(address . guix-patches@gnu.org)
This reinstates glibc 2.22 through 2.28, by reverting commit
ebd1ba713cbefc9ad5dac609255e1344a328e360 ("gnu: glibc: Remove old versions."),
adding two patches removed in d2bb4847b96e51b71126778bb16daa7674a6690c ("gnu:
Remove leftover patch files."), and partially reverting
1feca4be5296d7f0c0e2269ccb612cadded6573b ("gnu: glibc: Remove versions 2.27
and 2.28.").
Rationale: Keeping older glibc versions around is useful when experimenting
with 'package-with-c-toolchain'.
* gnu/local.mk (dist_patch_DATA): Register any missing patches now re-instated
and sort.
---
gnu/local.mk | 32 +-
gnu/packages/base.scm | 87 ++-
.../patches/glibc-2.27-git-fixes.patch | 702 ++++++++++++++++++
.../glibc-2.27-supported-locales.patch | 33 +
.../patches/glibc-2.28-git-fixes.patch | 248 +++++++
.../glibc-2.28-supported-locales.patch | 33 +
.../patches/glibc-CVE-2015-5180.patch | 311 ++++++++
.../patches/glibc-CVE-2015-7547.patch | 590 +++++++++++++++
.../patches/glibc-CVE-2016-3075.patch | 43 ++
.../patches/glibc-CVE-2016-3706.patch | 188 +++++
.../patches/glibc-CVE-2016-4429.patch | 58 ++
.../patches/glibc-CVE-2017-1000366-pt1.patch | 36 +
.../patches/glibc-CVE-2017-1000366-pt2.patch | 124 ++++
.../patches/glibc-CVE-2017-1000366-pt3.patch | 206 +++++
.../patches/glibc-CVE-2018-11236.patch | 149 ++++
.../patches/glibc-CVE-2018-11237.patch | 55 ++
.../patches/glibc-cvs-common-symbols.patch | 58 ++
.../patches/glibc-hurd-magic-pid.patch | 190 +++++
gnu/packages/patches/glibc-o-largefile.patch | 25 +
.../glibc-vectorized-strcspn-guards.patch | 23 +
20 files changed, 3183 insertions(+), 8 deletions(-)
create mode 100644 gnu/packages/patches/glibc-2.27-git-fixes.patch
create mode 100644 gnu/packages/patches/glibc-2.27-supported-locales.patch
create mode 100644 gnu/packages/patches/glibc-2.28-git-fixes.patch
create mode 100644 gnu/packages/patches/glibc-2.28-supported-locales.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2015-5180.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2015-7547.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2016-3075.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2016-3706.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2016-4429.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt1.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt2.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2017-1000366-pt3.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2018-11236.patch
create mode 100644 gnu/packages/patches/glibc-CVE-2018-11237.patch
create mode 100644 gnu/packages/patches/glibc-cvs-common-symbols.patch
create mode 100644 gnu/packages/patches/glibc-hurd-magic-pid.patch
create mode 100644 gnu/packages/patches/glibc-o-largefile.patch
create mode 100644 gnu/packages/patches/glibc-vectorized-strcspn-guards.patch
Toggle diff (376 lines)
diff --git a/gnu/local.mk b/gnu/local.mk
index aae6e23e12..51415eddf0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1201,36 +1201,54 @@ dist_patch_DATA = \
%D%/packages/patches/glib-networking-gnutls-binding.patch \
%D%/packages/patches/glib-networking-32-bit-time.patch \
%D%/packages/patches/glib-skip-failing-test.patch \
+ %D%/packages/patches/glibc-2.27-git-fixes.patch \
+ %D%/packages/patches/glibc-2.27-supported-locales.patch \
+ %D%/packages/patches/glibc-2.28-git-fixes.patch \
+ %D%/packages/patches/glibc-2.28-supported-locales.patch \
+ %D%/packages/patches/glibc-2.29-git-updates.patch \
+ %D%/packages/patches/glibc-2.29-supported-locales.patch \
+ %D%/packages/patches/glibc-2.31-hurd-clock_gettime_monotonic.patch \
+ %D%/packages/patches/glibc-CVE-2015-5180.patch \
+ %D%/packages/patches/glibc-CVE-2015-7547.patch \
+ %D%/packages/patches/glibc-CVE-2016-3075.patch \
+ %D%/packages/patches/glibc-CVE-2016-3706.patch \
+ %D%/packages/patches/glibc-CVE-2016-4429.patch \
+ %D%/packages/patches/glibc-CVE-2017-1000366-pt1.patch \
+ %D%/packages/patches/glibc-CVE-2017-1000366-pt2.patch \
+ %D%/packages/patches/glibc-CVE-2017-1000366-pt3.patch \
+ %D%/packages/patches/glibc-CVE-2018-11236.patch \
+ %D%/packages/patches/glibc-CVE-2018-11237.patch \
+ %D%/packages/patches/glibc-CVE-2019-19126.patch \
%D%/packages/patches/glibc-CVE-2019-7309.patch \
%D%/packages/patches/glibc-CVE-2019-9169.patch \
- %D%/packages/patches/glibc-CVE-2019-19126.patch \
%D%/packages/patches/glibc-allow-kernel-2.6.32.patch \
%D%/packages/patches/glibc-boot-2.16.0.patch \
%D%/packages/patches/glibc-boot-2.2.5.patch \
- %D%/packages/patches/glibc-bootstrap-system-2.2.5.patch \
%D%/packages/patches/glibc-bootstrap-system-2.16.0.patch \
+ %D%/packages/patches/glibc-bootstrap-system-2.2.5.patch \
%D%/packages/patches/glibc-bootstrap-system.patch \
%D%/packages/patches/glibc-cross-objcopy.patch \
%D%/packages/patches/glibc-cross-objdump.patch \
+ %D%/packages/patches/glibc-cvs-common-symbols.patch \
%D%/packages/patches/glibc-dl-cache.patch \
%D%/packages/patches/glibc-hidden-visibility-ldconfig.patch \
%D%/packages/patches/glibc-hurd-clock_gettime_monotonic.patch \
- %D%/packages/patches/glibc-2.31-hurd-clock_gettime_monotonic.patch \
%D%/packages/patches/glibc-hurd-clock_t_centiseconds.patch \
%D%/packages/patches/glibc-hurd-gettyent.patch \
%D%/packages/patches/glibc-hurd-mach-print.patch \
+ %D%/packages/patches/glibc-hurd-magic-pid.patch \
%D%/packages/patches/glibc-hurd-signal-sa-siginfo.patch \
%D%/packages/patches/glibc-ldd-powerpc.patch \
%D%/packages/patches/glibc-ldd-x86_64.patch \
- %D%/packages/patches/glibc-locales.patch \
%D%/packages/patches/glibc-locales-2.28.patch \
+ %D%/packages/patches/glibc-locales.patch \
+ %D%/packages/patches/glibc-o-largefile.patch \
%D%/packages/patches/glibc-reinstate-prlimit64-fallback.patch \
%D%/packages/patches/glibc-skip-c++.patch \
- %D%/packages/patches/glibc-versioned-locpath.patch \
- %D%/packages/patches/glibc-2.29-git-updates.patch \
- %D%/packages/patches/glibc-2.29-supported-locales.patch \
%D%/packages/patches/glibc-static-nss.patch \
%D%/packages/patches/glibc-supported-locales.patch \
+ %D%/packages/patches/glibc-vectorized-strcspn-guards.patch \
+ %D%/packages/patches/glibc-versioned-locpath.patch \
%D%/packages/patches/gmp-arm-asm-nothumb.patch \
%D%/packages/patches/gmp-faulty-test.patch \
%D%/packages/patches/gnash-fix-giflib-version.patch \
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index b8b0ea241f..ef1b4f135c 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -985,7 +985,8 @@ (define-public glibc-for-fhs
(origin-patches (package-source glibc)))))))))
;; Below are old libc versions, which we use mostly to build locale data in
-;; the old format (which the new libc cannot cope with.)
+;; the old format (which the new libc cannot cope with.). Older versions are
+;; kept around for the convenience of users of '--with-c-toolchain'.
(define-public glibc-2.32
(package
(inherit glibc)
@@ -1126,6 +1127,90 @@ (define-public glibc-2.29
"glibc-reinstate-prlimit64-fallback.patch"
"glibc-2.29-supported-locales.patch"))))))
+(define-public glibc-2.28
+ (package
+ (inherit glibc-2.29)
+ (version "2.28")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
+ (sha256
+ (base32
+ "10iha5ynvdj5m62vgpgqbq4cwvc2yhyl2w9yyyjgfxmdmx8h145i"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-2.28-git-fixes.patch"
+ "glibc-hidden-visibility-ldconfig.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-allow-kernel-2.6.32.patch"
+ "glibc-reinstate-prlimit64-fallback.patch"
+ "glibc-hurd-magic-pid.patch"
+ "glibc-2.28-supported-locales.patch"))))))
+
+(define-public glibc-2.27
+ (package
+ (inherit glibc-2.28)
+ (version "2.27")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
+ (sha256
+ (base32
+ "0wpwq7gsm7sd6ysidv0z575ckqdg13cr2njyfgrbgh4f65adwwji"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-2.27-git-fixes.patch"
+ "glibc-hidden-visibility-ldconfig.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-allow-kernel-2.6.32.patch"
+ "glibc-reinstate-prlimit64-fallback.patch"
+ "glibc-2.27-supported-locales.patch"
+ "glibc-CVE-2018-11236.patch"
+ "glibc-CVE-2018-11237.patch"))))
+ (properties `((lint-hidden-cve . ("CVE-2017-18269")))))) ; glibc-2.27-git-fixes
+
+(define-public glibc-2.26
+ (package
+ (inherit glibc-2.27)
+ ;; This version number corresponds to the output of `git describe` and the
+ ;; archive can be generated by checking out the commit ID and running:
+ ;; git archive --prefix=$(git describe)/ HEAD | xz > $(git describe).tar.xz
+ ;; See <https://bugs.gnu.org/29406> for why this was necessary.
+ (version "2.26.105-g0890d5379c")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "https://alpha.gnu.org/gnu/guix/mirror/"
+ "glibc-" (version-major+minor version) "-"
+ (caddr (string-split version #\.)) ".tar.xz"))
+ (sha256
+ (base32
+ "1jck0c1i248sn02rvsfjykk77qncma34bjq89dyy2irwm50d7s3g"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-allow-kernel-2.6.32.patch"))))
+ (native-inputs
+ ;; This fails with a build error in if_index.c when using GCC 8. Use an
+ ;; older compiler.
+ (modify-inputs (package-native-inputs glibc-2.27)
+ (replace "gcc" gcc-7)))))
+
+(define-public glibc-2.25
+ (package
+ (inherit glibc-2.26)
+ (version "2.25")
+ (source (origin
+ (inherit (package-source glibc))
+ (uri (string-append "mirror://gnu/glibc/glibc-"
+ version ".tar.xz"))
+ (sha256
+ (base32
+ "1813dzkgw6v8q8q1m4v96yfis7vjqc9pslqib6j9mrwh6fxxjyq6"))
+ (patches (search-patches "glibc-ldd-x86_64.patch"
+ "glibc-versioned-locpath.patch"
+ "glibc-vectorized-strcspn-guards.patch"
+ "glibc-CVE-2017-1000366-pt1.patch"
+ "glibc-CVE-2017-1000366-pt2.patch"
+ "glibc-CVE-2017-1000366-pt3.patch"
+ "glibc-cvs-common-symbols.patch"))))))
+
(define-public (make-gcc-libc base-gcc libc)
"Return a GCC that targets LIBC."
(package (inherit base-gcc)
diff --git a/gnu/packages/patches/glibc-2.27-git-fixes.patch b/gnu/packages/patches/glibc-2.27-git-fixes.patch
new file mode 100644
index 0000000000..4ed67c7c25
--- /dev/null
+++ b/gnu/packages/patches/glibc-2.27-git-fixes.patch
@@ -0,0 +1,702 @@
+These commits are cherry-picked from the "release/2.27/master" branch.
+
+https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.27/master
+
+Currently, we have the following (with NEWS and ChangeLog entries omitted).
+
+56170e064e2b21ce204f0817733e92f1730541ea
+516fa6080481a1433c173320b1c1432868e1e38a
+f36553bf6a4f69070f99badbdab5802b43e6e211
+7c6304182b9f422b782ace1cdd3efbde056aec36
+78a90c2f74a2012dd3eff302189e47ff6779a757
+1e52d8e65a58c49a48549053a1b89c06240e0c6c
+55ad82e45c313454de657931898e974a7a036cad
+
+From 56170e064e2b21ce204f0817733e92f1730541ea Mon Sep 17 00:00:00 2001
+From: Igor Gnatenko <ignatenko@redhat.com>
+Date: Wed, 7 Feb 2018 13:53:10 +0100
+Subject: [PATCH] Linux: use reserved name __key in pkey_get [BZ #22797]
+
+_key is not reserved name and we should avoid using that. It seems that
+it was simple typo when pkey_* was implemented.
+
+(cherry picked from commit 388ff7bd0d57d7061fdd39a2f26f65687e8058da)
+
+diff --git a/sysdeps/unix/sysv/linux/bits/mman-shared.h b/sysdeps/unix/sysv/linux/bits/mman-shared.h
+index 7715e680ca..d15ba95c9d 100644
+--- a/sysdeps/unix/sysv/linux/bits/mman-shared.h
++++ b/sysdeps/unix/sysv/linux/bits/mman-shared.h
+@@ -61,7 +61,7 @@ int pkey_set (int __key, unsigned int __access_rights) __THROW;
+
+ /* Return the access rights for the current thread for KEY, which must
+ have been allocated using pkey_alloc. */
+-int pkey_get (int _key) __THROW;
++int pkey_get (int __key) __THROW;
+
+ /* Free an allocated protection key, which must have been allocated
+ using pkey_alloc. */
+
+From 516fa6080481a1433c173320b1c1432868e1e38a Mon Sep 17 00:00:00 2001
+From: "Dmitry V. Levin" <ldv@altlinux.org>
+Date: Fri, 29 Dec 2017 23:19:32 +0000
+Subject: [PATCH] linux/aarch64: sync sys/ptrace.h with Linux 4.15 [BZ #22433]
+
+Remove compat-specific constants that were never exported by kernel
+headers under these names. Before linux commit v3.7-rc1~16^2~1 they
+were exported with COMPAT_ prefix, and since that commit they are not
+exported at all.
+
+* sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h (__ptrace_request):
+Remove arm-specific PTRACE_GET_THREAD_AREA, PTRACE_GETHBPREGS,
+and PTRACE_SETHBPREGS.
+
+(cherry picked from commit 2fd4bbaa1446f1be700e10c526cf585a796c4991)
+
+diff --git a/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h b/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
+index 4be45b95ff..444edbb702 100644
+--- a/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
++++ b/sysdeps/unix/sysv/linux/aarch64/sys/ptrace.h
+@@ -78,18 +78,10 @@ enum __ptrace_request
+ PTRACE_DETACH = 17,
+ #define PT_DETACH PTRACE_DETACH
+
+- PTRACE_GET_THREAD_AREA = 22,
+-
+ /* Continue and stop at the next entry to or return from syscall. */
+ PTRACE_SYSCALL = 24,
+ #define PT_SYSCALL PTRACE_SYSCALL
+
+- /* Get all hardware breakpoint registers. */
+- PTRACE_GETHBPREGS = 29,
+-
+- /* Set all hardware breakpoint registers. */
+- PTRACE_SETHBPREGS = 30,
+-
+ /* Set ptrace filter options. */
+ PTRACE_SETOPTIONS = 0x4200,
+ #define PT_SETOPTIONS PTRACE_SETOPTIONS
+
+From f36553bf6a4f69070f99badbdab5802b43e6e211 Mon Sep 17 00:00:00 2001
+From: Mike FABIAN <mfabian@redhat.com>
+Date: Mon, 19 Feb 2018 21:59:30 +0100
+Subject: [PATCH] =?UTF-8?q?Add=20missing=20=E2=80=9Creorder-end=E2=80=9D?=
+ =?UTF-8?q?=20in=20LC=5FCOLLATE=20of=20et=5FEE=20[BZ=20#22517]?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+ [BZ #22517]
+ * localedata/locales/et_EE (LC_COLLATE): add missing “reorder-end”
+
+(cherry picked from commit 7ec5f9465e732e668d0dc94ac078ba68056d6d0a)
+
+diff --git a/localedata/locales/et_EE b/localedata/locales/et_EE
+index 9cb55b568f..bab7493c98 100644
+--- a/localedata/locales/et_EE
++++ b/localedata/locales/et_EE
+@@ -103,6 +103,8 @@ reorder-after <w>
+ <U00FC> <u-diaresis>;<BAS>;<MIN>;IGNORE % ü
+ <U00DC> <u-diaresis>;<BAS>;<CAP>;IGNORE % Ü
+
++reorder-end
++
+ END LC_COLLATE
+
+ LC_CTYPE
+
+From 7c6304182b9f422b782ace1cdd3efbde056aec36 Mon Sep 17 00:00:00 2001
+From: DJ Delorie <dj@redhat.com>
+Date: Thu, 1 Mar 2018 23:20:45 -0500
+Subject: [PATCH] [BZ #22342] Fix netgroup cache keys.
+
+Unlike other nscd caches, the netgroup cache contains two types of
+records - those for "iterate through a netgroup" (i.e. setnetgrent())
+and those for "is this user in this netgroup" (i.e. innetgr()),
+i.e. full and partial records. The timeout code assumes these records
+have the same key for the group name, so that the collection of records
+that is "this netgroup" can be expired as a unit.
+
+However, the keys are not the same, as the in-netgroup key is generated
+by nscd rather than being passed to it from elsewhere, and is generated
+without the trailing NUL. All other keys have the trailing NUL, and as
+noted in the linked BZ, debug statements confirm that two keys for the
+same netgroup are added to the cache with two different lengths.
+
+The result of this is that as records in the cache expire, the purge
+code only cleans out one of the two types of entries, resulting in
+stale, possibly incorrect, and possibly inconsistent cache data.
+
+The patch simply includes the existing NUL in the computation for the
+key length ('key' points to the char after the NUL, and 'group' to the
+first char of the group, so 'key-group' includes the first char to the
+NUL, inclusive).
+
+ [BZ #22342]
+ * nscd/netgroupcache.c (addinnetgrX): Include trailing NUL in
+ key value.
+
+Reviewed-by: Carlos O'Donell <carlos@redhat.com>
+(cherry picked from commit 1c81d55fc4b07b51adf68558ba74ce975153e580)
+
+diff --git a/nscd/netgroupcache.c b/nscd/netgroupcache.c
+index b832c9315f..2f187b208c 100644
+--- a/nscd/netgroupcache.c
++++ b/nscd/netgroupcache.c
+@@ -480,7 +480,7 @@ addinnetgrX (struct database_dyn *db, int fd, request_header *req,
+ {
+ const char *group = key;
+ key = (char *) rawmemchr (key, '\0') + 1;
+- size_t group_len = key - group - 1;
++ size_t group_len = key - group;
+ const char *host = *key++ ? key : NULL;
+ if (host != NULL)
+ key = (char *) rawmemchr (key, '\0') + 1;
+
+From 78a90c2f74a2012dd3eff302189e47ff6779a757 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@linux-m68k.org>
+Date: Fri, 2 Mar 2018 23:07:14 +0100
+Subject: [PATCH] Fix multiple definitions of __nss_*_database (bug 22918)
+
+(cherry picked from commit eaf6753f8aac33a36deb98c1031d1bad7b593d2d)
+
+diff --git a/nscd/gai.c b/nscd/gai.c
+index d081747797..576fd0045b 100644
+--- a/nscd/gai.c
++++ b/nscd/gai.c
+@@ -45,3 +45,6 @@
+ #ifdef HAVE_LIBIDN
+ # include <libidn/idn-stub.c>
+ #endif
++
++/* Some variables normally defined in libc. */
++service_user *__nss_hosts_database attribute_hidden;
+diff --git a/nss/nsswitch.c b/nss/nsswitch.c
+index d5e655974f..b0f0c11a3e 100644
+--- a/nss/nsswitch.c
++++ b/nss/nsswitch.c
+@@ -62,7 +62,7 @@ static service_library *nss_new_service (name_database *database,
+
+ /* Declare external database variables. */
+ #define DEFINE_DATABASE(name) \
+- extern service_user *__nss_##name##_database attribute_hidden; \
++ service_user *__nss_##name##_database attribute_hidden; \
+ weak_extern (__nss_##name##_database)
+ #include "databases.def"
+ #undef DEFINE_DATABASE
+diff --git a/nss/nsswitch.h b/nss/nsswitch.h
+index eccb535ef5..63573b9ebc 100644
+--- a/nss/nsswitch.h
++++ b/nss/nsswitch.h
+@@ -226,10 +226,10 @@ libc_hidden_proto (__nss_hostname_digits_dots)
+ #define MAX_NR_ADDRS 48
+
+ /* Prototypes for __nss_*_lookup2 functions. */
+-#define DEFINE_DATABASE(arg) \
+- service_user *__nss_##arg##_database attribute_hidden; \
+- int __nss_##arg##_lookup2 (service_user **, const char *, \
+- const char *, void **); \
++#define DEFINE_DATABASE(arg) \
++ extern service_user *__nss_##arg##_database
This message was truncated. Download the full message here.