Added glibc with no-builtin-strlen

This commit is contained in:
Austen Adler 2016-11-22 14:42:29 -05:00
parent 8a484482ab
commit 60b8050349
No known key found for this signature in database
GPG Key ID: 7ECEE590CCDFE3F1
41 changed files with 6375 additions and 0 deletions

61
sys-libs/glibc/Manifest Normal file
View File

@ -0,0 +1,61 @@
AUX 2.10/glibc-2.10-gentoo-chk_fail.c 9407 SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e SHA512 d1c51c573353b3b8ae6ab1bcc8c10eda5cad8b98fc7ab4848e4fbd8a8736174f3c3fd1b72dd80c72b1e54be78f1cae4dc1ab8130df25aa6d1495e5cbbaf3b9f6 WHIRLPOOL 32028ddeb422d89c0523fec994413e67c6afd9fcfdaf147d3d6a28bd02f8feabda9571ced4509253b7061a95bb2c16cecf94a4274671b33909ff545b1787f101
AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 SHA512 e0a09f77b209a72ab577fe1e62126609fdddedf3fba0eec749c4b506cdf793779b48390f055a3594892120f694291f8340c0b6f51862e94c03fd516897138be7 WHIRLPOOL d1b8e1536696350e0ed9eaf9a923daa7c004ef40ae94c1c3ba3d6cb293f1c19364cefbe8491089061124cbe26a9fded9f3d38d89f1bda56d408162e53702e8d4
AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 SHA512 0605b7964af87d1d6bdccea5c4d1bfe6267d4401b8bbf0c8bb689663e6bb3ef92eebad8be6c23ffdf6632a4d5e6098d8a403c3e84ffb21b5e87b5b1d1ec3512d WHIRLPOOL 635261b547883bbfbe23c802fcf97916dee823b367f96732ccecd7506dff004b87f2d36d97ed398510711330f3a53f039a14e226d20a681cc201a8c7a3450833
AUX 2.17/glibc-2.17-hardened-pie.patch 1784 SHA256 bba32e40c73aef20122b2825f31e5c3aa058b61feae4f32f336e1941f83f82d1 SHA512 9ecfe2b6c8c982a42786181d6507d5fa588a6868109065451f58a779848837bd5e69c32a24e43a186c2ff63a9784015c51487e342c87982ac074139e36c169fc WHIRLPOOL 1baffbef9e6d870ea2f2ae5be014b71020a213a1a11e9856fa207545867de444ed164cb926b2aac23471854eaaf72a87e38760702b32bfcfa639add8733d925e
AUX 2.18/glibc-2.18-gentoo-chk_fail.c 9384 SHA256 e6ed60f4e0d262aaaffac2b84fd2fcf7906965dc9d91a2150b8b2d9f50e7b9e4 SHA512 f7106e36fa49b0000192c281edfcd49338c825b8b8663ac9d7304e8fe8b2f44b39c6c82a741b8e8abce4cbe2fd72f64e3cfe7a18ff504a4b2b2d63e5c75d62b7 WHIRLPOOL 80aa86694aedf306276ba74334a14e98b108caca046430e6ce71ec67221ef716e7350a667929bf79277bfa9f0eaa23d4544f8acf7e32fd54a26b3a0f5ebc596c
AUX 2.18/glibc-2.18-gentoo-stack_chk_fail.c 9599 SHA256 039a6249236c60bb909e67339fd7ef6eefd1f4bb71b8cd39f4fe04530c536315 SHA512 97acbdb8aa87dd7e197a1577bd053374b1c8c30d6c82f4a71ef04409bf87b36a60322237cb79896ebdb49960fcaae4c4f2333497f5c255f67717b01d6d62c2d5 WHIRLPOOL 40ed26d3a251a6f4de125a588bafb911b7ba4867f5139142c00a2bc2f2616658a45cff144d2629bdf33cadece020ed6a1bd7a74047da812821cdb6d3e8253f40
AUX 2.18/glibc-2.18-hardened-inittls-nosysenter.patch 8981 SHA256 3fcdef34164b7fa6e493e081d32427017d239236aa4e183e3a470fe49a028eb7 SHA512 98feb8f12dc5d2bb030ec7c6c77f3f9389ebc208fafc96496f316e577457dd991294d59735b013b17e1d10d5c7b63471d5b857d2334be78239a8ceb1ad62b1fc WHIRLPOOL 52ac2452fe3f9ec6ac3f4635cf017d1347eda6b950f25ecee6ef1b444de97fad5a1792432e0c783375fc7d07c80b4cd77e48a6d6051aec3933696e2f17fcec18
AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0
AUX 2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch 1360 SHA256 f0d8bb004f598375b61e67e1c215b15953c293038243207f2d85cbe9f10d093e SHA512 79876b12871b3e7693340bfdf99276ac0dfd6ff30bc977a9526af9e681fcbab2f25d3ac9e2b33f027c968b38a4b670237de54ffd08edc418423ecd82dddd1d67 WHIRLPOOL 5ca64dddf58a790cc5f6090ae48fc4bd4799a9aac4c67f6ef7d1fea9498208ffc38ee8167b6ec80dc97c4f723fcdfade8f573893f1b380aff04f6d0476d0d253
AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d
AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c
AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f
AUX 2.6/glibc-2.6-gentoo-stack_chk_fail.c 9545 SHA256 1410ded812be80d452eada5f9d6b9bd7bdb504c14f01cc27dce3e36b6f92b92a SHA512 360b77df2d19d14060e19e763878297bf042eccd5206ce4829a33c78c982b59b46144116d237a7cac73a22dd6cb4987c8dd50f1d16003baa22c2cb2942d2cbdf WHIRLPOOL 44e14dacdd258c46201a44c2c6aae4d975b960a914c24e49f2b39dae960636512049daa052d3cd8e8d93819d263327c28eac947efdb5d9e240d1bc6e9964016f
AUX eblits/common.eblit 10936 SHA256 cca69d06b4bfef4a664036839ef168a113115ea7b262c2d368f9ae303cd8b831 SHA512 4478e91e6ffc251bff3b0af8383e47e38cff279c0ffa93b53d718bcf52920b6f9ba10953366fc0dccfcb031a405bf6e7db6ae9b127f6723eb2f2cdc02031c995 WHIRLPOOL 40122db079318762f5218eff87c08726db9c851cce00ec069739f891dbaafea04417cff992291e07af96dee1e3d3b369a6d1491b7cf85540eda34aa23e10b799
AUX eblits/pkg_postinst.eblit 971 SHA256 abcb925bb0730d1eae22bbcee7a4ba6523280390f410f38bfdf9eb44e0280000 SHA512 65e577c77a9a488c5e93ccd4afa325ab7e3904df594c13fda17136c8aa2748fa4e6d0102f4799b4ac9b8c3bea9920faadc4db356ece9929ee708bbfa9151dfc2 WHIRLPOOL fb3cdfb702b0ce616064f94321b9225a53b300f76d95495098b6c97eb3ab1650ea2d323eae169bb8d1fd8795134aacb5c54ba6927fe743b01f124aec416b15a0
AUX eblits/pkg_preinst.eblit 2076 SHA256 1d2f3107f463baf916378ea1b6079ef4d03983e1dc01fb7ce551f94c457992b8 SHA512 78fde8ac1338029c7e66ac592044ad797fa7771dfdb8ed21ab681bb3ce5d9778a960b8606cdb7d35f6ace0188d0053dfab29a9e31b1d0051a2f2170c9449d368 WHIRLPOOL 474b8e6883dccd735808bd4f8c0cf42b619c01c2c55a80c2eeff4bdf4716cd706c834bed2a919350fc339f0b8b61c8ba94c342df5736332f32b40ba3155075b6
AUX eblits/pkg_pretend.eblit 4991 SHA256 bf6471db95d844a2707d7abd0082c1c9ff37b11352b960cf8ad2a204f3b7c6db SHA512 5754f3d3ab2e2a4b597228fb8ba3c3831eb89f9bf5ab6b8eac59e2253c87e1fa42cf3fbf775ee5fa1f115e70efdc5325e115d65e37a3bc7894473d3d07394929 WHIRLPOOL 5eb7d48c2732698ffffbc52feb6c4753bed1b172d931747e90b8f13c436c347725c09d15210179b3b26d2a87a4132a5eb7c7ee356c2ecbd77e368e3ff0b0a61f
AUX eblits/pkg_setup.eblit 275 SHA256 c5de97dc69d3508555ac579e14ead694a75edf4707c1749219677ebee88ca9ab SHA512 627740976e372842b09034b79f61f5cb5d8283f47c94cfe66b2aa1517c901df0bf3b456f1ba26a9ddc0aa0215190d0415ed4f881cc950d163d8203a0e6bba2a9 WHIRLPOOL 16ef3155b35671311443f4c231c1867d12731035aa603dedb6e86eabdc1501c67183474a26bb06048e12c19ac3bda054fdb8a107792a3dddb743b6dc7d447339
AUX eblits/src_compile.eblit 598 SHA256 3b90a6f44d307b92cee36fdd91d412bdb9fcbab555e6c6bf8174c8e3f29137ca SHA512 ee216aa3bb13f75313d141459acb47523442addf12a6bb8d829ca40eda4f63324911a13ff0ae90fe6eed1fbe0058c89308a2205c5357a0e1897a89573fea2f51 WHIRLPOOL 3bfc5406e794ee9ee4005e97aa2d40a82d77de090c72767d6b43be6993048536b4f2442bf6864157d036e7ea3fce6ba6537a97cd2afee04c61f9e98e1adc3c00
AUX eblits/src_configure.eblit 8218 SHA256 0d279bf1a1f72335d31843d5558f8f5602368eb840a5a107d93ef914e381b45a SHA512 097e5e44108c32571bde23c7c5fba500d6f6e7959e0c2088bcaadc8bdd817f03a0038d1c08c5c746ed756a09e5d015dc506c7f0bd7f7837bddf16d8aabd54216 WHIRLPOOL 818b0559d1949dad4d2e69399b9f88fb883fdf69e4be77796c5850a0a8b13fe22697d4adeea5d10ff40dc1f9391d72242c7de37bb1f0047cd655aa6ea8d9c38f
AUX eblits/src_install.eblit 7814 SHA256 8d64a4a031263dd7c3e7ba710a5dbe51fa7004b9795fefdab55f7db273f5e89f SHA512 fb9fc62103e1803509f5910b71eb28398258433762b930c93cccb7578756599739714c41077a2d0fd81c78e8fd14fd30b384a2c141d8df801507414531062551 WHIRLPOOL 4634ef7da02f35d461027a4d5bd27bd4e888805de0713b577ac47eb1161048f929e1c52e38fc4ad8da333a2198877b82962416edfb30bbaafb9055fb658a6226
AUX eblits/src_prepare.eblit 2234 SHA256 ba76d31b6a4cafbf9d580bc337d88d44a706b201a5799d2e32aed50251bb703d SHA512 8b57a852e357e143d4b4c72c620d28bf3937c017a71b1760a7b7d5c684c5d2a41488a16b5f666487a9b5efe3b1cfa7b3b067dec1e832e6139455c61c62f2fafe WHIRLPOOL 98bca56b92abc78fa717d74c7aa37eafacd8674093638653e37f85fffc09da6abe8c0923bc735606ed56862f79daf26a88573c719fc04961025951dd88967995
AUX eblits/src_test.eblit 698 SHA256 96b044ef9a27c2591b2a440b45bd89989022d0b41c546ce4dcea58a631315bf4 SHA512 0a46dddf53ccbfaab3f85ba7d2e8f202b4d5be98052601686592eca0ec115de29d8cb1f324ba12dcb77f3a8d4bbb39032532042b8adf809a772ebcc845b1a152 WHIRLPOOL 42af8b97859789b52a5a0c100ba109d8c3dd47532ef3f0b764c95b7a61be9d293d99de25e601dacd840c0a4cc921740b5acc2a3567b5aa3ae8ac6f88430ccf04
AUX eblits/src_unpack.eblit 3096 SHA256 f0934fe81278797a0625fde2518f5bdf8531c75443ed3dc6ba7d18aa751cb235 SHA512 6fb32f854920ac4c0df5d60d334f4b9376b05d9b2df7d1bfac979acc3d7c282846fcce36c9816558ee75db030c3551b95f2ff26e53ea166adf97a2ae5db55abf WHIRLPOOL cee004cf4967f0b073f56ef5bbc67e56981f109400622f70cfba51ce120115f4c25ee7696a5b9baf7b22080d01d038ea936d5c342d65b7331b3801510a509123
AUX nscd 1527 SHA256 70a809ba34959aa9622bda95299e7391d14d84fad8b3cf5012e2284b6324b6cc SHA512 d25cd0696e4ab2c33fbfe4adeb2f7f9ebe6b77f78d8b4aa79e88aaec21e7aa9c26de724ad0aed5e3e994a8c96bbfa759c48eee99b442f0e4ab9b2c62d177549b WHIRLPOOL 2edef69a468325ac30f8b3f9ea3082f9fc69d887f775f5bed96fc1135bbb675ce1a797a898ce9f744d5d0c3fc0f2156edbca0e39134f08a2d8f41ef3513bf3c6
AUX nscd.service 337 SHA256 de7bc9946309d34f0ab44aa22a4d3cf259fe91c57e8000d741cb09ecd3a6caa0 SHA512 2001100f3b054843c69b6fd2d38852c7c824282aa8998c25a3c0352db993705429d25c70d8ce6cb3579f836b7089644c520acac423ebd69cb1b36e94a77c5bea WHIRLPOOL f01d191971b0dc45f541c9ebaaa1a40f3497e2cc838cff6a20a7b1828d726c248abbd94322a5a5ff30c33ddb7d9086cd4d2ba3bdc1811fed59ff292ef3983a72
AUX nscd.tmpfilesd 111 SHA256 f0f64c4612d2097173854d2ec2e94ecbf4b77c7a6e94d950874e37346aa90d72 SHA512 53b80b331e1a85d8ee16eb2ce547a7249e944926c3d1cdd4a47a5301a5c842ffc7ec1e3dc0a731542a8facf8261c1c57121802d01741aa89898a3476c09da340 WHIRLPOOL cf1fed1a7e2ac1623a84f1cfa2062645afe3f791da2f4ace3859d12aa05df0e282b4c2e367a460015956ac2a8d01fee4cda84917a3adf2c38561dff200335270
AUX nsswitch.conf 401 SHA256 bcafb75d99fc101c9877642ee43a87fe417c164e4ef6562e9c033a5639d30d5c SHA512 e7969cd8ad611ac267cfe10e21bc63fb640910e0c0b82d6da76944ce6a7535d585a369bad62c6b6139f38d67403cb77938606af990350b7395bdbf8e1bfa7b34 WHIRLPOOL 97c713070be7890382663d2c70572794db4008298b342d9044b450f8d841afd01bb848f3e300bc745b17fb7d7b082aa094aecadbc185060115da04f05e4bd2c7
DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f
DIST glibc-2.17-patches-8.tar.bz2 83707 SHA256 477946a4915dcd0cc0565ff8532d219e2ee868f6e821ea71ce579652d01ccbb3 SHA512 6675357e62b554d9d0f8ef70341b8038f8f89591fba384bc3783ef81aead0532486e2218af71da9c6f88a3b8b382edec81bed36eb636ee231eac80e111acbfd8 WHIRLPOOL 946f431b28ec60cc61d44364187f64a2d6e92ed7c9071126cf70277843c656de4dfac9f184f572f9a72c0cb452d879cdb7aca5b9f92f8ff02a8b1a521fffef43
DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23
DIST glibc-2.18-patches-4.tar.bz2 95165 SHA256 89b458e22db60847b4ad869e3b5cf32868528b8d73205a692a6c0d07779dd083 SHA512 d881c9c5fe32b967694d4ca5185ff5ffc964449f2ed49fd062e5d57a3c6d9f16eef2f591d2d8e98a1a95a6487f3436ef031839ed8766fd085404b288340b7933 WHIRLPOOL 55f87d0efce1f84b45968f377e868c31102cb5228fe4ff1ffa132770f242f9f4f1843c28e4eb38ee7bed1321507ae12b7284a18199af63df1ecd070233d1076f
DIST glibc-2.18.tar.xz 11150148 SHA256 2cb4e1e381928f1e5e55e71ab1ba8e0ea7ede75ff9709770435bfd018ea257a3 SHA512 27218d2e7dd3bf3908d7af171c490933680e958c579ebd27b43b661e223fd5de2219cc1cf699170405280808c84de476d0ad86dbba35a488ef404e9438552327 WHIRLPOOL 89b877c7db602ffd4374c7fb84db17397b91f889a7de6259f79374cc3fcd00613114cbb93feb518ef25fb2e579fb03843df15d17235c1fe1b6a7e0e64aa8e8fa
DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3
DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6
DIST glibc-2.20-patches-5.tar.bz2 55986 SHA256 3d3eec9ac9b5d0530f9e05614f4646d64ff93a48865b42c156990bea69247cda SHA512 409f59a028127e02f0c9f91107715b540d8d234475830adc17108a02664be232098d119b43bcc8df9b328ab50c1fffb0868d510e6487ce1c34ec2c7c7a78375b WHIRLPOOL b3c41b01af5d8ae8e901ac48ae124e13ff1c76fbeb35315cb9630c648c03d7abbfb753294cbdfe1dc939bda260e24d8450ffb19cfe5c255b32f8c5500f2c43f3
DIST glibc-2.20.tar.xz 12283992 SHA256 f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5 SHA512 7a8eea8b71d3ccba766c3f304cab61055446d451ef063309476b26dc40d880562dc33b1b68fbedeedb4b55b84c26415b9202311aaa71ef8c141b6849a814d2fa WHIRLPOOL 042f74d75c62a655ae35348c9cd0bed0845ab199e37a76635eb74c04ed927b5eca77723c38d2dc46f12fca62c1004001887b43946a914b079ad22f6a9cc8daaa
DIST glibc-2.21-patches-7.tar.bz2 46894 SHA256 49126df6f4b819f2c315cca0a07e9b8ee7e279257148506d336ccfef5766bbcb SHA512 e4cca3d753c0b9d213c0ed85e3d08cbbf6517862b3a48af987e010abaf5a022b47330040ced183d30b5b934de7587e97b4342e51a6df3d5cfa768bdd8b43b756 WHIRLPOOL b5f4bffdcaf629d735e7498f509bf2130acb18194b18e69747bb6c3e403b221f2163eea3770bb19c05253d7134f70ed4657d7c30c5978f7b5571a3482f9521ad
DIST glibc-2.21.tar.xz 12322092 SHA256 aeeb362437965a5d3f40b151094ca79def04a115bd363fdd4a9a0c69482923b8 SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d WHIRLPOOL d07fec32bd92eade065a3b6170932b8bd41d07df4aa69dd5a860ebb9678c22bd1e20bf88b1fc05c3ecc18e709c0a63118e12525dc668e0399d7ef7fe4454702d
DIST glibc-2.22-patches-13.tar.bz2 74479 SHA256 ffd1e0f9a41be030e5ce2518d9e84a1fbaa9a4fb2e96f1b85dafb05fea666c86 SHA512 73517fc1502b0733d67ade1d1ba6168415f5da64f37045fac0b10ef57155bf6dfbe1876e4742d2543fcea0c935c179426f6fbb94f0205968392ef903d2f83897 WHIRLPOOL 0eeedaf09eb42e5186256dd41aae00cd2b9b8e3ab929a792e83d0fd8e8a8630d829f01b293588bf59e105eb17ab512416d8d115c3e542cddc34a84b84d56af3d
DIST glibc-2.22.tar.xz 12969072 SHA256 eb731406903befef1d8f878a46be75ef862b9056ab0cde1626d08a7a05328948 SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b WHIRLPOOL f7e707b3776fc197a2e7bf5633721925507237b154bbc1f94b9fc303c87e6fc039ff0758da6ee55b4c1a0daaa87c6e594a6c96e7b00a7ba8ae98ee29918709a7
DIST glibc-2.23-patches-4.tar.bz2 230533 SHA256 5b64a9b30778be79fac8a8c7e2ec7ebb077e136c85d79996ae3d725189d236a4 SHA512 af140a13bbc28070bfec26e041ce562b1cc091d312a82f385becb3ab87ee882d8ea10ac4ec6dcf86f154857527a3383782d46141016047338cebc7c393329cf3 WHIRLPOOL ca7be788c64428bd2bd6e41eee5345ff85dc9ee0987af55f60104a9f03e3019b8fa6a933ba785d3b1b27540c2485160d50499049985271227c07b094db649de3
DIST glibc-2.23-patches-6.tar.bz2 311773 SHA256 d3fbc6068bb7bb92a5e4c8fc30d5c70c203a64bcb33b5578de7639400e1a56d9 SHA512 681b5ee139be9f2daf286a42df3a811b44330ee1a24dd539c4510b13cd51698884be3799b1ad85d4f67ed143e821156c442c25735481052a59b5d8a3b4449d75 WHIRLPOOL 36d69a3e88b5d162311686ee0a4b5d7856a98f9a6e5955514c3c642b855773bbb9b5753c5c95eb0d749798c5c485bb1ea57db7c72164cf3b8561b16ca1a082c9
DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71
DIST glibc-2.24-patches-2.tar.bz2 50398 SHA256 1fff0752826b8ab08d6fa115caf2c7fbd3ec2ceffd6c7002499828d8722d546b SHA512 a4c48ebfcf49df0110a43c6afc97be7b3432593b9c4a5aec1b053b69dbca01ee2493584bdd957970e28a9b7e8542ff67cd656150034fbc0b318f2c4295745222 WHIRLPOOL 0fda6d4d936b3598d9026fa1ce2b86833f341919f5c9bd66d95e1a0a5a3e1517d48bb599d48e7bb68e65f6fd439204f57cf678e1984722d5f83faf8083029110
DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb
EBUILD glibc-2.17.ebuild 6859 SHA256 14a43d5fee65d2fcb296f899adb834595c3ca0be01dc132c42186a14502a1a01 SHA512 d126c7e2ce87383b4ee747c3f7f62deecd13a2648aded4fcb9899a44205dfd2a617c7a5a356b433812782de3b362bf6d399a2d274b2d805af22dbf14b91ad287 WHIRLPOOL 165b12fee5cbacc644e6495a297b77705e35e9cc8044d4d4a2fd4c3f15473bc168663ee106cdc4d38bbdfe5fd0d3d2534727dc2bff8560c1b87a98a1eab65b67
EBUILD glibc-2.18-r1.ebuild 6920 SHA256 5d8647c1b1b6e5def5c5692232f1655c76f60ba643a763b0c1328783d5e03130 SHA512 4e96c0303db04e082a48bcbb72674f4f907b601ad8cc0c12dcd34cf67309890cfc42ced882bc4ab5ed45e8ca86dd795b901a833e202d417dd98720cd03770c2b WHIRLPOOL c44eaba3e2725a319995ff152c2ace177aa236bcaa6f56ef8d2eeb9fb64de3ef41b6d3886b38983601bcafecc931f6d6cc12d425fc367dd0378e09008a24bca5
EBUILD glibc-2.19-r1.ebuild 6878 SHA256 b9787f2b1a512aef86ccee41a24b4741bf8a44c42a52489ef29cdd327f7b3ac2 SHA512 abd0c6f17d1158a96b981de37b34dfc7c7b257a7be0e57031f7ec8202beb85543149a3ac4447d4896ab00411a9a3dc0e547832422261289fbffccea201644bf1 WHIRLPOOL 38e472de0c38c7557e376a1b4a8b0c087f2ba6500a790c9ddb63b8a84665276a93a1f36f966368b6623faed7d4c2b9003aaa6293c288659bd90faab328485e3d
EBUILD glibc-2.20-r2.ebuild 6441 SHA256 e6e29f8ef84d2cfca0a08c01a31fc0759dbfea2c5039d56fc1de7b1869b0d891 SHA512 0841339e986f804d093f8604445421ac4032e18b233fa9dc911db00e512f43908fa9351e5baa86d790e9e2b6d9c1e4dbae111f5a48853878b11e749cbc0eb872 WHIRLPOOL 15f62b665c72c6e63ce9ea59a277edfcb94aeebe1fe130c8149ceb79f5da353d96296905def88b4959cb2a6bf4aa3fbda0015cd4dd06dd8ccdea8e5d52e81272
EBUILD glibc-2.21-r2.ebuild 6416 SHA256 384d2c5c88508723052045afce51fed8716b79020033fe160f182af483dfd94f SHA512 ac0de01cbc63c6017e78277de38bb3ef22ec8bf2e16630492d5956976d8920a9f381efce3a86aaa24332dd54421c1e028cccfd0d86b9b9e59ea2d2d5a9a98e90 WHIRLPOOL 01ec17ed723a6747208c90f4656c6e3362157041db8094b8fcc744d6b11c97019eeda5e89fc4dfe95ec8dbf11b46c35979bf4b54d974122b15caf54caca0771f
EBUILD glibc-2.22-r4.ebuild 6468 SHA256 2d21ac88202655384de0dfb6c6b7dcc82d60eaa0c30b9443caf97f2d33cec0d6 SHA512 be923f64331cb3241948c8c1be6295fe6305ede10976af6be04d19556e4db2038446a5456df4ef031a48c6832beb87e8d60423e40389cff75b0032fd12b92898 WHIRLPOOL 8c84ce37c2733e79a5b2cac4ab9833b263fe06da9650c778493b86d174c6c7773753065a63d02c021e40bef3ced37f8af0090c91e214c709dcf1b0a4b3565f1e
EBUILD glibc-2.23-r1.ebuild 6638 SHA256 b3840fbc9f5d0dff20d26b9029d359be5fc3fa27c5ccf33b9e5ef7009a3bae59 SHA512 d97580a4d829abb3449a6c1652df318d501b494ff69c6eb1503b7d5cb1ad3519f6cbbba87b898cb8652a58a852da6c599b5d1a67e6930f9f44f261578f0aefd4 WHIRLPOOL fde770d176d15d27fa8c8819d6769d1dfceda21bbc0249629ffbbf0bea1756055d4e0b5173c9aa87f3508647a0b264a9d1573b5ffcab259ed105ccf62d2f554b
EBUILD glibc-2.23-r2.ebuild 6722 SHA256 51b30178b14a83c8c8e80f8ea373c09951307e450263936ebdb8b509cb0a0d7d SHA512 24c286a14e6cec196b28af470133b6daa4a34592672bd7cec56a0bf870826b2f5c982d27f53f9fa706afef40651c832f320bbec700fe738ebe6e2d7a14d9dceb WHIRLPOOL f1b700e7f58359c23188259409a1ccae779b9410e3eb8b25ebd9252bc05560b1a7a36447ac669bb938d096febe18fc86e53f16697a6089bfc9d7c5f9189c1e23
EBUILD glibc-2.23-r3.ebuild 6362 SHA256 982ac3570ed3fdd7a8a577f8845bf3e178c3b9ff988cde8c04ef6d3109b48272 SHA512 07afcd70154275f0f1a4a93f8b9839542444407582a4f9c9a9781dfa28e2b2e3aa0cd9c7575f632a3e3091f9a5c852fa40243aecd255bdce12791151c6c9b699 WHIRLPOOL 1754ded0b59c2a9b9d901048566b9853c42c3ed60e7b91353b86259a695b45bcf89b928363bd5f032aa00ff0c9f790d574491a4172abf6e2b38d28a5e31a5838
EBUILD glibc-2.24.ebuild 6356 SHA256 6c545c26ffe3d898246d8aef535ba4198d72d35ae04084871459001531fe2032 SHA512 11d45082c72c6d6200be2f27b982a9cb24ab16cc9c9b692eb3e3256851ddfa039f5031231f838e1866dbfae9ffadb238af919dcdf4cebe4c98ace60a2f4b513e WHIRLPOOL b0d97882b369340d7d0afba81fc5042a107bfe5726368eb423619addd738adf0cf4f4ec2bcd34341c80402ff4560dd803756c2750e5ac65102850685241c0416
EBUILD glibc-9999.ebuild 6030 SHA256 c57d4e0feee6aaf0f45087283396e30e7b9f5c9a9e9a906c79354733cb2ff7f8 SHA512 17fe2e11acfd4108f13e92bcae9ea520b408c05a863a5a120852161d80bf24a7a23bbf6bdecb2fee7dbc879ce2a0b15d1a84a3392e7c5c78b45fbbded271d7af WHIRLPOOL 34652ada3a7ee1a28b75680beb794eb4b1ce0f0a4bad6747e712c19126806531f17c15be6ddd0fbe03cd9f45935bff34457fce369a4a96dfe9c4a534cce0f759
MISC ChangeLog 16580 SHA256 9398220053063cba5d6a7509ed250e68e07a4ff0645e023dca860428856def02 SHA512 2f792f51773aae46eceba82bfd714f743a10b79d978859046a91e64b5225cf8bf93cd487db6ecb92de17e6e128025482ba9a6a09e1d59b769c0fd123486f4392 WHIRLPOOL 90c88069052764091d2f1aa71aa333134e8a18f741d4da9c76e0f23894b47484eb586961e6cbc361a7482641f73e8b2ef5c82fc75ff43bc39127cd7c440308fc
MISC ChangeLog-2007 108548 SHA256 d622be202eb0d61a363b0ae4065012cd1d494fefaa0c03d4aa7986177cdde6d0 SHA512 fdb3f311a3be4b97a6acfceb1763af5ea69e74d8195522c5d03307f75e15a9382991e9e29dbfdec79e74f1c36328f82648768749bc929e5050ff64b628c7ca98 WHIRLPOOL e550f354394569069e000a7e70ec69c94388a0f415c19b427203f0dcbcbeeec0f5e379ee2af7886cd2d68559e749fab8122e7e077985729d7e0e728ae9096d7a
MISC ChangeLog-2015 77895 SHA256 d7c16b77521b14a7e1c148f1ad699128e4fcf7caf41a77b46844508ba68acf15 SHA512 1a7fee53e1ec55d0b16b949543b01ad6f429f74293cb6ed730f05a3ddfc4a21fdaf7ee80c0c839d456587a207780ccfefdaf68a236989db5129ffba30c77ff5e WHIRLPOOL 48d46ac586309e415b7d669598c330062afd6fcb2668600d5c62e234d5ab8c3dfd2e81d4f528689efb6d5fb5e2ca5e24c68a4c58be52e1c336127d63224e18fd
MISC metadata.xml 921 SHA256 c01e0edef8cd5db7d721a3abfba19365507f1cb35df4d62b048468fe49b543f7 SHA512 5d4ecf57cf80cbda0dea361d7996ec5df384eee928c07e8e37e25e0ff82577144878492a49b318000b10f51c1ad03b950db7ee5d74e46e96e688b2fcdccfb66a WHIRLPOOL 7024db2e0a3ea6269c9d4158b966c0fda46eee5c7787a7e99b90cfb366ec816843e8849b9390aaec37af05eb530445fa12e0b70dc75ce16277c10c4234d231df

View File

@ -0,0 +1,315 @@
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP and FORTIFY handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
* Magnus Granberg <zorry[@]ume.nu>
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <bp-checks.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by chk_fail
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": buffer overflow attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __chk_fail(void)
{
__hardened_gentoo_chk_fail(NULL, 0);
}

View File

@ -0,0 +1,30 @@
Prevent default-fPIE from confusing configure into thinking
PIC code is default. This causes glibc to build both PIC and
non-PIC code as normal, which on the hardened compiler generates
PIC and PIE.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu>
--- configure.in
+++ configure.in
@@ -2145,7 +2145,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
--- configure
+++ configure
@@ -7698,7 +7698,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
libc_cv_pic_default=no
fi
rm -f conftest.*

View File

@ -0,0 +1,274 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_NOSYSENTER is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
--- csu/libc-start.c
+++ csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -129,6 +130,11 @@
# endif
_dl_aux_init (auxvec);
# endif
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- csu/libc-tls.c
+++ csu/libc-tls.c
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
+#include <sysdep.h>
#ifdef SHARED
@@ -29,6 +30,9 @@
#error makefile bug, this file is for static only
#endif
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
extern ElfW(Phdr) *_dl_phdr;
extern size_t _dl_phnum;
@@ -141,14 +145,26 @@
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
+# else
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+# endif
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# else
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# endif
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
--- misc/sbrk.c
+++ misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used
+ via dynamic loading in a statically linked program update
+ __curbrk from the kernel's brk value. That way two separate
+ instances of __brk and __sbrk can share the heap, returning
+ interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
void *
__sbrk (intptr_t increment)
{
--- sysdeps/unix/sysv/linux/i386/brk.c
+++ sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,30 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ * if the SYSENTER version requires the TLS (which it does on i386).
+ * Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void *__unbounded newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
+ __ptrvalue (addr));
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
int
__brk (void *addr)
{
--- sysdeps/unix/sysv/linux/i386/sysdep.h
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +495,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"

View File

@ -0,0 +1,42 @@
2012-11-11 Magnus Granberg <zorry@gentoo.org>
#442712
* Makeconfig (+link): Set to +link-pie.
(+link-static-before-libc): Change $(static-start-installed-name) to
S$(static-start-installed-name).
(+prector): Set to +prectorS.
(+postctor): Set to +postctorS.
--- libc/Makeconfig
+++ libc/Makeconfig
@@ -447,11 +447,12 @@
$(common-objpfx)libc% $(+postinit),$^) \
$(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
endif
++link = $(+link-pie)
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
$(+preinit) $(+prectorT) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
@@ -549,11 +550,10 @@
ifeq ($(elf),yes)
+preinit = $(addprefix $(csu-objpfx),crti.o)
+postinit = $(addprefix $(csu-objpfx),crtn.o)
-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
-# Variants of the two previous definitions for linking PIE programs.
+prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
++prector = $(+prectorS)
++postctor = $(+postctorS)
# Variants of the two previous definitions for statically linking programs.
+prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
+postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+interp = $(addprefix $(elf-objpfx),interp.os)
endif
csu-objpfx = $(common-objpfx)csu/

View File

@ -0,0 +1,314 @@
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP and FORTIFY handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
* Magnus Granberg <zorry[@]ume.nu>
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by chk_fail
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": buffer overflow attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __chk_fail(void)
{
__hardened_gentoo_chk_fail(NULL, 0);
}

View File

@ -0,0 +1,322 @@
/* Copyright (C) 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
*/
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": stack smashing attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** stack smashing detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __stack_chk_fail(void)
{
__hardened_gentoo_stack_chk_fail(NULL, 0);
}
#ifdef ENABLE_OLD_SSP_COMPAT
__attribute__ ((__noreturn__))
void __stack_smash_handler(char func[], int damaged)
{
__hardened_gentoo_stack_chk_fail(func, damaged);
}
#endif

View File

@ -0,0 +1,277 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_NOSYSENTER is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
--- csu/libc-start.c
+++ csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char
GL(dl_phnum) = __ehdr_start.e_phnum;
}
}
-
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- csu/libc-tls.c
+++ csu/libc-tls.c
@@ -22,14 +22,17 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
-
+#include <sysdep.h>
#ifdef SHARED
#error makefile bug, this file is for static only
#endif
-dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
static struct
{
@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
+# else
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+#endif
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+# else
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+#endif
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
--- misc/sbrk.c
+++ misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used
+ via dynamic loading in a statically linked program update
+ __curbrk from the kernel's brk value. That way two separate
+ instances of __brk and __sbrk can share the heap, returning
+ interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
void *
__sbrk (intptr_t increment)
{
--- sysdeps/unix/sysv/linux/i386/brk.c
+++ sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,29 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ * if the SYSENTER version requires the TLS (which it does on i386).
+ * Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void * newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr);
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
int
__brk (void *addr)
{
--- sysdeps/unix/sysv/linux/i386/sysdep.h
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# if defined SHARED || defined __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +495,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"

View File

@ -0,0 +1,30 @@
Prevent default-fPIE from confusing configure into thinking
PIC code is default. This causes glibc to build both PIC and
non-PIC code as normal, which on the hardened compiler generates
PIC and PIE.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu>
--- configure.ac
+++ configure.ac
@@ -2145,7 +2145,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
libc_cv_pic_default=no
fi
rm -f conftest.*])
--- configure
+++ configure
@@ -7698,7 +7698,7 @@
# error PIC is default.
#endif
EOF
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
libc_cv_pic_default=no
fi
rm -f conftest.*

View File

@ -0,0 +1,32 @@
https://bugs.gentoo.org/503838
http://gcc.gnu.org/PR60465
https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html
https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html
newer versions of gcc generate relocations in the elf_get_dynamic_info func
which glibc relies on to populate some info structs. those structs are then
used by ldso to process relocations in itself. glibc requires that there are
no relocations until that point (*after* elf_get_dynamic_info), so we end up
crashing during elf_get_dynamic_info because the relocation has not yet been
processed.
this hack shuffles the code in a way that tricks gcc into not generating the
relocation. we need to figure out something better for upstream.
--- a/elf/get-dynamic-info.h
+++ b/elf/get-dynamic-info.h
@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
+ DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn;
else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn;
+ {
+ d_tag_utype i =
+ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
+ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM;
+ info[i] = dyn;
+ }
++dyn;
}

View File

@ -0,0 +1,299 @@
/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
Copyright (C) 2006-2014 Gentoo Foundation Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Hardened Gentoo SSP and FORTIFY handler
A failure handler that does not use functions from the rest of glibc;
it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
possibility of recursion into the handler.
Direct all bug reports to http://bugs.gentoo.org/
People who have contributed significantly to the evolution of this file:
Ned Ludd - <solar[@]gentoo.org>
Alexander Gabert - <pappy[@]gentoo.org>
The PaX Team - <pageexec[@]freemail.hu>
Peter S. Mazinger - <ps.m[@]gmx.net>
Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
Robert Connolly - <robert[@]linuxfromscratch.org>
Cory Visi <cory[@]visi.name>
Mike Frysinger <vapier[@]gentoo.org>
Magnus Granberg <zorry[@]gentoo.org>
Kevin F. Quinn - <kevquinn[@]gentoo.org>
*/
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static const char *__progname = "<ldso>";
#else
extern const char *__progname;
#endif
#ifdef GENTOO_SSP_HANDLER
# define ERROR_MSG "stack smashing"
#else
# define ERROR_MSG "buffer overflow"
#endif
/* Common handler code, used by chk_fail
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__, __always_inline__))
static inline void
__hardened_gentoo_fail(void)
{
#define MESSAGE_BUFSIZ 512
static pid_t pid;
static int plen, i, hlen;
static char message[MESSAGE_BUFSIZ];
/* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
static const char msg_terminated[] = " terminated; ";
static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address */
sock.sun_family = AF_UNIX;
i = 0;
while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
sock.sun_path[i] = path_log[i];
++i;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
({ \
i = 0; \
while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
message[plen + i] = str[i]; \
++i; \
} \
plen += i; \
})
/* Tersely log the failure */
plen = 0;
strconcat(msg_header);
hlen = plen;
strconcat(msg_ssd);
if (__progname != NULL)
strconcat(__progname);
else
strconcat(msg_unknown);
strconcat(msg_terminated);
strconcat(msg_report);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
if (connect_result != -1) {
INLINE_SYSCALL(write, 3, log_socket, message, plen);
INLINE_SYSCALL(close, 1, log_socket);
}
/* Time to kill self since we have no idea what is going on */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
/* Remove any user-supplied handler for SIGABRT, before using it. */
#if 0
/*
* Note: Disabled because some programs catch & process their
* own crashes. We've already enabled this code path which
* means we want to let core dumps happen.
*/
static struct sigaction default_abort_act;
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
#endif
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* SIGKILL is only signal which cannot be caught */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway.
* The loop prevents gcc thinking this routine returns.
*/
while (1)
INLINE_SYSCALL(exit, 1, 137);
}
__attribute__ ((__noreturn__))
#ifdef GENTOO_SSP_HANDLER
void __stack_chk_fail(void)
#else
void __chk_fail(void)
#endif
{
__hardened_gentoo_fail();
}

View File

@ -0,0 +1,2 @@
#define GENTOO_SSP_HANDLER
#include <debug/chk_fail.c>

View File

@ -0,0 +1,306 @@
When building glibc PIE (which is not something upstream support),
several modifications are necessary to the glibc build process.
First, any syscalls in PIEs must be of the PIC variant, otherwise
textrels ensue. Then, any syscalls made before the initialisation
of the TLS will fail on i386, as the sysenter variant on i386 uses
the TLS, giving rise to a chicken-and-egg situation. This patch
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
version is normally used, and uses the non-sysenter version for the brk
syscall that is performed by the TLS initialisation. Further, the TLS
initialisation is moved in this case prior to the initialisation of
dl_osversion, as that requires further syscalls.
csu/libc-start.c: Move initial TLS initialization to before the
initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
csu/libc-tls.c: Use the no-sysenter version of sbrk when
INTERNAL_SYSCALL_PRE_TLS is defined.
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
misc/brk.c: Define a no-sysenter version of brk if
INTERNAL_SYSCALL_PRE_TLS is defined.
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
--- a/csu/libc-start.c
+++ b/csu/libc-start.c
@@ -28,6 +28,7 @@
extern int __libc_multiple_libcs;
#include <tls.h>
+#include <sysdep.h>
#ifndef SHARED
# include <dl-osinfo.h>
extern void __pthread_initialize_minimal (void);
@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
}
}
+# ifdef INTERNAL_SYSCALL_PRE_TLS
+ /* Do the initial TLS initialization before _dl_osversion,
+ since the latter uses the uname syscall. */
+ __pthread_initialize_minimal ();
+# endif
# ifdef DL_SYSDEP_OSCHECK
if (!__libc_multiple_libcs)
{
@@ -138,10 +144,12 @@
}
# endif
+# ifndef INTERNAL_SYSCALL_PRE_TLS
/* Initialize the thread library at least a bit since the libgcc
functions are using thread functions if these are available and
we need to setup errno. */
__pthread_initialize_minimal ();
+# endif
/* Set up the stack checker's canary. */
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
--- a/csu/libc-tls.c
+++ b/csu/libc-tls.c
@@ -22,12 +22,17 @@
#include <unistd.h>
#include <stdio.h>
#include <sys/param.h>
+#include <sysdep.h>
#ifdef SHARED
#error makefile bug, this file is for static only
#endif
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+extern void *__sbrk_nosysenter (intptr_t __delta);
+#endif
+
dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
The initialized value of _dl_tls_static_size is provided by dl-open.c
to request some surplus that permits dynamic loading of modules with
- IE-model TLS. */
+ IE-model TLS.
+
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
+ use the special non-sysenter version instead. */
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+# define __sbrk __sbrk_nosysenter
+#endif
#if TLS_TCB_AT_TP
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
#elif TLS_DTV_AT_TP
tcb_offset = roundup (tcbsize, align ?: 1);
tlsblock = __sbrk (tcb_offset + memsz + max_align
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
tlsblock += TLS_PRE_TCB_SIZE;
#else
/* In case a model with a different layout for the TCB and DTV
is defined add another #elif here and in the following #ifs. */
# error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
#endif
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+# undef __sbrk
+#endif
/* Align the TLS block. */
tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
--- a/misc/sbrk.c
+++ b/misc/sbrk.c
@@ -18,6 +18,7 @@
#include <errno.h>
#include <stdint.h>
#include <unistd.h>
+#include <sysdep.h>
/* Defined in brk.c. */
extern void *__curbrk;
@@ -29,6 +30,35 @@
/* Extend the process's data space by INCREMENT.
If INCREMENT is negative, shrink data space by - INCREMENT.
Return start of new space allocated, or -1 for errors. */
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+extern int __brk_nosysenter (void *addr);
+void *
+__sbrk_nosysenter (intptr_t increment)
+{
+ void *oldbrk;
+
+ /* If this is not part of the dynamic library or the library is used via
+ dynamic loading in a statically linked program update __curbrk from the
+ kernel's brk value. That way two separate instances of __brk and __sbrk
+ can share the heap, returning interleaved pieces of it. */
+ if (__curbrk == NULL || __libc_multiple_libcs)
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
+ return (void *) -1;
+
+ if (increment == 0)
+ return __curbrk;
+
+ oldbrk = __curbrk;
+ if (__brk_nosysenter (oldbrk + increment) < 0)
+ return (void *) -1;
+
+ return oldbrk;
+}
+#endif
+
void *
__sbrk (intptr_t increment)
{
--- a/sysdeps/unix/sysv/linux/i386/brk.c
+++ b/sysdeps/unix/sysv/linux/i386/brk.c
@@ -31,6 +31,30 @@
linker. */
weak_alias (__curbrk, ___brk_addr)
+#ifdef INTERNAL_SYSCALL_PRE_TLS
+/* This version is used by csu/libc-tls.c whem initialising the TLS
+ if the SYSENTER version requires the TLS (which it does on i386).
+ Obviously using the TLS before it is initialised is broken. */
+int
+__brk_nosysenter (void *addr)
+{
+ void *newbrk;
+
+ INTERNAL_SYSCALL_DECL (err);
+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
+
+ __curbrk = newbrk;
+
+ if (newbrk < addr)
+ {
+ __set_errno (ENOMEM);
+ return -1;
+ }
+
+ return 0;
+}
+#endif
+
int
__brk (void *addr)
{
--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
@@ -187,7 +187,7 @@
/* The original calling convention for system calls on Linux/i386 is
to use int $0x80. */
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# ifdef __PIC__
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
# else
# define ENTER_KERNEL call *_dl_sysinfo
@@ -358,7 +358,7 @@
possible to use more than four parameters. */
#undef INTERNAL_SYSCALL
#ifdef I386_USE_SYSENTER
-# ifdef SHARED
+# ifdef __PIC__
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
register unsigned int resultvar; \
@@ -384,6 +384,18 @@
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
ASMFMT_##nr(args) : "memory", "cc"); \
(int) resultvar; })
+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+ EXTRAVAR_##nr \
+ asm volatile ( \
+ LOADARGS_NOSYSENTER_##nr \
+ "movl %1, %%eax\n\t" \
+ "int $0x80\n\t" \
+ RESTOREARGS_NOSYSENTER_##nr \
+ : "=a" (resultvar) \
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
# else
# define INTERNAL_SYSCALL(name, err, nr, args...) \
({ \
@@ -447,12 +459,20 @@
#define LOADARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && defined __PIC__
# define LOADARGS_1 \
"bpushl .L__X'%k3, %k3\n\t"
# define LOADARGS_5 \
"movl %%ebx, %4\n\t" \
"movl %3, %%ebx\n\t"
+# define LOADARGS_NOSYSENTER_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
+# define LOADARGS_NOSYSENTER_5 \
+ "movl %%ebx, %3\n\t" \
+ "movl %2, %%ebx\n\t"
# else
# define LOADARGS_1 \
"bpushl .L__X'%k2, %k2\n\t"
@@ -474,11 +494,18 @@
#define RESTOREARGS_0
#ifdef __PIC__
-# if defined I386_USE_SYSENTER && defined SHARED
+# if defined I386_USE_SYSENTER && defined __PIC__
# define RESTOREARGS_1 \
"bpopl .L__X'%k3, %k3\n\t"
# define RESTOREARGS_5 \
"movl %4, %%ebx"
+# define RESTOREARGS_NOSYSENTER_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
+# define RESTOREARGS_NOSYSENTER_5 \
+ "movl %3, %%ebx"
# else
# define RESTOREARGS_1 \
"bpopl .L__X'%k2, %k2\n\t"
--- a/sysdeps/i386/nptl/tls.h
+++ b/sysdeps/i386/nptl/tls.h
@@ -189,6 +189,15 @@
desc->vals[3] = 0x51;
}
+/* We have no sysenter until the tls is initialized which is a
+ problem for PIC. Thus we need to do the right call depending
+ on the situation. */
+#ifndef INTERNAL_SYSCALL_PRE_TLS
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
+#else
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
+#endif
+
/* Code to initially initialize the thread pointer. This might need
special attention since 'errno' is not yet available and if the
operation can cause a failure 'errno' must not be touched. */
@@ -209,7 +218,7 @@
\
/* Install the TLS. */ \
INTERNAL_SYSCALL_DECL (err); \
- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
\
if (_result == 0) \
/* We know the index in the GDT, now load the segment register. \

View File

@ -0,0 +1,321 @@
/* Copyright (C) 2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, write to the Free
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA. */
/* Copyright (C) 2006-2007 Gentoo Foundation Inc.
* License terms as above.
*
* Hardened Gentoo SSP handler
*
* An SSP failure handler that does not use functions from the rest of
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
* no possibility of recursion into the handler.
*
* Direct all bug reports to http://bugs.gentoo.org/
*
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
*
* The following people contributed to the glibc-2.3 Hardened
* Gentoo SSP handler, from which this implementation draws much:
*
* Ned Ludd - <solar[@]gentoo.org>
* Alexander Gabert - <pappy[@]gentoo.org>
* The PaX Team - <pageexec[@]freemail.hu>
* Peter S. Mazinger - <ps.m[@]gmx.net>
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
* Robert Connolly - <robert[@]linuxfromscratch.org>
* Cory Visi <cory[@]visi.name>
* Mike Frysinger <vapier[@]gentoo.org>
*/
#include <errno.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sysdep-cancel.h>
#include <sys/syscall.h>
#include <bp-checks.h>
#include <kernel-features.h>
#include <alloca.h>
/* from sysdeps */
#include <socketcall.h>
/* for the stuff in bits/socket.h */
#include <sys/socket.h>
#include <sys/un.h>
/* Sanity check on SYSCALL macro names - force compilation
* failure if the names used here do not exist
*/
#if !defined __NR_socketcall && !defined __NR_socket
# error Cannot do syscall socket or socketcall
#endif
#if !defined __NR_socketcall && !defined __NR_connect
# error Cannot do syscall connect or socketcall
#endif
#ifndef __NR_write
# error Cannot do syscall write
#endif
#ifndef __NR_close
# error Cannot do syscall close
#endif
#ifndef __NR_getpid
# error Cannot do syscall getpid
#endif
#ifndef __NR_kill
# error Cannot do syscall kill
#endif
#ifndef __NR_exit
# error Cannot do syscall exit
#endif
#ifdef SSP_SMASH_DUMPS_CORE
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
# if !defined _KERNEL_NSIG && !defined _NSIG
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
# endif
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
# error Cannot do syscall sigaction or rt_sigaction
# endif
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
* some reason.
*/
# ifdef _KERNEL_NSIG
# define _SSP_NSIG _KERNEL_NSIG
# else
# define _SSP_NSIG _NSIG
# endif
#else
# define _SSP_NSIG 0
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
#endif
/* Define DO_SIGACTION - default to newer rt signal interface but
* fallback to old as needed.
*/
#ifdef __NR_rt_sigaction
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
#else
# define DO_SIGACTION(signum, act, oldact) \
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
#endif
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
#if defined(__NR_socket) && defined(__NR_connect)
# define USE_OLD_SOCKETCALL 0
#else
# define USE_OLD_SOCKETCALL 1
#endif
/* stub out the __NR_'s so we can let gcc optimize away dead code */
#ifndef __NR_socketcall
# define __NR_socketcall 0
#endif
#ifndef __NR_socket
# define __NR_socket 0
#endif
#ifndef __NR_connect
# define __NR_connect 0
#endif
#define DO_SOCKET(result, domain, type, protocol) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = domain; \
socketargs[1] = type; \
socketargs[2] = protocol; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
} else \
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
} while (0)
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
do { \
if (USE_OLD_SOCKETCALL) { \
socketargs[0] = sockfd; \
socketargs[1] = (unsigned long int)serv_addr; \
socketargs[2] = addrlen; \
socketargs[3] = 0; \
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
} else \
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
} while (0)
#ifndef _PATH_LOG
# define _PATH_LOG "/dev/log"
#endif
static const char path_log[] = _PATH_LOG;
/* For building glibc with SSP switched on, define __progname to a
* constant if building for the run-time loader, to avoid pulling
* in more of libc.so into ld.so
*/
#ifdef IS_IN_rtld
static char *__progname = "<rtld>";
#else
extern char *__progname;
#endif
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
* Inlined to ensure no self-references to the handler within itself.
* Data static to avoid putting more than necessary on the stack,
* to aid core debugging.
*/
__attribute__ ((__noreturn__ , __always_inline__))
static inline void
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
{
#define MESSAGE_BUFSIZ 256
static pid_t pid;
static int plen, i;
static char message[MESSAGE_BUFSIZ];
static const char msg_ssa[] = ": stack smashing attack";
static const char msg_inf[] = " in function ";
static const char msg_ssd[] = "*** stack smashing detected ***: ";
static const char msg_terminated[] = " - terminated\n";
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
static const char msg_unknown[] = "<unknown>";
static int log_socket, connect_result;
static struct sockaddr_un sock;
static unsigned long int socketargs[4];
/* Build socket address
*/
sock.sun_family = AF_UNIX;
i = 0;
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
sock.sun_path[i] = path_log[i];
i++;
}
sock.sun_path[i] = '\0';
/* Try SOCK_DGRAM connection to syslog */
connect_result = -1;
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
if (connect_result == -1) {
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Try SOCK_STREAM connection to syslog */
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
if (log_socket != -1)
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
}
/* Build message. Messages are generated both in the old style and new style,
* so that log watchers that are configured for the old-style message continue
* to work.
*/
#define strconcat(str) \
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
{\
message[plen+i]=str[i];\
i++;\
}\
plen+=i;}
/* R.Henderson post-gcc-4 style message */
plen = 0;
strconcat(msg_ssd);
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Dr. Etoh pre-gcc-4 style message */
plen = 0;
if (__progname != (char *)0)
strconcat(__progname)
else
strconcat(msg_unknown);
strconcat(msg_ssa);
strconcat(msg_inf);
if (func != NULL)
strconcat(func)
else
strconcat(msg_unknown);
strconcat(msg_terminated);
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
/* Direct reports to bugs.gentoo.org */
plen=0;
strconcat(msg_report);
message[plen++]='\0';
/* Write out error message to STDERR, to syslog if open */
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
if (connect_result != -1)
INLINE_SYSCALL(write, 3, log_socket, message, plen);
if (log_socket != -1)
INLINE_SYSCALL(close, 1, log_socket);
/* Suicide */
pid = INLINE_SYSCALL(getpid, 0);
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
static struct sigaction default_abort_act;
/* Remove any user-supplied handler for SIGABRT, before using it */
default_abort_act.sa_handler = SIG_DFL;
default_abort_act.sa_sigaction = NULL;
__sigfillset(&default_abort_act.sa_mask);
default_abort_act.sa_flags = 0;
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
}
/* Note; actions cannot be added to SIGKILL */
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
/* In case the kill didn't work, exit anyway
* The loop prevents gcc thinking this routine returns
*/
while (1)
INLINE_SYSCALL(exit, 0);
}
__attribute__ ((__noreturn__))
void __stack_chk_fail(void)
{
__hardened_gentoo_stack_chk_fail(NULL, 0);
}
#ifdef ENABLE_OLD_SSP_COMPAT
__attribute__ ((__noreturn__))
void __stack_smash_handler(char func[], int damaged)
{
__hardened_gentoo_stack_chk_fail(func, damaged);
}
#endif

View File

@ -0,0 +1,381 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
alt_prefix() {
is_crosscompile && echo /usr/${CTARGET}
}
if [[ ${EAPI:-0} == [012] ]] ; then
: ${ED:=${D}}
: ${EROOT:=${ROOT}}
fi
# This indirection is for binpkgs. #523332
_nonfatal() { nonfatal "$@" ; }
if [[ ${EAPI:-0} == [0123] ]] ; then
nonfatal() { "$@" ; }
_nonfatal() { "$@" ; }
fi
# We need to be able to set alternative headers for
# compiling for non-native platform
# Will also become useful for testing kernel-headers without screwing up
# the whole system.
# note: intentionally undocumented.
alt_headers() {
echo ${ALT_HEADERS:=$(alt_prefix)/usr/include}
}
alt_build_headers() {
if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)"
if tc-is-cross-compiler ; then
ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers)
if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then
local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h')
ALT_BUILD_HEADERS=${header_path%/linux/version.h}
fi
fi
fi
echo "${ALT_BUILD_HEADERS}"
}
alt_libdir() {
echo $(alt_prefix)/$(get_libdir)
}
alt_usrlibdir() {
echo $(alt_prefix)/usr/$(get_libdir)
}
builddir() {
echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1"
}
setup_target_flags() {
# This largely mucks with compiler flags. None of which should matter
# when building up just the headers.
just_headers && return 0
case $(tc-arch) in
x86)
# -march needed for #185404 #199334
# TODO: When creating the first glibc cross-compile, this test will
# always fail as it does a full link which in turn requires glibc.
# Probably also applies when changing multilib profile settings (e.g.
# enabling x86 when the profile was amd64-only previously).
# We could change main to _start and pass -nostdlib here so that we
# only test the gcc code compilation. Or we could do a compile and
# then look for the symbol via scanelf.
if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
local t=${CTARGET_OPT:-${CTARGET}}
t=${t%%-*}
filter-flags '-march=*'
export CFLAGS="-march=${t} ${CFLAGS}"
einfo "Auto adding -march=${t} to CFLAGS #185404"
fi
;;
amd64)
# -march needed for #185404 #199334
# Note: This test only matters when the x86 ABI is enabled, so we could
# optimize a bit and elide it.
# TODO: See cross-compile issues listed above for x86.
if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
local t=${CTARGET_OPT:-${CTARGET}}
t=${t%%-*}
# Normally the target is x86_64-xxx, so turn that into the -march that
# gcc actually accepts. #528708
[[ ${t} == "x86_64" ]] && t="x86-64"
filter-flags '-march=*'
# ugly, ugly, ugly. ugly.
CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}")
export CFLAGS_x86="${CFLAGS_x86} -march=${t}"
einfo "Auto adding -march=${t} to CFLAGS_x86 #185404"
fi
;;
mips)
# The mips abi cannot support the GNU style hashes. #233233
filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both
;;
ppc)
append-flags "-freorder-blocks"
;;
sparc)
# Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though.
filter-flags "-fcall-used-g7"
append-flags "-fcall-used-g6"
# If the CHOST is the basic one (e.g. not sparcv9-xxx already),
# try to pick a better one so glibc can use cpu-specific .S files.
# We key off the CFLAGS to get a good value. Also need to handle
# version skew.
# We can't force users to set their CHOST to their exact machine
# as many of these are not recognized by config.sub/gcc and such :(.
# Note: If the mcpu values don't scale, we might try probing CPP defines.
# Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ?
local cpu
case ${CTARGET} in
sparc64-*)
case $(get-flag mcpu) in
niagara[234])
if version_is_at_least 2.8 ; then
cpu="sparc64v2"
elif version_is_at_least 2.4 ; then
cpu="sparc64v"
elif version_is_at_least 2.2.3 ; then
cpu="sparc64b"
fi
;;
niagara)
if version_is_at_least 2.4 ; then
cpu="sparc64v"
elif version_is_at_least 2.2.3 ; then
cpu="sparc64b"
fi
;;
ultrasparc3)
cpu="sparc64b"
;;
*)
# We need to force at least v9a because the base build doesn't
# work with just v9.
# https://sourceware.org/bugzilla/show_bug.cgi?id=19477
[[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a"
;;
esac
;;
sparc-*)
case $(get-flag mcpu) in
niagara[234])
if version_is_at_least 2.8 ; then
cpu="sparcv9v2"
elif version_is_at_least 2.4 ; then
cpu="sparcv9v"
elif version_is_at_least 2.2.3 ; then
cpu="sparcv9b"
else
cpu="sparcv9"
fi
;;
niagara)
if version_is_at_least 2.4 ; then
cpu="sparcv9v"
elif version_is_at_least 2.2.3 ; then
cpu="sparcv9b"
else
cpu="sparcv9"
fi
;;
ultrasparc3)
cpu="sparcv9b"
;;
v9|ultrasparc)
cpu="sparcv9"
;;
v8|supersparc|hypersparc|leon|leon3)
cpu="sparcv8"
;;
esac
;;
esac
[[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}"
;;
esac
}
setup_flags() {
# Make sure host make.conf doesn't pollute us
if is_crosscompile || tc-is-cross-compiler ; then
CHOST=${CTARGET} strip-unsupported-flags
fi
# Store our CFLAGS because it's changed depending on which CTARGET
# we are building when pulling glibc on a multilib profile
CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
CFLAGS=${CFLAGS_BASE}
CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
CXXFLAGS=${CXXFLAGS_BASE}
ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
ASFLAGS=${ASFLAGS_BASE}
# Over-zealous CFLAGS can often cause problems. What may work for one
# person may not work for another. To avoid a large influx of bugs
# relating to failed builds, we strip most CFLAGS out to ensure as few
# problems as possible.
strip-flags
strip-unsupported-flags
filter-flags -m32 -m64 -mabi=*
# Bug 492892.
filter-flags -frecord-gcc-switches
unset CBUILD_OPT CTARGET_OPT
if use multilib ; then
CTARGET_OPT=$(get_abi_CTARGET)
[[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
fi
setup_target_flags
if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
CBUILD_OPT=${CTARGET_OPT}
fi
# Lock glibc at -O2 -- linuxthreads needs it and we want to be
# conservative here. -fno-strict-aliasing is to work around #155906
filter-flags -O?
append-flags -O2 -fno-strict-aliasing -fno-builtin-strlen
# Can't build glibc itself with fortify code. Newer versions add
# this flag for us, so no need to do it manually.
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
# building glibc with SSP is fraught with difficulty, especially
# due to __stack_chk_fail_local which would mean significant changes
# to the glibc build process. See bug #94325 #293721
# Note we have to handle both user-given CFLAGS and gcc defaults via
# spec rules here. We can't simply add -fno-stack-protector as it gets
# added before user flags, and we can't just filter-flags because
# _filter_hardened doesn't support globs.
filter-flags -fstack-protector*
gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
if use hardened && gcc-specs-pie ; then
# Force PIC macro definition for all compilations since they're all
# either -fPIC or -fPIE with the default-PIE compiler.
append-cppflags -DPIC
else
# Don't build -fPIE without the default-PIE compiler and the
# hardened-pie patch
filter-flags -fPIE
fi
}
want_nptl() {
[[ -z ${LT_VER} ]] && return 0
want_tls || return 1
use nptl || return 1
# Older versions of glibc had incomplete arch support for nptl.
# But if you're building those now, you can handle USE=nptl yourself.
return 0
}
want_linuxthreads() {
[[ -z ${LT_VER} ]] && return 1
use linuxthreads
}
want_tls() {
# Archs that can use TLS (Thread Local Storage)
case $(tc-arch) in
x86)
# requires i486 or better #106556
[[ ${CTARGET} == i[4567]86* ]] && return 0
return 1
;;
esac
return 0
}
want__thread() {
want_tls || return 1
# For some reason --with-tls --with__thread is causing segfaults on sparc32.
[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
[[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
# only test gcc -- cant test linking yet
tc-has-tls -c ${CTARGET}
WANT__THREAD=$?
return ${WANT__THREAD}
}
use_multiarch() {
# Make sure binutils is new enough to support indirect functions #336792
# This funky sed supports gold and bfd linkers.
local bver nver
bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}')
case $(tc-arch ${CTARGET}) in
amd64|x86) nver="2.20" ;;
arm) nver="2.22" ;;
hppa) nver="2.23" ;;
ppc|ppc64) nver="2.20" ;;
# ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24.
s390) nver="2.24" ;;
sparc) nver="2.21" ;;
*) return 1 ;;
esac
version_is_at_least ${nver} ${bver}
}
# Setup toolchain variables that had historically
# been defined in the profiles for these archs.
setup_env() {
# silly users
unset LD_RUN_PATH
unset LD_ASSUME_KERNEL
if is_crosscompile || tc-is-cross-compiler ; then
multilib_env ${CTARGET_OPT:-${CTARGET}}
if ! use multilib ; then
MULTILIB_ABIS=${DEFAULT_ABI}
else
MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
fi
# If the user has CFLAGS_<CTARGET> in their make.conf, use that,
# and fall back on CFLAGS.
local VAR=CFLAGS_${CTARGET//[-.]/_}
CFLAGS=${!VAR-${CFLAGS}}
fi
setup_flags
export ABI=${ABI:-${DEFAULT_ABI:-default}}
local VAR=CFLAGS_${ABI}
# We need to export CFLAGS with abi information in them because glibc's
# configure script checks CFLAGS for some targets (like mips). Keep
# around the original clean value to avoid appending multiple ABIs on
# top of each other.
: ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})}
export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}"
}
foreach_abi() {
setup_env
local ret=0
local abilist=""
if use multilib ; then
abilist=$(get_install_abis)
else
abilist=${DEFAULT_ABI}
fi
evar_push ABI
export ABI
for ABI in ${abilist:-default} ; do
setup_env
einfo "Running $1 for ABI ${ABI}"
$1
: $(( ret |= $? ))
done
evar_pop
return ${ret}
}
just_headers() {
is_crosscompile && use crosscompile_opts_headers-only
}
glibc_banner() {
local b="Gentoo ${PVR}"
[[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}"
[[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}"
[[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}"
echo "${b}"
}

View File

@ -0,0 +1,27 @@
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
eblit-glibc-pkg_postinst() {
# nothing to do if just installing headers
just_headers && return
if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then
# Generate fastloading iconv module configuration file.
"${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
fi
if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
# Reload init ... if in a chroot or a diff init package, ignore
# errors from this step #253697
/sbin/telinit U 2>/dev/null
# if the host locales.gen contains no entries, we'll install everything
local locale_list="${EROOT}etc/locale.gen"
if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
locale_list="${EROOT}usr/share/i18n/SUPPORTED"
fi
locale-gen -j $(makeopts_jobs) --config "${locale_list}"
fi
}

View File

@ -0,0 +1,63 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
# Simple test to make sure our new glibc isnt completely broken.
# Make sure we don't test with statically built binaries since
# they will fail. Also, skip if this glibc is a cross compiler.
#
# If coreutils is built with USE=multicall, some of these files
# will just be wrapper scripts, not actual ELFs we can test.
glibc_sanity_check() {
cd / #228809
# We enter ${ED} so to avoid trouble if the path contains
# special characters; for instance if the path contains the
# colon character (:), then the linker will try to split it
# and look for the libraries in an unexpected place. This can
# lead to unsafe code execution if the generated prefix is
# within a world-writable directory.
# (e.g. /var/tmp/portage:${HOSTNAME})
pushd "${ED}"/$(get_libdir) >/dev/null
local x striptest
for x in cal date env free ls true uname uptime ; do
x=$(type -p ${x})
[[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue
striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue
case ${striptest} in
*"statically linked"*) continue;;
*"ASCII text"*) continue;;
esac
# We need to clear the locale settings as the upgrade might want
# incompatible locale data. This test is not for verifying that.
LC_ALL=C \
./ld-*.so --library-path . ${x} > /dev/null \
|| die "simple run test (${x}) failed"
done
popd >/dev/null
}
eblit-glibc-pkg_preinst() {
# nothing to do if just installing headers
just_headers && return
# prepare /etc/ld.so.conf.d/ for files
mkdir -p "${EROOT}"/etc/ld.so.conf.d
# Default /etc/hosts.conf:multi to on for systems with small dbs.
if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then
sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf
elog "Defaulting /etc/host.conf:multi to on"
fi
[[ ${ROOT} != "/" ]] && return 0
[[ -d ${ED}/$(get_libdir) ]] || return 0
glibc_sanity_check
# For newer EAPIs, this was run in pkg_pretend.
if [[ ${EAPI:-0} == [0123] ]] ; then
check_devpts
fi
}

View File

@ -0,0 +1,157 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
glibc_compile_test() {
local ret save_cflags=${CFLAGS}
CFLAGS+=" $1"
shift
pushd "${T}" >/dev/null
rm -f glibc-test*
printf '%b' "$*" > glibc-test.c
_nonfatal emake -s glibc-test
ret=$?
popd >/dev/null
CFLAGS=${save_cflags}
return ${ret}
}
glibc_run_test() {
local ret
if [[ ${EMERGE_FROM} == "binary" ]] ; then
# ignore build failures when installing a binary package #324685
glibc_compile_test "" "$@" 2>/dev/null || return 0
else
if ! glibc_compile_test "" "$@" ; then
ewarn "Simple build failed ... assuming this is desired #324685"
return 0
fi
fi
pushd "${T}" >/dev/null
./glibc-test
ret=$?
rm -f glibc-test*
popd >/dev/null
return ${ret}
}
check_devpts() {
# Make sure devpts is mounted correctly for use w/out setuid pt_chown.
# If merely building the binary package, then there's nothing to verify.
[[ ${MERGE_TYPE} == "buildonly" ]] && return
# Only sanity check when installing the native glibc.
[[ ${ROOT} != "/" ]] && return
# Older versions always installed setuid, so no need to check.
in_iuse suid || return
# If they're opting in to the old suid code, then no need to check.
use suid && return
if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then
eerror "In order to use glibc with USE=-suid, you must make sure that"
eerror "you have devpts mounted at /dev/pts with the gid=5 option."
eerror "Openrc should do this for you, so you should check /etc/fstab"
eerror "and make sure you do not have any invalid settings there."
# Do not die on older kernels as devpts did not export these settings #489520.
if version_is_at_least 2.6.25 $(uname -r) ; then
die "mount & fix your /dev/pts settings"
fi
fi
}
eblit-glibc-pkg_pretend() {
# For older EAPIs, this is run in pkg_preinst.
if [[ ${EAPI:-0} != [0123] ]] ; then
check_devpts
fi
# prevent native builds from downgrading ... maybe update to allow people
# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
if [[ ${MERGE_TYPE} != "buildonly" ]] && \
[[ ${ROOT} == "/" ]] && \
[[ ${CBUILD} == ${CHOST} ]] && \
[[ ${CHOST} == ${CTARGET} ]] ; then
if has_version '>'${CATEGORY}/${PF} ; then
eerror "Sanity check to keep you from breaking your system:"
eerror " Downgrading glibc is not supported and a sure way to destruction"
die "aborting to save your system"
fi
if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
then
eerror "Your patched vendor kernel is broken. You need to get an"
eerror "update from whoever is providing the kernel to you."
eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227"
eerror "http://bugs.gentoo.org/262698"
die "keeping your system alive, say thank you"
fi
if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
then
eerror "Your old kernel is broken. You need to update it to"
eerror "a newer version as syscall(<bignum>) will break."
eerror "http://bugs.gentoo.org/279260"
die "keeping your system alive, say thank you"
fi
fi
# users have had a chance to phase themselves, time to give em the boot
if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
eerror "You still haven't deleted ${EROOT}/etc/locales.build."
eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
die "lazy upgrader detected"
fi
if [[ ${CTARGET} == i386-* ]] ; then
eerror "i386 CHOSTs are no longer supported."
eerror "Chances are you don't actually want/need i386."
eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml"
die "please fix your CHOST"
fi
if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
ewarn "This will result in a 50% performance penalty when running with a 32bit"
ewarn "hypervisor, which is probably not what you want."
fi
use hardened && ! gcc-specs-pie && \
ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
# Make sure host system is up to date #394453
if has_version '<sys-libs/glibc-2.13' && \
[[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
then
ebegin "Scanning system for __guard to see if you need to rebuild first ..."
local files=$(
scanelf -qys__guard -F'#s%F' \
"${EROOT}"/*bin/ \
"${EROOT}"/lib* \
"${EROOT}"/usr/*bin/ \
"${EROOT}"/usr/lib* | \
egrep -v \
-e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
-e "^${EROOT}/sbin/(ldconfig|sln)$"
)
[[ -z ${files} ]]
if ! eend $? ; then
eerror "Your system still has old SSP __guard symbols. You need to"
eerror "rebuild all the packages that provide these files first:"
eerror "${files}"
die "old __guard detected"
fi
fi
}

View File

@ -0,0 +1,9 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit"
eblit-glibc-pkg_setup() {
[[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend
}

View File

@ -0,0 +1,24 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit"
toolchain-glibc_src_compile() {
local t
for t in linuxthreads nptl ; do
if want_${t} ; then
[[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t}
emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed"
fi
done
}
eblit-glibc-src_compile() {
if just_headers ; then
[[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure
return
fi
foreach_abi toolchain-glibc_src_compile
}

View File

@ -0,0 +1,274 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
dump_toolchain_settings() {
echo
einfo "$*"
local v
for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do
einfo " $(printf '%15s' ${v}:) ${!v}"
done
# The glibc configure script doesn't properly use LDFLAGS all the time.
export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}"
einfo " $(printf '%15s' 'Manual CC:') ${CC}"
echo
}
glibc_do_configure() {
# Glibc does not work with gold (for various reasons) #269274.
tc-ld-disable-gold
dump_toolchain_settings "Configuring glibc for $1"
local myconf=()
# set addons
pushd "${S}" > /dev/null
local addons=$(echo */configure | sed \
-e 's:/configure::g' \
-e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
-e 's: \+$::' \
-e 's! !,!g' \
-e 's!^!,!' \
-e '/^,\*$/d')
[[ -d ports ]] && addons+=",ports"
popd > /dev/null
myconf+=( $(use_enable hardened stackguard-randomization) )
if has_version '<sys-libs/glibc-2.13' ; then
myconf+=( --enable-old-ssp-compat )
fi
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
if [[ $1 == "linuxthreads" ]] ; then
if want_tls ; then
myconf+=( --with-tls )
if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then
myconf+=( --without-__thread )
else
myconf+=( --with-__thread )
fi
else
myconf+=( --without-tls --without-__thread )
fi
myconf+=( --disable-sanity-checks )
addons="linuxthreads${addons}"
myconf+=( --enable-kernel=${LT_KER_VER} )
elif [[ $1 == "nptl" ]] ; then
# Newer versions require nptl, so there is no addon for it.
version_is_at_least 2.20 || addons="nptl${addons}"
myconf+=( --enable-kernel=${NPTL_KERN_VER} )
else
die "invalid pthread option"
fi
myconf+=( --enable-add-ons="${addons#,}" )
# Since SELinux support is only required for nscd, only enable it if:
# 1. USE selinux
# 2. only for the primary ABI on multilib systems
# 3. Not a crosscompile
if ! is_crosscompile && use selinux ; then
if use multilib ; then
if is_final_abi ; then
myconf+=( --with-selinux )
else
myconf+=( --without-selinux )
fi
else
myconf+=( --with-selinux )
fi
else
myconf+=( --without-selinux )
fi
# Force a few tests where we always know the answer but
# configure is incapable of finding it.
if is_crosscompile ; then
export \
libc_cv_c_cleanup=yes \
libc_cv_forced_unwind=yes
fi
myconf+=(
--without-cvs
--disable-werror
--enable-bind-now
--build=${CBUILD_OPT:-${CBUILD}}
--host=${CTARGET_OPT:-${CTARGET}}
$(use_enable profile)
$(use_with gd)
--with-headers=$(alt_build_headers)
--prefix="${EPREFIX}/usr"
--sysconfdir="${EPREFIX}/etc"
--localstatedir="${EPREFIX}/var"
--libdir='$(prefix)'/$(get_libdir)
--mandir='$(prefix)'/share/man
--infodir='$(prefix)'/share/info
--libexecdir='$(libdir)'/misc/glibc
--with-bugurl=http://bugs.gentoo.org/
--with-pkgversion="$(glibc_banner)"
$(use_multiarch || echo --disable-multi-arch)
$(in_iuse rpc && use_enable rpc obsolete-rpc || echo --enable-obsolete-rpc)
$(in_iuse systemtap && use_enable systemtap)
$(in_iuse nscd && use_enable nscd)
${EXTRA_ECONF}
)
# We rely on sys-libs/timezone-data for timezone tools normally.
if version_is_at_least 2.23 ; then
myconf+=( $(use_enable vanilla timezone-tools) )
fi
# These libs don't have configure flags.
ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no)
ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no)
# There is no configure option for this and we need to export it
# since the glibc build will re-run configure on itself
export libc_cv_rootsbindir="${EPREFIX}/sbin"
export libc_cv_slibdir="${EPREFIX}/$(get_libdir)"
# We take care of patching our binutils to use both hash styles,
# and many people like to force gnu hash style only, so disable
# this overriding check. #347761
export libc_cv_hashstyle=no
# Overtime, generating info pages can be painful. So disable this for
# versions older than the latest stable to avoid the issue (this ver
# should be updated from time to time). #464394 #465816
if ! version_is_at_least 2.17 ; then
export ac_cv_prog_MAKEINFO=:
fi
local builddir=$(builddir "$1")
mkdir -p "${builddir}"
cd "${builddir}"
set -- "${S}"/configure "${myconf[@]}"
echo "$@"
"$@" || die "failed to configure glibc"
# ia64 static cross-compilers are a pita in so much that they
# can't produce static ELFs (as the libgcc.a is broken). so
# disable building of the programs for those targets if it
# doesn't work.
# XXX: We could turn this into a compiler test, but ia64 is
# the only one that matters, so this should be fine for now.
if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then
sed -i '1i+link-static = touch $@' config.make
fi
# If we're trying to migrate between ABI sets, we need
# to lie and use a local copy of gcc. Like if the system
# is built with MULTILIB_ABIS="amd64 x86" but we want to
# add x32 to it, gcc/glibc don't yet support x32.
if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then
echo 'main(){}' > "${T}"/test.c
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then
sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die
mkdir -p sunrpc
cp $(which rpcgen) sunrpc/cross-rpcgen || die
touch -t 202001010101 sunrpc/cross-rpcgen || die
fi
fi
}
toolchain-glibc_headers_configure() {
export ABI=default
local builddir=$(builddir "headers")
mkdir -p "${builddir}"
cd "${builddir}"
# if we don't have a compiler yet, we cant really test it now ...
# hopefully they don't affect header geneation, so let's hope for
# the best here ...
local v vars=(
ac_cv_header_cpuid_h=yes
libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes
libc_cv_asm_cfi_directives=yes
libc_cv_broken_visibility_attribute=no
libc_cv_c_cleanup=yes
libc_cv_forced_unwind=yes
libc_cv_gcc___thread=yes
libc_cv_mlong_double_128=yes
libc_cv_mlong_double_128ibm=yes
libc_cv_ppc_machine=yes
libc_cv_ppc_rel16=yes
libc_cv_predef_{fortify_source,stack_protector}=no
libc_cv_visibility_attribute=yes
libc_cv_z_combreloc=yes
libc_cv_z_execstack=yes
libc_cv_z_initfirst=yes
libc_cv_z_nodelete=yes
libc_cv_z_nodlopen=yes
libc_cv_z_relro=yes
libc_mips_abi=${ABI}
libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard)
# These libs don't have configure flags.
ac_cv_lib_audit_audit_log_user_avc_message=no
ac_cv_lib_cap_cap_init=no
)
einfo "Forcing cached settings:"
for v in "${vars[@]}" ; do
einfo " ${v}"
export ${v}
done
# Blow away some random CC settings that screw things up. #550192
if [[ -d ${S}/sysdeps/mips ]]; then
pushd "${S}"/sysdeps/mips >/dev/null
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die
popd >/dev/null
fi
local myconf=()
myconf+=(
--disable-sanity-checks
--enable-hacker-mode
--without-cvs
--disable-werror
--enable-bind-now
--build=${CBUILD_OPT:-${CBUILD}}
--host=${CTARGET_OPT:-${CTARGET}}
--with-headers=$(alt_build_headers)
--prefix="${EPREFIX}/usr"
${EXTRA_ECONF}
)
local addons
[[ -d ${S}/ports ]] && addons+=",ports"
# Newer versions require nptl, so there is no addon for it.
version_is_at_least 2.20 || addons+=",nptl"
myconf+=( --enable-add-ons="${addons#,}" )
# Nothing is compiled here which would affect the headers for the target.
# So forcing CC/CFLAGS is sane.
set -- "${S}"/configure "${myconf[@]}"
echo "$@"
CC="$(tc-getBUILD_CC)" \
CFLAGS="-O1 -pipe" \
CPPFLAGS="-U_FORTIFY_SOURCE" \
LDFLAGS="" \
"$@" || die "failed to configure glibc"
}
toolchain-glibc_src_configure() {
if just_headers ; then
toolchain-glibc_headers_configure
else
want_linuxthreads && glibc_do_configure linuxthreads
want_nptl && glibc_do_configure nptl
fi
}
eblit-glibc-src_configure() {
foreach_abi toolchain-glibc_src_configure
}

View File

@ -0,0 +1,244 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
toolchain-glibc_src_install() {
local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl))
cd "${builddir}"
emake install_root="${D}$(alt_prefix)" install || die
if want_linuxthreads && want_nptl ; then
einfo "Installing NPTL to $(alt_libdir)/tls/..."
cd "$(builddir nptl)"
dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
local l src_lib
for l in libc libm librt libpthread libthread_db ; do
# take care of shared lib first ...
l=${l}.so
if [[ -e ${l} ]] ; then
src_lib=${l}
else
src_lib=$(eval echo */${l})
fi
cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
fperms a+rx $(alt_libdir)/tls/${l}
dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
# then grab the linker script or the symlink ...
if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then
dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
else
sed \
-e "s:/${l}:/tls/${l}:g" \
-e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
"${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l}
fi
# then grab the static lib ...
src_lib=${src_lib/%.so/.a}
[[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
src_lib=${src_lib/%.a/_nonshared.a}
if [[ -e ${src_lib} ]] ; then
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
fi
done
# use the nptl linker instead of the linuxthreads one as the linuxthreads
# one may lack TLS support and that can be really bad for business
cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
fi
# We'll take care of the cache ourselves
rm -f "${ED}"/etc/ld.so.cache
# Everything past this point just needs to be done once ...
is_final_abi || return 0
# Make sure the non-native interp can be found on multilib systems even
# if the main library set isn't installed into the right place. Maybe
# we should query the active gcc for info instead of hardcoding it ?
local i ldso_abi ldso_name
local ldso_abi_list=(
# x86
amd64 /lib64/ld-linux-x86-64.so.2
x32 /libx32/ld-linux-x32.so.2
x86 /lib/ld-linux.so.2
# mips
o32 /lib/ld.so.1
n32 /lib32/ld.so.1
n64 /lib64/ld.so.1
# powerpc
ppc /lib/ld.so.1
ppc64 /lib64/ld64.so.1
# s390
s390 /lib/ld.so.1
s390x /lib/ld64.so.1
# sparc
sparc32 /lib/ld-linux.so.2
sparc64 /lib64/ld-linux.so.2
)
case $(tc-endian) in
little)
ldso_abi_list+=(
# arm
arm64 /lib/ld-linux-aarch64.so.1
)
;;
big)
ldso_abi_list+=(
# arm
arm64 /lib/ld-linux-aarch64_be.so.1
)
;;
esac
if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then
dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib
fi
for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do
ldso_abi=${ldso_abi_list[i]}
has ${ldso_abi} $(get_install_abis) || continue
ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}"
if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then
dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name}
fi
done
# With devpts under Linux mounted properly, we do not need the pt_chown
# binary to be setuid. This is because the default owners/perms will be
# exactly what we want.
if in_iuse suid && ! use suid ; then
find "${ED}" -name pt_chown -exec chmod -s {} +
fi
#################################################################
# EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
# Make sure we install some symlink hacks so that when we build
# a 2nd stage cross-compiler, gcc finds the target system
# headers correctly. See gcc/doc/gccinstall.info
if is_crosscompile ; then
# We need to make sure that /lib and /usr/lib always exists.
# gcc likes to use relative paths to get to its multilibs like
# /usr/lib/../lib64/. So while we don't install any files into
# /usr/lib/, we do need it to exist.
cd "${ED}"$(alt_libdir)/..
[[ -e lib ]] || mkdir lib
cd "${ED}"$(alt_usrlibdir)/..
[[ -e lib ]] || mkdir lib
dosym usr/include $(alt_prefix)/sys-include
return 0
fi
# Files for Debian-style locale updating
dodir /usr/share/i18n
sed \
-e "/^#/d" \
-e "/SUPPORTED-LOCALES=/d" \
-e "s: \\\\::g" -e "s:/: :g" \
"${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \
|| die "generating /usr/share/i18n/SUPPORTED failed"
cd "${WORKDIR}"/extra/locale
dosbin locale-gen || die
doman *.[0-8]
insinto /etc
doins locale.gen || die
# Make sure all the ABI's can find the locales and so we only
# have to generate one set
local a
keepdir /usr/$(get_libdir)/locale
for a in $(get_install_abis) ; do
if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
fi
done
cd "${S}"
# Install misc network config files
insinto /etc
doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die
doins "${WORKDIR}"/extra/etc/*.conf || die
if ! in_iuse nscd || use nscd ; then
doinitd "${WORKDIR}"/extra/etc/nscd || die
local nscd_args=(
-e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):"
)
version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' )
sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd
# Newer versions of glibc include the nscd.service themselves.
# TODO: Drop the $FILESDIR copy once 2.19 goes stable.
if version_is_at_least 2.19 ; then
systemd_dounit nscd/nscd.service || die
systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die
else
systemd_dounit "${FILESDIR}"/nscd.service || die
systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die
fi
else
# Do this since extra/etc/*.conf above might have nscd.conf.
rm -f "${ED}"/etc/nscd.conf
fi
echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc
doenvd "${T}"/00glibc || die
for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do
[[ -s ${d} ]] && dodoc ${d}
done
# Prevent overwriting of the /etc/localtime symlink. We'll handle the
# creation of the "factory" symlink in pkg_postinst().
rm -f "${ED}"/etc/localtime
}
toolchain-glibc_headers_install() {
local builddir=$(builddir "headers")
cd "${builddir}"
emake install_root="${D}$(alt_prefix)" install-headers || die
if ! version_is_at_least 2.16 ; then
insinto $(alt_headers)/bits
doins bits/stdio_lim.h || die
fi
insinto $(alt_headers)/gnu
doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
# Make sure we install the sys-include symlink so that when
# we build a 2nd stage cross-compiler, gcc finds the target
# system headers correctly. See gcc/doc/gccinstall.info
dosym usr/include $(alt_prefix)/sys-include
}
src_strip() {
# gdb is lame and requires some debugging information to remain in
# libpthread, so we need to strip it by hand. libthread_db makes no
# sense stripped as it is only used when debugging.
local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}")
env \
-uRESTRICT \
CHOST=${CTARGET} \
STRIP_MASK="/*/{,tls/}${pthread}*" \
prepallstrip
# if user has stripping enabled and does not have split debug turned on,
# then leave the debugging sections in libpthread.
if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then
${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so
fi
}
eblit-glibc-src_install() {
if just_headers ; then
export ABI=default
toolchain-glibc_headers_install
return
fi
foreach_abi toolchain-glibc_src_install
src_strip
}

View File

@ -0,0 +1,63 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
eblit-glibc-src_prepare() {
# XXX: We should do the branchupdate, before extracting the manpages and
# infopages else it does not help much (mtimes change if there is a change
# to them with branchupdate)
if [[ -n ${BRANCH_UPDATE} ]] ; then
epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
# Snapshot date patch
einfo "Patching version to display snapshot date ..."
sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
fi
# tag, glibc is it
if ! version_is_at_least 2.17 ; then
[[ -e csu/Banner ]] && die "need new banner location"
glibc_banner > csu/Banner
fi
if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then
EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \
EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
EPATCH_SUFFIX="patch" \
ARCH=$(tc-arch) \
epatch "${WORKDIR}"/patches
fi
if just_headers ; then
if [[ -e ports/sysdeps/mips/preconfigure ]] ; then
# mips peeps like to screw with us. if building headers,
# we don't have a real compiler, so we can't let them
# insert -mabi on us.
sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die
find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} +
fi
fi
epatch_user
gnuconfig_update
# Glibc is stupid sometimes, and doesn't realize that with a
# static C-Only gcc, -lgcc_eh doesn't exist.
# https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html
# https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
# But! Finally fixed in recent versions:
# https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html
if ! version_is_at_least 2.16 ; then
echo 'int main(){}' > "${T}"/gcc_eh_test.c
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
fi
fi
cd "${WORKDIR}"
find . -type f '(' -size 0 -o -name "*.orig" ')' -delete
find . -name configure -exec touch {} +
# Fix permissions on some of the scripts.
chmod u+x "${S}"/scripts/*.sh
}

View File

@ -0,0 +1,30 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
glibc_src_test() {
cd "$(builddir $1)"
nonfatal emake -j1 check && return 0
einfo "make check failed - re-running with --keep-going to get the rest of the results"
nonfatal emake -j1 -k check
ewarn "make check failed for ${ABI}-${CTARGET}-$1"
return 1
}
toolchain-glibc_src_test() {
local ret=0 t
for t in linuxthreads nptl ; do
if want_${t} ; then
glibc_src_test ${t}
: $(( ret |= $? ))
fi
done
return ${ret}
}
eblit-glibc-src_test() {
# Give tests more time to complete.
export TIMEOUTFACTOR=5
foreach_abi toolchain-glibc_src_test || die "tests failed"
}

View File

@ -0,0 +1,121 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit"
int_to_KV() {
local version=$1 major minor micro
major=$((version / 65536))
minor=$(((version % 65536) / 256))
micro=$((version % 256))
echo ${major}.${minor}.${micro}
}
eend_KV() {
[[ $(KV_to_int $1) -ge $(KV_to_int $2) ]]
eend $?
}
get_kheader_version() {
printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \
$(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \
tail -n 1
}
check_nptl_support() {
# don't care about the compiler here as we arent using it
just_headers && return
local run_kv build_kv want_kv
run_kv=$(int_to_KV $(get_KV))
build_kv=$(int_to_KV $(get_kheader_version))
want_kv=${NPTL_KERN_VER}
ebegin "Checking gcc for __thread support"
if ! eend $(want__thread ; echo $?) ; then
echo
eerror "Could not find a gcc that supports the __thread directive!"
eerror "Please update your binutils/gcc and try again."
die "No __thread support in gcc!"
fi
if ! is_crosscompile && ! tc-is-cross-compiler ; then
# Building fails on an non-supporting kernel
ebegin "Checking kernel version (${run_kv} >= ${want_kv})"
if ! eend_KV ${run_kv} ${want_kv} ; then
echo
eerror "You need a kernel of at least ${want_kv} for NPTL support!"
die "Kernel version too low!"
fi
fi
ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})"
if ! eend_KV ${build_kv} ${want_kv} ; then
echo
eerror "You need linux-headers of at least ${want_kv} for NPTL support!"
die "linux-headers version too low!"
fi
}
unpack_pkg() {
local a=${PN}
[[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}"
[[ -n $1 ]] && a="${a}-$1"
if [[ -n ${SNAP_VER} ]] ; then
a="${a}-${SNAP_VER}"
else
if [[ -n $2 ]] ; then
a="${a}-$2"
else
a="${a}-${RELEASE_VER}"
fi
fi
if has ${a}.tar.xz ${A} ; then
unpacker ${a}.tar.xz
else
unpack ${a}.tar.bz2
fi
[[ -n $1 ]] && { mv ${a} $1 || die ; }
}
toolchain-glibc_src_unpack() {
# Check NPTL support _before_ we unpack things to save some time
want_nptl && check_nptl_support
if [[ -n ${EGIT_REPO_URIS} ]] ; then
local i d
for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do
EGIT_REPO_URI=${EGIT_REPO_URIS[$i]}
EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]}
git-2_src_unpack
done
else
unpack_pkg
fi
cd "${S}"
touch locale/C-translit.h #185476 #218003
[[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER}
[[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER}
[[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn
if [[ -n ${PATCH_VER} ]] ; then
cd "${WORKDIR}"
unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
# pull out all the addons
local d
for d in extra/*/configure ; do
d=${d%/configure}
[[ -d ${S}/${d} ]] && die "${d} already exists in \${S}"
mv "${d}" "${S}" || die "moving ${d} failed"
done
fi
}
eblit-glibc-src_unpack() {
setup_env
toolchain-glibc_src_unpack
[[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare
}

64
sys-libs/glibc/files/nscd Normal file
View File

@ -0,0 +1,64 @@
#!/sbin/openrc-run
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
depend() {
use dns ldap net slapd
}
checkconfig() {
if [ ! -d /var/run/nscd ] ; then
mkdir -p /var/run/nscd
chmod 755 /var/run/nscd
fi
if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then
echo ""
ewarn "nscd run dir is not world readable, you should reset the perms:"
ewarn "chmod 755 /var/run/nscd"
ewarn "chmod a+rw /var/run/nscd/socket"
echo ""
ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd"
echo ""
fi
}
start() {
checkconfig
ebegin "Starting Name Service Cache Daemon"
local secure=`while read curline ; do
table=${curline%:*}
entries=${curline##$table:}
table=${table%%[^a-z]*}
case $table in
passwd*|group*|hosts)
for entry in $entries ; do
case $entry in
nisplus*)
/usr/sbin/nscd_nischeck $table || \
/echo "-S $table,yes"
;;
esac
done
;;
esac
done < /etc/nsswitch.conf`
local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)"
mkdir -p "$(dirname ${pidfile})"
save_options pidfile "${pidfile}"
start-stop-daemon --start --quiet \
--exec /usr/sbin/nscd --pidfile "${pidfile}" \
-- $secure
eend $?
}
stop() {
local pidfile="$(get_options pidfile)"
[ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}"
ebegin "Shutting down Name Service Cache Daemon"
start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile}
eend $?
}
# vim:ts=4

View File

@ -0,0 +1,15 @@
[Unit]
Description=Name Service Cache Daemon
After=network.target
[Service]
ExecStart=/usr/sbin/nscd -F
ExecStop=/usr/sbin/nscd --shutdown
ExecReload=/usr/sbin/nscd -i passwd
ExecReload=/usr/sbin/nscd -i group
ExecReload=/usr/sbin/nscd -i hosts
ExecReload=/usr/sbin/nscd -i services
Restart=always
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,4 @@
# Configuration to create /run/nscd directory
# Used as part of systemd's tmpfiles
d /run/nscd 0755 root root

View File

@ -0,0 +1,24 @@
# /etc/nsswitch.conf:
# $Id$
passwd: compat
shadow: compat
group: compat
# passwd: db files nis
# shadow: db files nis
# group: db files nis
hosts: files dns
networks: files dns
services: db files
protocols: db files
rpc: db files
ethers: db files
netmasks: files
netgroup: files
bootparams: files
automount: files
aliases: files

View File

@ -0,0 +1,210 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="8" # Gentoo patchset
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.20
>=${CATEGORY}/gcc-4.3
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.20
>=sys-devel/gcc-4.3
virtual/os-headers
!vanilla? ( >=sys-libs/timezone-data-2012c )"
RDEPEND+="
vanilla? ( !sys-libs/timezone-data )
!vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_unpack-post() {
if use hardened ; then
cd "${S}"
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
debug/stack_chk_fail.c || die
cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
debug/chk_fail.c || die
if use debug ; then
# When using Hardened Gentoo stack handler, have smashes dump core for
# analysis - debug only, as core could be an information leak
# (paranoia).
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug stack handler"
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug fortify handler"
fi
# Build nscd with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
nscd/Makefile \
|| die "Failed to ensure nscd builds with ssp-all"
fi
}
eblit-pkg_preinst-post() {
if [[ ${CTARGET} == arm* ]] ; then
# Backwards compat support for renaming hardfp ldsos #417287
local oldso='/lib/ld-linux.so.3'
local nldso='/lib/ld-linux-armhf.so.3'
if [[ -e ${D}${nldso} ]] ; then
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
ewarn "Please rebuild all packages using this old ldso as compat"
ewarn "support will be dropped in the future."
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
fi
fi
fi
}

View File

@ -0,0 +1,210 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="4" # Gentoo patchset
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.20
>=${CATEGORY}/gcc-4.3
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.20
>=sys-devel/gcc-4.3
virtual/os-headers
!vanilla? ( >=sys-libs/timezone-data-2012c )"
RDEPEND+="
vanilla? ( !sys-libs/timezone-data )
!vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-mips-add-clock_-g-s-ettime-symbol-compat-hacks.patch" #456912 #481438
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_unpack-post() {
if use hardened ; then
cd "${S}"
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \
debug/stack_chk_fail.c || die
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \
debug/chk_fail.c || die
if use debug ; then
# When using Hardened Gentoo stack handler, have smashes dump core for
# analysis - debug only, as core could be an information leak
# (paranoia).
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug stack handler"
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug fortify handler"
fi
# Build nscd with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
nscd/Makefile \
|| die "Failed to ensure nscd builds with ssp-all"
fi
}
eblit-pkg_preinst-post() {
if [[ ${CTARGET} == arm* ]] ; then
# Backwards compat support for renaming hardfp ldsos #417287
local oldso='/lib/ld-linux.so.3'
local nldso='/lib/ld-linux-armhf.so.3'
if [[ -e ${D}${nldso} ]] ; then
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
ewarn "Please rebuild all packages using this old ldso as compat"
ewarn "support will be dropped in the future."
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
fi
fi
fi
}

View File

@ -0,0 +1,212 @@
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="3" # Gentoo patchset
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.20
>=${CATEGORY}/gcc-4.3
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.20
>=sys-devel/gcc-4.3
virtual/os-headers
!vanilla? ( >=sys-libs/timezone-data-2012c )"
RDEPEND+="
vanilla? ( !sys-libs/timezone-data )
!vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_unpack-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch
epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \
debug/stack_chk_fail.c || die
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \
debug/chk_fail.c || die
if use debug ; then
# When using Hardened Gentoo stack handler, have smashes dump core for
# analysis - debug only, as core could be an information leak
# (paranoia).
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug stack handler"
sed -i \
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile \
|| die "Failed to modify debug/Makefile for debug fortify handler"
fi
# Build nscd with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
nscd/Makefile \
|| die "Failed to ensure nscd builds with ssp-all"
fi
}
eblit-pkg_preinst-post() {
if [[ ${CTARGET} == arm* ]] ; then
# Backwards compat support for renaming hardfp ldsos #417287
local oldso='/lib/ld-linux.so.3'
local nldso='/lib/ld-linux-armhf.so.3'
if [[ -e ${D}${nldso} ]] ; then
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
ewarn "Please rebuild all packages using this old ldso as compat"
ewarn "support will be dropped in the future."
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
fi
fi
fi
}

View File

@ -0,0 +1,198 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="5" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
sys-apps/gentoo-functions
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.4
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.4
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,198 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="7" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
sys-apps/gentoo-functions
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.6
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.6
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,197 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="13" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
DEPEND=">=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2
selinux? ( sys-libs/libselinux )"
RDEPEND="!sys-kernel/ps3-sources
sys-apps/gentoo-functions
selinux? ( sys-libs/libselinux )
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.6
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.6
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,205 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="4" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
COMMON_DEPEND="
nscd? ( selinux? (
audit? ( sys-process/audit )
caps? ( sys-libs/libcap )
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2"
RDEPEND="${COMMON_DEPEND}
!sys-kernel/ps3-sources
sys-apps/gentoo-functions
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.7
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,206 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="4" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
COMMON_DEPEND="
nscd? ( selinux? (
audit? ( sys-process/audit )
caps? ( sys-libs/libcap )
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2"
RDEPEND="${COMMON_DEPEND}
!sys-kernel/ps3-sources
sys-apps/gentoo-functions
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.7
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
GLIBC_PATCH_EXCLUDE+=" 00_all_0009-sys-types.h-drop-sys-sysmacros.h-include.patch"
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,202 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="6" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
COMMON_DEPEND="
nscd? ( selinux? (
audit? ( sys-process/audit )
caps? ( sys-libs/libcap )
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2"
RDEPEND="${COMMON_DEPEND}
!sys-kernel/ps3-sources
sys-apps/gentoo-functions
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.7
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,201 @@
# Copyright 1999-2016 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="2" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
COMMON_DEPEND="
nscd? ( selinux? (
audit? ( sys-process/audit )
caps? ( sys-libs/libcap )
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2"
RDEPEND="${COMMON_DEPEND}
!sys-kernel/ps3-sources
sys-apps/gentoo-functions
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.7
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_prepare-post() {
cd "${S}"
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
case $(gcc-fullversion) in
4.8.[0-3]|4.9.0)
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
die "need to switch compilers #547420"
;;
esac
}

View File

@ -0,0 +1,192 @@
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Id$
EAPI="4"
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
DESCRIPTION="GNU libc6 (also called glibc2) C library"
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
RESTRICT="strip" # strip ourself #46186
EMULTILIB_PKG="true"
# Configuration variables
RELEASE_VER=""
case ${PV} in
9999*)
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
EGIT_SOURCEDIRS="${S}"
inherit git-2
;;
*)
RELEASE_VER=${PV}
;;
esac
GCC_BOOTSTRAP_VER="4.7.3-r1"
PATCH_VER="" # Gentoo patchset
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
# Here's how the cross-compile logic breaks down ...
# CTARGET - machine that will target the binaries
# CHOST - machine that will host the binaries
# CBUILD - machine that will build the binaries
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
# If CHOST != CBUILD, it means you want to cross-compile the libc.
# CBUILD = CHOST = CTARGET - native build/install
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
# For install paths:
# CHOST = CTARGET - install into /
# CHOST != CTARGET - install into /usr/CTARGET/
export CBUILD=${CBUILD:-${CHOST}}
export CTARGET=${CTARGET:-${CHOST}}
if [[ ${CTARGET} == ${CHOST} ]] ; then
if [[ ${CATEGORY} == cross-* ]] ; then
export CTARGET=${CATEGORY#cross-}
fi
fi
is_crosscompile() {
[[ ${CHOST} != ${CTARGET} ]]
}
# Why SLOT 2.2 you ask yourself while sippin your tea ?
# Everyone knows 2.2 > 0, duh.
SLOT="2.2"
# General: We need a new-enough binutils/gcc to match upstream baseline.
# arch: we need to make sure our binutils/gcc supports TLS.
COMMON_DEPEND="
nscd? ( selinux? (
audit? ( sys-process/audit )
caps? ( sys-libs/libcap )
) )
suid? ( caps? ( sys-libs/libcap ) )
selinux? ( sys-libs/libselinux )
"
DEPEND="${COMMON_DEPEND}
>=app-misc/pax-utils-0.1.10
!<sys-apps/sandbox-1.6
!<sys-apps/portage-2.1.2"
RDEPEND="${COMMON_DEPEND}
!sys-kernel/ps3-sources
sys-apps/gentoo-functions
!sys-libs/nss-db"
if [[ ${CATEGORY} == cross-* ]] ; then
DEPEND+=" !crosscompile_opts_headers-only? (
>=${CATEGORY}/binutils-2.24
>=${CATEGORY}/gcc-4.7
)"
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
else
DEPEND+="
>=sys-devel/binutils-2.24
>=sys-devel/gcc-4.7
virtual/os-headers"
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
fi
upstream_uris() {
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
}
gentoo_uris() {
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
devspace=${devspace//HTTP/https://dev.gentoo.org/}
echo mirror://gentoo/$1 ${devspace//URI/$1}
}
SRC_URI=$(
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
)
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
# eblit-include [--skip] <function> [version]
eblit-include() {
local skipable=false
[[ $1 == "--skip" ]] && skipable=true && shift
[[ $1 == pkg_* ]] && skipable=true
local e v func=$1 ver=$2
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
e="${FILESDIR}/eblits/${func}${v}.eblit"
if [[ -e ${e} ]] ; then
source "${e}"
return 0
fi
done
${skipable} && return 0
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
}
# eblit-run-maybe <function>
# run the specified function if it is defined
eblit-run-maybe() {
[[ $(type -t "$@") == "function" ]] && "$@"
}
# eblit-run <function> [version]
# aka: src_unpack() { eblit-run src_unpack ; }
eblit-run() {
eblit-include --skip common "${*:2}"
eblit-include "$@"
eblit-run-maybe eblit-$1-pre
eblit-${PN}-$1
eblit-run-maybe eblit-$1-post
}
src_unpack() { eblit-run src_unpack ; }
src_prepare() { eblit-run src_prepare ; }
src_configure() { eblit-run src_configure ; }
src_compile() { eblit-run src_compile ; }
src_test() { eblit-run src_test ; }
src_install() { eblit-run src_install ; }
# FILESDIR might not be available during binpkg install
for x in pretend setup {pre,post}inst ; do
e="${FILESDIR}/eblits/pkg_${x}.eblit"
if [[ -e ${e} ]] ; then
. "${e}"
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
fi
done
eblit-src_unpack-pre() {
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
}
eblit-src_prepare-post() {
cd "${S}"
if use hardened ; then
# We don't enable these for non-hardened as the output is very terse --
# it only states that a crash happened. The default upstream behavior
# includes backtraces and symbols.
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
if use debug ; then
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
sed -i \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
debug/Makefile || die
fi
# Build various bits with ssp-all
sed -i \
-e 's:-fstack-protector$:-fstack-protector-all:' \
*/Makefile || die
fi
}

View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="project">
<email>toolchain@gentoo.org</email>
<name>Gentoo Toolchain Project</name>
</maintainer>
<use>
<flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag>
<flag name="gd">build memusage and memusagestat tools</flag>
<flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag>
<flag name="rpc">Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391)</flag>
<flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag>
<flag name="systemtap">enable systemtap static probe points</flag>
</use>
<upstream>
<remote-id type="cpe">cpe:/a:gnu:glibc</remote-id>
</upstream>
</pkgmetadata>