gnu: glibc: Update to 2.40.

* gnu/packages/base.scm (glibc): Update to 2.40. [replacement]: Remove. (%glibc-patches): Update. (glibc/fixed): Remove. (glibc-for-fhs): Update patch name. * gnu/packages/patches/glibc-hurd64-intr-msg-clobber.patch: Update for 2.40. * gnu/packages/patches/glibc-hurd64-sgms-context.patch: Remove. * gnu/local.mk (dist_patch_DATA): Unregister. * gnu/packages/base.scm (glibc/hurd-headers): Remove it. * gnu/packages/patches/glibc-2.40-dl-cache.patch, gnu/packages/patches/glibc-2.40-CVE-2025-0.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. Change-Id: I7f041a6ff9ea11e4b05a75ca704007deb405653b
2026-05-25 18:41:54 +02:00 · 2025-01-20 00:32:48 +01:00
parent e72c26d7f0
commit 2194d6e99f
6 changed files with 186 additions and 575 deletions
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012-2024 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012-2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2019 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
 ;;; Copyright © 2014, 2015, 2016, 2018 Mark H Weaver <mhw@netris.org>
@@ -893,14 +893,14 @@ the store.")
    (license gpl3+)))

 (define %glibc-patches
-  (list "glibc-2.39-git-updates.patch"
-        "glibc-ldd-powerpc.patch"
+  (list "glibc-ldd-powerpc.patch"
        "glibc-2.38-ldd-x86_64.patch"
-        "glibc-dl-cache.patch"
+        "glibc-2.40-dl-cache.patch"
        "glibc-2.37-versioned-locpath.patch"
        ;; "glibc-allow-kernel-2.6.32.patch"
        "glibc-reinstate-prlimit64-fallback.patch"
        "glibc-supported-locales.patch"
+        "glibc-2.40-CVE-2025-0.patch"
        "glibc-2.37-hurd-clock_t_centiseconds.patch"
        "glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch"
        "glibc-hurd-mach-print.patch"
@@ -912,18 +912,17 @@ the store.")
  ;; version 2.28, GNU/Hurd used a different glibc branch.
  (package
   (name "glibc")
-   (version "2.39")
+   (version "2.40")
   (source (origin
            (method url-fetch)
            (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
            (sha256
             (base32
-              "09nrwb0ksbah9k35jchd28xxp2hidilqdgz7b8v5f30pz1yd8yzp"))
+              "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r"))
            (patches (map search-patch %glibc-patches))))
   (properties `((lint-hidden-cve . ("CVE-2024-2961"
                                     "CVE-2024-33601" "CVE-2024-33602"
                                     "CVE-2024-33600" "CVE-2024-33599"))))
-   (replacement glibc/fixed)
   (build-system gnu-build-system)

   ;; Glibc's <limits.h> refers to <linux/limit.h>, for instance, so glibc
@@ -1201,28 +1200,6 @@ with the Linux kernel.")
   (license lgpl2.0+)
   (home-page "https://www.gnu.org/software/libc/")))

-(define glibc/fixed
-  (package
-    (inherit glibc)
-    (name "glibc")
-    (version (package-version glibc))
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "git://sourceware.org/git/glibc.git")
-                    ;; This is the latest commit from the
-                    ;; 'release/2.39/master' branch, where CVEs and other
-                    ;; important bug fixes are cherry picked.
-                    (commit "2c882bf9c15d206aaf04766d1b8e3ae5b1002cc2")))
-              (file-name (git-file-name name version))
-              (sha256
-               (base32
-                "111yf24g0qcfcxywfzrilmjxysahlbkzxfimcz9rq8p00qzvvf51"))
-              (patches (map search-patch
-                            (fold (cut delete <...>)
-                                  %glibc-patches
-                                  '("glibc-2.39-git-updates.patch"))))))))
-
 ;; Define a variation of glibc which uses the default /etc/ld.so.cache, useful
 ;; in FHS containers.
 (define-public glibc-for-fhs
@@ -1234,7 +1211,7 @@ with the Linux kernel.")
                     ;; directories, re-enabling the default /etc/ld.so.cache
                     ;; behavior.
                     (patches
-                      (delete (search-patch "glibc-dl-cache.patch")
+                      (delete (search-patch "glibc-2.40-dl-cache.patch")
                              (origin-patches (package-source glibc)))))))))

 ;; Below are old libc versions, which we use mostly to build locale data in
@@ -1692,7 +1669,6 @@ command.")
                (search-patches "glibc-hurd-pthread_setcancelstate.patch"
                                "glibc-hurd64-fault.patch"
                                "glibc-hurd64-intr-msg-clobber.patch"
-                                "glibc-hurd64-sgms-context.patch"
                                "glibc-hurd64-gcc-14.2-tls-bug.patch")))))))

 (define-public glibc/hurd-headers