I had added the audit_suid.patch some time ago, and at some point niksnut added
this ignore-origin.patch. I think both fix the situation, the
ignore-origin.patch being released sooner than the audit_suid. As the
ignore-origin-patch is not in the recent glibc, it makes me think it was a quick
solution to the vulnerability, later properly fixed.
I remove, then, the ignore-origin.patch. We can check later if we remain
vulnerable.
svn path=/nixpkgs/branches/stdenv-updates/; revision=25110
I also update the url for the ports to take the upstream tarball instead of a
copy I had in vicerveza.
svn path=/nixpkgs/branches/stdenv-updates/; revision=25108
It gets linked to libgcc_s (shared lib) unless doing the trick I thought feasible of
telling 'configure' that the linker does not support "as-needed".
I found this reading their 'configure' script.
We don't want nscd linked to libgcc because that would make glibc dependant on the
previous gcc. This only happens on armv5tel, for the supported platforms.
svn path=/nixpkgs/branches/stdenv-updates/; revision=24959
Building with gcc 4.4 as minimum was needed, and not this patch.
http://sourceware.org/bugzilla/show_bug.cgi?id=12123
I uploaded new i686-linux bootstrap-tools with gcc 4.5.1, but I'll not update
the i686 reference to those bootstrap-tools until they are reachable by http.
The bootstrap-tools we used until now had gcc 4.3, said not to be able to build
glibc 2.12.1.
Meanwhile other platforms can go on building this glibc already without the
patch.
svn path=/nixpkgs/branches/stdenv-updates/; revision=24522
- our gcc should not bring libssp, because glibc provides __stack_chk_fail
already. libssp is only for some non-glibc systems.
The gcc configure script was not finding the header files of our glibc, so
it assumed it did not provide __stack_chk_fail. I wrote code in the builder
that patches the gcc/configure script properly for that.
As a consequence, the glibc does not need anymore the "nscd-ssp-linking"
patch, and we have a saner gcc (without libssp when using -fstack-protector)
- Instead of disabling the sse42 strstr() implementation in glibc due to the
bug http://sourceware.org/bugzilla/show_bug.cgi?id=12123, I provide a better
patch written after more reserach (that I submitted upstream already, and
it's pending review).
svn path=/nixpkgs/branches/stdenv-updates/; revision=24493
It looks like we need it when building the glibc212 attribute using nixpkgs's
gcc, instead of bootstrap-tools'.
svn path=/nixpkgs/branches/stdenv-updates/; revision=24296
expression.
For what I could see from the build log, although it should add a '-lssp', it
did not have any effect in this glibc 2.12.
svn path=/nixpkgs/branches/stdenv-updates/; revision=24156
I removed a patch (mod_nano) already in the release.
I fixed the nix-locale-archive so the programs don't try to modify the /usr
locale-archive (for non-nixos), although the libc may use that archive to show
strings.
I remove the glibc-2.11 void directory.
svn path=/nixpkgs/branches/stdenv-updates/; revision=23302
