pyrox.dev / nixpkgs
lol
fork atom

Merge #247401: glibc: 2.37-39 -> 2.38-23

...into staging

Vladimír Čunát 4eae6fe1 6626399e

+194 -146
unified split
+2
nixos/doc/manual/release-notes/rl-2311.section.md
··· 26 26 - `root` and `wheel` are not given the ability to set (or preserve) 27 27 arbitrary environment variables. 28 28 29 + - [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.37 to 2.38, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.38) for what was changed. 30 + 29 31 [`sudo-rs`]: https://github.com/memorysafety/sudo-rs/ 30 32 31 33 ## New Services {#sec-release-23.11-new-services}
+3
pkgs/applications/audio/mamba/default.nix
··· 37 37 license = licenses.bsd0; 38 38 maintainers = with maintainers; [ magnetophon orivej ]; 39 39 platforms = platforms.linux; 40 + # 2023-08-19, `-Werror=format-security` fails for xputty 41 + # reported as https://github.com/brummer10/libxputty/issues/12 42 + broken = true; 40 43 }; 41 44 }
+2
pkgs/applications/radio/direwolf/default.nix
··· 14 14 sha256 = "0xmz64m02knbrpasfij4rrq53ksxna5idxwgabcw4n2b1ig7pyx5"; 15 15 }; 16 16 17 + patches = [ ./fix-strlcpy-usage.patch ]; 18 + 17 19 nativeBuildInputs = [ cmake ]; 18 20 19 21 strictDeps = true;
+89
pkgs/applications/radio/direwolf/fix-strlcpy-usage.patch
··· 1 + strlcpy is now part of glibc, so there's absolutely no reason for a custom implementation, especially 2 + one with printf debugging. Hence, removing all of that. 3 + 4 + See also https://hydra.nixos.org/build/230546596 5 + See glibc commit 454a20c8756c9c1d55419153255fc7692b3d2199 6 + 7 + diff --git a/external/misc/strlcpy.c b/external/misc/strlcpy.c 8 + index ff18800..b1cb443 100644 9 + --- a/external/misc/strlcpy.c 10 + +++ b/external/misc/strlcpy.c 11 + @@ -56,65 +56,3 @@ 12 + 13 + #include "textcolor.h" 14 + 15 + -/* 16 + - * Copy src to string dst of size siz. At most siz-1 characters 17 + - * will be copied. Always NUL terminates (unless siz == 0). 18 + - * Returns strlen(src); if retval >= siz, truncation occurred. 19 + - */ 20 + - 21 + -#if DEBUG_STRL 22 + -size_t strlcpy_debug(char *__restrict__ dst, const char *__restrict__ src, size_t siz, const char *file, const char *func, int line) 23 + -#else 24 + -size_t strlcpy_debug(char *__restrict__ dst, const char *__restrict__ src, size_t siz) 25 + -#endif 26 + -{ 27 + - char *d = dst; 28 + - const char *s = src; 29 + - size_t n = siz; 30 + - size_t retval; 31 + - 32 + -#if DEBUG_STRL 33 + - if (dst == NULL) { 34 + - text_color_set (DW_COLOR_ERROR); 35 + - dw_printf ("ERROR: strlcpy dst is NULL. (%s %s %d)\n", file, func, line); 36 + - return (0); 37 + - } 38 + - if (src == NULL) { 39 + - text_color_set (DW_COLOR_ERROR); 40 + - dw_printf ("ERROR: strlcpy src is NULL. (%s %s %d)\n", file, func, line); 41 + - return (0); 42 + - } 43 + - if (siz == 1 || siz == 4) { 44 + - text_color_set (DW_COLOR_ERROR); 45 + - dw_printf ("Suspicious strlcpy siz. Is it using sizeof a pointer variable? (%s %s %d)\n", file, func, line); 46 + - } 47 + -#endif 48 + - 49 + - /* Copy as many bytes as will fit */ 50 + - if (n != 0 && --n != 0) { 51 + - do { 52 + - if ((*d++ = *s++) == 0) 53 + - break; 54 + - } while (--n != 0); 55 + - } 56 + - 57 + - /* Not enough room in dst, add NUL and traverse rest of src */ 58 + - if (n == 0) { 59 + - if (siz != 0) 60 + - *d = '\0'; /* NUL-terminate dst */ 61 + - while (*s++) 62 + - ; 63 + - } 64 + - 65 + - retval = s - src - 1; /* count does not include NUL */ 66 + - 67 + -#if DEBUG_STRL 68 + - if (retval >= siz) { 69 + - text_color_set (DW_COLOR_ERROR); 70 + - dw_printf ("WARNING: strlcpy result length %d exceeds maximum length %d. (%s %s %d)\n", 71 + - (int)retval, (int)(siz-1), file, func, line); 72 + - } 73 + -#endif 74 + - return (retval); 75 + -} 76 + - 77 + diff --git a/src/direwolf.h b/src/direwolf.h 78 + index efc329b..22eb748 100644 79 + --- a/src/direwolf.h 80 + +++ b/src/direwolf.h 81 + @@ -294,7 +294,7 @@ char *strcasestr(const char *S, const char *FIND); 82 + #define HAVE_STRLCPY 1 83 + 84 + 85 + -#define DEBUG_STRL 1 86 + +#define DEBUG_STRL 0 87 + 88 + #if DEBUG_STRL 89 +
+13
pkgs/applications/science/misc/root/default.nix
··· 2 2 , lib 3 3 , callPackage 4 4 , fetchurl 5 + , fetchpatch 5 6 , makeWrapper 6 7 , cmake 7 8 , coreutils ··· 109 110 110 111 patches = [ 111 112 ./sw_vers.patch 113 + # glibc >=2.38 already has strlcat implemented. 114 + # merged upstream, remove on next package bump. 115 + (fetchpatch { 116 + url = "https://github.com/root-project/root/commit/8fb0e35446ed67c9d56639b4708c8f05459b7f84.patch"; 117 + hash = "sha256-7EabmYanqlQsYSQsi+S9eWs1v1pY6MncopL420Y3D4w="; 118 + }) 119 + ] ++ lib.optionals (python.pkgs.pythonAtLeast "3.11") [ 120 + # Fix build against Python 3.11 121 + (fetchpatch { 122 + url = "https://github.com/root-project/root/commit/484deb056dacf768aba4954073b41105c431bffc.patch"; 123 + hash = "sha256-4qur2e3SxMIPgOg4IjlvuULR2BObuP7xdvs+LmNT2/s="; 124 + }) 112 125 ]; 113 126 114 127 preConfigure = ''
+2
pkgs/applications/virtualization/kvmtool/default.nix
··· 10 10 sha256 = "sha256-wpc5DfHnui0lBVH4uOq6a7pXVUZStjNLRvauu6QpRvE="; 11 11 }; 12 12 13 + patches = [ ./strlcpy-glibc-2.38-fix.patch ]; 14 + 13 15 buildInputs = lib.optionals stdenv.hostPlatform.isAarch64 [ dtc ]; 14 16 15 17 enableParallelBuilding = true;
+25
pkgs/applications/virtualization/kvmtool/strlcpy-glibc-2.38-fix.patch
··· 1 + Manually tell the compiler that strlcpy exists. The `try-build` function seems 2 + somewhat broken, i.e. any code that I try to pass to it doesn't link because of an 3 + "undefined reference to main" error (and some more quoting issues with newlines being 4 + swalloed). 5 + 6 + Because both musl and glibc seemt o support strlcpy nowadays, I decided to just skip the 7 + possibly broken feature-check and hardcode that it exists. 8 + 9 + diff --git a/Makefile b/Makefile 10 + index ed2414b..37be9cd 100644 11 + --- a/Makefile 12 + +++ b/Makefile 13 + @@ -239,10 +239,8 @@ endif 14 + # On a given system, some libs may link statically, some may not; so, check 15 + # both and only build those that link! 16 + 17 + -ifeq ($(call try-build,$(SOURCE_STRLCPY),$(CFLAGS),$(LDFLAGS)),y) 18 + - CFLAGS_DYNOPT += -DHAVE_STRLCPY 19 + - CFLAGS_STATOPT += -DHAVE_STRLCPY 20 + -endif 21 + +CFLAGS_DYNOPT += -DHAVE_STRLCPY 22 + +CFLAGS_STATOPT += -DHAVE_STRLCPY 23 + 24 + ifeq ($(call try-build,$(SOURCE_BFD),$(CFLAGS),$(LDFLAGS) -lbfd -static),y) 25 + CFLAGS_STATOPT += -DCONFIG_HAS_BFD
+10
pkgs/development/compilers/swift/foundation/default.nix
··· 5 5 6 6 { lib 7 7 , stdenv 8 + , fetchpatch 8 9 , callPackage 9 10 , cmake 10 11 , ninja ··· 22 23 23 24 inherit (sources) version; 24 25 src = sources.swift-corelibs-foundation; 26 + 27 + patches = [ 28 + # from https://github.com/apple/swift-corelibs-foundation/pull/4811 29 + # fix build with glibc >=2.38 30 + (fetchpatch { 31 + url = "https://github.com/apple/swift-corelibs-foundation/commit/47260803a108c6e0d639adcebeed3ac6a76e8bcd.patch"; 32 + hash = "sha256-1JUSQW86IHKkBZqxvpk0P8zcSKntzOTNlMoGBfgeT4c="; 33 + }) 34 + ]; 25 35 26 36 outputs = [ "out" "dev" ]; 27 37
pkgs/development/libraries/glibc/2.37-master.patch.gz

This is a binary file and will not be displayed.

pkgs/development/libraries/glibc/2.38-master.patch.gz

This is a binary file and will not be displayed.

+14 -12
pkgs/development/libraries/glibc/common.nix
··· 43 43 } @ args: 44 44 45 45 let 46 - version = "2.37"; 47 - patchSuffix = "-39"; 48 - sha256 = "sha256-Ilfv8RGhgV109GhW2q9AsBnB5VMVbGnUi6DL/Bu5GkM="; 46 + version = "2.38"; 47 + patchSuffix = "-23"; 48 + sha256 = "sha256-+4KZiZiyspllRnvBtp0VLpwwfSzzAcnq+0VVt3DvP9I="; 49 49 in 50 50 51 51 assert withLinuxHeaders -> linuxHeaders != null; ··· 59 59 patches = 60 60 [ 61 61 /* No tarballs for stable upstream branch, only https://sourceware.org/git/glibc.git and using git would complicate bootstrapping. 62 - $ git fetch --all -p && git checkout origin/release/2.37/master && git describe 63 - glibc-2.37-39-g6529a7466c 64 - $ git show --minimal --reverse glibc-2.37.. | gzip -9n --rsyncable - > 2.37-master.patch.gz 62 + $ git fetch --all -p && git checkout origin/release/2.38/master && git describe 63 + glibc-2.38-23-g0e1ef6779a 64 + $ git show --minimal --reverse glibc-2.38.. | gzip -9n --rsyncable - > 2.38-master.patch.gz 65 65 66 66 To compare the archive contents zdiff can be used. 67 - $ zdiff -u 2.37-master.patch.gz ../nixpkgs/pkgs/development/libraries/glibc/2.37-master.patch.gz 67 + $ zdiff -u 2.38-master.patch.gz ../nixpkgs/pkgs/development/libraries/glibc/2.38-master.patch.gz 68 68 */ 69 - ./2.37-master.patch.gz 69 + ./2.38-master.patch.gz 70 70 71 71 /* Allow NixOS and Nix to handle the locale-archive. */ 72 72 ./nix-locale-archive.patch ··· 89 89 90 90 ./0001-Revert-Remove-all-usage-of-BASH-or-BASH-in-installed.patch 91 91 92 - /* Patch derived from archlinux (at the time of adding they're at 2.37), 93 - https://github.com/archlinux/svntogit-packages/blob/packages/glibc/trunk/reenable_DT_HASH.patch 92 + /* Patch derived from archlinux, 93 + https://gitlab.archlinux.org/archlinux/packaging/packages/glibc/-/blob/e54d98e2d1aae4930ecad9404ef12234922d9dfd/reenable_DT_HASH.patch 94 94 95 - See https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 for context. 95 + See also https://github.com/ValveSoftware/Proton/issues/6051 96 + & https://github.com/NixOS/nixpkgs/pull/188492#issuecomment-1233802991 96 97 */ 97 98 ./reenable_DT_HASH.patch 98 99 ] ··· 135 136 "--enable-bind-now" 136 137 (lib.withFeatureAs withLinuxHeaders "headers" "${linuxHeaders}/include") 137 138 (lib.enableFeature profilingLibraries "profile") 139 + "--enable-fortify-source" 138 140 ] ++ lib.optionals (stdenv.hostPlatform.isx86 || stdenv.hostPlatform.isAarch64) [ 139 141 # This feature is currently supported on 140 142 # i386, x86_64 and x32 with binutils 2.29 or later, ··· 159 161 "libc_cv_as_needed=no" 160 162 ] 161 163 ++ lib.optional withGd "--with-gd" 162 - ++ lib.optional (!withLibcrypt) "--disable-crypt"; 164 + ++ lib.optional withLibcrypt "--enable-crypt"; 163 165 164 166 makeFlags = (args.makeFlags or []) ++ [ 165 167 "OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
+16 -133
pkgs/development/libraries/glibc/reenable_DT_HASH.patch
··· 1 - From e47de5cb2d4dbecb58f569ed241e8e95c568f03c Mon Sep 17 00:00:00 2001 2 - From: Florian Weimer <fweimer@redhat.com> 3 - Date: Fri, 29 Apr 2022 16:37:51 +0200 4 - Subject: [PATCH] Do not use --hash-style=both for building glibc shared 5 - objects 1 + From 31915e55f9c34f6137ab1c5ac002375a2d5d4589 Mon Sep 17 00:00:00 2001 2 + From: Frederik Schwan <frederik.schwan@linux.com> 3 + Date: Fri, 4 Aug 2023 15:19:57 +0200 4 + Subject: [PATCH] force --hash-style=both to keep compatibility with old niche 5 + software 6 6 7 - The comment indicates that --hash-style=both was used to maintain 8 - compatibility with static dlopen, but we had many internal ABI 9 - changes since then, so this compatiblity does not add value anymore. 10 - 11 - Reviewed-by: Carlos O'Donell <carlos@redhat.com> 12 7 --- 13 - Makeconfig | 9 +++++++++ 14 - Makerules | 7 +++++++ 15 - config.make.in | 1 + 16 - configure | 28 ++++++++++++++++++++++++++++ 17 - configure.ac | 16 ++++++++++++++++ 18 - 5 files changed, 61 insertions(+) 8 + Makeconfig | 4 ++++ 9 + 1 file changed, 4 insertions(+) 19 10 20 - diff --git b/Makeconfig a/Makeconfig 21 - index 760f14e92f..0aa5fb0099 100644 22 - --- b/Makeconfig 23 - +++ a/Makeconfig 24 - @@ -362,6 +362,15 @@ relro-LDFLAGS = -Wl,-z,relro 11 + diff --git a/Makeconfig b/Makeconfig 12 + index 77d7fd14df..2ae67c4beb 100644 13 + --- a/Makeconfig 14 + +++ b/Makeconfig 15 + @@ -378,6 +378,10 @@ relro-LDFLAGS = -Wl,-z,relro 25 16 LDFLAGS.so += $(relro-LDFLAGS) 26 17 LDFLAGS-rtld += $(relro-LDFLAGS) 27 18 28 - +ifeq (yes,$(have-hash-style)) 29 - +# For the time being we unconditionally use 'both'. At some time we 30 - +# should declare statically linked code as 'out of luck' and compile 31 - +# with --hash-style=gnu only. 32 19 +hashstyle-LDFLAGS = -Wl,--hash-style=both 33 20 +LDFLAGS.so += $(hashstyle-LDFLAGS) 34 21 +LDFLAGS-rtld += $(hashstyle-LDFLAGS) 35 - +endif 36 22 + 37 - ifeq (no,$(build-pie-default)) 38 - pie-default = $(no-pie-ccflag) 39 - else # build-pie-default 40 - diff --git b/Makerules a/Makerules 41 - index 354528b8c7..428464f092 100644 42 - --- b/Makerules 43 - +++ a/Makerules 44 - @@ -557,6 +557,13 @@ $(common-objpfx)shlib.lds: $(common-objpfx)config.make $(..)Makerules 45 - -Wl,--verbose 2>/dev/null | \ 46 - sed > $@T \ 47 - -e '/^=========/,/^=========/!d;/^=========/d' \ 48 - + $(if $(filter yes,$(have-hash-style)), \ 49 - + -e 's/^.*\.gnu\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ 50 - + -e '/^[ ]*\.hash[ ]*:.*$$/{h;d;}' \ 51 - + -e '/DATA_SEGMENT_ALIGN/{H;g}' \ 52 - + , \ 53 - + -e 's/^.*\.hash[ ]*:.*$$/ .note.ABI-tag : { *(.note.ABI-tag) } &/' \ 54 - + ) \ 55 - -e 's/^.*\*(\.dynbss).*$$/& \ 56 - PROVIDE(__start___libc_freeres_ptrs = .); \ 57 - *(__libc_freeres_ptrs) \ 58 - diff --git b/config.make.in a/config.make.in 59 - index fff4c78dd0..bf728c71c0 100644 60 - --- b/config.make.in 61 - +++ a/config.make.in 62 - @@ -70,6 +70,7 @@ have-libcap = @have_libcap@ 63 - have-cc-with-libunwind = @libc_cv_cc_with_libunwind@ 64 - fno-unit-at-a-time = @fno_unit_at_a_time@ 65 - bind-now = @bindnow@ 66 - +have-hash-style = @libc_cv_hashstyle@ 67 - use-default-link = @use_default_link@ 68 - have-cxx-thread_local = @libc_cv_cxx_thread_local@ 69 - have-loop-to-function = @libc_cv_cc_loop_to_function@ 70 - diff --git b/configure a/configure 71 - index 716dc041b6..5a730dc5fc 100755 72 - --- b/configure 73 - +++ a/configure 74 - @@ -622,6 +622,7 @@ libc_cv_cc_nofma 75 - libc_cv_mtls_dialect_gnu2 76 - fno_unit_at_a_time 77 - libc_cv_has_glob_dat 78 - +libc_cv_hashstyle 79 - libc_cv_fpie 80 - libc_cv_z_execstack 81 - ASFLAGS_config 82 - @@ -6193,6 +6194,33 @@ $as_echo "$libc_cv_fpie" >&6; } 83 - 84 - 85 - 86 - +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --hash-style option" >&5 87 - +$as_echo_n "checking for --hash-style option... " >&6; } 88 - +if ${libc_cv_hashstyle+:} false; then : 89 - + $as_echo_n "(cached) " >&6 90 - +else 91 - + cat > conftest.c <<EOF 92 - +int _start (void) { return 42; } 93 - +EOF 94 - +if { ac_try='${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp 95 - + -fPIC -shared -o conftest.so conftest.c 96 - + -Wl,--hash-style=both -nostdlib 1>&5' 97 - + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_try\""; } >&5 98 - + (eval $ac_try) 2>&5 99 - + ac_status=$? 100 - + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 101 - + test $ac_status = 0; }; } 102 - +then 103 - + libc_cv_hashstyle=yes 104 - +else 105 - + libc_cv_hashstyle=no 106 - +fi 107 - +rm -f conftest* 108 - +fi 109 - +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libc_cv_hashstyle" >&5 110 - +$as_echo "$libc_cv_hashstyle" >&6; } 111 - + 112 - + 113 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GLOB_DAT reloc" >&5 114 - $as_echo_n "checking for GLOB_DAT reloc... " >&6; } 115 - if ${libc_cv_has_glob_dat+:} false; then : 116 - diff --git b/configure.ac a/configure.ac 117 - index d08ad4d64e..a045f6608e 100644 118 - --- b/configure.ac 119 - +++ a/configure.ac 120 - @@ -1360,6 +1360,22 @@ LIBC_TRY_CC_OPTION([-fpie], [libc_cv_fpie=yes], [libc_cv_fpie=no]) 121 - 122 - AC_SUBST(libc_cv_fpie) 123 - 124 - +AC_CACHE_CHECK(for --hash-style option, 125 - + libc_cv_hashstyle, [dnl 126 - +cat > conftest.c <<EOF 127 - +int _start (void) { return 42; } 128 - +EOF 129 - +if AC_TRY_COMMAND([${CC-cc} $CFLAGS $CPPFLAGS $LDFLAGS $no_ssp 130 - + -fPIC -shared -o conftest.so conftest.c 131 - + -Wl,--hash-style=both -nostdlib 1>&AS_MESSAGE_LOG_FD]) 132 - +then 133 - + libc_cv_hashstyle=yes 134 - +else 135 - + libc_cv_hashstyle=no 136 - +fi 137 - +rm -f conftest*]) 138 - +AC_SUBST(libc_cv_hashstyle) 139 - + 140 - AC_CACHE_CHECK(for GLOB_DAT reloc, 141 - libc_cv_has_glob_dat, [dnl 142 - cat > conftest.c <<EOF 23 + # Linker options to enable and disable DT_RELR. 24 + ifeq ($(have-dt-relr),yes) 25 + dt-relr-ldflag = -Wl,-z,pack-relative-relocs 143 26 -- 144 - 2.37.1 27 + 2.41.0 145 28
+2
pkgs/development/libraries/libredwg/default.nix
··· 34 34 in '' 35 35 # avoid git dependency 36 36 cp ${printVersion} build-aux/git-version-gen 37 + # failing to build otherwise since glibc-2.38 38 + sed '1i#include <string.h>' -i programs/dwg2SVG.c 37 39 ''; 38 40 39 41 preConfigure = lib.optionalString (stdenv.isDarwin && enablePython) ''
+2
pkgs/development/libraries/rapidjson/default.nix
··· 29 29 url = "https://git.alpinelinux.org/aports/plain/community/rapidjson/do-not-include-gtest-src-dir.patch?id=9e5eefc7a5fcf5938a8dc8a3be8c75e9e6809909"; 30 30 hash = "sha256-BjSZEwfCXA/9V+kxQ/2JPWbc26jQn35CfN8+8NW24s4="; 31 31 }) 32 + # One of these three tests reports memcpy overlap after update to glibc-2.38 33 + ./test-skip-valgrind.diff 32 34 ]; 33 35 34 36 postPatch = ''
+7
pkgs/development/libraries/rapidjson/test-skip-valgrind.diff
··· 1 + --- a/test/unittest/CMakeLists.txt 2 + +++ b/test/unittest/CMakeLists.txt 3 + @@ -82,3 +81,0 @@ 4 + - add_test(NAME valgrind_unittest 5 + - COMMAND valgrind --leak-check=full --error-exitcode=1 ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/unittest --gtest_filter=-SIMD.* 6 + - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/bin) 7 +
+2 -1
pkgs/servers/brickd/default.nix
··· 30 30 ''; 31 31 32 32 buildPhase = '' 33 - export 34 33 # build the brickd binary 35 34 mkdir src/daemonlib 36 35 cp -r ${daemonlib}/* src/daemonlib 36 + substituteInPlace src/daemonlib/utils.{c,h} \ 37 + --replace "_GNU_SOURCE" "__GLIBC__" 37 38 cd src/brickd 38 39 make 39 40
+5
pkgs/tools/admin/rset/default.nix
··· 44 44 license = licenses.isc; 45 45 platforms = platforms.unix; 46 46 maintainers = with maintainers; [ cstrahan ]; 47 + # 2023-08-19, fails to compile with glibc-2.38 because of strlcpy. 48 + # At the time of writing, this was 4 minors behind already and 49 + # the `paths.patch` didn't apply anymore, so this is now considered 50 + # broken until somebody cares enough to fix and upgrade this. 51 + broken = true; 47 52 }; 48 53 }