[glibc] Bump version to 2.38

Also drop the fix for CVE-2023-25139 (glibc bug 30068) as it's included
in the 2.38 release.

Signed-off-by: Kailun Qin <kailun.qin@intel.com>

meson.build

@@ -283,7 +283,7 @@ subdir('python')
 subdir('tools')
 
 if get_option('libc') == 'glibc'
-    subproject('glibc-2.37-1')
+    subproject('glibc-2.38-1')
 elif get_option('libc') == 'musl'
     subproject('musl-1.2.4')
 endif

subprojects/glibc-2.37-1.wrap → subprojects/glibc-2.38-1.wrap

@@ -1,15 +1,15 @@
 # NOTE: We use a custom version number (the `-1` suffix) to force Meson to rebuild when there is a
 # breaking change to the interface between Glibc and Gramine. The important part is that the
-# directory in `subprojects` has to change (`subprojects/glibc-2.37-1`, `subprojects/glibc-2.37-2`
+# directory in `subprojects` has to change (`subprojects/glibc-2.38-1`, `subprojects/glibc-2.38-2`
 # etc.)
 
 [wrap-file]
-directory = glibc-2.37-1
-source_url = https://ftp.gnu.org/gnu/glibc/glibc-2.37.tar.gz
-source_fallback_url = https://packages.gramineproject.io/distfiles/glibc-2.37.tar.gz
-source_filename = glibc-2.37.tar.gz
-source_hash = 811f19f9200118ff94ede28a6e12307584152cdcbf3d366cd729ea2f855db255
-patch_directory = glibc-2.37
+directory = glibc-2.38-1
+source_url = https://ftp.gnu.org/gnu/glibc/glibc-2.38.tar.gz
+source_fallback_url = https://packages.gramineproject.io/distfiles/glibc-2.38.tar.gz
+source_filename = glibc-2.38.tar.gz
+source_hash = 16e51e0455e288f03380b436e41d5927c60945abd86d0c9852b84be57dd6ed5e
+patch_directory = glibc-2.38
 
-# this unpacks the sources to `glibc-2.37-1/glibc-2.37`
+# this unpacks the sources to `glibc-2.38-1/glibc-2.38`
 lead_directory_missing = true

subprojects/packagefiles/glibc-2.37/hp-timing.patch → subprojects/packagefiles/glibc-2.38/hp-timing.patch

@@ -1,5 +1,5 @@
 diff --git a/sysdeps/x86/hp-timing.h b/sysdeps/x86/hp-timing.h
-index 6a5a66191c670c661516ec29ed29a68244ba387e..5f3f79ab830270ce5a44f4f37e94f07e6a633f11 100644
+index 15e9106105dab9e3f283d320d56ab3283022c2fa..ad0b2360896f00e87c585a4cfd9412b84569d8bf 100644
 --- a/sysdeps/x86/hp-timing.h
 +++ b/sysdeps/x86/hp-timing.h
 @@ -17,45 +17,7 @@
@@ -20,7 +20,7 @@ index 6a5a66191c670c661516ec29ed29a68244ba387e..5f3f79ab830270ce5a44f4f37e94f07e
 -/* That's quite simple.  Use the `rdtsc' instruction.  Note that the value
 -   might not be 100% accurate since there might be some more instructions
 -   running in this moment.  This could be changed by using a barrier like
--   'cpuid' right before the `rdtsc' instruciton.  But we are not interested
+-   'cpuid' right before the `rdtsc' instruction.  But we are not interested
 -   in accurate clock cycles here so we don't do this.
 -
 -   NB: Use __builtin_ia32_rdtsc directly since including <x86intrin.h>

subprojects/packagefiles/glibc-2.37/meson.build → subprojects/packagefiles/glibc-2.38/meson.build

@@ -1,4 +1,4 @@
-project('glibc', 'c', version: '2.37')
+project('glibc', 'c', version: '2.38')
 
 fs = import('fs')
 
@@ -60,7 +60,7 @@ glibc = custom_target('glibc',
         find_program('compile.sh'),
         host_machine.cpu_family(),
         '@CURRENT_SOURCE_DIR@',
-        '@CURRENT_SOURCE_DIR@/glibc-2.37',
+        '@CURRENT_SOURCE_DIR@/glibc-2.38',
         meson.current_build_dir(),
         '@PRIVATE_DIR@',
         get_option('prefix'),
@@ -70,15 +70,9 @@ glibc = custom_target('glibc',
     ],
 
     input: [
-        'glibc-2.37/configure',
+        'glibc-2.38/configure',
         'gramine-syscall.patch',
         'hp-timing.patch',
-        # backporting the fix for CVE-2023-25139; drop when we update to glibc 2.38;
-        # see the following:
-        #  - https://nvd.nist.gov/vuln/detail/CVE-2023-25139
-        #  - https://sourceware.org/bugzilla/show_bug.cgi?id=30068
-        #  - https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=c980549cc6a1c03c23cc2fe3e7b0fe626a0364b0
-        'fix-bug-30068.patch',
     ],
 
     output: glibc_output,