janneke pushed a commit to branch core-packages-team
in repository guix.
commit a70f88a9261577fb347f507027d2fd622aca1f5d
Author: Ludovic Courtès <[email protected]>
AuthorDate: Mon Jan 20 00:32:48 2025 +0100
DRAFT: gnu: glibc: Update to 2.40.
DRAFT: Need to test (cross-)compilation to GNU/Hurd.
* gnu/packages/base.scm (glibc): Update to 2.40.
[replacement]: Remove.
(%glibc-patches): Update.
(glibc/fixed): Remove.
(glibc-for-fhs): Update patch name.
(glibc-2.29):
* gnu/packages/patches/glibc-2.40-dl-cache.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Change-Id: I2ad5f4eb1a360213f3ee53562b377f8002e4ec82
---
gnu/local.mk | 1 +
gnu/packages/base.scm | 36 ++------
gnu/packages/patches/glibc-2.40-dl-cache.patch | 113 +++++++++++++++++++++++++
3 files changed, 120 insertions(+), 30 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index eb2cb98dbe..b41ab50282 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1443,6 +1443,7 @@ dist_patch_DATA =
\
%D%/packages/patches/glibc-2.33-riscv64-miscompilation.patch \
%D%/packages/patches/glibc-2.39-git-updates.patch \
%D%/packages/patches/glibc-2.39-fmod-libm-a.patch \
+ %D%/packages/patches/glibc-2.40-dl-cache.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \
%D%/packages/patches/glibc-CVE-2019-9169.patch \
%D%/packages/patches/glibc-CVE-2019-19126.patch \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index fc48c9d844..335554084c 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012-2024 Ludovic Courtès <[email protected]>
+;;; Copyright © 2012-2025 Ludovic Courtès <[email protected]>
;;; Copyright © 2014, 2019 Andreas Enge <[email protected]>
;;; Copyright © 2012 Nikita Karetnikov <[email protected]>
;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver <[email protected]>
@@ -879,10 +879,9 @@ the store.")
(license gpl3+)))
(define %glibc-patches
- (list "glibc-2.39-git-updates.patch"
- "glibc-ldd-powerpc.patch"
+ (list "glibc-ldd-powerpc.patch"
"glibc-2.38-ldd-x86_64.patch"
- "glibc-dl-cache.patch"
+ "glibc-2.40-dl-cache.patch"
"glibc-2.37-versioned-locpath.patch"
;; "glibc-allow-kernel-2.6.32.patch"
"glibc-reinstate-prlimit64-fallback.patch"
@@ -898,18 +897,17 @@ the store.")
;; version 2.28, GNU/Hurd used a different glibc branch.
(package
(name "glibc")
- (version "2.39")
+ (version "2.40")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
(sha256
(base32
- "09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp"))
+ "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r"))
(patches (map search-patch %glibc-patches))))
(properties `((lint-hidden-cve . ("CVE-2024-2961"
"CVE-2024-33601" "CVE-2024-33602"
"CVE-2024-33600" "CVE-2024-33599"))))
- (replacement glibc/fixed)
(build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -1187,28 +1185,6 @@ with the Linux kernel.")
(license lgpl2.0+)
(home-page "https://www.gnu.org/software/libc/";)))
-(define glibc/fixed
- (package
- (inherit glibc)
- (name "glibc")
- (version (package-version glibc))
- (source (origin
- (method git-fetch)
- (uri (git-reference
- (url "git://sourceware.org/git/glibc.git")
- ;; This is the latest commit from the
- ;; 'release/2.39/master' branch, where CVEs and other
- ;; important bug fixes are cherry picked.
- (commit "2c882bf9c15d206aaf04766d1b8e3ae5b1002cc2")))
- (file-name (git-file-name name version))
- (sha256
- (base32
- "111yf24g0qcfcxywfzrilmjxysahlbkzxfimcz9rq8p00qzvvf51"))
- (patches (map search-patch
- (fold (cut delete <...>)
- %glibc-patches
- '("glibc-2.39-git-updates.patch"))))))))
-
;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful
;; in FHS containers.
(define-public glibc-for-fhs
@@ -1220,7 +1196,7 @@ with the Linux kernel.")
;; directories, re-enabling the default /etc/ld.so.cache
;; behavior.
(patches
- (delete (search-patch "glibc-dl-cache.patch")
+ (delete (search-patch "glibc-2.40-dl-cache.patch")
(origin-patches (package-source glibc)))))))))
;; Below are old libc versions, which we use mostly to build locale data in
diff --git a/gnu/packages/patches/glibc-2.40-dl-cache.patch
b/gnu/packages/patches/glibc-2.40-dl-cache.patch
new file mode 100644
index 0000000000..d41faa5225
--- /dev/null
+++ b/gnu/packages/patches/glibc-2.40-dl-cache.patch
@@ -0,0 +1,113 @@
+Read the shared library cache relative to $ORIGIN instead of reading
+from /etc/ld.so.cache. Also arrange so that this cache takes
+precedence over RUNPATH.
+
+diff --git a/elf/dl-cache.c b/elf/dl-cache.c
+index 7c7dc587..19d1d79a 100644
+--- a/elf/dl-cache.c
++++ b/elf/dl-cache.c
+@@ -374,6 +374,52 @@ _dl_cache_libcmp (const char *p1, const char *p2)
+ return *p1 - *p2;
+ }
+
++/* Special value representing the lack of an ld.so cache. */
++static const char ld_so_cache_lacking[] = "/ld.so cache is lacking";
++
++/* Return the per-application ld.so cache, relative to $ORIGIN, or NULL if
++ that fails for some reason. Do not return the system-wide LD_SO_CACHE
++ since on a foreign distro it would contain invalid information. */
++static const char *
++ld_so_cache (void)
++{
++ static const char *loader_cache;
++
++ if (loader_cache == NULL)
++ {
++ static const char store[] = @STORE_DIRECTORY@;
++ const char *origin = _dl_get_origin ();
++
++ /* Check whether ORIGIN is something like "/gnu/store/…-foo/bin". */
++ if (origin != (char *) -1 /* _dl_get_origin reported failure */
++ && strncmp (store, origin, strlen (store)) == 0
++ && origin[sizeof store - 1] == '/')
++ {
++ char *store_item_end = strchr (origin + sizeof store, '/');
++
++ if (store_item_end != NULL)
++ {
++ static const char suffix[] = "/etc/ld.so.cache";
++ size_t store_item_len = store_item_end - origin;
++
++ /* Note: We can't use 'malloc' because it can be interposed.
++ Likewise, 'strncpy' is not available. */
++ char *cache = alloca (strlen (origin) + sizeof suffix);
++
++ strcpy (cache, origin);
++ strcpy (cache + store_item_len, suffix);
++
++ loader_cache = __strdup (cache) ?: ld_so_cache_lacking;
++ }
++ else
++ loader_cache = ld_so_cache_lacking;
++ }
++ else
++ loader_cache = ld_so_cache_lacking;
++ }
++
++ return loader_cache;
++}
+
+ /* Look up NAME in ld.so.cache and return the file name stored there, or null
+ if none is found. The cache is loaded if it was not already. If loading
+@@ -387,12 +433,15 @@ _dl_load_cache_lookup (const char *name)
+ {
+ /* Print a message if the loading of libs is traced. */
+ if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
+- _dl_debug_printf (" search cache=%s\n", LD_SO_CACHE);
++ _dl_debug_printf (" search cache=%s\n", ld_so_cache ());
++
++ if (__glibc_unlikely (ld_so_cache () == ld_so_cache_lacking))
++ return NULL;
+
+ if (cache == NULL)
+ {
+ /* Read the contents of the file. */
+- void *file = _dl_sysdep_read_whole_file (LD_SO_CACHE, &cachesize,
++ void *file = _dl_sysdep_read_whole_file (ld_so_cache (), &cachesize,
+ PROT_READ);
+
+ /* We can handle three different cache file formats here:
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index 8a89b710..b8802e74 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -2038,14 +2038,6 @@ _dl_map_object (struct link_map *loader, const char
*name,
+ loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
+ LA_SER_LIBPATH, &found_other_class);
+
+- /* Look at the RUNPATH information for this binary. */
+- if (fd == -1 && loader != NULL
+- && cache_rpath (loader, &loader->l_runpath_dirs,
+- DT_RUNPATH, "RUNPATH"))
+- fd = open_path (name, namelen, mode,
+- &loader->l_runpath_dirs, &realname, &fb, loader,
+- LA_SER_RUNPATH, &found_other_class);
+-
+ #ifdef USE_LDCONFIG
+ if (fd == -1
+ && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
+@@ -2104,6 +2096,14 @@ _dl_map_object (struct link_map *loader, const char
*name,
+ }
+ #endif
+
++ /* Look at the RUNPATH information for this binary. */
++ if (fd == -1 && loader != NULL
++ && cache_rpath (loader, &loader->l_runpath_dirs,
++ DT_RUNPATH, "RUNPATH"))
++ fd = open_path (name, namelen, mode,
++ &loader->l_runpath_dirs, &realname, &fb, loader,
++ LA_SER_RUNPATH, &found_other_class);
++
+ /* Finally, try the default path. */
+ if (fd == -1
+ && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
