From e426c3730f66cfbdc776e108437f44452d2a8af2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Mon, 20 Jan 2025 00:32:48 +0100
Subject: [PATCH] DRAFT: gnu: glibc: Update to 2.40.

DRAFT: Need to test (cross-)compilation to GNU/Hurd.

* gnu/packages/base.scm (glibc): Update to 2.40.
[replacement]: Remove.
(%glibc-patches): Update.
(glibc/fixed): Remove.
(glibc-for-fhs): Update patch name.
(glibc-2.29):
* gnu/packages/patches/glibc-2.40-dl-cache.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Change-Id: I2ad5f4eb1a360213f3ee53562b377f8002e4ec82
---
 gnu/local.mk                                  |   3 +-
 gnu/packages/base.scm                         |  36 +-----
 .../patches/glibc-2.40-dl-cache.patch         | 113 ++++++++++++++++++
 3 files changed, 121 insertions(+), 31 deletions(-)
 create mode 100644 gnu/packages/patches/glibc-2.40-dl-cache.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index f4d04c4abb..3b123cba1d 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2012-2024 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012-2025 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2022, 2023, 2024 Andreas Enge <andreas@enge.fr>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
@@ -1437,6 +1437,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-2.33-riscv64-miscompilation.patch	\
   %D%/packages/patches/glibc-2.39-git-updates.patch	\
   %D%/packages/patches/glibc-2.39-fmod-libm-a.patch		\
+  %D%/packages/patches/glibc-2.40-dl-cache.patch		\
   %D%/packages/patches/glibc-CVE-2019-7309.patch		\
   %D%/packages/patches/glibc-CVE-2019-9169.patch		\
   %D%/packages/patches/glibc-CVE-2019-19126.patch		\
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index fc48c9d844..335554084c 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012-2024 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012-2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2019 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver <mhw@netris.org>
@@ -879,10 +879,9 @@ (define* (make-ld-wrapper name #:key
     (license gpl3+)))
 
 (define %glibc-patches
-  (list "glibc-2.39-git-updates.patch"
-        "glibc-ldd-powerpc.patch"
+  (list "glibc-ldd-powerpc.patch"
         "glibc-2.38-ldd-x86_64.patch"
-        "glibc-dl-cache.patch"
+        "glibc-2.40-dl-cache.patch"
         "glibc-2.37-versioned-locpath.patch"
         ;; "glibc-allow-kernel-2.6.32.patch"
         "glibc-reinstate-prlimit64-fallback.patch"
@@ -898,18 +897,17 @@ (define-public glibc
   ;; version 2.28, GNU/Hurd used a different glibc branch.
   (package
    (name "glibc")
-   (version "2.39")
+   (version "2.40")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
             (sha256
              (base32
-              "09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp"))
+              "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r"))
             (patches (map search-patch %glibc-patches))))
    (properties `((lint-hidden-cve . ("CVE-2024-2961"
                                      "CVE-2024-33601" "CVE-2024-33602"
                                      "CVE-2024-33600" "CVE-2024-33599"))))
-   (replacement glibc/fixed)
    (build-system gnu-build-system)
 
    ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -1187,28 +1185,6 @@ (define (linker-script? file)
    (license lgpl2.0+)
    (home-page "https://www.gnu.org/software/libc/")))
 
-(define glibc/fixed
-  (package
-    (inherit glibc)
-    (name "glibc")
-    (version (package-version glibc))
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "git://sourceware.org/git/glibc.git")
-                    ;; This is the latest commit from the
-                    ;; 'release/2.39/master' branch, where CVEs and other
-                    ;; important bug fixes are cherry picked.
-                    (commit "2c882bf9c15d206aaf04766d1b8e3ae5b1002cc2")))
-              (file-name (git-file-name name version))
-              (sha256
-               (base32
-                "111yf24g0qcfcxywfzrilmjxysahlbkzxfimcz9rq8p00qzvvf51"))
-              (patches (map search-patch
-                            (fold (cut delete <...>)
-                                  %glibc-patches
-                                  '("glibc-2.39-git-updates.patch"))))))))
-
 ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful
 ;; in FHS containers.
 (define-public glibc-for-fhs
@@ -1220,7 +1196,7 @@ (define-public glibc-for-fhs
                      ;; directories, re-enabling the default /etc/ld.so.cache
                      ;; behavior.
                      (patches
-                      (delete (search-patch "glibc-dl-cache.patch")
+                      (delete (search-patch "glibc-2.40-dl-cache.patch")
                               (origin-patches (package-source glibc)))))))))
 
 ;; Below are old libc versions, which we use mostly to build locale data in
diff --git a/gnu/packages/patches/glibc-2.40-dl-cache.patch b/gnu/packages/patches/glibc-2.40-dl-cache.patch
new file mode 100644
index 0000000000..d41faa5225
--- /dev/null
+++ b/gnu/packages/patches/glibc-2.40-dl-cache.patch
@@ -0,0 +1,113 @@
+Read the shared library cache relative to $ORIGIN instead of reading
+from /etc/ld.so.cache.  Also arrange so that this cache takes
+precedence over RUNPATH.
+
+diff --git a/elf/dl-cache.c b/elf/dl-cache.c
+index 7c7dc587..19d1d79a 100644
+--- a/elf/dl-cache.c
++++ b/elf/dl-cache.c
+@@ -374,6 +374,52 @@ _dl_cache_libcmp (const char *p1, const char *p2)
+   return *p1 - *p2;
+ }
+ 
++/* Special value representing the lack of an ld.so cache.  */
++static const char ld_so_cache_lacking[] = "/ld.so cache is lacking";
++
++/* Return the per-application ld.so cache, relative to $ORIGIN, or NULL if
++   that fails for some reason.  Do not return the system-wide LD_SO_CACHE
++   since on a foreign distro it would contain invalid information.  */
++static const char *
++ld_so_cache (void)
++{
++  static const char *loader_cache;
++
++  if (loader_cache == NULL)
++    {
++      static const char store[] = @STORE_DIRECTORY@;
++      const char *origin = _dl_get_origin ();
++
++      /* Check whether ORIGIN is something like "/gnu/store/…-foo/bin".  */
++      if (origin != (char *) -1   /* _dl_get_origin reported failure */
++	  && strncmp (store, origin, strlen (store)) == 0
++	  && origin[sizeof store - 1] == '/')
++	{
++	  char *store_item_end = strchr (origin + sizeof store, '/');
++
++	  if (store_item_end != NULL)
++	    {
++	      static const char suffix[] = "/etc/ld.so.cache";
++	      size_t store_item_len = store_item_end - origin;
++
++	      /* Note: We can't use 'malloc' because it can be interposed.
++		 Likewise, 'strncpy' is not available.  */
++	      char *cache = alloca (strlen (origin) + sizeof suffix);
++
++	      strcpy (cache, origin);
++	      strcpy (cache + store_item_len, suffix);
++
++	      loader_cache = __strdup (cache) ?: ld_so_cache_lacking;
++	    }
++	  else
++	    loader_cache = ld_so_cache_lacking;
++	}
++      else
++	loader_cache = ld_so_cache_lacking;
++    }
++
++  return loader_cache;
++}
+ 
+ /* Look up NAME in ld.so.cache and return the file name stored there, or null
+    if none is found.  The cache is loaded if it was not already.  If loading
+@@ -387,12 +433,15 @@ _dl_load_cache_lookup (const char *name)
+ {
+   /* Print a message if the loading of libs is traced.  */
+   if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
+-    _dl_debug_printf (" search cache=%s\n", LD_SO_CACHE);
++    _dl_debug_printf (" search cache=%s\n", ld_so_cache ());
++
++  if (__glibc_unlikely (ld_so_cache () == ld_so_cache_lacking))
++    return NULL;
+ 
+   if (cache == NULL)
+     {
+       /* Read the contents of the file.  */
+-      void *file = _dl_sysdep_read_whole_file (LD_SO_CACHE, &cachesize,
++      void *file = _dl_sysdep_read_whole_file (ld_so_cache (), &cachesize,
+ 					       PROT_READ);
+ 
+       /* We can handle three different cache file formats here:
+diff --git a/elf/dl-load.c b/elf/dl-load.c
+index 8a89b710..b8802e74 100644
+--- a/elf/dl-load.c
++++ b/elf/dl-load.c
+@@ -2038,14 +2038,6 @@ _dl_map_object (struct link_map *loader, const char *name,
+ 			loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
+ 			LA_SER_LIBPATH, &found_other_class);
+ 
+-      /* Look at the RUNPATH information for this binary.  */
+-      if (fd == -1 && loader != NULL
+-	  && cache_rpath (loader, &loader->l_runpath_dirs,
+-			  DT_RUNPATH, "RUNPATH"))
+-	fd = open_path (name, namelen, mode,
+-			&loader->l_runpath_dirs, &realname, &fb, loader,
+-			LA_SER_RUNPATH, &found_other_class);
+-
+ #ifdef USE_LDCONFIG
+       if (fd == -1
+ 	  && (__glibc_likely ((mode & __RTLD_SECURE) == 0)
+@@ -2104,6 +2096,14 @@ _dl_map_object (struct link_map *loader, const char *name,
+ 	}
+ #endif
+ 
++      /* Look at the RUNPATH information for this binary.  */
++      if (fd == -1 && loader != NULL
++	  && cache_rpath (loader, &loader->l_runpath_dirs,
++			  DT_RUNPATH, "RUNPATH"))
++	fd = open_path (name, namelen, mode,
++			&loader->l_runpath_dirs, &realname, &fb, loader,
++			LA_SER_RUNPATH, &found_other_class);
++
+       /* Finally, try the default path.  */
+       if (fd == -1
+ 	  && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL