diff --git a/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch b/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch new file mode 100644 index 000000000000..2c558f53b735 --- /dev/null +++ b/pkgs/development/libraries/glibc/2.27-CVE-2019-19126.patch @@ -0,0 +1,18 @@ +Adapted from https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=4d5cfeb510125345cb41431afc9022492994cffa, omitting changes to NEWS +diff --git a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +index 1943691..ac694c0 100644 +--- a/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h ++++ b/sysdeps/unix/sysv/linux/x86_64/64/dl-librecon.h +@@ -31,7 +31,8 @@ + environment variable, LD_PREFER_MAP_32BIT_EXEC. */ + #define EXTRA_LD_ENVVARS \ + case 21: \ +- if (memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ ++ if (!__libc_enable_secure \ ++ && memcmp (envline, "PREFER_MAP_32BIT_EXEC", 21) == 0) \ + GLRO(dl_x86_cpu_features).feature[index_arch_Prefer_MAP_32BIT_EXEC] \ + |= bit_arch_Prefer_MAP_32BIT_EXEC; \ + break; +-- +2.9.3 + diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index edf4d135aba7..32be2205bcc1 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -98,7 +98,10 @@ stdenv.mkDerivation ({ # https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f51c8367685dc888a02f7304c729ed5277904aff ./CVE-2018-11237.patch ] - ++ lib.optional stdenv.isx86_64 ./fix-x64-abi.patch + ++ lib.optionals stdenv.isx86_64 [ + ./fix-x64-abi.patch + ./2.27-CVE-2019-19126.patch + ] ++ lib.optional stdenv.hostPlatform.isMusl ./fix-rpc-types-musl-conflicts.patch ++ lib.optional stdenv.buildPlatform.isDarwin ./darwin-cross-build.patch