gnu: glibc: Graft with fix for unsafe env variable [security-fixes].

Before this change, the environment variable GUIX_LOCPATH is not in the unsafe variable list, meaning that it is not unset in a privileged environment. This could lead to potential security issues. A CVE number is pending for this issue. A similar upstream glibc issue was CVE-2023-4911. * gnu/packages/base.scm (glibc)[replacement]: Add field to graft with ... (glibc/fixed): ... this new package. * gnu/packages/patches/glibc-guix-locpath.patch: New file. * gnu/local.mk (dist_patch_DATA): Register it. Change-Id: I74d87ce543bfba7d5f424efb2b87926ca336c725 Reported-by: "Stefan" <stefan-guix@vodafonemail.de>
author: John Kehayias <john@guixotic.coop> 2026-02-15 23:35:20 -0500
committer: John Kehayias <john@guixotic.coop> 2026-02-20 01:08:07 -0500
commit: d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b (patch)
tree: 06b4790f823dbadf067b06783c03216317849b21 /gnu/local.mk
parent: 86c4c0797115047155701083eee30163904f36ed (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 195448c6a70..797e063c759 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1482,6 +1482,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-cross-objcopy.patch		\
   %D%/packages/patches/glibc-cross-objdump.patch		\
   %D%/packages/patches/glibc-dl-cache.patch			\
+  %D%/packages/patches/glibc-guix-locpath.patch			\
   %D%/packages/patches/glibc-hidden-visibility-ldconfig.patch	\
   %D%/packages/patches/glibc-hurd-clock_gettime_monotonic.patch	\
   %D%/packages/patches/glibc-hurd-clock_t_centiseconds.patch	\
author	John Kehayias <john@guixotic.coop>	2026-02-15 23:35:20 -0500
committer	John Kehayias <john@guixotic.coop>	2026-02-20 01:08:07 -0500
commit	d659fe8666c4bc38fcbdbe7b7a35101f2d7cc41b (patch)
tree	06b4790f823dbadf067b06783c03216317849b21 /gnu/local.mk
parent	86c4c0797115047155701083eee30163904f36ed (diff)