Patching glibc 2.27 on Ubuntu

Patching glibc 2.27 on Ubuntu

[Evgeny Morozov]

Hi,

I'd like to apply a patch from
https://sourceware.org/bugzilla/show_bug.cgi?id=25847 (the "mitigation
patch": https://sourceware.org/bugzilla/attachment.cgi?id=12484) to many
x64 systems running Ubuntu 18.04. They should all have the same version of
the libc6 package installed. Is it possible to build it on one system and
just copy the affected binaries to all of them, or do I have to build and
install it on each system? If I can copy just a few binaries, should I copy
only libpthread.so, libc.so, both, something else?

I was able to build glibc as follows:

sudo apt build-dep glibc
mkdir src
apt source glibc
mkdir build
cd build
../glibc-2.27/configure --prefix=/usr
make -j

This generates a 17MB libc.so file, while the system one is ~2MB. Should I
run strip on it?

Thanks in advance,
Evgeny Morozov

Re: Patching glibc 2.27 on Ubuntu

[Carlos O'Donell]

On 11/25/21 03:53, Evgeny Morozov wrote:
> Hi,
> 
> I'd like to apply a patch from
> https://sourceware.org/bugzilla/show_bug.cgi?id=25847 (the "mitigation
> patch": https://sourceware.org/bugzilla/attachment.cgi?id=12484) to many
> x64 systems running Ubuntu 18.04. They should all have the same version of
> the libc6 package installed. Is it possible to build it on one system and
> just copy the affected binaries to all of them, or do I have to build and
> install it on each system? If I can copy just a few binaries, should I copy
> only libpthread.so, libc.so, both, something else?

You need to integrate the patch into the Ubuntu version of glibc shipping with the distribution.

You should take the patch, and add it to the Ubuntu glibc package as a patch and build the package
using dpkg-buildpackage or a build service.

It is not recommended to build your own glibc and install it into your distribution.

-- 
Cheers,
Carlos.