From 596bf235b6bb666173fbf8dcbbd430f932b2074a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= Date: Thu, 9 Apr 2015 20:41:58 +0200 Subject: [PATCH] glibc: security fix CVE-2014-8121, fixes #7207 --- pkgs/development/libraries/glibc/common.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/development/libraries/glibc/common.nix b/pkgs/development/libraries/glibc/common.nix index 01b60361e8e..9a451d48cbc 100644 --- a/pkgs/development/libraries/glibc/common.nix +++ b/pkgs/development/libraries/glibc/common.nix @@ -77,6 +77,12 @@ stdenv.mkDerivation ({ + '' cat ${./glibc-remove-datetime-from-nscd.patch} \ | sed "s,@out@,$out," | patch -p1 + '' + # CVE-2014-8121, see https://bugzilla.redhat.com/show_bug.cgi?id=1165192 + + '' + substituteInPlace ./nss/nss_files/files-XXX.c \ + --replace 'status = internal_setent (stayopen);' \ + 'status = internal_setent (1);' ''; configureFlags =