Commit Graph

364 Commits

Author SHA1 Message Date
Anders Kaseorg
974314755e
glibc: Fix segfault in getpwuid when stat fails (#167932)
Fixes #167785 using this patch submitted upstream:

https://sourceware.org/bugzilla/show_bug.cgi?id=28752
https://patchwork.sourceware.org/project/glibc/patch/20220314175316.3239120-2-sam@gentoo.org/

(cherry picked from commit a20e363e6b)
2022-04-10 11:22:27 +02:00
Maximilian Bosch
e110983ed3
glibc: add empty libpthread.a
See https://github.com/NixOS/nixpkgs/pull/133431#discussion_r805338099
2022-02-27 14:06:23 +01:00
Maximilian Bosch
748faeb623
glibc: don't hide symbol __nss_files_fopen
I realized that `libredirect` doesn't wrap `__nss_files_fopen` anymore
which subsequently broke the `checkPhase` of `pkgs.openssh`[1] which was
implemented in 85c63a515d.

The reason for that is what `libc_hidden_{def,proto}` are used for, to
quote `libc-symbols.h`[2]:

    The following macros are used for PLT bypassing within libc.so
    (and if needed other libraries similarly).

This basically means that these symbols are altered in a way so that
they cannot be wrapped by `libredirect` even though it re-defines
`__nss_files_fopen` while being loaded at first with `LD_PRELOAD`.

The problem was caused by a change in 2.34[3] where the `files`-module
for NSS isn't loaded from `libnss_files.so.2` anymore, but the relevant
symbols are directly obtained from `libc.so.6` since a lot of glibc's
APIs were merged into `libc.so.6` before.

As this would effectively break `libredirect` whenever it tries to wrap
C APIs that interact with NSS (e.g. to use `getpwnam(3)`), I decided to
undo this change for `__nss_files_fopen`.

[1] https://hydra.nixos.org/build/160688523
[2] https://sourceware.org/git/?p=glibc.git;a=blob;f=include/libc-symbols.h;h=d41ecf4384d07f9108698dba1d4e9e6a7a9b975f;hb=ae37d06c7d127817ba43850f0f898b793d42aea7
[3] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f9c8b11ed7726b858cd7b7cea0d3d7c5233d78cf;hp=6212bb67f4695962748a5981e1b9fea105af74f6
2022-02-27 10:26:53 +01:00
Maximilian Bosch
1b8aa881ea
glibc: revert /bin/bash usage
Rather than `$BASH`, `glibc` now hardcodes `/bin/bash` as
interpreter[1] in several scripts (including `ldd`).

This is a problem because relevant programs such as `ldd(1)` won't work
properly without this since we set `BASH` to `/bin/sh` to avoid
dependencies to the bootstrap tools for `bash` as runtime-dependency (since
NixOS doesn't have `/bin/bash`).

Considering that this was only done as an "improvement" to their
build-system and not because they wanted to use some bashisms here (the
variable was always called `BASH` and we still used `/bin/sh` anyways),
I'd consider this to be relatively safe.

[1] 5188a9d0265cc6f7235a8af1d31ab02e4a24853d
2022-02-27 10:25:35 +01:00
Maximilian Bosch
9fe34ccfbe
glibc: also create backwards-compat symlinks for libdl and libutil
This fixes at least the openssl build.
2022-02-27 10:25:34 +01:00
Maximilian Bosch
7bc32b3e5c
glibc: symlink libpthread.so -> libpthread.so.0 (same for -lrt) for backwards compatibility
Linking via `-lpthread` (or `-pthread`) is not needed anymore since
`glibc-2.34` since all the functionality is part of `libc.so.6` and
`libpthread.so.6` only exists for backwards-compatibility.

However, e.g. `gcc` (`libgomp` to be precise) expects a `libpthread.so`
to link against, otherwise the configure script will fail. As already
stated in the glibc release-notes itself, it is to expect that a lot
more applications will have issues with this, so I decided to re-add
`libpthread.so` as well.

For `librt.so.1`, the same thing is needed to make sure that Perl still
compiles:

    /nix/store/d6y5r7m93x14bmgn2p75fannz39jz66f-binutils-2.35.1/bin/ld: cannot find -lrt
    collect2: error: ld returned 1 exit status
    make[1]: *** [Makefile:490: ../../lib/auto/Time/HiRes/HiRes.so] Error 1
    make[1]: Leaving directory '/build/perl-5.34.0/dist/Time-HiRes'
2022-02-27 10:25:34 +01:00
Maximilian Bosch
97acaf6d65
glibc: 2.33-108 -> 2.34-115
Announcement: https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html
2022-02-27 10:25:33 +01:00
TredwellGit
f02dc53800 glibc: 2.33-108 -> 2.33-117 2022-02-04 08:01:11 +00:00
TredwellGit
00caaf1e9a glibc: 2.33-78 -> 2.33-108 2022-01-28 09:18:36 +00:00
Vladimír Čunát
13ab7d097f
glibc: 2.33-71 -> 2.33-78 (security)
https://www.openwall.com/lists/oss-security/2022/01/24/4
2022-01-25 11:25:18 +01:00
TredwellGit
8dd2546e75 glibc: 2.33-62 -> 2.33-71
https://sourceware.org/bugzilla/show_bug.cgi?id=22542
https://nvd.nist.gov/vuln/detail/CVE-2022-23219

https://sourceware.org/bugzilla/show_bug.cgi?id=28768
https://nvd.nist.gov/vuln/detail/CVE-2022-23218
2022-01-19 04:14:10 +00:00
TredwellGit
afcb6d3e10 glibc: 2.33-59 -> 2.33-62 2021-12-26 14:03:10 +00:00
TredwellGit
98ab93d191 glibc: 2.33-56 -> 2.33-59 2021-11-28 08:17:25 +00:00
Ryan Burns
2175b157ac treewide: refactor isi686 && isx86_64 -> isx86 2021-11-20 17:50:41 -08:00
github-actions[bot]
eeb7e66e97
Merge master into staging-next 2021-11-06 18:01:01 +00:00
Maximilian Bosch
ac971cdc54
Merge pull request #144417 from sternenseemann/glibc-always-ldd
glibc: include ldd and other scripts in cross-builds
2021-11-06 13:40:04 +01:00
github-actions[bot]
ac4cb43546
Merge staging-next into staging 2021-11-05 00:02:01 +00:00
Maximilian Bosch
b8ab5de781
Merge pull request #142799 from Ma27/glibc-mtrace
mtrace: init at 2.33-50
2021-11-04 23:01:02 +01:00
sternenseemann
e9b9bea261 glibc: include ldd and other scripts in cross-builds
Since the script interpreters are not patched (anymore?), no reference
to any shell is generated by the scripts in glibc's `bin` output:

```
$ nix-store --query --references /nix/store/nmfj3a2k2kr2lypndn37x6qbd8537f9b-glibc-riscv64-unknown-linux-gnu-2.33-50-bin
/nix/store/afgfd3vl3x5zx89awn3fjayn83yl9vcy-glibc-riscv64-unknown-linux-gnu-2.33-50
/nix/store/nmfj3a2k2kr2lypndn37x6qbd8537f9b-glibc-riscv64-unknown-linux-gnu-2.33-50-bin
```

This means that it's safe to include the scripts in glibc's bin output
even in cross builds. One interesting improvement for the future could
be to split these scripts into a separate derivation and properly patch
their script interpreter (currently they are using impure /bin/sh).
2021-11-04 13:05:59 +01:00
Maximilian Bosch
02bce71cab
mtrace: init at 2.33-50
`mtrace(1)` is a small Perl script that interprets and provides
human-readable output for `malloc(3)` traces.

Even though this is actually part of `glibc` itself I decided to place
this into its own package. The main reason for this is that this script
has a runtime dependency on Perl which would complicate `stdenv`
bootstrapping since we'd have to compile another Perl that doesn't depend on
the bootstrap tools that is used as runtime dependency for the
stage2 glibc.

Since this is only a dev/debugging tool, splitting this up seemed like a
reasonable choice to me.

On a leaking C program, this can be used like this:

    $ env MALLOC_TRACE=$(pwd)/trace ./a.out
    $ ./result/bin/mtrace ./trace

    Memory not freed:
    -----------------
               Address     Size     Caller
    0x0000000001875690      0x4  at 0x401151

Closes #141924
2021-10-25 01:01:29 +02:00
TredwellGit
2f0a0cb974 glibc: 2.33-55 -> 2.33-56 2021-10-18 23:34:22 +00:00
Yuka
ba06497904
glibcLocales: support building on musl (#141971) 2021-10-18 08:53:36 +02:00
TredwellGit
7c30fc6cd2 glibc: 2.33-50 -> 2.33-55 2021-10-07 09:29:14 +00:00
github-actions[bot]
55c0ac1484
Merge staging-next into staging 2021-09-24 06:01:40 +00:00
Ryan Burns
40299257cc Merge branch 'master' into staging-next 2021-09-23 18:43:00 -07:00
Silvan Mosberger
82590fed5f glibcLocales: Fix build for duplicates in locales list
Without this patch, setting the same locale twice, e.g. like this in
NixOS:

```nix
{
  i18n.supportedLocales = [
    (config.i18n.defaultLocale + "/UTF-8")
    (config.i18n.defaultLocale + "/UTF-8")
  ];
}
```

Would make the glibcLocales build fail with

```
Error: unsupported locales detected:
en_US.UTF-8/UTF-8 \
You should choose from the list above the error.
```
2021-09-22 19:27:53 +02:00
Jörg Thalheim
a65e3b66cb
Merge pull request #137601 from fzakaria/faridzakaria/glibc-netbase
glibc: allow environment variable for /etc/ files (i.e. /etc/protocols)
2021-09-21 08:07:02 +01:00
Farid Zakaria
4687d7523b glibc: add dependency on netbase /etc/protocols
Add an explicit dependency on netbase for /etc/protocols

Certain functions in glibc look for files present in /etc such as getprotobyname which reads /etc/protocols.
If you are using Nix over a Linux installation, this file may not be present, and therefore it will cause errors.

- add netbase as a new package in nixpks
- add a dependency in glibc on it using postPatchPhase and substitute
the path

Fixes #124401
2021-09-19 19:37:56 -07:00
Martin Weinelt
7f732aca66 Revert "Merge remote-tracking branch 'origin/python-unstable' into staging-next"
This reverts commit b041b2e1b2, reversing
changes made to 5b6c2380ad.
2021-09-05 15:02:25 +02:00
TredwellGit
22b6677be5 glibc: 2.33-49 -> 2.33-50 2021-08-26 05:15:49 +00:00
TredwellGit
e78c292010 glibc: 2.33-47 -> 2.33-49
https://sourceware.org/bugzilla/show_bug.cgi?id=28213
2021-08-19 03:33:29 +00:00
TredwellGit
c2d4ce2808
Pick #130412: glibc: 2.33-45 -> 2.33-47 (security)
Includes CVE-2021-35942.
https://sourceware.org/bugzilla/show_bug.cgi?id=28011
2021-07-17 21:01:27 +02:00
Bernardo Meurer
acdcb8566a
glibc: 2.32-46 -> 2.33-45 2021-07-06 16:02:15 +02:00
misuzu
33f09f4713 glibc: use --enable-static-pie only on supported platforms
glibc fails to build for armv7l without this change.
2021-07-02 18:08:26 +03:00
TredwellGit
e58564267b glibc: 2.32-46 -> 2.32-48
https://sourceware.org/bugzilla/show_bug.cgi?id=27896
https://nvd.nist.gov/vuln/detail/CVE-2021-33574
2021-06-10 23:22:45 +00:00
github-actions[bot]
a1f68141f3
Merge staging-next into staging 2021-06-06 18:30:36 +00:00
Andrew Childs
e57b58bd0e glibc: fix build vs host tool confusion
Fixes cross compilation from aarch64-linux -> armv7l-linux
2021-06-04 21:44:23 +09:00
Jörg Thalheim
5551a78578
Merge pull request #123989 from Mic92/static-pie
glibc: allow to build position-independent static executable
2021-05-25 06:32:25 +01:00
Jörg Thalheim
61c74e1aee
glibc: allow to build position-independent static executable
This enables ALSR on static executables, which makes them harder to
exploit by providing a crt suitable for static PIEs.

Does this break existing binaries? Likely not. Static-pie is only
used if explicitly enabled.
2021-05-22 13:33:49 +02:00
Jonathan Ringer
a459e51174 glibc: restore version passthru
downstream packages use the major.minor version
to determine ABI compatibility and paths which
do not depend on patch version
2021-05-18 12:54:43 -07:00
John Ericson
77e97ac4ca glibc: Use pname and version 2021-05-10 20:56:33 +00:00
TredwellGit
ba793bcaa8 glibc: 2.32-40 -> 2.32-46 2021-04-14 07:13:15 +00:00
TredwellGit
6fb325e389 glibc: 2.32-39 -> 2.32-40 2021-03-30 19:10:03 +00:00
TredwellGit
9e06efd3c8 glibc: 2.32-37 -> 2.32-39
https://sourceware.org/bugzilla/show_bug.cgi?id=27462
https://nvd.nist.gov/vuln/detail/CVE-2021-27645
2021-03-09 02:48:09 +00:00
TredwellGit
1ef3b900c6 glibc: 2.32-35 -> 2.32-37 2021-01-29 07:50:56 +00:00
Jan Tojnar
01ee4ea574
Merge branch 'master' into staging-next 2021-01-24 00:09:45 +01:00
John Ericson
9c213398b3 lib: Clean up how linux and gcc config is specified
Second attempt of 8929989614589ee3acd070a6409b2b9700c92d65; see that
commit for details.

This reverts commit 0bc275e634.
2021-01-23 10:01:28 -05:00
Jonathan Ringer
0bc275e634
Revert "lib: Clean up how linux and gcc config is specified"
This is a stdenv-rebuild, and should not be merged
into master

This reverts commit 8929989614.
2021-01-22 14:07:06 -08:00
TredwellGit
733b53313c glibc: 2.32-25 -> 2.32-35 2021-01-22 21:36:16 +01:00
John Ericson
d95aebbe0e
Merge pull request #107214 from Ericson2314/linux-config-cleanup
lib: Clean up how linux and gcc config is specified
2021-01-22 15:15:58 -05:00