From patchwork Sat Jan 18 16:32:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 37146 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id DBAD027BBEA; Sat, 18 Jan 2025 16:33:25 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 573A027BBE9 for ; Sat, 18 Jan 2025 16:33:24 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tZBkx-00025y-5K; Sat, 18 Jan 2025 11:33:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tZBks-00025Q-Nl for guix-patches@gnu.org; Sat, 18 Jan 2025 11:33:05 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1tZBks-0006wo-FT for guix-patches@gnu.org; Sat, 18 Jan 2025 11:33:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=6EVR7N/h+nyu9uYt6qGJ2E2l0bfCv9pfBibL+BDiw8s=; b=vcYvs8yPQ/ZMJuYdHp7GmZrLGmHxO8D21G/AxmNbCPx3BP6POFD3EagR/YAAlO/afG8c1MWn4mNRavW/O71dkPpVLnATmfqRZUYfj+LeeGcHrsfhB1wqvc9Fzf1/gRkEIHTVRuIpJ+FTYQzxkA5sUXzzZ45jqqV2t0B13eOjJy/ze7HKkhOyLW8SLwUK0JxJ2DCwxvkpoejhAEd3pkCa3uAHbYVpvEGD40T/CrvOm1/yYLOvfj9165FLZOZqXuhb9GhOv7f0GtMTY4qPi1BwXc48l0TC6zqAg4WCIb4lg+hlQYJrMR9LJASfjo5mToucZkSpNS9jN/3/wa31BI+CCw==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1tZBks-0000L1-9w for guix-patches@gnu.org; Sat, 18 Jan 2025 11:33:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#74676] bug#75518: Request for merging "core-packages-team" branch Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 18 Jan 2025 16:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 74676 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Janneke Nieuwenhuizen Cc: 74676@debbugs.gnu.org, 75517@debbugs.gnu.org, 75518@debbugs.gnu.org Received: via spool by 74676-submit@debbugs.gnu.org id=B74676.17372179511234 (code B ref 74676); Sat, 18 Jan 2025 16:33:02 +0000 Received: (at 74676) by debbugs.gnu.org; 18 Jan 2025 16:32:31 +0000 Received: from localhost ([127.0.0.1]:43504 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1tZBkM-0000Jk-Bq for submit@debbugs.gnu.org; Sat, 18 Jan 2025 11:32:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:48540) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1tZBkE-0000JL-Bx; Sat, 18 Jan 2025 11:32:23 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tZBk7-0006oq-0Y; Sat, 18 Jan 2025 11:32:16 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=6EVR7N/h+nyu9uYt6qGJ2E2l0bfCv9pfBibL+BDiw8s=; b=e0gcbfdKSVFp4ABUbwlS ATEGZy8VNKeP4mhbJzqLXL0KrUuI1ZDmPmCNNmDKLwYgy7Stk7ypBdvM04wEz1wo/Zevft5NRgBPD XMPCOqoZnzL+L599sKWdzjDTKVTfoo+9QUuciID0LqAgSKkPIlRO5wyKaD5jVPoUcAzY6t7e0gQp1 tt2Hanp34towRZsRCMEYRPn3vTXbSuRlhAMDrED6dAxYAasACHQyiknX77ulVu0OiQLvInqeWqSQS PiWcU2ab/k2dsJb8Y3D0a1bANBS0YEmKwcoKdiHGMme+4raK+Lvo48mZYm5CUiizjTmtjcYssbyi0 Tw/Ndc8dBEAiIw==; From: Ludovic =?utf-8?q?Court=C3=A8s?= In-Reply-To: <87jzb0dp41.fsf@gnu.org> (Janneke Nieuwenhuizen's message of "Sun, 12 Jan 2025 16:32:46 +0100") References: <87jzb0dp41.fsf@gnu.org> Date: Sat, 18 Jan 2025 17:32:09 +0100 Message-ID: <8734hgulpy.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Hello! Janneke Nieuwenhuizen skribis: > Cuirass says we're at 81% success rate for i686-linux and x86_64-linux, > and possibly my #74676, meant as an old style "please help with the > gcc-14 transition", should have been named "Request for merging" already > anyway. Hard to keep up with all the changes but more formality is a > good thing I guess :) I’m testing the patch below to upgrade glibc to 2.40 (I’m at ‘gcc-mesboot-4.9.4’ so there are still quite a few hours before I get around to building glibc). I think we must upgrade glibc in this branch because (1) we want to get rid of this graft and more generally get the latest fixes, and (2) we cannot just ungraft since the graft uses ‘git-fetch’, which cannot be relied on in ‘commencement.scm’ (we still assume that ‘builtin:git-download’ may be unavailable, and when it’s unavailable, we have a circular dependency). Thoughts? Ludo’. diff --git a/gnu/local.mk b/gnu/local.mk index f4d04c4abb..3b123cba1d 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1,5 +1,5 @@ # GNU Guix --- Functional package management for GNU -# Copyright © 2012-2024 Ludovic Courtès +# Copyright © 2012-2025 Ludovic Courtès # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2022, 2023, 2024 Andreas Enge # Copyright © 2016 Mathieu Lirzin # Copyright © 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Mark H Weaver @@ -1437,6 +1437,7 @@ dist_patch_DATA = \ %D%/packages/patches/glibc-2.33-riscv64-miscompilation.patch \ %D%/packages/patches/glibc-2.39-git-updates.patch \ %D%/packages/patches/glibc-2.39-fmod-libm-a.patch \ + %D%/packages/patches/glibc-2.40-dl-cache.patch \ %D%/packages/patches/glibc-CVE-2019-7309.patch \ %D%/packages/patches/glibc-CVE-2019-9169.patch \ %D%/packages/patches/glibc-CVE-2019-19126.patch \ diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm index fc48c9d844..95c237e140 100644 --- a/gnu/packages/base.scm +++ b/gnu/packages/base.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2012-2024 Ludovic Courtès +;;; Copyright © 2012-2025 Ludovic Courtès ;;; Copyright © 2014, 2019 Andreas Enge ;;; Copyright © 2012 Nikita Karetnikov ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver @@ -879,10 +879,9 @@ (define* (make-ld-wrapper name #:key (license gpl3+))) (define %glibc-patches - (list "glibc-2.39-git-updates.patch" - "glibc-ldd-powerpc.patch" + (list "glibc-ldd-powerpc.patch" "glibc-2.38-ldd-x86_64.patch" - "glibc-dl-cache.patch" + "glibc-2.40-dl-cache.patch" "glibc-2.37-versioned-locpath.patch" ;; "glibc-allow-kernel-2.6.32.patch" "glibc-reinstate-prlimit64-fallback.patch" @@ -898,18 +897,17 @@ (define-public glibc ;; version 2.28, GNU/Hurd used a different glibc branch. (package (name "glibc") - (version "2.39") + (version "2.40") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz")) (sha256 (base32 - "09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp")) + "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r")) (patches (map search-patch %glibc-patches)))) (properties `((lint-hidden-cve . ("CVE-2024-2961" "CVE-2024-33601" "CVE-2024-33602" "CVE-2024-33600" "CVE-2024-33599")))) - (replacement glibc/fixed) (build-system gnu-build-system) ;; Glibc's refers to , for instance, so glibc @@ -1187,28 +1185,6 @@ (define-public glibc (license lgpl2.0+) (home-page "https://www.gnu.org/software/libc/"))) -(define glibc/fixed - (package - (inherit glibc) - (name "glibc") - (version (package-version glibc)) - (source (origin - (method git-fetch) - (uri (git-reference - (url "git://sourceware.org/git/glibc.git") - ;; This is the latest commit from the - ;; 'release/2.39/master' branch, where CVEs and other - ;; important bug fixes are cherry picked. - (commit "2c882bf9c15d206aaf04766d1b8e3ae5b1002cc2"))) - (file-name (git-file-name name version)) - (sha256 - (base32 - "111yf24g0qcfcxywfzrilmjxysahlbkzxfimcz9rq8p00qzvvf51")) - (patches (map search-patch - (fold (cut delete <...>) - %glibc-patches - '("glibc-2.39-git-updates.patch")))))))) - ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful ;; in FHS containers. (define-public glibc-for-fhs @@ -1220,7 +1196,7 @@ (define-public glibc-for-fhs ;; directories, re-enabling the default /etc/ld.so.cache ;; behavior. (patches - (delete (search-patch "glibc-dl-cache.patch") + (delete (search-patch "glibc-2.40-dl-cache.patch") (origin-patches (package-source glibc))))))))) ;; Below are old libc versions, which we use mostly to build locale data in @@ -1444,7 +1420,6 @@ (define-public glibc-2.29 "glibc-ldd-x86_64.patch" "glibc-CVE-2019-7309.patch" "glibc-CVE-2019-9169.patch" - "glibc-2.29-git-updates.patch" "glibc-hidden-visibility-ldconfig.patch" "glibc-versioned-locpath.patch" "glibc-allow-kernel-2.6.32.patch" diff --git a/gnu/packages/patches/glibc-2.40-dl-cache.patch b/gnu/packages/patches/glibc-2.40-dl-cache.patch new file mode 100644 index 0000000000..d41faa5225 --- /dev/null +++ b/gnu/packages/patches/glibc-2.40-dl-cache.patch @@ -0,0 +1,113 @@ +Read the shared library cache relative to $ORIGIN instead of reading +from /etc/ld.so.cache. Also arrange so that this cache takes +precedence over RUNPATH. + +diff --git a/elf/dl-cache.c b/elf/dl-cache.c +index 7c7dc587..19d1d79a 100644 +--- a/elf/dl-cache.c ++++ b/elf/dl-cache.c +@@ -374,6 +374,52 @@ _dl_cache_libcmp (const char *p1, const char *p2) + return *p1 - *p2; + } + ++/* Special value representing the lack of an ld.so cache. */ ++static const char ld_so_cache_lacking[] = "/ld.so cache is lacking"; ++ ++/* Return the per-application ld.so cache, relative to $ORIGIN, or NULL if ++ that fails for some reason. Do not return the system-wide LD_SO_CACHE ++ since on a foreign distro it would contain invalid information. */ ++static const char * ++ld_so_cache (void) ++{ ++ static const char *loader_cache; ++ ++ if (loader_cache == NULL) ++ { ++ static const char store[] = @STORE_DIRECTORY@; ++ const char *origin = _dl_get_origin (); ++ ++ /* Check whether ORIGIN is something like "/gnu/store/…-foo/bin". */ ++ if (origin != (char *) -1 /* _dl_get_origin reported failure */ ++ && strncmp (store, origin, strlen (store)) == 0 ++ && origin[sizeof store - 1] == '/') ++ { ++ char *store_item_end = strchr (origin + sizeof store, '/'); ++ ++ if (store_item_end != NULL) ++ { ++ static const char suffix[] = "/etc/ld.so.cache"; ++ size_t store_item_len = store_item_end - origin; ++ ++ /* Note: We can't use 'malloc' because it can be interposed. ++ Likewise, 'strncpy' is not available. */ ++ char *cache = alloca (strlen (origin) + sizeof suffix); ++ ++ strcpy (cache, origin); ++ strcpy (cache + store_item_len, suffix); ++ ++ loader_cache = __strdup (cache) ?: ld_so_cache_lacking; ++ } ++ else ++ loader_cache = ld_so_cache_lacking; ++ } ++ else ++ loader_cache = ld_so_cache_lacking; ++ } ++ ++ return loader_cache; ++} + + /* Look up NAME in ld.so.cache and return the file name stored there, or null + if none is found. The cache is loaded if it was not already. If loading +@@ -387,12 +433,15 @@ _dl_load_cache_lookup (const char *name) + { + /* Print a message if the loading of libs is traced. */ + if (__glibc_unlikely (GLRO(dl_debug_mask) & DL_DEBUG_LIBS)) +- _dl_debug_printf (" search cache=%s\n", LD_SO_CACHE); ++ _dl_debug_printf (" search cache=%s\n", ld_so_cache ()); ++ ++ if (__glibc_unlikely (ld_so_cache () == ld_so_cache_lacking)) ++ return NULL; + + if (cache == NULL) + { + /* Read the contents of the file. */ +- void *file = _dl_sysdep_read_whole_file (LD_SO_CACHE, &cachesize, ++ void *file = _dl_sysdep_read_whole_file (ld_so_cache (), &cachesize, + PROT_READ); + + /* We can handle three different cache file formats here: +diff --git a/elf/dl-load.c b/elf/dl-load.c +index 8a89b710..b8802e74 100644 +--- a/elf/dl-load.c ++++ b/elf/dl-load.c +@@ -2038,14 +2038,6 @@ _dl_map_object (struct link_map *loader, const char *name, + loader ?: GL(dl_ns)[LM_ID_BASE]._ns_loaded, + LA_SER_LIBPATH, &found_other_class); + +- /* Look at the RUNPATH information for this binary. */ +- if (fd == -1 && loader != NULL +- && cache_rpath (loader, &loader->l_runpath_dirs, +- DT_RUNPATH, "RUNPATH")) +- fd = open_path (name, namelen, mode, +- &loader->l_runpath_dirs, &realname, &fb, loader, +- LA_SER_RUNPATH, &found_other_class); +- + #ifdef USE_LDCONFIG + if (fd == -1 + && (__glibc_likely ((mode & __RTLD_SECURE) == 0) +@@ -2104,6 +2096,14 @@ _dl_map_object (struct link_map *loader, const char *name, + } + #endif + ++ /* Look at the RUNPATH information for this binary. */ ++ if (fd == -1 && loader != NULL ++ && cache_rpath (loader, &loader->l_runpath_dirs, ++ DT_RUNPATH, "RUNPATH")) ++ fd = open_path (name, namelen, mode, ++ &loader->l_runpath_dirs, &realname, &fb, loader, ++ LA_SER_RUNPATH, &found_other_class); ++ + /* Finally, try the default path. */ + if (fd == -1 + && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL