Commit Graph

379 Commits

Author SHA1 Message Date
github-actions[bot]
4ad33a5c7c
Merge master into staging-next 2022-08-18 06:01:24 +00:00
Sergei Trofimovich
198a940c61 glibc: add a few TODOs aroung libgcc_s.so hack
Make it clearer why the hack is still there.
2022-08-18 06:36:13 +01:00
Sergei Trofimovich
b3b672d5a1 setup-hooks/separate-debug-info.sh: don't inhibit strip hook
Before the change separate-debug-info.sh did the stripping itself.
This scheme has a few problems:
1. Stripping happens only on ELF files. *.a and *.o files are skipped.
   Derivations have to do it manually. Usually incorrectly
   as they don't run $RANLIB (true for `glibc` and `musl`).
2. Stripping happens on all paths. Ideally only `stripDebugList` paths
   should be considered.
3. Host strip is called on Target files.

This change offloads stripping logic to strip hook. This strips more
files for `glibc` and `musl`. Now we can remove most $STRIP calls
from individual derivations.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
2022-08-07 12:49:37 +01:00
Jörg Thalheim
5de6b3ecd7
Merge pull request #182281 from helsinki-systems/feat/glibc-sec
glibc: improve configure options
2022-07-27 22:09:44 +01:00
Bernardo Meurer
272fc53af1 glibc: 2.34-210 -> 2.35-163 2022-07-22 22:31:14 -07:00
ajs124
1487fabf60 glibc: enable Intel CET on x86 2022-07-21 00:32:03 +02:00
ajs124
8f3c8aee8a glibc: explicitly enable stack-protector
should be detected automatically
2022-07-21 00:32:03 +02:00
ajs124
34b92568d1 glibc: remove obsolete configure option
see https://sourceware.org/bugzilla/show_bug.cgi?id=27872
2022-07-21 00:32:03 +02:00
github-actions[bot]
1767ba1baa
Merge master into staging-next 2022-05-29 18:01:10 +00:00
Artturin
513b7f1010 glibc_multi: match output ordering of glibc
glibc has an exception in that 'out' is the default output instead of 'bin'

it should be matched here for consistency
2022-05-29 19:54:32 +03:00
sternenseemann
dd0b96be19
Merge pull request #173893 from trofi/fix-glibc-for-gnat6
glibc: apply pending PR29162 to unbreak gnat6
2022-05-23 20:17:48 +02:00
Sergei Trofimovich
3c211fb591 glibc: apply pending PR29162 to unbreak gnat6
commit e938c0274 "Don't add access size hints to fortifiable functions"
converted a few '__attr_access ((...))' into '__fortified_attr_access (...)'
calls.

But one of conversions had double parentheses of '__fortified_attr_access (...)'.

Noticed as a gnat6 build failure:

    /<<NIX>>-glibc-2.34-210-dev/include/bits/string_fortified.h:110:50: error: macro "__fortified_attr_access" requires 3 arguments, but only 1 given

The change fixes parentheses.
2022-05-23 18:40:49 +01:00
Artturin
0f9ee45a6d glibc: enable strictDeps
verified by building and diffing 'glibc' and 'glibcInfo'
2022-05-22 16:40:40 +03:00
Maximilian Bosch
5a3e803bf3
glibc: 2.34-115 -> 2.34-210 2022-05-06 10:28:53 +02:00
Sergei Trofimovich
bf990cc3cc glibc: unconditionally disable pie
glibc already has to be careful not to create extra dynamic relocations
in ld.so. For that it enables -fPIC/-fPIE selectively.
2022-04-18 16:06:50 +01:00
Anders Kaseorg
a20e363e6b
glibc: Fix segfault in getpwuid when stat fails (#167932)
Fixes #167785 using this patch submitted upstream:

https://sourceware.org/bugzilla/show_bug.cgi?id=28752
https://patchwork.sourceware.org/project/glibc/patch/20220314175316.3239120-2-sam@gentoo.org/

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2022-04-10 07:11:57 +02:00
Maximilian Bosch
e110983ed3
glibc: add empty libpthread.a
See https://github.com/NixOS/nixpkgs/pull/133431#discussion_r805338099
2022-02-27 14:06:23 +01:00
Maximilian Bosch
748faeb623
glibc: don't hide symbol __nss_files_fopen
I realized that `libredirect` doesn't wrap `__nss_files_fopen` anymore
which subsequently broke the `checkPhase` of `pkgs.openssh`[1] which was
implemented in 85c63a515d.

The reason for that is what `libc_hidden_{def,proto}` are used for, to
quote `libc-symbols.h`[2]:

    The following macros are used for PLT bypassing within libc.so
    (and if needed other libraries similarly).

This basically means that these symbols are altered in a way so that
they cannot be wrapped by `libredirect` even though it re-defines
`__nss_files_fopen` while being loaded at first with `LD_PRELOAD`.

The problem was caused by a change in 2.34[3] where the `files`-module
for NSS isn't loaded from `libnss_files.so.2` anymore, but the relevant
symbols are directly obtained from `libc.so.6` since a lot of glibc's
APIs were merged into `libc.so.6` before.

As this would effectively break `libredirect` whenever it tries to wrap
C APIs that interact with NSS (e.g. to use `getpwnam(3)`), I decided to
undo this change for `__nss_files_fopen`.

[1] https://hydra.nixos.org/build/160688523
[2] https://sourceware.org/git/?p=glibc.git;a=blob;f=include/libc-symbols.h;h=d41ecf4384d07f9108698dba1d4e9e6a7a9b975f;hb=ae37d06c7d127817ba43850f0f898b793d42aea7
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f9c8b11ed7726b858cd7b7cea0d3d7c5233d78cf;hp=6212bb67f4695962748a5981e1b9fea105af74f6
2022-02-27 10:26:53 +01:00
Maximilian Bosch
1b8aa881ea
glibc: revert /bin/bash usage
Rather than `$BASH`, `glibc` now hardcodes `/bin/bash` as
interpreter[1] in several scripts (including `ldd`).

This is a problem because relevant programs such as `ldd(1)` won't work
properly without this since we set `BASH` to `/bin/sh` to avoid
dependencies to the bootstrap tools for `bash` as runtime-dependency (since
NixOS doesn't have `/bin/bash`).

Considering that this was only done as an "improvement" to their
build-system and not because they wanted to use some bashisms here (the
variable was always called `BASH` and we still used `/bin/sh` anyways),
I'd consider this to be relatively safe.

[1] 5188a9d0265cc6f7235a8af1d31ab02e4a24853d
2022-02-27 10:25:35 +01:00
Maximilian Bosch
9fe34ccfbe
glibc: also create backwards-compat symlinks for libdl and libutil
This fixes at least the openssl build.
2022-02-27 10:25:34 +01:00
Maximilian Bosch
7bc32b3e5c
glibc: symlink libpthread.so -> libpthread.so.0 (same for -lrt) for backwards compatibility
Linking via `-lpthread` (or `-pthread`) is not needed anymore since
`glibc-2.34` since all the functionality is part of `libc.so.6` and
`libpthread.so.6` only exists for backwards-compatibility.

However, e.g. `gcc` (`libgomp` to be precise) expects a `libpthread.so`
to link against, otherwise the configure script will fail. As already
stated in the glibc release-notes itself, it is to expect that a lot
more applications will have issues with this, so I decided to re-add
`libpthread.so` as well.

For `librt.so.1`, the same thing is needed to make sure that Perl still
compiles:

    /nix/store/d6y5r7m93x14bmgn2p75fannz39jz66f-binutils-2.35.1/bin/ld: cannot find -lrt
    collect2: error: ld returned 1 exit status
    make[1]: *** [Makefile:490: ../../lib/auto/Time/HiRes/HiRes.so] Error 1
    make[1]: Leaving directory '/build/perl-5.34.0/dist/Time-HiRes'
2022-02-27 10:25:34 +01:00
Maximilian Bosch
97acaf6d65
glibc: 2.33-108 -> 2.34-115
Announcement: https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html
2022-02-27 10:25:33 +01:00
TredwellGit
f02dc53800 glibc: 2.33-108 -> 2.33-117 2022-02-04 08:01:11 +00:00
TredwellGit
00caaf1e9a glibc: 2.33-78 -> 2.33-108 2022-01-28 09:18:36 +00:00
Vladimír Čunát
13ab7d097f
glibc: 2.33-71 -> 2.33-78 (security)
https://www.openwall.com/lists/oss-security/2022/01/24/4
2022-01-25 11:25:18 +01:00
TredwellGit
8dd2546e75 glibc: 2.33-62 -> 2.33-71
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://nvd.nist.gov/vuln/detail/CVE-2022-23219

https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://nvd.nist.gov/vuln/detail/CVE-2022-23218
2022-01-19 04:14:10 +00:00
TredwellGit
afcb6d3e10 glibc: 2.33-59 -> 2.33-62 2021-12-26 14:03:10 +00:00
TredwellGit
98ab93d191 glibc: 2.33-56 -> 2.33-59 2021-11-28 08:17:25 +00:00
Ryan Burns
2175b157ac treewide: refactor isi686 && isx86_64 -> isx86 2021-11-20 17:50:41 -08:00
github-actions[bot]
eeb7e66e97
Merge master into staging-next 2021-11-06 18:01:01 +00:00
Maximilian Bosch
ac971cdc54
Merge pull request #144417 from sternenseemann/glibc-always-ldd
glibc: include ldd and other scripts in cross-builds
2021-11-06 13:40:04 +01:00
github-actions[bot]
ac4cb43546
Merge staging-next into staging 2021-11-05 00:02:01 +00:00
Maximilian Bosch
b8ab5de781
Merge pull request #142799 from Ma27/glibc-mtrace
mtrace: init at 2.33-50
2021-11-04 23:01:02 +01:00
sternenseemann
e9b9bea261 glibc: include ldd and other scripts in cross-builds
Since the script interpreters are not patched (anymore?), no reference
to any shell is generated by the scripts in glibc's `bin` output:

```
$ nix-store --query --references /nix/store/nmfj3a2k2kr2lypndn37x6qbd8537f9b-glibc-riscv64-unknown-linux-gnu-2.33-50-bin
/nix/store/afgfd3vl3x5zx89awn3fjayn83yl9vcy-glibc-riscv64-unknown-linux-gnu-2.33-50
/nix/store/nmfj3a2k2kr2lypndn37x6qbd8537f9b-glibc-riscv64-unknown-linux-gnu-2.33-50-bin
```

This means that it's safe to include the scripts in glibc's bin output
even in cross builds. One interesting improvement for the future could
be to split these scripts into a separate derivation and properly patch
their script interpreter (currently they are using impure /bin/sh).
2021-11-04 13:05:59 +01:00
Maximilian Bosch
02bce71cab
mtrace: init at 2.33-50
`mtrace(1)` is a small Perl script that interprets and provides
human-readable output for `malloc(3)` traces.

Even though this is actually part of `glibc` itself I decided to place
this into its own package. The main reason for this is that this script
has a runtime dependency on Perl which would complicate `stdenv`
bootstrapping since we'd have to compile another Perl that doesn't depend on
the bootstrap tools that is used as runtime dependency for the
stage2 glibc.

Since this is only a dev/debugging tool, splitting this up seemed like a
reasonable choice to me.

On a leaking C program, this can be used like this:

    $ env MALLOC_TRACE=$(pwd)/trace ./a.out
    $ ./result/bin/mtrace ./trace

    Memory not freed:
    -----------------
               Address     Size     Caller
    0x0000000001875690      0x4  at 0x401151

Closes #141924
2021-10-25 01:01:29 +02:00
TredwellGit
2f0a0cb974 glibc: 2.33-55 -> 2.33-56 2021-10-18 23:34:22 +00:00
Yuka
ba06497904
glibcLocales: support building on musl (#141971) 2021-10-18 08:53:36 +02:00
TredwellGit
7c30fc6cd2 glibc: 2.33-50 -> 2.33-55 2021-10-07 09:29:14 +00:00
github-actions[bot]
55c0ac1484
Merge staging-next into staging 2021-09-24 06:01:40 +00:00
Ryan Burns
40299257cc Merge branch 'master' into staging-next 2021-09-23 18:43:00 -07:00
Silvan Mosberger
82590fed5f glibcLocales: Fix build for duplicates in locales list
Without this patch, setting the same locale twice, e.g. like this in
NixOS:

```nix
{
  i18n.supportedLocales = [
    (config.i18n.defaultLocale + "/UTF-8")
    (config.i18n.defaultLocale + "/UTF-8")
  ];
}
```

Would make the glibcLocales build fail with

```
Error: unsupported locales detected:
en_US.UTF-8/UTF-8 \
You should choose from the list above the error.
```
2021-09-22 19:27:53 +02:00
Jörg Thalheim
a65e3b66cb
Merge pull request #137601 from fzakaria/faridzakaria/glibc-netbase
glibc: allow environment variable for /etc/ files (i.e. /etc/protocols)
2021-09-21 08:07:02 +01:00
Farid Zakaria
4687d7523b glibc: add dependency on netbase /etc/protocols
Add an explicit dependency on netbase for /etc/protocols

Certain functions in glibc look for files present in /etc such as getprotobyname which reads /etc/protocols.
If you are using Nix over a Linux installation, this file may not be present, and therefore it will cause errors.

- add netbase as a new package in nixpks
- add a dependency in glibc on it using postPatchPhase and substitute
the path

Fixes #124401
2021-09-19 19:37:56 -07:00
Martin Weinelt
7f732aca66 Revert "Merge remote-tracking branch 'origin/python-unstable' into staging-next"
This reverts commit b041b2e1b2, reversing
changes made to 5b6c2380ad.
2021-09-05 15:02:25 +02:00
TredwellGit
22b6677be5 glibc: 2.33-49 -> 2.33-50 2021-08-26 05:15:49 +00:00
TredwellGit
e78c292010 glibc: 2.33-47 -> 2.33-49
https://sourceware.org/bugzilla/show_bug.cgi?id=28213
2021-08-19 03:33:29 +00:00
TredwellGit
c2d4ce2808
Pick #130412: glibc: 2.33-45 -> 2.33-47 (security)
Includes CVE-2021-35942.
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
2021-07-17 21:01:27 +02:00
Bernardo Meurer
acdcb8566a
glibc: 2.32-46 -> 2.33-45 2021-07-06 16:02:15 +02:00
misuzu
33f09f4713 glibc: use --enable-static-pie only on supported platforms
glibc fails to build for armv7l without this change.
2021-07-02 18:08:26 +03:00
TredwellGit
e58564267b glibc: 2.32-46 -> 2.32-48
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://nvd.nist.gov/vuln/detail/CVE-2021-33574
2021-06-10 23:22:45 +00:00