diff options
Diffstat (limited to 'sys-libs/glibc')
35 files changed, 7293 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest new file mode 100644 index 000000000000..689340378c4a --- /dev/null +++ b/sys-libs/glibc/Manifest @@ -0,0 +1,63 @@ +AUX 2.10/glibc-2.10-gentoo-chk_fail.c 9407 SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e SHA512 d1c51c573353b3b8ae6ab1bcc8c10eda5cad8b98fc7ab4848e4fbd8a8736174f3c3fd1b72dd80c72b1e54be78f1cae4dc1ab8130df25aa6d1495e5cbbaf3b9f6 WHIRLPOOL 32028ddeb422d89c0523fec994413e67c6afd9fcfdaf147d3d6a28bd02f8feabda9571ced4509253b7061a95bb2c16cecf94a4274671b33909ff545b1787f101 +AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 SHA512 e0a09f77b209a72ab577fe1e62126609fdddedf3fba0eec749c4b506cdf793779b48390f055a3594892120f694291f8340c0b6f51862e94c03fd516897138be7 WHIRLPOOL d1b8e1536696350e0ed9eaf9a923daa7c004ef40ae94c1c3ba3d6cb293f1c19364cefbe8491089061124cbe26a9fded9f3d38d89f1bda56d408162e53702e8d4 +AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 SHA512 0605b7964af87d1d6bdccea5c4d1bfe6267d4401b8bbf0c8bb689663e6bb3ef92eebad8be6c23ffdf6632a4d5e6098d8a403c3e84ffb21b5e87b5b1d1ec3512d WHIRLPOOL 635261b547883bbfbe23c802fcf97916dee823b367f96732ccecd7506dff004b87f2d36d97ed398510711330f3a53f039a14e226d20a681cc201a8c7a3450833 +AUX 2.17/glibc-2.17-hardened-pie.patch 1784 SHA256 bba32e40c73aef20122b2825f31e5c3aa058b61feae4f32f336e1941f83f82d1 SHA512 9ecfe2b6c8c982a42786181d6507d5fa588a6868109065451f58a779848837bd5e69c32a24e43a186c2ff63a9784015c51487e342c87982ac074139e36c169fc WHIRLPOOL 1baffbef9e6d870ea2f2ae5be014b71020a213a1a11e9856fa207545867de444ed164cb926b2aac23471854eaaf72a87e38760702b32bfcfa639add8733d925e +AUX 2.18/glibc-2.18-gentoo-chk_fail.c 9384 SHA256 e6ed60f4e0d262aaaffac2b84fd2fcf7906965dc9d91a2150b8b2d9f50e7b9e4 SHA512 f7106e36fa49b0000192c281edfcd49338c825b8b8663ac9d7304e8fe8b2f44b39c6c82a741b8e8abce4cbe2fd72f64e3cfe7a18ff504a4b2b2d63e5c75d62b7 WHIRLPOOL 80aa86694aedf306276ba74334a14e98b108caca046430e6ce71ec67221ef716e7350a667929bf79277bfa9f0eaa23d4544f8acf7e32fd54a26b3a0f5ebc596c +AUX 2.18/glibc-2.18-gentoo-stack_chk_fail.c 9599 SHA256 039a6249236c60bb909e67339fd7ef6eefd1f4bb71b8cd39f4fe04530c536315 SHA512 97acbdb8aa87dd7e197a1577bd053374b1c8c30d6c82f4a71ef04409bf87b36a60322237cb79896ebdb49960fcaae4c4f2333497f5c255f67717b01d6d62c2d5 WHIRLPOOL 40ed26d3a251a6f4de125a588bafb911b7ba4867f5139142c00a2bc2f2616658a45cff144d2629bdf33cadece020ed6a1bd7a74047da812821cdb6d3e8253f40 +AUX 2.18/glibc-2.18-hardened-inittls-nosysenter.patch 8981 SHA256 3fcdef34164b7fa6e493e081d32427017d239236aa4e183e3a470fe49a028eb7 SHA512 98feb8f12dc5d2bb030ec7c6c77f3f9389ebc208fafc96496f316e577457dd991294d59735b013b17e1d10d5c7b63471d5b857d2334be78239a8ceb1ad62b1fc WHIRLPOOL 52ac2452fe3f9ec6ac3f4635cf017d1347eda6b950f25ecee6ef1b444de97fad5a1792432e0c783375fc7d07c80b4cd77e48a6d6051aec3933696e2f17fcec18 +AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0 +AUX 2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch 1360 SHA256 f0d8bb004f598375b61e67e1c215b15953c293038243207f2d85cbe9f10d093e SHA512 79876b12871b3e7693340bfdf99276ac0dfd6ff30bc977a9526af9e681fcbab2f25d3ac9e2b33f027c968b38a4b670237de54ffd08edc418423ecd82dddd1d67 WHIRLPOOL 5ca64dddf58a790cc5f6090ae48fc4bd4799a9aac4c67f6ef7d1fea9498208ffc38ee8167b6ec80dc97c4f723fcdfade8f573893f1b380aff04f6d0476d0d253 +AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d +AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c +AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f +AUX 2.25/glibc-2.25-gentoo-chk_fail.c 9068 SHA256 cf8ba550579c9891bb0dd415df38fddc897ec0ff47f6b30ea935f0b34633106b SHA512 4503002b0e2cee0b6efc4599152d24fcff330157d4e35992a77d0d83a2decc4cf2da2b8645a44d90d428a1d82300a4fd8d13c5937b7c89f368c12b3c9139be6f WHIRLPOOL 1ac8777a52bb26fb9930720879d2e1d7c1b8e8c8bafaa611cca385c36301d67698b296032e66e20663c5ddc62e87220d172ceeef08b4fbfc63159f0f7b6ec099 +AUX 2.6/glibc-2.6-gentoo-stack_chk_fail.c 9545 SHA256 1410ded812be80d452eada5f9d6b9bd7bdb504c14f01cc27dce3e36b6f92b92a SHA512 360b77df2d19d14060e19e763878297bf042eccd5206ce4829a33c78c982b59b46144116d237a7cac73a22dd6cb4987c8dd50f1d16003baa22c2cb2942d2cbdf WHIRLPOOL 44e14dacdd258c46201a44c2c6aae4d975b960a914c24e49f2b39dae960636512049daa052d3cd8e8d93819d263327c28eac947efdb5d9e240d1bc6e9964016f +AUX nscd 1520 SHA256 13391343bfc64379c696b4bfc1cfe8d7fbb2886f477265343fddf448d82deabf SHA512 9dc02748b89229af665983abe9067a6c23f1e39ee0593c845386c3390db316920242526740b615a065dd6d381e3f39a4b0e3e91aa6b27909ba52bb6d21fd285b WHIRLPOOL 420ce9fbbcb15acb66674ee6110f7f331b886b55c172e3480c3cf8e7c8fd747f8bc1525792710b2eb6363da47cc44295b0d164eff0281406bca7a95f9d2c1eec +AUX nscd.service 337 SHA256 de7bc9946309d34f0ab44aa22a4d3cf259fe91c57e8000d741cb09ecd3a6caa0 SHA512 2001100f3b054843c69b6fd2d38852c7c824282aa8998c25a3c0352db993705429d25c70d8ce6cb3579f836b7089644c520acac423ebd69cb1b36e94a77c5bea WHIRLPOOL f01d191971b0dc45f541c9ebaaa1a40f3497e2cc838cff6a20a7b1828d726c248abbd94322a5a5ff30c33ddb7d9086cd4d2ba3bdc1811fed59ff292ef3983a72 +AUX nscd.tmpfilesd 111 SHA256 f0f64c4612d2097173854d2ec2e94ecbf4b77c7a6e94d950874e37346aa90d72 SHA512 53b80b331e1a85d8ee16eb2ce547a7249e944926c3d1cdd4a47a5301a5c842ffc7ec1e3dc0a731542a8facf8261c1c57121802d01741aa89898a3476c09da340 WHIRLPOOL cf1fed1a7e2ac1623a84f1cfa2062645afe3f791da2f4ace3859d12aa05df0e282b4c2e367a460015956ac2a8d01fee4cda84917a3adf2c38561dff200335270 +AUX nsswitch.conf 394 SHA256 608220300fada6ae9ac918b0c87e1ffba0dd739384f1f28554217637e1930712 SHA512 ec9aca1618fb3727cef0601bf893f77cb3db453cad5dd8cff1ebdef2096d57899083f471249b43d4e117ba375b1d5b2e5e22e803fe71d84bc3cd1ef91f5851aa WHIRLPOOL b8d9372c361510f2342d173ad4fe5d341039ee09a9065451ac591414f83cd7a23d156e7b09f634ce26aa28ec4cbdcfcdc730cbc7ff202a28866790d96da62369 +DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f +DIST glibc-2.17-patches-8.tar.bz2 83707 SHA256 477946a4915dcd0cc0565ff8532d219e2ee868f6e821ea71ce579652d01ccbb3 SHA512 6675357e62b554d9d0f8ef70341b8038f8f89591fba384bc3783ef81aead0532486e2218af71da9c6f88a3b8b382edec81bed36eb636ee231eac80e111acbfd8 WHIRLPOOL 946f431b28ec60cc61d44364187f64a2d6e92ed7c9071126cf70277843c656de4dfac9f184f572f9a72c0cb452d879cdb7aca5b9f92f8ff02a8b1a521fffef43 +DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23 +DIST glibc-2.18-patches-4.tar.bz2 95165 SHA256 89b458e22db60847b4ad869e3b5cf32868528b8d73205a692a6c0d07779dd083 SHA512 d881c9c5fe32b967694d4ca5185ff5ffc964449f2ed49fd062e5d57a3c6d9f16eef2f591d2d8e98a1a95a6487f3436ef031839ed8766fd085404b288340b7933 WHIRLPOOL 55f87d0efce1f84b45968f377e868c31102cb5228fe4ff1ffa132770f242f9f4f1843c28e4eb38ee7bed1321507ae12b7284a18199af63df1ecd070233d1076f +DIST glibc-2.18.tar.xz 11150148 SHA256 2cb4e1e381928f1e5e55e71ab1ba8e0ea7ede75ff9709770435bfd018ea257a3 SHA512 27218d2e7dd3bf3908d7af171c490933680e958c579ebd27b43b661e223fd5de2219cc1cf699170405280808c84de476d0ad86dbba35a488ef404e9438552327 WHIRLPOOL 89b877c7db602ffd4374c7fb84db17397b91f889a7de6259f79374cc3fcd00613114cbb93feb518ef25fb2e579fb03843df15d17235c1fe1b6a7e0e64aa8e8fa +DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3 +DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6 +DIST glibc-2.20-patches-5.tar.bz2 55986 SHA256 3d3eec9ac9b5d0530f9e05614f4646d64ff93a48865b42c156990bea69247cda SHA512 409f59a028127e02f0c9f91107715b540d8d234475830adc17108a02664be232098d119b43bcc8df9b328ab50c1fffb0868d510e6487ce1c34ec2c7c7a78375b WHIRLPOOL b3c41b01af5d8ae8e901ac48ae124e13ff1c76fbeb35315cb9630c648c03d7abbfb753294cbdfe1dc939bda260e24d8450ffb19cfe5c255b32f8c5500f2c43f3 +DIST glibc-2.20.tar.xz 12283992 SHA256 f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5 SHA512 7a8eea8b71d3ccba766c3f304cab61055446d451ef063309476b26dc40d880562dc33b1b68fbedeedb4b55b84c26415b9202311aaa71ef8c141b6849a814d2fa WHIRLPOOL 042f74d75c62a655ae35348c9cd0bed0845ab199e37a76635eb74c04ed927b5eca77723c38d2dc46f12fca62c1004001887b43946a914b079ad22f6a9cc8daaa +DIST glibc-2.21-patches-7.tar.bz2 46894 SHA256 49126df6f4b819f2c315cca0a07e9b8ee7e279257148506d336ccfef5766bbcb SHA512 e4cca3d753c0b9d213c0ed85e3d08cbbf6517862b3a48af987e010abaf5a022b47330040ced183d30b5b934de7587e97b4342e51a6df3d5cfa768bdd8b43b756 WHIRLPOOL b5f4bffdcaf629d735e7498f509bf2130acb18194b18e69747bb6c3e403b221f2163eea3770bb19c05253d7134f70ed4657d7c30c5978f7b5571a3482f9521ad +DIST glibc-2.21.tar.xz 12322092 SHA256 aeeb362437965a5d3f40b151094ca79def04a115bd363fdd4a9a0c69482923b8 SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d WHIRLPOOL d07fec32bd92eade065a3b6170932b8bd41d07df4aa69dd5a860ebb9678c22bd1e20bf88b1fc05c3ecc18e709c0a63118e12525dc668e0399d7ef7fe4454702d +DIST glibc-2.22-patches-13.tar.bz2 74479 SHA256 ffd1e0f9a41be030e5ce2518d9e84a1fbaa9a4fb2e96f1b85dafb05fea666c86 SHA512 73517fc1502b0733d67ade1d1ba6168415f5da64f37045fac0b10ef57155bf6dfbe1876e4742d2543fcea0c935c179426f6fbb94f0205968392ef903d2f83897 WHIRLPOOL 0eeedaf09eb42e5186256dd41aae00cd2b9b8e3ab929a792e83d0fd8e8a8630d829f01b293588bf59e105eb17ab512416d8d115c3e542cddc34a84b84d56af3d +DIST glibc-2.22.tar.xz 12969072 SHA256 eb731406903befef1d8f878a46be75ef862b9056ab0cde1626d08a7a05328948 SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b WHIRLPOOL f7e707b3776fc197a2e7bf5633721925507237b154bbc1f94b9fc303c87e6fc039ff0758da6ee55b4c1a0daaa87c6e594a6c96e7b00a7ba8ae98ee29918709a7 +DIST glibc-2.23-patches-7.tar.bz2 315221 SHA256 97ef9e370ce9b09d8e9b9f6239f7ef94dd837d29b7bfc1404438c63da1d534ac SHA512 c0d0cab0a370acef0b085b0ab09ce868425a12bbb371d0a9ff91dc83a74a0d8d3b541d10c44650b00b7cb155f8ac1f87764e6a6bd9d6bae8a9a904b4df1650ef WHIRLPOOL 128ea1a2eeaad3d95cdf1054d10232a34e8f88d10ed8907a67d9ff02734243d20b21595ca3698a4861d9c65e2a59aedbcf8e399bd1ed879dba1556ce2995ad9b +DIST glibc-2.23-patches-8.tar.bz2 304199 SHA256 6110777176abfb8d287d82804d98e007c255db6040a1beca589a212772c90482 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2 WHIRLPOOL 1ef9a431d67d7669f34f7db21185d50ddd6dc82c549a9ff274f0b98454417f4098ee771bfe10073be12d3c153ee46ff36e40b46ecb31844ab09791ae29b49074 +DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71 +DIST glibc-2.24-patches-10.tar.bz2 73586 SHA256 d479033b63ff796fea56fb1bde390c442021acd856994b15c983b4a89e46fbbe SHA512 fc9191a85da53a2515bbaab228648936682e04267284049468e0c82284f618ab2907b9247baca701e16edc50640199ff6d8e2a6a93ccbd5a9d3b0eb73cc484ca WHIRLPOOL 7afe94307900a70de2f5e028d8ec9e0f4b06b661ec6493217e51a13d750f891e10b45c0f66d86fa83c16cc3ce539bb257039b33bc3e363469cd03502d956d75e +DIST glibc-2.24.tar.xz 13554048 SHA256 99d4a3e8efd144d71488e478f62587578c0f4e1fa0b4eed47ee3d4975ebeb5d3 SHA512 a4cb28a2c51a0cc029ed69da7cba11931a615ba897235590b4f7fad2eaabec9042f8250eaac2a5860997437a69ab13304f10a634000e52c0336b5593b7969adb WHIRLPOOL be82b47fc73f7e780e8e73a5f58b313d8e861d5ea8c4320f95ef0d8c1e125ff011d61dcfc0380be0e83868bd8c3299de1ea662da7fc8d709050e89b2c126e3eb +DIST glibc-2.25-patches-11.tar.bz2 64221 SHA256 38c76c844238a7bbaecc85b359e67af6a98a1614f3196f25d85f83dec4358e99 SHA512 cbbbca9653f55f0cb3b73c38c979cb439c87b172819f3e999d2b435d59cd2bef2c89f11a398300c53f447ad433ee87f47a0f3e890c78f8694705c788455325dd WHIRLPOOL e61203ac129d7283f3beda1421e1365da58c229bcb6b6a1f8b71755d9ea0e2bfb64b8be69ab7698861a593d4b98ab6163d574f3c215fba0a0d9e6a1b15d2eed5 +DIST glibc-2.25-patches-8.tar.bz2 47110 SHA256 1dc41664153369886d240a1851b15bf0c3c3739c8319e6d68cb0c2f85fc98901 SHA512 41d772c47770a63502c863f3c9bb05164e0ceab69fb7b7f355c25685ae4285d73e9ab0e3836162bd11852339055329d0bdc7238f3191fde39a50ce0d9a60454c WHIRLPOOL c6e0443d75e2e4607226caa4df1ce2b10ef21ec2564b447e2a287888d1f593d51f334a6e1ab942f5d1602d02c6fee87ce4ef9a7db3409de6063bc377a470a42d +DIST glibc-2.25-patches-9.tar.bz2 67901 SHA256 cbd8af837aa0776940fd41e34874e930a7f25d78cdd212e138dd9a85e1349519 SHA512 b4f0be5b20834aff102394df23084cc0adf1ab674e6ce050550f6b6658cf0eab57f7685cac079b1a19388dba927a36b8ca31f58af3dddc559d7230674ffd59b5 WHIRLPOOL 81c18056fe26a79c7a7598da1181ba02e83daf7d9e9883a3c1195804a35fe22a79d7cc4a8411f2f4a4ce6430e506978199f59b61d3ed0a70b4e4f7dd05ecfafe +DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 +DIST glibc-2.26-patches-1.tar.bz2 26479 SHA256 ce54a83d17dc2d605e69045a9031d31c729e660fa33e740780de2fea1f186115 SHA512 416cd1e2f4a7eaed2c1f5cd2d483a9d695e82e33add42d0f1c854fd69ccb2ce7f99666aee8fb7bc2320d5d3f44780c3d872134f383279ba573325df91f061dbf WHIRLPOOL deb3a5d12510b20f427a4d82a8b5fff4ab4c4932e6096ddd056efe07d1453f5099040db2c9794c3df4fa79516424a28d2c0c2158e3aec6ae6b05b840ee5e156d +DIST glibc-2.26-patches-2.tar.bz2 68040 SHA256 c40f03059d389fd8b22b54f83c0a669c44a38ee84cc359cb86d8f6dbdd1b957f SHA512 2b54d6e33b29d5ee5e4d4b64f299bf15e22ece5ce6555dafe43fd97ec8a2d9ef0645075ff24dc593ec6f89e02caf40c25a72af93ecd11113fba77268ccf486e2 WHIRLPOOL 59c54cdd2e3e64091dd206ad6b5ff467eff6c0d7f8ef5ab11504a4e6cfe958f762b9de2fbe8b6004a9e19963520a84a493ccf03908a78ea0a452dbc28e0df1e5 +DIST glibc-2.26.tar.xz 14682748 SHA256 e54e0a934cd2bc94429be79da5e9385898d2306b9eaf3c92d5a77af96190f6bd SHA512 6ed368523bc55f00976f96c5177f114e3f714b27273d7bffc252812c8b98fb81970403c1f5b5f0a61da678811532fb446530745492d2b49bfefc0d5bd71ce8c0 WHIRLPOOL 9091c3bccc9b590de6b9595aa391ba01091f0c301bd9199d7c48fbeaeeb013ec9c683c68b65b59c5a69e3905b7f842cca1b0a410431967ecb3a1229b8535486f +DIST glibc-9999-patches-3.tar.bz2 19892 SHA256 97f60ed6debd495610b123d7a27227e75942bea1a0fb1e5f78833a6f3bbe6c64 SHA512 75084b86a83d447d3a4b3959fa2a93d849e304ba9473ebec5570ca4fb5e2f8dfb38548faf3abc9fbd29b529f2c608b52eb2ef2e6e9a2ad5bea9a9298a19ef596 WHIRLPOOL 04a5c30aabf72530fa96fa3a8eadf8207d85d3a2a948ba5f4b72c0deeeae24e7eb71b99875f0e9b1018051fabb4a23630b41873fa4ff0d6ba9778ca6051212bf +EBUILD glibc-2.17.ebuild 5489 SHA256 09a8f36c613552e89d7663fd29f79d1ec842e5732188610569e7f521f03178ec SHA512 2f68b5e8947a0c9086b788a0472260ab6e7026d3b1d8e35fe05ae0221a16079cbba085653dd676ff4af4f35de3f9e05d83eaed6cdfd44b5e9538ae7d802cdc87 WHIRLPOOL 5ee03596ade2788e055d9894bf85d3ab2f77d7541088ab1616cd888355a4f05d804cfb1dacfb460cf3f6f762afdc72c844844ab2dd7a725f3d261d3be6d8ddfe +EBUILD glibc-2.18-r1.ebuild 5550 SHA256 f1652aed48da55524fdcbabff8ba578b514c56ff194dbfd223856477b43bc815 SHA512 c6987e27573579da33711c68a1ce1e0c4535874666f50a149b9e484c87838e3dd1c7376c2cb15a6d85e1998a4f000660b5b4e659d37b4526e1752ea973046fb2 WHIRLPOOL 6aef74c03d2af530bc78c4122e32aedefd21bd5e10e43a92212a59eadc4c7dea59bbd5408807dbe6a604ffe88c3fed8506c15f9ebcfe122be2a74466dd84cef3 +EBUILD glibc-2.19-r1.ebuild 5507 SHA256 a5efd011a0df8ebe87e3f6ac64458e85524d211ca0244679d391dfa225daa12d SHA512 122c3628afa6e08a5f9eaa08cbde7cfa21ed47decc935634184541a5e5192a778524c99aac20c534a4cbd494dfa474cd152dca74012131419eaef52d6409ac1d WHIRLPOOL 48b82428e325934bae15effa303177d66977823149f7c9ed3e1e96dc8da030dbdcd81559cb11358be8159854aae9e04773a62289c5cccb1adc104b948aa8d310 +EBUILD glibc-2.20-r2.ebuild 4983 SHA256 d5df9d77752a0cfac560040f64d87e59809c0d19ac1b263cde0f858c8449b29c SHA512 29fd2fc8e0bdd875aa439bec4ab58e76edd40bc8ec7f5545d85be5b45e7e572356f71c5c06b5e48f0e6cd0efe61766f8f789a39aa222840143f2389f95b6c484 WHIRLPOOL 3ba05598e5b861eaf5b6bbdc47a8d8c96b3f7b8a17323ee29abc9401f1ef2c2586219721d07e15ddd0b6c64e1464ba366c990944abc6e0e7df70eb92c4d3dc8e +EBUILD glibc-2.21-r2.ebuild 4958 SHA256 3e5b00eed148166a5b738d645ac10bf5932641b91b9fd9c8bf414036cf53ab70 SHA512 4e95449753ac9043ae7b5db1442f05106bee6237d24529e8cc0bc4ba1270937a067d25a9c90ccc357f8d38d8bc6be9c5c9bf52472c8adac9b5cc9c8c415cc8f5 WHIRLPOOL 62c6641d334091e23fe9d5631176f3f4605ef4f32df445c502df20782c68fd3f07a5076dbe671d67869c5e806b4b39997dd59e706326b45f6dccb8d3a498dd56 +EBUILD glibc-2.22-r4.ebuild 5009 SHA256 897760d86ae324656302bb26ddbdf9a18a7a6b049da496741117bd84b4761035 SHA512 740e963131bbebb20614a9cd27b09a3a1707f91bb83e1aede168156e15cc546950b5c2e6226d44c879b2a4fc8ab96ce9d648d9ed3b67cb2c06d6868a0a3bd3e0 WHIRLPOOL 755150e31951f2ad6b37a70fe10734a7b0c03b98a16ffac4e6cb1a43be4f91af0def460b573be2e2d176d0fb88854a5cd3fa722190a3809c94430ef4041afd81 +EBUILD glibc-2.23-r3.ebuild 4890 SHA256 364b764f399b9525f719563cf2d50c0c75c092419d38583ae7fff2fffe1eeb7c SHA512 1cc3788c854e92a1ee5df8a421af0d3180f15b83077bd06c83632e49c31b91baea7a58f6a2c849fac6e0438d36de81d989c9e1a1e79ace0db5d2502c67d19344 WHIRLPOOL c5ca04af9119ab27c26ad2c9318eea3e99ddbe61fff67e3a1093e402808bb4dbeb3baa8ee9b192696aadb3ce39b30d1bdf520705e0e731a66a379e4fa19f3083 +EBUILD glibc-2.23-r4.ebuild 5011 SHA256 3690a8b559bd563dc9af89d1217f5021c7da1b89eb5ec513e8b725e04cb45e0e SHA512 3695c8acea09838cc79c33379cfcaf0eb774759f3af5863892ff9c63732926764a8a5187ab9aaccdfd358d62c0884feab95a7055735c9295549d5c8f0c198221 WHIRLPOOL d6a6404e9968ea604d578d500ff7cd550097c1cc30713d61253a130d6a26f9f228ea83189abc611b4704e58be2b74323ab8f106faf4d3db92f7c61f27bf43d93 +EBUILD glibc-2.24-r4.ebuild 5047 SHA256 c200272f9c19ce196e788572aa0ff5e0e0a24b37b6fd3b0a85236406b6ea8f11 SHA512 d93834a9012716293c1992d6217eed6364782e6e01c692e349c6edb00bbda6dd5f227f70977e438b46de0861e9a2d4bc8c04270873cec75b1eb395b1328ea8e2 WHIRLPOOL 4dfbf4334444fb77baca96eb14911738f3253709816a6e87ddc2d53c5eebfec22abc32dd61dece00dd250a13574a35df5b8bb3d6812b6fb27e05e192c5d44297 +EBUILD glibc-2.25-r4.ebuild 4924 SHA256 c0da394b59de8b630923bcf8c6dc1380cf0a78188d6249cd8c9ee4845cd091fd SHA512 b161ebb907156041d3b94d9e0d46de6587be6dc76ebe9e078d5341c4ce5e98644d44b75fc64bb3f2f113564ddd0f9f78409c18a8e64d6e5c73b942da0e065133 WHIRLPOOL 662eecd40af24e60074e023ad01b3a0fb5dcfe5abe2e670f745243700c7630dda1ec438b84617b23b58f82a1743a9976535b8c039494df2d0e35a9a2e81551b5 +EBUILD glibc-2.25-r5.ebuild 4966 SHA256 ed5fdeab50bec85ee4c5127b598cacf66d1f2b7429250203d63e33056d56288b SHA512 9b8eaa8a37ed54c7cf48a40bc9c15da3918d787e0374ffa7d63350d6ccbd2077435871f7021e3c0e975134299c9c1a3b40f990cd9535d35d9f488a0853213a72 WHIRLPOOL a2f1379c652f3acf13ae17775b86bd9775b4a1a9f21af223f23823522714d108ce8351cb2869ef9e9f782bbc256f39162f377f01e6b8aa8182432cf4ea8f0033 +EBUILD glibc-2.25-r7.ebuild 4967 SHA256 3793570b4b1bd9bfc3475ba7edca14683b7c5ec9653141f2d1a67751d85f8f65 SHA512 242db7036410f38e18d9dccf75599602d190acdd6b36c344227383d62853526c398c44f88612628de857b7a8ee6f1194d123a1f4e13c23684ca46482f540f91e WHIRLPOOL 952248ef8b7b31c45e6136141cccbf6544f11f01d006ba9d9ba44528c8bdb8a4cf2dab9a0ce707c74987d71bd5b792e618309750457f72242932870a2d99900b +EBUILD glibc-2.26-r1.ebuild 23722 SHA256 899859c6118f79e8a74ea4bf962ad05b9c6f7556aaa5fecc725529e4a5139470 SHA512 3ca6176057d707eb408217d19801cffc180f1c1f29b7031ce1b60b600fab92843354a4b41b3a05e195a526c81b3aa1c8b9fe936773365d69c6b3195eb6a4bdd8 WHIRLPOOL dc1d21e11cddbdb3e62ddfce6258fd69e2b79f159a9a98f769a6e38fff723cc074136923a7f2cc426f188fb25d780a0f8a48c752208c830f5b05371a3d7b97b6 +EBUILD glibc-2.26-r2.ebuild 23725 SHA256 f67f77719efc019599fcefa6f54e1c5dd6f8ed90a0afb42307994d7d42b5ced8 SHA512 e9ef1fb2811ac3df63ea69f6f72d34c049917e8760ddb6526d10cd372d11958bfcff7de6d170553970de9a1a59f8eaace01743fa456a5bfa7156461059d30329 WHIRLPOOL 091ad1a6e474082e960a4a0b32a8fd461826a5e7a71b932f0c309c3e0eed7e97e664fdd109f945848a9fe77c6f5abc059555e0f4c258d3a9656201ccbc8c5aef +EBUILD glibc-9999.ebuild 23727 SHA256 4a47827f79af8a242f802a8bc4931edd714000a2cdb94f3844a96163c0ad612f SHA512 64fe6c86b3bb288ccb1f60a035d3cc26762b1d950c178b8c9717f422390783974417e7a40e4f29f77d790c31571e3d6bcbdd0200f401d129612c81c3d80b4f4c WHIRLPOOL 8fa3b2d67e4eac18332461e3a40a3ff11293fdf0ac866c21f4a6a7b8485e2234e1d471b1eb6ec264fcbeb12efe60872b653484296ce6d9a3fbf20ecb7c9c2348 +MISC ChangeLog 17234 SHA256 6aa54d20b4de284c51e7d0691f861af52e68376d48e91788c79f8ee821300a91 SHA512 39aa17d86df6c1d53c9c2ad268b2123bafccd45a226e064e3b759bda73294c7896d43f9846bf2fa401d29fa04efecee414674d923bb632915175adf7e8b24b2b WHIRLPOOL d60c804c21d7b0065aca45a3f761f0c81f96fe681d60df7f33ce13c879325d23a9908a134f948e50f3c57b5c596c93d1b04932bfb501e88d6d1d88847df62d32 +MISC ChangeLog-2007 108548 SHA256 d622be202eb0d61a363b0ae4065012cd1d494fefaa0c03d4aa7986177cdde6d0 SHA512 fdb3f311a3be4b97a6acfceb1763af5ea69e74d8195522c5d03307f75e15a9382991e9e29dbfdec79e74f1c36328f82648768749bc929e5050ff64b628c7ca98 WHIRLPOOL e550f354394569069e000a7e70ec69c94388a0f415c19b427203f0dcbcbeeec0f5e379ee2af7886cd2d68559e749fab8122e7e077985729d7e0e728ae9096d7a +MISC ChangeLog-2015 77895 SHA256 d7c16b77521b14a7e1c148f1ad699128e4fcf7caf41a77b46844508ba68acf15 SHA512 1a7fee53e1ec55d0b16b949543b01ad6f429f74293cb6ed730f05a3ddfc4a21fdaf7ee80c0c839d456587a207780ccfefdaf68a236989db5129ffba30c77ff5e WHIRLPOOL 48d46ac586309e415b7d669598c330062afd6fcb2668600d5c62e234d5ab8c3dfd2e81d4f528689efb6d5fb5e2ca5e24c68a4c58be52e1c336127d63224e18fd +MISC metadata.xml 921 SHA256 c01e0edef8cd5db7d721a3abfba19365507f1cb35df4d62b048468fe49b543f7 SHA512 5d4ecf57cf80cbda0dea361d7996ec5df384eee928c07e8e37e25e0ff82577144878492a49b318000b10f51c1ad03b950db7ee5d74e46e96e688b2fcdccfb66a WHIRLPOOL 7024db2e0a3ea6269c9d4158b966c0fda46eee5c7787a7e99b90cfb366ec816843e8849b9390aaec37af05eb530445fa12e0b70dc75ce16277c10c4234d231df diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c new file mode 100644 index 000000000000..37711e8aacbf --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c @@ -0,0 +1,315 @@ +/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2008 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP and FORTIFY handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP and FORTIFY handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + * Magnus Granberg <zorry[@]ume.nu> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": buffer overflow attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __chk_fail(void) +{ + __hardened_gentoo_chk_fail(NULL, 0); +} + diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch new file mode 100644 index 000000000000..e75ccc788c89 --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu> + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..cb6d8e3c78ba --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch @@ -0,0 +1,274 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -129,6 +130,11 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -29,6 +30,9 @@ + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -141,14 +145,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch new file mode 100644 index 000000000000..da4fb82539cf --- /dev/null +++ b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch @@ -0,0 +1,42 @@ +2012-11-11 Magnus Granberg <zorry@gentoo.org> + + #442712 + * Makeconfig (+link): Set to +link-pie. + (+link-static-before-libc): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prectorT) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + # Variants of the two previous definitions for statically linking programs. + +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` + +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c new file mode 100644 index 000000000000..c1934362f628 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c @@ -0,0 +1,314 @@ +/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2013 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP and FORTIFY handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP and FORTIFY handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + * Magnus Granberg <zorry[@]ume.nu> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": buffer overflow attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __chk_fail(void) +{ + __hardened_gentoo_chk_fail(NULL, 0); +} + diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..9535c2157895 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c @@ -0,0 +1,322 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2013 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_stack_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": stack smashing attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __stack_chk_fail(void) +{ + __hardened_gentoo_stack_chk_fail(NULL, 0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +__attribute__ ((__noreturn__)) +void __stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func, damaged); +} +#endif diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..8907ab2c6a34 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch @@ -0,0 +1,277 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char + GL(dl_phnum) = __ehdr_start.e_phnum; + } + } +- ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -22,14 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> +- ++#include <sysdep.h> + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + +-dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + ++dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + static struct + { +@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++#endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++#endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,29 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void * newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch new file mode 100644 index 000000000000..341d8c5028e1 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu> + +--- configure.ac ++++ configure.ac +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch new file mode 100644 index 000000000000..72a616a046a8 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch @@ -0,0 +1,32 @@ +https://bugs.gentoo.org/503838 +http://gcc.gnu.org/PR60465 +https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html +https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html + +newer versions of gcc generate relocations in the elf_get_dynamic_info func +which glibc relies on to populate some info structs. those structs are then +used by ldso to process relocations in itself. glibc requires that there are +no relocations until that point (*after* elf_get_dynamic_info), so we end up +crashing during elf_get_dynamic_info because the relocation has not yet been +processed. + +this hack shuffles the code in a way that tricks gcc into not generating the +relocation. we need to figure out something better for upstream. + +--- a/elf/get-dynamic-info.h ++++ b/elf/get-dynamic-info.h +@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp) + info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM + + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn; + else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM) +- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM +- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn; ++ { ++ d_tag_utype i = ++ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM ++ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM; ++ info[i] = dyn; ++ } + ++dyn; + } + diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c new file mode 100644 index 000000000000..a8ab9d8a3e29 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c @@ -0,0 +1,299 @@ +/* Copyright (C) 2004-2014 Free Software Foundation, Inc. + Copyright (C) 2006-2014 Gentoo Foundation Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Hardened Gentoo SSP and FORTIFY handler + + A failure handler that does not use functions from the rest of glibc; + it uses the INTERNAL_SYSCALL methods directly. This helps ensure no + possibility of recursion into the handler. + + Direct all bug reports to http://bugs.gentoo.org/ + + People who have contributed significantly to the evolution of this file: + Ned Ludd - <solar[@]gentoo.org> + Alexander Gabert - <pappy[@]gentoo.org> + The PaX Team - <pageexec[@]freemail.hu> + Peter S. Mazinger - <ps.m[@]gmx.net> + Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + Robert Connolly - <robert[@]linuxfromscratch.org> + Cory Visi <cory[@]visi.name> + Mike Frysinger <vapier[@]gentoo.org> + Magnus Granberg <zorry[@]gentoo.org> + Kevin F. Quinn - <kevquinn[@]gentoo.org> + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static const char *__progname = "<ldso>"; +#else +extern const char *__progname; +#endif + +#ifdef GENTOO_SSP_HANDLER +# define ERROR_MSG "stack smashing" +#else +# define ERROR_MSG "buffer overflow" +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__, __always_inline__)) +static inline void +__hardened_gentoo_fail(void) +{ +#define MESSAGE_BUFSIZ 512 + static pid_t pid; + static int plen, i, hlen; + static char message[MESSAGE_BUFSIZ]; + /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */ + static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: "; + static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: "; + static const char msg_terminated[] = " terminated; "; + static const char msg_report[] = "report to " REPORT_BUGS_TO "\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address */ + sock.sun_family = AF_UNIX; + i = 0; + while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) { + sock.sun_path[i] = path_log[i]; + ++i; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + ({ \ + i = 0; \ + while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \ + message[plen + i] = str[i]; \ + ++i; \ + } \ + plen += i; \ + }) + + /* Tersely log the failure */ + plen = 0; + strconcat(msg_header); + hlen = plen; + strconcat(msg_ssd); + if (__progname != NULL) + strconcat(__progname); + else + strconcat(msg_unknown); + strconcat(msg_terminated); + strconcat(msg_report); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen); + if (connect_result != -1) { + INLINE_SYSCALL(write, 3, log_socket, message, plen); + INLINE_SYSCALL(close, 1, log_socket); + } + + /* Time to kill self since we have no idea what is going on */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + /* Remove any user-supplied handler for SIGABRT, before using it. */ +#if 0 + /* + * Note: Disabled because some programs catch & process their + * own crashes. We've already enabled this code path which + * means we want to let core dumps happen. + */ + static struct sigaction default_abort_act; + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) +#endif + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* SIGKILL is only signal which cannot be caught */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway. + * The loop prevents gcc thinking this routine returns. + */ + while (1) + INLINE_SYSCALL(exit, 1, 137); +} + +__attribute__ ((__noreturn__)) +#ifdef GENTOO_SSP_HANDLER +void __stack_chk_fail(void) +#else +void __chk_fail(void) +#endif +{ + __hardened_gentoo_fail(); +} diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..4a537bb52c5f --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c @@ -0,0 +1,2 @@ +#define GENTOO_SSP_HANDLER +#include <debug/chk_fail.c> diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..35eabe94014a --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch @@ -0,0 +1,306 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_PRE_TLS is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> +Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org> + +--- a/csu/libc-start.c ++++ b/csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char + } + } + ++# ifdef INTERNAL_SYSCALL_PRE_TLS ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_PRE_TLS + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- a/csu/libc-tls.c ++++ b/csu/libc-tls.c +@@ -22,12 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif ++ + dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + +@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# define __sbrk __sbrk_nosysenter ++#endif + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV + is defined add another #elif here and in the following #ifs. */ + # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" + #endif ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# undef __sbrk ++#endif + + /* Align the TLS block. */ + tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) +--- a/misc/sbrk.c ++++ b/misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used via ++ dynamic loading in a statically linked program update __curbrk from the ++ kernel's brk value. That way two separate instances of __brk and __sbrk ++ can share the heap, returning interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif ++ + void * + __sbrk (intptr_t increment) + { +--- a/sysdeps/unix/sysv/linux/i386/brk.c ++++ b/sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif ++ + int + __brk (void *addr) + { +--- a/sysdeps/unix/sysv/linux/i386/sysdep.h ++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +494,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" +--- a/sysdeps/i386/nptl/tls.h ++++ b/sysdeps/i386/nptl/tls.h +@@ -189,6 +189,15 @@ + desc->vals[3] = 0x51; + } + ++/* We have no sysenter until the tls is initialized which is a ++ problem for PIC. Thus we need to do the right call depending ++ on the situation. */ ++#ifndef INTERNAL_SYSCALL_PRE_TLS ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL ++#else ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS ++#endif ++ + /* Code to initially initialize the thread pointer. This might need + special attention since 'errno' is not yet available and if the + operation can cause a failure 'errno' must not be touched. */ +@@ -209,7 +218,7 @@ + \ + /* Install the TLS. */ \ + INTERNAL_SYSCALL_DECL (err); \ +- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ ++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ + \ + if (_result == 0) \ + /* We know the index in the GDT, now load the segment register. \ diff --git a/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c b/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c new file mode 100644 index 000000000000..2ef96b75eacf --- /dev/null +++ b/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c @@ -0,0 +1,303 @@ +/* Copyright (C) 2004-2014 Free Software Foundation, Inc. + Copyright (C) 2006-2014 Gentoo Foundation Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Hardened Gentoo SSP and FORTIFY handler + + A failure handler that does not use functions from the rest of glibc; + it uses the INTERNAL_SYSCALL methods directly. This helps ensure no + possibility of recursion into the handler. + + Direct all bug reports to http://bugs.gentoo.org/ + + People who have contributed significantly to the evolution of this file: + Ned Ludd - <solar[@]gentoo.org> + Alexander Gabert - <pappy[@]gentoo.org> + The PaX Team - <pageexec[@]freemail.hu> + Peter S. Mazinger - <ps.m[@]gmx.net> + Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + Robert Connolly - <robert[@]linuxfromscratch.org> + Cory Visi <cory[@]visi.name> + Mike Frysinger <vapier[@]gentoo.org> + Magnus Granberg <zorry[@]gentoo.org> + Kevin F. Quinn - <kevquinn[@]gentoo.org> + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static const char *__progname = "<ldso>"; +#else +extern const char *__progname; +#endif + +#ifdef GENTOO_SSP_HANDLER +# define ERROR_MSG "stack smashing" +#else +# define ERROR_MSG "buffer overflow" +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__, __always_inline__)) +static inline void +__hardened_gentoo_fail(void) +{ +#define MESSAGE_BUFSIZ 512 + static pid_t pid; + static int plen, i, hlen; + static char message[MESSAGE_BUFSIZ]; + /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */ + static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: "; + static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: "; + static const char msg_terminated[] = " terminated; "; + static const char msg_report[] = "report to " REPORT_BUGS_TO "\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address */ + sock.sun_family = AF_UNIX; + i = 0; + while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) { + sock.sun_path[i] = path_log[i]; + ++i; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + ({ \ + i = 0; \ + while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \ + message[plen + i] = str[i]; \ + ++i; \ + } \ + plen += i; \ + }) + + /* Tersely log the failure */ + plen = 0; + strconcat(msg_header); + hlen = plen; + strconcat(msg_ssd); + if (__progname != NULL) + strconcat(__progname); + else + strconcat(msg_unknown); + strconcat(msg_terminated); + strconcat(msg_report); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen); + if (connect_result != -1) { + INLINE_SYSCALL(write, 3, log_socket, message, plen); + INLINE_SYSCALL(close, 1, log_socket); + } + + /* Time to kill self since we have no idea what is going on */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + /* Remove any user-supplied handler for SIGABRT, before using it. */ +#if 0 + /* + * Note: Disabled because some programs catch & process their + * own crashes. We've already enabled this code path which + * means we want to let core dumps happen. + */ + static struct sigaction default_abort_act; + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) +#endif + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* SIGKILL is only signal which cannot be caught */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway. + * The loop prevents gcc thinking this routine returns. + */ + while (1) + INLINE_SYSCALL(exit, 1, 137); +} + +__attribute__ ((__noreturn__)) +#ifdef GENTOO_SSP_HANDLER +void __stack_chk_fail(void) +#else +void __chk_fail(void) +#endif +{ + __hardened_gentoo_fail(); +} + +#ifdef GENTOO_SSP_HANDLER +strong_alias (__stack_chk_fail, __stack_chk_fail_local) +#endif diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..217bf1a90790 --- /dev/null +++ b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c @@ -0,0 +1,321 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2007 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_stack_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": stack smashing attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __stack_chk_fail(void) +{ + __hardened_gentoo_stack_chk_fail(NULL, 0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +__attribute__ ((__noreturn__)) +void __stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func, damaged); +} +#endif diff --git a/sys-libs/glibc/files/nscd b/sys-libs/glibc/files/nscd new file mode 100644 index 000000000000..929d1016df79 --- /dev/null +++ b/sys-libs/glibc/files/nscd @@ -0,0 +1,63 @@ +#!/sbin/openrc-run +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + use dns ldap net slapd +} + +checkconfig() { + if [ ! -d /var/run/nscd ] ; then + mkdir -p /var/run/nscd + chmod 755 /var/run/nscd + fi + if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then + echo "" + ewarn "nscd run dir is not world readable, you should reset the perms:" + ewarn "chmod 755 /var/run/nscd" + ewarn "chmod a+rw /var/run/nscd/socket" + echo "" + ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd" + echo "" + fi +} + +start() { + checkconfig + + ebegin "Starting Name Service Cache Daemon" + local secure=`while read curline ; do + table=${curline%:*} + entries=${curline##$table:} + table=${table%%[^a-z]*} + case $table in + passwd*|group*|hosts) + for entry in $entries ; do + case $entry in + nisplus*) + /usr/sbin/nscd_nischeck $table || \ + /echo "-S $table,yes" + ;; + esac + done + ;; + esac + done < /etc/nsswitch.conf` + local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)" + mkdir -p "$(dirname ${pidfile})" + save_options pidfile "${pidfile}" + start-stop-daemon --start --quiet \ + --exec /usr/sbin/nscd --pidfile "${pidfile}" \ + -- $secure + eend $? +} + +stop() { + local pidfile="$(get_options pidfile)" + [ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}" + ebegin "Shutting down Name Service Cache Daemon" + start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile} + eend $? +} + +# vim:ts=4 diff --git a/sys-libs/glibc/files/nscd.service b/sys-libs/glibc/files/nscd.service new file mode 100644 index 000000000000..25a3b1d9be0a --- /dev/null +++ b/sys-libs/glibc/files/nscd.service @@ -0,0 +1,15 @@ +[Unit] +Description=Name Service Cache Daemon +After=network.target + +[Service] +ExecStart=/usr/sbin/nscd -F +ExecStop=/usr/sbin/nscd --shutdown +ExecReload=/usr/sbin/nscd -i passwd +ExecReload=/usr/sbin/nscd -i group +ExecReload=/usr/sbin/nscd -i hosts +ExecReload=/usr/sbin/nscd -i services +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/sys-libs/glibc/files/nscd.tmpfilesd b/sys-libs/glibc/files/nscd.tmpfilesd new file mode 100644 index 000000000000..52edbba673cf --- /dev/null +++ b/sys-libs/glibc/files/nscd.tmpfilesd @@ -0,0 +1,4 @@ +# Configuration to create /run/nscd directory +# Used as part of systemd's tmpfiles + +d /run/nscd 0755 root root diff --git a/sys-libs/glibc/files/nsswitch.conf b/sys-libs/glibc/files/nsswitch.conf new file mode 100644 index 000000000000..9f06cfb8e7a9 --- /dev/null +++ b/sys-libs/glibc/files/nsswitch.conf @@ -0,0 +1,23 @@ +# /etc/nsswitch.conf: + +passwd: compat +shadow: compat +group: compat + +# passwd: db files nis +# shadow: db files nis +# group: db files nis + +hosts: files dns +networks: files dns + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sys-libs/glibc/glibc-2.17.ebuild b/sys-libs/glibc/glibc-2.17.ebuild new file mode 100644 index 000000000000..a0d0cd113b83 --- /dev/null +++ b/sys-libs/glibc/glibc-2.17.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="8" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912 + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack + + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +pkg_preinst() { + toolchain-glibc_pkg_preinst + + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.18-r1.ebuild b/sys-libs/glibc/glibc-2.18-r1.ebuild new file mode 100644 index 000000000000..a9c0bfc2c2b7 --- /dev/null +++ b/sys-libs/glibc/glibc-2.18-r1.ebuild @@ -0,0 +1,162 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="4" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + GLIBC_PATCH_EXCLUDE+=" 00_all_0012-mips-add-clock_-g-s-ettime-symbol-compat-hacks.patch" #456912 #481438 + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack + + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +pkg_preinst() { + toolchain-glibc_pkg_preinst + + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.19-r1.ebuild b/sys-libs/glibc/glibc-2.19-r1.ebuild new file mode 100644 index 000000000000..8860850c0224 --- /dev/null +++ b/sys-libs/glibc/glibc-2.19-r1.ebuild @@ -0,0 +1,163 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="3" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + toolchain-glibc_src_unpack + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +pkg_preinst() { + toolchain-glibc_pkg_preinst + + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.20-r2.ebuild b/sys-libs/glibc/glibc-2.20-r2.ebuild new file mode 100644 index 000000000000..04363835f616 --- /dev/null +++ b/sys-libs/glibc/glibc-2.20-r2.ebuild @@ -0,0 +1,150 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="5" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.4 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.4 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.21-r2.ebuild b/sys-libs/glibc/glibc-2.21-r2.ebuild new file mode 100644 index 000000000000..9216657a9703 --- /dev/null +++ b/sys-libs/glibc/glibc-2.21-r2.ebuild @@ -0,0 +1,150 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="7" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.6 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.6 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.22-r4.ebuild b/sys-libs/glibc/glibc-2.22-r4.ebuild new file mode 100644 index 000000000000..5949f88d64ac --- /dev/null +++ b/sys-libs/glibc/glibc-2.22-r4.ebuild @@ -0,0 +1,149 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="13" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.6 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.6 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + # Bug 558636 we don't apply the pie works around for 2.22. It shoud have the support. #558636 + GLIBC_PATCH_EXCLUDE+=" 00_all_0002-workaround-crash-when-handling-signals-in-static-PIE.patch" + GLIBC_PATCH_EXCLUDE+=" 00_all_0012-disable-PIE-when-checking-for-PIC-default.patch" + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.23-r3.ebuild b/sys-libs/glibc/glibc-2.23-r3.ebuild new file mode 100644 index 000000000000..410b3485c156 --- /dev/null +++ b/sys-libs/glibc/glibc-2.23-r3.ebuild @@ -0,0 +1,154 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="4" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="7" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.23-r4.ebuild b/sys-libs/glibc/glibc-2.23-r4.ebuild new file mode 100644 index 000000000000..01efec5a7b42 --- /dev/null +++ b/sys-libs/glibc/glibc-2.23-r4.ebuild @@ -0,0 +1,155 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="8" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~tamiko/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.24-r4.ebuild b/sys-libs/glibc/glibc-2.24-r4.ebuild new file mode 100644 index 000000000000..29a17f827aec --- /dev/null +++ b/sys-libs/glibc/glibc-2.24-r4.ebuild @@ -0,0 +1,155 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="10" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.25-r4.ebuild b/sys-libs/glibc/glibc-2.25-r4.ebuild new file mode 100644 index 000000000000..27cd42605ffe --- /dev/null +++ b/sys-libs/glibc/glibc-2.25-r4.ebuild @@ -0,0 +1,150 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="8" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.25-r5.ebuild b/sys-libs/glibc/glibc-2.25-r5.ebuild new file mode 100644 index 000000000000..24ad65b328fd --- /dev/null +++ b/sys-libs/glibc/glibc-2.25-r5.ebuild @@ -0,0 +1,151 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="9" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.25-r7.ebuild b/sys-libs/glibc/glibc-2.25-r7.ebuild new file mode 100644 index 000000000000..18cab6ab3797 --- /dev/null +++ b/sys-libs/glibc/glibc-2.25-r7.ebuild @@ -0,0 +1,151 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI="5" + +inherit toolchain-glibc + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="11" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.7 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.7 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +src_unpack() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack +} + +src_prepare() { + toolchain-glibc_src_prepare + + cd "${S}" + + epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.26-r1.ebuild b/sys-libs/glibc/glibc-2.26-r1.ebuild new file mode 100644 index 000000000000..29d3ad987099 --- /dev/null +++ b/sys-libs/glibc/glibc-2.26-r1.ebuild @@ -0,0 +1,795 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit prefix toolchain-glibc + +DESCRIPTION="GNU libc C library" +HOMEPAGE="https://www.gnu.org/software/libc/" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +RESTRICT="strip" # Strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="git://sourceware.org/git/glibc.git" + inherit git-r3 +else + # KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + KEYWORDS="" + SRC_URI="mirror://gnu/glibc/${P}.tar.xz" +fi + +RELEASE_VER=${PV} + +GCC_BOOTSTRAP_VER="4.7.3-r1" + +# Gentoo patchset +PATCH_VER="1" + +SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2" +SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )" + +IUSE="audit caps debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Min kernel version nptl requires +: ${NPTL_KERN_VER:="2.6.32"} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 +" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db +" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.9 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.9 + virtual/os-headers + " + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +# +# the phases +# + +pkg_pretend() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown + check_devpts + + # Prevent native builds from downgrading + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + # The high rev # is to allow people to downgrade between -r# versions. + # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. + # Hopefully we never actually use a r# this high. + if has_version ">${CATEGORY}/${P}-r10000" ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "Aborting to save your system" + fi + + if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "https://bugs.gentoo.org/262698" + die "Keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall(<bignum>) will break." + eerror "https://bugs.gentoo.org/279260" + die "Keeping your system alive, say thank you" + fi + fi + + # Users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "Lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read https://www.gentoo.org/doc/en/change-chost.xml" + die "Please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! tc-enables-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '<sys-libs/glibc-2.13' && \ + [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]] + then + ebegin "Scanning system for __guard to see if you need to rebuild first ..." + local files=$( + scanelf -qys__guard -F'#s%F' \ + "${EROOT}"/*bin/ \ + "${EROOT}"/lib* \ + "${EROOT}"/usr/*bin/ \ + "${EROOT}"/usr/lib* | \ + egrep -v \ + -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \ + -e "^${EROOT}/sbin/(ldconfig|sln)$" + ) + [[ -z ${files} ]] + if ! eend $? ; then + eerror "Your system still has old SSP __guard symbols. You need to" + eerror "rebuild all the packages that provide these files first:" + eerror "${files}" + die "old __guard detected" + fi + fi +} + +src_unpack() { + use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + setup_env + + # Check NPTL support _before_ we unpack things to save some time + check_nptl_support + + if [[ -n ${EGIT_REPO_URI} ]] ; then + git-r3_src_unpack + else + unpack ${P}.tar.xz + fi + + cd "${S}" + touch locale/C-translit.h #185476 #218003 + + cd "${WORKDIR}" + unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 + # pull out all the addons + local d + for d in extra/*/configure ; do + d=${d%/configure} + [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" + mv "${d}" "${S}" || die "moving ${d} failed" + done +} + +src_prepare() { + if ! use vanilla ; then + elog "Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." + eapply "${WORKDIR}"/patches/*.patch + fi + + if just_headers ; then + if [[ -e ports/sysdeps/mips/preconfigure ]] ; then + # mips peeps like to screw with us. if building headers, + # we don't have a real compiler, so we can't let them + # insert -mabi on us. + sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die + find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + + fi + fi + + default + + gnuconfig_update + + cd "${WORKDIR}" + find . -name configure -exec touch {} + + + eprefixify extra/locale/locale-gen + + # Fix permissions on some of the scripts. + chmod u+x "${S}"/scripts/*.sh + + cd "${S}" + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi +} + +glibc_do_configure() { + # Glibc does not work with gold (for various reasons) #269274. + tc-ld-disable-gold + + # CXX isnt handled by the multilib system, so if we dont unset here + # we accumulate crap across abis + unset CXX + + einfo "Configuring glibc for $1" + + local v + for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS ; do + einfo " $(printf '%15s' ${v}:) ${!v}" + done + + # The glibc configure script doesn't properly use LDFLAGS all the time. + export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}" + einfo " $(printf '%15s' 'Manual CC:') ${CC}" + + # Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548 + export CXX="$(tc-getCXX ${CTARGET}) $(get_abi_CFLAGS)" + einfo " $(printf '%15s' 'Manual CXX:') ${CXX}" + + echo + + local myconf=() + + # set addons + pushd "${S}" > /dev/null + local addons=$(echo */configure | sed \ + -e 's:/configure::g' \ + -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ + -e 's: \+$::' \ + -e 's! !,!g' \ + -e 's!^!,!' \ + -e '/^,\*$/d') + [[ -d ports ]] && addons+=",ports" + popd > /dev/null + + case ${CTARGET} in + powerpc-*) + # Currently gcc on powerpc32 generates invalid code for + # __builtin_return_address(0) calls. Normally programs + # don't do that but malloc hooks in glibc do: + # https://gcc.gnu.org/PR81996 + # https://bugs.gentoo.org/629054 + myconf+=( --enable-stack-protector=no ) + ;; + *) + myconf+=( --enable-stack-protector=all ) + ;; + esac + myconf+=( --enable-stackguard-randomization ) + + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) + + if [[ $1 == "nptl" ]] ; then + myconf+=( --enable-kernel=${NPTL_KERN_VER} ) + else + die "invalid pthread option" + fi + myconf+=( --enable-add-ons="${addons#,}" ) + + # Since SELinux support is only required for nscd, only enable it if: + # 1. USE selinux + # 2. only for the primary ABI on multilib systems + # 3. Not a crosscompile + if ! is_crosscompile && use selinux ; then + if use multilib ; then + if is_final_abi ; then + myconf+=( --with-selinux ) + else + myconf+=( --without-selinux ) + fi + else + myconf+=( --with-selinux ) + fi + else + myconf+=( --without-selinux ) + fi + + # Force a few tests where we always know the answer but + # configure is incapable of finding it. + if is_crosscompile ; then + export \ + libc_cv_c_cleanup=yes \ + libc_cv_forced_unwind=yes + fi + + myconf+=( + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + $(use_enable profile) + $(use_with gd) + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --libdir='$(prefix)'/$(get_libdir) + --mandir='$(prefix)'/share/man + --infodir='$(prefix)'/share/info + --libexecdir='$(libdir)'/misc/glibc + --with-bugurl=https://bugs.gentoo.org/ + --with-pkgversion="$(glibc_banner)" + $(use_multiarch || echo --disable-multi-arch) + $(in_iuse systemtap && use_enable systemtap) + $(in_iuse nscd && use_enable nscd) + ${EXTRA_ECONF} + ) + + # We rely on sys-libs/timezone-data for timezone tools normally. + myconf+=( $(use_enable vanilla timezone-tools) ) + + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no) + ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no) + + # There is no configure option for this and we need to export it + # since the glibc build will re-run configure on itself + export libc_cv_rootsbindir="${EPREFIX}/sbin" + export libc_cv_slibdir="${EPREFIX}/$(get_libdir)" + + # We take care of patching our binutils to use both hash styles, + # and many people like to force gnu hash style only, so disable + # this overriding check. #347761 + export libc_cv_hashstyle=no + + local builddir=$(builddir "$1") + mkdir -p "${builddir}" + cd "${builddir}" + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + "$@" || die "failed to configure glibc" + + # ia64 static cross-compilers are a pita in so much that they + # can't produce static ELFs (as the libgcc.a is broken). so + # disable building of the programs for those targets if it + # doesn't work. + # XXX: We could turn this into a compiler test, but ia64 is + # the only one that matters, so this should be fine for now. + if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then + sed -i '1i+link-static = touch $@' config.make + fi + + # If we're trying to migrate between ABI sets, we need + # to lie and use a local copy of gcc. Like if the system + # is built with MULTILIB_ABIS="amd64 x86" but we want to + # add x32 to it, gcc/glibc don't yet support x32. + if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then + echo 'main(){}' > "${T}"/test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then + sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die + mkdir -p sunrpc + cp $(which rpcgen) sunrpc/cross-rpcgen || die + touch -t 202001010101 sunrpc/cross-rpcgen || die + fi + fi +} + +glibc_headers_configure() { + export ABI=default + + local builddir=$(builddir "headers") + mkdir -p "${builddir}" + cd "${builddir}" + + # if we don't have a compiler yet, we can't really test it now ... + # hopefully they don't affect header generation, so let's hope for + # the best here ... + local v vars=( + ac_cv_header_cpuid_h=yes + libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes + libc_cv_asm_cfi_directives=yes + libc_cv_broken_visibility_attribute=no + libc_cv_c_cleanup=yes + libc_cv_forced_unwind=yes + libc_cv_gcc___thread=yes + libc_cv_mlong_double_128=yes + libc_cv_mlong_double_128ibm=yes + libc_cv_ppc_machine=yes + libc_cv_ppc_rel16=yes + libc_cv_predef_fortify_source=no + libc_cv_visibility_attribute=yes + libc_cv_z_combreloc=yes + libc_cv_z_execstack=yes + libc_cv_z_initfirst=yes + libc_cv_z_nodelete=yes + libc_cv_z_nodlopen=yes + libc_cv_z_relro=yes + libc_mips_abi=${ABI} + libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=no + ac_cv_lib_cap_cap_init=no + ) + + einfo "Forcing cached settings:" + for v in "${vars[@]}" ; do + einfo " ${v}" + export ${v} + done + + # Blow away some random CC settings that screw things up. #550192 + if [[ -d ${S}/sysdeps/mips ]]; then + pushd "${S}"/sysdeps/mips >/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + + # Force the mips ABI to the default. This is OK because the set of + # installed headers in this phase is the same between the 3 ABIs. + # If this ever changes, this hack will break, but that's unlikely + # as glibc discourages that behavior. + # https://crbug.com/647033 + sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die + + popd >/dev/null + fi + + local myconf=() + myconf+=( + --disable-sanity-checks + --enable-hacker-mode + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + ${EXTRA_ECONF} + ) + + local addons + [[ -d ${S}/ports ]] && addons+=",ports" + myconf+=( --enable-add-ons="${addons#,}" ) + + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC/CFLAGS is sane. + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + CC="$(tc-getBUILD_CC)" \ + CFLAGS="-O1 -pipe" \ + CPPFLAGS="-U_FORTIFY_SOURCE" \ + LDFLAGS="" \ + "$@" || die "failed to configure glibc" +} + +do_src_configure() { + if just_headers ; then + glibc_headers_configure + else + glibc_do_configure nptl + fi +} + +src_configure() { + foreach_abi do_src_configure +} + +do_src_compile() { + emake -C "$(builddir nptl)" || die "make nptl for ${ABI} failed" +} + +src_compile() { + if just_headers ; then + return + fi + + foreach_abi do_src_compile +} + +glibc_src_test() { + cd "$(builddir $1)" + emake -j1 check +} + +do_src_test() { + local ret=0 + + glibc_src_test nptl + : $(( ret |= $? )) + + return ${ret} +} + +src_test() { + # Give tests more time to complete. + export TIMEOUTFACTOR=5 + + foreach_abi do_src_test || die "tests failed" +} + +glibc_do_src_install() { + local builddir=$(builddir nptl) + cd "${builddir}" + + emake install_root="${D}$(alt_prefix)" install || die + + # This version (2.26) provides some compatibility libraries for the NIS/NIS+ support + # which come without headers etc. Only needed for binary packages since the + # external net-libs/libnsl has increased soversion. Keep only versioned libraries. + find "${D}" -name "libnsl.a" -delete + find "${D}" -name "libnsl.so" -delete + + # Normally real_pv is ${PV}. Live ebuilds are exception, there we need + # to infer upstream version: + # '#define VERSION "2.26.90"' -> '2.26.90' + local upstream_pv=$(sed -n -r 's/#define VERSION "(.*)"/\1/p' "${S}"/version.h) + + # Newer versions get fancy with libm linkage to include vectorized support. + # While we don't really need a ldscript here, portage QA checks get upset. + if [[ -e ${ED}$(alt_usrlibdir)/libm-${upstream_pv}.a ]] ; then + dosym ../../$(get_libdir)/libm-${upstream_pv}.so $(alt_usrlibdir)/libm-${upstream_pv}.so + fi + + # We'll take care of the cache ourselves + rm -f "${ED}"/etc/ld.so.cache + + # Everything past this point just needs to be done once ... + is_final_abi || return 0 + + # Make sure the non-native interp can be found on multilib systems even + # if the main library set isn't installed into the right place. Maybe + # we should query the active gcc for info instead of hardcoding it ? + local i ldso_abi ldso_name + local ldso_abi_list=( + # x86 + amd64 /lib64/ld-linux-x86-64.so.2 + x32 /libx32/ld-linux-x32.so.2 + x86 /lib/ld-linux.so.2 + # mips + o32 /lib/ld.so.1 + n32 /lib32/ld.so.1 + n64 /lib64/ld.so.1 + # powerpc + ppc /lib/ld.so.1 + ppc64 /lib64/ld64.so.1 + # s390 + s390 /lib/ld.so.1 + s390x /lib/ld64.so.1 + # sparc + sparc32 /lib/ld-linux.so.2 + sparc64 /lib64/ld-linux.so.2 + ) + case $(tc-endian) in + little) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64.so.1 + ) + ;; + big) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64_be.so.1 + ) + ;; + esac + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + fi + for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do + ldso_abi=${ldso_abi_list[i]} + has ${ldso_abi} $(get_install_abis) || continue + + ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then + dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} + fi + done + + # With devpts under Linux mounted properly, we do not need the pt_chown + # binary to be setuid. This is because the default owners/perms will be + # exactly what we want. + if in_iuse suid && ! use suid ; then + find "${ED}" -name pt_chown -exec chmod -s {} + + fi + + ################################################################# + # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # + # Make sure we install some symlink hacks so that when we build + # a 2nd stage cross-compiler, gcc finds the target system + # headers correctly. See gcc/doc/gccinstall.info + if is_crosscompile ; then + # We need to make sure that /lib and /usr/lib always exists. + # gcc likes to use relative paths to get to its multilibs like + # /usr/lib/../lib64/. So while we don't install any files into + # /usr/lib/, we do need it to exist. + cd "${ED}"$(alt_libdir)/.. + [[ -e lib ]] || mkdir lib + cd "${ED}"$(alt_usrlibdir)/.. + [[ -e lib ]] || mkdir lib + + dosym usr/include $(alt_prefix)/sys-include + return 0 + fi + + # Files for Debian-style locale updating + dodir /usr/share/i18n + sed \ + -e "/^#/d" \ + -e "/SUPPORTED-LOCALES=/d" \ + -e "s: \\\\::g" -e "s:/: :g" \ + "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ + || die "generating /usr/share/i18n/SUPPORTED failed" + cd "${WORKDIR}"/extra/locale + dosbin locale-gen + doman *.[0-8] + insinto /etc + doins locale.gen + + # Make sure all the ABI's can find the locales and so we only + # have to generate one set + local a + keepdir /usr/$(get_libdir)/locale + for a in $(get_install_abis) ; do + if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then + dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale + fi + done + + cd "${S}" + + # Install misc network config files + insinto /etc + doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf + doins "${WORKDIR}"/extra/etc/*.conf + + if use nscd ; then + doinitd "$(prefixify_ro "${WORKDIR}"/extra/etc/nscd)" + + local nscd_args=( + -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" + ) + + sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd + + systemd_dounit nscd/nscd.service + systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf + else + # Do this since extra/etc/*.conf above might have nscd.conf. + rm -f "${ED}"/etc/nscd.conf + fi + + echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc + doenvd "${T}"/00glibc + + for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do + [[ -s ${d} ]] && dodoc ${d} + done + + # Prevent overwriting of the /etc/localtime symlink. We'll handle the + # creation of the "factory" symlink in pkg_postinst(). + rm -f "${ED}"/etc/localtime +} + +glibc_headers_install() { + local builddir=$(builddir "headers") + cd "${builddir}" + emake install_root="${D}$(alt_prefix)" install-headers + + insinto $(alt_headers)/gnu + doins "${S}"/include/gnu/stubs.h + + # Make sure we install the sys-include symlink so that when + # we build a 2nd stage cross-compiler, gcc finds the target + # system headers correctly. See gcc/doc/gccinstall.info + dosym usr/include $(alt_prefix)/sys-include +} + +src_install() { + if just_headers ; then + export ABI=default + glibc_headers_install + return + fi + + foreach_abi glibc_do_src_install + src_strip +} + +pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + # Default /etc/hosts.conf:multi to on for systems with small dbs. + if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then + sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf + elog "Defaulting /etc/host.conf:multi to on" + fi + + [[ ${ROOT} != "/" ]] && return 0 + [[ -d ${ED}/$(get_libdir) ]] || return 0 + [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check +} + +pkg_postinst() { + # nothing to do if just installing headers + just_headers && return + + if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then + # Generate fastloading iconv module configuration file. + "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + fi + + if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then + # Reload init ... if in a chroot or a diff init package, ignore + # errors from this step #253697 + /sbin/telinit U 2>/dev/null + + # if the host locales.gen contains no entries, we'll install everything + local locale_list="${EROOT}etc/locale.gen" + if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then + ewarn "Generating all locales; edit /etc/locale.gen to save time/space" + locale_list="${EROOT}usr/share/i18n/SUPPORTED" + fi + locale-gen -j $(makeopts_jobs) --config "${locale_list}" + fi +} diff --git a/sys-libs/glibc/glibc-2.26-r2.ebuild b/sys-libs/glibc/glibc-2.26-r2.ebuild new file mode 100644 index 000000000000..8b6e1b1520be --- /dev/null +++ b/sys-libs/glibc/glibc-2.26-r2.ebuild @@ -0,0 +1,796 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit prefix toolchain-glibc + +DESCRIPTION="GNU libc C library" +HOMEPAGE="https://www.gnu.org/software/libc/" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +RESTRICT="strip" # Strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="git://sourceware.org/git/glibc.git" + inherit git-r3 +else + # KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + KEYWORDS="" + SRC_URI="mirror://gnu/glibc/${P}.tar.xz" +fi + +RELEASE_VER=${PV} + +GCC_BOOTSTRAP_VER="4.7.3-r1" + +# Gentoo patchset +PATCH_VER=2 + +SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2" +SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )" + +IUSE="audit caps debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Min kernel version nptl requires +: ${NPTL_KERN_VER:="2.6.32"} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 +" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db +" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.9 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.9 + virtual/os-headers + " + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +# +# the phases +# + +pkg_pretend() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown + check_devpts + + # Prevent native builds from downgrading + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + # The high rev # is to allow people to downgrade between -r# versions. + # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. + # Hopefully we never actually use a r# this high. + if has_version ">${CATEGORY}/${P}-r10000" ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "Aborting to save your system" + fi + + if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "https://bugs.gentoo.org/262698" + die "Keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall(<bignum>) will break." + eerror "https://bugs.gentoo.org/279260" + die "Keeping your system alive, say thank you" + fi + fi + + # Users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "Lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read https://www.gentoo.org/doc/en/change-chost.xml" + die "Please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! tc-enables-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '<sys-libs/glibc-2.13' && \ + [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]] + then + ebegin "Scanning system for __guard to see if you need to rebuild first ..." + local files=$( + scanelf -qys__guard -F'#s%F' \ + "${EROOT}"/*bin/ \ + "${EROOT}"/lib* \ + "${EROOT}"/usr/*bin/ \ + "${EROOT}"/usr/lib* | \ + egrep -v \ + -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \ + -e "^${EROOT}/sbin/(ldconfig|sln)$" + ) + [[ -z ${files} ]] + if ! eend $? ; then + eerror "Your system still has old SSP __guard symbols. You need to" + eerror "rebuild all the packages that provide these files first:" + eerror "${files}" + die "old __guard detected" + fi + fi +} + +src_unpack() { + use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + setup_env + + # Check NPTL support _before_ we unpack things to save some time + check_nptl_support + + if [[ -n ${EGIT_REPO_URI} ]] ; then + git-r3_src_unpack + else + unpack ${P}.tar.xz + fi + + cd "${S}" + touch locale/C-translit.h #185476 #218003 + + cd "${WORKDIR}" + unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 + # pull out all the addons + local d + for d in extra/*/configure ; do + d=${d%/configure} + [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" + mv "${d}" "${S}" || die "moving ${d} failed" + done +} + +src_prepare() { + if ! use vanilla ; then + elog "Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." + eapply "${WORKDIR}"/patches + elog "Done." + fi + + if just_headers ; then + if [[ -e ports/sysdeps/mips/preconfigure ]] ; then + # mips peeps like to screw with us. if building headers, + # we don't have a real compiler, so we can't let them + # insert -mabi on us. + sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die + find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + + fi + fi + + default + + gnuconfig_update + + cd "${WORKDIR}" + find . -name configure -exec touch {} + + + eprefixify extra/locale/locale-gen + + # Fix permissions on some of the scripts. + chmod u+x "${S}"/scripts/*.sh + + cd "${S}" + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi +} + +glibc_do_configure() { + # Glibc does not work with gold (for various reasons) #269274. + tc-ld-disable-gold + + # CXX isnt handled by the multilib system, so if we dont unset here + # we accumulate crap across abis + unset CXX + + einfo "Configuring glibc for $1" + + local v + for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS ; do + einfo " $(printf '%15s' ${v}:) ${!v}" + done + + # The glibc configure script doesn't properly use LDFLAGS all the time. + export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}" + einfo " $(printf '%15s' 'Manual CC:') ${CC}" + + # Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548 + export CXX="$(tc-getCXX ${CTARGET}) $(get_abi_CFLAGS)" + einfo " $(printf '%15s' 'Manual CXX:') ${CXX}" + + echo + + local myconf=() + + # set addons + pushd "${S}" > /dev/null + local addons=$(echo */configure | sed \ + -e 's:/configure::g' \ + -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ + -e 's: \+$::' \ + -e 's! !,!g' \ + -e 's!^!,!' \ + -e '/^,\*$/d') + [[ -d ports ]] && addons+=",ports" + popd > /dev/null + + case ${CTARGET} in + powerpc-*) + # Currently gcc on powerpc32 generates invalid code for + # __builtin_return_address(0) calls. Normally programs + # don't do that but malloc hooks in glibc do: + # https://gcc.gnu.org/PR81996 + # https://bugs.gentoo.org/629054 + myconf+=( --enable-stack-protector=no ) + ;; + *) + myconf+=( --enable-stack-protector=all ) + ;; + esac + myconf+=( --enable-stackguard-randomization ) + + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) + + if [[ $1 == "nptl" ]] ; then + myconf+=( --enable-kernel=${NPTL_KERN_VER} ) + else + die "invalid pthread option" + fi + myconf+=( --enable-add-ons="${addons#,}" ) + + # Since SELinux support is only required for nscd, only enable it if: + # 1. USE selinux + # 2. only for the primary ABI on multilib systems + # 3. Not a crosscompile + if ! is_crosscompile && use selinux ; then + if use multilib ; then + if is_final_abi ; then + myconf+=( --with-selinux ) + else + myconf+=( --without-selinux ) + fi + else + myconf+=( --with-selinux ) + fi + else + myconf+=( --without-selinux ) + fi + + # Force a few tests where we always know the answer but + # configure is incapable of finding it. + if is_crosscompile ; then + export \ + libc_cv_c_cleanup=yes \ + libc_cv_forced_unwind=yes + fi + + myconf+=( + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + $(use_enable profile) + $(use_with gd) + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --libdir='$(prefix)'/$(get_libdir) + --mandir='$(prefix)'/share/man + --infodir='$(prefix)'/share/info + --libexecdir='$(libdir)'/misc/glibc + --with-bugurl=https://bugs.gentoo.org/ + --with-pkgversion="$(glibc_banner)" + $(use_multiarch || echo --disable-multi-arch) + $(in_iuse systemtap && use_enable systemtap) + $(in_iuse nscd && use_enable nscd) + ${EXTRA_ECONF} + ) + + # We rely on sys-libs/timezone-data for timezone tools normally. + myconf+=( $(use_enable vanilla timezone-tools) ) + + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no) + ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no) + + # There is no configure option for this and we need to export it + # since the glibc build will re-run configure on itself + export libc_cv_rootsbindir="${EPREFIX}/sbin" + export libc_cv_slibdir="${EPREFIX}/$(get_libdir)" + + # We take care of patching our binutils to use both hash styles, + # and many people like to force gnu hash style only, so disable + # this overriding check. #347761 + export libc_cv_hashstyle=no + + local builddir=$(builddir "$1") + mkdir -p "${builddir}" + cd "${builddir}" + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + "$@" || die "failed to configure glibc" + + # ia64 static cross-compilers are a pita in so much that they + # can't produce static ELFs (as the libgcc.a is broken). so + # disable building of the programs for those targets if it + # doesn't work. + # XXX: We could turn this into a compiler test, but ia64 is + # the only one that matters, so this should be fine for now. + if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then + sed -i '1i+link-static = touch $@' config.make + fi + + # If we're trying to migrate between ABI sets, we need + # to lie and use a local copy of gcc. Like if the system + # is built with MULTILIB_ABIS="amd64 x86" but we want to + # add x32 to it, gcc/glibc don't yet support x32. + if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then + echo 'main(){}' > "${T}"/test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then + sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die + mkdir -p sunrpc + cp $(which rpcgen) sunrpc/cross-rpcgen || die + touch -t 202001010101 sunrpc/cross-rpcgen || die + fi + fi +} + +glibc_headers_configure() { + export ABI=default + + local builddir=$(builddir "headers") + mkdir -p "${builddir}" + cd "${builddir}" + + # if we don't have a compiler yet, we can't really test it now ... + # hopefully they don't affect header generation, so let's hope for + # the best here ... + local v vars=( + ac_cv_header_cpuid_h=yes + libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes + libc_cv_asm_cfi_directives=yes + libc_cv_broken_visibility_attribute=no + libc_cv_c_cleanup=yes + libc_cv_forced_unwind=yes + libc_cv_gcc___thread=yes + libc_cv_mlong_double_128=yes + libc_cv_mlong_double_128ibm=yes + libc_cv_ppc_machine=yes + libc_cv_ppc_rel16=yes + libc_cv_predef_fortify_source=no + libc_cv_visibility_attribute=yes + libc_cv_z_combreloc=yes + libc_cv_z_execstack=yes + libc_cv_z_initfirst=yes + libc_cv_z_nodelete=yes + libc_cv_z_nodlopen=yes + libc_cv_z_relro=yes + libc_mips_abi=${ABI} + libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=no + ac_cv_lib_cap_cap_init=no + ) + + einfo "Forcing cached settings:" + for v in "${vars[@]}" ; do + einfo " ${v}" + export ${v} + done + + # Blow away some random CC settings that screw things up. #550192 + if [[ -d ${S}/sysdeps/mips ]]; then + pushd "${S}"/sysdeps/mips >/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + + # Force the mips ABI to the default. This is OK because the set of + # installed headers in this phase is the same between the 3 ABIs. + # If this ever changes, this hack will break, but that's unlikely + # as glibc discourages that behavior. + # https://crbug.com/647033 + sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die + + popd >/dev/null + fi + + local myconf=() + myconf+=( + --disable-sanity-checks + --enable-hacker-mode + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + ${EXTRA_ECONF} + ) + + local addons + [[ -d ${S}/ports ]] && addons+=",ports" + myconf+=( --enable-add-ons="${addons#,}" ) + + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC/CFLAGS is sane. + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + CC="$(tc-getBUILD_CC)" \ + CFLAGS="-O1 -pipe" \ + CPPFLAGS="-U_FORTIFY_SOURCE" \ + LDFLAGS="" \ + "$@" || die "failed to configure glibc" +} + +do_src_configure() { + if just_headers ; then + glibc_headers_configure + else + glibc_do_configure nptl + fi +} + +src_configure() { + foreach_abi do_src_configure +} + +do_src_compile() { + emake -C "$(builddir nptl)" || die "make nptl for ${ABI} failed" +} + +src_compile() { + if just_headers ; then + return + fi + + foreach_abi do_src_compile +} + +glibc_src_test() { + cd "$(builddir $1)" + emake -j1 check +} + +do_src_test() { + local ret=0 + + glibc_src_test nptl + : $(( ret |= $? )) + + return ${ret} +} + +src_test() { + # Give tests more time to complete. + export TIMEOUTFACTOR=5 + + foreach_abi do_src_test || die "tests failed" +} + +glibc_do_src_install() { + local builddir=$(builddir nptl) + cd "${builddir}" + + emake install_root="${D}$(alt_prefix)" install || die + + # This version (2.26) provides some compatibility libraries for the NIS/NIS+ support + # which come without headers etc. Only needed for binary packages since the + # external net-libs/libnsl has increased soversion. Keep only versioned libraries. + find "${D}" -name "libnsl.a" -delete + find "${D}" -name "libnsl.so" -delete + + # Normally real_pv is ${PV}. Live ebuilds are exception, there we need + # to infer upstream version: + # '#define VERSION "2.26.90"' -> '2.26.90' + local upstream_pv=$(sed -n -r 's/#define VERSION "(.*)"/\1/p' "${S}"/version.h) + + # Newer versions get fancy with libm linkage to include vectorized support. + # While we don't really need a ldscript here, portage QA checks get upset. + if [[ -e ${ED}$(alt_usrlibdir)/libm-${upstream_pv}.a ]] ; then + dosym ../../$(get_libdir)/libm-${upstream_pv}.so $(alt_usrlibdir)/libm-${upstream_pv}.so + fi + + # We'll take care of the cache ourselves + rm -f "${ED}"/etc/ld.so.cache + + # Everything past this point just needs to be done once ... + is_final_abi || return 0 + + # Make sure the non-native interp can be found on multilib systems even + # if the main library set isn't installed into the right place. Maybe + # we should query the active gcc for info instead of hardcoding it ? + local i ldso_abi ldso_name + local ldso_abi_list=( + # x86 + amd64 /lib64/ld-linux-x86-64.so.2 + x32 /libx32/ld-linux-x32.so.2 + x86 /lib/ld-linux.so.2 + # mips + o32 /lib/ld.so.1 + n32 /lib32/ld.so.1 + n64 /lib64/ld.so.1 + # powerpc + ppc /lib/ld.so.1 + ppc64 /lib64/ld64.so.1 + # s390 + s390 /lib/ld.so.1 + s390x /lib/ld64.so.1 + # sparc + sparc32 /lib/ld-linux.so.2 + sparc64 /lib64/ld-linux.so.2 + ) + case $(tc-endian) in + little) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64.so.1 + ) + ;; + big) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64_be.so.1 + ) + ;; + esac + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + fi + for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do + ldso_abi=${ldso_abi_list[i]} + has ${ldso_abi} $(get_install_abis) || continue + + ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then + dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} + fi + done + + # With devpts under Linux mounted properly, we do not need the pt_chown + # binary to be setuid. This is because the default owners/perms will be + # exactly what we want. + if in_iuse suid && ! use suid ; then + find "${ED}" -name pt_chown -exec chmod -s {} + + fi + + ################################################################# + # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # + # Make sure we install some symlink hacks so that when we build + # a 2nd stage cross-compiler, gcc finds the target system + # headers correctly. See gcc/doc/gccinstall.info + if is_crosscompile ; then + # We need to make sure that /lib and /usr/lib always exists. + # gcc likes to use relative paths to get to its multilibs like + # /usr/lib/../lib64/. So while we don't install any files into + # /usr/lib/, we do need it to exist. + cd "${ED}"$(alt_libdir)/.. + [[ -e lib ]] || mkdir lib + cd "${ED}"$(alt_usrlibdir)/.. + [[ -e lib ]] || mkdir lib + + dosym usr/include $(alt_prefix)/sys-include + return 0 + fi + + # Files for Debian-style locale updating + dodir /usr/share/i18n + sed \ + -e "/^#/d" \ + -e "/SUPPORTED-LOCALES=/d" \ + -e "s: \\\\::g" -e "s:/: :g" \ + "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ + || die "generating /usr/share/i18n/SUPPORTED failed" + cd "${WORKDIR}"/extra/locale + dosbin locale-gen + doman *.[0-8] + insinto /etc + doins locale.gen + + # Make sure all the ABI's can find the locales and so we only + # have to generate one set + local a + keepdir /usr/$(get_libdir)/locale + for a in $(get_install_abis) ; do + if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then + dosym ../$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale + fi + done + + cd "${S}" + + # Install misc network config files + insinto /etc + doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf + doins "${WORKDIR}"/extra/etc/*.conf + + if use nscd ; then + doinitd "$(prefixify_ro "${WORKDIR}"/extra/etc/nscd)" + + local nscd_args=( + -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" + ) + + sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd + + systemd_dounit nscd/nscd.service + systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf + else + # Do this since extra/etc/*.conf above might have nscd.conf. + rm -f "${ED}"/etc/nscd.conf + fi + + echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc + doenvd "${T}"/00glibc + + for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do + [[ -s ${d} ]] && dodoc ${d} + done + + # Prevent overwriting of the /etc/localtime symlink. We'll handle the + # creation of the "factory" symlink in pkg_postinst(). + rm -f "${ED}"/etc/localtime +} + +glibc_headers_install() { + local builddir=$(builddir "headers") + cd "${builddir}" + emake install_root="${D}$(alt_prefix)" install-headers + + insinto $(alt_headers)/gnu + doins "${S}"/include/gnu/stubs.h + + # Make sure we install the sys-include symlink so that when + # we build a 2nd stage cross-compiler, gcc finds the target + # system headers correctly. See gcc/doc/gccinstall.info + dosym usr/include $(alt_prefix)/sys-include +} + +src_install() { + if just_headers ; then + export ABI=default + glibc_headers_install + return + fi + + foreach_abi glibc_do_src_install + src_strip +} + +pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + # Default /etc/hosts.conf:multi to on for systems with small dbs. + if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then + sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf + elog "Defaulting /etc/host.conf:multi to on" + fi + + [[ ${ROOT} != "/" ]] && return 0 + [[ -d ${ED}/$(get_libdir) ]] || return 0 + [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check +} + +pkg_postinst() { + # nothing to do if just installing headers + just_headers && return + + if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then + # Generate fastloading iconv module configuration file. + "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + fi + + if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then + # Reload init ... if in a chroot or a diff init package, ignore + # errors from this step #253697 + /sbin/telinit U 2>/dev/null + + # if the host locales.gen contains no entries, we'll install everything + local locale_list="${EROOT}etc/locale.gen" + if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then + ewarn "Generating all locales; edit /etc/locale.gen to save time/space" + locale_list="${EROOT}usr/share/i18n/SUPPORTED" + fi + locale-gen -j $(makeopts_jobs) --config "${locale_list}" + fi +} diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild new file mode 100644 index 000000000000..dacec0b7e245 --- /dev/null +++ b/sys-libs/glibc/glibc-9999.ebuild @@ -0,0 +1,796 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit prefix toolchain-glibc + +DESCRIPTION="GNU libc C library" +HOMEPAGE="https://www.gnu.org/software/libc/" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +RESTRICT="strip" # Strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="git://sourceware.org/git/glibc.git" + inherit git-r3 +else + # KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + KEYWORDS="" + SRC_URI="mirror://gnu/glibc/${P}.tar.xz" +fi + +RELEASE_VER=${PV} + +GCC_BOOTSTRAP_VER="4.7.3-r1" + +# Gentoo patchset +PATCH_VER="3" + +SRC_URI+=" https://dev.gentoo.org/~dilfridge/distfiles/${P}-patches-${PATCH_VER}.tar.bz2" +SRC_URI+=" multilib? ( https://dev.gentoo.org/~dilfridge/distfiles/gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 )" + +IUSE="audit caps debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Min kernel version nptl requires +: ${NPTL_KERN_VER:="2.6.32"} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +COMMON_DEPEND=" + nscd? ( selinux? ( + audit? ( sys-process/audit ) + caps? ( sys-libs/libcap ) + ) ) + suid? ( caps? ( sys-libs/libcap ) ) + selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) +" +DEPEND="${COMMON_DEPEND} + >=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 +" +RDEPEND="${COMMON_DEPEND} + !sys-kernel/ps3-sources + sys-apps/gentoo-functions + !sys-libs/nss-db +" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.9 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.9 + virtual/os-headers + " + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +# +# the phases +# + +pkg_pretend() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown + check_devpts + + # Prevent native builds from downgrading + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + # The high rev # is to allow people to downgrade between -r# versions. + # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. + # Hopefully we never actually use a r# this high. + if has_version ">${CATEGORY}/${P}-r10000" ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "Aborting to save your system" + fi + + if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "https://bugs.gentoo.org/262698" + die "Keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall(<bignum>) will break." + eerror "https://bugs.gentoo.org/279260" + die "Keeping your system alive, say thank you" + fi + fi + + # Users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "Lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read https://www.gentoo.org/doc/en/change-chost.xml" + die "Please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! tc-enables-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '<sys-libs/glibc-2.13' && \ + [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]] + then + ebegin "Scanning system for __guard to see if you need to rebuild first ..." + local files=$( + scanelf -qys__guard -F'#s%F' \ + "${EROOT}"/*bin/ \ + "${EROOT}"/lib* \ + "${EROOT}"/usr/*bin/ \ + "${EROOT}"/usr/lib* | \ + egrep -v \ + -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \ + -e "^${EROOT}/sbin/(ldconfig|sln)$" + ) + [[ -z ${files} ]] + if ! eend $? ; then + eerror "Your system still has old SSP __guard symbols. You need to" + eerror "rebuild all the packages that provide these files first:" + eerror "${files}" + die "old __guard detected" + fi + fi +} + +src_unpack() { + use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + setup_env + + # Check NPTL support _before_ we unpack things to save some time + check_nptl_support + + if [[ -n ${EGIT_REPO_URI} ]] ; then + git-r3_src_unpack + else + unpack ${P}.tar.xz + fi + + cd "${S}" + touch locale/C-translit.h #185476 #218003 + + cd "${WORKDIR}" + unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 + # pull out all the addons + local d + for d in extra/*/configure ; do + d=${d%/configure} + [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" + mv "${d}" "${S}" || die "moving ${d} failed" + done +} + +src_prepare() { + if ! use vanilla ; then + elog "Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." + eapply "${WORKDIR}"/patches + elog "Done." + fi + + if just_headers ; then + if [[ -e ports/sysdeps/mips/preconfigure ]] ; then + # mips peeps like to screw with us. if building headers, + # we don't have a real compiler, so we can't let them + # insert -mabi on us. + sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die + find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + + fi + fi + + default + + gnuconfig_update + + cd "${WORKDIR}" + find . -name configure -exec touch {} + + + eprefixify extra/locale/locale-gen + + # Fix permissions on some of the scripts. + chmod u+x "${S}"/scripts/*.sh + + cd "${S}" + + if use hardened ; then + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + fi +} + +glibc_do_configure() { + # Glibc does not work with gold (for various reasons) #269274. + tc-ld-disable-gold + + # CXX isnt handled by the multilib system, so if we dont unset here + # we accumulate crap across abis + unset CXX + + einfo "Configuring glibc for $1" + + local v + for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS ; do + einfo " $(printf '%15s' ${v}:) ${!v}" + done + + # The glibc configure script doesn't properly use LDFLAGS all the time. + export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}" + einfo " $(printf '%15s' 'Manual CC:') ${CC}" + + # Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548 + export CXX="$(tc-getCXX ${CTARGET}) $(get_abi_CFLAGS)" + einfo " $(printf '%15s' 'Manual CXX:') ${CXX}" + + echo + + local myconf=() + + # set addons + pushd "${S}" > /dev/null + local addons=$(echo */configure | sed \ + -e 's:/configure::g' \ + -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ + -e 's: \+$::' \ + -e 's! !,!g' \ + -e 's!^!,!' \ + -e '/^,\*$/d') + [[ -d ports ]] && addons+=",ports" + popd > /dev/null + + case ${CTARGET} in + powerpc-*) + # Currently gcc on powerpc32 generates invalid code for + # __builtin_return_address(0) calls. Normally programs + # don't do that but malloc hooks in glibc do: + # https://gcc.gnu.org/PR81996 + # https://bugs.gentoo.org/629054 + myconf+=( --enable-stack-protector=no ) + ;; + *) + myconf+=( --enable-stack-protector=all ) + ;; + esac + myconf+=( --enable-stackguard-randomization ) + + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) + + if [[ $1 == "nptl" ]] ; then + myconf+=( --enable-kernel=${NPTL_KERN_VER} ) + else + die "invalid pthread option" + fi + myconf+=( --enable-add-ons="${addons#,}" ) + + # Since SELinux support is only required for nscd, only enable it if: + # 1. USE selinux + # 2. only for the primary ABI on multilib systems + # 3. Not a crosscompile + if ! is_crosscompile && use selinux ; then + if use multilib ; then + if is_final_abi ; then + myconf+=( --with-selinux ) + else + myconf+=( --without-selinux ) + fi + else + myconf+=( --with-selinux ) + fi + else + myconf+=( --without-selinux ) + fi + + # Force a few tests where we always know the answer but + # configure is incapable of finding it. + if is_crosscompile ; then + export \ + libc_cv_c_cleanup=yes \ + libc_cv_forced_unwind=yes + fi + + myconf+=( + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + $(use_enable profile) + $(use_with gd) + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + --sysconfdir="${EPREFIX}/etc" + --localstatedir="${EPREFIX}/var" + --libdir='$(prefix)'/$(get_libdir) + --mandir='$(prefix)'/share/man + --infodir='$(prefix)'/share/info + --libexecdir='$(libdir)'/misc/glibc + --with-bugurl=https://bugs.gentoo.org/ + --with-pkgversion="$(glibc_banner)" + $(use_multiarch || echo --disable-multi-arch) + $(in_iuse systemtap && use_enable systemtap) + $(in_iuse nscd && use_enable nscd) + ${EXTRA_ECONF} + ) + + # We rely on sys-libs/timezone-data for timezone tools normally. + myconf+=( $(use_enable vanilla timezone-tools) ) + + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no) + ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no) + + # There is no configure option for this and we need to export it + # since the glibc build will re-run configure on itself + export libc_cv_rootsbindir="${EPREFIX}/sbin" + export libc_cv_slibdir="${EPREFIX}/$(get_libdir)" + + # We take care of patching our binutils to use both hash styles, + # and many people like to force gnu hash style only, so disable + # this overriding check. #347761 + export libc_cv_hashstyle=no + + local builddir=$(builddir "$1") + mkdir -p "${builddir}" + cd "${builddir}" + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + "$@" || die "failed to configure glibc" + + # ia64 static cross-compilers are a pita in so much that they + # can't produce static ELFs (as the libgcc.a is broken). so + # disable building of the programs for those targets if it + # doesn't work. + # XXX: We could turn this into a compiler test, but ia64 is + # the only one that matters, so this should be fine for now. + if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then + sed -i '1i+link-static = touch $@' config.make + fi + + # If we're trying to migrate between ABI sets, we need + # to lie and use a local copy of gcc. Like if the system + # is built with MULTILIB_ABIS="amd64 x86" but we want to + # add x32 to it, gcc/glibc don't yet support x32. + if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then + echo 'main(){}' > "${T}"/test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then + sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die + mkdir -p sunrpc + cp $(which rpcgen) sunrpc/cross-rpcgen || die + touch -t 202001010101 sunrpc/cross-rpcgen || die + fi + fi +} + +glibc_headers_configure() { + export ABI=default + + local builddir=$(builddir "headers") + mkdir -p "${builddir}" + cd "${builddir}" + + # if we don't have a compiler yet, we can't really test it now ... + # hopefully they don't affect header generation, so let's hope for + # the best here ... + local v vars=( + ac_cv_header_cpuid_h=yes + libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes + libc_cv_asm_cfi_directives=yes + libc_cv_broken_visibility_attribute=no + libc_cv_c_cleanup=yes + libc_cv_forced_unwind=yes + libc_cv_gcc___thread=yes + libc_cv_mlong_double_128=yes + libc_cv_mlong_double_128ibm=yes + libc_cv_ppc_machine=yes + libc_cv_ppc_rel16=yes + libc_cv_predef_fortify_source=no + libc_cv_visibility_attribute=yes + libc_cv_z_combreloc=yes + libc_cv_z_execstack=yes + libc_cv_z_initfirst=yes + libc_cv_z_nodelete=yes + libc_cv_z_nodlopen=yes + libc_cv_z_relro=yes + libc_mips_abi=${ABI} + libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) + # These libs don't have configure flags. + ac_cv_lib_audit_audit_log_user_avc_message=no + ac_cv_lib_cap_cap_init=no + ) + + einfo "Forcing cached settings:" + for v in "${vars[@]}" ; do + einfo " ${v}" + export ${v} + done + + # Blow away some random CC settings that screw things up. #550192 + if [[ -d ${S}/sysdeps/mips ]]; then + pushd "${S}"/sysdeps/mips >/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + + # Force the mips ABI to the default. This is OK because the set of + # installed headers in this phase is the same between the 3 ABIs. + # If this ever changes, this hack will break, but that's unlikely + # as glibc discourages that behavior. + # https://crbug.com/647033 + sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die + + popd >/dev/null + fi + + local myconf=() + myconf+=( + --disable-sanity-checks + --enable-hacker-mode + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + --with-headers=$(alt_build_headers) + --prefix="${EPREFIX}/usr" + ${EXTRA_ECONF} + ) + + local addons + [[ -d ${S}/ports ]] && addons+=",ports" + myconf+=( --enable-add-ons="${addons#,}" ) + + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC/CFLAGS is sane. + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + CC="$(tc-getBUILD_CC)" \ + CFLAGS="-O1 -pipe" \ + CPPFLAGS="-U_FORTIFY_SOURCE" \ + LDFLAGS="" \ + "$@" || die "failed to configure glibc" +} + +do_src_configure() { + if just_headers ; then + glibc_headers_configure + else + glibc_do_configure nptl + fi +} + +src_configure() { + foreach_abi do_src_configure +} + +do_src_compile() { + emake -C "$(builddir nptl)" || die "make nptl for ${ABI} failed" +} + +src_compile() { + if just_headers ; then + return + fi + + foreach_abi do_src_compile +} + +glibc_src_test() { + cd "$(builddir $1)" + emake -j1 check +} + +do_src_test() { + local ret=0 + + glibc_src_test nptl + : $(( ret |= $? )) + + return ${ret} +} + +src_test() { + # Give tests more time to complete. + export TIMEOUTFACTOR=5 + + foreach_abi do_src_test || die "tests failed" +} + +glibc_do_src_install() { + local builddir=$(builddir nptl) + cd "${builddir}" + + emake install_root="${D}$(alt_prefix)" install || die + + # This version (2.26) provides some compatibility libraries for the NIS/NIS+ support + # which come without headers etc. Only needed for binary packages since the + # external net-libs/libnsl has increased soversion. Keep only versioned libraries. + find "${D}" -name "libnsl.a" -delete + find "${D}" -name "libnsl.so" -delete + + # Normally real_pv is ${PV}. Live ebuilds are exception, there we need + # to infer upstream version: + # '#define VERSION "2.26.90"' -> '2.26.90' + local upstream_pv=$(sed -n -r 's/#define VERSION "(.*)"/\1/p' "${S}"/version.h) + + # Newer versions get fancy with libm linkage to include vectorized support. + # While we don't really need a ldscript here, portage QA checks get upset. + if [[ -e ${ED}$(alt_usrlibdir)/libm-${upstream_pv}.a ]] ; then + dosym ../../$(get_libdir)/libm-${upstream_pv}.so $(alt_usrlibdir)/libm-${upstream_pv}.so + fi + + # We'll take care of the cache ourselves + rm -f "${ED}"/etc/ld.so.cache + + # Everything past this point just needs to be done once ... + is_final_abi || return 0 + + # Make sure the non-native interp can be found on multilib systems even + # if the main library set isn't installed into the right place. Maybe + # we should query the active gcc for info instead of hardcoding it ? + local i ldso_abi ldso_name + local ldso_abi_list=( + # x86 + amd64 /lib64/ld-linux-x86-64.so.2 + x32 /libx32/ld-linux-x32.so.2 + x86 /lib/ld-linux.so.2 + # mips + o32 /lib/ld.so.1 + n32 /lib32/ld.so.1 + n64 /lib64/ld.so.1 + # powerpc + ppc /lib/ld.so.1 + ppc64 /lib64/ld64.so.1 + # s390 + s390 /lib/ld.so.1 + s390x /lib/ld64.so.1 + # sparc + sparc32 /lib/ld-linux.so.2 + sparc64 /lib64/ld-linux.so.2 + ) + case $(tc-endian) in + little) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64.so.1 + ) + ;; + big) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64_be.so.1 + ) + ;; + esac + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + fi + for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do + ldso_abi=${ldso_abi_list[i]} + has ${ldso_abi} $(get_install_abis) || continue + + ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then + dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} + fi + done + + # With devpts under Linux mounted properly, we do not need the pt_chown + # binary to be setuid. This is because the default owners/perms will be + # exactly what we want. + if in_iuse suid && ! use suid ; then + find "${ED}" -name pt_chown -exec chmod -s {} + + fi + + ################################################################# + # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # + # Make sure we install some symlink hacks so that when we build + # a 2nd stage cross-compiler, gcc finds the target system + # headers correctly. See gcc/doc/gccinstall.info + if is_crosscompile ; then + # We need to make sure that /lib and /usr/lib always exists. + # gcc likes to use relative paths to get to its multilibs like + # /usr/lib/../lib64/. So while we don't install any files into + # /usr/lib/, we do need it to exist. + cd "${ED}"$(alt_libdir)/.. + [[ -e lib ]] || mkdir lib + cd "${ED}"$(alt_usrlibdir)/.. + [[ -e lib ]] || mkdir lib + + dosym usr/include $(alt_prefix)/sys-include + return 0 + fi + + # Files for Debian-style locale updating + dodir /usr/share/i18n + sed \ + -e "/^#/d" \ + -e "/SUPPORTED-LOCALES=/d" \ + -e "s: \\\\::g" -e "s:/: :g" \ + "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ + || die "generating /usr/share/i18n/SUPPORTED failed" + cd "${WORKDIR}"/extra/locale + dosbin locale-gen + doman *.[0-8] + insinto /etc + doins locale.gen + + # Make sure all the ABI's can find the locales and so we only + # have to generate one set + local a + keepdir /usr/$(get_libdir)/locale + for a in $(get_install_abis) ; do + if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then + dosym ../$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale + fi + done + + cd "${S}" + + # Install misc network config files + insinto /etc + doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf + doins "${WORKDIR}"/extra/etc/*.conf + + if use nscd ; then + doinitd "$(prefixify_ro "${WORKDIR}"/extra/etc/nscd)" + + local nscd_args=( + -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" + ) + + sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd + + systemd_dounit nscd/nscd.service + systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf + else + # Do this since extra/etc/*.conf above might have nscd.conf. + rm -f "${ED}"/etc/nscd.conf + fi + + echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc + doenvd "${T}"/00glibc + + for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do + [[ -s ${d} ]] && dodoc ${d} + done + + # Prevent overwriting of the /etc/localtime symlink. We'll handle the + # creation of the "factory" symlink in pkg_postinst(). + rm -f "${ED}"/etc/localtime +} + +glibc_headers_install() { + local builddir=$(builddir "headers") + cd "${builddir}" + emake install_root="${D}$(alt_prefix)" install-headers + + insinto $(alt_headers)/gnu + doins "${S}"/include/gnu/stubs.h + + # Make sure we install the sys-include symlink so that when + # we build a 2nd stage cross-compiler, gcc finds the target + # system headers correctly. See gcc/doc/gccinstall.info + dosym usr/include $(alt_prefix)/sys-include +} + +src_install() { + if just_headers ; then + export ABI=default + glibc_headers_install + return + fi + + foreach_abi glibc_do_src_install + src_strip +} + +pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + # Default /etc/hosts.conf:multi to on for systems with small dbs. + if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then + sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf + elog "Defaulting /etc/host.conf:multi to on" + fi + + [[ ${ROOT} != "/" ]] && return 0 + [[ -d ${ED}/$(get_libdir) ]] || return 0 + [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check +} + +pkg_postinst() { + # nothing to do if just installing headers + just_headers && return + + if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then + # Generate fastloading iconv module configuration file. + "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + fi + + if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then + # Reload init ... if in a chroot or a diff init package, ignore + # errors from this step #253697 + /sbin/telinit U 2>/dev/null + + # if the host locales.gen contains no entries, we'll install everything + local locale_list="${EROOT}etc/locale.gen" + if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then + ewarn "Generating all locales; edit /etc/locale.gen to save time/space" + locale_list="${EROOT}usr/share/i18n/SUPPORTED" + fi + locale-gen -j $(makeopts_jobs) --config "${locale_list}" + fi +} diff --git a/sys-libs/glibc/metadata.xml b/sys-libs/glibc/metadata.xml new file mode 100644 index 000000000000..e6ebe220ca6b --- /dev/null +++ b/sys-libs/glibc/metadata.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>toolchain@gentoo.org</email> + <name>Gentoo Toolchain Project</name> +</maintainer> +<use> + <flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag> + <flag name="gd">build memusage and memusagestat tools</flag> + <flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag> + <flag name="rpc">Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391)</flag> + <flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag> + <flag name="systemtap">enable systemtap static probe points</flag> +</use> +<upstream> + <remote-id type="cpe">cpe:/a:gnu:glibc</remote-id> +</upstream> +</pkgmetadata> |