mirror/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2025-02-07 11:29:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

DRAFT: gnu: glibc: Update to 2.40.

Browse source 
DRAFT: Need to test (cross-)compilation to GNU/Hurd.

* gnu/packages/base.scm (glibc): Update to 2.40.
[replacement]: Remove.
(%glibc-patches): Update.
(glibc/fixed): Remove.
(glibc-for-fhs): Update patch name.
(glibc-2.29):
* gnu/packages/patches/glibc-2.40-dl-cache.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.

Change-Id: I2ad5f4eb1a360213f3ee53562b377f8002e4ec82
This commit is contained in:
Ludovic Courtès 2025-01-20 00:32:48 +01:00
parent 556a8cd6f9
commit e426c3730f
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 121 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
gnu/local.mk
View file

@ -1,5 +1,5 @@
# GNU Guix --- Functional package management for GNU # GNU Guix --- Functional package management for GNU
# Copyright © 2012-2024 Ludovic Courtès <ludo@gnu.org> # Copyright © 2012-2025 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2022, 2023, 2024 Andreas Enge <andreas@enge.fr> # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2022, 2023, 2024 Andreas Enge <andreas@enge.fr>
# Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org> # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver <mhw@netris.org>
@ -1437,6 +1437,7 @@ dist_patch_DATA = \
%D%/packages/patches/glibc-2.33-riscv64-miscompilation.patch \ %D%/packages/patches/glibc-2.33-riscv64-miscompilation.patch \
%D%/packages/patches/glibc-2.39-git-updates.patch \ %D%/packages/patches/glibc-2.39-git-updates.patch \
%D%/packages/patches/glibc-2.39-fmod-libm-a.patch \ %D%/packages/patches/glibc-2.39-fmod-libm-a.patch \
%D%/packages/patches/glibc-2.40-dl-cache.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \ %D%/packages/patches/glibc-CVE-2019-7309.patch \
%D%/packages/patches/glibc-CVE-2019-9169.patch \ %D%/packages/patches/glibc-CVE-2019-9169.patch \
%D%/packages/patches/glibc-CVE-2019-19126.patch \ %D%/packages/patches/glibc-CVE-2019-19126.patch \

36
gnu/packages/base.scm
View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2012-2024 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2012-2025 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2014, 2019 Andreas Enge <andreas@enge.fr> ;;; Copyright © 2014, 2019 Andreas Enge <andreas@enge.fr>
;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org> ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver <mhw@netris.org>
@ -879,10 +879,9 @@ the store.")
(license gpl3+))) (license gpl3+)))
(define %glibc-patches (define %glibc-patches
(list "glibc-2.39-git-updates.patch" (list "glibc-ldd-powerpc.patch"
"glibc-ldd-powerpc.patch"
"glibc-2.38-ldd-x86_64.patch" "glibc-2.38-ldd-x86_64.patch"
"glibc-dl-cache.patch" "glibc-2.40-dl-cache.patch"
"glibc-2.37-versioned-locpath.patch" "glibc-2.37-versioned-locpath.patch"
;; "glibc-allow-kernel-2.6.32.patch" ;; "glibc-allow-kernel-2.6.32.patch"
"glibc-reinstate-prlimit64-fallback.patch" "glibc-reinstate-prlimit64-fallback.patch"
@ -898,18 +897,17 @@ the store.")
;; version 2.28, GNU/Hurd used a different glibc branch. ;; version 2.28, GNU/Hurd used a different glibc branch.
(package (package
(name "glibc") (name "glibc")
(version "2.39") (version "2.40")
(source (origin (source (origin
(method url-fetch) (method url-fetch)
(uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
(sha256 (sha256
(base32 (base32
"09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp")) "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r"))
(patches (map search-patch %glibc-patches)))) (patches (map search-patch %glibc-patches))))
(properties `((lint-hidden-cve . ("CVE-2024-2961" (properties `((lint-hidden-cve . ("CVE-2024-2961"
"CVE-2024-33601" "CVE-2024-33602" "CVE-2024-33601" "CVE-2024-33602"
"CVE-2024-33600" "CVE-2024-33599")))) "CVE-2024-33600" "CVE-2024-33599"))))
(replacement glibc/fixed)
(build-system gnu-build-system) (build-system gnu-build-system)
;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@ -1187,28 +1185,6 @@ with the Linux kernel.")
(license lgpl2.0+) (license lgpl2.0+)
(home-page "https://www.gnu.org/software/libc/"))) (home-page "https://www.gnu.org/software/libc/")))
(define glibc/fixed
(package
(inherit glibc)
(name "glibc")
(version (package-version glibc))
(source (origin
(method git-fetch)
(uri (git-reference
(url "git://sourceware.org/git/glibc.git")
;; This is the latest commit from the
;; 'release/2.39/master' branch, where CVEs and other
;; important bug fixes are cherry picked.
(commit "2c882bf9c15d206aaf04766d1b8e3ae5b1002cc2")))
(file-name (git-file-name name version))
(sha256
(base32
"111yf24g0qcfcxywfzrilmjxysahlbkzxfimcz9rq8p00qzvvf51"))
(patches (map search-patch
(fold (cut delete <...>)
%glibc-patches
'("glibc-2.39-git-updates.patch"))))))))
;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful
;; in FHS containers. ;; in FHS containers.
(define-public glibc-for-fhs (define-public glibc-for-fhs
@ -1220,7 +1196,7 @@ with the Linux kernel.")
;; directories, re-enabling the default /etc/ld.so.cache ;; directories, re-enabling the default /etc/ld.so.cache
;; behavior. ;; behavior.
(patches (patches
(delete (search-patch "glibc-dl-cache.patch") (delete (search-patch "glibc-2.40-dl-cache.patch")
(origin-patches (package-source glibc))))))))) (origin-patches (package-source glibc)))))))))
;; Below are old libc versions, which we use mostly to build locale data in ;; Below are old libc versions, which we use mostly to build locale data in

113
gnu/packages/patches/glibc-2.40-dl-cache.patch Normal file
View file

@ -0,0 +1,113 @@
Read the shared library cache relative to $ORIGIN instead of reading
from /etc/ld.so.cache. Also arrange so that this cache takes
precedence over RUNPATH.
diff --git a/elf/dl-cache.c b/elf/dl-cache.c
index 7c7dc587..19d1d79a 100644
--- a/elf/dl-cache.c
+++ b/elf/dl-cache.c
@@ -374,6 +374,52 @@ _dl_cache_libcmp (const char *p1, const char *p2)
return *p1 - *p2;
}
+/* Special value representing the lack of an ld.so cache. */
+static const char ld_so_cache_lacking[] = "/ld.so cache is lacking";
+
+/* Return the per-application ld.so cache, relative to $ORIGIN, or NULL if
+ that fails for some reason. Do not return the system-wide LD_SO_CACHE
+ since on a foreign distro it would contain invalid information. */
+static const char *
+ld_so_cache (void)
+{
+ static const char *loader_cache;
+
+ if (loader_cache == NULL)
+ {
+ static const char store[] = @STORE_DIRECTORY@;
+ const char *origin = _dl_get_origin ();
+
+ /* Check whether ORIGIN is something like "/gnu/store/…-foo/bin". */
+ if (origin != (char *) -1 /* _dl_get_origin reported failure */
+ && strncmp (store, origin, strlen (store)) == 0
+ && origin[sizeof store - 1] == '/')
+ {
+ char *store_item_end = strchr (origin + sizeof store, '/');
+
+ if (store_item_end != NULL)
+ {
+ static const char suffix[] = "/etc/ld.so.cache";
+ size_t store_item_len = store_item_end - origin;
+
+ /* Note: We can't use 'malloc' because it can be interposed.
+ Likewise, 'strncpy' is not available. */
+ char *cache = alloca (strlen (origin) + sizeof suffix);
+
+ strcpy (cache, origin);
+ strcpy (cache + store_item_len, suffix);
+
+ loader_cache = __strdup (cache) ?: ld_so_cache_lacking;
+ }
+ else
+ loader_cache = ld_so_cache_lacking;
+ }
+ else
+ loader_cache = ld_so_cache_lacking;
+ }
+
+ return loader_cache;
+}
/* Look up NAME in ld.so.cache and return the file name stored there, or null
if none is found. The cache is loaded if it was not already. If loading
@@ -387,12 +433,15 @@ _dl_load_cache_lookup (const char *name)
{
/* Print a message if the loading of libs is traced. */
if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS))
- _dl_debug_printf (" search cache=%s\n", LD_SO_CACHE);
+ _dl_debug_printf (" search cache=%s\n", ld_so_cache ());
+
+ if (__glibc_unlikely (ld_so_cache () == ld_so_cache_lacking))
+ return NULL;
if (cache == NULL)
{
/* Read the contents of the file. */
- void *file = _dl_sysdep_read_whole_file (LD_SO_CACHE, &cachesize,
+ void *file = _dl_sysdep_read_whole_file (ld_so_cache (), &cachesize,
PROT_READ);
/* We can handle three different cache file formats here:
diff --git a/elf/dl-load.c b/elf/dl-load.c
index 8a89b710..b8802e74 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -2038,14 +2038,6 @@ _dl_map_object (struct link_map *loader, const char *name,
loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded,
LA_SER_LIBPATH, &found_other_class);
- /* Look at the RUNPATH information for this binary. */
- if (fd == -1 && loader != NULL
- && cache_rpath (loader, &loader->l_runpath_dirs,
- DT_RUNPATH, "RUNPATH"))
- fd = open_path (name, namelen, mode,
- &loader->l_runpath_dirs, &realname, &fb, loader,
- LA_SER_RUNPATH, &found_other_class);
-
#ifdef USE_LDCONFIG
if (fd == -1
&& (__glibc_likely ((mode & __RTLD_SECURE) == 0)
@@ -2104,6 +2096,14 @@ _dl_map_object (struct link_map *loader, const char *name,
}
#endif
+ /* Look at the RUNPATH information for this binary. */
+ if (fd == -1 && loader != NULL
+ && cache_rpath (loader, &loader->l_runpath_dirs,
+ DT_RUNPATH, "RUNPATH"))
+ fd = open_path (name, namelen, mode,
+ &loader->l_runpath_dirs, &realname, &fb, loader,
+ LA_SER_RUNPATH, &found_other_class);
+
/* Finally, try the default path. */
if (fd == -1
&& ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL