Added glibc with no-builtin-strlen
This commit is contained in:
parent
8a484482ab
commit
60b8050349
61
sys-libs/glibc/Manifest
Normal file
61
sys-libs/glibc/Manifest
Normal file
@ -0,0 +1,61 @@
|
||||
AUX 2.10/glibc-2.10-gentoo-chk_fail.c 9407 SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e SHA512 d1c51c573353b3b8ae6ab1bcc8c10eda5cad8b98fc7ab4848e4fbd8a8736174f3c3fd1b72dd80c72b1e54be78f1cae4dc1ab8130df25aa6d1495e5cbbaf3b9f6 WHIRLPOOL 32028ddeb422d89c0523fec994413e67c6afd9fcfdaf147d3d6a28bd02f8feabda9571ced4509253b7061a95bb2c16cecf94a4274671b33909ff545b1787f101
|
||||
AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 SHA512 e0a09f77b209a72ab577fe1e62126609fdddedf3fba0eec749c4b506cdf793779b48390f055a3594892120f694291f8340c0b6f51862e94c03fd516897138be7 WHIRLPOOL d1b8e1536696350e0ed9eaf9a923daa7c004ef40ae94c1c3ba3d6cb293f1c19364cefbe8491089061124cbe26a9fded9f3d38d89f1bda56d408162e53702e8d4
|
||||
AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 SHA512 0605b7964af87d1d6bdccea5c4d1bfe6267d4401b8bbf0c8bb689663e6bb3ef92eebad8be6c23ffdf6632a4d5e6098d8a403c3e84ffb21b5e87b5b1d1ec3512d WHIRLPOOL 635261b547883bbfbe23c802fcf97916dee823b367f96732ccecd7506dff004b87f2d36d97ed398510711330f3a53f039a14e226d20a681cc201a8c7a3450833
|
||||
AUX 2.17/glibc-2.17-hardened-pie.patch 1784 SHA256 bba32e40c73aef20122b2825f31e5c3aa058b61feae4f32f336e1941f83f82d1 SHA512 9ecfe2b6c8c982a42786181d6507d5fa588a6868109065451f58a779848837bd5e69c32a24e43a186c2ff63a9784015c51487e342c87982ac074139e36c169fc WHIRLPOOL 1baffbef9e6d870ea2f2ae5be014b71020a213a1a11e9856fa207545867de444ed164cb926b2aac23471854eaaf72a87e38760702b32bfcfa639add8733d925e
|
||||
AUX 2.18/glibc-2.18-gentoo-chk_fail.c 9384 SHA256 e6ed60f4e0d262aaaffac2b84fd2fcf7906965dc9d91a2150b8b2d9f50e7b9e4 SHA512 f7106e36fa49b0000192c281edfcd49338c825b8b8663ac9d7304e8fe8b2f44b39c6c82a741b8e8abce4cbe2fd72f64e3cfe7a18ff504a4b2b2d63e5c75d62b7 WHIRLPOOL 80aa86694aedf306276ba74334a14e98b108caca046430e6ce71ec67221ef716e7350a667929bf79277bfa9f0eaa23d4544f8acf7e32fd54a26b3a0f5ebc596c
|
||||
AUX 2.18/glibc-2.18-gentoo-stack_chk_fail.c 9599 SHA256 039a6249236c60bb909e67339fd7ef6eefd1f4bb71b8cd39f4fe04530c536315 SHA512 97acbdb8aa87dd7e197a1577bd053374b1c8c30d6c82f4a71ef04409bf87b36a60322237cb79896ebdb49960fcaae4c4f2333497f5c255f67717b01d6d62c2d5 WHIRLPOOL 40ed26d3a251a6f4de125a588bafb911b7ba4867f5139142c00a2bc2f2616658a45cff144d2629bdf33cadece020ed6a1bd7a74047da812821cdb6d3e8253f40
|
||||
AUX 2.18/glibc-2.18-hardened-inittls-nosysenter.patch 8981 SHA256 3fcdef34164b7fa6e493e081d32427017d239236aa4e183e3a470fe49a028eb7 SHA512 98feb8f12dc5d2bb030ec7c6c77f3f9389ebc208fafc96496f316e577457dd991294d59735b013b17e1d10d5c7b63471d5b857d2334be78239a8ceb1ad62b1fc WHIRLPOOL 52ac2452fe3f9ec6ac3f4635cf017d1347eda6b950f25ecee6ef1b444de97fad5a1792432e0c783375fc7d07c80b4cd77e48a6d6051aec3933696e2f17fcec18
|
||||
AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0
|
||||
AUX 2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch 1360 SHA256 f0d8bb004f598375b61e67e1c215b15953c293038243207f2d85cbe9f10d093e SHA512 79876b12871b3e7693340bfdf99276ac0dfd6ff30bc977a9526af9e681fcbab2f25d3ac9e2b33f027c968b38a4b670237de54ffd08edc418423ecd82dddd1d67 WHIRLPOOL 5ca64dddf58a790cc5f6090ae48fc4bd4799a9aac4c67f6ef7d1fea9498208ffc38ee8167b6ec80dc97c4f723fcdfade8f573893f1b380aff04f6d0476d0d253
|
||||
AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d
|
||||
AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c
|
||||
AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f
|
||||
AUX 2.6/glibc-2.6-gentoo-stack_chk_fail.c 9545 SHA256 1410ded812be80d452eada5f9d6b9bd7bdb504c14f01cc27dce3e36b6f92b92a SHA512 360b77df2d19d14060e19e763878297bf042eccd5206ce4829a33c78c982b59b46144116d237a7cac73a22dd6cb4987c8dd50f1d16003baa22c2cb2942d2cbdf WHIRLPOOL 44e14dacdd258c46201a44c2c6aae4d975b960a914c24e49f2b39dae960636512049daa052d3cd8e8d93819d263327c28eac947efdb5d9e240d1bc6e9964016f
|
||||
AUX eblits/common.eblit 10936 SHA256 cca69d06b4bfef4a664036839ef168a113115ea7b262c2d368f9ae303cd8b831 SHA512 4478e91e6ffc251bff3b0af8383e47e38cff279c0ffa93b53d718bcf52920b6f9ba10953366fc0dccfcb031a405bf6e7db6ae9b127f6723eb2f2cdc02031c995 WHIRLPOOL 40122db079318762f5218eff87c08726db9c851cce00ec069739f891dbaafea04417cff992291e07af96dee1e3d3b369a6d1491b7cf85540eda34aa23e10b799
|
||||
AUX eblits/pkg_postinst.eblit 971 SHA256 abcb925bb0730d1eae22bbcee7a4ba6523280390f410f38bfdf9eb44e0280000 SHA512 65e577c77a9a488c5e93ccd4afa325ab7e3904df594c13fda17136c8aa2748fa4e6d0102f4799b4ac9b8c3bea9920faadc4db356ece9929ee708bbfa9151dfc2 WHIRLPOOL fb3cdfb702b0ce616064f94321b9225a53b300f76d95495098b6c97eb3ab1650ea2d323eae169bb8d1fd8795134aacb5c54ba6927fe743b01f124aec416b15a0
|
||||
AUX eblits/pkg_preinst.eblit 2076 SHA256 1d2f3107f463baf916378ea1b6079ef4d03983e1dc01fb7ce551f94c457992b8 SHA512 78fde8ac1338029c7e66ac592044ad797fa7771dfdb8ed21ab681bb3ce5d9778a960b8606cdb7d35f6ace0188d0053dfab29a9e31b1d0051a2f2170c9449d368 WHIRLPOOL 474b8e6883dccd735808bd4f8c0cf42b619c01c2c55a80c2eeff4bdf4716cd706c834bed2a919350fc339f0b8b61c8ba94c342df5736332f32b40ba3155075b6
|
||||
AUX eblits/pkg_pretend.eblit 4991 SHA256 bf6471db95d844a2707d7abd0082c1c9ff37b11352b960cf8ad2a204f3b7c6db SHA512 5754f3d3ab2e2a4b597228fb8ba3c3831eb89f9bf5ab6b8eac59e2253c87e1fa42cf3fbf775ee5fa1f115e70efdc5325e115d65e37a3bc7894473d3d07394929 WHIRLPOOL 5eb7d48c2732698ffffbc52feb6c4753bed1b172d931747e90b8f13c436c347725c09d15210179b3b26d2a87a4132a5eb7c7ee356c2ecbd77e368e3ff0b0a61f
|
||||
AUX eblits/pkg_setup.eblit 275 SHA256 c5de97dc69d3508555ac579e14ead694a75edf4707c1749219677ebee88ca9ab SHA512 627740976e372842b09034b79f61f5cb5d8283f47c94cfe66b2aa1517c901df0bf3b456f1ba26a9ddc0aa0215190d0415ed4f881cc950d163d8203a0e6bba2a9 WHIRLPOOL 16ef3155b35671311443f4c231c1867d12731035aa603dedb6e86eabdc1501c67183474a26bb06048e12c19ac3bda054fdb8a107792a3dddb743b6dc7d447339
|
||||
AUX eblits/src_compile.eblit 598 SHA256 3b90a6f44d307b92cee36fdd91d412bdb9fcbab555e6c6bf8174c8e3f29137ca SHA512 ee216aa3bb13f75313d141459acb47523442addf12a6bb8d829ca40eda4f63324911a13ff0ae90fe6eed1fbe0058c89308a2205c5357a0e1897a89573fea2f51 WHIRLPOOL 3bfc5406e794ee9ee4005e97aa2d40a82d77de090c72767d6b43be6993048536b4f2442bf6864157d036e7ea3fce6ba6537a97cd2afee04c61f9e98e1adc3c00
|
||||
AUX eblits/src_configure.eblit 8218 SHA256 0d279bf1a1f72335d31843d5558f8f5602368eb840a5a107d93ef914e381b45a SHA512 097e5e44108c32571bde23c7c5fba500d6f6e7959e0c2088bcaadc8bdd817f03a0038d1c08c5c746ed756a09e5d015dc506c7f0bd7f7837bddf16d8aabd54216 WHIRLPOOL 818b0559d1949dad4d2e69399b9f88fb883fdf69e4be77796c5850a0a8b13fe22697d4adeea5d10ff40dc1f9391d72242c7de37bb1f0047cd655aa6ea8d9c38f
|
||||
AUX eblits/src_install.eblit 7814 SHA256 8d64a4a031263dd7c3e7ba710a5dbe51fa7004b9795fefdab55f7db273f5e89f SHA512 fb9fc62103e1803509f5910b71eb28398258433762b930c93cccb7578756599739714c41077a2d0fd81c78e8fd14fd30b384a2c141d8df801507414531062551 WHIRLPOOL 4634ef7da02f35d461027a4d5bd27bd4e888805de0713b577ac47eb1161048f929e1c52e38fc4ad8da333a2198877b82962416edfb30bbaafb9055fb658a6226
|
||||
AUX eblits/src_prepare.eblit 2234 SHA256 ba76d31b6a4cafbf9d580bc337d88d44a706b201a5799d2e32aed50251bb703d SHA512 8b57a852e357e143d4b4c72c620d28bf3937c017a71b1760a7b7d5c684c5d2a41488a16b5f666487a9b5efe3b1cfa7b3b067dec1e832e6139455c61c62f2fafe WHIRLPOOL 98bca56b92abc78fa717d74c7aa37eafacd8674093638653e37f85fffc09da6abe8c0923bc735606ed56862f79daf26a88573c719fc04961025951dd88967995
|
||||
AUX eblits/src_test.eblit 698 SHA256 96b044ef9a27c2591b2a440b45bd89989022d0b41c546ce4dcea58a631315bf4 SHA512 0a46dddf53ccbfaab3f85ba7d2e8f202b4d5be98052601686592eca0ec115de29d8cb1f324ba12dcb77f3a8d4bbb39032532042b8adf809a772ebcc845b1a152 WHIRLPOOL 42af8b97859789b52a5a0c100ba109d8c3dd47532ef3f0b764c95b7a61be9d293d99de25e601dacd840c0a4cc921740b5acc2a3567b5aa3ae8ac6f88430ccf04
|
||||
AUX eblits/src_unpack.eblit 3096 SHA256 f0934fe81278797a0625fde2518f5bdf8531c75443ed3dc6ba7d18aa751cb235 SHA512 6fb32f854920ac4c0df5d60d334f4b9376b05d9b2df7d1bfac979acc3d7c282846fcce36c9816558ee75db030c3551b95f2ff26e53ea166adf97a2ae5db55abf WHIRLPOOL cee004cf4967f0b073f56ef5bbc67e56981f109400622f70cfba51ce120115f4c25ee7696a5b9baf7b22080d01d038ea936d5c342d65b7331b3801510a509123
|
||||
AUX nscd 1527 SHA256 70a809ba34959aa9622bda95299e7391d14d84fad8b3cf5012e2284b6324b6cc SHA512 d25cd0696e4ab2c33fbfe4adeb2f7f9ebe6b77f78d8b4aa79e88aaec21e7aa9c26de724ad0aed5e3e994a8c96bbfa759c48eee99b442f0e4ab9b2c62d177549b WHIRLPOOL 2edef69a468325ac30f8b3f9ea3082f9fc69d887f775f5bed96fc1135bbb675ce1a797a898ce9f744d5d0c3fc0f2156edbca0e39134f08a2d8f41ef3513bf3c6
|
||||
AUX nscd.service 337 SHA256 de7bc9946309d34f0ab44aa22a4d3cf259fe91c57e8000d741cb09ecd3a6caa0 SHA512 2001100f3b054843c69b6fd2d38852c7c824282aa8998c25a3c0352db993705429d25c70d8ce6cb3579f836b7089644c520acac423ebd69cb1b36e94a77c5bea WHIRLPOOL f01d191971b0dc45f541c9ebaaa1a40f3497e2cc838cff6a20a7b1828d726c248abbd94322a5a5ff30c33ddb7d9086cd4d2ba3bdc1811fed59ff292ef3983a72
|
||||
AUX nscd.tmpfilesd 111 SHA256 f0f64c4612d2097173854d2ec2e94ecbf4b77c7a6e94d950874e37346aa90d72 SHA512 53b80b331e1a85d8ee16eb2ce547a7249e944926c3d1cdd4a47a5301a5c842ffc7ec1e3dc0a731542a8facf8261c1c57121802d01741aa89898a3476c09da340 WHIRLPOOL cf1fed1a7e2ac1623a84f1cfa2062645afe3f791da2f4ace3859d12aa05df0e282b4c2e367a460015956ac2a8d01fee4cda84917a3adf2c38561dff200335270
|
||||
AUX nsswitch.conf 401 SHA256 bcafb75d99fc101c9877642ee43a87fe417c164e4ef6562e9c033a5639d30d5c SHA512 e7969cd8ad611ac267cfe10e21bc63fb640910e0c0b82d6da76944ce6a7535d585a369bad62c6b6139f38d67403cb77938606af990350b7395bdbf8e1bfa7b34 WHIRLPOOL 97c713070be7890382663d2c70572794db4008298b342d9044b450f8d841afd01bb848f3e300bc745b17fb7d7b082aa094aecadbc185060115da04f05e4bd2c7
|
||||
DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f
|
||||
DIST glibc-2.17-patches-8.tar.bz2 83707 SHA256 477946a4915dcd0cc0565ff8532d219e2ee868f6e821ea71ce579652d01ccbb3 SHA512 6675357e62b554d9d0f8ef70341b8038f8f89591fba384bc3783ef81aead0532486e2218af71da9c6f88a3b8b382edec81bed36eb636ee231eac80e111acbfd8 WHIRLPOOL 946f431b28ec60cc61d44364187f64a2d6e92ed7c9071126cf70277843c656de4dfac9f184f572f9a72c0cb452d879cdb7aca5b9f92f8ff02a8b1a521fffef43
|
||||
DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23
|
||||
DIST glibc-2.18-patches-4.tar.bz2 95165 SHA256 89b458e22db60847b4ad869e3b5cf32868528b8d73205a692a6c0d07779dd083 SHA512 d881c9c5fe32b967694d4ca5185ff5ffc964449f2ed49fd062e5d57a3c6d9f16eef2f591d2d8e98a1a95a6487f3436ef031839ed8766fd085404b288340b7933 WHIRLPOOL 55f87d0efce1f84b45968f377e868c31102cb5228fe4ff1ffa132770f242f9f4f1843c28e4eb38ee7bed1321507ae12b7284a18199af63df1ecd070233d1076f
|
||||
DIST glibc-2.18.tar.xz 11150148 SHA256 2cb4e1e381928f1e5e55e71ab1ba8e0ea7ede75ff9709770435bfd018ea257a3 SHA512 27218d2e7dd3bf3908d7af171c490933680e958c579ebd27b43b661e223fd5de2219cc1cf699170405280808c84de476d0ad86dbba35a488ef404e9438552327 WHIRLPOOL 89b877c7db602ffd4374c7fb84db17397b91f889a7de6259f79374cc3fcd00613114cbb93feb518ef25fb2e579fb03843df15d17235c1fe1b6a7e0e64aa8e8fa
|
||||
DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3
|
||||
DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6
|
||||
DIST glibc-2.20-patches-5.tar.bz2 55986 SHA256 3d3eec9ac9b5d0530f9e05614f4646d64ff93a48865b42c156990bea69247cda SHA512 409f59a028127e02f0c9f91107715b540d8d234475830adc17108a02664be232098d119b43bcc8df9b328ab50c1fffb0868d510e6487ce1c34ec2c7c7a78375b WHIRLPOOL b3c41b01af5d8ae8e901ac48ae124e13ff1c76fbeb35315cb9630c648c03d7abbfb753294cbdfe1dc939bda260e24d8450ffb19cfe5c255b32f8c5500f2c43f3
|
||||
DIST glibc-2.20.tar.xz 12283992 SHA256 f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5 SHA512 7a8eea8b71d3ccba766c3f304cab61055446d451ef063309476b26dc40d880562dc33b1b68fbedeedb4b55b84c26415b9202311aaa71ef8c141b6849a814d2fa WHIRLPOOL 042f74d75c62a655ae35348c9cd0bed0845ab199e37a76635eb74c04ed927b5eca77723c38d2dc46f12fca62c1004001887b43946a914b079ad22f6a9cc8daaa
|
||||
DIST glibc-2.21-patches-7.tar.bz2 46894 SHA256 49126df6f4b819f2c315cca0a07e9b8ee7e279257148506d336ccfef5766bbcb SHA512 e4cca3d753c0b9d213c0ed85e3d08cbbf6517862b3a48af987e010abaf5a022b47330040ced183d30b5b934de7587e97b4342e51a6df3d5cfa768bdd8b43b756 WHIRLPOOL b5f4bffdcaf629d735e7498f509bf2130acb18194b18e69747bb6c3e403b221f2163eea3770bb19c05253d7134f70ed4657d7c30c5978f7b5571a3482f9521ad
|
||||
DIST glibc-2.21.tar.xz 12322092 SHA256 aeeb362437965a5d3f40b151094ca79def04a115bd363fdd4a9a0c69482923b8 SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d WHIRLPOOL d07fec32bd92eade065a3b6170932b8bd41d07df4aa69dd5a860ebb9678c22bd1e20bf88b1fc05c3ecc18e709c0a63118e12525dc668e0399d7ef7fe4454702d
|
||||
DIST glibc-2.22-patches-13.tar.bz2 74479 SHA256 ffd1e0f9a41be030e5ce2518d9e84a1fbaa9a4fb2e96f1b85dafb05fea666c86 SHA512 73517fc1502b0733d67ade1d1ba6168415f5da64f37045fac0b10ef57155bf6dfbe1876e4742d2543fcea0c935c179426f6fbb94f0205968392ef903d2f83897 WHIRLPOOL 0eeedaf09eb42e5186256dd41aae00cd2b9b8e3ab929a792e83d0fd8e8a8630d829f01b293588bf59e105eb17ab512416d8d115c3e542cddc34a84b84d56af3d
|
||||
DIST glibc-2.22.tar.xz 12969072 SHA256 eb731406903befef1d8f878a46be75ef862b9056ab0cde1626d08a7a05328948 SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b WHIRLPOOL f7e707b3776fc197a2e7bf5633721925507237b154bbc1f94b9fc303c87e6fc039ff0758da6ee55b4c1a0daaa87c6e594a6c96e7b00a7ba8ae98ee29918709a7
|
||||
DIST glibc-2.23-patches-4.tar.bz2 230533 SHA256 5b64a9b30778be79fac8a8c7e2ec7ebb077e136c85d79996ae3d725189d236a4 SHA512 af140a13bbc28070bfec26e041ce562b1cc091d312a82f385becb3ab87ee882d8ea10ac4ec6dcf86f154857527a3383782d46141016047338cebc7c393329cf3 WHIRLPOOL ca7be788c64428bd2bd6e41eee5345ff85dc9ee0987af55f60104a9f03e3019b8fa6a933ba785d3b1b27540c2485160d50499049985271227c07b094db649de3
|
||||
DIST glibc-2.23-patches-6.tar.bz2 311773 SHA256 d3fbc6068bb7bb92a5e4c8fc30d5c70c203a64bcb33b5578de7639400e1a56d9 SHA512 681b5ee139be9f2daf286a42df3a811b44330ee1a24dd539c4510b13cd51698884be3799b1ad85d4f67ed143e821156c442c25735481052a59b5d8a3b4449d75 WHIRLPOOL 36d69a3e88b5d162311686ee0a4b5d7856a98f9a6e5955514c3c642b855773bbb9b5753c5c95eb0d749798c5c485bb1ea57db7c72164cf3b8561b16ca1a082c9
|
||||
DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71
|
||||
DIST glibc-2.24-patches-2.tar.bz2 50398 SHA256 1fff0752826b8ab08d6fa115caf2c7fbd3ec2ceffd6c7002499828d8722d546b SHA512 a4c48ebfcf49df0110a43c6afc97be7b3432593b9c4a5aec1b053b69dbca01ee2493584bdd957970e28a9b7e8542ff67cd656150034fbc0b318f2c4295745222 WHIRLPOOL 0fda6d4d936b3598d9026fa1ce2b86833f341919f5c9bd66d95e1a0a5a3e1517d48bb599d48e7bb68e65f6fd439204f57cf678e1984722d5f83faf8083029110
|
||||
DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb
|
||||
EBUILD glibc-2.17.ebuild 6859 SHA256 14a43d5fee65d2fcb296f899adb834595c3ca0be01dc132c42186a14502a1a01 SHA512 d126c7e2ce87383b4ee747c3f7f62deecd13a2648aded4fcb9899a44205dfd2a617c7a5a356b433812782de3b362bf6d399a2d274b2d805af22dbf14b91ad287 WHIRLPOOL 165b12fee5cbacc644e6495a297b77705e35e9cc8044d4d4a2fd4c3f15473bc168663ee106cdc4d38bbdfe5fd0d3d2534727dc2bff8560c1b87a98a1eab65b67
|
||||
EBUILD glibc-2.18-r1.ebuild 6920 SHA256 5d8647c1b1b6e5def5c5692232f1655c76f60ba643a763b0c1328783d5e03130 SHA512 4e96c0303db04e082a48bcbb72674f4f907b601ad8cc0c12dcd34cf67309890cfc42ced882bc4ab5ed45e8ca86dd795b901a833e202d417dd98720cd03770c2b WHIRLPOOL c44eaba3e2725a319995ff152c2ace177aa236bcaa6f56ef8d2eeb9fb64de3ef41b6d3886b38983601bcafecc931f6d6cc12d425fc367dd0378e09008a24bca5
|
||||
EBUILD glibc-2.19-r1.ebuild 6878 SHA256 b9787f2b1a512aef86ccee41a24b4741bf8a44c42a52489ef29cdd327f7b3ac2 SHA512 abd0c6f17d1158a96b981de37b34dfc7c7b257a7be0e57031f7ec8202beb85543149a3ac4447d4896ab00411a9a3dc0e547832422261289fbffccea201644bf1 WHIRLPOOL 38e472de0c38c7557e376a1b4a8b0c087f2ba6500a790c9ddb63b8a84665276a93a1f36f966368b6623faed7d4c2b9003aaa6293c288659bd90faab328485e3d
|
||||
EBUILD glibc-2.20-r2.ebuild 6441 SHA256 e6e29f8ef84d2cfca0a08c01a31fc0759dbfea2c5039d56fc1de7b1869b0d891 SHA512 0841339e986f804d093f8604445421ac4032e18b233fa9dc911db00e512f43908fa9351e5baa86d790e9e2b6d9c1e4dbae111f5a48853878b11e749cbc0eb872 WHIRLPOOL 15f62b665c72c6e63ce9ea59a277edfcb94aeebe1fe130c8149ceb79f5da353d96296905def88b4959cb2a6bf4aa3fbda0015cd4dd06dd8ccdea8e5d52e81272
|
||||
EBUILD glibc-2.21-r2.ebuild 6416 SHA256 384d2c5c88508723052045afce51fed8716b79020033fe160f182af483dfd94f SHA512 ac0de01cbc63c6017e78277de38bb3ef22ec8bf2e16630492d5956976d8920a9f381efce3a86aaa24332dd54421c1e028cccfd0d86b9b9e59ea2d2d5a9a98e90 WHIRLPOOL 01ec17ed723a6747208c90f4656c6e3362157041db8094b8fcc744d6b11c97019eeda5e89fc4dfe95ec8dbf11b46c35979bf4b54d974122b15caf54caca0771f
|
||||
EBUILD glibc-2.22-r4.ebuild 6468 SHA256 2d21ac88202655384de0dfb6c6b7dcc82d60eaa0c30b9443caf97f2d33cec0d6 SHA512 be923f64331cb3241948c8c1be6295fe6305ede10976af6be04d19556e4db2038446a5456df4ef031a48c6832beb87e8d60423e40389cff75b0032fd12b92898 WHIRLPOOL 8c84ce37c2733e79a5b2cac4ab9833b263fe06da9650c778493b86d174c6c7773753065a63d02c021e40bef3ced37f8af0090c91e214c709dcf1b0a4b3565f1e
|
||||
EBUILD glibc-2.23-r1.ebuild 6638 SHA256 b3840fbc9f5d0dff20d26b9029d359be5fc3fa27c5ccf33b9e5ef7009a3bae59 SHA512 d97580a4d829abb3449a6c1652df318d501b494ff69c6eb1503b7d5cb1ad3519f6cbbba87b898cb8652a58a852da6c599b5d1a67e6930f9f44f261578f0aefd4 WHIRLPOOL fde770d176d15d27fa8c8819d6769d1dfceda21bbc0249629ffbbf0bea1756055d4e0b5173c9aa87f3508647a0b264a9d1573b5ffcab259ed105ccf62d2f554b
|
||||
EBUILD glibc-2.23-r2.ebuild 6722 SHA256 51b30178b14a83c8c8e80f8ea373c09951307e450263936ebdb8b509cb0a0d7d SHA512 24c286a14e6cec196b28af470133b6daa4a34592672bd7cec56a0bf870826b2f5c982d27f53f9fa706afef40651c832f320bbec700fe738ebe6e2d7a14d9dceb WHIRLPOOL f1b700e7f58359c23188259409a1ccae779b9410e3eb8b25ebd9252bc05560b1a7a36447ac669bb938d096febe18fc86e53f16697a6089bfc9d7c5f9189c1e23
|
||||
EBUILD glibc-2.23-r3.ebuild 6362 SHA256 982ac3570ed3fdd7a8a577f8845bf3e178c3b9ff988cde8c04ef6d3109b48272 SHA512 07afcd70154275f0f1a4a93f8b9839542444407582a4f9c9a9781dfa28e2b2e3aa0cd9c7575f632a3e3091f9a5c852fa40243aecd255bdce12791151c6c9b699 WHIRLPOOL 1754ded0b59c2a9b9d901048566b9853c42c3ed60e7b91353b86259a695b45bcf89b928363bd5f032aa00ff0c9f790d574491a4172abf6e2b38d28a5e31a5838
|
||||
EBUILD glibc-2.24.ebuild 6356 SHA256 6c545c26ffe3d898246d8aef535ba4198d72d35ae04084871459001531fe2032 SHA512 11d45082c72c6d6200be2f27b982a9cb24ab16cc9c9b692eb3e3256851ddfa039f5031231f838e1866dbfae9ffadb238af919dcdf4cebe4c98ace60a2f4b513e WHIRLPOOL b0d97882b369340d7d0afba81fc5042a107bfe5726368eb423619addd738adf0cf4f4ec2bcd34341c80402ff4560dd803756c2750e5ac65102850685241c0416
|
||||
EBUILD glibc-9999.ebuild 6030 SHA256 c57d4e0feee6aaf0f45087283396e30e7b9f5c9a9e9a906c79354733cb2ff7f8 SHA512 17fe2e11acfd4108f13e92bcae9ea520b408c05a863a5a120852161d80bf24a7a23bbf6bdecb2fee7dbc879ce2a0b15d1a84a3392e7c5c78b45fbbded271d7af WHIRLPOOL 34652ada3a7ee1a28b75680beb794eb4b1ce0f0a4bad6747e712c19126806531f17c15be6ddd0fbe03cd9f45935bff34457fce369a4a96dfe9c4a534cce0f759
|
||||
MISC ChangeLog 16580 SHA256 9398220053063cba5d6a7509ed250e68e07a4ff0645e023dca860428856def02 SHA512 2f792f51773aae46eceba82bfd714f743a10b79d978859046a91e64b5225cf8bf93cd487db6ecb92de17e6e128025482ba9a6a09e1d59b769c0fd123486f4392 WHIRLPOOL 90c88069052764091d2f1aa71aa333134e8a18f741d4da9c76e0f23894b47484eb586961e6cbc361a7482641f73e8b2ef5c82fc75ff43bc39127cd7c440308fc
|
||||
MISC ChangeLog-2007 108548 SHA256 d622be202eb0d61a363b0ae4065012cd1d494fefaa0c03d4aa7986177cdde6d0 SHA512 fdb3f311a3be4b97a6acfceb1763af5ea69e74d8195522c5d03307f75e15a9382991e9e29dbfdec79e74f1c36328f82648768749bc929e5050ff64b628c7ca98 WHIRLPOOL e550f354394569069e000a7e70ec69c94388a0f415c19b427203f0dcbcbeeec0f5e379ee2af7886cd2d68559e749fab8122e7e077985729d7e0e728ae9096d7a
|
||||
MISC ChangeLog-2015 77895 SHA256 d7c16b77521b14a7e1c148f1ad699128e4fcf7caf41a77b46844508ba68acf15 SHA512 1a7fee53e1ec55d0b16b949543b01ad6f429f74293cb6ed730f05a3ddfc4a21fdaf7ee80c0c839d456587a207780ccfefdaf68a236989db5129ffba30c77ff5e WHIRLPOOL 48d46ac586309e415b7d669598c330062afd6fcb2668600d5c62e234d5ab8c3dfd2e81d4f528689efb6d5fb5e2ca5e24c68a4c58be52e1c336127d63224e18fd
|
||||
MISC metadata.xml 921 SHA256 c01e0edef8cd5db7d721a3abfba19365507f1cb35df4d62b048468fe49b543f7 SHA512 5d4ecf57cf80cbda0dea361d7996ec5df384eee928c07e8e37e25e0ff82577144878492a49b318000b10f51c1ad03b950db7ee5d74e46e96e688b2fcdccfb66a WHIRLPOOL 7024db2e0a3ea6269c9d4158b966c0fda46eee5c7787a7e99b90cfb366ec816843e8849b9390aaec37af05eb530445fa12e0b70dc75ce16277c10c4234d231df
|
315
sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
Normal file
315
sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
Normal file
@ -0,0 +1,315 @@
|
||||
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
|
||||
* License terms as above.
|
||||
*
|
||||
* Hardened Gentoo SSP and FORTIFY handler
|
||||
*
|
||||
* An SSP failure handler that does not use functions from the rest of
|
||||
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
|
||||
* no possibility of recursion into the handler.
|
||||
*
|
||||
* Direct all bug reports to http://bugs.gentoo.org/
|
||||
*
|
||||
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
|
||||
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
|
||||
*
|
||||
* The following people contributed to the glibc-2.3 Hardened
|
||||
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
|
||||
*
|
||||
* Ned Ludd - <solar[@]gentoo.org>
|
||||
* Alexander Gabert - <pappy[@]gentoo.org>
|
||||
* The PaX Team - <pageexec[@]freemail.hu>
|
||||
* Peter S. Mazinger - <ps.m[@]gmx.net>
|
||||
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
|
||||
* Robert Connolly - <robert[@]linuxfromscratch.org>
|
||||
* Cory Visi <cory[@]visi.name>
|
||||
* Mike Frysinger <vapier[@]gentoo.org>
|
||||
* Magnus Granberg <zorry[@]ume.nu>
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sysdep-cancel.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <bp-checks.h>
|
||||
|
||||
#include <kernel-features.h>
|
||||
|
||||
#include <alloca.h>
|
||||
/* from sysdeps */
|
||||
#include <socketcall.h>
|
||||
/* for the stuff in bits/socket.h */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
/* Sanity check on SYSCALL macro names - force compilation
|
||||
* failure if the names used here do not exist
|
||||
*/
|
||||
#if !defined __NR_socketcall && !defined __NR_socket
|
||||
# error Cannot do syscall socket or socketcall
|
||||
#endif
|
||||
#if !defined __NR_socketcall && !defined __NR_connect
|
||||
# error Cannot do syscall connect or socketcall
|
||||
#endif
|
||||
#ifndef __NR_write
|
||||
# error Cannot do syscall write
|
||||
#endif
|
||||
#ifndef __NR_close
|
||||
# error Cannot do syscall close
|
||||
#endif
|
||||
#ifndef __NR_getpid
|
||||
# error Cannot do syscall getpid
|
||||
#endif
|
||||
#ifndef __NR_kill
|
||||
# error Cannot do syscall kill
|
||||
#endif
|
||||
#ifndef __NR_exit
|
||||
# error Cannot do syscall exit
|
||||
#endif
|
||||
#ifdef SSP_SMASH_DUMPS_CORE
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
|
||||
# if !defined _KERNEL_NSIG && !defined _NSIG
|
||||
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
|
||||
# endif
|
||||
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
|
||||
# error Cannot do syscall sigaction or rt_sigaction
|
||||
# endif
|
||||
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
|
||||
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
|
||||
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
|
||||
* some reason.
|
||||
*/
|
||||
# ifdef _KERNEL_NSIG
|
||||
# define _SSP_NSIG _KERNEL_NSIG
|
||||
# else
|
||||
# define _SSP_NSIG _NSIG
|
||||
# endif
|
||||
#else
|
||||
# define _SSP_NSIG 0
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
|
||||
#endif
|
||||
|
||||
/* Define DO_SIGACTION - default to newer rt signal interface but
|
||||
* fallback to old as needed.
|
||||
*/
|
||||
#ifdef __NR_rt_sigaction
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
|
||||
#else
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
|
||||
#endif
|
||||
|
||||
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
|
||||
#if defined(__NR_socket) && defined(__NR_connect)
|
||||
# define USE_OLD_SOCKETCALL 0
|
||||
#else
|
||||
# define USE_OLD_SOCKETCALL 1
|
||||
#endif
|
||||
|
||||
/* stub out the __NR_'s so we can let gcc optimize away dead code */
|
||||
#ifndef __NR_socketcall
|
||||
# define __NR_socketcall 0
|
||||
#endif
|
||||
#ifndef __NR_socket
|
||||
# define __NR_socket 0
|
||||
#endif
|
||||
#ifndef __NR_connect
|
||||
# define __NR_connect 0
|
||||
#endif
|
||||
#define DO_SOCKET(result, domain, type, protocol) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = domain; \
|
||||
socketargs[1] = type; \
|
||||
socketargs[2] = protocol; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
|
||||
} while (0)
|
||||
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = sockfd; \
|
||||
socketargs[1] = (unsigned long int)serv_addr; \
|
||||
socketargs[2] = addrlen; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
|
||||
} while (0)
|
||||
|
||||
#ifndef _PATH_LOG
|
||||
# define _PATH_LOG "/dev/log"
|
||||
#endif
|
||||
|
||||
static const char path_log[] = _PATH_LOG;
|
||||
|
||||
/* For building glibc with SSP switched on, define __progname to a
|
||||
* constant if building for the run-time loader, to avoid pulling
|
||||
* in more of libc.so into ld.so
|
||||
*/
|
||||
#ifdef IS_IN_rtld
|
||||
static char *__progname = "<rtld>";
|
||||
#else
|
||||
extern char *__progname;
|
||||
#endif
|
||||
|
||||
/* Common handler code, used by chk_fail
|
||||
* Inlined to ensure no self-references to the handler within itself.
|
||||
* Data static to avoid putting more than necessary on the stack,
|
||||
* to aid core debugging.
|
||||
*/
|
||||
__attribute__ ((__noreturn__ , __always_inline__))
|
||||
static inline void
|
||||
__hardened_gentoo_chk_fail(char func[], int damaged)
|
||||
{
|
||||
#define MESSAGE_BUFSIZ 256
|
||||
static pid_t pid;
|
||||
static int plen, i;
|
||||
static char message[MESSAGE_BUFSIZ];
|
||||
static const char msg_ssa[] = ": buffer overflow attack";
|
||||
static const char msg_inf[] = " in function ";
|
||||
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
|
||||
static const char msg_terminated[] = " - terminated\n";
|
||||
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
|
||||
static const char msg_unknown[] = "<unknown>";
|
||||
static int log_socket, connect_result;
|
||||
static struct sockaddr_un sock;
|
||||
static unsigned long int socketargs[4];
|
||||
|
||||
/* Build socket address
|
||||
*/
|
||||
sock.sun_family = AF_UNIX;
|
||||
i = 0;
|
||||
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
|
||||
sock.sun_path[i] = path_log[i];
|
||||
i++;
|
||||
}
|
||||
sock.sun_path[i] = '\0';
|
||||
|
||||
/* Try SOCK_DGRAM connection to syslog */
|
||||
connect_result = -1;
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
if (connect_result == -1) {
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
/* Try SOCK_STREAM connection to syslog */
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
}
|
||||
|
||||
/* Build message. Messages are generated both in the old style and new style,
|
||||
* so that log watchers that are configured for the old-style message continue
|
||||
* to work.
|
||||
*/
|
||||
#define strconcat(str) \
|
||||
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
|
||||
{\
|
||||
message[plen+i]=str[i];\
|
||||
i++;\
|
||||
}\
|
||||
plen+=i;}
|
||||
|
||||
/* R.Henderson post-gcc-4 style message */
|
||||
plen = 0;
|
||||
strconcat(msg_ssd);
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Dr. Etoh pre-gcc-4 style message */
|
||||
plen = 0;
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_ssa);
|
||||
strconcat(msg_inf);
|
||||
if (func != NULL)
|
||||
strconcat(func)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Direct reports to bugs.gentoo.org */
|
||||
plen=0;
|
||||
strconcat(msg_report);
|
||||
message[plen++]='\0';
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
|
||||
/* Suicide */
|
||||
pid = INLINE_SYSCALL(getpid, 0);
|
||||
|
||||
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
|
||||
static struct sigaction default_abort_act;
|
||||
/* Remove any user-supplied handler for SIGABRT, before using it */
|
||||
default_abort_act.sa_handler = SIG_DFL;
|
||||
default_abort_act.sa_sigaction = NULL;
|
||||
__sigfillset(&default_abort_act.sa_mask);
|
||||
default_abort_act.sa_flags = 0;
|
||||
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
|
||||
}
|
||||
|
||||
/* Note; actions cannot be added to SIGKILL */
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
|
||||
|
||||
/* In case the kill didn't work, exit anyway
|
||||
* The loop prevents gcc thinking this routine returns
|
||||
*/
|
||||
while (1)
|
||||
INLINE_SYSCALL(exit, 0);
|
||||
}
|
||||
|
||||
__attribute__ ((__noreturn__))
|
||||
void __chk_fail(void)
|
||||
{
|
||||
__hardened_gentoo_chk_fail(NULL, 0);
|
||||
}
|
||||
|
@ -0,0 +1,30 @@
|
||||
Prevent default-fPIE from confusing configure into thinking
|
||||
PIC code is default. This causes glibc to build both PIC and
|
||||
non-PIC code as normal, which on the hardened compiler generates
|
||||
PIC and PIE.
|
||||
|
||||
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
|
||||
Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu>
|
||||
|
||||
--- configure.in
|
||||
+++ configure.in
|
||||
@@ -2145,7 +2145,7 @@
|
||||
# error PIC is default.
|
||||
#endif
|
||||
EOF
|
||||
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
|
||||
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
|
||||
libc_cv_pic_default=no
|
||||
fi
|
||||
rm -f conftest.*])
|
||||
--- configure
|
||||
+++ configure
|
||||
@@ -7698,7 +7698,7 @@
|
||||
# error PIC is default.
|
||||
#endif
|
||||
EOF
|
||||
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
|
||||
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
|
||||
libc_cv_pic_default=no
|
||||
fi
|
||||
rm -f conftest.*
|
@ -0,0 +1,274 @@
|
||||
When building glibc PIE (which is not something upstream support),
|
||||
several modifications are necessary to the glibc build process.
|
||||
|
||||
First, any syscalls in PIEs must be of the PIC variant, otherwise
|
||||
textrels ensue. Then, any syscalls made before the initialisation
|
||||
of the TLS will fail on i386, as the sysenter variant on i386 uses
|
||||
the TLS, giving rise to a chicken-and-egg situation. This patch
|
||||
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
|
||||
version is normally used, and uses the non-sysenter version for the brk
|
||||
syscall that is performed by the TLS initialisation. Further, the TLS
|
||||
initialisation is moved in this case prior to the initialisation of
|
||||
dl_osversion, as that requires further syscalls.
|
||||
|
||||
csu/libc-start.c: Move initial TLS initialization to before the
|
||||
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
|
||||
|
||||
csu/libc-tls.c: Use the no-sysenter version of sbrk when
|
||||
INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
|
||||
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
misc/brk.c: Define a no-sysenter version of brk if
|
||||
INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
|
||||
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
|
||||
|
||||
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
|
||||
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
|
||||
|
||||
--- csu/libc-start.c
|
||||
+++ csu/libc-start.c
|
||||
@@ -28,6 +28,7 @@
|
||||
extern int __libc_multiple_libcs;
|
||||
|
||||
#include <tls.h>
|
||||
+#include <sysdep.h>
|
||||
#ifndef SHARED
|
||||
# include <dl-osinfo.h>
|
||||
extern void __pthread_initialize_minimal (void);
|
||||
@@ -129,6 +130,11 @@
|
||||
# endif
|
||||
_dl_aux_init (auxvec);
|
||||
# endif
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ /* Do the initial TLS initialization before _dl_osversion,
|
||||
+ since the latter uses the uname syscall. */
|
||||
+ __pthread_initialize_minimal ();
|
||||
+# endif
|
||||
# ifdef DL_SYSDEP_OSCHECK
|
||||
if (!__libc_multiple_libcs)
|
||||
{
|
||||
@@ -138,10 +144,12 @@
|
||||
}
|
||||
# endif
|
||||
|
||||
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
|
||||
/* Initialize the thread library at least a bit since the libgcc
|
||||
functions are using thread functions if these are available and
|
||||
we need to setup errno. */
|
||||
__pthread_initialize_minimal ();
|
||||
+# endif
|
||||
|
||||
/* Set up the stack checker's canary. */
|
||||
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
|
||||
--- csu/libc-tls.c
|
||||
+++ csu/libc-tls.c
|
||||
@@ -23,6 +23,7 @@
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/param.h>
|
||||
+#include <sysdep.h>
|
||||
|
||||
|
||||
#ifdef SHARED
|
||||
@@ -29,6 +30,9 @@
|
||||
#error makefile bug, this file is for static only
|
||||
#endif
|
||||
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+extern void *__sbrk_nosysenter (intptr_t __delta);
|
||||
+#endif
|
||||
extern ElfW(Phdr) *_dl_phdr;
|
||||
extern size_t _dl_phnum;
|
||||
|
||||
@@ -141,14 +145,26 @@
|
||||
|
||||
The initialized value of _dl_tls_static_size is provided by dl-open.c
|
||||
to request some surplus that permits dynamic loading of modules with
|
||||
- IE-model TLS. */
|
||||
+ IE-model TLS.
|
||||
+
|
||||
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
|
||||
+ use the special non-sysenter version instead. */
|
||||
#if TLS_TCB_AT_TP
|
||||
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
|
||||
+# else
|
||||
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
|
||||
+# endif
|
||||
#elif TLS_DTV_AT_TP
|
||||
tcb_offset = roundup (tcbsize, align ?: 1);
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
|
||||
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
|
||||
+# else
|
||||
tlsblock = __sbrk (tcb_offset + memsz + max_align
|
||||
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
|
||||
+# endif
|
||||
tlsblock += TLS_PRE_TCB_SIZE;
|
||||
#else
|
||||
/* In case a model with a different layout for the TCB and DTV
|
||||
--- misc/sbrk.c
|
||||
+++ misc/sbrk.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
+#include <sysdep.h>
|
||||
|
||||
/* Defined in brk.c. */
|
||||
extern void *__curbrk;
|
||||
@@ -29,6 +30,35 @@
|
||||
/* Extend the process's data space by INCREMENT.
|
||||
If INCREMENT is negative, shrink data space by - INCREMENT.
|
||||
Return start of new space allocated, or -1 for errors. */
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ Obviously using the TLS before it is initialised is broken. */
|
||||
+extern int __brk_nosysenter (void *addr);
|
||||
+void *
|
||||
+__sbrk_nosysenter (intptr_t increment)
|
||||
+{
|
||||
+ void *oldbrk;
|
||||
+
|
||||
+ /* If this is not part of the dynamic library or the library is used
|
||||
+ via dynamic loading in a statically linked program update
|
||||
+ __curbrk from the kernel's brk value. That way two separate
|
||||
+ instances of __brk and __sbrk can share the heap, returning
|
||||
+ interleaved pieces of it. */
|
||||
+ if (__curbrk == NULL || __libc_multiple_libcs)
|
||||
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ if (increment == 0)
|
||||
+ return __curbrk;
|
||||
+
|
||||
+ oldbrk = __curbrk;
|
||||
+ if (__brk_nosysenter (oldbrk + increment) < 0)
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ return oldbrk;
|
||||
+}
|
||||
+#endif
|
||||
void *
|
||||
__sbrk (intptr_t increment)
|
||||
{
|
||||
--- sysdeps/unix/sysv/linux/i386/brk.c
|
||||
+++ sysdeps/unix/sysv/linux/i386/brk.c
|
||||
@@ -31,6 +31,30 @@
|
||||
linker. */
|
||||
weak_alias (__curbrk, ___brk_addr)
|
||||
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ * if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ * Obviously using the TLS before it is initialised is broken. */
|
||||
+int
|
||||
+__brk_nosysenter (void *addr)
|
||||
+{
|
||||
+ void *__unbounded newbrk;
|
||||
+
|
||||
+ INTERNAL_SYSCALL_DECL (err);
|
||||
+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
|
||||
+ __ptrvalue (addr));
|
||||
+
|
||||
+ __curbrk = newbrk;
|
||||
+
|
||||
+ if (newbrk < addr)
|
||||
+ {
|
||||
+ __set_errno (ENOMEM);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
int
|
||||
__brk (void *addr)
|
||||
{
|
||||
--- sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
@@ -187,7 +187,7 @@
|
||||
/* The original calling convention for system calls on Linux/i386 is
|
||||
to use int $0x80. */
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# if defined SHARED || defined __PIC__
|
||||
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
|
||||
# else
|
||||
# define ENTER_KERNEL call *_dl_sysinfo
|
||||
@@ -358,7 +358,7 @@
|
||||
possible to use more than four parameters. */
|
||||
#undef INTERNAL_SYSCALL
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# if defined SHARED || defined __PIC__
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
register unsigned int resultvar; \
|
||||
@@ -384,6 +384,18 @@
|
||||
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
|
||||
ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
(int) resultvar; })
|
||||
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
|
||||
+ ({ \
|
||||
+ register unsigned int resultvar; \
|
||||
+ EXTRAVAR_##nr \
|
||||
+ asm volatile ( \
|
||||
+ LOADARGS_NOSYSENTER_##nr \
|
||||
+ "movl %1, %%eax\n\t" \
|
||||
+ "int $0x80\n\t" \
|
||||
+ RESTOREARGS_NOSYSENTER_##nr \
|
||||
+ : "=a" (resultvar) \
|
||||
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
+ (int) resultvar; })
|
||||
# else
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
@@ -447,12 +459,20 @@
|
||||
|
||||
#define LOADARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k3, %k3\n\t"
|
||||
# define LOADARGS_5 \
|
||||
"movl %%ebx, %4\n\t" \
|
||||
"movl %3, %%ebx\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_1 \
|
||||
+ "bpushl .L__X'%k2, %k2\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
|
||||
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_5 \
|
||||
+ "movl %%ebx, %3\n\t" \
|
||||
+ "movl %2, %%ebx\n\t"
|
||||
# else
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k2, %k2\n\t"
|
||||
@@ -474,11 +495,18 @@
|
||||
|
||||
#define RESTOREARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k3, %k3\n\t"
|
||||
# define RESTOREARGS_5 \
|
||||
"movl %4, %%ebx"
|
||||
+# define RESTOREARGS_NOSYSENTER_1 \
|
||||
+ "bpopl .L__X'%k2, %k2\n\t"
|
||||
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
|
||||
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_5 \
|
||||
+ "movl %3, %%ebx"
|
||||
# else
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k2, %k2\n\t"
|
42
sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
Normal file
42
sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
Normal file
@ -0,0 +1,42 @@
|
||||
2012-11-11 Magnus Granberg <zorry@gentoo.org>
|
||||
|
||||
#442712
|
||||
* Makeconfig (+link): Set to +link-pie.
|
||||
(+link-static-before-libc): Change $(static-start-installed-name) to
|
||||
S$(static-start-installed-name).
|
||||
(+prector): Set to +prectorS.
|
||||
(+postctor): Set to +postctorS.
|
||||
|
||||
--- libc/Makeconfig
|
||||
+++ libc/Makeconfig
|
||||
@@ -447,11 +447,12 @@
|
||||
$(common-objpfx)libc% $(+postinit),$^) \
|
||||
$(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
|
||||
endif
|
||||
++link = $(+link-pie)
|
||||
# Command for statically linking programs with the C library.
|
||||
ifndef +link-static
|
||||
+link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
|
||||
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
|
||||
- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
|
||||
+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
|
||||
$(+preinit) $(+prectorT) \
|
||||
$(filter-out $(addprefix $(csu-objpfx),start.o \
|
||||
$(start-installed-name))\
|
||||
@@ -549,11 +550,10 @@
|
||||
ifeq ($(elf),yes)
|
||||
+preinit = $(addprefix $(csu-objpfx),crti.o)
|
||||
+postinit = $(addprefix $(csu-objpfx),crtn.o)
|
||||
-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
|
||||
-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
|
||||
-# Variants of the two previous definitions for linking PIE programs.
|
||||
+prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
|
||||
+postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
|
||||
++prector = $(+prectorS)
|
||||
++postctor = $(+postctorS)
|
||||
# Variants of the two previous definitions for statically linking programs.
|
||||
+prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
|
||||
+postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
|
||||
+interp = $(addprefix $(elf-objpfx),interp.os)
|
||||
endif
|
||||
csu-objpfx = $(common-objpfx)csu/
|
314
sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
Normal file
314
sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
Normal file
@ -0,0 +1,314 @@
|
||||
/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
|
||||
* License terms as above.
|
||||
*
|
||||
* Hardened Gentoo SSP and FORTIFY handler
|
||||
*
|
||||
* An SSP failure handler that does not use functions from the rest of
|
||||
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
|
||||
* no possibility of recursion into the handler.
|
||||
*
|
||||
* Direct all bug reports to http://bugs.gentoo.org/
|
||||
*
|
||||
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
|
||||
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
|
||||
*
|
||||
* The following people contributed to the glibc-2.3 Hardened
|
||||
* Gentoo SSP and FORTIFY handler, from which this implementation draws much:
|
||||
*
|
||||
* Ned Ludd - <solar[@]gentoo.org>
|
||||
* Alexander Gabert - <pappy[@]gentoo.org>
|
||||
* The PaX Team - <pageexec[@]freemail.hu>
|
||||
* Peter S. Mazinger - <ps.m[@]gmx.net>
|
||||
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
|
||||
* Robert Connolly - <robert[@]linuxfromscratch.org>
|
||||
* Cory Visi <cory[@]visi.name>
|
||||
* Mike Frysinger <vapier[@]gentoo.org>
|
||||
* Magnus Granberg <zorry[@]ume.nu>
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <errno.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sysdep-cancel.h>
|
||||
#include <sys/syscall.h>
|
||||
|
||||
#include <kernel-features.h>
|
||||
|
||||
#include <alloca.h>
|
||||
/* from sysdeps */
|
||||
#include <socketcall.h>
|
||||
/* for the stuff in bits/socket.h */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
/* Sanity check on SYSCALL macro names - force compilation
|
||||
* failure if the names used here do not exist
|
||||
*/
|
||||
#if !defined __NR_socketcall && !defined __NR_socket
|
||||
# error Cannot do syscall socket or socketcall
|
||||
#endif
|
||||
#if !defined __NR_socketcall && !defined __NR_connect
|
||||
# error Cannot do syscall connect or socketcall
|
||||
#endif
|
||||
#ifndef __NR_write
|
||||
# error Cannot do syscall write
|
||||
#endif
|
||||
#ifndef __NR_close
|
||||
# error Cannot do syscall close
|
||||
#endif
|
||||
#ifndef __NR_getpid
|
||||
# error Cannot do syscall getpid
|
||||
#endif
|
||||
#ifndef __NR_kill
|
||||
# error Cannot do syscall kill
|
||||
#endif
|
||||
#ifndef __NR_exit
|
||||
# error Cannot do syscall exit
|
||||
#endif
|
||||
#ifdef SSP_SMASH_DUMPS_CORE
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
|
||||
# if !defined _KERNEL_NSIG && !defined _NSIG
|
||||
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
|
||||
# endif
|
||||
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
|
||||
# error Cannot do syscall sigaction or rt_sigaction
|
||||
# endif
|
||||
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
|
||||
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
|
||||
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
|
||||
* some reason.
|
||||
*/
|
||||
# ifdef _KERNEL_NSIG
|
||||
# define _SSP_NSIG _KERNEL_NSIG
|
||||
# else
|
||||
# define _SSP_NSIG _NSIG
|
||||
# endif
|
||||
#else
|
||||
# define _SSP_NSIG 0
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
|
||||
#endif
|
||||
|
||||
/* Define DO_SIGACTION - default to newer rt signal interface but
|
||||
* fallback to old as needed.
|
||||
*/
|
||||
#ifdef __NR_rt_sigaction
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
|
||||
#else
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
|
||||
#endif
|
||||
|
||||
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
|
||||
#if defined(__NR_socket) && defined(__NR_connect)
|
||||
# define USE_OLD_SOCKETCALL 0
|
||||
#else
|
||||
# define USE_OLD_SOCKETCALL 1
|
||||
#endif
|
||||
|
||||
/* stub out the __NR_'s so we can let gcc optimize away dead code */
|
||||
#ifndef __NR_socketcall
|
||||
# define __NR_socketcall 0
|
||||
#endif
|
||||
#ifndef __NR_socket
|
||||
# define __NR_socket 0
|
||||
#endif
|
||||
#ifndef __NR_connect
|
||||
# define __NR_connect 0
|
||||
#endif
|
||||
#define DO_SOCKET(result, domain, type, protocol) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = domain; \
|
||||
socketargs[1] = type; \
|
||||
socketargs[2] = protocol; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
|
||||
} while (0)
|
||||
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = sockfd; \
|
||||
socketargs[1] = (unsigned long int)serv_addr; \
|
||||
socketargs[2] = addrlen; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
|
||||
} while (0)
|
||||
|
||||
#ifndef _PATH_LOG
|
||||
# define _PATH_LOG "/dev/log"
|
||||
#endif
|
||||
|
||||
static const char path_log[] = _PATH_LOG;
|
||||
|
||||
/* For building glibc with SSP switched on, define __progname to a
|
||||
* constant if building for the run-time loader, to avoid pulling
|
||||
* in more of libc.so into ld.so
|
||||
*/
|
||||
#ifdef IS_IN_rtld
|
||||
static char *__progname = "<rtld>";
|
||||
#else
|
||||
extern char *__progname;
|
||||
#endif
|
||||
|
||||
/* Common handler code, used by chk_fail
|
||||
* Inlined to ensure no self-references to the handler within itself.
|
||||
* Data static to avoid putting more than necessary on the stack,
|
||||
* to aid core debugging.
|
||||
*/
|
||||
__attribute__ ((__noreturn__ , __always_inline__))
|
||||
static inline void
|
||||
__hardened_gentoo_chk_fail(char func[], int damaged)
|
||||
{
|
||||
#define MESSAGE_BUFSIZ 256
|
||||
static pid_t pid;
|
||||
static int plen, i;
|
||||
static char message[MESSAGE_BUFSIZ];
|
||||
static const char msg_ssa[] = ": buffer overflow attack";
|
||||
static const char msg_inf[] = " in function ";
|
||||
static const char msg_ssd[] = "*** buffer overflow detected ***: ";
|
||||
static const char msg_terminated[] = " - terminated\n";
|
||||
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
|
||||
static const char msg_unknown[] = "<unknown>";
|
||||
static int log_socket, connect_result;
|
||||
static struct sockaddr_un sock;
|
||||
static unsigned long int socketargs[4];
|
||||
|
||||
/* Build socket address
|
||||
*/
|
||||
sock.sun_family = AF_UNIX;
|
||||
i = 0;
|
||||
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
|
||||
sock.sun_path[i] = path_log[i];
|
||||
i++;
|
||||
}
|
||||
sock.sun_path[i] = '\0';
|
||||
|
||||
/* Try SOCK_DGRAM connection to syslog */
|
||||
connect_result = -1;
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
if (connect_result == -1) {
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
/* Try SOCK_STREAM connection to syslog */
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
}
|
||||
|
||||
/* Build message. Messages are generated both in the old style and new style,
|
||||
* so that log watchers that are configured for the old-style message continue
|
||||
* to work.
|
||||
*/
|
||||
#define strconcat(str) \
|
||||
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
|
||||
{\
|
||||
message[plen+i]=str[i];\
|
||||
i++;\
|
||||
}\
|
||||
plen+=i;}
|
||||
|
||||
/* R.Henderson post-gcc-4 style message */
|
||||
plen = 0;
|
||||
strconcat(msg_ssd);
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Dr. Etoh pre-gcc-4 style message */
|
||||
plen = 0;
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_ssa);
|
||||
strconcat(msg_inf);
|
||||
if (func != NULL)
|
||||
strconcat(func)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Direct reports to bugs.gentoo.org */
|
||||
plen=0;
|
||||
strconcat(msg_report);
|
||||
message[plen++]='\0';
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
|
||||
/* Suicide */
|
||||
pid = INLINE_SYSCALL(getpid, 0);
|
||||
|
||||
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
|
||||
static struct sigaction default_abort_act;
|
||||
/* Remove any user-supplied handler for SIGABRT, before using it */
|
||||
default_abort_act.sa_handler = SIG_DFL;
|
||||
default_abort_act.sa_sigaction = NULL;
|
||||
__sigfillset(&default_abort_act.sa_mask);
|
||||
default_abort_act.sa_flags = 0;
|
||||
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
|
||||
}
|
||||
|
||||
/* Note; actions cannot be added to SIGKILL */
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
|
||||
|
||||
/* In case the kill didn't work, exit anyway
|
||||
* The loop prevents gcc thinking this routine returns
|
||||
*/
|
||||
while (1)
|
||||
INLINE_SYSCALL(exit, 0);
|
||||
}
|
||||
|
||||
__attribute__ ((__noreturn__))
|
||||
void __chk_fail(void)
|
||||
{
|
||||
__hardened_gentoo_chk_fail(NULL, 0);
|
||||
}
|
||||
|
322
sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
Normal file
322
sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
Normal file
@ -0,0 +1,322 @@
|
||||
/* Copyright (C) 2005 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
|
||||
* License terms as above.
|
||||
*
|
||||
* Hardened Gentoo SSP handler
|
||||
*
|
||||
* An SSP failure handler that does not use functions from the rest of
|
||||
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
|
||||
* no possibility of recursion into the handler.
|
||||
*
|
||||
* Direct all bug reports to http://bugs.gentoo.org/
|
||||
*
|
||||
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
|
||||
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
|
||||
*
|
||||
* Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org>
|
||||
*
|
||||
* The following people contributed to the glibc-2.3 Hardened
|
||||
* Gentoo SSP handler, from which this implementation draws much:
|
||||
*
|
||||
* Ned Ludd - <solar[@]gentoo.org>
|
||||
* Alexander Gabert - <pappy[@]gentoo.org>
|
||||
* The PaX Team - <pageexec[@]freemail.hu>
|
||||
* Peter S. Mazinger - <ps.m[@]gmx.net>
|
||||
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
|
||||
* Robert Connolly - <robert[@]linuxfromscratch.org>
|
||||
* Cory Visi <cory[@]visi.name>
|
||||
* Mike Frysinger <vapier[@]gentoo.org>
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sysdep-cancel.h>
|
||||
#include <sys/syscall.h>
|
||||
|
||||
#include <kernel-features.h>
|
||||
|
||||
#include <alloca.h>
|
||||
/* from sysdeps */
|
||||
#include <socketcall.h>
|
||||
/* for the stuff in bits/socket.h */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
|
||||
/* Sanity check on SYSCALL macro names - force compilation
|
||||
* failure if the names used here do not exist
|
||||
*/
|
||||
#if !defined __NR_socketcall && !defined __NR_socket
|
||||
# error Cannot do syscall socket or socketcall
|
||||
#endif
|
||||
#if !defined __NR_socketcall && !defined __NR_connect
|
||||
# error Cannot do syscall connect or socketcall
|
||||
#endif
|
||||
#ifndef __NR_write
|
||||
# error Cannot do syscall write
|
||||
#endif
|
||||
#ifndef __NR_close
|
||||
# error Cannot do syscall close
|
||||
#endif
|
||||
#ifndef __NR_getpid
|
||||
# error Cannot do syscall getpid
|
||||
#endif
|
||||
#ifndef __NR_kill
|
||||
# error Cannot do syscall kill
|
||||
#endif
|
||||
#ifndef __NR_exit
|
||||
# error Cannot do syscall exit
|
||||
#endif
|
||||
#ifdef SSP_SMASH_DUMPS_CORE
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
|
||||
# if !defined _KERNEL_NSIG && !defined _NSIG
|
||||
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
|
||||
# endif
|
||||
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
|
||||
# error Cannot do syscall sigaction or rt_sigaction
|
||||
# endif
|
||||
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
|
||||
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
|
||||
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
|
||||
* some reason.
|
||||
*/
|
||||
# ifdef _KERNEL_NSIG
|
||||
# define _SSP_NSIG _KERNEL_NSIG
|
||||
# else
|
||||
# define _SSP_NSIG _NSIG
|
||||
# endif
|
||||
#else
|
||||
# define _SSP_NSIG 0
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
|
||||
#endif
|
||||
|
||||
/* Define DO_SIGACTION - default to newer rt signal interface but
|
||||
* fallback to old as needed.
|
||||
*/
|
||||
#ifdef __NR_rt_sigaction
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
|
||||
#else
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
|
||||
#endif
|
||||
|
||||
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
|
||||
#if defined(__NR_socket) && defined(__NR_connect)
|
||||
# define USE_OLD_SOCKETCALL 0
|
||||
#else
|
||||
# define USE_OLD_SOCKETCALL 1
|
||||
#endif
|
||||
/* stub out the __NR_'s so we can let gcc optimize away dead code */
|
||||
#ifndef __NR_socketcall
|
||||
# define __NR_socketcall 0
|
||||
#endif
|
||||
#ifndef __NR_socket
|
||||
# define __NR_socket 0
|
||||
#endif
|
||||
#ifndef __NR_connect
|
||||
# define __NR_connect 0
|
||||
#endif
|
||||
#define DO_SOCKET(result, domain, type, protocol) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = domain; \
|
||||
socketargs[1] = type; \
|
||||
socketargs[2] = protocol; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
|
||||
} while (0)
|
||||
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = sockfd; \
|
||||
socketargs[1] = (unsigned long int)serv_addr; \
|
||||
socketargs[2] = addrlen; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
|
||||
} while (0)
|
||||
|
||||
#ifndef _PATH_LOG
|
||||
# define _PATH_LOG "/dev/log"
|
||||
#endif
|
||||
|
||||
static const char path_log[] = _PATH_LOG;
|
||||
|
||||
/* For building glibc with SSP switched on, define __progname to a
|
||||
* constant if building for the run-time loader, to avoid pulling
|
||||
* in more of libc.so into ld.so
|
||||
*/
|
||||
#ifdef IS_IN_rtld
|
||||
static char *__progname = "<rtld>";
|
||||
#else
|
||||
extern char *__progname;
|
||||
#endif
|
||||
|
||||
|
||||
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
|
||||
* Inlined to ensure no self-references to the handler within itself.
|
||||
* Data static to avoid putting more than necessary on the stack,
|
||||
* to aid core debugging.
|
||||
*/
|
||||
__attribute__ ((__noreturn__ , __always_inline__))
|
||||
static inline void
|
||||
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
|
||||
{
|
||||
#define MESSAGE_BUFSIZ 256
|
||||
static pid_t pid;
|
||||
static int plen, i;
|
||||
static char message[MESSAGE_BUFSIZ];
|
||||
static const char msg_ssa[] = ": stack smashing attack";
|
||||
static const char msg_inf[] = " in function ";
|
||||
static const char msg_ssd[] = "*** stack smashing detected ***: ";
|
||||
static const char msg_terminated[] = " - terminated\n";
|
||||
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
|
||||
static const char msg_unknown[] = "<unknown>";
|
||||
static int log_socket, connect_result;
|
||||
static struct sockaddr_un sock;
|
||||
static unsigned long int socketargs[4];
|
||||
|
||||
/* Build socket address
|
||||
*/
|
||||
sock.sun_family = AF_UNIX;
|
||||
i = 0;
|
||||
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
|
||||
sock.sun_path[i] = path_log[i];
|
||||
i++;
|
||||
}
|
||||
sock.sun_path[i] = '\0';
|
||||
|
||||
/* Try SOCK_DGRAM connection to syslog */
|
||||
connect_result = -1;
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
if (connect_result == -1) {
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
/* Try SOCK_STREAM connection to syslog */
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
}
|
||||
|
||||
/* Build message. Messages are generated both in the old style and new style,
|
||||
* so that log watchers that are configured for the old-style message continue
|
||||
* to work.
|
||||
*/
|
||||
#define strconcat(str) \
|
||||
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
|
||||
{\
|
||||
message[plen+i]=str[i];\
|
||||
i++;\
|
||||
}\
|
||||
plen+=i;}
|
||||
|
||||
/* R.Henderson post-gcc-4 style message */
|
||||
plen = 0;
|
||||
strconcat(msg_ssd);
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Dr. Etoh pre-gcc-4 style message */
|
||||
plen = 0;
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_ssa);
|
||||
strconcat(msg_inf);
|
||||
if (func != NULL)
|
||||
strconcat(func)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Direct reports to bugs.gentoo.org */
|
||||
plen=0;
|
||||
strconcat(msg_report);
|
||||
message[plen++]='\0';
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
|
||||
/* Suicide */
|
||||
pid = INLINE_SYSCALL(getpid, 0);
|
||||
|
||||
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
|
||||
static struct sigaction default_abort_act;
|
||||
/* Remove any user-supplied handler for SIGABRT, before using it */
|
||||
default_abort_act.sa_handler = SIG_DFL;
|
||||
default_abort_act.sa_sigaction = NULL;
|
||||
__sigfillset(&default_abort_act.sa_mask);
|
||||
default_abort_act.sa_flags = 0;
|
||||
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
|
||||
}
|
||||
|
||||
/* Note; actions cannot be added to SIGKILL */
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
|
||||
|
||||
/* In case the kill didn't work, exit anyway
|
||||
* The loop prevents gcc thinking this routine returns
|
||||
*/
|
||||
while (1)
|
||||
INLINE_SYSCALL(exit, 0);
|
||||
}
|
||||
|
||||
__attribute__ ((__noreturn__))
|
||||
void __stack_chk_fail(void)
|
||||
{
|
||||
__hardened_gentoo_stack_chk_fail(NULL, 0);
|
||||
}
|
||||
|
||||
#ifdef ENABLE_OLD_SSP_COMPAT
|
||||
__attribute__ ((__noreturn__))
|
||||
void __stack_smash_handler(char func[], int damaged)
|
||||
{
|
||||
__hardened_gentoo_stack_chk_fail(func, damaged);
|
||||
}
|
||||
#endif
|
@ -0,0 +1,277 @@
|
||||
When building glibc PIE (which is not something upstream support),
|
||||
several modifications are necessary to the glibc build process.
|
||||
|
||||
First, any syscalls in PIEs must be of the PIC variant, otherwise
|
||||
textrels ensue. Then, any syscalls made before the initialisation
|
||||
of the TLS will fail on i386, as the sysenter variant on i386 uses
|
||||
the TLS, giving rise to a chicken-and-egg situation. This patch
|
||||
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
|
||||
version is normally used, and uses the non-sysenter version for the brk
|
||||
syscall that is performed by the TLS initialisation. Further, the TLS
|
||||
initialisation is moved in this case prior to the initialisation of
|
||||
dl_osversion, as that requires further syscalls.
|
||||
|
||||
csu/libc-start.c: Move initial TLS initialization to before the
|
||||
initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
|
||||
|
||||
csu/libc-tls.c: Use the no-sysenter version of sbrk when
|
||||
INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
|
||||
version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
misc/brk.c: Define a no-sysenter version of brk if
|
||||
INTERNAL_SYSCALL_NOSYSENTER is defined.
|
||||
|
||||
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
|
||||
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
|
||||
|
||||
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
|
||||
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
|
||||
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
|
||||
|
||||
--- csu/libc-start.c
|
||||
+++ csu/libc-start.c
|
||||
@@ -28,6 +28,7 @@
|
||||
extern int __libc_multiple_libcs;
|
||||
|
||||
#include <tls.h>
|
||||
+#include <sysdep.h>
|
||||
#ifndef SHARED
|
||||
# include <dl-osinfo.h>
|
||||
extern void __pthread_initialize_minimal (void);
|
||||
@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char
|
||||
GL(dl_phnum) = __ehdr_start.e_phnum;
|
||||
}
|
||||
}
|
||||
-
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ /* Do the initial TLS initialization before _dl_osversion,
|
||||
+ since the latter uses the uname syscall. */
|
||||
+ __pthread_initialize_minimal ();
|
||||
+# endif
|
||||
# ifdef DL_SYSDEP_OSCHECK
|
||||
if (!__libc_multiple_libcs)
|
||||
{
|
||||
@@ -138,10 +144,12 @@
|
||||
}
|
||||
# endif
|
||||
|
||||
+# ifndef INTERNAL_SYSCALL_NOSYSENTER
|
||||
/* Initialize the thread library at least a bit since the libgcc
|
||||
functions are using thread functions if these are available and
|
||||
we need to setup errno. */
|
||||
__pthread_initialize_minimal ();
|
||||
+# endif
|
||||
|
||||
/* Set up the stack checker's canary. */
|
||||
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
|
||||
--- csu/libc-tls.c
|
||||
+++ csu/libc-tls.c
|
||||
@@ -22,14 +22,17 @@
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/param.h>
|
||||
-
|
||||
+#include <sysdep.h>
|
||||
|
||||
#ifdef SHARED
|
||||
#error makefile bug, this file is for static only
|
||||
#endif
|
||||
|
||||
-dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+extern void *__sbrk_nosysenter (intptr_t __delta);
|
||||
+#endif
|
||||
|
||||
+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
|
||||
|
||||
static struct
|
||||
{
|
||||
@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t
|
||||
|
||||
The initialized value of _dl_tls_static_size is provided by dl-open.c
|
||||
to request some surplus that permits dynamic loading of modules with
|
||||
- IE-model TLS. */
|
||||
+ IE-model TLS.
|
||||
+
|
||||
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
|
||||
+ use the special non-sysenter version instead. */
|
||||
#if TLS_TCB_AT_TP
|
||||
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
|
||||
+# else
|
||||
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
|
||||
+#endif
|
||||
#elif TLS_DTV_AT_TP
|
||||
tcb_offset = roundup (tcbsize, align ?: 1);
|
||||
+# ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
|
||||
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
|
||||
+# else
|
||||
tlsblock = __sbrk (tcb_offset + memsz + max_align
|
||||
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
|
||||
+#endif
|
||||
tlsblock += TLS_PRE_TCB_SIZE;
|
||||
#else
|
||||
/* In case a model with a different layout for the TCB and DTV
|
||||
--- misc/sbrk.c
|
||||
+++ misc/sbrk.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
+#include <sysdep.h>
|
||||
|
||||
/* Defined in brk.c. */
|
||||
extern void *__curbrk;
|
||||
@@ -29,6 +30,35 @@
|
||||
/* Extend the process's data space by INCREMENT.
|
||||
If INCREMENT is negative, shrink data space by - INCREMENT.
|
||||
Return start of new space allocated, or -1 for errors. */
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ Obviously using the TLS before it is initialised is broken. */
|
||||
+extern int __brk_nosysenter (void *addr);
|
||||
+void *
|
||||
+__sbrk_nosysenter (intptr_t increment)
|
||||
+{
|
||||
+ void *oldbrk;
|
||||
+
|
||||
+ /* If this is not part of the dynamic library or the library is used
|
||||
+ via dynamic loading in a statically linked program update
|
||||
+ __curbrk from the kernel's brk value. That way two separate
|
||||
+ instances of __brk and __sbrk can share the heap, returning
|
||||
+ interleaved pieces of it. */
|
||||
+ if (__curbrk == NULL || __libc_multiple_libcs)
|
||||
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ if (increment == 0)
|
||||
+ return __curbrk;
|
||||
+
|
||||
+ oldbrk = __curbrk;
|
||||
+ if (__brk_nosysenter (oldbrk + increment) < 0)
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ return oldbrk;
|
||||
+}
|
||||
+#endif
|
||||
void *
|
||||
__sbrk (intptr_t increment)
|
||||
{
|
||||
--- sysdeps/unix/sysv/linux/i386/brk.c
|
||||
+++ sysdeps/unix/sysv/linux/i386/brk.c
|
||||
@@ -31,6 +31,29 @@
|
||||
linker. */
|
||||
weak_alias (__curbrk, ___brk_addr)
|
||||
|
||||
+#ifdef INTERNAL_SYSCALL_NOSYSENTER
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ * if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ * Obviously using the TLS before it is initialised is broken. */
|
||||
+int
|
||||
+__brk_nosysenter (void *addr)
|
||||
+{
|
||||
+ void * newbrk;
|
||||
+
|
||||
+ INTERNAL_SYSCALL_DECL (err);
|
||||
+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr);
|
||||
+
|
||||
+ __curbrk = newbrk;
|
||||
+
|
||||
+ if (newbrk < addr)
|
||||
+ {
|
||||
+ __set_errno (ENOMEM);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
int
|
||||
__brk (void *addr)
|
||||
{
|
||||
--- sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
+++ sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
@@ -187,7 +187,7 @@
|
||||
/* The original calling convention for system calls on Linux/i386 is
|
||||
to use int $0x80. */
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# if defined SHARED || defined __PIC__
|
||||
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
|
||||
# else
|
||||
# define ENTER_KERNEL call *_dl_sysinfo
|
||||
@@ -358,7 +358,7 @@
|
||||
possible to use more than four parameters. */
|
||||
#undef INTERNAL_SYSCALL
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# if defined SHARED || defined __PIC__
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
register unsigned int resultvar; \
|
||||
@@ -384,6 +384,18 @@
|
||||
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
|
||||
ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
(int) resultvar; })
|
||||
+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
|
||||
+ ({ \
|
||||
+ register unsigned int resultvar; \
|
||||
+ EXTRAVAR_##nr \
|
||||
+ asm volatile ( \
|
||||
+ LOADARGS_NOSYSENTER_##nr \
|
||||
+ "movl %1, %%eax\n\t" \
|
||||
+ "int $0x80\n\t" \
|
||||
+ RESTOREARGS_NOSYSENTER_##nr \
|
||||
+ : "=a" (resultvar) \
|
||||
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
+ (int) resultvar; })
|
||||
# else
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
@@ -447,12 +459,20 @@
|
||||
|
||||
#define LOADARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k3, %k3\n\t"
|
||||
# define LOADARGS_5 \
|
||||
"movl %%ebx, %4\n\t" \
|
||||
"movl %3, %%ebx\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_1 \
|
||||
+ "bpushl .L__X'%k2, %k2\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
|
||||
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_5 \
|
||||
+ "movl %%ebx, %3\n\t" \
|
||||
+ "movl %2, %%ebx\n\t"
|
||||
# else
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k2, %k2\n\t"
|
||||
@@ -474,11 +495,18 @@
|
||||
|
||||
#define RESTOREARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k3, %k3\n\t"
|
||||
# define RESTOREARGS_5 \
|
||||
"movl %4, %%ebx"
|
||||
+# define RESTOREARGS_NOSYSENTER_1 \
|
||||
+ "bpopl .L__X'%k2, %k2\n\t"
|
||||
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
|
||||
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_5 \
|
||||
+ "movl %3, %%ebx"
|
||||
# else
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k2, %k2\n\t"
|
@ -0,0 +1,30 @@
|
||||
Prevent default-fPIE from confusing configure into thinking
|
||||
PIC code is default. This causes glibc to build both PIC and
|
||||
non-PIC code as normal, which on the hardened compiler generates
|
||||
PIC and PIE.
|
||||
|
||||
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
|
||||
Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu>
|
||||
|
||||
--- configure.ac
|
||||
+++ configure.ac
|
||||
@@ -2145,7 +2145,7 @@
|
||||
# error PIC is default.
|
||||
#endif
|
||||
EOF
|
||||
-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
|
||||
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
|
||||
libc_cv_pic_default=no
|
||||
fi
|
||||
rm -f conftest.*])
|
||||
--- configure
|
||||
+++ configure
|
||||
@@ -7698,7 +7698,7 @@
|
||||
# error PIC is default.
|
||||
#endif
|
||||
EOF
|
||||
-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
|
||||
+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
|
||||
libc_cv_pic_default=no
|
||||
fi
|
||||
rm -f conftest.*
|
@ -0,0 +1,32 @@
|
||||
https://bugs.gentoo.org/503838
|
||||
http://gcc.gnu.org/PR60465
|
||||
https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html
|
||||
https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html
|
||||
|
||||
newer versions of gcc generate relocations in the elf_get_dynamic_info func
|
||||
which glibc relies on to populate some info structs. those structs are then
|
||||
used by ldso to process relocations in itself. glibc requires that there are
|
||||
no relocations until that point (*after* elf_get_dynamic_info), so we end up
|
||||
crashing during elf_get_dynamic_info because the relocation has not yet been
|
||||
processed.
|
||||
|
||||
this hack shuffles the code in a way that tricks gcc into not generating the
|
||||
relocation. we need to figure out something better for upstream.
|
||||
|
||||
--- a/elf/get-dynamic-info.h
|
||||
+++ b/elf/get-dynamic-info.h
|
||||
@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
|
||||
info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
|
||||
+ DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn;
|
||||
else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
|
||||
- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
|
||||
- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn;
|
||||
+ {
|
||||
+ d_tag_utype i =
|
||||
+ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
|
||||
+ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM;
|
||||
+ info[i] = dyn;
|
||||
+ }
|
||||
++dyn;
|
||||
}
|
||||
|
299
sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
Normal file
299
sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
Normal file
@ -0,0 +1,299 @@
|
||||
/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
|
||||
Copyright (C) 2006-2014 Gentoo Foundation Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Hardened Gentoo SSP and FORTIFY handler
|
||||
|
||||
A failure handler that does not use functions from the rest of glibc;
|
||||
it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
|
||||
possibility of recursion into the handler.
|
||||
|
||||
Direct all bug reports to http://bugs.gentoo.org/
|
||||
|
||||
People who have contributed significantly to the evolution of this file:
|
||||
Ned Ludd - <solar[@]gentoo.org>
|
||||
Alexander Gabert - <pappy[@]gentoo.org>
|
||||
The PaX Team - <pageexec[@]freemail.hu>
|
||||
Peter S. Mazinger - <ps.m[@]gmx.net>
|
||||
Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
|
||||
Robert Connolly - <robert[@]linuxfromscratch.org>
|
||||
Cory Visi <cory[@]visi.name>
|
||||
Mike Frysinger <vapier[@]gentoo.org>
|
||||
Magnus Granberg <zorry[@]gentoo.org>
|
||||
Kevin F. Quinn - <kevquinn[@]gentoo.org>
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sysdep-cancel.h>
|
||||
#include <sys/syscall.h>
|
||||
|
||||
#include <kernel-features.h>
|
||||
|
||||
#include <alloca.h>
|
||||
/* from sysdeps */
|
||||
#include <socketcall.h>
|
||||
/* for the stuff in bits/socket.h */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
/* Sanity check on SYSCALL macro names - force compilation
|
||||
* failure if the names used here do not exist
|
||||
*/
|
||||
#if !defined __NR_socketcall && !defined __NR_socket
|
||||
# error Cannot do syscall socket or socketcall
|
||||
#endif
|
||||
#if !defined __NR_socketcall && !defined __NR_connect
|
||||
# error Cannot do syscall connect or socketcall
|
||||
#endif
|
||||
#ifndef __NR_write
|
||||
# error Cannot do syscall write
|
||||
#endif
|
||||
#ifndef __NR_close
|
||||
# error Cannot do syscall close
|
||||
#endif
|
||||
#ifndef __NR_getpid
|
||||
# error Cannot do syscall getpid
|
||||
#endif
|
||||
#ifndef __NR_kill
|
||||
# error Cannot do syscall kill
|
||||
#endif
|
||||
#ifndef __NR_exit
|
||||
# error Cannot do syscall exit
|
||||
#endif
|
||||
#ifdef SSP_SMASH_DUMPS_CORE
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
|
||||
# if !defined _KERNEL_NSIG && !defined _NSIG
|
||||
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
|
||||
# endif
|
||||
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
|
||||
# error Cannot do syscall sigaction or rt_sigaction
|
||||
# endif
|
||||
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
|
||||
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
|
||||
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
|
||||
* some reason.
|
||||
*/
|
||||
# ifdef _KERNEL_NSIG
|
||||
# define _SSP_NSIG _KERNEL_NSIG
|
||||
# else
|
||||
# define _SSP_NSIG _NSIG
|
||||
# endif
|
||||
#else
|
||||
# define _SSP_NSIG 0
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
|
||||
#endif
|
||||
|
||||
/* Define DO_SIGACTION - default to newer rt signal interface but
|
||||
* fallback to old as needed.
|
||||
*/
|
||||
#ifdef __NR_rt_sigaction
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
|
||||
#else
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
|
||||
#endif
|
||||
|
||||
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
|
||||
#if defined(__NR_socket) && defined(__NR_connect)
|
||||
# define USE_OLD_SOCKETCALL 0
|
||||
#else
|
||||
# define USE_OLD_SOCKETCALL 1
|
||||
#endif
|
||||
|
||||
/* stub out the __NR_'s so we can let gcc optimize away dead code */
|
||||
#ifndef __NR_socketcall
|
||||
# define __NR_socketcall 0
|
||||
#endif
|
||||
#ifndef __NR_socket
|
||||
# define __NR_socket 0
|
||||
#endif
|
||||
#ifndef __NR_connect
|
||||
# define __NR_connect 0
|
||||
#endif
|
||||
#define DO_SOCKET(result, domain, type, protocol) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = domain; \
|
||||
socketargs[1] = type; \
|
||||
socketargs[2] = protocol; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
|
||||
} while (0)
|
||||
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = sockfd; \
|
||||
socketargs[1] = (unsigned long int)serv_addr; \
|
||||
socketargs[2] = addrlen; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
|
||||
} while (0)
|
||||
|
||||
#ifndef _PATH_LOG
|
||||
# define _PATH_LOG "/dev/log"
|
||||
#endif
|
||||
|
||||
static const char path_log[] = _PATH_LOG;
|
||||
|
||||
/* For building glibc with SSP switched on, define __progname to a
|
||||
* constant if building for the run-time loader, to avoid pulling
|
||||
* in more of libc.so into ld.so
|
||||
*/
|
||||
#ifdef IS_IN_rtld
|
||||
static const char *__progname = "<ldso>";
|
||||
#else
|
||||
extern const char *__progname;
|
||||
#endif
|
||||
|
||||
#ifdef GENTOO_SSP_HANDLER
|
||||
# define ERROR_MSG "stack smashing"
|
||||
#else
|
||||
# define ERROR_MSG "buffer overflow"
|
||||
#endif
|
||||
|
||||
/* Common handler code, used by chk_fail
|
||||
* Inlined to ensure no self-references to the handler within itself.
|
||||
* Data static to avoid putting more than necessary on the stack,
|
||||
* to aid core debugging.
|
||||
*/
|
||||
__attribute__ ((__noreturn__, __always_inline__))
|
||||
static inline void
|
||||
__hardened_gentoo_fail(void)
|
||||
{
|
||||
#define MESSAGE_BUFSIZ 512
|
||||
static pid_t pid;
|
||||
static int plen, i, hlen;
|
||||
static char message[MESSAGE_BUFSIZ];
|
||||
/* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
|
||||
static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
|
||||
static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
|
||||
static const char msg_terminated[] = " terminated; ";
|
||||
static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
|
||||
static const char msg_unknown[] = "<unknown>";
|
||||
static int log_socket, connect_result;
|
||||
static struct sockaddr_un sock;
|
||||
static unsigned long int socketargs[4];
|
||||
|
||||
/* Build socket address */
|
||||
sock.sun_family = AF_UNIX;
|
||||
i = 0;
|
||||
while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
|
||||
sock.sun_path[i] = path_log[i];
|
||||
++i;
|
||||
}
|
||||
sock.sun_path[i] = '\0';
|
||||
|
||||
/* Try SOCK_DGRAM connection to syslog */
|
||||
connect_result = -1;
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
if (connect_result == -1) {
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
/* Try SOCK_STREAM connection to syslog */
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
}
|
||||
|
||||
/* Build message. Messages are generated both in the old style and new style,
|
||||
* so that log watchers that are configured for the old-style message continue
|
||||
* to work.
|
||||
*/
|
||||
#define strconcat(str) \
|
||||
({ \
|
||||
i = 0; \
|
||||
while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
|
||||
message[plen + i] = str[i]; \
|
||||
++i; \
|
||||
} \
|
||||
plen += i; \
|
||||
})
|
||||
|
||||
/* Tersely log the failure */
|
||||
plen = 0;
|
||||
strconcat(msg_header);
|
||||
hlen = plen;
|
||||
strconcat(msg_ssd);
|
||||
if (__progname != NULL)
|
||||
strconcat(__progname);
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
strconcat(msg_report);
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
|
||||
if (connect_result != -1) {
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
}
|
||||
|
||||
/* Time to kill self since we have no idea what is going on */
|
||||
pid = INLINE_SYSCALL(getpid, 0);
|
||||
|
||||
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
|
||||
/* Remove any user-supplied handler for SIGABRT, before using it. */
|
||||
#if 0
|
||||
/*
|
||||
* Note: Disabled because some programs catch & process their
|
||||
* own crashes. We've already enabled this code path which
|
||||
* means we want to let core dumps happen.
|
||||
*/
|
||||
static struct sigaction default_abort_act;
|
||||
default_abort_act.sa_handler = SIG_DFL;
|
||||
default_abort_act.sa_sigaction = NULL;
|
||||
__sigfillset(&default_abort_act.sa_mask);
|
||||
default_abort_act.sa_flags = 0;
|
||||
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
|
||||
#endif
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
|
||||
}
|
||||
|
||||
/* SIGKILL is only signal which cannot be caught */
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
|
||||
|
||||
/* In case the kill didn't work, exit anyway.
|
||||
* The loop prevents gcc thinking this routine returns.
|
||||
*/
|
||||
while (1)
|
||||
INLINE_SYSCALL(exit, 1, 137);
|
||||
}
|
||||
|
||||
__attribute__ ((__noreturn__))
|
||||
#ifdef GENTOO_SSP_HANDLER
|
||||
void __stack_chk_fail(void)
|
||||
#else
|
||||
void __chk_fail(void)
|
||||
#endif
|
||||
{
|
||||
__hardened_gentoo_fail();
|
||||
}
|
@ -0,0 +1,2 @@
|
||||
#define GENTOO_SSP_HANDLER
|
||||
#include <debug/chk_fail.c>
|
@ -0,0 +1,306 @@
|
||||
When building glibc PIE (which is not something upstream support),
|
||||
several modifications are necessary to the glibc build process.
|
||||
|
||||
First, any syscalls in PIEs must be of the PIC variant, otherwise
|
||||
textrels ensue. Then, any syscalls made before the initialisation
|
||||
of the TLS will fail on i386, as the sysenter variant on i386 uses
|
||||
the TLS, giving rise to a chicken-and-egg situation. This patch
|
||||
defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
|
||||
version is normally used, and uses the non-sysenter version for the brk
|
||||
syscall that is performed by the TLS initialisation. Further, the TLS
|
||||
initialisation is moved in this case prior to the initialisation of
|
||||
dl_osversion, as that requires further syscalls.
|
||||
|
||||
csu/libc-start.c: Move initial TLS initialization to before the
|
||||
initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
|
||||
|
||||
csu/libc-tls.c: Use the no-sysenter version of sbrk when
|
||||
INTERNAL_SYSCALL_PRE_TLS is defined.
|
||||
|
||||
misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
|
||||
version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
|
||||
|
||||
misc/brk.c: Define a no-sysenter version of brk if
|
||||
INTERNAL_SYSCALL_PRE_TLS is defined.
|
||||
|
||||
sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
|
||||
Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
|
||||
|
||||
Patch by Kevin F. Quinn <kevquinn@gentoo.org>
|
||||
Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
|
||||
Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
|
||||
Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
|
||||
|
||||
--- a/csu/libc-start.c
|
||||
+++ b/csu/libc-start.c
|
||||
@@ -28,6 +28,7 @@
|
||||
extern int __libc_multiple_libcs;
|
||||
|
||||
#include <tls.h>
|
||||
+#include <sysdep.h>
|
||||
#ifndef SHARED
|
||||
# include <dl-osinfo.h>
|
||||
extern void __pthread_initialize_minimal (void);
|
||||
@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
|
||||
}
|
||||
}
|
||||
|
||||
+# ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+ /* Do the initial TLS initialization before _dl_osversion,
|
||||
+ since the latter uses the uname syscall. */
|
||||
+ __pthread_initialize_minimal ();
|
||||
+# endif
|
||||
# ifdef DL_SYSDEP_OSCHECK
|
||||
if (!__libc_multiple_libcs)
|
||||
{
|
||||
@@ -138,10 +144,12 @@
|
||||
}
|
||||
# endif
|
||||
|
||||
+# ifndef INTERNAL_SYSCALL_PRE_TLS
|
||||
/* Initialize the thread library at least a bit since the libgcc
|
||||
functions are using thread functions if these are available and
|
||||
we need to setup errno. */
|
||||
__pthread_initialize_minimal ();
|
||||
+# endif
|
||||
|
||||
/* Set up the stack checker's canary. */
|
||||
uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
|
||||
--- a/csu/libc-tls.c
|
||||
+++ b/csu/libc-tls.c
|
||||
@@ -22,12 +22,17 @@
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <sys/param.h>
|
||||
+#include <sysdep.h>
|
||||
|
||||
|
||||
#ifdef SHARED
|
||||
#error makefile bug, this file is for static only
|
||||
#endif
|
||||
|
||||
+#ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+extern void *__sbrk_nosysenter (intptr_t __delta);
|
||||
+#endif
|
||||
+
|
||||
dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
|
||||
|
||||
|
||||
@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
|
||||
|
||||
The initialized value of _dl_tls_static_size is provided by dl-open.c
|
||||
to request some surplus that permits dynamic loading of modules with
|
||||
- IE-model TLS. */
|
||||
+ IE-model TLS.
|
||||
+
|
||||
+ Where the normal sbrk would use a syscall that needs the TLS (i386)
|
||||
+ use the special non-sysenter version instead. */
|
||||
+#ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+# define __sbrk __sbrk_nosysenter
|
||||
+#endif
|
||||
#if TLS_TCB_AT_TP
|
||||
tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
|
||||
tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
|
||||
#elif TLS_DTV_AT_TP
|
||||
tcb_offset = roundup (tcbsize, align ?: 1);
|
||||
tlsblock = __sbrk (tcb_offset + memsz + max_align
|
||||
+ TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
|
||||
tlsblock += TLS_PRE_TCB_SIZE;
|
||||
#else
|
||||
/* In case a model with a different layout for the TCB and DTV
|
||||
is defined add another #elif here and in the following #ifs. */
|
||||
# error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
|
||||
#endif
|
||||
+#ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+# undef __sbrk
|
||||
+#endif
|
||||
|
||||
/* Align the TLS block. */
|
||||
tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
|
||||
--- a/misc/sbrk.c
|
||||
+++ b/misc/sbrk.c
|
||||
@@ -18,6 +18,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdint.h>
|
||||
#include <unistd.h>
|
||||
+#include <sysdep.h>
|
||||
|
||||
/* Defined in brk.c. */
|
||||
extern void *__curbrk;
|
||||
@@ -29,6 +30,35 @@
|
||||
/* Extend the process's data space by INCREMENT.
|
||||
If INCREMENT is negative, shrink data space by - INCREMENT.
|
||||
Return start of new space allocated, or -1 for errors. */
|
||||
+#ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ Obviously using the TLS before it is initialised is broken. */
|
||||
+extern int __brk_nosysenter (void *addr);
|
||||
+void *
|
||||
+__sbrk_nosysenter (intptr_t increment)
|
||||
+{
|
||||
+ void *oldbrk;
|
||||
+
|
||||
+ /* If this is not part of the dynamic library or the library is used via
|
||||
+ dynamic loading in a statically linked program update __curbrk from the
|
||||
+ kernel's brk value. That way two separate instances of __brk and __sbrk
|
||||
+ can share the heap, returning interleaved pieces of it. */
|
||||
+ if (__curbrk == NULL || __libc_multiple_libcs)
|
||||
+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ if (increment == 0)
|
||||
+ return __curbrk;
|
||||
+
|
||||
+ oldbrk = __curbrk;
|
||||
+ if (__brk_nosysenter (oldbrk + increment) < 0)
|
||||
+ return (void *) -1;
|
||||
+
|
||||
+ return oldbrk;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
void *
|
||||
__sbrk (intptr_t increment)
|
||||
{
|
||||
--- a/sysdeps/unix/sysv/linux/i386/brk.c
|
||||
+++ b/sysdeps/unix/sysv/linux/i386/brk.c
|
||||
@@ -31,6 +31,30 @@
|
||||
linker. */
|
||||
weak_alias (__curbrk, ___brk_addr)
|
||||
|
||||
+#ifdef INTERNAL_SYSCALL_PRE_TLS
|
||||
+/* This version is used by csu/libc-tls.c whem initialising the TLS
|
||||
+ if the SYSENTER version requires the TLS (which it does on i386).
|
||||
+ Obviously using the TLS before it is initialised is broken. */
|
||||
+int
|
||||
+__brk_nosysenter (void *addr)
|
||||
+{
|
||||
+ void *newbrk;
|
||||
+
|
||||
+ INTERNAL_SYSCALL_DECL (err);
|
||||
+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
|
||||
+
|
||||
+ __curbrk = newbrk;
|
||||
+
|
||||
+ if (newbrk < addr)
|
||||
+ {
|
||||
+ __set_errno (ENOMEM);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
int
|
||||
__brk (void *addr)
|
||||
{
|
||||
--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
|
||||
@@ -187,7 +187,7 @@
|
||||
/* The original calling convention for system calls on Linux/i386 is
|
||||
to use int $0x80. */
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# ifdef __PIC__
|
||||
# define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
|
||||
# else
|
||||
# define ENTER_KERNEL call *_dl_sysinfo
|
||||
@@ -358,7 +358,7 @@
|
||||
possible to use more than four parameters. */
|
||||
#undef INTERNAL_SYSCALL
|
||||
#ifdef I386_USE_SYSENTER
|
||||
-# ifdef SHARED
|
||||
+# ifdef __PIC__
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
register unsigned int resultvar; \
|
||||
@@ -384,6 +384,18 @@
|
||||
: "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
|
||||
ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
(int) resultvar; })
|
||||
+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
|
||||
+ ({ \
|
||||
+ register unsigned int resultvar; \
|
||||
+ EXTRAVAR_##nr \
|
||||
+ asm volatile ( \
|
||||
+ LOADARGS_NOSYSENTER_##nr \
|
||||
+ "movl %1, %%eax\n\t" \
|
||||
+ "int $0x80\n\t" \
|
||||
+ RESTOREARGS_NOSYSENTER_##nr \
|
||||
+ : "=a" (resultvar) \
|
||||
+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
|
||||
+ (int) resultvar; })
|
||||
# else
|
||||
# define INTERNAL_SYSCALL(name, err, nr, args...) \
|
||||
({ \
|
||||
@@ -447,12 +459,20 @@
|
||||
|
||||
#define LOADARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && defined __PIC__
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k3, %k3\n\t"
|
||||
# define LOADARGS_5 \
|
||||
"movl %%ebx, %4\n\t" \
|
||||
"movl %3, %%ebx\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_1 \
|
||||
+ "bpushl .L__X'%k2, %k2\n\t"
|
||||
+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
|
||||
+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
|
||||
+# define LOADARGS_NOSYSENTER_5 \
|
||||
+ "movl %%ebx, %3\n\t" \
|
||||
+ "movl %2, %%ebx\n\t"
|
||||
# else
|
||||
# define LOADARGS_1 \
|
||||
"bpushl .L__X'%k2, %k2\n\t"
|
||||
@@ -474,11 +494,18 @@
|
||||
|
||||
#define RESTOREARGS_0
|
||||
#ifdef __PIC__
|
||||
-# if defined I386_USE_SYSENTER && defined SHARED
|
||||
+# if defined I386_USE_SYSENTER && defined __PIC__
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k3, %k3\n\t"
|
||||
# define RESTOREARGS_5 \
|
||||
"movl %4, %%ebx"
|
||||
+# define RESTOREARGS_NOSYSENTER_1 \
|
||||
+ "bpopl .L__X'%k2, %k2\n\t"
|
||||
+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
|
||||
+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
|
||||
+# define RESTOREARGS_NOSYSENTER_5 \
|
||||
+ "movl %3, %%ebx"
|
||||
# else
|
||||
# define RESTOREARGS_1 \
|
||||
"bpopl .L__X'%k2, %k2\n\t"
|
||||
--- a/sysdeps/i386/nptl/tls.h
|
||||
+++ b/sysdeps/i386/nptl/tls.h
|
||||
@@ -189,6 +189,15 @@
|
||||
desc->vals[3] = 0x51;
|
||||
}
|
||||
|
||||
+/* We have no sysenter until the tls is initialized which is a
|
||||
+ problem for PIC. Thus we need to do the right call depending
|
||||
+ on the situation. */
|
||||
+#ifndef INTERNAL_SYSCALL_PRE_TLS
|
||||
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
|
||||
+#else
|
||||
+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
|
||||
+#endif
|
||||
+
|
||||
/* Code to initially initialize the thread pointer. This might need
|
||||
special attention since 'errno' is not yet available and if the
|
||||
operation can cause a failure 'errno' must not be touched. */
|
||||
@@ -209,7 +218,7 @@
|
||||
\
|
||||
/* Install the TLS. */ \
|
||||
INTERNAL_SYSCALL_DECL (err); \
|
||||
- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
|
||||
+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
|
||||
\
|
||||
if (_result == 0) \
|
||||
/* We know the index in the GDT, now load the segment register. \
|
321
sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c
Normal file
321
sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c
Normal file
@ -0,0 +1,321 @@
|
||||
/* Copyright (C) 2005 Free Software Foundation, Inc.
|
||||
This file is part of the GNU C Library.
|
||||
|
||||
The GNU C Library is free software; you can redistribute it and/or
|
||||
modify it under the terms of the GNU Lesser General Public
|
||||
License as published by the Free Software Foundation; either
|
||||
version 2.1 of the License, or (at your option) any later version.
|
||||
|
||||
The GNU C Library is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
Lesser General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Lesser General Public
|
||||
License along with the GNU C Library; if not, write to the Free
|
||||
Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
|
||||
02111-1307 USA. */
|
||||
|
||||
/* Copyright (C) 2006-2007 Gentoo Foundation Inc.
|
||||
* License terms as above.
|
||||
*
|
||||
* Hardened Gentoo SSP handler
|
||||
*
|
||||
* An SSP failure handler that does not use functions from the rest of
|
||||
* glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
|
||||
* no possibility of recursion into the handler.
|
||||
*
|
||||
* Direct all bug reports to http://bugs.gentoo.org/
|
||||
*
|
||||
* Re-written from the glibc-2.3 Hardened Gentoo SSP handler
|
||||
* by Kevin F. Quinn - <kevquinn[@]gentoo.org>
|
||||
*
|
||||
* The following people contributed to the glibc-2.3 Hardened
|
||||
* Gentoo SSP handler, from which this implementation draws much:
|
||||
*
|
||||
* Ned Ludd - <solar[@]gentoo.org>
|
||||
* Alexander Gabert - <pappy[@]gentoo.org>
|
||||
* The PaX Team - <pageexec[@]freemail.hu>
|
||||
* Peter S. Mazinger - <ps.m[@]gmx.net>
|
||||
* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
|
||||
* Robert Connolly - <robert[@]linuxfromscratch.org>
|
||||
* Cory Visi <cory[@]visi.name>
|
||||
* Mike Frysinger <vapier[@]gentoo.org>
|
||||
*/
|
||||
|
||||
#include <errno.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
#include <signal.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
|
||||
#include <sysdep-cancel.h>
|
||||
#include <sys/syscall.h>
|
||||
#include <bp-checks.h>
|
||||
|
||||
#include <kernel-features.h>
|
||||
|
||||
#include <alloca.h>
|
||||
/* from sysdeps */
|
||||
#include <socketcall.h>
|
||||
/* for the stuff in bits/socket.h */
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
|
||||
|
||||
/* Sanity check on SYSCALL macro names - force compilation
|
||||
* failure if the names used here do not exist
|
||||
*/
|
||||
#if !defined __NR_socketcall && !defined __NR_socket
|
||||
# error Cannot do syscall socket or socketcall
|
||||
#endif
|
||||
#if !defined __NR_socketcall && !defined __NR_connect
|
||||
# error Cannot do syscall connect or socketcall
|
||||
#endif
|
||||
#ifndef __NR_write
|
||||
# error Cannot do syscall write
|
||||
#endif
|
||||
#ifndef __NR_close
|
||||
# error Cannot do syscall close
|
||||
#endif
|
||||
#ifndef __NR_getpid
|
||||
# error Cannot do syscall getpid
|
||||
#endif
|
||||
#ifndef __NR_kill
|
||||
# error Cannot do syscall kill
|
||||
#endif
|
||||
#ifndef __NR_exit
|
||||
# error Cannot do syscall exit
|
||||
#endif
|
||||
#ifdef SSP_SMASH_DUMPS_CORE
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 1
|
||||
# if !defined _KERNEL_NSIG && !defined _NSIG
|
||||
# error No _NSIG or _KERNEL_NSIG for rt_sigaction
|
||||
# endif
|
||||
# if !defined __NR_sigaction && !defined __NR_rt_sigaction
|
||||
# error Cannot do syscall sigaction or rt_sigaction
|
||||
# endif
|
||||
/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
|
||||
* of the _kernel_ sigset_t which is not the same as the user sigset_t.
|
||||
* Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
|
||||
* some reason.
|
||||
*/
|
||||
# ifdef _KERNEL_NSIG
|
||||
# define _SSP_NSIG _KERNEL_NSIG
|
||||
# else
|
||||
# define _SSP_NSIG _NSIG
|
||||
# endif
|
||||
#else
|
||||
# define _SSP_NSIG 0
|
||||
# define ENABLE_SSP_SMASH_DUMPS_CORE 0
|
||||
#endif
|
||||
|
||||
/* Define DO_SIGACTION - default to newer rt signal interface but
|
||||
* fallback to old as needed.
|
||||
*/
|
||||
#ifdef __NR_rt_sigaction
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
|
||||
#else
|
||||
# define DO_SIGACTION(signum, act, oldact) \
|
||||
INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
|
||||
#endif
|
||||
|
||||
/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
|
||||
#if defined(__NR_socket) && defined(__NR_connect)
|
||||
# define USE_OLD_SOCKETCALL 0
|
||||
#else
|
||||
# define USE_OLD_SOCKETCALL 1
|
||||
#endif
|
||||
/* stub out the __NR_'s so we can let gcc optimize away dead code */
|
||||
#ifndef __NR_socketcall
|
||||
# define __NR_socketcall 0
|
||||
#endif
|
||||
#ifndef __NR_socket
|
||||
# define __NR_socket 0
|
||||
#endif
|
||||
#ifndef __NR_connect
|
||||
# define __NR_connect 0
|
||||
#endif
|
||||
#define DO_SOCKET(result, domain, type, protocol) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = domain; \
|
||||
socketargs[1] = type; \
|
||||
socketargs[2] = protocol; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
|
||||
} while (0)
|
||||
#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
|
||||
do { \
|
||||
if (USE_OLD_SOCKETCALL) { \
|
||||
socketargs[0] = sockfd; \
|
||||
socketargs[1] = (unsigned long int)serv_addr; \
|
||||
socketargs[2] = addrlen; \
|
||||
socketargs[3] = 0; \
|
||||
result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
|
||||
} else \
|
||||
result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
|
||||
} while (0)
|
||||
|
||||
#ifndef _PATH_LOG
|
||||
# define _PATH_LOG "/dev/log"
|
||||
#endif
|
||||
|
||||
static const char path_log[] = _PATH_LOG;
|
||||
|
||||
/* For building glibc with SSP switched on, define __progname to a
|
||||
* constant if building for the run-time loader, to avoid pulling
|
||||
* in more of libc.so into ld.so
|
||||
*/
|
||||
#ifdef IS_IN_rtld
|
||||
static char *__progname = "<rtld>";
|
||||
#else
|
||||
extern char *__progname;
|
||||
#endif
|
||||
|
||||
|
||||
/* Common handler code, used by stack_chk_fail and __stack_smash_handler
|
||||
* Inlined to ensure no self-references to the handler within itself.
|
||||
* Data static to avoid putting more than necessary on the stack,
|
||||
* to aid core debugging.
|
||||
*/
|
||||
__attribute__ ((__noreturn__ , __always_inline__))
|
||||
static inline void
|
||||
__hardened_gentoo_stack_chk_fail(char func[], int damaged)
|
||||
{
|
||||
#define MESSAGE_BUFSIZ 256
|
||||
static pid_t pid;
|
||||
static int plen, i;
|
||||
static char message[MESSAGE_BUFSIZ];
|
||||
static const char msg_ssa[] = ": stack smashing attack";
|
||||
static const char msg_inf[] = " in function ";
|
||||
static const char msg_ssd[] = "*** stack smashing detected ***: ";
|
||||
static const char msg_terminated[] = " - terminated\n";
|
||||
static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
|
||||
static const char msg_unknown[] = "<unknown>";
|
||||
static int log_socket, connect_result;
|
||||
static struct sockaddr_un sock;
|
||||
static unsigned long int socketargs[4];
|
||||
|
||||
/* Build socket address
|
||||
*/
|
||||
sock.sun_family = AF_UNIX;
|
||||
i = 0;
|
||||
while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
|
||||
sock.sun_path[i] = path_log[i];
|
||||
i++;
|
||||
}
|
||||
sock.sun_path[i] = '\0';
|
||||
|
||||
/* Try SOCK_DGRAM connection to syslog */
|
||||
connect_result = -1;
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
if (connect_result == -1) {
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
/* Try SOCK_STREAM connection to syslog */
|
||||
DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
|
||||
if (log_socket != -1)
|
||||
DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
|
||||
}
|
||||
|
||||
/* Build message. Messages are generated both in the old style and new style,
|
||||
* so that log watchers that are configured for the old-style message continue
|
||||
* to work.
|
||||
*/
|
||||
#define strconcat(str) \
|
||||
{i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
|
||||
{\
|
||||
message[plen+i]=str[i];\
|
||||
i++;\
|
||||
}\
|
||||
plen+=i;}
|
||||
|
||||
/* R.Henderson post-gcc-4 style message */
|
||||
plen = 0;
|
||||
strconcat(msg_ssd);
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Dr. Etoh pre-gcc-4 style message */
|
||||
plen = 0;
|
||||
if (__progname != (char *)0)
|
||||
strconcat(__progname)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_ssa);
|
||||
strconcat(msg_inf);
|
||||
if (func != NULL)
|
||||
strconcat(func)
|
||||
else
|
||||
strconcat(msg_unknown);
|
||||
strconcat(msg_terminated);
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
/* Direct reports to bugs.gentoo.org */
|
||||
plen=0;
|
||||
strconcat(msg_report);
|
||||
message[plen++]='\0';
|
||||
|
||||
/* Write out error message to STDERR, to syslog if open */
|
||||
INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
|
||||
if (connect_result != -1)
|
||||
INLINE_SYSCALL(write, 3, log_socket, message, plen);
|
||||
|
||||
if (log_socket != -1)
|
||||
INLINE_SYSCALL(close, 1, log_socket);
|
||||
|
||||
/* Suicide */
|
||||
pid = INLINE_SYSCALL(getpid, 0);
|
||||
|
||||
if (ENABLE_SSP_SMASH_DUMPS_CORE) {
|
||||
static struct sigaction default_abort_act;
|
||||
/* Remove any user-supplied handler for SIGABRT, before using it */
|
||||
default_abort_act.sa_handler = SIG_DFL;
|
||||
default_abort_act.sa_sigaction = NULL;
|
||||
__sigfillset(&default_abort_act.sa_mask);
|
||||
default_abort_act.sa_flags = 0;
|
||||
if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGABRT);
|
||||
}
|
||||
|
||||
/* Note; actions cannot be added to SIGKILL */
|
||||
INLINE_SYSCALL(kill, 2, pid, SIGKILL);
|
||||
|
||||
/* In case the kill didn't work, exit anyway
|
||||
* The loop prevents gcc thinking this routine returns
|
||||
*/
|
||||
while (1)
|
||||
INLINE_SYSCALL(exit, 0);
|
||||
}
|
||||
|
||||
__attribute__ ((__noreturn__))
|
||||
void __stack_chk_fail(void)
|
||||
{
|
||||
__hardened_gentoo_stack_chk_fail(NULL, 0);
|
||||
}
|
||||
|
||||
#ifdef ENABLE_OLD_SSP_COMPAT
|
||||
__attribute__ ((__noreturn__))
|
||||
void __stack_smash_handler(char func[], int damaged)
|
||||
{
|
||||
__hardened_gentoo_stack_chk_fail(func, damaged);
|
||||
}
|
||||
#endif
|
381
sys-libs/glibc/files/eblits/common.eblit
Normal file
381
sys-libs/glibc/files/eblits/common.eblit
Normal file
@ -0,0 +1,381 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
alt_prefix() {
|
||||
is_crosscompile && echo /usr/${CTARGET}
|
||||
}
|
||||
|
||||
if [[ ${EAPI:-0} == [012] ]] ; then
|
||||
: ${ED:=${D}}
|
||||
: ${EROOT:=${ROOT}}
|
||||
fi
|
||||
# This indirection is for binpkgs. #523332
|
||||
_nonfatal() { nonfatal "$@" ; }
|
||||
if [[ ${EAPI:-0} == [0123] ]] ; then
|
||||
nonfatal() { "$@" ; }
|
||||
_nonfatal() { "$@" ; }
|
||||
fi
|
||||
|
||||
# We need to be able to set alternative headers for
|
||||
# compiling for non-native platform
|
||||
# Will also become useful for testing kernel-headers without screwing up
|
||||
# the whole system.
|
||||
# note: intentionally undocumented.
|
||||
alt_headers() {
|
||||
echo ${ALT_HEADERS:=$(alt_prefix)/usr/include}
|
||||
}
|
||||
alt_build_headers() {
|
||||
if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
|
||||
ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)"
|
||||
if tc-is-cross-compiler ; then
|
||||
ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers)
|
||||
if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then
|
||||
local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h')
|
||||
ALT_BUILD_HEADERS=${header_path%/linux/version.h}
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo "${ALT_BUILD_HEADERS}"
|
||||
}
|
||||
|
||||
alt_libdir() {
|
||||
echo $(alt_prefix)/$(get_libdir)
|
||||
}
|
||||
alt_usrlibdir() {
|
||||
echo $(alt_prefix)/usr/$(get_libdir)
|
||||
}
|
||||
|
||||
builddir() {
|
||||
echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1"
|
||||
}
|
||||
|
||||
setup_target_flags() {
|
||||
# This largely mucks with compiler flags. None of which should matter
|
||||
# when building up just the headers.
|
||||
just_headers && return 0
|
||||
|
||||
case $(tc-arch) in
|
||||
x86)
|
||||
# -march needed for #185404 #199334
|
||||
# TODO: When creating the first glibc cross-compile, this test will
|
||||
# always fail as it does a full link which in turn requires glibc.
|
||||
# Probably also applies when changing multilib profile settings (e.g.
|
||||
# enabling x86 when the profile was amd64-only previously).
|
||||
# We could change main to _start and pass -nostdlib here so that we
|
||||
# only test the gcc code compilation. Or we could do a compile and
|
||||
# then look for the symbol via scanelf.
|
||||
if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
|
||||
local t=${CTARGET_OPT:-${CTARGET}}
|
||||
t=${t%%-*}
|
||||
filter-flags '-march=*'
|
||||
export CFLAGS="-march=${t} ${CFLAGS}"
|
||||
einfo "Auto adding -march=${t} to CFLAGS #185404"
|
||||
fi
|
||||
;;
|
||||
amd64)
|
||||
# -march needed for #185404 #199334
|
||||
# Note: This test only matters when the x86 ABI is enabled, so we could
|
||||
# optimize a bit and elide it.
|
||||
# TODO: See cross-compile issues listed above for x86.
|
||||
if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
|
||||
local t=${CTARGET_OPT:-${CTARGET}}
|
||||
t=${t%%-*}
|
||||
# Normally the target is x86_64-xxx, so turn that into the -march that
|
||||
# gcc actually accepts. #528708
|
||||
[[ ${t} == "x86_64" ]] && t="x86-64"
|
||||
filter-flags '-march=*'
|
||||
# ugly, ugly, ugly. ugly.
|
||||
CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}")
|
||||
export CFLAGS_x86="${CFLAGS_x86} -march=${t}"
|
||||
einfo "Auto adding -march=${t} to CFLAGS_x86 #185404"
|
||||
fi
|
||||
;;
|
||||
mips)
|
||||
# The mips abi cannot support the GNU style hashes. #233233
|
||||
filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both
|
||||
;;
|
||||
ppc)
|
||||
append-flags "-freorder-blocks"
|
||||
;;
|
||||
sparc)
|
||||
# Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though.
|
||||
filter-flags "-fcall-used-g7"
|
||||
append-flags "-fcall-used-g6"
|
||||
|
||||
# If the CHOST is the basic one (e.g. not sparcv9-xxx already),
|
||||
# try to pick a better one so glibc can use cpu-specific .S files.
|
||||
# We key off the CFLAGS to get a good value. Also need to handle
|
||||
# version skew.
|
||||
# We can't force users to set their CHOST to their exact machine
|
||||
# as many of these are not recognized by config.sub/gcc and such :(.
|
||||
# Note: If the mcpu values don't scale, we might try probing CPP defines.
|
||||
# Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ?
|
||||
|
||||
local cpu
|
||||
case ${CTARGET} in
|
||||
sparc64-*)
|
||||
case $(get-flag mcpu) in
|
||||
niagara[234])
|
||||
if version_is_at_least 2.8 ; then
|
||||
cpu="sparc64v2"
|
||||
elif version_is_at_least 2.4 ; then
|
||||
cpu="sparc64v"
|
||||
elif version_is_at_least 2.2.3 ; then
|
||||
cpu="sparc64b"
|
||||
fi
|
||||
;;
|
||||
niagara)
|
||||
if version_is_at_least 2.4 ; then
|
||||
cpu="sparc64v"
|
||||
elif version_is_at_least 2.2.3 ; then
|
||||
cpu="sparc64b"
|
||||
fi
|
||||
;;
|
||||
ultrasparc3)
|
||||
cpu="sparc64b"
|
||||
;;
|
||||
*)
|
||||
# We need to force at least v9a because the base build doesn't
|
||||
# work with just v9.
|
||||
# https://sourceware.org/bugzilla/show_bug.cgi?id=19477
|
||||
[[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
sparc-*)
|
||||
case $(get-flag mcpu) in
|
||||
niagara[234])
|
||||
if version_is_at_least 2.8 ; then
|
||||
cpu="sparcv9v2"
|
||||
elif version_is_at_least 2.4 ; then
|
||||
cpu="sparcv9v"
|
||||
elif version_is_at_least 2.2.3 ; then
|
||||
cpu="sparcv9b"
|
||||
else
|
||||
cpu="sparcv9"
|
||||
fi
|
||||
;;
|
||||
niagara)
|
||||
if version_is_at_least 2.4 ; then
|
||||
cpu="sparcv9v"
|
||||
elif version_is_at_least 2.2.3 ; then
|
||||
cpu="sparcv9b"
|
||||
else
|
||||
cpu="sparcv9"
|
||||
fi
|
||||
;;
|
||||
ultrasparc3)
|
||||
cpu="sparcv9b"
|
||||
;;
|
||||
v9|ultrasparc)
|
||||
cpu="sparcv9"
|
||||
;;
|
||||
v8|supersparc|hypersparc|leon|leon3)
|
||||
cpu="sparcv8"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
esac
|
||||
[[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
setup_flags() {
|
||||
# Make sure host make.conf doesn't pollute us
|
||||
if is_crosscompile || tc-is-cross-compiler ; then
|
||||
CHOST=${CTARGET} strip-unsupported-flags
|
||||
fi
|
||||
|
||||
# Store our CFLAGS because it's changed depending on which CTARGET
|
||||
# we are building when pulling glibc on a multilib profile
|
||||
CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
|
||||
CFLAGS=${CFLAGS_BASE}
|
||||
CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
|
||||
CXXFLAGS=${CXXFLAGS_BASE}
|
||||
ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
|
||||
ASFLAGS=${ASFLAGS_BASE}
|
||||
|
||||
# Over-zealous CFLAGS can often cause problems. What may work for one
|
||||
# person may not work for another. To avoid a large influx of bugs
|
||||
# relating to failed builds, we strip most CFLAGS out to ensure as few
|
||||
# problems as possible.
|
||||
strip-flags
|
||||
strip-unsupported-flags
|
||||
filter-flags -m32 -m64 -mabi=*
|
||||
|
||||
# Bug 492892.
|
||||
filter-flags -frecord-gcc-switches
|
||||
|
||||
unset CBUILD_OPT CTARGET_OPT
|
||||
if use multilib ; then
|
||||
CTARGET_OPT=$(get_abi_CTARGET)
|
||||
[[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
|
||||
fi
|
||||
|
||||
setup_target_flags
|
||||
|
||||
if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
|
||||
CBUILD_OPT=${CTARGET_OPT}
|
||||
fi
|
||||
|
||||
# Lock glibc at -O2 -- linuxthreads needs it and we want to be
|
||||
# conservative here. -fno-strict-aliasing is to work around #155906
|
||||
filter-flags -O?
|
||||
append-flags -O2 -fno-strict-aliasing -fno-builtin-strlen
|
||||
|
||||
# Can't build glibc itself with fortify code. Newer versions add
|
||||
# this flag for us, so no need to do it manually.
|
||||
version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
|
||||
|
||||
# building glibc with SSP is fraught with difficulty, especially
|
||||
# due to __stack_chk_fail_local which would mean significant changes
|
||||
# to the glibc build process. See bug #94325 #293721
|
||||
# Note we have to handle both user-given CFLAGS and gcc defaults via
|
||||
# spec rules here. We can't simply add -fno-stack-protector as it gets
|
||||
# added before user flags, and we can't just filter-flags because
|
||||
# _filter_hardened doesn't support globs.
|
||||
filter-flags -fstack-protector*
|
||||
gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
|
||||
|
||||
if use hardened && gcc-specs-pie ; then
|
||||
# Force PIC macro definition for all compilations since they're all
|
||||
# either -fPIC or -fPIE with the default-PIE compiler.
|
||||
append-cppflags -DPIC
|
||||
else
|
||||
# Don't build -fPIE without the default-PIE compiler and the
|
||||
# hardened-pie patch
|
||||
filter-flags -fPIE
|
||||
fi
|
||||
}
|
||||
|
||||
want_nptl() {
|
||||
[[ -z ${LT_VER} ]] && return 0
|
||||
want_tls || return 1
|
||||
use nptl || return 1
|
||||
|
||||
# Older versions of glibc had incomplete arch support for nptl.
|
||||
# But if you're building those now, you can handle USE=nptl yourself.
|
||||
return 0
|
||||
}
|
||||
|
||||
want_linuxthreads() {
|
||||
[[ -z ${LT_VER} ]] && return 1
|
||||
use linuxthreads
|
||||
}
|
||||
|
||||
want_tls() {
|
||||
# Archs that can use TLS (Thread Local Storage)
|
||||
case $(tc-arch) in
|
||||
x86)
|
||||
# requires i486 or better #106556
|
||||
[[ ${CTARGET} == i[4567]86* ]] && return 0
|
||||
return 1
|
||||
;;
|
||||
esac
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
want__thread() {
|
||||
want_tls || return 1
|
||||
|
||||
# For some reason --with-tls --with__thread is causing segfaults on sparc32.
|
||||
[[ ${PROFILE_ARCH} == "sparc" ]] && return 1
|
||||
|
||||
[[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
|
||||
|
||||
# only test gcc -- cant test linking yet
|
||||
tc-has-tls -c ${CTARGET}
|
||||
WANT__THREAD=$?
|
||||
|
||||
return ${WANT__THREAD}
|
||||
}
|
||||
|
||||
use_multiarch() {
|
||||
# Make sure binutils is new enough to support indirect functions #336792
|
||||
# This funky sed supports gold and bfd linkers.
|
||||
local bver nver
|
||||
bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}')
|
||||
case $(tc-arch ${CTARGET}) in
|
||||
amd64|x86) nver="2.20" ;;
|
||||
arm) nver="2.22" ;;
|
||||
hppa) nver="2.23" ;;
|
||||
ppc|ppc64) nver="2.20" ;;
|
||||
# ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24.
|
||||
s390) nver="2.24" ;;
|
||||
sparc) nver="2.21" ;;
|
||||
*) return 1 ;;
|
||||
esac
|
||||
version_is_at_least ${nver} ${bver}
|
||||
}
|
||||
|
||||
# Setup toolchain variables that had historically
|
||||
# been defined in the profiles for these archs.
|
||||
setup_env() {
|
||||
# silly users
|
||||
unset LD_RUN_PATH
|
||||
unset LD_ASSUME_KERNEL
|
||||
|
||||
if is_crosscompile || tc-is-cross-compiler ; then
|
||||
multilib_env ${CTARGET_OPT:-${CTARGET}}
|
||||
|
||||
if ! use multilib ; then
|
||||
MULTILIB_ABIS=${DEFAULT_ABI}
|
||||
else
|
||||
MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
|
||||
fi
|
||||
|
||||
# If the user has CFLAGS_<CTARGET> in their make.conf, use that,
|
||||
# and fall back on CFLAGS.
|
||||
local VAR=CFLAGS_${CTARGET//[-.]/_}
|
||||
CFLAGS=${!VAR-${CFLAGS}}
|
||||
fi
|
||||
|
||||
setup_flags
|
||||
|
||||
export ABI=${ABI:-${DEFAULT_ABI:-default}}
|
||||
|
||||
local VAR=CFLAGS_${ABI}
|
||||
# We need to export CFLAGS with abi information in them because glibc's
|
||||
# configure script checks CFLAGS for some targets (like mips). Keep
|
||||
# around the original clean value to avoid appending multiple ABIs on
|
||||
# top of each other.
|
||||
: ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})}
|
||||
export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}"
|
||||
}
|
||||
|
||||
foreach_abi() {
|
||||
setup_env
|
||||
|
||||
local ret=0
|
||||
local abilist=""
|
||||
if use multilib ; then
|
||||
abilist=$(get_install_abis)
|
||||
else
|
||||
abilist=${DEFAULT_ABI}
|
||||
fi
|
||||
evar_push ABI
|
||||
export ABI
|
||||
for ABI in ${abilist:-default} ; do
|
||||
setup_env
|
||||
einfo "Running $1 for ABI ${ABI}"
|
||||
$1
|
||||
: $(( ret |= $? ))
|
||||
done
|
||||
evar_pop
|
||||
return ${ret}
|
||||
}
|
||||
|
||||
just_headers() {
|
||||
is_crosscompile && use crosscompile_opts_headers-only
|
||||
}
|
||||
|
||||
glibc_banner() {
|
||||
local b="Gentoo ${PVR}"
|
||||
[[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}"
|
||||
[[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}"
|
||||
[[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}"
|
||||
echo "${b}"
|
||||
}
|
27
sys-libs/glibc/files/eblits/pkg_postinst.eblit
Normal file
27
sys-libs/glibc/files/eblits/pkg_postinst.eblit
Normal file
@ -0,0 +1,27 @@
|
||||
# Copyright 1999-2012 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
eblit-glibc-pkg_postinst() {
|
||||
# nothing to do if just installing headers
|
||||
just_headers && return
|
||||
|
||||
if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then
|
||||
# Generate fastloading iconv module configuration file.
|
||||
"${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
|
||||
fi
|
||||
|
||||
if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
|
||||
# Reload init ... if in a chroot or a diff init package, ignore
|
||||
# errors from this step #253697
|
||||
/sbin/telinit U 2>/dev/null
|
||||
|
||||
# if the host locales.gen contains no entries, we'll install everything
|
||||
local locale_list="${EROOT}etc/locale.gen"
|
||||
if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
|
||||
ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
|
||||
locale_list="${EROOT}usr/share/i18n/SUPPORTED"
|
||||
fi
|
||||
locale-gen -j $(makeopts_jobs) --config "${locale_list}"
|
||||
fi
|
||||
}
|
63
sys-libs/glibc/files/eblits/pkg_preinst.eblit
Normal file
63
sys-libs/glibc/files/eblits/pkg_preinst.eblit
Normal file
@ -0,0 +1,63 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
# Simple test to make sure our new glibc isnt completely broken.
|
||||
# Make sure we don't test with statically built binaries since
|
||||
# they will fail. Also, skip if this glibc is a cross compiler.
|
||||
#
|
||||
# If coreutils is built with USE=multicall, some of these files
|
||||
# will just be wrapper scripts, not actual ELFs we can test.
|
||||
glibc_sanity_check() {
|
||||
cd / #228809
|
||||
|
||||
# We enter ${ED} so to avoid trouble if the path contains
|
||||
# special characters; for instance if the path contains the
|
||||
# colon character (:), then the linker will try to split it
|
||||
# and look for the libraries in an unexpected place. This can
|
||||
# lead to unsafe code execution if the generated prefix is
|
||||
# within a world-writable directory.
|
||||
# (e.g. /var/tmp/portage:${HOSTNAME})
|
||||
pushd "${ED}"/$(get_libdir) >/dev/null
|
||||
|
||||
local x striptest
|
||||
for x in cal date env free ls true uname uptime ; do
|
||||
x=$(type -p ${x})
|
||||
[[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue
|
||||
striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue
|
||||
case ${striptest} in
|
||||
*"statically linked"*) continue;;
|
||||
*"ASCII text"*) continue;;
|
||||
esac
|
||||
# We need to clear the locale settings as the upgrade might want
|
||||
# incompatible locale data. This test is not for verifying that.
|
||||
LC_ALL=C \
|
||||
./ld-*.so --library-path . ${x} > /dev/null \
|
||||
|| die "simple run test (${x}) failed"
|
||||
done
|
||||
|
||||
popd >/dev/null
|
||||
}
|
||||
|
||||
eblit-glibc-pkg_preinst() {
|
||||
# nothing to do if just installing headers
|
||||
just_headers && return
|
||||
|
||||
# prepare /etc/ld.so.conf.d/ for files
|
||||
mkdir -p "${EROOT}"/etc/ld.so.conf.d
|
||||
|
||||
# Default /etc/hosts.conf:multi to on for systems with small dbs.
|
||||
if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then
|
||||
sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf
|
||||
elog "Defaulting /etc/host.conf:multi to on"
|
||||
fi
|
||||
|
||||
[[ ${ROOT} != "/" ]] && return 0
|
||||
[[ -d ${ED}/$(get_libdir) ]] || return 0
|
||||
glibc_sanity_check
|
||||
|
||||
# For newer EAPIs, this was run in pkg_pretend.
|
||||
if [[ ${EAPI:-0} == [0123] ]] ; then
|
||||
check_devpts
|
||||
fi
|
||||
}
|
157
sys-libs/glibc/files/eblits/pkg_pretend.eblit
Normal file
157
sys-libs/glibc/files/eblits/pkg_pretend.eblit
Normal file
@ -0,0 +1,157 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
glibc_compile_test() {
|
||||
local ret save_cflags=${CFLAGS}
|
||||
CFLAGS+=" $1"
|
||||
shift
|
||||
|
||||
pushd "${T}" >/dev/null
|
||||
|
||||
rm -f glibc-test*
|
||||
printf '%b' "$*" > glibc-test.c
|
||||
|
||||
_nonfatal emake -s glibc-test
|
||||
ret=$?
|
||||
|
||||
popd >/dev/null
|
||||
|
||||
CFLAGS=${save_cflags}
|
||||
return ${ret}
|
||||
}
|
||||
|
||||
glibc_run_test() {
|
||||
local ret
|
||||
|
||||
if [[ ${EMERGE_FROM} == "binary" ]] ; then
|
||||
# ignore build failures when installing a binary package #324685
|
||||
glibc_compile_test "" "$@" 2>/dev/null || return 0
|
||||
else
|
||||
if ! glibc_compile_test "" "$@" ; then
|
||||
ewarn "Simple build failed ... assuming this is desired #324685"
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
|
||||
pushd "${T}" >/dev/null
|
||||
|
||||
./glibc-test
|
||||
ret=$?
|
||||
rm -f glibc-test*
|
||||
|
||||
popd >/dev/null
|
||||
|
||||
return ${ret}
|
||||
}
|
||||
|
||||
check_devpts() {
|
||||
# Make sure devpts is mounted correctly for use w/out setuid pt_chown.
|
||||
|
||||
# If merely building the binary package, then there's nothing to verify.
|
||||
[[ ${MERGE_TYPE} == "buildonly" ]] && return
|
||||
|
||||
# Only sanity check when installing the native glibc.
|
||||
[[ ${ROOT} != "/" ]] && return
|
||||
|
||||
# Older versions always installed setuid, so no need to check.
|
||||
in_iuse suid || return
|
||||
|
||||
# If they're opting in to the old suid code, then no need to check.
|
||||
use suid && return
|
||||
|
||||
if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then
|
||||
eerror "In order to use glibc with USE=-suid, you must make sure that"
|
||||
eerror "you have devpts mounted at /dev/pts with the gid=5 option."
|
||||
eerror "Openrc should do this for you, so you should check /etc/fstab"
|
||||
eerror "and make sure you do not have any invalid settings there."
|
||||
# Do not die on older kernels as devpts did not export these settings #489520.
|
||||
if version_is_at_least 2.6.25 $(uname -r) ; then
|
||||
die "mount & fix your /dev/pts settings"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-glibc-pkg_pretend() {
|
||||
# For older EAPIs, this is run in pkg_preinst.
|
||||
if [[ ${EAPI:-0} != [0123] ]] ; then
|
||||
check_devpts
|
||||
fi
|
||||
|
||||
# prevent native builds from downgrading ... maybe update to allow people
|
||||
# to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
|
||||
if [[ ${MERGE_TYPE} != "buildonly" ]] && \
|
||||
[[ ${ROOT} == "/" ]] && \
|
||||
[[ ${CBUILD} == ${CHOST} ]] && \
|
||||
[[ ${CHOST} == ${CTARGET} ]] ; then
|
||||
if has_version '>'${CATEGORY}/${PF} ; then
|
||||
eerror "Sanity check to keep you from breaking your system:"
|
||||
eerror " Downgrading glibc is not supported and a sure way to destruction"
|
||||
die "aborting to save your system"
|
||||
fi
|
||||
|
||||
if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
|
||||
then
|
||||
eerror "Your patched vendor kernel is broken. You need to get an"
|
||||
eerror "update from whoever is providing the kernel to you."
|
||||
eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227"
|
||||
eerror "http://bugs.gentoo.org/262698"
|
||||
die "keeping your system alive, say thank you"
|
||||
fi
|
||||
|
||||
if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
|
||||
then
|
||||
eerror "Your old kernel is broken. You need to update it to"
|
||||
eerror "a newer version as syscall(<bignum>) will break."
|
||||
eerror "http://bugs.gentoo.org/279260"
|
||||
die "keeping your system alive, say thank you"
|
||||
fi
|
||||
fi
|
||||
|
||||
# users have had a chance to phase themselves, time to give em the boot
|
||||
if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
|
||||
eerror "You still haven't deleted ${EROOT}/etc/locales.build."
|
||||
eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
|
||||
die "lazy upgrader detected"
|
||||
fi
|
||||
|
||||
if [[ ${CTARGET} == i386-* ]] ; then
|
||||
eerror "i386 CHOSTs are no longer supported."
|
||||
eerror "Chances are you don't actually want/need i386."
|
||||
eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml"
|
||||
die "please fix your CHOST"
|
||||
fi
|
||||
|
||||
if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
|
||||
ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
|
||||
ewarn "This will result in a 50% performance penalty when running with a 32bit"
|
||||
ewarn "hypervisor, which is probably not what you want."
|
||||
fi
|
||||
|
||||
use hardened && ! gcc-specs-pie && \
|
||||
ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
|
||||
|
||||
# Make sure host system is up to date #394453
|
||||
if has_version '<sys-libs/glibc-2.13' && \
|
||||
[[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
|
||||
then
|
||||
ebegin "Scanning system for __guard to see if you need to rebuild first ..."
|
||||
local files=$(
|
||||
scanelf -qys__guard -F'#s%F' \
|
||||
"${EROOT}"/*bin/ \
|
||||
"${EROOT}"/lib* \
|
||||
"${EROOT}"/usr/*bin/ \
|
||||
"${EROOT}"/usr/lib* | \
|
||||
egrep -v \
|
||||
-e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
|
||||
-e "^${EROOT}/sbin/(ldconfig|sln)$"
|
||||
)
|
||||
[[ -z ${files} ]]
|
||||
if ! eend $? ; then
|
||||
eerror "Your system still has old SSP __guard symbols. You need to"
|
||||
eerror "rebuild all the packages that provide these files first:"
|
||||
eerror "${files}"
|
||||
die "old __guard detected"
|
||||
fi
|
||||
fi
|
||||
}
|
9
sys-libs/glibc/files/eblits/pkg_setup.eblit
Normal file
9
sys-libs/glibc/files/eblits/pkg_setup.eblit
Normal file
@ -0,0 +1,9 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit"
|
||||
|
||||
eblit-glibc-pkg_setup() {
|
||||
[[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend
|
||||
}
|
24
sys-libs/glibc/files/eblits/src_compile.eblit
Normal file
24
sys-libs/glibc/files/eblits/src_compile.eblit
Normal file
@ -0,0 +1,24 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit"
|
||||
|
||||
toolchain-glibc_src_compile() {
|
||||
local t
|
||||
for t in linuxthreads nptl ; do
|
||||
if want_${t} ; then
|
||||
[[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t}
|
||||
emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed"
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
eblit-glibc-src_compile() {
|
||||
if just_headers ; then
|
||||
[[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure
|
||||
return
|
||||
fi
|
||||
|
||||
foreach_abi toolchain-glibc_src_compile
|
||||
}
|
274
sys-libs/glibc/files/eblits/src_configure.eblit
Normal file
274
sys-libs/glibc/files/eblits/src_configure.eblit
Normal file
@ -0,0 +1,274 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
dump_toolchain_settings() {
|
||||
echo
|
||||
|
||||
einfo "$*"
|
||||
|
||||
local v
|
||||
for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do
|
||||
einfo " $(printf '%15s' ${v}:) ${!v}"
|
||||
done
|
||||
|
||||
# The glibc configure script doesn't properly use LDFLAGS all the time.
|
||||
export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}"
|
||||
einfo " $(printf '%15s' 'Manual CC:') ${CC}"
|
||||
echo
|
||||
}
|
||||
|
||||
glibc_do_configure() {
|
||||
# Glibc does not work with gold (for various reasons) #269274.
|
||||
tc-ld-disable-gold
|
||||
|
||||
dump_toolchain_settings "Configuring glibc for $1"
|
||||
|
||||
local myconf=()
|
||||
|
||||
# set addons
|
||||
pushd "${S}" > /dev/null
|
||||
local addons=$(echo */configure | sed \
|
||||
-e 's:/configure::g' \
|
||||
-e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
|
||||
-e 's: \+$::' \
|
||||
-e 's! !,!g' \
|
||||
-e 's!^!,!' \
|
||||
-e '/^,\*$/d')
|
||||
[[ -d ports ]] && addons+=",ports"
|
||||
popd > /dev/null
|
||||
|
||||
myconf+=( $(use_enable hardened stackguard-randomization) )
|
||||
if has_version '<sys-libs/glibc-2.13' ; then
|
||||
myconf+=( --enable-old-ssp-compat )
|
||||
fi
|
||||
|
||||
[[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
|
||||
|
||||
if [[ $1 == "linuxthreads" ]] ; then
|
||||
if want_tls ; then
|
||||
myconf+=( --with-tls )
|
||||
|
||||
if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then
|
||||
myconf+=( --without-__thread )
|
||||
else
|
||||
myconf+=( --with-__thread )
|
||||
fi
|
||||
else
|
||||
myconf+=( --without-tls --without-__thread )
|
||||
fi
|
||||
|
||||
myconf+=( --disable-sanity-checks )
|
||||
addons="linuxthreads${addons}"
|
||||
myconf+=( --enable-kernel=${LT_KER_VER} )
|
||||
elif [[ $1 == "nptl" ]] ; then
|
||||
# Newer versions require nptl, so there is no addon for it.
|
||||
version_is_at_least 2.20 || addons="nptl${addons}"
|
||||
myconf+=( --enable-kernel=${NPTL_KERN_VER} )
|
||||
else
|
||||
die "invalid pthread option"
|
||||
fi
|
||||
myconf+=( --enable-add-ons="${addons#,}" )
|
||||
|
||||
# Since SELinux support is only required for nscd, only enable it if:
|
||||
# 1. USE selinux
|
||||
# 2. only for the primary ABI on multilib systems
|
||||
# 3. Not a crosscompile
|
||||
if ! is_crosscompile && use selinux ; then
|
||||
if use multilib ; then
|
||||
if is_final_abi ; then
|
||||
myconf+=( --with-selinux )
|
||||
else
|
||||
myconf+=( --without-selinux )
|
||||
fi
|
||||
else
|
||||
myconf+=( --with-selinux )
|
||||
fi
|
||||
else
|
||||
myconf+=( --without-selinux )
|
||||
fi
|
||||
|
||||
# Force a few tests where we always know the answer but
|
||||
# configure is incapable of finding it.
|
||||
if is_crosscompile ; then
|
||||
export \
|
||||
libc_cv_c_cleanup=yes \
|
||||
libc_cv_forced_unwind=yes
|
||||
fi
|
||||
|
||||
myconf+=(
|
||||
--without-cvs
|
||||
--disable-werror
|
||||
--enable-bind-now
|
||||
--build=${CBUILD_OPT:-${CBUILD}}
|
||||
--host=${CTARGET_OPT:-${CTARGET}}
|
||||
$(use_enable profile)
|
||||
$(use_with gd)
|
||||
--with-headers=$(alt_build_headers)
|
||||
--prefix="${EPREFIX}/usr"
|
||||
--sysconfdir="${EPREFIX}/etc"
|
||||
--localstatedir="${EPREFIX}/var"
|
||||
--libdir='$(prefix)'/$(get_libdir)
|
||||
--mandir='$(prefix)'/share/man
|
||||
--infodir='$(prefix)'/share/info
|
||||
--libexecdir='$(libdir)'/misc/glibc
|
||||
--with-bugurl=http://bugs.gentoo.org/
|
||||
--with-pkgversion="$(glibc_banner)"
|
||||
$(use_multiarch || echo --disable-multi-arch)
|
||||
$(in_iuse rpc && use_enable rpc obsolete-rpc || echo --enable-obsolete-rpc)
|
||||
$(in_iuse systemtap && use_enable systemtap)
|
||||
$(in_iuse nscd && use_enable nscd)
|
||||
${EXTRA_ECONF}
|
||||
)
|
||||
|
||||
# We rely on sys-libs/timezone-data for timezone tools normally.
|
||||
if version_is_at_least 2.23 ; then
|
||||
myconf+=( $(use_enable vanilla timezone-tools) )
|
||||
fi
|
||||
|
||||
# These libs don't have configure flags.
|
||||
ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no)
|
||||
ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no)
|
||||
|
||||
# There is no configure option for this and we need to export it
|
||||
# since the glibc build will re-run configure on itself
|
||||
export libc_cv_rootsbindir="${EPREFIX}/sbin"
|
||||
export libc_cv_slibdir="${EPREFIX}/$(get_libdir)"
|
||||
|
||||
# We take care of patching our binutils to use both hash styles,
|
||||
# and many people like to force gnu hash style only, so disable
|
||||
# this overriding check. #347761
|
||||
export libc_cv_hashstyle=no
|
||||
|
||||
# Overtime, generating info pages can be painful. So disable this for
|
||||
# versions older than the latest stable to avoid the issue (this ver
|
||||
# should be updated from time to time). #464394 #465816
|
||||
if ! version_is_at_least 2.17 ; then
|
||||
export ac_cv_prog_MAKEINFO=:
|
||||
fi
|
||||
|
||||
local builddir=$(builddir "$1")
|
||||
mkdir -p "${builddir}"
|
||||
cd "${builddir}"
|
||||
set -- "${S}"/configure "${myconf[@]}"
|
||||
echo "$@"
|
||||
"$@" || die "failed to configure glibc"
|
||||
|
||||
# ia64 static cross-compilers are a pita in so much that they
|
||||
# can't produce static ELFs (as the libgcc.a is broken). so
|
||||
# disable building of the programs for those targets if it
|
||||
# doesn't work.
|
||||
# XXX: We could turn this into a compiler test, but ia64 is
|
||||
# the only one that matters, so this should be fine for now.
|
||||
if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then
|
||||
sed -i '1i+link-static = touch $@' config.make
|
||||
fi
|
||||
|
||||
# If we're trying to migrate between ABI sets, we need
|
||||
# to lie and use a local copy of gcc. Like if the system
|
||||
# is built with MULTILIB_ABIS="amd64 x86" but we want to
|
||||
# add x32 to it, gcc/glibc don't yet support x32.
|
||||
if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then
|
||||
echo 'main(){}' > "${T}"/test.c
|
||||
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then
|
||||
sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die
|
||||
mkdir -p sunrpc
|
||||
cp $(which rpcgen) sunrpc/cross-rpcgen || die
|
||||
touch -t 202001010101 sunrpc/cross-rpcgen || die
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
toolchain-glibc_headers_configure() {
|
||||
export ABI=default
|
||||
|
||||
local builddir=$(builddir "headers")
|
||||
mkdir -p "${builddir}"
|
||||
cd "${builddir}"
|
||||
|
||||
# if we don't have a compiler yet, we cant really test it now ...
|
||||
# hopefully they don't affect header geneation, so let's hope for
|
||||
# the best here ...
|
||||
local v vars=(
|
||||
ac_cv_header_cpuid_h=yes
|
||||
libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes
|
||||
libc_cv_asm_cfi_directives=yes
|
||||
libc_cv_broken_visibility_attribute=no
|
||||
libc_cv_c_cleanup=yes
|
||||
libc_cv_forced_unwind=yes
|
||||
libc_cv_gcc___thread=yes
|
||||
libc_cv_mlong_double_128=yes
|
||||
libc_cv_mlong_double_128ibm=yes
|
||||
libc_cv_ppc_machine=yes
|
||||
libc_cv_ppc_rel16=yes
|
||||
libc_cv_predef_{fortify_source,stack_protector}=no
|
||||
libc_cv_visibility_attribute=yes
|
||||
libc_cv_z_combreloc=yes
|
||||
libc_cv_z_execstack=yes
|
||||
libc_cv_z_initfirst=yes
|
||||
libc_cv_z_nodelete=yes
|
||||
libc_cv_z_nodlopen=yes
|
||||
libc_cv_z_relro=yes
|
||||
libc_mips_abi=${ABI}
|
||||
libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard)
|
||||
# These libs don't have configure flags.
|
||||
ac_cv_lib_audit_audit_log_user_avc_message=no
|
||||
ac_cv_lib_cap_cap_init=no
|
||||
)
|
||||
einfo "Forcing cached settings:"
|
||||
for v in "${vars[@]}" ; do
|
||||
einfo " ${v}"
|
||||
export ${v}
|
||||
done
|
||||
|
||||
# Blow away some random CC settings that screw things up. #550192
|
||||
if [[ -d ${S}/sysdeps/mips ]]; then
|
||||
pushd "${S}"/sysdeps/mips >/dev/null
|
||||
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die
|
||||
sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die
|
||||
popd >/dev/null
|
||||
fi
|
||||
|
||||
local myconf=()
|
||||
myconf+=(
|
||||
--disable-sanity-checks
|
||||
--enable-hacker-mode
|
||||
--without-cvs
|
||||
--disable-werror
|
||||
--enable-bind-now
|
||||
--build=${CBUILD_OPT:-${CBUILD}}
|
||||
--host=${CTARGET_OPT:-${CTARGET}}
|
||||
--with-headers=$(alt_build_headers)
|
||||
--prefix="${EPREFIX}/usr"
|
||||
${EXTRA_ECONF}
|
||||
)
|
||||
|
||||
local addons
|
||||
[[ -d ${S}/ports ]] && addons+=",ports"
|
||||
# Newer versions require nptl, so there is no addon for it.
|
||||
version_is_at_least 2.20 || addons+=",nptl"
|
||||
myconf+=( --enable-add-ons="${addons#,}" )
|
||||
|
||||
# Nothing is compiled here which would affect the headers for the target.
|
||||
# So forcing CC/CFLAGS is sane.
|
||||
set -- "${S}"/configure "${myconf[@]}"
|
||||
echo "$@"
|
||||
CC="$(tc-getBUILD_CC)" \
|
||||
CFLAGS="-O1 -pipe" \
|
||||
CPPFLAGS="-U_FORTIFY_SOURCE" \
|
||||
LDFLAGS="" \
|
||||
"$@" || die "failed to configure glibc"
|
||||
}
|
||||
|
||||
toolchain-glibc_src_configure() {
|
||||
if just_headers ; then
|
||||
toolchain-glibc_headers_configure
|
||||
else
|
||||
want_linuxthreads && glibc_do_configure linuxthreads
|
||||
want_nptl && glibc_do_configure nptl
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-glibc-src_configure() {
|
||||
foreach_abi toolchain-glibc_src_configure
|
||||
}
|
244
sys-libs/glibc/files/eblits/src_install.eblit
Normal file
244
sys-libs/glibc/files/eblits/src_install.eblit
Normal file
@ -0,0 +1,244 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
toolchain-glibc_src_install() {
|
||||
local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl))
|
||||
cd "${builddir}"
|
||||
|
||||
emake install_root="${D}$(alt_prefix)" install || die
|
||||
|
||||
if want_linuxthreads && want_nptl ; then
|
||||
einfo "Installing NPTL to $(alt_libdir)/tls/..."
|
||||
cd "$(builddir nptl)"
|
||||
dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
|
||||
|
||||
local l src_lib
|
||||
for l in libc libm librt libpthread libthread_db ; do
|
||||
# take care of shared lib first ...
|
||||
l=${l}.so
|
||||
if [[ -e ${l} ]] ; then
|
||||
src_lib=${l}
|
||||
else
|
||||
src_lib=$(eval echo */${l})
|
||||
fi
|
||||
cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
|
||||
fperms a+rx $(alt_libdir)/tls/${l}
|
||||
dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
|
||||
|
||||
# then grab the linker script or the symlink ...
|
||||
if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then
|
||||
dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
|
||||
else
|
||||
sed \
|
||||
-e "s:/${l}:/tls/${l}:g" \
|
||||
-e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
|
||||
"${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l}
|
||||
fi
|
||||
|
||||
# then grab the static lib ...
|
||||
src_lib=${src_lib/%.so/.a}
|
||||
[[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
|
||||
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
|
||||
src_lib=${src_lib/%.a/_nonshared.a}
|
||||
if [[ -e ${src_lib} ]] ; then
|
||||
cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
|
||||
fi
|
||||
done
|
||||
|
||||
# use the nptl linker instead of the linuxthreads one as the linuxthreads
|
||||
# one may lack TLS support and that can be really bad for business
|
||||
cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
|
||||
fi
|
||||
|
||||
# We'll take care of the cache ourselves
|
||||
rm -f "${ED}"/etc/ld.so.cache
|
||||
|
||||
# Everything past this point just needs to be done once ...
|
||||
is_final_abi || return 0
|
||||
|
||||
# Make sure the non-native interp can be found on multilib systems even
|
||||
# if the main library set isn't installed into the right place. Maybe
|
||||
# we should query the active gcc for info instead of hardcoding it ?
|
||||
local i ldso_abi ldso_name
|
||||
local ldso_abi_list=(
|
||||
# x86
|
||||
amd64 /lib64/ld-linux-x86-64.so.2
|
||||
x32 /libx32/ld-linux-x32.so.2
|
||||
x86 /lib/ld-linux.so.2
|
||||
# mips
|
||||
o32 /lib/ld.so.1
|
||||
n32 /lib32/ld.so.1
|
||||
n64 /lib64/ld.so.1
|
||||
# powerpc
|
||||
ppc /lib/ld.so.1
|
||||
ppc64 /lib64/ld64.so.1
|
||||
# s390
|
||||
s390 /lib/ld.so.1
|
||||
s390x /lib/ld64.so.1
|
||||
# sparc
|
||||
sparc32 /lib/ld-linux.so.2
|
||||
sparc64 /lib64/ld-linux.so.2
|
||||
)
|
||||
case $(tc-endian) in
|
||||
little)
|
||||
ldso_abi_list+=(
|
||||
# arm
|
||||
arm64 /lib/ld-linux-aarch64.so.1
|
||||
)
|
||||
;;
|
||||
big)
|
||||
ldso_abi_list+=(
|
||||
# arm
|
||||
arm64 /lib/ld-linux-aarch64_be.so.1
|
||||
)
|
||||
;;
|
||||
esac
|
||||
if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then
|
||||
dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib
|
||||
fi
|
||||
for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do
|
||||
ldso_abi=${ldso_abi_list[i]}
|
||||
has ${ldso_abi} $(get_install_abis) || continue
|
||||
|
||||
ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}"
|
||||
if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then
|
||||
dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name}
|
||||
fi
|
||||
done
|
||||
|
||||
# With devpts under Linux mounted properly, we do not need the pt_chown
|
||||
# binary to be setuid. This is because the default owners/perms will be
|
||||
# exactly what we want.
|
||||
if in_iuse suid && ! use suid ; then
|
||||
find "${ED}" -name pt_chown -exec chmod -s {} +
|
||||
fi
|
||||
|
||||
#################################################################
|
||||
# EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
|
||||
# Make sure we install some symlink hacks so that when we build
|
||||
# a 2nd stage cross-compiler, gcc finds the target system
|
||||
# headers correctly. See gcc/doc/gccinstall.info
|
||||
if is_crosscompile ; then
|
||||
# We need to make sure that /lib and /usr/lib always exists.
|
||||
# gcc likes to use relative paths to get to its multilibs like
|
||||
# /usr/lib/../lib64/. So while we don't install any files into
|
||||
# /usr/lib/, we do need it to exist.
|
||||
cd "${ED}"$(alt_libdir)/..
|
||||
[[ -e lib ]] || mkdir lib
|
||||
cd "${ED}"$(alt_usrlibdir)/..
|
||||
[[ -e lib ]] || mkdir lib
|
||||
|
||||
dosym usr/include $(alt_prefix)/sys-include
|
||||
return 0
|
||||
fi
|
||||
|
||||
# Files for Debian-style locale updating
|
||||
dodir /usr/share/i18n
|
||||
sed \
|
||||
-e "/^#/d" \
|
||||
-e "/SUPPORTED-LOCALES=/d" \
|
||||
-e "s: \\\\::g" -e "s:/: :g" \
|
||||
"${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \
|
||||
|| die "generating /usr/share/i18n/SUPPORTED failed"
|
||||
cd "${WORKDIR}"/extra/locale
|
||||
dosbin locale-gen || die
|
||||
doman *.[0-8]
|
||||
insinto /etc
|
||||
doins locale.gen || die
|
||||
|
||||
# Make sure all the ABI's can find the locales and so we only
|
||||
# have to generate one set
|
||||
local a
|
||||
keepdir /usr/$(get_libdir)/locale
|
||||
for a in $(get_install_abis) ; do
|
||||
if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
|
||||
dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
|
||||
fi
|
||||
done
|
||||
|
||||
cd "${S}"
|
||||
|
||||
# Install misc network config files
|
||||
insinto /etc
|
||||
doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die
|
||||
doins "${WORKDIR}"/extra/etc/*.conf || die
|
||||
|
||||
if ! in_iuse nscd || use nscd ; then
|
||||
doinitd "${WORKDIR}"/extra/etc/nscd || die
|
||||
|
||||
local nscd_args=(
|
||||
-e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):"
|
||||
)
|
||||
version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' )
|
||||
sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd
|
||||
|
||||
# Newer versions of glibc include the nscd.service themselves.
|
||||
# TODO: Drop the $FILESDIR copy once 2.19 goes stable.
|
||||
if version_is_at_least 2.19 ; then
|
||||
systemd_dounit nscd/nscd.service || die
|
||||
systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die
|
||||
else
|
||||
systemd_dounit "${FILESDIR}"/nscd.service || die
|
||||
systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die
|
||||
fi
|
||||
else
|
||||
# Do this since extra/etc/*.conf above might have nscd.conf.
|
||||
rm -f "${ED}"/etc/nscd.conf
|
||||
fi
|
||||
|
||||
echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc
|
||||
doenvd "${T}"/00glibc || die
|
||||
|
||||
for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do
|
||||
[[ -s ${d} ]] && dodoc ${d}
|
||||
done
|
||||
|
||||
# Prevent overwriting of the /etc/localtime symlink. We'll handle the
|
||||
# creation of the "factory" symlink in pkg_postinst().
|
||||
rm -f "${ED}"/etc/localtime
|
||||
}
|
||||
|
||||
toolchain-glibc_headers_install() {
|
||||
local builddir=$(builddir "headers")
|
||||
cd "${builddir}"
|
||||
emake install_root="${D}$(alt_prefix)" install-headers || die
|
||||
if ! version_is_at_least 2.16 ; then
|
||||
insinto $(alt_headers)/bits
|
||||
doins bits/stdio_lim.h || die
|
||||
fi
|
||||
insinto $(alt_headers)/gnu
|
||||
doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
|
||||
# Make sure we install the sys-include symlink so that when
|
||||
# we build a 2nd stage cross-compiler, gcc finds the target
|
||||
# system headers correctly. See gcc/doc/gccinstall.info
|
||||
dosym usr/include $(alt_prefix)/sys-include
|
||||
}
|
||||
|
||||
src_strip() {
|
||||
# gdb is lame and requires some debugging information to remain in
|
||||
# libpthread, so we need to strip it by hand. libthread_db makes no
|
||||
# sense stripped as it is only used when debugging.
|
||||
local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}")
|
||||
env \
|
||||
-uRESTRICT \
|
||||
CHOST=${CTARGET} \
|
||||
STRIP_MASK="/*/{,tls/}${pthread}*" \
|
||||
prepallstrip
|
||||
# if user has stripping enabled and does not have split debug turned on,
|
||||
# then leave the debugging sections in libpthread.
|
||||
if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then
|
||||
${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-glibc-src_install() {
|
||||
if just_headers ; then
|
||||
export ABI=default
|
||||
toolchain-glibc_headers_install
|
||||
return
|
||||
fi
|
||||
|
||||
foreach_abi toolchain-glibc_src_install
|
||||
src_strip
|
||||
}
|
63
sys-libs/glibc/files/eblits/src_prepare.eblit
Normal file
63
sys-libs/glibc/files/eblits/src_prepare.eblit
Normal file
@ -0,0 +1,63 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
eblit-glibc-src_prepare() {
|
||||
# XXX: We should do the branchupdate, before extracting the manpages and
|
||||
# infopages else it does not help much (mtimes change if there is a change
|
||||
# to them with branchupdate)
|
||||
if [[ -n ${BRANCH_UPDATE} ]] ; then
|
||||
epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
|
||||
|
||||
# Snapshot date patch
|
||||
einfo "Patching version to display snapshot date ..."
|
||||
sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
|
||||
fi
|
||||
|
||||
# tag, glibc is it
|
||||
if ! version_is_at_least 2.17 ; then
|
||||
[[ -e csu/Banner ]] && die "need new banner location"
|
||||
glibc_banner > csu/Banner
|
||||
fi
|
||||
if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then
|
||||
EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \
|
||||
EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
|
||||
EPATCH_SUFFIX="patch" \
|
||||
ARCH=$(tc-arch) \
|
||||
epatch "${WORKDIR}"/patches
|
||||
fi
|
||||
|
||||
if just_headers ; then
|
||||
if [[ -e ports/sysdeps/mips/preconfigure ]] ; then
|
||||
# mips peeps like to screw with us. if building headers,
|
||||
# we don't have a real compiler, so we can't let them
|
||||
# insert -mabi on us.
|
||||
sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die
|
||||
find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} +
|
||||
fi
|
||||
fi
|
||||
|
||||
epatch_user
|
||||
|
||||
gnuconfig_update
|
||||
|
||||
# Glibc is stupid sometimes, and doesn't realize that with a
|
||||
# static C-Only gcc, -lgcc_eh doesn't exist.
|
||||
# https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html
|
||||
# https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
|
||||
# But! Finally fixed in recent versions:
|
||||
# https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html
|
||||
if ! version_is_at_least 2.16 ; then
|
||||
echo 'int main(){}' > "${T}"/gcc_eh_test.c
|
||||
if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
|
||||
sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
|
||||
fi
|
||||
fi
|
||||
|
||||
cd "${WORKDIR}"
|
||||
find . -type f '(' -size 0 -o -name "*.orig" ')' -delete
|
||||
find . -name configure -exec touch {} +
|
||||
|
||||
# Fix permissions on some of the scripts.
|
||||
chmod u+x "${S}"/scripts/*.sh
|
||||
}
|
30
sys-libs/glibc/files/eblits/src_test.eblit
Normal file
30
sys-libs/glibc/files/eblits/src_test.eblit
Normal file
@ -0,0 +1,30 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
glibc_src_test() {
|
||||
cd "$(builddir $1)"
|
||||
nonfatal emake -j1 check && return 0
|
||||
einfo "make check failed - re-running with --keep-going to get the rest of the results"
|
||||
nonfatal emake -j1 -k check
|
||||
ewarn "make check failed for ${ABI}-${CTARGET}-$1"
|
||||
return 1
|
||||
}
|
||||
|
||||
toolchain-glibc_src_test() {
|
||||
local ret=0 t
|
||||
for t in linuxthreads nptl ; do
|
||||
if want_${t} ; then
|
||||
glibc_src_test ${t}
|
||||
: $(( ret |= $? ))
|
||||
fi
|
||||
done
|
||||
return ${ret}
|
||||
}
|
||||
|
||||
eblit-glibc-src_test() {
|
||||
# Give tests more time to complete.
|
||||
export TIMEOUTFACTOR=5
|
||||
|
||||
foreach_abi toolchain-glibc_src_test || die "tests failed"
|
||||
}
|
121
sys-libs/glibc/files/eblits/src_unpack.eblit
Normal file
121
sys-libs/glibc/files/eblits/src_unpack.eblit
Normal file
@ -0,0 +1,121 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit"
|
||||
|
||||
int_to_KV() {
|
||||
local version=$1 major minor micro
|
||||
major=$((version / 65536))
|
||||
minor=$(((version % 65536) / 256))
|
||||
micro=$((version % 256))
|
||||
echo ${major}.${minor}.${micro}
|
||||
}
|
||||
|
||||
eend_KV() {
|
||||
[[ $(KV_to_int $1) -ge $(KV_to_int $2) ]]
|
||||
eend $?
|
||||
}
|
||||
|
||||
get_kheader_version() {
|
||||
printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \
|
||||
$(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \
|
||||
tail -n 1
|
||||
}
|
||||
|
||||
check_nptl_support() {
|
||||
# don't care about the compiler here as we arent using it
|
||||
just_headers && return
|
||||
|
||||
local run_kv build_kv want_kv
|
||||
run_kv=$(int_to_KV $(get_KV))
|
||||
build_kv=$(int_to_KV $(get_kheader_version))
|
||||
want_kv=${NPTL_KERN_VER}
|
||||
|
||||
ebegin "Checking gcc for __thread support"
|
||||
if ! eend $(want__thread ; echo $?) ; then
|
||||
echo
|
||||
eerror "Could not find a gcc that supports the __thread directive!"
|
||||
eerror "Please update your binutils/gcc and try again."
|
||||
die "No __thread support in gcc!"
|
||||
fi
|
||||
|
||||
if ! is_crosscompile && ! tc-is-cross-compiler ; then
|
||||
# Building fails on an non-supporting kernel
|
||||
ebegin "Checking kernel version (${run_kv} >= ${want_kv})"
|
||||
if ! eend_KV ${run_kv} ${want_kv} ; then
|
||||
echo
|
||||
eerror "You need a kernel of at least ${want_kv} for NPTL support!"
|
||||
die "Kernel version too low!"
|
||||
fi
|
||||
fi
|
||||
|
||||
ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})"
|
||||
if ! eend_KV ${build_kv} ${want_kv} ; then
|
||||
echo
|
||||
eerror "You need linux-headers of at least ${want_kv} for NPTL support!"
|
||||
die "linux-headers version too low!"
|
||||
fi
|
||||
}
|
||||
|
||||
unpack_pkg() {
|
||||
local a=${PN}
|
||||
[[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}"
|
||||
[[ -n $1 ]] && a="${a}-$1"
|
||||
if [[ -n ${SNAP_VER} ]] ; then
|
||||
a="${a}-${SNAP_VER}"
|
||||
else
|
||||
if [[ -n $2 ]] ; then
|
||||
a="${a}-$2"
|
||||
else
|
||||
a="${a}-${RELEASE_VER}"
|
||||
fi
|
||||
fi
|
||||
if has ${a}.tar.xz ${A} ; then
|
||||
unpacker ${a}.tar.xz
|
||||
else
|
||||
unpack ${a}.tar.bz2
|
||||
fi
|
||||
[[ -n $1 ]] && { mv ${a} $1 || die ; }
|
||||
}
|
||||
|
||||
toolchain-glibc_src_unpack() {
|
||||
# Check NPTL support _before_ we unpack things to save some time
|
||||
want_nptl && check_nptl_support
|
||||
|
||||
if [[ -n ${EGIT_REPO_URIS} ]] ; then
|
||||
local i d
|
||||
for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do
|
||||
EGIT_REPO_URI=${EGIT_REPO_URIS[$i]}
|
||||
EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]}
|
||||
git-2_src_unpack
|
||||
done
|
||||
else
|
||||
unpack_pkg
|
||||
fi
|
||||
|
||||
cd "${S}"
|
||||
touch locale/C-translit.h #185476 #218003
|
||||
[[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER}
|
||||
[[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER}
|
||||
[[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn
|
||||
|
||||
if [[ -n ${PATCH_VER} ]] ; then
|
||||
cd "${WORKDIR}"
|
||||
unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
|
||||
# pull out all the addons
|
||||
local d
|
||||
for d in extra/*/configure ; do
|
||||
d=${d%/configure}
|
||||
[[ -d ${S}/${d} ]] && die "${d} already exists in \${S}"
|
||||
mv "${d}" "${S}" || die "moving ${d} failed"
|
||||
done
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-glibc-src_unpack() {
|
||||
setup_env
|
||||
|
||||
toolchain-glibc_src_unpack
|
||||
[[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare
|
||||
}
|
64
sys-libs/glibc/files/nscd
Normal file
64
sys-libs/glibc/files/nscd
Normal file
@ -0,0 +1,64 @@
|
||||
#!/sbin/openrc-run
|
||||
# Copyright 1999-2005 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
depend() {
|
||||
use dns ldap net slapd
|
||||
}
|
||||
|
||||
checkconfig() {
|
||||
if [ ! -d /var/run/nscd ] ; then
|
||||
mkdir -p /var/run/nscd
|
||||
chmod 755 /var/run/nscd
|
||||
fi
|
||||
if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then
|
||||
echo ""
|
||||
ewarn "nscd run dir is not world readable, you should reset the perms:"
|
||||
ewarn "chmod 755 /var/run/nscd"
|
||||
ewarn "chmod a+rw /var/run/nscd/socket"
|
||||
echo ""
|
||||
ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd"
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
start() {
|
||||
checkconfig
|
||||
|
||||
ebegin "Starting Name Service Cache Daemon"
|
||||
local secure=`while read curline ; do
|
||||
table=${curline%:*}
|
||||
entries=${curline##$table:}
|
||||
table=${table%%[^a-z]*}
|
||||
case $table in
|
||||
passwd*|group*|hosts)
|
||||
for entry in $entries ; do
|
||||
case $entry in
|
||||
nisplus*)
|
||||
/usr/sbin/nscd_nischeck $table || \
|
||||
/echo "-S $table,yes"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
;;
|
||||
esac
|
||||
done < /etc/nsswitch.conf`
|
||||
local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)"
|
||||
mkdir -p "$(dirname ${pidfile})"
|
||||
save_options pidfile "${pidfile}"
|
||||
start-stop-daemon --start --quiet \
|
||||
--exec /usr/sbin/nscd --pidfile "${pidfile}" \
|
||||
-- $secure
|
||||
eend $?
|
||||
}
|
||||
|
||||
stop() {
|
||||
local pidfile="$(get_options pidfile)"
|
||||
[ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}"
|
||||
ebegin "Shutting down Name Service Cache Daemon"
|
||||
start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile}
|
||||
eend $?
|
||||
}
|
||||
|
||||
# vim:ts=4
|
15
sys-libs/glibc/files/nscd.service
Normal file
15
sys-libs/glibc/files/nscd.service
Normal file
@ -0,0 +1,15 @@
|
||||
[Unit]
|
||||
Description=Name Service Cache Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/sbin/nscd -F
|
||||
ExecStop=/usr/sbin/nscd --shutdown
|
||||
ExecReload=/usr/sbin/nscd -i passwd
|
||||
ExecReload=/usr/sbin/nscd -i group
|
||||
ExecReload=/usr/sbin/nscd -i hosts
|
||||
ExecReload=/usr/sbin/nscd -i services
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
4
sys-libs/glibc/files/nscd.tmpfilesd
Normal file
4
sys-libs/glibc/files/nscd.tmpfilesd
Normal file
@ -0,0 +1,4 @@
|
||||
# Configuration to create /run/nscd directory
|
||||
# Used as part of systemd's tmpfiles
|
||||
|
||||
d /run/nscd 0755 root root
|
24
sys-libs/glibc/files/nsswitch.conf
Normal file
24
sys-libs/glibc/files/nsswitch.conf
Normal file
@ -0,0 +1,24 @@
|
||||
# /etc/nsswitch.conf:
|
||||
# $Id$
|
||||
|
||||
passwd: compat
|
||||
shadow: compat
|
||||
group: compat
|
||||
|
||||
# passwd: db files nis
|
||||
# shadow: db files nis
|
||||
# group: db files nis
|
||||
|
||||
hosts: files dns
|
||||
networks: files dns
|
||||
|
||||
services: db files
|
||||
protocols: db files
|
||||
rpc: db files
|
||||
ethers: db files
|
||||
netmasks: files
|
||||
netgroup: files
|
||||
bootparams: files
|
||||
|
||||
automount: files
|
||||
aliases: files
|
210
sys-libs/glibc/glibc-2.17.ebuild
Normal file
210
sys-libs/glibc/glibc-2.17.ebuild
Normal file
@ -0,0 +1,210 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="8" # Gentoo patchset
|
||||
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.20
|
||||
>=${CATEGORY}/gcc-4.3
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.20
|
||||
>=sys-devel/gcc-4.3
|
||||
virtual/os-headers
|
||||
!vanilla? ( >=sys-libs/timezone-data-2012c )"
|
||||
RDEPEND+="
|
||||
vanilla? ( !sys-libs/timezone-data )
|
||||
!vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_unpack-post() {
|
||||
if use hardened ; then
|
||||
cd "${S}"
|
||||
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
|
||||
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
|
||||
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
|
||||
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
|
||||
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
|
||||
debug/stack_chk_fail.c || die
|
||||
cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
|
||||
debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# When using Hardened Gentoo stack handler, have smashes dump core for
|
||||
# analysis - debug only, as core could be an information leak
|
||||
# (paranoia).
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug stack handler"
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug fortify handler"
|
||||
fi
|
||||
|
||||
# Build nscd with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
nscd/Makefile \
|
||||
|| die "Failed to ensure nscd builds with ssp-all"
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-pkg_preinst-post() {
|
||||
if [[ ${CTARGET} == arm* ]] ; then
|
||||
# Backwards compat support for renaming hardfp ldsos #417287
|
||||
local oldso='/lib/ld-linux.so.3'
|
||||
local nldso='/lib/ld-linux-armhf.so.3'
|
||||
if [[ -e ${D}${nldso} ]] ; then
|
||||
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
|
||||
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
|
||||
ewarn "Please rebuild all packages using this old ldso as compat"
|
||||
ewarn "support will be dropped in the future."
|
||||
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
210
sys-libs/glibc/glibc-2.18-r1.ebuild
Normal file
210
sys-libs/glibc/glibc-2.18-r1.ebuild
Normal file
@ -0,0 +1,210 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="4" # Gentoo patchset
|
||||
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.20
|
||||
>=${CATEGORY}/gcc-4.3
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.20
|
||||
>=sys-devel/gcc-4.3
|
||||
virtual/os-headers
|
||||
!vanilla? ( >=sys-libs/timezone-data-2012c )"
|
||||
RDEPEND+="
|
||||
vanilla? ( !sys-libs/timezone-data )
|
||||
!vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-mips-add-clock_-g-s-ettime-symbol-compat-hacks.patch" #456912 #481438
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_unpack-post() {
|
||||
if use hardened ; then
|
||||
cd "${S}"
|
||||
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
|
||||
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
|
||||
epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
|
||||
epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
|
||||
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \
|
||||
debug/stack_chk_fail.c || die
|
||||
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \
|
||||
debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# When using Hardened Gentoo stack handler, have smashes dump core for
|
||||
# analysis - debug only, as core could be an information leak
|
||||
# (paranoia).
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug stack handler"
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug fortify handler"
|
||||
fi
|
||||
|
||||
# Build nscd with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
nscd/Makefile \
|
||||
|| die "Failed to ensure nscd builds with ssp-all"
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-pkg_preinst-post() {
|
||||
if [[ ${CTARGET} == arm* ]] ; then
|
||||
# Backwards compat support for renaming hardfp ldsos #417287
|
||||
local oldso='/lib/ld-linux.so.3'
|
||||
local nldso='/lib/ld-linux-armhf.so.3'
|
||||
if [[ -e ${D}${nldso} ]] ; then
|
||||
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
|
||||
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
|
||||
ewarn "Please rebuild all packages using this old ldso as compat"
|
||||
ewarn "support will be dropped in the future."
|
||||
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
212
sys-libs/glibc/glibc-2.19-r1.ebuild
Normal file
212
sys-libs/glibc/glibc-2.19-r1.ebuild
Normal file
@ -0,0 +1,212 @@
|
||||
# Copyright 1999-2014 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="3" # Gentoo patchset
|
||||
NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.20
|
||||
>=${CATEGORY}/gcc-4.3
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.20
|
||||
>=sys-devel/gcc-4.3
|
||||
virtual/os-headers
|
||||
!vanilla? ( >=sys-libs/timezone-data-2012c )"
|
||||
RDEPEND+="
|
||||
vanilla? ( !sys-libs/timezone-data )
|
||||
!vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_unpack-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
|
||||
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
|
||||
epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch
|
||||
epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
|
||||
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \
|
||||
debug/stack_chk_fail.c || die
|
||||
cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \
|
||||
debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# When using Hardened Gentoo stack handler, have smashes dump core for
|
||||
# analysis - debug only, as core could be an information leak
|
||||
# (paranoia).
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug stack handler"
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile \
|
||||
|| die "Failed to modify debug/Makefile for debug fortify handler"
|
||||
fi
|
||||
|
||||
# Build nscd with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
nscd/Makefile \
|
||||
|| die "Failed to ensure nscd builds with ssp-all"
|
||||
fi
|
||||
}
|
||||
|
||||
eblit-pkg_preinst-post() {
|
||||
if [[ ${CTARGET} == arm* ]] ; then
|
||||
# Backwards compat support for renaming hardfp ldsos #417287
|
||||
local oldso='/lib/ld-linux.so.3'
|
||||
local nldso='/lib/ld-linux-armhf.so.3'
|
||||
if [[ -e ${D}${nldso} ]] ; then
|
||||
if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
|
||||
ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
|
||||
ewarn "Please rebuild all packages using this old ldso as compat"
|
||||
ewarn "support will be dropped in the future."
|
||||
ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
}
|
198
sys-libs/glibc/glibc-2.20-r2.ebuild
Normal file
198
sys-libs/glibc/glibc-2.20-r2.ebuild
Normal file
@ -0,0 +1,198 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="alpha amd64 arm arm64 -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="5" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.4
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.4
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
|
||||
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
|
||||
epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
|
||||
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
198
sys-libs/glibc/glibc-2.21-r2.ebuild
Normal file
198
sys-libs/glibc/glibc-2.21-r2.ebuild
Normal file
@ -0,0 +1,198 @@
|
||||
# Copyright 1999-2016 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="7" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.6
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.6
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
|
||||
gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
|
||||
epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
|
||||
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
197
sys-libs/glibc/glibc-2.22-r4.ebuild
Normal file
197
sys-libs/glibc/glibc-2.22-r4.ebuild
Normal file
@ -0,0 +1,197 @@
|
||||
# Copyright 1999-2016 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="13" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
DEPEND=">=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2
|
||||
selinux? ( sys-libs/libselinux )"
|
||||
RDEPEND="!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
selinux? ( sys-libs/libselinux )
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.6
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.6
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
205
sys-libs/glibc/glibc-2.23-r1.ebuild
Normal file
205
sys-libs/glibc/glibc-2.23-r1.ebuild
Normal file
@ -0,0 +1,205 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="4" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
COMMON_DEPEND="
|
||||
nscd? ( selinux? (
|
||||
audit? ( sys-process/audit )
|
||||
caps? ( sys-libs/libcap )
|
||||
) )
|
||||
suid? ( caps? ( sys-libs/libcap ) )
|
||||
selinux? ( sys-libs/libselinux )
|
||||
"
|
||||
DEPEND="${COMMON_DEPEND}
|
||||
>=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2"
|
||||
RDEPEND="${COMMON_DEPEND}
|
||||
!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.7
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.7
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
206
sys-libs/glibc/glibc-2.23-r2.ebuild
Normal file
206
sys-libs/glibc/glibc-2.23-r2.ebuild
Normal file
@ -0,0 +1,206 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="4" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
COMMON_DEPEND="
|
||||
nscd? ( selinux? (
|
||||
audit? ( sys-process/audit )
|
||||
caps? ( sys-libs/libcap )
|
||||
) )
|
||||
suid? ( caps? ( sys-libs/libcap ) )
|
||||
selinux? ( sys-libs/libselinux )
|
||||
"
|
||||
DEPEND="${COMMON_DEPEND}
|
||||
>=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2"
|
||||
RDEPEND="${COMMON_DEPEND}
|
||||
!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.7
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.7
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
# Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch"
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch"
|
||||
GLIBC_PATCH_EXCLUDE+=" 00_all_0009-sys-types.h-drop-sys-sysmacros.h-include.patch"
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
202
sys-libs/glibc/glibc-2.23-r3.ebuild
Normal file
202
sys-libs/glibc/glibc-2.23-r3.ebuild
Normal file
@ -0,0 +1,202 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="6" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
COMMON_DEPEND="
|
||||
nscd? ( selinux? (
|
||||
audit? ( sys-process/audit )
|
||||
caps? ( sys-libs/libcap )
|
||||
) )
|
||||
suid? ( caps? ( sys-libs/libcap ) )
|
||||
selinux? ( sys-libs/libselinux )
|
||||
"
|
||||
DEPEND="${COMMON_DEPEND}
|
||||
>=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2"
|
||||
RDEPEND="${COMMON_DEPEND}
|
||||
!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.7
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.7
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
201
sys-libs/glibc/glibc-2.24.ebuild
Normal file
201
sys-libs/glibc/glibc-2.24.ebuild
Normal file
@ -0,0 +1,201 @@
|
||||
# Copyright 1999-2016 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="2" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
COMMON_DEPEND="
|
||||
nscd? ( selinux? (
|
||||
audit? ( sys-process/audit )
|
||||
caps? ( sys-libs/libcap )
|
||||
) )
|
||||
suid? ( caps? ( sys-libs/libcap ) )
|
||||
selinux? ( sys-libs/libselinux )
|
||||
"
|
||||
DEPEND="${COMMON_DEPEND}
|
||||
>=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2"
|
||||
RDEPEND="${COMMON_DEPEND}
|
||||
!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.7
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.7
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
|
||||
case $(gcc-fullversion) in
|
||||
4.8.[0-3]|4.9.0)
|
||||
eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
|
||||
eerror "glibc. See https://bugs.gentoo.org/547420 for details."
|
||||
die "need to switch compilers #547420"
|
||||
;;
|
||||
esac
|
||||
}
|
192
sys-libs/glibc/glibc-9999.ebuild
Normal file
192
sys-libs/glibc/glibc-9999.ebuild
Normal file
@ -0,0 +1,192 @@
|
||||
# Copyright 1999-2015 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Id$
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing
|
||||
|
||||
DESCRIPTION="GNU libc6 (also called glibc2) C library"
|
||||
HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
|
||||
|
||||
LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
|
||||
#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
|
||||
RESTRICT="strip" # strip ourself #46186
|
||||
EMULTILIB_PKG="true"
|
||||
|
||||
# Configuration variables
|
||||
RELEASE_VER=""
|
||||
case ${PV} in
|
||||
9999*)
|
||||
EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
|
||||
EGIT_SOURCEDIRS="${S}"
|
||||
inherit git-2
|
||||
;;
|
||||
*)
|
||||
RELEASE_VER=${PV}
|
||||
;;
|
||||
esac
|
||||
GCC_BOOTSTRAP_VER="4.7.3-r1"
|
||||
PATCH_VER="" # Gentoo patchset
|
||||
: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
|
||||
|
||||
IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
|
||||
|
||||
# Here's how the cross-compile logic breaks down ...
|
||||
# CTARGET - machine that will target the binaries
|
||||
# CHOST - machine that will host the binaries
|
||||
# CBUILD - machine that will build the binaries
|
||||
# If CTARGET != CHOST, it means you want a libc for cross-compiling.
|
||||
# If CHOST != CBUILD, it means you want to cross-compile the libc.
|
||||
# CBUILD = CHOST = CTARGET - native build/install
|
||||
# CBUILD != (CHOST = CTARGET) - cross-compile a native build
|
||||
# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
|
||||
# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
|
||||
# For install paths:
|
||||
# CHOST = CTARGET - install into /
|
||||
# CHOST != CTARGET - install into /usr/CTARGET/
|
||||
|
||||
export CBUILD=${CBUILD:-${CHOST}}
|
||||
export CTARGET=${CTARGET:-${CHOST}}
|
||||
if [[ ${CTARGET} == ${CHOST} ]] ; then
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
export CTARGET=${CATEGORY#cross-}
|
||||
fi
|
||||
fi
|
||||
|
||||
is_crosscompile() {
|
||||
[[ ${CHOST} != ${CTARGET} ]]
|
||||
}
|
||||
|
||||
# Why SLOT 2.2 you ask yourself while sippin your tea ?
|
||||
# Everyone knows 2.2 > 0, duh.
|
||||
SLOT="2.2"
|
||||
|
||||
# General: We need a new-enough binutils/gcc to match upstream baseline.
|
||||
# arch: we need to make sure our binutils/gcc supports TLS.
|
||||
COMMON_DEPEND="
|
||||
nscd? ( selinux? (
|
||||
audit? ( sys-process/audit )
|
||||
caps? ( sys-libs/libcap )
|
||||
) )
|
||||
suid? ( caps? ( sys-libs/libcap ) )
|
||||
selinux? ( sys-libs/libselinux )
|
||||
"
|
||||
DEPEND="${COMMON_DEPEND}
|
||||
>=app-misc/pax-utils-0.1.10
|
||||
!<sys-apps/sandbox-1.6
|
||||
!<sys-apps/portage-2.1.2"
|
||||
RDEPEND="${COMMON_DEPEND}
|
||||
!sys-kernel/ps3-sources
|
||||
sys-apps/gentoo-functions
|
||||
!sys-libs/nss-db"
|
||||
|
||||
if [[ ${CATEGORY} == cross-* ]] ; then
|
||||
DEPEND+=" !crosscompile_opts_headers-only? (
|
||||
>=${CATEGORY}/binutils-2.24
|
||||
>=${CATEGORY}/gcc-4.7
|
||||
)"
|
||||
[[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
|
||||
else
|
||||
DEPEND+="
|
||||
>=sys-devel/binutils-2.24
|
||||
>=sys-devel/gcc-4.7
|
||||
virtual/os-headers"
|
||||
RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
|
||||
PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
|
||||
fi
|
||||
|
||||
upstream_uris() {
|
||||
echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
|
||||
}
|
||||
gentoo_uris() {
|
||||
local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
|
||||
devspace=${devspace//HTTP/https://dev.gentoo.org/}
|
||||
echo mirror://gentoo/$1 ${devspace//URI/$1}
|
||||
}
|
||||
SRC_URI=$(
|
||||
[[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
|
||||
[[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
|
||||
)
|
||||
SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
|
||||
|
||||
# eblit-include [--skip] <function> [version]
|
||||
eblit-include() {
|
||||
local skipable=false
|
||||
[[ $1 == "--skip" ]] && skipable=true && shift
|
||||
[[ $1 == pkg_* ]] && skipable=true
|
||||
|
||||
local e v func=$1 ver=$2
|
||||
[[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
|
||||
for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
|
||||
e="${FILESDIR}/eblits/${func}${v}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
source "${e}"
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
${skipable} && return 0
|
||||
die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
|
||||
}
|
||||
|
||||
# eblit-run-maybe <function>
|
||||
# run the specified function if it is defined
|
||||
eblit-run-maybe() {
|
||||
[[ $(type -t "$@") == "function" ]] && "$@"
|
||||
}
|
||||
|
||||
# eblit-run <function> [version]
|
||||
# aka: src_unpack() { eblit-run src_unpack ; }
|
||||
eblit-run() {
|
||||
eblit-include --skip common "${*:2}"
|
||||
eblit-include "$@"
|
||||
eblit-run-maybe eblit-$1-pre
|
||||
eblit-${PN}-$1
|
||||
eblit-run-maybe eblit-$1-post
|
||||
}
|
||||
|
||||
src_unpack() { eblit-run src_unpack ; }
|
||||
src_prepare() { eblit-run src_prepare ; }
|
||||
src_configure() { eblit-run src_configure ; }
|
||||
src_compile() { eblit-run src_compile ; }
|
||||
src_test() { eblit-run src_test ; }
|
||||
src_install() { eblit-run src_install ; }
|
||||
|
||||
# FILESDIR might not be available during binpkg install
|
||||
for x in pretend setup {pre,post}inst ; do
|
||||
e="${FILESDIR}/eblits/pkg_${x}.eblit"
|
||||
if [[ -e ${e} ]] ; then
|
||||
. "${e}"
|
||||
eval "pkg_${x}() { eblit-run pkg_${x} ; }"
|
||||
fi
|
||||
done
|
||||
|
||||
eblit-src_unpack-pre() {
|
||||
[[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
|
||||
}
|
||||
|
||||
eblit-src_prepare-post() {
|
||||
cd "${S}"
|
||||
|
||||
if use hardened ; then
|
||||
# We don't enable these for non-hardened as the output is very terse --
|
||||
# it only states that a crash happened. The default upstream behavior
|
||||
# includes backtraces and symbols.
|
||||
einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
|
||||
cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
|
||||
|
||||
if use debug ; then
|
||||
# Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
|
||||
sed -i \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
-e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
|
||||
debug/Makefile || die
|
||||
fi
|
||||
|
||||
# Build various bits with ssp-all
|
||||
sed -i \
|
||||
-e 's:-fstack-protector$:-fstack-protector-all:' \
|
||||
*/Makefile || die
|
||||
fi
|
||||
}
|
19
sys-libs/glibc/metadata.xml
Normal file
19
sys-libs/glibc/metadata.xml
Normal file
@ -0,0 +1,19 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<maintainer type="project">
|
||||
<email>toolchain@gentoo.org</email>
|
||||
<name>Gentoo Toolchain Project</name>
|
||||
</maintainer>
|
||||
<use>
|
||||
<flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag>
|
||||
<flag name="gd">build memusage and memusagestat tools</flag>
|
||||
<flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag>
|
||||
<flag name="rpc">Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391)</flag>
|
||||
<flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag>
|
||||
<flag name="systemtap">enable systemtap static probe points</flag>
|
||||
</use>
|
||||
<upstream>
|
||||
<remote-id type="cpe">cpe:/a:gnu:glibc</remote-id>
|
||||
</upstream>
|
||||
</pkgmetadata>
|
Loading…
Reference in New Issue
Block a user