New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] glibc: 2.31 -> 2.31-somethingIKnowNotWhatYet [20.09] #103539
Conversation
c82927a
to
cfab198
Compare
ChangeLog: https://sourceware.org/pipermail/libc-announce/2020/000029.html Patches removed: * `rpcgen-path.patch` is obsolete as the support for SunOS RPC has been removed in 2.32[1]. * The vulnerabilities CVE-2020-1752[2] & CVE-2020-10029[3] are fixed in `glibc-2.32`[4][5], thus applying those manually isn't necessary anymore. I also added myself as second maintainer as I'm quite regularly doing `glibc`-related stuff in `nixpkgs`, so let's make this situation official. [1] https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=5500cdba4018ddbda7909bc7f4f9718610b43cf0 [2] https://nvd.nist.gov/vuln/detail/CVE-2020-1752 [3] https://nvd.nist.gov/vuln/detail/CVE-2020-10029 [4] Commit 9333498794cde1d5cca518badf79533a24114b6f (CVE-2020-1752) [5] Commit ddc650e9b3dc916eab417ce9f79e67337b05035c (CVE-2020-10029) (cherry picked from commit 30286eb)
f59000f
to
1c219b6
Compare
There may be packages that this breaks and have additional changes to cherry-pick. |
Yeah, in fact I had to fix ~40 packages during the update to 2.32 (and there were a few more broken). Also I think it's a bad idea to replace such a core component of the OS in a stable release (that is known to have breaking changes in minor releases like the removal of cc @vcunat |
I'm fairly confident that we don't want to upgrade glibc on a stable release. I think the best alternative is to use recent 2.31 branch from upstream. They surely are better at backporting than any of us. |
Ah, here's how one can do such a thing: #100813 |
Sounds good @vcunat - I can take a stab at it but honestly I'm probably not the best person to do it. |
Okay - so I'm the one doing it :-) Marking as WIP and firing up my hydra instance |
Putting it in a new branch/pr so I don't confuse my simple brain. Will reference this PR in the other to cross-reference for history. |
cherry-picked (30286eb)
Motivation for this change
See above: #93992
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)