Ludovic Courtès writes: > Marius Bakke skribis: > >> Ludovic Courtès writes: >> >>> Hi, >>> >>> Marius Bakke skribis: >>> >>>> From a5b022a355a0babdc4809f39f94b6662ea7789d1 Mon Sep 17 00:00:00 2001 >>>> From: Marius Bakke >>>> Date: Sat, 25 Nov 2017 19:17:28 +0100 >>>> Subject: [PATCH] gnu: glibc: Update to 2.26-91-gaaa2eb83b8. >>>> >>>> * gnu/packages/base.scm (glibc/linux): Update to 2.26-91-gaaa2eb83b8. >>>> [source](uri): Download from alpha.gnu.org. >>>> [source](patches): Remove glibc-CVE-2017-15670-15671.patch. >>>> --- >>>> gnu/packages/base.scm | 17 ++++++++++++----- >>>> 1 file changed, 12 insertions(+), 5 deletions(-) >>>> >>>> diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm >>>> index a6663c5cf..20d5fa72b 100644 >>>> --- a/gnu/packages/base.scm >>>> +++ b/gnu/packages/base.scm >>>> @@ -515,14 +515,22 @@ store.") >>>> (define-public glibc/linux >>>> (package >>>> (name "glibc") >>>> - (version "2.26") >>>> + ;; Glibc has stable branches that continuously pick fixes for each supported >>>> + ;; release. Unfortunately they do not do point-releases, so we are stuck >>>> + ;; with copying almost all patches, or use a snapshot of the release branch. >>>> + ;; >>>> + ;; This version number corresponds to the output of `git describe` and the >>>> + ;; archive can be generated by checking out the commit ID and run: >>>> + ;; git archive --prefix=$(git describe)/ HEAD | xz -9 > $(git describe).tar.xz >>>> + ;; See for details. >>>> + (version "2.26-91-gaaa2eb83b8") >>>> (source (origin >>>> (method url-fetch) >>>> - (uri (string-append "mirror://gnu/glibc/glibc-" >>>> - version ".tar.xz")) >>>> + (uri (string-append "https://alpha.gnu.org/gnu/guix/mirror/" >>>> + "glibc-" version ".tar.xz")) >>>> (sha256 >>>> (base32 >>>> - "1ggnj1hzjym7sn93rbwydcqd562q73lsb7g7kd199g6j9j9hlkp5")) >>>> + "0867nxcv3n48iq3b5f1hca7cyx8pzjva67rxyslf9l595xd934kx")) >>> >>> I’ve built the tarball locally with the command above but the hash I get is: >>> >>> 1zwz6d0x3ndd0hgqp17fx71miyjvn4dgkl1nzhaz3mbcqxzrprhk >> >> Gah. I used "xz --threads=0" initially and didn't expect it to change >> the outcome. >> >> I can reproduce the above hash by running the same command: >> >> $ git archive --prefix=$(git describe)/ HEAD | xz -9 > $(git describe)-nothreads.tar.xz >> $ guix hash glibc-2.26-91-gaaa2eb83b8-nothreads.tar.xz >> 1zwz6d0x3ndd0hgqp17fx71miyjvn4dgkl1nzhaz3mbcqxzrprhk >> >> Let's stick with the "nothreads" variant for compatibility. > > OK, it’s now available at > . > > Thank you! Typical: The 2.26 branch just got 10 new commits that look important: https://sourceware.org/git/?p=glibc.git;a=shortlog;h=refs/heads/release/2.26/master Especially the malloc() fixes. Should we pick them while we still have time, or update the snapshot?