8 files changed, 25 insertions, 172 deletions

diff --git a/gnu/local.mk b/gnu/local.mk
index 2cad39b714..32292bac16 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1464,7 +1464,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-2.39-git-updates.patch	\
   %D%/packages/patches/glibc-2.39-fmod-libm-a.patch		\
   %D%/packages/patches/glibc-2.40-dl-cache.patch		\
-  %D%/packages/patches/glibc-2.40-CVE-2025-0.patch		\
   %D%/packages/patches/glibc-CVE-2019-7309.patch		\
   %D%/packages/patches/glibc-CVE-2019-9169.patch		\
   %D%/packages/patches/glibc-CVE-2019-19126.patch		\
@@ -1475,7 +1474,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-bootstrap-system-2.2.5.patch 	\
   %D%/packages/patches/glibc-bootstrap-system-2.16.0.patch 	\
   %D%/packages/patches/glibc-bootstrap-system.patch		\
-  %D%/packages/patches/glibc-2.39-bootstrap-system.patch	\
+  %D%/packages/patches/glibc-2.41-bootstrap-system.patch	\
   %D%/packages/patches/glibc-cross-objcopy.patch		\
   %D%/packages/patches/glibc-cross-objdump.patch		\
   %D%/packages/patches/glibc-dl-cache.patch			\
@@ -1483,9 +1482,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-hurd-clock_gettime_monotonic.patch	\
   %D%/packages/patches/glibc-2.31-hurd-clock_gettime_monotonic.patch	\
   %D%/packages/patches/glibc-2.37-hurd-clock_t_centiseconds.patch	\
-  %D%/packages/patches/glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch	\
+  %D%/packages/patches/glibc-2.41-hurd-local-clock_gettime_MONOTONIC.patch	\
   %D%/packages/patches/glibc-2.37-versioned-locpath.patch	\
-  %D%/packages/patches/glibc-2.38-ldd-x86_64.patch		\
+  %D%/packages/patches/glibc-2.41-ldd-x86_64.patch		\
   %D%/packages/patches/glibc-hurd-clock_t_centiseconds.patch	\
   %D%/packages/patches/glibc-hurd-getauxval.patch		\
   %D%/packages/patches/glibc-hurd-gettyent.patch		\
@@ -1493,7 +1492,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/glibc-hurd-pthread_setcancelstate.patch	\
   %D%/packages/patches/glibc-hurd-signal-sa-siginfo.patch	\
   %D%/packages/patches/glibc-hurd64-gcc-14.2-tls-bug.patch	\
-  %D%/packages/patches/glibc-hurd64-fault.patch			\
   %D%/packages/patches/glibc-hurd64-intr-msg-clobber.patch	\
   %D%/packages/patches/glibc-ldd-powerpc.patch			\
   %D%/packages/patches/glibc-ldd-x86_64.patch			\
diff --git a/gnu/packages/base.scm b/gnu/packages/base.scm
index bb1161eedd..608ba839fc 100644
--- a/gnu/packages/base.scm
+++ b/gnu/packages/base.scm
@@ -894,15 +894,14 @@ the store.")
 
 (define %glibc-patches
   (list "glibc-ldd-powerpc.patch"
-        "glibc-2.38-ldd-x86_64.patch"
+        "glibc-2.41-ldd-x86_64.patch"
         "glibc-2.40-dl-cache.patch"
         "glibc-2.37-versioned-locpath.patch"
         ;; "glibc-allow-kernel-2.6.32.patch"
         "glibc-reinstate-prlimit64-fallback.patch"
         "glibc-supported-locales.patch"
-        "glibc-2.40-CVE-2025-0.patch"
         "glibc-2.37-hurd-clock_t_centiseconds.patch"
-        "glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch"
+        "glibc-2.41-hurd-local-clock_gettime_MONOTONIC.patch"
         "glibc-hurd-mach-print.patch"
         "glibc-hurd-gettyent.patch"
         "glibc-hurd-getauxval.patch"))
@@ -912,13 +911,13 @@ the store.")
   ;; version 2.28, GNU/Hurd used a different glibc branch.
   (package
    (name "glibc")
-   (version "2.40")
+   (version "2.41")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/glibc/glibc-" version ".tar.xz"))
             (sha256
              (base32
-              "18h50b0zm8dkpzj81w033v99rbxiykk3v697yr4dfqwjbqbr1a0r"))
+              "00g95047sshv0zxk9ja3mi7lzwi8wh8qx0nxngbvgmj5yli6p8m5"))
             (patches (map search-patch %glibc-patches))))
    (properties `((lint-hidden-cve . ("CVE-2024-2961"
                                      "CVE-2024-33601" "CVE-2024-33602"
@@ -1667,7 +1666,6 @@ command.")
        (patches
         (append (origin-patches (package-source glibc))
                 (search-patches "glibc-hurd-pthread_setcancelstate.patch"
-                                "glibc-hurd64-fault.patch"
                                 "glibc-hurd64-intr-msg-clobber.patch"
                                 "glibc-hurd64-gcc-14.2-tls-bug.patch")))))))
 
diff --git a/gnu/packages/make-bootstrap.scm b/gnu/packages/make-bootstrap.scm
index c2a51f9b8b..03a5198946 100644
--- a/gnu/packages/make-bootstrap.scm
+++ b/gnu/packages/make-bootstrap.scm
@@ -75,7 +75,7 @@ for `sh' in $PATH, and without nscd, and with static NSS modules."
       (source (origin (inherit (package-source base))
                       (patches (append (search-patches
                                         (match (package-version base)
-                                          ("2.39" "glibc-2.39-bootstrap-system.patch")
+                                          ("2.41" "glibc-2.41-bootstrap-system.patch")
                                           (_ "glibc-bootstrap-system.patch")))
                                    (origin-patches (package-source base))))))
       (arguments
diff --git a/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch b/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch
deleted file mode 100644
index 9dd4eee074..0000000000
--- a/gnu/packages/patches/glibc-2.40-CVE-2025-0.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c Mon Sep 17 00:00:00 2001
-From: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Date: Tue, 21 Jan 2025 16:11:06 -0500
-Subject: [PATCH] Fix underallocation of abort_msg_s struct (CVE-2025-0395)
-
-Include the space needed to store the length of the message itself, in
-addition to the message string.  This resolves BZ #32582.
-
-Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-Reviewed: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
-(cherry picked from commit 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578)
----
- assert/assert.c            | 4 +++-
- sysdeps/posix/libc_fatal.c | 4 +++-
- 2 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/assert/assert.c b/assert/assert.c
-index c29629f5f6..b6e37d694c 100644
---- a/assert/assert.c
-+++ b/assert/assert.c
-@@ -18,6 +18,7 @@
- #include <assert.h>
- #include <atomic.h>
- #include <ldsodefs.h>
-+#include <libc-pointer-arith.h>
- #include <libintl.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -65,7 +66,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file,
-       (void) __fxprintf (NULL, "%s", str);
-       (void) fflush (stderr);
- 
--      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
-+      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
-+			GLRO(dl_pagesize));
-       struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE,
- 					MAP_ANON | MAP_PRIVATE, -1, 0);
-       if (__glibc_likely (buf != MAP_FAILED))
-diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c
-index f9e3425e04..089c47b04b 100644
---- a/sysdeps/posix/libc_fatal.c
-+++ b/sysdeps/posix/libc_fatal.c
-@@ -20,6 +20,7 @@
- #include <errno.h>
- #include <fcntl.h>
- #include <ldsodefs.h>
-+#include <libc-pointer-arith.h>
- #include <paths.h>
- #include <stdarg.h>
- #include <stdbool.h>
-@@ -105,7 +106,8 @@ __libc_message_impl (const char *fmt, ...)
-     {
-       WRITEV_FOR_FATAL (fd, iov, iovcnt, total);
- 
--      total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1);
-+      total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1,
-+			GLRO(dl_pagesize));
-       struct abort_msg_s *buf = __mmap (NULL, total,
- 					PROT_READ | PROT_WRITE,
- 					MAP_ANON | MAP_PRIVATE, -1, 0);
--- 
-2.46.0
-
diff --git a/gnu/packages/patches/glibc-2.39-bootstrap-system.patch b/gnu/packages/patches/glibc-2.41-bootstrap-system.patch
index 5495b35948..cdaae7d92f 100644
--- a/gnu/packages/patches/glibc-2.39-bootstrap-system.patch
+++ b/gnu/packages/patches/glibc-2.41-bootstrap-system.patch
@@ -5,18 +5,18 @@ instead uses the hard-coded absolute file name of `bash'.
 
 In addition, status should be initialized to 0 and not -1.
 
-Adapted to glibc-2.39.
+Adapted to glibc-2.41.
 
 diff --git a/libio/iopopen.c b/libio/iopopen.c
 index ebc381ed7c..e0d3ed1bc3 100644
 --- a/libio/iopopen.c
 +++ b/libio/iopopen.c
-@@ -85,8 +85,8 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command,
- 	return false;
+@@ -106,8 +106,8 @@ spawn_process (posix_spawn_file_actions_t *fa, FILE *fp, const char *command,
+ 	}
      }
  
--  err = __posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, 0,
-+  err = __posix_spawnp (&((_IO_proc_file *) fp)->pid, "sh", fa, 0,
+-  err = __posix_spawn (&((_IO_proc_file *) fp)->pid, _PATH_BSHELL, fa, NULL,
++  err = __posix_spawnp (&((_IO_proc_file *) fp)->pid, "sh", fa, NULL,
  		       (char *const[]){ (char*) "sh", (char*) "-c", (char*) "--",
  		       (char *) command, NULL }, __environ);
    if (err != 0)
@@ -38,8 +38,8 @@ index a03f478fc7..94da6facf3 100644
    __posix_spawnattr_setflags (&spawn_attr,
  			      POSIX_SPAWN_SETSIGDEF | POSIX_SPAWN_SETSIGMASK);
  
--  ret = __posix_spawn (&pid, SHELL_PATH, 0, &spawn_attr,
-+  ret = __posix_spawnp (&pid, SHELL_NAME, 0, &spawn_attr,
+-  ret = __posix_spawn (&pid, SHELL_PATH, NULL, &spawn_attr,
++  ret = __posix_spawnp (&pid, SHELL_NAME, NULL, &spawn_attr,
  		       (char *const[]){ (char *) SHELL_NAME,
  					(char *) "-c",
  					(char *) line, NULL },
diff --git a/gnu/packages/patches/glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch b/gnu/packages/patches/glibc-2.41-hurd-local-clock_gettime_MONOTONIC.patch
index 63e06b8519..7af04e2d73 100644
--- a/gnu/packages/patches/glibc-2.37-hurd-local-clock_gettime_MONOTONIC.patch
+++ b/gnu/packages/patches/glibc-2.41-hurd-local-clock_gettime_MONOTONIC.patch
@@ -8,6 +8,8 @@ vlc however doesn't build when _POSIX_CLOCK_SELECTION is enabled but
 _POSIX_TIMERS is not, and they refuse to fix that (see #765578), so disable the
 former.
 
+Adjust for glibc-2.41.
+
 ---
  sysdeps/mach/hurd/bits/posix_opt.h |    2 +-
  sysdeps/unix/clock_gettime.c       |    1 +
@@ -16,11 +18,10 @@ Index: glibc-2.27/sysdeps/mach/clock_gettime.c
 ===================================================================
 --- glibc-2.27.orig/sysdeps/mach/clock_gettime.c
 +++ glibc-2.27/sysdeps/mach/clock_gettime.c
-@@ -31,6 +31,10 @@ __clock_gettime (clockid_t clock_id, str
+@@ -31,6 +31,9 @@ __clock_gettime (clockid_t clock_id, str
    switch (clock_id) {
  
      case CLOCK_REALTIME:
-+    case CLOCK_MONOTONIC:
 +    case CLOCK_MONOTONIC_RAW:
 +    case CLOCK_REALTIME_COARSE:
 +    case CLOCK_MONOTONIC_COARSE:
@@ -48,8 +49,7 @@ Index: glibc-2.27/sysdeps/mach/hurd/bits/posix_opt.h
  #define _POSIX_THREAD_PROCESS_SHARED	-1
  
  /* The monotonic clock might be available.  */
--#define _POSIX_MONOTONIC_CLOCK	0
-+#define _POSIX_MONOTONIC_CLOCK	200809L
+ #define _POSIX_MONOTONIC_CLOCK	200809L
  
 -/* The clock selection interfaces are available.  */
 -#define _POSIX_CLOCK_SELECTION	200809L
@@ -75,61 +75,13 @@ Index: glibc-upstream/sysdeps/posix/clock_getres.c
  
 --- ./sysdeps/mach/clock_nanosleep.c.original	2020-07-21 00:31:35.226113142 +0200
 +++ ./sysdeps/mach/clock_nanosleep.c	2020-07-21 00:31:49.026185761 +0200
-@@ -62,7 +62,7 @@
+@@ -62,8 +62,8 @@
  __clock_nanosleep (clockid_t clock_id, int flags, const struct timespec *req,
  		   struct timespec *rem)
  {
--  if (clock_id != CLOCK_REALTIME
+-  if ((clock_id != CLOCK_REALTIME && clock_id != CLOCK_MONOTONIC)
 +  if ((clock_id != CLOCK_REALTIME && clock_id != CLOCK_MONOTONIC && clock_id != CLOCK_MONOTONIC_RAW && clock_id != CLOCK_REALTIME_COARSE && clock_id != CLOCK_MONOTONIC_COARSE)
+       || req->tv_sec < 0
        || !valid_nanoseconds (req->tv_nsec)
        || (flags != 0 && flags != TIMER_ABSTIME))
      return EINVAL;
-Index: glibc-2.32/hurd/hurdlock.c
-===================================================================
---- glibc-2.32.orig/hurd/hurdlock.c
-+++ glibc-2.32/hurd/hurdlock.c
-@@ -47,7 +47,7 @@ int
- __lll_abstimed_wait (void *ptr, int val,
-   const struct timespec *tsp, int flags, int clk)
- {
--  if (clk != CLOCK_REALTIME)
-+  if (clk != CLOCK_REALTIME && clk != CLOCK_MONOTONIC)
-     return EINVAL;
- 
-   int mlsec = compute_reltime (tsp, clk);
-@@ -59,7 +59,7 @@ int
- __lll_abstimed_wait_intr (void *ptr, int val,
-   const struct timespec *tsp, int flags, int clk)
- {
--  if (clk != CLOCK_REALTIME)
-+  if (clk != CLOCK_REALTIME && clk != CLOCK_MONOTONIC)
-     return EINVAL;
- 
-   int mlsec = compute_reltime (tsp, clk);
-@@ -79,7 +79,7 @@ int
- __lll_abstimed_xwait (void *ptr, int lo, int hi,
-   const struct timespec *tsp, int flags, int clk)
- {
--  if (clk != CLOCK_REALTIME)
-+  if (clk != CLOCK_REALTIME && clk != CLOCK_MONOTONIC)
-     return EINVAL;
- 
-   int mlsec = compute_reltime (tsp, clk);
-@@ -91,7 +91,7 @@ int
- __lll_abstimed_lock (void *ptr,
-   const struct timespec *tsp, int flags, int clk)
- {
--  if (clk != CLOCK_REALTIME)
-+  if (clk != CLOCK_REALTIME && clk != CLOCK_MONOTONIC)
-     return EINVAL;
- 
-   if (__lll_trylock (ptr) == 0)
-@@ -177,7 +177,7 @@ __lll_robust_abstimed_lock (void *ptr,
-   int wait_time = 25;
-   unsigned int val;
- 
--  if (clk != CLOCK_REALTIME)
-+  if (clk != CLOCK_REALTIME && clk != CLOCK_MONOTONIC)
-     return EINVAL;
- 
-   while (1)
diff --git a/gnu/packages/patches/glibc-2.38-ldd-x86_64.patch b/gnu/packages/patches/glibc-2.41-ldd-x86_64.patch
index 9db412b5f2..e5e7220ab1 100644
--- a/gnu/packages/patches/glibc-2.38-ldd-x86_64.patch
+++ b/gnu/packages/patches/glibc-2.41-ldd-x86_64.patch
@@ -3,6 +3,6 @@ it's in 'lib/' for us.  This patch fixes that.
 
 --- glibc-2.38/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed
 +++ glibc-2.38/sysdeps/unix/sysv/linux/x86_64/ldd-rewrite.sed
-@@ -1 +1 @@
--s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ 	]*$_\1"\2\4\6 \264\4-x86-64\6 \2x32\4-x32\6"_
-+s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ 	]*$_\1"\2\4\6 \2\4-x86-64\6 \2x32\4-x32\6"_
+@@ -1,1 +1,1 @@
+-s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ 	]*$_\1"\264\4-x86-64\6 \2\4\6 \2x32\4-x32\6"_
++s_^\(RTLDLIST=\)\(.*lib\)\(\|64\|x32\)\(/[^/]*\)\(-x86-64\|-x32\)\(\.so\.[0-9.]*\)[ 	]*$_\1"\2\4-x86-64\6 \2\4\6 \2x32\4-x32\6"_
diff --git a/gnu/packages/patches/glibc-hurd64-fault.patch b/gnu/packages/patches/glibc-hurd64-fault.patch
deleted file mode 100644
index 24980e8c2a..0000000000
--- a/gnu/packages/patches/glibc-hurd64-fault.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Upstream-status: Taken from: <https://salsa.debian.org/glibc-team/glibc/-/blob/c36c87acb1a35d6e06db6cef1e28cf2f405e1a9e/debian/patches/hurd-i386/git-fault-64bit.diff>.
-
-See <https://lists.gnu.org/archive/html/bug-hurd/2024-11/msg00115.html>.
-
-commit 11ad033e1c09c8b8e7bbaa72420f41ab8bcf0f63
-Author: Flavio Cruz <flaviocruz@gmail.com>
-Date:   Tue Jul 30 00:51:20 2024 -0400
-
-    x86_64 hurd: ensure we have a large enough buffer to receive exception_raise requests.
-    
-    Message-ID: <gtxd6s4s7fi7hdrlb7zayq3akij7x6jqawwq3zfl3v4nqspulo@euucuzeonrl6>
-
-diff --git a/hurd/hurdfault.c b/hurd/hurdfault.c
-index 5110c6030f..1fe973f54d 100644
---- a/hurd/hurdfault.c
-+++ b/hurd/hurdfault.c
-@@ -121,7 +121,14 @@ faulted (void)
-   struct
-     {
-       mach_msg_header_t head;
--      char buf[64];
-+        /* This is the size of the exception_raise request
-+         * including mach_msg_header_t.
-+         * See generated code in faultexc_server.c.  */
-+#ifdef __LP64__
-+        char buf[112];
-+#else
-+        char buf[64];
-+#endif
-     } request;
-   mig_reply_header_t reply;
-   extern int _hurdsig_fault_exc_server (mach_msg_header_t *,