From 1328c4cca531318e3ed90c6aecb522a5b22a4bcc Mon Sep 17 00:00:00 2001
From: Liliana Marie Prikler <liliana.prikler@gmail.com>
Date: Wed, 4 Oct 2023 21:27:13 +0200
Subject: gnu: glibc: Fix CVE-2023-4911.

* gnu/packages/patches/glibc-2.35-CVE-2023-4911.patch: New file.
* gnu/local.mk: Register it here.
* gnu/packages/base.scm (glibc/fixed): New variable.
(glibc): Use it as replacement.
---
 gnu/packages/base.scm | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'gnu/packages/base.scm')

diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index c0813f7de0..2d8e9143cd 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -793,6 +793,7 @@ (define-public glibc
   (package
    (name "glibc")
    (version "2.35")
+   (replacement glibc/fixed)
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
@@ -1062,6 +1063,15 @@ (define (linker-script? file)
    (license lgpl2.0+)
    (home-page "https://www.gnu.org/software/libc/")))
 
+(define glibc/fixed
+  (package
+    (inherit glibc)
+    (source
+     (origin (inherit (package-source glibc))
+             (patches
+              (append (search-patches "glibc-2.35-CVE-2023-4911.patch")
+                      (origin-patches (package-source glibc))))))))
+
 ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful
 ;; in FHS containers.
 (define-public glibc-for-fhs
-- 
cgit v1.2.3