again. I'll let the build finish and report if the system seems okay in QEMU. --rQ2U398070+RC21q Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllL7aEACgkQJkb6MLrK fwh6BhAAq1wEshYr8EfkZMPsJ7cjBpEGHhiBLrnLa+PqaHvT8MbIb+XERPnN+G0N Bd6UocDzg82cxp8jgYBYN4pa51NsWlVRVvlcpQABn4LtYrIbikGth9ah4ITy3mzI R3XhxvfVmFous2iTcQDX7v3EB8u4nv3v+rWvQX28WsbukiUyg0zTzdaNrBS7Gs7+ rUbVRkE1TMLlwbRdtDy6IrJU6RNcDhuVtMFodf5a/C654xhZIbAqghYAWKmj0icM 4IfjjBv0sK5m7Y1k3m8vl2N+dtzWBi+sMnaPs8wSQOA4YRHm2ZRPEH6/Af98iEZ7 B+X/a4kW91xbZfGwVpoBCwPfKJY9RfynL+WWdO8uALXI2Fzuy1mtQYpyxqxC9ymM 6KlTKorNK9izxCEHdClfVFM+optyhzjr9pT0h5rZLJNu970xh1OhXeGBH1Xhsv0X 1dlavPJ/7XSys6/qHcNPOaH8aX/Flg4ToB9/9OAIat87zW7Ighb5el763olIa1+r A9OxyQjYvA+Shzqnm2gxOwL1sD0ywFMnzxbadi51U5d3GQJeCnw7jEimOw5R31U9 7vV8Z9DeSDnhQ5yE3vPu/XRW9P63dAJPTtGa2PGTR3fyKlH8xJCMK21vynEuXAF6 E9rtbh4YDDtfL4Nmfu8oyYxrHyoz9WTR/V/oXxobW8Edwk/E8Bs= =SuSL -----END PGP SIGNATURE----- --rQ2U398070+RC21q-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 22 Jun 2017 18:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149815646712291 (code B ref 27429); Thu, 22 Jun 2017 18:35:01 +0000 Received: (at 27429) by debbugs.gnu.org; 22 Jun 2017 18:34:27 +0000 Received: from localhost ([127.0.0.1]:33410 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO6vz-0003CA-Be for submit@debbugs.gnu.org; Thu, 22 Jun 2017 14:34:27 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:53635) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO6vw-0003C2-VN for 27429@debbugs.gnu.org; Thu, 22 Jun 2017 14:34:25 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B014620C87; Thu, 22 Jun 2017 14:34:24 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 22 Jun 2017 14:34:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Nca4fo90bTjg9BCzDaSPVXwXzHt0JSCMQHuaxY rLs1s=; b=BvmHxncpTXl1Pl7k/gWtnSCK61LxjHrzQ6Q1+qVUff+nGJITQjO/Qy 9+SNcCUc2GnvkrDpvpGK5WWo9+H/QrZTvthcQw0rPlsN2HY3FJ6vbg5z7nhSn54r i+l3nBS50WOWvKzowelAif4WiDZcNAFxvzNpfGNZgQW1zuq2jQPco= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Nca4fo90bTjg9BCzDa SPVXwXzHt0JSCMQHuaxYrLs1s=; b=JvwQp3yPaIMD7NjB5M6BuBCuH3dwGGxXyO Bz89SnnmAC8le61vZ9XAnbUY2wbSWu+Zh1BUrx/RPD0h+Qjhu1BVrS1/uSKx0nJw +tJfoJMDnrZ4EiVgmK22cK46rrww9b1fq8DyizC6mVulrWNh0EAic9TCe8nSeTZZ lJeCFApNj7A+Be1aKSTsQ/T6v1rm9+fakl7ZbNaqVDQRFNdNjQ4wKirhbFf9LZ3F DNk6bSarh28EThL/APqQhtdmenDjexyShbAGY7SN0QepGG9HBjJ6bWjuWa7b627I R0QK4sGkpGHQkPAdcfzEq3UgvjzIRqX6x4UEGNkoBo34km/9NOZg== X-ME-Sender: X-Sasl-enc: /q7a4g2oeKKNFBbkbuoUjxz6QsbTCZa/GVqjAuCwmD9d 1498156464 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 62B5F24776; Thu, 22 Jun 2017 14:34:24 -0400 (EDT) Date: Thu, 22 Jun 2017 14:34:21 -0400 From: Leo Famulari Message-ID: <20170622183421.GA14383@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <20170622161737.GC15580@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: <20170622161737.GC15580@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 22, 2017 at 12:17:37PM -0400, Leo Famulari wrote: > On Thu, Jun 22, 2017 at 02:44:11AM -0400, Mark H Weaver wrote: > > Leo Famulari writes: > > > Hm, I noticed the bootstrap binaries being downloaded, so I don't thi= nk > > > this patch applies the graft without causing a full rebuild. > >=20 > > It's likely that this is because of the new behavior of Hydra, where > > NARs that haven't been fetched in the last 14 days are deleted, and then > > those substitutes will fail the next time they are requested. > >=20 > > In this system fetching substitutes that are not often requested will > > often fail. One must try to fetch them, and then wait a while for Hydra > > to rebuild the NARs, and then try again later. FWIW, I don't like this > > approach, but it's what we have for now. >=20 > Okay, I'm trying again. I'll let the build finish and report if the > system seems okay in QEMU. It's building stuff, but it downloaded several parts of the bootstrap (gettext-boot0, perl-boot0, etc) and is now building the base packages of the distribution (perl, etc). So, I'm skeptical that it's grafting in the way we need it to. For example, I already have the latest Perl binary from `guix build perl`, but it's rebuilding Perl now. --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllMDawACgkQJkb6MLrK fwhuGRAAoSWBZv4DLqgmi2izkDK8CLsDiCUYJKyY8yVAr6GyWdgG67w5w18KsfZd 86RhBBJl8/HFc7u2plCONu3zysdA5mNGOc7MN+PMdQwgrYl9WEi/pXfKGWsmhPbD vve7Z26drvPfkxegrDH6hdq4wqP4SnWY67tHa8h3CexnG3ZGmLvVIFnCZSt0tdzH 97MDipG3KBXhqZ7zyyXrvmqKYmpmeI2h2PB7QI4kH14vx+r/VMQXyZ/F/Gn/d8pk W3HO9+TSHCOe3wFD//IDMxTjP70qGYwwtrMJZNf3NKao6424S4J3Qyv7/Oar9mvV ZZBME8OtQscDgBQTikaXXhIOQa9xWk7zudFzvhk6UeNRuReS5y+IrScLoW00ssb0 U29L6Jx/3NMgyZfPpGEyJof9McYFAIZo+2DkTJz/EtGUcBcKHVmrAlqgbeLWpYgE Hf1dX+X3Pe2nzBSvmtmruDIYmtezxdhqXHmG5+2BqQn9XIFogJ889OJ28gsdh3o6 /2P31UUYRQNPNx4JXi+q4D/9bSwodcm22RwHSo4OgyTXUTo9N+cWnvhsW/F+KYhK ZjU/or4nIY/4vC7vCzXh7qyZHDwYUOV32F7kkDmDNq4kdFywHfPpXel1QNBZRcXV ksBOe4kgVgWt+YCOtQhv7ZKhGWoAOnoTrZ9AgQhBMv/Lr1gVZ0c= =QXqo -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 22 Jun 2017 19:26:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149815951016840 (code B ref 27429); Thu, 22 Jun 2017 19:26:01 +0000 Received: (at 27429) by debbugs.gnu.org; 22 Jun 2017 19:25:10 +0000 Received: from localhost ([127.0.0.1]:33480 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO7j4-0004NY-Dv for submit@debbugs.gnu.org; Thu, 22 Jun 2017 15:25:10 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:43425) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO7j2-0004NQ-8k for 27429@debbugs.gnu.org; Thu, 22 Jun 2017 15:25:09 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id AE5BB20C67; Thu, 22 Jun 2017 15:25:07 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 22 Jun 2017 15:25:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=koSQ5BCC8f0SOP8tkRXG8SWpAYsvkjSdHDE15q ZZUfA=; b=R0alpay8fgjjZIAcksHkOX/6KS3I+cdAbL6w6LzNcRKpSEFU2yvaxV qepO6k/4snAYkPTHvhi8GkXFwCwKZS9S9A4EpHof/eh9vwx9XqpJ74PL3BMr1t5V bBerFatgqZE2V+ZUognXZh1CmhJWoGN5tRDxw76foCEaVYLXhsJ+g= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=koSQ5BCC8f0SOP8tkR XG8SWpAYsvkjSdHDE15qZZUfA=; b=nyOR1QIJ6TQb0Rh5vfnLlWZOwCV2T5GVPp Q65u37n2I7Olef6U8BUM952qJnMmqJmfYdokeYBE5GTyzyjSMMMkGIKAJ3juhMaB MLtgzUhEnlkYyFRo9YbwZAQemRhkO3fiE93I7jctk8iQJkO+0Y6bveFIqWgoQsRI RxrRTdcuq9nuS2/BuXjCM7EyN5A27aoaanVMEgP61alXMWeiIt1iWv1Sw+HQ2EQU duTkhBsz4EY8xTTNcOQ4X/QyQ+Hb9/4NjUVsKBhI2hIKi0qI/VuTB+Y31o/Go9Yt UiHPTiifly4d5UdmIvmZ2xt21KtK+eqiGX94Osphm4RB/2tYI1YQ== X-ME-Sender: X-Sasl-enc: RGZzQk3xSta1MPrI3gg7c1vxXfZrIN67bwC+oXTdPTwG 1498159507 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 691F67E77A; Thu, 22 Jun 2017 15:25:07 -0400 (EDT) Date: Thu, 22 Jun 2017 15:25:04 -0400 From: Leo Famulari Message-ID: <20170622192504.GA7158@jasmine.lan> References: <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <20170622161737.GC15580@jasmine.lan> <20170622183421.GA14383@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="n8g4imXOkfNTN/H1" Content-Disposition: inline In-Reply-To: <20170622183421.GA14383@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --n8g4imXOkfNTN/H1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 22, 2017 at 02:34:21PM -0400, Leo Famulari wrote: > It's building stuff, but it downloaded several parts of the bootstrap > (gettext-boot0, perl-boot0, etc) and is now building the base packages > of the distribution (perl, etc). >=20 > So, I'm skeptical that it's grafting in the way we need it to. For > example, I already have the latest Perl binary from `guix build perl`, > but it's rebuilding Perl now. I might have spoken too soon. Although Perl was rebuilt, most other packages were not. So this patch might do the right thing. More review welcome :) --n8g4imXOkfNTN/H1 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllMGYwACgkQJkb6MLrK fwhZhBAAvm4aIEhr8iVLSUvOKvS+OO5iHWXf54JAKez5evdp6kGdVxpeV0003171 lvqhAXZJ2QxGoHmNt99QMrL5pZlEgPjBb19HX71EHn3F/ZL69NMSmeE/NBWN/bn7 pipvSEaLdpcVb4rorYFiZS9BWLY0a4EoYOZAxxdgLyO3n2TLWID8llfCld6AycDE HGbzGEzq2T1EjGKFnkpOxcushrZfo0U41x1wQteNr6/lrmqX2EqNbUyebD7HMArH pXeI1LVBV5Mg2wrW/keMe4jwiPMwVvEKlg+fhwbFb3zvc2Le8z51N3E1C+JWyTau BKKwPViHoYDgEiiUpDh0vjrUdeOSk7hF4NtxzA5aVNW6ybREDYZe/74bV5YqddKu INggzdvz3rzR2VqFMDxe0TGsYxos/j2oCIqZrs0ar68on3Mmen5fa98+frugxjV4 MOfnCitT1WhbBStW6wUY8CRInYMUtjywGrZT/wfBHKNMPb5YdlUvy1AzBFQimyj4 j8ydQVIpZ2JbA1ghsxb3WE0oX++pYCMPqXmDZpifM2WXxQaIcF6rpbYQgWb3ZksV 4Jy6XtR4EL71KmX509ku0Q0iDjCAqi02vq9+6y7QIFGPljziH3UJJ0PaHua4R2mk +EQZkWGS4et9YPrhmwTHB2jOJ3ulzkNgq5Z/H43gP3ha0wp3B8c= =cfkZ -----END PGP SIGNATURE----- --n8g4imXOkfNTN/H1-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 22 17:05:50 2017 Received: (at control) by debbugs.gnu.org; 22 Jun 2017 21:05:50 +0000 Received: from localhost ([127.0.0.1]:33569 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO9IU-0006kK-Dq for submit@debbugs.gnu.org; Thu, 22 Jun 2017 17:05:50 -0400 Received: from eggs.gnu.org ([208.118.235.92]:60188) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dO9IS-0006k7-UU for control@debbugs.gnu.org; Thu, 22 Jun 2017 17:05:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dO9IM-0002mq-VZ for control@debbugs.gnu.org; Thu, 22 Jun 2017 17:05:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:51215) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dO9IM-0002mg-NU for control@debbugs.gnu.org; Thu, 22 Jun 2017 17:05:42 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:37920 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dO9IL-0008W4-PY for control@debbugs.gnu.org; Thu, 22 Jun 2017 17:05:42 -0400 Date: Thu, 22 Jun 2017 23:05:40 +0200 Message-Id: <87bmpfpwbf.fsf@gnu.org> To: control@debbugs.gnu.org From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: control message for bug #27429 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) severity 27429 serious From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 23 Jun 2017 17:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Efraim Flashner Cc: Mark H Weaver , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149823847125072 (code B ref 27429); Fri, 23 Jun 2017 17:22:01 +0000 Received: (at 27429) by debbugs.gnu.org; 23 Jun 2017 17:21:11 +0000 Received: from localhost ([127.0.0.1]:34707 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOSGd-0006WJ-72 for submit@debbugs.gnu.org; Fri, 23 Jun 2017 13:21:11 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:55551) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOSGY-0006W8-B7 for 27429@debbugs.gnu.org; Fri, 23 Jun 2017 13:21:10 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5BD23206F2; Fri, 23 Jun 2017 13:21:04 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 23 Jun 2017 13:21:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=Ab/BKdlfS6+PjpyfPWrw7jU/HGzy4gpZ61pV2G /4z+c=; b=l4UKQVRQecSwuNwdrClyldXuF02TZv6PfQ6wJopV4k1QyYF2DKSNgk 9UOgazMts6jzntryoPaEjEa6evqm+Exon6jtbmjb0dZxmk+J5yYQ4tpHFuk805bf cJT9wilUt8Bz0jr1tYBNUtPrbLQiVjzNgZy10IeL+Ti5/OINiC7kc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=Ab/BKdlfS6+PjpyfPW rw7jU/HGzy4gpZ61pV2G/4z+c=; b=HiSw+QbmTzxTLuqnPmYnAo7vj9soYgzv4C H7Yd4DZt5YvzKrYdWusnyjDR4bjx0PB6AaclvDGu6IrSRJTDx0L7V+IL2aVIuTB2 EKlAPBjX4nljmtWNTS19Qkj+IFUY/xCJFz2QK8QNm6xIU36txYPVIzk1pEui77Jw kdr5LLetwHl/jCDVxwWhleFNjvqzNNiznGSMyM3bUCL95C4EhaPxI+a3e1KjzDBP MZjaB1nPl0MyMo88qXs3HFMiJ3YbQgkXTDihUcdw6xsD71iTZ6ufQh4G0MxSgMWW ZU2TqlC5GHgnBR4A9ZOgtjx3EPNXuHzWBA7LUX5yE5XNkGHT11YQ== X-ME-Sender: X-Sasl-enc: 2nTIpFsjgrZ1lIYlXAaKuUIufD7+Qu7picYgH+XP40SW 1498238464 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 1257B7E51B; Fri, 23 Jun 2017 13:21:04 -0400 (EDT) Date: Fri, 23 Jun 2017 13:20:38 -0400 From: Leo Famulari Message-ID: <20170623172038.GA6052@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="bg08WKrSYDhXBjb5" Content-Disposition: inline In-Reply-To: <20170621095045.GB2870@macbook42.flashner.co.il> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --bg08WKrSYDhXBjb5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote: > Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. >=20 > * gnu/packages/base.scm (glibc/linux)[replacement]: New field. > (glibc-2.25-fixed): New variable. > (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. > [replacement]: New field. > (glibc-locales)[replacement]: New field. > * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New fie= ld. > * gnu/packages/patches/glibc-CVE-2017-1000366.patch, > gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, > gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. > * gnu/local.mk (dist_patch_DATA): Add them. I've applied this patch to my Guix-on-foreign-distro workstation. Everything seems to be working so far. I noticed that grafted packages do not seem refer directly to the replacement glibc. For example: $ ./pre-inst-env guix build -e '(@@ (gnu packages base) glibc-2.25-patched)' /gnu/store/kczijfli8cb0qjyrfzbrd06bdrpic7lx-glibc-2.25-debug /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25 $ guix gc --references /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.= 25 /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25 /gnu/store/946hwcxnd9w13gyqprs0fzkmyyz4hdar-bash-static-4.4.12 /gnu/store/n4fmp3fj1yam5ijwa64irg7glvzsq4i1-bash-4.4.12 /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 $ guix gc --references $(./pre-inst-env guix build libressl) /gnu/store/7ahy5yw88wq1fg1lmr84vy958sgzgp5g-libressl-2.5.4 /gnu/store/p8k2id55pynzjmaixlns94phvr7mz5ls-gcc-5.4.0-lib /gnu/store/zfcrz72znwk4arq03vbbczxgw5i7lsp9-glibc-2.25 However, I haven't had time to dig in and wrap my head around the glibc packages. By the way, Qualys will probably begin publishing their exploits on Tuesday [0]: "We have discussed this internally, and we will first publish the Stack Clash exploits and proofs-of-concepts that we sent to the distros@ and linux-distros@ lists, plus our Linux ld.so exploit for amd64, and our Solaris rsh exploit. We will do so next Tuesday, but we will publish our Linux exploits and proofs-of-concept if and only if Fedora updates are ready by then, our NetBSD proof-of-concept if and only if NetBSD patches are ready by then, and our FreeBSD proofs-of-concept if and only if FreeBSD patches are ready by then." [0] --bg08WKrSYDhXBjb5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllNTeIACgkQJkb6MLrK fwj4/Q//bWYiMytTQUUXF73P0imZj0Y8SuywsCa5xi5y3NlHfA47KxiVrEZsAxEx owzubMbMVIOsdiufEywqDJzd1dXM2ILHHUYAn7sCFmqFYB5MXJGrR+T62yrjviEt YvbJked0J03tQfEcqt6V/j9yEiBAFkh+PNuEnpoF91emgUW/TGPX1vYdGYpX1IM/ e9OxrW50SQ7wVsUkl0Cm944SqLHze3Eiw5nH33/8DpMp2jGKaT3ojSEeFLqtvT9w dtq1i2r9eNYPg885U4a5OHjgCaXAhlkM5OHQ6W/jFLqK3v3FDW3i3rFq9v1noIuf +Bxt1Uo/CoshGLwInvrlFtNJwGf9WCmNmSUCMOhlHpLU5gSjCuvHnLNywxc/FtVw jmSC1gv+dP8zqdxEB0moCW/xgL0aByzwc724qaSKPvWFgbA3MJ+W0JnbBQ9/MSgn e4JzUqt0o1HcLyvrO8ZLyFN4I92LdpFS25+B6JjrmmbUyDU7PEn38YLhTb9DjZi9 vdsWr7Pqq7OtJ5cH73J7wRBk0VBIvnBThYtCloateT3KVsDwJpvqSDN1wdKNl459 6bJNYMAlX437t+RUIzaFEfr5d1yDkyyNvBp67zwKehv4ZLo9AHfb6HOk7uZIUYj4 E3izpUxvCueiJAGlgOFKnxemqbu1OGrpl0N2FBGXrQcVbGgo9wo= =+kXw -----END PGP SIGNATURE----- --bg08WKrSYDhXBjb5-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 23 Jun 2017 18:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149824301432715 (code B ref 27429); Fri, 23 Jun 2017 18:37:02 +0000 Received: (at 27429) by debbugs.gnu.org; 23 Jun 2017 18:36:54 +0000 Received: from localhost ([127.0.0.1]:34744 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOTRt-0008Vb-Pi for submit@debbugs.gnu.org; Fri, 23 Jun 2017 14:36:53 -0400 Received: from world.peace.net ([50.252.239.5]:49115) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOTRp-0008VL-7Q for 27429@debbugs.gnu.org; Fri, 23 Jun 2017 14:36:52 -0400 Received: from [10.1.10.104] (helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dOTJd-0003Su-KG; Fri, 23 Jun 2017 14:28:21 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> Date: Fri, 23 Jun 2017 14:36:41 -0400 In-Reply-To: <20170623172038.GA6052@jasmine.lan> (Leo Famulari's message of "Fri, 23 Jun 2017 13:20:38 -0400") Message-ID: <87mv8yh7pi.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > On Wed, Jun 21, 2017 at 12:50:45PM +0300, Efraim Flashner wrote: >> Subject: [PATCH] gnu: glibc: Patch CVE-2017-1000366. >> >> * gnu/packages/base.scm (glibc/linux)[replacement]: New field. >> (glibc-2.25-fixed): New variable. >> (glibc@2.24, glibc@2.23, glibc@2.22, glibc@2.21)[source]: Add patches. >> [replacement]: New field. >> (glibc-locales)[replacement]: New field. >> * gnu/packages/commencement.scm (cross-gcc-wrapper)[replacement]: New field. >> * gnu/packages/patches/glibc-CVE-2017-1000366.patch, >> gnu/packages/patches/glibc-reject-long-LD-AUDIT.patch, >> gnu/packages/patches/glibc-reject-long-LD-PRELOAD.patch: New files. >> * gnu/local.mk (dist_patch_DATA): Add them. > > I've applied this patch to my Guix-on-foreign-distro workstation. > Everything seems to be working so far. > > I noticed that grafted packages do not seem refer directly to the > replacement glibc. For example: > > $ ./pre-inst-env guix build -e '(@@ (gnu packages base) glibc-2.25-patched)' > /gnu/store/kczijfli8cb0qjyrfzbrd06bdrpic7lx-glibc-2.25-debug > /gnu/store/7gqx6nd64hn9wdqmppp8h42ncfx246c0-glibc-2.25 I wouldn't expect them to. Almost(?) nothing in Guix links to the 'glibc' in (gnu packages base), so I wouldn't expect them to link to its replacement either. Most packages are linked with 'glibc-final' in (gnu packages commencement), and we should expect them to now be linked with *its* replacement. Try this to find the expected glibc-final replacement: ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement) (@@ (gnu packages commencement) glibc-final))' > By the way, Qualys will probably begin publishing their exploits on > Tuesday [0]: Thanks for the heads-up, and more generally to your prolific contributions to security in Guix! Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 23 Jun 2017 18:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14982440941921 (code B ref 27429); Fri, 23 Jun 2017 18:55:01 +0000 Received: (at 27429) by debbugs.gnu.org; 23 Jun 2017 18:54:54 +0000 Received: from localhost ([127.0.0.1]:34752 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOTjK-0000Uv-C6 for submit@debbugs.gnu.org; Fri, 23 Jun 2017 14:54:54 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:56403) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOTjI-0000Ul-EV for 27429@debbugs.gnu.org; Fri, 23 Jun 2017 14:54:53 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id A533F2076B; Fri, 23 Jun 2017 14:54:51 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Fri, 23 Jun 2017 14:54:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=WQ3yP9OntGzCxOZGDauN57L63qUpXIdrKxus/b rKDkk=; b=yMhZvMnjlosaxcBcztYVVbHbhlF8Xj0yTXWA7cyn76QwIMAJvSam/r GWz4ZQ8H6397362NyNcc8O5OYmtV/YvymoPfjVXwOdagUNQkOr5WFZJ0sP1CKv8B mQd0iyRBg5gIpZ7U5BfWX4N0++2aLwMxMRsG4Arg3ZqCA3+4n+JQk= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=WQ3yP9OntGzCxOZGDa uN57L63qUpXIdrKxus/brKDkk=; b=PwNi8x41owvd7MKGATCUSKAIpVBDMO1/Xz J5iTZSlbTQFnzj4gZyKcDkxkImZpzoqkcGlf83HYbbOHL0lYEBnpTVR7ZeFNFBhZ 8UTlfbk62UiO/i3llPKOG5TVNezR+mfZ59IuG7kZyb+FvDyP6a8PaN0OWVmmlHfR /uIB+xRPhQqm5BaHmGxcS259gZ0GQBbUoHH1Ihw692Jvmh05EB+YiVjwJYlTc9k7 P/g2ibgGaCxeAn+KHQn5KSxu/4ybIsE79gCAyIa65qfosC1//3iLBcj+OhTml0Bt W65+576gU3VHiVgqXECuJpXknbvYS4EnXUsKo+XbanrRASA1sopw== X-ME-Sender: X-Sasl-enc: 0f6lfuB5QAvBrog/IlfWUaGlre791lh//KEshDDWWITg 1498244091 Received: from localhost (unknown [128.64.129.7]) by mail.messagingengine.com (Postfix) with ESMTPA id 5E1C27E622; Fri, 23 Jun 2017 14:54:51 -0400 (EDT) Date: Fri, 23 Jun 2017 14:54:48 -0400 From: Leo Famulari Message-ID: <20170623185448.GA14284@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="OgqxwSJOaUobr8KG" Content-Disposition: inline In-Reply-To: <87mv8yh7pi.fsf@netris.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --OgqxwSJOaUobr8KG Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote: > Most packages are linked with 'glibc-final' in (gnu packages > commencement), and we should expect them to now be linked with *its* > replacement. Try this to find the expected glibc-final replacement: >=20 > ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement)= (@@ (gnu packages commencement) glibc-final))' Thank you for the clarification. Indeed, with Efraim's latest patch, packages seem to be referring to the replacement for glibc-final. So, do we think this patch is ready to apply? AFAIK, nobody has yet tried upgrading a GuixSD system with this patch. I won't have access to my bare-metal GuixSD system for the next few days. > > By the way, Qualys will probably begin publishing their exploits on > > Tuesday [0]: >=20 > Thanks for the heads-up, and more generally to your prolific > contributions to security in Guix! Thank you for your advice and guidance, and to Efraim for taking the lead on fixing this bug! --OgqxwSJOaUobr8KG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllNY/UACgkQJkb6MLrK fwjeBRAAgr2wvk4iDusBQ9WA95RLb7CuZGE1pqw/dtaciWOKsadtvaX2RtSWNljD FrIv7ElHV2C9aRbEBjOcVKTIRw//i6Wj9id4AX3h1qPLu2jFn5cl3eYxuWTrV7no /tqg1nehTG9lJx6QuNIf8+mWdiBSB1vTzSjEMDrDOwo89HgRaxeuijopBPlAJdZa FbDv0L3EX1SX27iW/yihjm3J4icbi6C3WMoex9ZXGW2Al1XAMpspZCFkAWTnb/ol e72Io592sXTsscSCdLfLTTNvXmUZmXJ/W/ewSauhrtMcHcLpc5DWlAcgSnvqaJVz lNJSmiRKxB1NH81NtVYLzCCLwCIuUmh7tzzhPoyhibF5I8d2nAVLx2Yq/i1H8SbW rOZQPqt+LChMv5AYQV8EylXCvPzh/1R6NlpZRgvwa94JZFoAFdMdhv7BVpOgpA1c zWx724Pb0PpI36xysn7PSkCDFnl3kJSUCPwcfWAgo4GOuosj0cYFRznGBTRFWZyq DFP8FYj3pyXmPEiv9XnOSTzYGjKUFUBix/vrMBBuU3MforI4N3Y4W2uTwKBsDc6F xCr1hDmuCRXANJMal2UETEYrsL99vEbriNJzPo47msbgZesYO9mW9rATOThVAv3I nwNbDFMK0RJnmsplpNJJWGF10HauVOJRV7YUn872mRT04gvqmPo= =GdEK -----END PGP SIGNATURE----- --OgqxwSJOaUobr8KG-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 23 Jun 2017 20:04:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14982482128012 (code B ref 27429); Fri, 23 Jun 2017 20:04:01 +0000 Received: (at 27429) by debbugs.gnu.org; 23 Jun 2017 20:03:32 +0000 Received: from localhost ([127.0.0.1]:34776 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOUnk-00025A-HU for submit@debbugs.gnu.org; Fri, 23 Jun 2017 16:03:32 -0400 Received: from world.peace.net ([50.252.239.5]:49433) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOUni-00024x-Ts for 27429@debbugs.gnu.org; Fri, 23 Jun 2017 16:03:31 -0400 Received: from [10.1.10.104] (helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dOUfa-0003y4-R7; Fri, 23 Jun 2017 15:55:06 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> Date: Fri, 23 Jun 2017 16:03:24 -0400 In-Reply-To: <20170623185448.GA14284@jasmine.lan> (Leo Famulari's message of "Fri, 23 Jun 2017 14:54:48 -0400") Message-ID: <87bmpeh3oz.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Leo Famulari writes: > On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote: >> Most packages are linked with 'glibc-final' in (gnu packages >> commencement), and we should expect them to now be linked with *its* >> replacement. Try this to find the expected glibc-final replacement: >> >> ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement) (@@ (gnu packages commencement) glibc-final))' > > Thank you for the clarification. Indeed, with Efraim's latest patch, > packages seem to be referring to the replacement for glibc-final. That's good news! > So, do we think this patch is ready to apply? AFAIK, nobody has yet > tried upgrading a GuixSD system with this patch. I won't have access to > my bare-metal GuixSD system for the next few days. I think someone should try reconfiguring their GuixSD system and booting into it before we apply it to master. I might be able to do it tonight, or else I can do it tomorrow. Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 24 Jun 2017 07:12:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= , 27429@debbugs.gnu.org, Efraim Flashner Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149828830410826 (code B ref 27429); Sat, 24 Jun 2017 07:12:01 +0000 Received: (at 27429) by debbugs.gnu.org; 24 Jun 2017 07:11:44 +0000 Received: from localhost ([127.0.0.1]:35112 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOfEO-0002oX-CY for submit@debbugs.gnu.org; Sat, 24 Jun 2017 03:11:44 -0400 Received: from world.peace.net ([50.252.239.5]:50195) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dOfEN-0002oM-Ip for 27429@debbugs.gnu.org; Sat, 24 Jun 2017 03:11:43 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dOf6Z-0006v7-9q; Sat, 24 Jun 2017 03:03:39 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> <87bmpeh3oz.fsf@netris.org> Date: Sat, 24 Jun 2017 03:11:25 -0400 In-Reply-To: <87bmpeh3oz.fsf@netris.org> (Mark H. Weaver's message of "Fri, 23 Jun 2017 16:03:24 -0400") Message-ID: <87y3shkggy.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Mark H Weaver writes: > Leo Famulari writes: > >> On Fri, Jun 23, 2017 at 02:36:41PM -0400, Mark H Weaver wrote: >>> Most packages are linked with 'glibc-final' in (gnu packages >>> commencement), and we should expect them to now be linked with *its* >>> replacement. Try this to find the expected glibc-final replacement: >>> >>> ./pre-inst-env guix build -e '((@@ (guix packages) package-replacement) (@@ (gnu packages commencement) glibc-final))' >> >> Thank you for the clarification. Indeed, with Efraim's latest patch, >> packages seem to be referring to the replacement for glibc-final. > > That's good news! > >> So, do we think this patch is ready to apply? AFAIK, nobody has yet >> tried upgrading a GuixSD system with this patch. I won't have access to >> my bare-metal GuixSD system for the next few days. > > I think someone should try reconfiguring their GuixSD system and booting > into it before we apply it to master. I might be able to do it tonight, > or else I can do it tomorrow. I made some minor cleanups to the patch, split it up into multiple patches, and upgraded my GuixSD system to use it. My system seems to work fine. I don't have time right now to verify that the grafting is being done correctly, but I went ahead and pushed the commits to 'master' anyway, based on Leo's preliminary observations. I'm dubious about the changes made to glibc-2.21, but that can be fixed up later. I tried to copy the .drv files for the grafted 'glibc-final' and 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to ask Hydra to build it, but both "guix copy" and "guix archive --export" failed: --8<---------------cut here---------------start------------->8--- mhw@jojen ~$ guix copy --to=hydra@hydra /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv sending 11 store items to 'localhost'... guix copy: error: corrupt input while restoring archive from # mhw@jojen ~$ guix archive --export /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv > GRAFTED-GLIBC-DRVS.nar guix archive: error: corrupt input while restoring archive from # --8<---------------cut here---------------end--------------->8--- I'm concerned that i686 and armhf users are going to have a rude awakening when they not only have to build two variants of glibc, but also a bunch of the early bootstrap because the NARs are not available on Hydra. It would be good if someone could take care of that. I'm sorry, but I need to sleep now. Hopefully someone else can take it from here. Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check Resent-From: Danny Milosavljevic Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 25 Jun 2017 09:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149838351626211 (code B ref 27429); Sun, 25 Jun 2017 09:39:02 +0000 Received: (at 27429) by debbugs.gnu.org; 25 Jun 2017 09:38:36 +0000 Received: from localhost ([127.0.0.1]:36311 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP404-0006oh-Kc for submit@debbugs.gnu.org; Sun, 25 Jun 2017 05:38:36 -0400 Received: from dd1012.kasserver.com ([85.13.128.8]:51682) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP403-0006oZ-FG for 27429@debbugs.gnu.org; Sun, 25 Jun 2017 05:38:35 -0400 Received: from localhost (178.113.184.233.wireless.dyn.drei.com [178.113.184.233]) by dd1012.kasserver.com (Postfix) with ESMTPSA id 4E1511CA068C for <27429@debbugs.gnu.org>; Sun, 25 Jun 2017 11:38:33 +0200 (CEST) Date: Sun, 25 Jun 2017 11:38:28 +0200 From: Danny Milosavljevic Message-ID: <20170625113828.024a425f@scratchpost.org> In-Reply-To: <20170619222550.GA29289@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-unknown-linux-gnu) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) Hi, what do you all think of rebuilding the world with "-fstack-check" (either now or later on) ? That would make gcc emit code to always grow the stack in a way that it certainly touches each 4 KiB (parametrizable by STACK_CHECK_PROBE_INTERVAL_EXP) page on the way. I think that would be the right and permanent fix - unlike the whack-a-mole approach where we patch programs not to do what they are supposed to do, if their stack allocation happens to grow. See also and . Note that the kernel itself has to put argv and envp into the user process' stack and this can already make the very first stack allocation that a process does in its main() need to grow the stack, and reach across the guard page. So the right fix is to just make the stack allocations never reach across the guard page without using it. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check Resent-From: Marius Bakke Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 25 Jun 2017 10:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Danny Milosavljevic , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149838727231925 (code B ref 27429); Sun, 25 Jun 2017 10:42:02 +0000 Received: (at 27429) by debbugs.gnu.org; 25 Jun 2017 10:41:12 +0000 Received: from localhost ([127.0.0.1]:36329 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP4ye-0008Ir-8k for submit@debbugs.gnu.org; Sun, 25 Jun 2017 06:41:12 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:35611) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP4yb-0008Ii-Uj for 27429@debbugs.gnu.org; Sun, 25 Jun 2017 06:41:11 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id C5A85202DA; Sun, 25 Jun 2017 06:41:08 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute5.internal (MEProxy); Sun, 25 Jun 2017 06:41:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=n02JEbFDPcPOpa6KbxAod1l/g5J7z/GhwGaXAAUiS 7s=; b=wp8MBT6PUxknC1teapjrwGDMk1vGNEHagUOZYWdDFHFuxUmzwwpNF8Yb8 5wM/egma4rSWvA3w4UEZw51Z6OunhPMjNuh/7m21rTY3q56/WNcQ2OetGesN7IRM PE3MM208LE45ejgiLLywPVIZHbDNeY3D8AqQkx2jEs8GMzNmDVZI+vVFDxAYKa0i IWx+UNsNgfpDxnVc7kBCjPlJ/pnPjIdj1hpaFu+Cv8j/uAux1UWap91Wqa55IcjW ESQFREnMcISW1+ZVhP83AVyPQUJY23SqFsKph5i9knu8LUgrsGUdHmjKTN5WCwwE qiaaogCRA73czNy2XlZK2mJlHIwlw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=n02JEbFDPcPOpa6Kbx Aod1l/g5J7z/GhwGaXAAUiS7s=; b=lihYiFLD1z22M5DlB3J2kmEM3vW6b7XUSf yj/RwFQx6BLij79tLNmX3y1sBiqQCsLJ3kpoe16mHk6ptEVF7444IaaOcu7zClu0 FR/YX5xPiDrPuDj8iyaM06wl7Se0f3P4YbtKMNETQVbKnxEf2q9Sw9lTwG9A4V7O GkVZVdej0gzjzI4htWe7okHjFKIahRq2JtoAOdv8NME/W1Z5rVXmU63Mfw1+Ajcy Ybz3e/UXMFifWeDFaOrlURY37PRS6p/j8rYBDUobVuvUNHdw+s1/c4oQBzPvslED nkcRWpZSYfdqZqVJ1Ru0A5zsaNy+Po3N9SGAsWh864rcewkv8+bQ== X-ME-Sender: X-Sasl-enc: DewnDT4bF+t1Z6g1BAyzGwauFpzjxxVto0eILljZmD8l 1498387268 Received: from localhost (unknown [188.113.81.93]) by mail.messagingengine.com (Postfix) with ESMTPA id 59BB224346; Sun, 25 Jun 2017 06:41:08 -0400 (EDT) From: Marius Bakke In-Reply-To: <20170625113828.024a425f@scratchpost.org> References: <20170619222550.GA29289@jasmine.lan> <20170625113828.024a425f@scratchpost.org> User-Agent: Notmuch/0.24.2 (https://notmuchmail.org) Emacs/25.2.1 (x86_64-unknown-linux-gnu) Date: Sun, 25 Jun 2017 12:41:06 +0200 Message-ID: <87o9tcnyd9.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --=-=-= Content-Type: text/plain Danny Milosavljevic writes: > Hi, > > what do you all think of rebuilding the world with "-fstack-check" (either now or later on) ? > > That would make gcc emit code to always grow the stack in a way that it certainly touches each 4 KiB (parametrizable by STACK_CHECK_PROBE_INTERVAL_EXP) page on the way. > > I think that would be the right and permanent fix - unlike the whack-a-mole approach where we patch programs not to do what they are supposed to do, if their stack allocation happens to grow. > > See also and . Red Hat investigated this during the embargo[0] and found that the current implementation in GCC has problems[1]. We should wait until those issues are resolved first, but sounds good to me. [0] http://seclists.org/oss-sec/2017/q2/556 [1] http://seclists.org/oss-sec/2017/q2/505 --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAllPk0IACgkQoqBt8qM6 VPrYSQf/ZJHbkfiIRezbywXsiKt51BcKhOBIeoqYSx8BjuWB8eNnr2/mwuSAoOS3 nIISS5bwnYQib5JVvz6/LFoas+O5Fm8223+kC2DOiPBqkgAv9hCDs0/vwBK1vo/t DPMOTvq++w6oLjqsD8eiItIYwVT82xL3sGC7/b0i9v/g2fGyQjKneSaFYm/vtTTj NbrSNpqTd9fnV9r0n2+5jWRJYmED4k+bA5TyrkzkGhfvwyO1seNASBi+M2jF8wmu kVxIYNrIrH3hCVovs8I3Tygq6Bw8ubsS9q/W9BUNd+O1be5OofEMwwoyN2wzbhiL Y2IywpXlFWPGYk4zxr8qp5zf3/nRrA== =XScB -----END PGP SIGNATURE----- --=-=-=-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 25 Jun 2017 13:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 27429@debbugs.gnu.org, mbakke@fastmail.com, dannym@scratchpost.org X-Debbugs-Original-To: bug-guix@gnu.org, Marius Bakke , Danny Milosavljevic , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149839679720598 (code B ref 27429); Sun, 25 Jun 2017 13:20:02 +0000 Received: (at 27429) by debbugs.gnu.org; 25 Jun 2017 13:19:57 +0000 Received: from localhost ([127.0.0.1]:36417 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP7SD-0005M7-8q for submit@debbugs.gnu.org; Sun, 25 Jun 2017 09:19:56 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:48103) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dP7SA-0005Ly-Q6 for 27429@debbugs.gnu.org; Sun, 25 Jun 2017 09:19:51 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 9A83020A17; Sun, 25 Jun 2017 09:19:50 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Sun, 25 Jun 2017 09:19:50 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=XwWzEDCmWPliuvc LRMOSTLoGo773B1+e+ZcRU7JpKHI=; b=iy9gtZPx7X9nNH4cYPUdkYbkGwbOIyb qPVj+nqfI9QWmprU9Cn+9/Dg8WovAS32THMziDsjncqK4eJWMDSS57DxOAs6rXxg 1+wfDpmwD7c6QSPPvhGeArWKtXQ38oTh5K2lGYSg7nbLZfBYYLmb1w8I2MNGPgD0 vsW3rn3Wd19c= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s= fm1; bh=XwWzEDCmWPliuvcLRMOSTLoGo773B1+e+ZcRU7JpKHI=; b=OJg/KCmC WoYTTOnTC2GO+fd3/3oYaPgtBiQfvNCWtBNgrLDatSiajRHjpWE7SY23/b+zI9dC nsneQBqJ2xGkMKoNI0EwDXXlTf+GrVsXj0vpwH2c/9JiVVl9Thfv8WY3qPnYWRVu sXcVhQygbiY+AYaDPFMAurYEvudw1VMOY/Fpd6ohH1206wMkhhvqsE4011kPdf5h Er16/MJaKgnRzN6YowZghBzf5Rpzp/AdIpfjNvmiTe3SY0ssTDcJKUCaeKUUgCuH TfU9mHPz30KxOSLRmym/N/XrUjdot28UXJpgXQ4hgG3pYxsbWqTQXlhDXCxGb5cv kfM3M9Q8CV9kSg== X-ME-Sender: X-Sasl-enc: TcvRblobDlMgXTaiFCg2qb5Qa8VB8fYtaL3D+8wFdKtU 1498396790 Received: from [IPv6:2607:fb90:333:66ee:5599:259f:1c64:8151] (unknown [172.56.29.76]) by mail.messagingengine.com (Postfix) with ESMTPA id CDC167E271; Sun, 25 Jun 2017 09:19:49 -0400 (EDT) Date: Sun, 25 Jun 2017 09:19:45 -0400 User-Agent: K-9 Mail for Android In-Reply-To: <87o9tcnyd9.fsf@fastmail.com> References: <20170619222550.GA29289@jasmine.lan> <20170625113828.024a425f@scratchpost.org> <87o9tcnyd9.fsf@fastmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Leo Famulari Message-ID: X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) I agree, let's wait for guidance from the upstream GCC and GLIBC developers= =2E -------- Original Message -------- From: Marius Bakke Sent: June 25, 2017 6:41:06 AM EDT To: Danny Milosavljevic , 27429@debbugs=2Egnu=2E= org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc); -fstack-check Danny Milosavljevic writes: > Hi, > > what do you all think of rebuilding the world with "-fstack-check" (eith= er now or later on) ? > > That would make gcc emit code to always grow the stack in a way that it = certainly touches each 4 KiB (parametrizable by STACK_CHECK_PROBE_INTERVAL_= EXP) page on the way=2E > > I think that would be the right and permanent fix - unlike the whack-a-m= ole approach where we patch programs not to do what they are supposed to do= , if their stack allocation happens to grow=2E > > See also and =2E Red Hat investigated this during the embargo[0] and found that the current implementation in GCC has problems[1]=2E We should wait until those issues are resolved first, but sounds good to me=2E [0] http://seclists=2Eorg/oss-sec/2017/q2/556 [1] http://seclists=2Eorg/oss-sec/2017/q2/505 From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 26 Jun 2017 08:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149846649317035 (code B ref 27429); Mon, 26 Jun 2017 08:42:01 +0000 Received: (at 27429) by debbugs.gnu.org; 26 Jun 2017 08:41:33 +0000 Received: from localhost ([127.0.0.1]:37978 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPPaO-0004Qh-LP for submit@debbugs.gnu.org; Mon, 26 Jun 2017 04:41:33 -0400 Received: from eggs.gnu.org ([208.118.235.92]:52369) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPPaN-0004QV-Fi for 27429@debbugs.gnu.org; Mon, 26 Jun 2017 04:41:31 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dPPaD-000500-JA for 27429@debbugs.gnu.org; Mon, 26 Jun 2017 04:41:26 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:58069) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dPPaD-0004zn-FE; Mon, 26 Jun 2017 04:41:21 -0400 Received: from [193.50.110.179] (port=35864 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dPPaC-0000fM-Kg; Mon, 26 Jun 2017 04:41:20 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> <87bmpeh3oz.fsf@netris.org> <87y3shkggy.fsf@netris.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 8 Messidor an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Mon, 26 Jun 2017 10:41:18 +0200 In-Reply-To: <87y3shkggy.fsf@netris.org> (Mark H. Weaver's message of "Sat, 24 Jun 2017 03:11:25 -0400") Message-ID: <87mv8v6t01.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Hi Mark, Mark H Weaver skribis: > I tried to copy the .drv files for the grafted 'glibc-final' and > 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to > ask Hydra to build it, but both "guix copy" and "guix archive --export" > failed: > > mhw@jojen ~$ guix copy --to=3Dhydra@hydra /gnu/store/17gcwll4a2y3cjk8jf3f= g2gr105m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-gli= bc-2.25.drv > sending 11 store items to 'localhost'... > guix copy: error: corrupt input while restoring archive from # > mhw@jojen ~$ guix archive --export /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105= m9f4i-glibc-2.25.drv /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25= .drv > GRAFTED-GLIBC-DRVS.nar > guix archive: error: corrupt input while restoring archive from # Apparently they got built at some point. As for the problems above: error reporting in =E2=80=98guix copy=E2=80=99 i= s suboptimal (help welcome!), and the =E2=80=98guix archive --export=E2=80=99 problem lo= oks like a bug; could you report it? > I'm concerned that i686 and armhf users are going to have a rude > awakening when they not only have to build two variants of glibc, but > also a bunch of the early bootstrap because the NARs are not available > on Hydra. It would be good if someone could take care of that. Doing: --8<---------------cut here---------------start------------->8--- $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-replac= ement (@@ (gnu packages commencement) glibc-final)))' -s i686-linux --log-f= ile --no-grafts https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.2= 5.drv --8<---------------cut here---------------end--------------->8--- I see that glibc fails to build on i686 (but I think you=E2=80=99ve just fi= xed it?): --8<---------------cut here---------------start------------->8--- i686-guix-linux-gnu-gcc ../sysdeps/i386/i686/multiarch/strcspn-c.c -c -std= =3Dgnu11 -fgnu89-inline -O2 -Wall -Werror -Wundef -Wwrite-strings -fmerge-= all-constants -fno-stack-protector -frounding-math -g -Wstrict-prototypes -= Wold-style-definition -fPIC -Wa,-mtune=3Di686 -mno-sse -mno-mmx -mfpmath= =3D387 -msse4 -ftls-model=3Dinitial-exec -I../include -I/tmp/guix-bu= ild-glibc-2.25.drv-0/build/string -I/tmp/guix-build-glibc-2.25.drv-0/build= -I../sysdeps/unix/sysv/linux/i386/i686 -I../sysdeps/i386/i686/nptl -I..= /sysdeps/unix/sysv/linux/i386 -I../sysdeps/unix/sysv/linux/x86 -I../sysde= ps/i386/nptl -I../sysdeps/unix/sysv/linux/include -I../sysdeps/unix/sysv/l= inux -I../sysdeps/nptl -I../sysdeps/pthread -I../sysdeps/gnu -I../sysde= ps/unix/inet -I../sysdeps/unix/sysv -I../sysdeps/unix/i386 -I../sysdeps/= unix -I../sysdeps/posix -I../sysdeps/i386/i686/fpu/multiarch -I../sysdep= s/i386/i686/fpu -I../sysdeps/i386/i686/multiarch -I../sysdeps/i386/i686 = -I../sysdeps/i386/fpu -I../sysdeps/x86/fpu/include -I../sysdeps/x86/fpu -= I../sysdeps/i386 -I../sysdeps/x86 -I../sysdeps/wordsize-32 -I../sysdeps/= ieee754/ldbl-96/include -I../sysdeps/ieee754/ldbl-96 -I../sysdeps/ieee754/= dbl-64 -I../sysdeps/ieee754/flt-32 -I../sysdeps/ieee754 -I../sysdeps/gen= eric -I.. -I../libio -I. -nostdinc -isystem /gnu/store/85qsxn71dn6944df5kc= vkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/i= nclude -isystem /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0= -5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include-fixed -isystem /gnu/st= ore/cwls4k58gw85lsrm2m2icpgwhvd0452n-linux-libre-headers-4.4.47/include -D= _LIBC_REENTRANT -include /tmp/guix-build-glibc-2.25.drv-0/build/libc-module= s.h -DMODULE_NAME=3Drtld -include ../include/libc-symbols.h -DPIC -DSHARED= -o /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os -MD= -MP -MF /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os.dt= -MT /tmp/guix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os -mno-= sse -mno-mmx -mfpmath=3D387=20 In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0, from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2: ../sysdeps/x86_64/multiarch/varshift.h: In function '__m128i_shift_right': ../sysdeps/x86_64/multiarch/varshift.h:26:1: error: SSE vector return witho= ut SSE enabled changes the ABI [-Werror=3Dpsabi] { ^ In file included from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/smmintrin.h:32:0, from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/nmmintrin.h:31, from ../sysdeps/x86_64/multiarch/strcspn-c.c:20, from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2: /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/g= cc/i686-guix-linux-gnu/5.4.0/include/tmmintrin.h:136:1: error: inlining fai= led in call to always_inline '_mm_shuffle_epi8': target specific option mis= match _mm_shuffle_epi8 (__m128i __X, __m128i __Y) ^ In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0, from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2: ../sysdeps/x86_64/multiarch/varshift.h:27:10: error: called from here return _mm_shuffle_epi8 (value, ^ In file included from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/pmmintrin.h:31:0, from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/tmmintrin.h:31, from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/smmintrin.h:32, from /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross= -boot0-5.4.0-lib/lib/gcc/i686-guix-linux-gnu/5.4.0/include/nmmintrin.h:31, from ../sysdeps/x86_64/multiarch/strcspn-c.c:20, from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2: /gnu/store/85qsxn71dn6944df5kcvkxg0nm3xdg6z-gcc-cross-boot0-5.4.0-lib/lib/g= cc/i686-guix-linux-gnu/5.4.0/include/emmintrin.h:696:1: error: inlining fai= led in call to always_inline '_mm_loadu_si128': target specific option mism= atch _mm_loadu_si128 (__m128i const *__P) ^ In file included from ../sysdeps/x86_64/multiarch/strcspn-c.c:22:0, from ../sysdeps/i386/i686/multiarch/strcspn-c.c:2: ../sysdeps/x86_64/multiarch/varshift.h:27:10: error: called from here return _mm_shuffle_epi8 (value, ^ cc1: all warnings being treated as errors make[4]: *** [/tmp/guix-build-glibc-2.25.drv-0/build/sysd-rules:561: /tmp/g= uix-build-glibc-2.25.drv-0/build/string/rtld-strcspn-c.os] Error 1 make[4]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/str= ing' make[3]: *** [../o-iterator.mk:9: /tmp/guix-build-glibc-2.25.drv-0/build/st= ring/rtld-strchr.os] Error 2 make[3]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/elf' make[2]: *** [Makefile:443: /tmp/guix-build-glibc-2.25.drv-0/build/elf/rtld= -libc.a] Error 2 make[2]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25/elf' make[1]: *** [Makefile:215: elf/subdir_lib] Error 2 make[1]: Leaving directory '/tmp/guix-build-glibc-2.25.drv-0/glibc-2.25' make: *** [Makefile:9: all] Error 2 phase `build' failed after 327.9 seconds builder for `/gnu/store/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2.25.drv' fa= iled with exit code 1 --8<---------------cut here---------------end--------------->8--- The ARM variant builds fine though: --8<---------------cut here---------------start------------->8--- $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-replac= ement (@@ (gnu packages commencement) glibc-final)))' -s armhf-linux -n --s= ubstitute-urls=3Dhttps://hydra.gnu.org substitute: updating list of substitutes from 'https://hydra.gnu.org'... 10= 0.0% 27.4 MB would be downloaded: /gnu/store/9xcjggbxli1gdp9daz97v1f1f0yxnsxv-glibc-2.25-debug /gnu/store/4i5ih43cjk3syk8r24lc12snqfd9dm8m-glibc-2.25 $ git describe v0.13.0-1020-ga1b46bdc0 --8<---------------cut here---------------end--------------->8--- Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 26 Jun 2017 11:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149847597431357 (code B ref 27429); Mon, 26 Jun 2017 11:20:02 +0000 Received: (at 27429) by debbugs.gnu.org; 26 Jun 2017 11:19:34 +0000 Received: from localhost ([127.0.0.1]:38091 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPS3K-00089g-2h for submit@debbugs.gnu.org; Mon, 26 Jun 2017 07:19:34 -0400 Received: from world.peace.net ([50.252.239.5]:53255) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPS3H-00089T-K4 for 27429@debbugs.gnu.org; Mon, 26 Jun 2017 07:19:32 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dPRwz-0004WP-2U; Mon, 26 Jun 2017 07:13:01 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> <87bmpeh3oz.fsf@netris.org> <87y3shkggy.fsf@netris.org> <87mv8v6t01.fsf@gnu.org> Date: Mon, 26 Jun 2017 07:19:12 -0400 In-Reply-To: <87mv8v6t01.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Mon, 26 Jun 2017 10:41:18 +0200") Message-ID: <878tkfm1xr.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Hi Ludovic, ludo@gnu.org (Ludovic Court=C3=A8s) writes: > Mark H Weaver skribis: > >> I tried to copy the .drv files for the grafted 'glibc-final' and >> 'glibc-final-with-bootstrap-bash' from my machine to Hydra, in order to >> ask Hydra to build it, but both "guix copy" and "guix archive --export" >> failed: >> >> mhw@jojen ~$ guix copy --to=3Dhydra@hydra >> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv >> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv >> sending 11 store items to 'localhost'... >> guix copy: error: corrupt input while restoring archive from # >> mhw@jojen ~$ guix archive --export >> /gnu/store/17gcwll4a2y3cjk8jf3fg2gr105m9f4i-glibc-2.25.drv >> /gnu/store/78j5arbcgjfbj0m91fn6p5s71kz7w2yw-glibc-2.25.drv > >> GRAFTED-GLIBC-DRVS.nar >> guix archive: error: corrupt input while restoring archive from # > > Apparently they got built at some point. Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build a grafted 'hello' for all three hydra-supported platforms. This entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'. I then ran: guix challenge --substitute-urls=3Dhttps://hydra.gnu.org /gnu/store/... to generate narinfo requests for the relevant outputs, on the theory that this would cause guix-publish to build NARs. (Am I right?) > As for the problems above: error reporting in =E2=80=98guix copy=E2=80=99= is suboptimal > (help welcome!), and the =E2=80=98guix archive --export=E2=80=99 problem = looks like a > bug; could you report it? Sure. >> I'm concerned that i686 and armhf users are going to have a rude >> awakening when they not only have to build two variants of glibc, but >> also a bunch of the early bootstrap because the NARs are not available >> on Hydra. It would be good if someone could take care of that. > > Doing: > > $ ./pre-inst-env guix build -e '(begin (use-modules (guix)) (package-repl= acement (@@ (gnu packages commencement) glibc-final)))' -s i686-linux --log= -file --no-grafts > https://mirror.hydra.gnu.org/log/ivvdx2m0p6gnmcxmz355z106ffqg9p25-glibc-2= .25.drv > > > I see that glibc fails to build on i686 (but I think you=E2=80=99ve just = fixed > it?): Yes, I fixed the i686 problem in commit ffc015bea26f24d862e7e877d907fbe1ab9a9967. FYI, this problem was reported as a separate bug, which is now closed: https://bugs.gnu.org/27489 Thanks, Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 27 Jun 2017 13:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149857187128796 (code B ref 27429); Tue, 27 Jun 2017 13:58:02 +0000 Received: (at 27429) by debbugs.gnu.org; 27 Jun 2017 13:57:51 +0000 Received: from localhost ([127.0.0.1]:40936 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPr02-0007UN-1b for submit@debbugs.gnu.org; Tue, 27 Jun 2017 09:57:50 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46988) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dPr00-0007U7-2R for 27429@debbugs.gnu.org; Tue, 27 Jun 2017 09:57:48 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dPqzq-0000yN-C8 for 27429@debbugs.gnu.org; Tue, 27 Jun 2017 09:57:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:52805) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dPqzq-0000y6-85; Tue, 27 Jun 2017 09:57:38 -0400 Received: from lstlambert-658-1-215-139.w80-13.abo.wanadoo.fr ([80.13.234.139]:35137 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dPqzp-0000rD-BX; Tue, 27 Jun 2017 09:57:37 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> <87mv8yh7pi.fsf@netris.org> <20170623185448.GA14284@jasmine.lan> <87bmpeh3oz.fsf@netris.org> <87y3shkggy.fsf@netris.org> <87mv8v6t01.fsf@gnu.org> <878tkfm1xr.fsf@netris.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 9 Messidor an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Tue, 27 Jun 2017 15:57:33 +0200 In-Reply-To: <878tkfm1xr.fsf@netris.org> (Mark H. Weaver's message of "Mon, 26 Jun 2017 07:19:12 -0400") Message-ID: <87vanh4joy.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Mark H Weaver skribis: > Yes, I ran "guix pull" for user mhw on Hydra, and then asked it to build > a grafted 'hello' for all three hydra-supported platforms. This > entailed building a grafted 'glibc-final' as well as 'perl' and 'expat'. > I then ran: > > guix challenge --substitute-urls=3Dhttps://hydra.gnu.org /gnu/store/... > > to generate narinfo requests for the relevant outputs, on the theory > that this would cause guix-publish to build NARs. (Am I right?) You are, that=E2=80=99s a good strategy. :-) Thanks, Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Wed, 28 Jun 2017 21:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149868695726471 (code B ref 27429); Wed, 28 Jun 2017 21:56:02 +0000 Received: (at 27429) by debbugs.gnu.org; 28 Jun 2017 21:55:57 +0000 Received: from localhost ([127.0.0.1]:43057 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQKwG-0006st-Sw for submit@debbugs.gnu.org; Wed, 28 Jun 2017 17:55:57 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:59207) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQKwF-0006sk-85 for 27429@debbugs.gnu.org; Wed, 28 Jun 2017 17:55:55 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 6BC4B2225E; Wed, 28 Jun 2017 17:55:54 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Wed, 28 Jun 2017 17:55:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=EU2UEmRybAIwMpZryz+/u+PXwhdkZ7A+ex1GKP ngEmk=; b=ET+2GXX3kwgF3HsS8mVQR5WCswozTKlkOK5ne07uYYGmozA4Zht5p6 KA+/UEo5Jotw1MnvpMhciE8Y4wVb4nfCpJkEm8XudTkr6ybn0wL/JEwTf7A1hfvu l5PFYng9bgAXVIC/pGbj5UCxuLGyt/Qeu1yHKIdyvL/+ah4ofdopg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=EU2UEmRybAIwMpZryz +/u+PXwhdkZ7A+ex1GKPngEmk=; b=lOViB8skdGiYKHGvd7+d2d8/TXASA0E2EX mwAiNJfwyHvjuRN/dJ56cPYqOzvxE2iCiOYytT2QDdHrHzKngm+a8qECR8Z10xty Fyi3aXZcRxWObN/UIzTDJi61cDXc2wR9jh7OvT/W1LR/nvuZKIlgIfCDv+3vkdoW 8Lz/MiB4NDjRJI+jxZbjHoZ81gDJPq4YckSlaM/2C1tfBP2JGf8L5MCISsudH1fK sSKGClVNfgmn1LV1zPsRXMX1dG1d2SDp2G8yWyWH6l1cxQHXeazqnr9bg2hsBE1i vnxz4SR4FXdOcZZrwidT1ixGb5PUCkSX5gm8AbF/lgRvkgCbPbTw== X-ME-Sender: X-Sasl-enc: 5nGx/s6sAHgJ7wOQhCJGW7JmETKGrEQQs8d7oenmYCxd 1498686954 Received: from localhost (c-73-165-1-160.hsd1.pa.comcast.net [73.165.1.160]) by mail.messagingengine.com (Postfix) with ESMTPA id 2864E7E7FD for <27429@debbugs.gnu.org>; Wed, 28 Jun 2017 17:55:54 -0400 (EDT) Date: Wed, 28 Jun 2017 17:55:13 -0400 From: Leo Famulari Message-ID: <20170628215513.GA15581@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170623172038.GA6052@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="G4iJoqBmSsgzjUCe" Content-Disposition: inline In-Reply-To: <20170623172038.GA6052@jasmine.lan> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: 0.5 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.5 (/) --G4iJoqBmSsgzjUCe Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 23, 2017 at 01:20:38PM -0400, Leo Famulari wrote: > By the way, Qualys will probably begin publishing their exploits on > Tuesday [0]: Here they are: http://seclists.org/oss-sec/2017/q2/635 It would be good if we tested the relevant exploits against GuixSD. --G4iJoqBmSsgzjUCe Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllUJcAACgkQJkb6MLrK fwgjSw/+Lsz2jYARWIUUASq0fjss9tBAZ0JJDaAdIR8nVajfgPH9cXFrJy/+Q3w5 3kE+aMPCNSZSMXqACByDrRBDdRnM1OJ7dci/7mHORR1iaKjkbRo4XZD6RbAxhptq 3RuWjfKgt+eMERR3DzwsAS60plDSHPb4iOMVVhUP2jfhIAq1uBKlFPbNneLhF02C NjLK9zPJObaACxvthAzDG5yK7f6uH4zWcMDpWJde95zyHjrNZ4k2kxM3RVCv2pNe UlP+CUQr3gQDXB5fLhpiwEpKSK5MMsD8iI+3vOn8poAfJZFmdbuUQLc9Yi5ozmVI JHhHpDE/TUDIkNM5hJny4xwF4g6yrKyxeMDDpipg/6kDS97jrXvvUFxknCtDR+BZ n+az5J10ejDq2nRR4gOdfn8nFk6WCz0RCx71LgvQLtM6gjL0Y4+H+0D8gcgrhOgj tZVeaPl1JmsOpA2CqpCZkzXG4IGQBJ3SIocjoeUektL9wt5g2+9bQ2l2YxAzM7WE tGagKK5wzvsWcZIIyCl/4Nj963zgwHBJ8oc1RFVBdt2Hp0OnnhBkTG5Z4Opz1tvS aGMY90L5iIEImP92pVOffm/chmAZDC/pUTLNsuXm6fBe1OzjB8+Mk1w11CYN2QIu +6r/cYFPeOxd01pkiuQFEhN5xOC9H2VHvUAgyuzRinbCJDaGCpU= =TB+B -----END PGP SIGNATURE----- --G4iJoqBmSsgzjUCe-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 29 Jun 2017 11:00:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149873395115124 (code B ref 27429); Thu, 29 Jun 2017 11:00:02 +0000 Received: (at 27429) by debbugs.gnu.org; 29 Jun 2017 10:59:11 +0000 Received: from localhost ([127.0.0.1]:43475 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQXAF-0003vr-0Z for submit@debbugs.gnu.org; Thu, 29 Jun 2017 06:59:11 -0400 Received: from eggs.gnu.org ([208.118.235.92]:33484) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQXAA-0003vc-VE for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 06:59:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQXA3-000150-Dd for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 06:59:01 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:35442) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQX9w-0000zb-T6; Thu, 29 Jun 2017 06:58:52 -0400 Received: from [193.50.110.126] (port=54228 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dQX9v-0004bg-Ua; Thu, 29 Jun 2017 06:58:52 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> Date: Thu, 29 Jun 2017 12:58:49 +0200 In-Reply-To: <87zid0iksk.fsf@netris.org> (Mark H. Weaver's message of "Thu, 22 Jun 2017 02:44:11 -0400") Message-ID: <87mv8rqcuu.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello gentlefolks! As discussed yesterday on IRC, here=E2=80=99s a patch that applies the glibc patches for CVE-2017-1000366 in =E2=80=98core-updates=E2=80=99. That=E2=80=99s a rebuild-the-world change but we still have work to do in =E2=80=98core-updates=E2=80=99 anyway, notably regarding the Perl dot-in-@I= NC issue. OK for you? Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-glibc-linux-Add-patches-for-CVE-2017-1000366.patch Content-Description: the patch >From 0118abc2ffd880c704f66294cf76ce0b8ddae803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 29 Jun 2017 12:53:14 +0200 Subject: [PATCH] gnu: glibc/linux: Add patches for CVE-2017-1000366. * gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch, gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/base.scm (glibc/linux)[source](patches): Add them. --- gnu/local.mk | 3 + gnu/packages/base.scm | 5 +- .../patches/glibc-CVE-2017-1000366-pt1.patch | 36 ++++ .../patches/glibc-CVE-2017-1000366-pt2.patch | 124 +++++++++++++ .../patches/glibc-CVE-2017-1000366-pt3.patch | 206 +++++++++++++++++++++ 5 files changed, 373 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch diff --git a/gnu/local.mk b/gnu/local.mk index 1ae2a2d26..06bd98112 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -622,6 +622,9 @@ dist_patch_DATA = \ %D%/packages/patches/ghostscript-runpath.patch \ %D%/packages/patches/glib-networking-ssl-cert-file.patch \ %D%/packages/patches/glib-tests-timer.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \ + %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \ %D%/packages/patches/glibc-bootstrap-system.patch \ %D%/packages/patches/glibc-ldd-x86_64.patch \ %D%/packages/patches/glibc-locales.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index b9364f81f..f5aea0812 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -532,7 +532,10 @@ store.") (patches (search-patches "glibc-ldd-x86_64.patch" "glibc-versioned-locpath.patch" "glibc-o-largefile.patch" - "glibc-memchr-overflow-i686.patch")))) + "glibc-memchr-overflow-i686.patch" + "glibc-CVE-2017-1000366-pt1.patch" + "glibc-CVE-2017-1000366-pt2.patch" + "glibc-CVE-2017-1000366-pt3.patch")))) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch b/gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch new file mode 100644 index 000000000..71e80968b --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch @@ -0,0 +1,36 @@ +From f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 17:09:55 +0200 +Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1 + programs [BZ #21624] + +LD_LIBRARY_PATH can only be used to reorder system search paths, which +is not useful functionality. + +This makes an exploitable unbounded alloca in _dl_init_paths unreachable +for AT_SECURE=1 programs. + +patch from: +https://sourceware.org/git/?p=glibc.git;a=commit;h=f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d +--- + ChangeLog | 7 +++++++ + elf/rtld.c | 3 ++- + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2446a87..2269dbe 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -2422,7 +2422,8 @@ process_envvars (enum mode *modep) + + case 12: + /* The library search path. */ +- if (memcmp (envline, "LIBRARY_PATH", 12) == 0) ++ if (!__libc_enable_secure ++ && memcmp (envline, "LIBRARY_PATH", 12) == 0) + { + library_path = &envline[13]; + break; +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch b/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch new file mode 100644 index 000000000..4b859c4bf --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch @@ -0,0 +1,124 @@ +From 6d0ba622891bed9d8394eef1935add53003b12e8 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:31:04 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements + +patch from: +https://sourceware.org/git/?p=glibc.git;a=patch;h=6d0ba622891bed9d8394eef1935add53003b12e8 + +--- + ChangeLog | 7 ++++++ + elf/rtld.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++------------ + 2 files changed, 73 insertions(+), 16 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 2269dbe..86ae20c 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local + strong_alias (__pointer_chk_guard_local, __pointer_chk_guard) + #endif + ++/* Length limits for names and paths, to protect the dynamic linker, ++ particularly when __libc_enable_secure is active. */ ++#ifdef NAME_MAX ++# define SECURE_NAME_LIMIT NAME_MAX ++#else ++# define SECURE_NAME_LIMIT 255 ++#endif ++#ifdef PATH_MAX ++# define SECURE_PATH_LIMIT PATH_MAX ++#else ++# define SECURE_PATH_LIMIT 1024 ++#endif ++ ++/* Check that AT_SECURE=0, or that the passed name does not contain ++ directories and is not overly long. Reject empty names ++ unconditionally. */ ++static bool ++dso_name_valid_for_suid (const char *p) ++{ ++ if (__glibc_unlikely (__libc_enable_secure)) ++ { ++ /* Ignore pathnames with directories for AT_SECURE=1 ++ programs, and also skip overlong names. */ ++ size_t len = strlen (p); ++ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL) ++ return false; ++ } ++ return *p != '\0'; ++} + + /* List of auditing DSOs. */ + static struct audit_list +@@ -718,6 +747,42 @@ static const char *preloadlist attribute_relro; + /* Nonzero if information about versions has to be printed. */ + static int version_info attribute_relro; + ++/* The LD_PRELOAD environment variable gives list of libraries ++ separated by white space or colons that are loaded before the ++ executable's dependencies and prepended to the global scope list. ++ (If the binary is running setuid all elements containing a '/' are ++ ignored since it is insecure.) Return the number of preloads ++ performed. */ ++unsigned int ++handle_ld_preload (const char *preloadlist, struct link_map *main_map) ++{ ++ unsigned int npreloads = 0; ++ const char *p = preloadlist; ++ char fname[SECURE_PATH_LIMIT]; ++ ++ while (*p != '\0') ++ { ++ /* Split preload list at space/colon. */ ++ size_t len = strcspn (p, " :"); ++ if (len > 0 && len < sizeof (fname)) ++ { ++ memcpy (fname, p, len); ++ fname[len] = '\0'; ++ } ++ else ++ fname[0] = '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ p += len; ++ if (*p != '\0') ++ ++p; ++ ++ if (dso_name_valid_for_suid (fname)) ++ npreloads += do_preload (fname, main_map, "LD_PRELOAD"); ++ } ++ return npreloads; ++} ++ + static void + dl_main (const ElfW(Phdr) *phdr, + ElfW(Word) phnum, +@@ -1464,23 +1529,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + + if (__glibc_unlikely (preloadlist != NULL)) + { +- /* The LD_PRELOAD environment variable gives list of libraries +- separated by white space or colons that are loaded before the +- executable's dependencies and prepended to the global scope +- list. If the binary is running setuid all elements +- containing a '/' are ignored since it is insecure. */ +- char *list = strdupa (preloadlist); +- char *p; +- + HP_TIMING_NOW (start); +- +- /* Prevent optimizing strsep. Speed is not important here. */ +- while ((p = (strsep) (&list, " :")) != NULL) +- if (p[0] != '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') == NULL)) +- npreloads += do_preload (p, main_map, "LD_PRELOAD"); +- ++ npreloads += handle_ld_preload (preloadlist, main_map); + HP_TIMING_NOW (stop); + HP_TIMING_DIFF (diff, start, stop); + HP_TIMING_ACCUM_NT (load_time, diff); +-- +2.9.3 + diff --git a/gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch b/gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch new file mode 100644 index 000000000..3d8f6d2bf --- /dev/null +++ b/gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch @@ -0,0 +1,206 @@ +From 81b82fb966ffbd94353f793ad17116c6088dedd9 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Mon, 19 Jun 2017 22:32:12 +0200 +Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements + +Also only process the last LD_AUDIT entry. + +patch from: +https://sourceware.org/git/?p=glibc.git;a=commit;h=81b82fb966ffbd94353f793ad17116c6088dedd9 + +--- + ChangeLog | 11 +++++++ + elf/rtld.c | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++--------- + 2 files changed, 106 insertions(+), 15 deletions(-) + +diff --git a/elf/rtld.c b/elf/rtld.c +index 86ae20c..65647fb 100644 +--- a/elf/rtld.c ++++ b/elf/rtld.c +@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p) + return *p != '\0'; + } + +-/* List of auditing DSOs. */ ++/* LD_AUDIT variable contents. Must be processed before the ++ audit_list below. */ ++const char *audit_list_string; ++ ++/* Cyclic list of auditing DSOs. audit_list->next is the first ++ element. */ + static struct audit_list + { + const char *name; + struct audit_list *next; + } *audit_list; + ++/* Iterator for audit_list_string followed by audit_list. */ ++struct audit_list_iter ++{ ++ /* Tail of audit_list_string still needing processing, or NULL. */ ++ const char *audit_list_tail; ++ ++ /* The list element returned in the previous iteration. NULL before ++ the first element. */ ++ struct audit_list *previous; ++ ++ /* Scratch buffer for returning a name which is part of ++ audit_list_string. */ ++ char fname[SECURE_NAME_LIMIT]; ++}; ++ ++/* Initialize an audit list iterator. */ ++static void ++audit_list_iter_init (struct audit_list_iter *iter) ++{ ++ iter->audit_list_tail = audit_list_string; ++ iter->previous = NULL; ++} ++ ++/* Iterate through both audit_list_string and audit_list. */ ++static const char * ++audit_list_iter_next (struct audit_list_iter *iter) ++{ ++ if (iter->audit_list_tail != NULL) ++ { ++ /* First iterate over audit_list_string. */ ++ while (*iter->audit_list_tail != '\0') ++ { ++ /* Split audit list at colon. */ ++ size_t len = strcspn (iter->audit_list_tail, ":"); ++ if (len > 0 && len < sizeof (iter->fname)) ++ { ++ memcpy (iter->fname, iter->audit_list_tail, len); ++ iter->fname[len] = '\0'; ++ } ++ else ++ /* Do not return this name to the caller. */ ++ iter->fname[0] = '\0'; ++ ++ /* Skip over the substring and the following delimiter. */ ++ iter->audit_list_tail += len; ++ if (*iter->audit_list_tail == ':') ++ ++iter->audit_list_tail; ++ ++ /* If the name is valid, return it. */ ++ if (dso_name_valid_for_suid (iter->fname)) ++ return iter->fname; ++ /* Otherwise, wrap around and try the next name. */ ++ } ++ /* Fall through to the procesing of audit_list. */ ++ } ++ ++ if (iter->previous == NULL) ++ { ++ if (audit_list == NULL) ++ /* No pre-parsed audit list. */ ++ return NULL; ++ /* Start of audit list. The first list element is at ++ audit_list->next (cyclic list). */ ++ iter->previous = audit_list->next; ++ return iter->previous->name; ++ } ++ if (iter->previous == audit_list) ++ /* Cyclic list wrap-around. */ ++ return NULL; ++ iter->previous = iter->previous->next; ++ return iter->previous->name; ++} ++ + #ifndef HAVE_INLINED_SYSCALLS + /* Set nonzero during loading and initialization of executable and + libraries, cleared before the executable's entry point runs. This +@@ -1305,11 +1383,13 @@ of this helper program; chances are you did not intend to run this program.\n\ + GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid (); + + /* If we have auditing DSOs to load, do it now. */ +- if (__glibc_unlikely (audit_list != NULL)) ++ bool need_security_init = true; ++ if (__glibc_unlikely (audit_list != NULL) ++ || __glibc_unlikely (audit_list_string != NULL)) + { +- /* Iterate over all entries in the list. The order is important. */ + struct audit_ifaces *last_audit = NULL; +- struct audit_list *al = audit_list->next; ++ struct audit_list_iter al_iter; ++ audit_list_iter_init (&al_iter); + + /* Since we start using the auditing DSOs right away we need to + initialize the data structures now. */ +@@ -1320,9 +1400,14 @@ of this helper program; chances are you did not intend to run this program.\n\ + use different values (especially the pointer guard) and will + fail later on. */ + security_init (); ++ need_security_init = false; + +- do ++ while (true) + { ++ const char *name = audit_list_iter_next (&al_iter); ++ if (name == NULL) ++ break; ++ + int tls_idx = GL(dl_tls_max_dtv_idx); + + /* Now it is time to determine the layout of the static TLS +@@ -1331,7 +1416,7 @@ of this helper program; chances are you did not intend to run this program.\n\ + no DF_STATIC_TLS bit is set. The reason is that we know + glibc will use the static model. */ + struct dlmopen_args dlmargs; +- dlmargs.fname = al->name; ++ dlmargs.fname = name; + dlmargs.map = NULL; + + const char *objname; +@@ -1344,7 +1429,7 @@ of this helper program; chances are you did not intend to run this program.\n\ + not_loaded: + _dl_error_printf ("\ + ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", +- al->name, err_str); ++ name, err_str); + if (malloced) + free ((char *) err_str); + } +@@ -1448,10 +1533,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + goto not_loaded; + } + } +- +- al = al->next; + } +- while (al != audit_list->next); + + /* If we have any auditing modules, announce that we already + have two objects loaded. */ +@@ -1715,7 +1797,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n", + if (tcbp == NULL) + tcbp = init_tls (); + +- if (__glibc_likely (audit_list == NULL)) ++ if (__glibc_likely (need_security_init)) + /* Initialize security features. But only if we have not done it + earlier. */ + security_init (); +@@ -2346,9 +2428,7 @@ process_dl_audit (char *str) + char *p; + + while ((p = (strsep) (&str, ":")) != NULL) +- if (p[0] != '\0' +- && (__builtin_expect (! __libc_enable_secure, 1) +- || strchr (p, '/') == NULL)) ++ if (dso_name_valid_for_suid (p)) + { + /* This is using the local malloc, not the system malloc. The + memory can never be freed. */ +@@ -2412,7 +2492,7 @@ process_envvars (enum mode *modep) + break; + } + if (memcmp (envline, "AUDIT", 5) == 0) +- process_dl_audit (&envline[6]); ++ audit_list_string = &envline[6]; + break; + + case 7: +-- +2.9.3 + -- 2.13.1 --=-=-=-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: Mark H Weaver Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 29 Jun 2017 15:51:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149875140230998 (code B ref 27429); Thu, 29 Jun 2017 15:51:01 +0000 Received: (at 27429) by debbugs.gnu.org; 29 Jun 2017 15:50:02 +0000 Received: from localhost ([127.0.0.1]:44810 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQbhi-00083q-2Z for submit@debbugs.gnu.org; Thu, 29 Jun 2017 11:50:02 -0400 Received: from world.peace.net ([50.252.239.5]:58437) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQbhg-00083W-JB for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 11:50:01 -0400 Received: from pool-72-93-34-106.bstnma.east.verizon.net ([72.93.34.106] helo=jojen) by world.peace.net with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dQbdb-0004Qf-TL; Thu, 29 Jun 2017 11:45:48 -0400 From: Mark H Weaver References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> Date: Thu, 29 Jun 2017 11:49:41 -0400 In-Reply-To: <87mv8rqcuu.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Thu, 29 Jun 2017 12:58:49 +0200") Message-ID: <87h8yyn696.fsf@netris.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) ludo@gnu.org (Ludovic Court=C3=A8s) writes: > As discussed yesterday on IRC, here=E2=80=99s a patch that applies the gl= ibc > patches for CVE-2017-1000366 in =E2=80=98core-updates=E2=80=99. > > That=E2=80=99s a rebuild-the-world change but we still have work to do in > =E2=80=98core-updates=E2=80=99 anyway, notably regarding the Perl dot-in-= @INC issue. > > OK for you? Sounds good to me, but I've already merged 'master' into 'core-updates' with this as a graft, so what's remains is to ungraft it there. Also note that when I merged it, I forgot to add "glibc-memchr-overflow-i686.patch" to the older variants of 'glibc'. Unfortunately, this was a case where git merge automatically did the wrong thing, without any conflict. I was going to fix this soon by eliminating the redundant lists of patches, but now I won't have to. Thanks, Mark From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 29 Jun 2017 20:07:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Mark H Weaver Cc: 27429@debbugs.gnu.org, Efraim Flashner , Leo Famulari Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149876678528418 (code B ref 27429); Thu, 29 Jun 2017 20:07:02 +0000 Received: (at 27429) by debbugs.gnu.org; 29 Jun 2017 20:06:25 +0000 Received: from localhost ([127.0.0.1]:45051 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQfhn-0007OG-WE for submit@debbugs.gnu.org; Thu, 29 Jun 2017 16:06:24 -0400 Received: from eggs.gnu.org ([208.118.235.92]:46176) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQfhm-0007O2-31 for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 16:06:22 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQfhg-0008Go-61 for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 16:06:16 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:45095) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQfhb-0008FB-DJ; Thu, 29 Jun 2017 16:06:11 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:60316 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dQfha-0005OU-ML; Thu, 29 Jun 2017 16:06:11 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170619222550.GA29289@jasmine.lan> <20170620004920.GB31586@jasmine.lan> <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 11 Messidor an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Thu, 29 Jun 2017 22:06:08 +0200 In-Reply-To: <87h8yyn696.fsf@netris.org> (Mark H. Weaver's message of "Thu, 29 Jun 2017 11:49:41 -0400") Message-ID: <87wp7ulftb.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Mark H Weaver skribis: > ludo@gnu.org (Ludovic Court=C3=A8s) writes: > >> As discussed yesterday on IRC, here=E2=80=99s a patch that applies the g= libc >> patches for CVE-2017-1000366 in =E2=80=98core-updates=E2=80=99. >> >> That=E2=80=99s a rebuild-the-world change but we still have work to do in >> =E2=80=98core-updates=E2=80=99 anyway, notably regarding the Perl dot-in= -@INC issue. >> >> OK for you? > > Sounds good to me, but I've already merged 'master' into 'core-updates' > with this as a graft, so what's remains is to ungraft it there. Indeed. I rebased and adjusted the patch and pushed as 503a4df904b8d4b82caebdb17db9c5f76a952418. Leo, let me know when you feel that we should start a new evaluation. Thank you, Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)] Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 29 Jun 2017 21:55:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: Mark H Weaver , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14987732785653 (code B ref 27429); Thu, 29 Jun 2017 21:55:01 +0000 Received: (at 27429) by debbugs.gnu.org; 29 Jun 2017 21:54:38 +0000 Received: from localhost ([127.0.0.1]:45115 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQhOY-0001T6-AR for submit@debbugs.gnu.org; Thu, 29 Jun 2017 17:54:38 -0400 Received: from out5-smtp.messagingengine.com ([66.111.4.29]:52209) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQhOT-0001Sw-VH for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 17:54:37 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 76FAF20CDB; Thu, 29 Jun 2017 17:54:33 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 29 Jun 2017 17:54:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=TGSATZK2Fg23Q8zkkWkVk06okXMiA07YK1tuH/ fVyok=; b=g66FxW1eWLaFrJkgRipkzpVb4S8PaXUrFD+4DbqjlQjDrwj07nl/y4 sYSMVB1IixT0ik3rugY/Uld0o8zCZ4En1BTmWw/t2E32Ah45GLSsw6r4DK6X+Y5D FVf220ZmM8njKrej7mppHciq7GvsYkwJdMezlg4hW7G/pku5BnvAw= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=TGSATZK2Fg23Q8zkkW kVk06okXMiA07YK1tuH/fVyok=; b=bNROSvJSggx2JcS9XI+WVLgpLkE5fxNBl9 6KdeeiZNz8jKZR+IELdF/WOQOM3EbAScVLL5KrdXRRk0Qe32F+q2TVgfggjjmC5Y 9pWALpeOqLF21y3aBEeEcOrmNK/y5BK7tpAMFXyQtf6QG0HRE4u5OLmfFfwnAtU3 cegaW4aZQ2NhILBPt/kdWDoLcL2/+lF4towmroU1VsjZijivke6tly3LmpLMu9EE LWbbWOj5UHWv1VrdtBARvakpOpFlWbxpvd4CMIgO60u0oX137nDir6soqsl0SnuQ Fh3eNbHnfWEdGXcHsAECl0nrHN5LJfOR06sfxeBPrk0SzKfa/KlQ== X-ME-Sender: X-Sasl-enc: XzBx1Ikl45bfal0RbG3/NICT9cNj5jbkLwf5Vpffc7e9 1498773273 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 2207524785; Thu, 29 Jun 2017 17:54:33 -0400 (EDT) Date: Thu, 29 Jun 2017 17:03:17 -0400 From: Leo Famulari Message-ID: <20170629210317.GB19238@jasmine.lan> References: <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org> <87wp7ulftb.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="mvpLiMfbWzRoNl4x" Content-Disposition: inline In-Reply-To: <87wp7ulftb.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --mvpLiMfbWzRoNl4x Content-Type: multipart/mixed; boundary="uQr8t48UFsdbeI+V" Content-Disposition: inline --uQr8t48UFsdbeI+V Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Court=E8s wrote: > Leo, let me know when you feel that we should start a new evaluation. First I want to ungraft today's libgcrypt and poppler replacements. I also want to apply the attached patch so we can stop using libgcrypt-1.5 with Shishi, and instead use the latest libgcrypt. This patch does require us to re-bootstrap Shishi, but I think it's worth it if it means we can drop the older libgcrypt package. Does anyone have feedback on this patch? I'll do some local testing of this change in the next few hours and then start the evaluation. --uQr8t48UFsdbeI+V Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="0001-gnu-shishi-Build-with-latest-libgcrypt.patch" Content-Transfer-Encoding: quoted-printable =46rom 83fcaa7aac05f499a985ec02db55458e2d719de3 Mon Sep 17 00:00:00 2001 =46rom: Leo Famulari Date: Thu, 29 Jun 2017 04:11:18 -0400 Subject: [PATCH] gnu: shishi: Build with latest libgcrypt. * gnu/packages/patches/shishi-fix-libgcrypt-detection.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/kerberos.scm (shishi)[source]: Use it. [inputs]: Replace libgcrypt-1.5 with libgcrypt. [native-inputs]: Add bootstrapping inputs. [arguments]: Add a 'bootstrap' phase. * gnu/packages/gnupg.scm (libgcrypt-1.5): Remove variable. --- gnu/local.mk | 1 + gnu/packages/gnupg.scm | 12 -------- gnu/packages/kerberos.scm | 28 ++++++++++++------- .../patches/shishi-fix-libgcrypt-detection.patch | 32 ++++++++++++++++++= ++++ 4 files changed, 51 insertions(+), 22 deletions(-) create mode 100644 gnu/packages/patches/shishi-fix-libgcrypt-detection.pat= ch diff --git a/gnu/local.mk b/gnu/local.mk index b0690eda5..133eb977c 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -986,6 +986,7 @@ dist_patch_DATA =3D \ %D%/packages/patches/scotch-test-threading.patch \ %D%/packages/patches/sdl-libx11-1.6.patch \ %D%/packages/patches/seq24-rename-mutex.patch \ + %D%/packages/patches/shishi-fix-libgcrypt-detection.patch \ %D%/packages/patches/slim-session.patch \ %D%/packages/patches/slim-config.patch \ %D%/packages/patches/slim-sigusr1.patch \ diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm index 9efd32a3f..c5a9a8954 100644 --- a/gnu/packages/gnupg.scm +++ b/gnu/packages/gnupg.scm @@ -115,18 +115,6 @@ generation.") (properties '((ftp-server . "ftp.gnupg.org") (ftp-directory . "/gcrypt/libgcrypt"))))) =20 -(define-public libgcrypt-1.5 - (package (inherit libgcrypt) - (version "1.5.6") - (source - (origin - (method url-fetch) - (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-" - version ".tar.bz2")) - (sha256 - (base32 - "0ydy7bgra5jbq9mxl5x031nif3m6y3balc6ndw2ngj11wnsjc61h")))))) - (define-public libassuan (package (name "libassuan") diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm index 6be7c82bc..20f36d11d 100644 --- a/gnu/packages/kerberos.scm +++ b/gnu/packages/kerberos.scm @@ -23,8 +23,10 @@ =20 (define-module (gnu packages kerberos) #:use-module (gnu packages) + #:use-module (gnu packages autotools) #:use-module (gnu packages bison) #:use-module (gnu packages perl) + #:use-module (gnu packages gettext) #:use-module (gnu packages gnupg) #:use-module (gnu packages libidn) #:use-module (gnu packages linux) @@ -32,6 +34,7 @@ #:use-module (gnu packages compression) #:use-module (gnu packages databases) #:use-module (gnu packages readline) + #:use-module (gnu packages texinfo) #:use-module (gnu packages tls) #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages) @@ -104,25 +107,30 @@ cryptography.") (method url-fetch) (uri (string-append "mirror://gnu/shishi/shishi-" version ".tar.gz")) + (patches (search-patches "shishi-fix-libgcrypt-detection.patch")) (sha256 (base32 "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d")))) (build-system gnu-build-system) - (native-inputs `(("pkg-config" ,pkg-config))) + (arguments + `(#:phases + (modify-phases %standard-phases + (add-before 'configure 'bootstrap + (lambda _ (zero? (system* "autoreconf" "-vfi"))))))) + (native-inputs `(("pkg-config" ,pkg-config) + ;; XXX For bootstrapping. Remove for the next Shishi + ;; release after 1.0.2. + ("autoconf" ,autoconf) + ("automake" ,automake) + ("gettext" ,gnu-gettext) + ("libtool" ,libtool) + ("texinfo" ,texinfo))) (inputs `(("gnutls" ,gnutls) ("libidn" ,libidn) ("linux-pam" ,linux-pam-1.2) ("zlib" ,zlib) - ;; libgcrypt 1.6 fails because of the following test: - ;; #include - ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c - ;; will fail on startup if we don't have 1.4.4 or later, so - ;; test for it early. */ - ;; #if !defined GCRY_MODULE_ID_USER - ;; error too old libgcrypt - ;; #endif - ("libgcrypt" ,libgcrypt-1.5) + ("libgcrypt" ,libgcrypt) ("libtasn1" ,libtasn1))) (home-page "https://www.gnu.org/software/shishi/") (synopsis "Implementation of the Kerberos 5 network security system") diff --git a/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch b/gn= u/packages/patches/shishi-fix-libgcrypt-detection.patch new file mode 100644 index 000000000..3db42feac --- /dev/null +++ b/gnu/packages/patches/shishi-fix-libgcrypt-detection.patch @@ -0,0 +1,32 @@ +Fix building of Shishi with libgcrypt 1.6 and later. + +Patch copied from Debian: + +https://anonscm.debian.org/cgit/collab-maint/shishi.git/tree/debian/patche= s/fix_gcrypt_detection.diff?id=3D948301ae648a542a408da250755aeed58a6e3542 + +Description: Fix autoconf gnutls detection to also accept gcrypt 1.6. +Author: Andreas Metzler +Bug-Debian: http://bugs.debian.org/753150 +Origin: vendor +Forwarded: no +Last-Update: 2014-07-18 + +--- shishi-1.0.2.orig/gl/m4/gc.m4 ++++ shishi-1.0.2/gl/m4/gc.m4 +@@ -12,10 +12,12 @@ AC_DEFUN([gl_GC], + if test "$libgcrypt" !=3D no; then + AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [ + #include +-/* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c +- will fail on startup if we don't have 1.4.4 or later, so +- test for it early. */ +-#if !defined GCRY_MODULE_ID_USER ++/* gc-libgcrypt.c will fail on startup if we don't have libgcrypt 1.4.4 or ++ later, test for it early. by checking for either ++ - GCRY_MODULE_ID_USER which was added in 1.4.4 and dropped in 1.6 or ++ - GCRYPT_VERSION_NUMBER which was added in 1.6. ++ */ ++#if !defined GCRY_MODULE_ID_USER && !defined GCRYPT_VERSION_NUMBER + error too old libgcrypt + #endif + ]) --=20 2.13.2 --uQr8t48UFsdbeI+V-- --mvpLiMfbWzRoNl4x Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllVaxUACgkQJkb6MLrK fwjndhAAujyAiKSOP/IVIiiSBGUqAfGz7KAZiDdehfUiUzzsi86wfQjTYfFAi3Ah nPC6cnssr0kH7xqjjJmjI+yH3NZFqD5k3W80Cbz4Gt1mcSnLEMD+2rrhVGByrPDr 66pr3IlpK0sXiQhFyk4RYxpt4fRv715qUCN0IbiO3Upqi2PZ7dPhiXKODA+Co7wv UXAvU8WS3mam2MIdmugkUtPgYNSblgz2vavYpCavlDPy+4kSO6Aclc5MFD6DHS3T oYwo4pKZHR0BNrj8bM2pWk8AdA4RsnVhST6p9NaeNxMNLm/wzV3aGiyOWAuQ0J6D lW+t+i7u6qL0NvyA9FxCHhNH16LuUD7OphAXPWP7bo63SqvJIDuwXvXvK2jeVLZx /8d9ig6tMhFrbpWmN3/KZ0blFOFdpXQpkYY+FF4HQ+KoROF2V0MOpSvToPsoFPDB 2btA19el93inYiRSZmlusDkeUGsbjw0njZCzFPFD+E7XiBT1F1fumG6NpYeX8DGu eU3QGRq+b6fPhTTinfUo+L43a6VKK97go2l69VvWIN0Jw4UZVA5nPPndpjXnZ5Zh fvAs70kzd6TFn7a5gZTBpHSoBurcsajNx1o1mnw8Whl5FD37ZMi+IOyD4SbzCudn rpHaNI9sNeL8/mfJEa2BXfX11GpxXpRxWx07uyq511mCGCi2Beo= =s2UX -----END PGP SIGNATURE----- --mvpLiMfbWzRoNl4x-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)] Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 29 Jun 2017 22:29:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: Mark H Weaver , 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14987752938619 (code B ref 27429); Thu, 29 Jun 2017 22:29:01 +0000 Received: (at 27429) by debbugs.gnu.org; 29 Jun 2017 22:28:13 +0000 Received: from localhost ([127.0.0.1]:45126 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQhv3-0002Ew-6n for submit@debbugs.gnu.org; Thu, 29 Jun 2017 18:28:13 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56566) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQhuz-0002Ei-6U for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 18:28:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQhup-0004Tt-WB for 27429@debbugs.gnu.org; Thu, 29 Jun 2017 18:28:03 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:47298) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQhup-0004Tk-Rv; Thu, 29 Jun 2017 18:27:59 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:52654 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dQhup-00070Q-50; Thu, 29 Jun 2017 18:27:59 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170620071857.GA2768@macbook42.flashner.co.il> <87shiumj05.fsf@netris.org> <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org> <87wp7ulftb.fsf@gnu.org> <20170629210317.GB19238@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 Messidor an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Fri, 30 Jun 2017 00:27:57 +0200 In-Reply-To: <20170629210317.GB19238@jasmine.lan> (Leo Famulari's message of "Thu, 29 Jun 2017 17:03:17 -0400") Message-ID: <8760fesa36.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Thu, Jun 29, 2017 at 10:06:08PM +0200, Ludovic Court=C3=A8s wrote: >> Leo, let me know when you feel that we should start a new evaluation. > > First I want to ungraft today's libgcrypt and poppler replacements. > > I also want to apply the attached patch so we can stop using > libgcrypt-1.5 with Shishi, and instead use the latest libgcrypt. This > patch does require us to re-bootstrap Shishi, but I think it's worth it > if it means we can drop the older libgcrypt package. Does anyone have > feedback on this patch? It=E2=80=99s a good idea. > I'll do some local testing of this change in the next few hours and then > start the evaluation. > > From 83fcaa7aac05f499a985ec02db55458e2d719de3 Mon Sep 17 00:00:00 2001 > From: Leo Famulari > Date: Thu, 29 Jun 2017 04:11:18 -0400 > Subject: [PATCH] gnu: shishi: Build with latest libgcrypt. > > * gnu/packages/patches/shishi-fix-libgcrypt-detection.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/kerberos.scm (shishi)[source]: Use it. > [inputs]: Replace libgcrypt-1.5 with libgcrypt. > [native-inputs]: Add bootstrapping inputs. > [arguments]: Add a 'bootstrap' phase. > * gnu/packages/gnupg.scm (libgcrypt-1.5): Remove variable. [...] > (method url-fetch) > (uri (string-append "mirror://gnu/shishi/shishi-" > version ".tar.gz")) > + (patches (search-patches "shishi-fix-libgcrypt-detection.patch")) > (sha256 > (base32 > "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d")))) > (build-system gnu-build-system) > - (native-inputs `(("pkg-config" ,pkg-config))) > + (arguments > + `(#:phases > + (modify-phases %standard-phases > + (add-before 'configure 'bootstrap > + (lambda _ (zero? (system* "autoreconf" "-vfi"))))))) > + (native-inputs `(("pkg-config" ,pkg-config) > + ;; XXX For bootstrapping. Remove for the next Shishi > + ;; release after 1.0.2. > + ("autoconf" ,autoconf) > + ("automake" ,automake) > + ("gettext" ,gnu-gettext) > + ("libtool" ,libtool) > + ("texinfo" ,texinfo))) I think you can achieve the same result but without adding these dependencies etc. just by adding: #:configure-flags '("ac_cv_libgcrypt=3Dyes") which I think is marginally better (but no big deal). Thanks, Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)] Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 30 Jun 2017 06:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.149880524023679 (code B ref 27429); Fri, 30 Jun 2017 06:48:01 +0000 Received: (at 27429) by debbugs.gnu.org; 30 Jun 2017 06:47:20 +0000 Received: from localhost ([127.0.0.1]:45385 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQpi4-00069q-2K for submit@debbugs.gnu.org; Fri, 30 Jun 2017 02:47:20 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:39867) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQpi1-00069h-MU for 27429@debbugs.gnu.org; Fri, 30 Jun 2017 02:47:18 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 63ED120D42; Fri, 30 Jun 2017 02:47:17 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Fri, 30 Jun 2017 02:47:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=qD+sxRkjO0KukpAPmPwHX0h8XaV8TDCKQ/6aOM qrOHE=; b=0UFDI3KHlRiGQiEW6yaG/Eyvz3ASn3yv3cTwcDwMnRMGoaKo0EOrP5 u2ROMStdkeuvQ2Wfc1sSHR+zXBaT7xD1tqdSVQrYedEybWAOOzEXuREtNVpYFuFr pX7cWaBANOXSEvqUnju7Z7KHJA05uHBIMi0tYe/Id2NsQt4Bd0znY= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=qD+sxRkjO0KukpAPmP wHX0h8XaV8TDCKQ/6aOMqrOHE=; b=dBTDlar6wumcxkMivHDLtzcme02wQoPqJ6 K8vnHzmCXHQyeMRoYoGIA5+JJh3mhwRbD9kWlCAzGn9q4yLrjfTGUWrRA67ZjpMc i4lWOwIqz72/PiGdzJa7yF5FkMPFdYfOUywvdnJsHTq09L1HoWJJbVm/By75yd/U 1haX6iVOnfukq14MRgNsu5ax7tGyYjB+dITjDP67bbJka9hQ7Ue4Tv1ot7K7OKut x/f2CyHV/akg1fltNalvCQE4hkF9/y7aBqB5+35xOHYXgiQcHiamz4zGDpV68Hl4 JD7lzbVVH376ucuWf4RodSjVMm1NUOZrmlpjzurpjSniMj0t5JpQ== X-ME-Sender: X-Sasl-enc: 5mXVTQ3SKYHIohU6AusQKnKwxeGSsEfUQbT5AilJdT49 1498805237 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 170C3240F6; Fri, 30 Jun 2017 02:47:17 -0400 (EDT) Date: Fri, 30 Jun 2017 02:47:14 -0400 From: Leo Famulari Message-ID: <20170630064714.GA13156@jasmine.lan> References: <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org> <87wp7ulftb.fsf@gnu.org> <20170629210317.GB19238@jasmine.lan> <8760fesa36.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline In-Reply-To: <8760fesa36.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 30, 2017 at 12:27:57AM +0200, Ludovic Court=E8s wrote: > > - (native-inputs `(("pkg-config" ,pkg-config))) > > + (arguments > > + `(#:phases > > + (modify-phases %standard-phases > > + (add-before 'configure 'bootstrap > > + (lambda _ (zero? (system* "autoreconf" "-vfi"))))))) > > + (native-inputs `(("pkg-config" ,pkg-config) > > + ;; XXX For bootstrapping. Remove for the next Shi= shi > > + ;; release after 1.0.2. > > + ("autoconf" ,autoconf) > > + ("automake" ,automake) > > + ("gettext" ,gnu-gettext) > > + ("libtool" ,libtool) > > + ("texinfo" ,texinfo))) >=20 > I think you can achieve the same result but without adding these > dependencies etc. just by adding: >=20 > #:configure-flags '("ac_cv_libgcrypt=3Dyes") >=20 > which I think is marginally better (but no big deal). Yes, that's better. I built Shishi and GSS with it locally, pushed, and started a core-updates evaluation. But I don't know if we will hit this evaluation failure also on core-updates since I merged master: https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00349.html --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllV8/IACgkQJkb6MLrK fwiD5A//W3Dvjc2ospN+Nk9KcPle/2dX6q0AkuSoLjMgqnR1Ii4NMKffJtI1Cgyz 9xDGayrf77AYKi3bev671gQ5XDq5syEjFrBkIbRdnZBuhwb2bHTituDS9NBSBm1E XZn/RHTOhKi1+cHZJHlLiAg1bv31ReoaxbWz+3EDqAkFwoJrkbkID6XC4mm9JIOO j7BWYtPaChPwewICOh96FSn5NFFbefpt3UTGecSjiB6vof1DApvX/XoFxCUwpdY0 4/SDTJRXuiFE4BPOpUpl9Geibjqxe4ZkWCSQDUzPzR12DW/14nrf5Yw5WV66KlCc iOIjluk2mbUUo87LHZHsOigDh1o/OinVyDkUM8v+w/Xoyh3mGqCn9MDtuSoigOr8 w23TkagnHyu3tXz9xrm+F06Oz7g+me4xphENRmkyFOSoGm1SOE0dxH6SWKUgS2he jSyziOGyOs844xB09qRTkok6EH5n0rX/QBnZuTIUlUJ8Wk3ihdNqVYLSPwoUNv7r Xh1/JZp8TdQ+lR+3vQLi0T8wjY36kUTZydKhzDgVAGHzGfln5hg5BzYF7YaNXqbj b6UDptywWXstlb4seM/h3M3+S8MxK0Cc0yIwH0PRu/th7PoxQZETjYP9mxDfZQLM bgOPOHc3w26C/Slv3WSRbA9aTYcAPXVf8HeqFiL/v1EXKL+Q/l4= =oszP -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: core-updates and shishi [was Re: bug#27429: Stack clash (CVE-2017-1000366 etc)] Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 30 Jun 2017 13:00:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.14988275642321 (code B ref 27429); Fri, 30 Jun 2017 13:00:03 +0000 Received: (at 27429) by debbugs.gnu.org; 30 Jun 2017 12:59:24 +0000 Received: from localhost ([127.0.0.1]:45610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQvW7-0000bM-LZ for submit@debbugs.gnu.org; Fri, 30 Jun 2017 08:59:23 -0400 Received: from eggs.gnu.org ([208.118.235.92]:49651) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dQvW5-0000b1-FX for 27429@debbugs.gnu.org; Fri, 30 Jun 2017 08:59:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dQvVx-0006LJ-B2 for 27429@debbugs.gnu.org; Fri, 30 Jun 2017 08:59:16 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40416) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dQvVx-0006LE-7b; Fri, 30 Jun 2017 08:59:13 -0400 Received: from [193.50.110.99] (port=56832 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dQvVw-00055o-LG; Fri, 30 Jun 2017 08:59:12 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170621084134.GA2870@macbook42.flashner.co.il> <20170621095045.GB2870@macbook42.flashner.co.il> <20170621235227.GA4510@jasmine.lan> <20170622000336.GB4510@jasmine.lan> <87zid0iksk.fsf@netris.org> <87mv8rqcuu.fsf@gnu.org> <87h8yyn696.fsf@netris.org> <87wp7ulftb.fsf@gnu.org> <20170629210317.GB19238@jasmine.lan> <8760fesa36.fsf@gnu.org> <20170630064714.GA13156@jasmine.lan> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 12 Messidor an 225 de la =?UTF-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Fri, 30 Jun 2017 14:59:10 +0200 In-Reply-To: <20170630064714.GA13156@jasmine.lan> (Leo Famulari's message of "Fri, 30 Jun 2017 02:47:14 -0400") Message-ID: <87injdmy1t.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > On Fri, Jun 30, 2017 at 12:27:57AM +0200, Ludovic Court=C3=A8s wrote: >> > - (native-inputs `(("pkg-config" ,pkg-config))) >> > + (arguments >> > + `(#:phases >> > + (modify-phases %standard-phases >> > + (add-before 'configure 'bootstrap >> > + (lambda _ (zero? (system* "autoreconf" "-vfi"))))))) >> > + (native-inputs `(("pkg-config" ,pkg-config) >> > + ;; XXX For bootstrapping. Remove for the next Sh= ishi >> > + ;; release after 1.0.2. >> > + ("autoconf" ,autoconf) >> > + ("automake" ,automake) >> > + ("gettext" ,gnu-gettext) >> > + ("libtool" ,libtool) >> > + ("texinfo" ,texinfo))) >>=20 >> I think you can achieve the same result but without adding these >> dependencies etc. just by adding: >>=20 >> #:configure-flags '("ac_cv_libgcrypt=3Dyes") >>=20 >> which I think is marginally better (but no big deal). > > Yes, that's better. I built Shishi and GSS with it locally, pushed, and > started a core-updates evaluation. OK. > But I don't know if we will hit this evaluation failure also on > core-updates since I merged master: > > https://lists.gnu.org/archive/html/guix-devel/2017-06/msg00349.html Oops indeed. I fixed it in master and merged the fixed. New evaluation pending. Thanks, Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27429: Stack clash (CVE-2017-1000366 etc) Resent-From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Thu, 20 Jul 2017 15:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27429 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Leo Famulari Cc: 27429@debbugs.gnu.org Received: via spool by 27429-submit@debbugs.gnu.org id=B27429.150056606028202 (code B ref 27429); Thu, 20 Jul 2017 15:55:02 +0000 Received: (at 27429) by debbugs.gnu.org; 20 Jul 2017 15:54:20 +0000 Received: from localhost ([127.0.0.1]:49943 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dYDmO-0007Ko-Kc for submit@debbugs.gnu.org; Thu, 20 Jul 2017 11:54:20 -0400 Received: from eggs.gnu.org ([208.118.235.92]:48544) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dYDmN-0007Kb-7w for 27429@debbugs.gnu.org; Thu, 20 Jul 2017 11:54:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dYDmD-0002vM-DZ for 27429@debbugs.gnu.org; Thu, 20 Jul 2017 11:54:14 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:59978) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dYDmD-0002up-A8; Thu, 20 Jul 2017 11:54:09 -0400 Received: from [193.50.110.220] (port=39938 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dYDmC-0006q5-Mn; Thu, 20 Jul 2017 11:54:09 -0400 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) References: <20170619222550.GA29289@jasmine.lan> Date: Thu, 20 Jul 2017 17:54:06 +0200 In-Reply-To: <20170619222550.GA29289@jasmine.lan> (Leo Famulari's message of "Mon, 19 Jun 2017 18:25:50 -0400") Message-ID: <87mv7zqf35.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) Leo Famulari skribis: > This is a place to discuss the "stack crash" bugs as they apply to our > packages. > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-1000366 > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt I think we can close this bug now, can=E2=80=99t we? Ludo=E2=80=99. From unknown Sun Jun 22 11:45:03 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Leo Famulari Subject: bug#27429: closed (Re: bug#27429: Stack clash (CVE-2017-1000366 etc)) Message-ID: References: <20170720191324.GB18030@jasmine.lan> <20170619222550.GA29289@jasmine.lan> X-Gnu-PR-Message: they-closed 27429 X-Gnu-PR-Package: guix Reply-To: 27429@debbugs.gnu.org Date: Thu, 20 Jul 2017 19:14:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1500578042-21036-1" This is a multi-part message in MIME format... ------------=_1500578042-21036-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #27429: Stack clash (CVE-2017-1000366 etc) which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 27429@debbugs.gnu.org. --=20 27429: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D27429 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1500578042-21036-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 27429-done) by debbugs.gnu.org; 20 Jul 2017 19:13:26 +0000 Received: from localhost ([127.0.0.1]:50023 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dYGt4-0005SO-KB for submit@debbugs.gnu.org; Thu, 20 Jul 2017 15:13:26 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:49353) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dYGt3-0005SG-FU for 27429-done@debbugs.gnu.org; Thu, 20 Jul 2017 15:13:25 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4DA4F20A22; Thu, 20 Jul 2017 15:13:25 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Thu, 20 Jul 2017 15:13:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=qiWgCz1NWq0BibBKgQEW5RZhGE3MyNSyaJjaYH tHQOw=; b=aY3pXExPBuG2GVmUkqcvtz4oLLHpWMZ0uGc7Wa1jwrIluV4IJGVCsA jkL1jroLleA+1+6giLz3UQ9fiea/vsFrobVEWbn+myiSOZLo7G05vEOVHPpJjtwQ 0z005xpyvZnmZOhFfZN0F7xbbQm4HQXA81oAeEvgKMwcRpMzKNDtE= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=qiWgCz1NWq0BibBKgQ EW5RZhGE3MyNSyaJjaYHtHQOw=; b=PkmfnGtxL50XdmtUUS1toRPAT5MK74mWqx tCXlR8hBnlsOfXJEJUcsGqiit3cewQKE4AQFW9qAeUL7jJeh9zexYkCZoHEuqK+Z jRk8YSFAL1lx7MmSerezDpk+9GUK56S8VKWgjO1Auin9i4NMM01mnj9+zOCY440Z u6VRWDJWiWs+8FBFmtH0W3Ov2PAfAKAGc+i1aNLueGjemLA8t/8TvsWMjHY2I5wI baJMY6JNAs1YIGKZi2j+19T5Belwtp5WrZrcEQT/65WRO3fCIHO0vlBup1oPQfVg 42ctX4FjZ1plVlhT+bjeshjrtF4ak0Dq997XvcZthMTkbyzBivHg== X-ME-Sender: X-Sasl-enc: ZDQj40J+XV2C5rEbdeFdZSAFuqOyMm0ISNmUOVrkLXud 1500578005 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 0CB3C24250; Thu, 20 Jul 2017 15:13:25 -0400 (EDT) Date: Thu, 20 Jul 2017 15:13:24 -0400 From: Leo Famulari To: Ludovic =?iso-8859-1?Q?Court=E8s?= Subject: Re: bug#27429: Stack clash (CVE-2017-1000366 etc) Message-ID: <20170720191324.GB18030@jasmine.lan> References: <20170619222550.GA29289@jasmine.lan> <87mv7zqf35.fsf@gnu.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="uZ3hkaAS1mZxFaxD" Content-Disposition: inline In-Reply-To: <87mv7zqf35.fsf@gnu.org> User-Agent: Mutt/1.8.3 (2017-05-23) X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 27429-done Cc: 27429-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) --uZ3hkaAS1mZxFaxD Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 20, 2017 at 05:54:06PM +0200, Ludovic Court=C3=A8s wrote: > Leo Famulari skribis: >=20 > > This is a place to discuss the "stack crash" bugs as they apply to our > > packages. > > > > https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-1000366 > > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt >=20 > I think we can close this bug now, can=E2=80=99t we? Yeah, I'm closing it. I think the various mitigations we applied will change and improve over time, but they can be discussed elsewhere once we know what they are. --uZ3hkaAS1mZxFaxD Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllxANQACgkQJkb6MLrK fwhjmw/+OzoVTkRClBtQsv0bxWr/rhKJQfTeQkwnkJT8WkoGcRoj3CvuuegntZP3 ld2kpxABWqudVD3Qd9CcieKTBTarmY0Lpbk4E9ybeF9EZV9tpiX71r2QCgvY/UDO GnG7LHYCQgBatnYY/eienMtKXldbGjGoYHqjgs38YFL8MyuMAtkzMzaW+wKkdBFw t52QoLN1PI0Y3++8lZWZToXqWfVpoPZULBQrSFsJa//RdBM0mcMg2QalDHqDsZb8 VY6IliivB6Y6zOTus/N5JrKRtF/6eYswby22RCJMYrHZbGccqSFYz45iaif7tYIR aXz2CZdL4axowBFVKmn/Nx4uNDyYEewFZTEZXk0qjfalO/Y21RmHzGb+4zCi78ts oCVPJRCmjYGHIQSNrWA86EF/SZ3mu2aEa8ELWHAq7EV0OXnDPo3WlsVErOJLiut9 U29B5w26hSG6eJ8d96ZTkg5kVtawfM2w0WymoZcbv7OIRprraWmFVtQJlxeShYj+ wRQ3DnblDy8xiewnTxqKP0/GBwb+SNTZlONkx+yVuNN33Birl9QI3nL5tBFXieZ4 wSonAU6Til4lu6nT68knyTasQfygn9PSxrH2u8L1Y9e4K8vDygZ+IaR1yNTv8b7D ErzB/NFkVLtfE8x8B5fcLRnjWt2g8hpr9FqwlmCY4AEG+jTmASI= =HpOQ -----END PGP SIGNATURE----- --uZ3hkaAS1mZxFaxD-- ------------=_1500578042-21036-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 19 Jun 2017 22:26:05 +0000 Received: from localhost ([127.0.0.1]:56682 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN57V-00066S-2L for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:26:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:53889) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dN57S-00065y-OU for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:26:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN57M-0003JR-NL for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:25:57 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:58165) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN57M-0003JK-JV for submit@debbugs.gnu.org; Mon, 19 Jun 2017 18:25:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44838) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dN57L-0003DV-F1 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dN57I-0003Gc-SB for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:55 -0400 Received: from out4-smtp.messagingengine.com ([66.111.4.28]:36253) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dN57I-0003Et-66 for bug-guix@gnu.org; Mon, 19 Jun 2017 18:25:52 -0400 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 547C820BC3; Mon, 19 Jun 2017 18:25:51 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Mon, 19 Jun 2017 18:25:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=content-type:date:from:message-id:mime-version:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=lUc bs5qdDp2sJUwf02+VlMcKQK0KznzAIOPRW55ZnW8=; b=lololZFQMhcSh0+OkhN yiagGmB3iO9knb9aWSO8j1xvsGsLKjeBGhEAYUPiSYb4/riwZ4YBGAZbMDUO8Sgy 6FL6XI3Ow2t7tiK7NTCVZzLgZoGOVzHn1m/t75J5jLk8a3cAJacMG6Zfv6rKdzoj lb/7Qz25f/FJALb6rUx/TSmU= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:message-id :mime-version:subject:to:x-me-sender:x-me-sender:x-sasl-enc :x-sasl-enc; s=fm1; bh=lUcbs5qdDp2sJUwf02+VlMcKQK0KznzAIOPRW55Zn W8=; b=My0034r2equOSs5A7dYXZ1Ad7NPe44GkOj21ZF+vJjUQD1JIjPYbcLHUb vW658rTWEt1jsE4t4ReGKX9t4AFE39oHnDG6IvD58DcRPsU9Ssl2pYNPd+VIr29Q H/8RCXr7mPMt5qv/RoG/Vy7SmaTMVcxZWvnANm5j4ggWgjCZd2bwdnwhyWZmX2Um nDo6pDacXX3AmmN2pjMEMLhdCRdA8J6bB/Rv7/g6xhtyQG6AEeCF3iDxXIcN409b FfmPtBRU0xfmagV+Re2lcXQGkmmR9jH0WqiucvNfSTikCLQdH9NjaYX1Gi3QbU5x EDdfSb46wR38mNToZUf8kRz7WHnLw== X-ME-Sender: X-Sasl-enc: FM6zQbOrTWwQTcdiF3heAZ8STDqiJrxHolKXqPnhetZz 1497911151 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 129DD7E545 for ; Mon, 19 Jun 2017 18:25:51 -0400 (EDT) Date: Mon, 19 Jun 2017 18:25:50 -0400 From: Leo Famulari To: bug-guix@gnu.org Subject: Stack clash (CVE-2017-1000366 etc) Message-ID: <20170619222550.GA29289@jasmine.lan> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="BXVAT5kNtrzKuDFl" Content-Disposition: inline User-Agent: Mutt/1.8.3 (2017-05-23) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -2.4 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.4 (--) --BXVAT5kNtrzKuDFl Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This is a place to discuss the "stack crash" bugs as they apply to our packages. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000366 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt --BXVAT5kNtrzKuDFl Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllIT2oACgkQJkb6MLrK fwgcVxAAwDdV1X/XqNDGjbBvaqWB6ZhCMHA6yI3OukdtkmEoO+SHcXcdJdVjfHUJ JdD4nRPEvowrHY4CSm1ls5AOgKYcL3MVZHGz+cDYs+Lo4gbdCnM87d1/6HqmyLKc p6xydZ1DfY3dIIraOGZ/cb9Y7a49WDnjl/b9wzEAuL/YIS5uDWr2W7VIJeTXR18z dcHb8UNfKmFjAg1dHQgxSenjl5Q0fUKlzjH5cwmX7x8WHepJrY51CKfbLDazGx2r 86azNANb0Mh7uPPhGxEgTbn0e2yiMbGGChYeohmbG0/SaWTRTxMV9JbdBdn2WJUy HHHevWvMp+FOlHKU/hcmqrHQkFTAYfgkSzdrk1d8t/rIL3N80ZxFrmb7KHXW6unH Lwnv7p+XLhTFkNIpF8/TR9XyWcoldBsltDP85pQmZAFoYfqPxsuVNie/9pWAdy7d 40sdeyHEMJqcC/PwDXmAoLluHLXfBWQ7w94gD4GxLjIp83vS+nERSvWNCrkN8NxP a5KS5F5iK0uLyGNJWKk8zm4WlmceupEhDuyRyTAv58L2IxINPxzIYao+1FmHR6yM dcIPiQmD7UJ3d6MoaUi9i9jclDXA3xHmtywcicYkHSLJ4elYLU4frej3M7JLxurt zjbrGy4TDYdKXI8UU8Cl10fTtCMXT+WbZrWlHD2BoTMTXemF7wI= =ypcD -----END PGP SIGNATURE----- --BXVAT5kNtrzKuDFl-- ------------=_1500578042-21036-1--