summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndreas K. Hüttel <dilfridge@gentoo.org>2019-04-11 22:53:02 +0200
committerAndreas K. Hüttel <dilfridge@gentoo.org>2019-04-11 22:53:20 +0200
commit1115b22539a40f78cf79a1aa70496fd84d909c00 (patch)
tree6f1fe74aafe29645a7b3c9321f262ccaa8f1e402 /sys-libs/glibc
parentsci-visualization/gle: Fix building with media-libs/jpeg (diff)
downloadgentoo-1115b22539a40f78cf79a1aa70496fd84d909c00.tar.gz
gentoo-1115b22539a40f78cf79a1aa70496fd84d909c00.tar.bz2
gentoo-1115b22539a40f78cf79a1aa70496fd84d909c00.zip
sys-libs/glibc: Remove old
Package-Manager: Portage-2.3.62, Repoman-2.3.12 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'sys-libs/glibc')
-rw-r--r--sys-libs/glibc/Manifest2
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c315
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch30
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch274
-rw-r--r--sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch42
-rw-r--r--sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c314
-rw-r--r--sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c322
-rw-r--r--sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch277
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c299
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c2
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch306
-rw-r--r--sys-libs/glibc/glibc-2.21-r2.ebuild149
12 files changed, 0 insertions, 2332 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
index 94189ff713a..49cc077e29f 100644
--- a/sys-libs/glibc/Manifest
+++ b/sys-libs/glibc/Manifest
@@ -2,8 +2,6 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 BLAKE2B 3cc5c82cd57d0fbd26d
DIST gcc-multilib-bootstrap-20180511.tar.xz 2392908 BLAKE2B f3cf614399368acd8908f60d894c6344a2fa09383b30c1633a0682bc668367c8a2f8c6fec2d41b6e2178d709a2bd8db57e8b2ab56ba263c7d56f819c15acd061 SHA512 98c766e913693ab42ff790557acde2a36a8001e2648046a685b21964200df8d4d52d8452d499c0068c6648284d086ce062c2d36e2c6c2fd8aacd232d193f2853
DIST glibc-2.19-patches-9.tar.bz2 24584 BLAKE2B a96e930a5bd20fa75d9f259cc2117fa5ce98072274a24a5823bf877e3739fa4c001a94d7865e065ee0527f3974430d27da8038e042340a451ad2052c62724f26 SHA512 a95b3063ade974a3556480b798b317d33c7423a8cb9e69f67249ffb8b3d3c671d70d2d5f782c1efadc0bec4cc49a96d4fe89911f3dfcd85b459f69f3b4f38f0e
DIST glibc-2.19.tar.xz 12083312 BLAKE2B 9dc03346e0f0df4bf009a92d894b0a9f964ff92b7f4c9663cedf1cb6cf90435f28a15539d33791ecf43ee578fa4e26f916af0367651312ef8f9c1c38ce0dafa2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d
-DIST glibc-2.21-patches-7.tar.bz2 46894 BLAKE2B 5a15a3a5ca515351d5d41baaa59ae6b6d1c353f1500c3b8dcd6da895119c89afee9ef6afaa1e7d617f2cf7b7504635e5733429f65847acaa63c0a7bf8233ee9c SHA512 e4cca3d753c0b9d213c0ed85e3d08cbbf6517862b3a48af987e010abaf5a022b47330040ced183d30b5b934de7587e97b4342e51a6df3d5cfa768bdd8b43b756
-DIST glibc-2.21.tar.xz 12322092 BLAKE2B 1ce2be09787138262b59b56235e20777459e99861c65694b96f63d7faf24da8655882dd23b39c28a8a2d338c50710f76e1e4dc39a3f4ce9736ef2cbf7f99ed5b SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d
DIST glibc-2.22-patches-13.tar.bz2 74479 BLAKE2B 1ab31614e8334508a63c842f503a395ff3ebeaa33d1890eab1d9e2985cb39064960053f2bbf99ec3bdec0ba5a80d259ca6b964fcaed9d99dcb6da84ddb8dd364 SHA512 73517fc1502b0733d67ade1d1ba6168415f5da64f37045fac0b10ef57155bf6dfbe1876e4742d2543fcea0c935c179426f6fbb94f0205968392ef903d2f83897
DIST glibc-2.22.tar.xz 12969072 BLAKE2B 36a2e08cf4c5c9396c414fcf5cf5f32d0a78a61e06a1309fbc5f560bed7a7f25a084f5f5c1097014d0911239c710ac9c06f6b6d603238b9c928dd286ebd05bbf SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b
DIST glibc-2.23-patches-8.tar.bz2 304199 BLAKE2B 693e40090dbe43f0e9c1faa0bce75e43d5d3924b40c141f9d00ef147fd285b03e2c3bab6a32d1bf6978ca139c3f071f685d5caf1bffb1cce7e1d1f3c346e5c50 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
deleted file mode 100644
index 37711e8aacb..00000000000
--- a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
+++ /dev/null
@@ -1,315 +0,0 @@
-/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
-
-/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
- * License terms as above.
- *
- * Hardened Gentoo SSP and FORTIFY handler
- *
- * An SSP failure handler that does not use functions from the rest of
- * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
- * no possibility of recursion into the handler.
- *
- * Direct all bug reports to http://bugs.gentoo.org/
- *
- * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
- * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
- *
- * The following people contributed to the glibc-2.3 Hardened
- * Gentoo SSP and FORTIFY handler, from which this implementation draws much:
- *
- * Ned Ludd - <solar[@]gentoo.org>
- * Alexander Gabert - <pappy[@]gentoo.org>
- * The PaX Team - <pageexec[@]freemail.hu>
- * Peter S. Mazinger - <ps.m[@]gmx.net>
- * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
- * Robert Connolly - <robert[@]linuxfromscratch.org>
- * Cory Visi <cory[@]visi.name>
- * Mike Frysinger <vapier[@]gentoo.org>
- * Magnus Granberg <zorry[@]ume.nu>
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/types.h>
-
-#include <sysdep-cancel.h>
-#include <sys/syscall.h>
-#include <bp-checks.h>
-
-#include <kernel-features.h>
-
-#include <alloca.h>
-/* from sysdeps */
-#include <socketcall.h>
-/* for the stuff in bits/socket.h */
-#include <sys/socket.h>
-#include <sys/un.h>
-
-/* Sanity check on SYSCALL macro names - force compilation
- * failure if the names used here do not exist
- */
-#if !defined __NR_socketcall && !defined __NR_socket
-# error Cannot do syscall socket or socketcall
-#endif
-#if !defined __NR_socketcall && !defined __NR_connect
-# error Cannot do syscall connect or socketcall
-#endif
-#ifndef __NR_write
-# error Cannot do syscall write
-#endif
-#ifndef __NR_close
-# error Cannot do syscall close
-#endif
-#ifndef __NR_getpid
-# error Cannot do syscall getpid
-#endif
-#ifndef __NR_kill
-# error Cannot do syscall kill
-#endif
-#ifndef __NR_exit
-# error Cannot do syscall exit
-#endif
-#ifdef SSP_SMASH_DUMPS_CORE
-# define ENABLE_SSP_SMASH_DUMPS_CORE 1
-# if !defined _KERNEL_NSIG && !defined _NSIG
-# error No _NSIG or _KERNEL_NSIG for rt_sigaction
-# endif
-# if !defined __NR_sigaction && !defined __NR_rt_sigaction
-# error Cannot do syscall sigaction or rt_sigaction
-# endif
-/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
- * of the _kernel_ sigset_t which is not the same as the user sigset_t.
- * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
- * some reason.
- */
-# ifdef _KERNEL_NSIG
-# define _SSP_NSIG _KERNEL_NSIG
-# else
-# define _SSP_NSIG _NSIG
-# endif
-#else
-# define _SSP_NSIG 0
-# define ENABLE_SSP_SMASH_DUMPS_CORE 0
-#endif
-
-/* Define DO_SIGACTION - default to newer rt signal interface but
- * fallback to old as needed.
- */
-#ifdef __NR_rt_sigaction
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
-#else
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
-#endif
-
-/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
-#if defined(__NR_socket) && defined(__NR_connect)
-# define USE_OLD_SOCKETCALL 0
-#else
-# define USE_OLD_SOCKETCALL 1
-#endif
-
-/* stub out the __NR_'s so we can let gcc optimize away dead code */
-#ifndef __NR_socketcall
-# define __NR_socketcall 0
-#endif
-#ifndef __NR_socket
-# define __NR_socket 0
-#endif
-#ifndef __NR_connect
-# define __NR_connect 0
-#endif
-#define DO_SOCKET(result, domain, type, protocol) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = domain; \
- socketargs[1] = type; \
- socketargs[2] = protocol; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
- } else \
- result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
- } while (0)
-#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = sockfd; \
- socketargs[1] = (unsigned long int)serv_addr; \
- socketargs[2] = addrlen; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
- } else \
- result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
- } while (0)
-
-#ifndef _PATH_LOG
-# define _PATH_LOG "/dev/log"
-#endif
-
-static const char path_log[] = _PATH_LOG;
-
-/* For building glibc with SSP switched on, define __progname to a
- * constant if building for the run-time loader, to avoid pulling
- * in more of libc.so into ld.so
- */
-#ifdef IS_IN_rtld
-static char *__progname = "<rtld>";
-#else
-extern char *__progname;
-#endif
-
-/* Common handler code, used by chk_fail
- * Inlined to ensure no self-references to the handler within itself.
- * Data static to avoid putting more than necessary on the stack,
- * to aid core debugging.
- */
-__attribute__ ((__noreturn__ , __always_inline__))
-static inline void
-__hardened_gentoo_chk_fail(char func[], int damaged)
-{
-#define MESSAGE_BUFSIZ 256
- static pid_t pid;
- static int plen, i;
- static char message[MESSAGE_BUFSIZ];
- static const char msg_ssa[] = ": buffer overflow attack";
- static const char msg_inf[] = " in function ";
- static const char msg_ssd[] = "*** buffer overflow detected ***: ";
- static const char msg_terminated[] = " - terminated\n";
- static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
- static const char msg_unknown[] = "<unknown>";
- static int log_socket, connect_result;
- static struct sockaddr_un sock;
- static unsigned long int socketargs[4];
-
- /* Build socket address
- */
- sock.sun_family = AF_UNIX;
- i = 0;
- while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
- sock.sun_path[i] = path_log[i];
- i++;
- }
- sock.sun_path[i] = '\0';
-
- /* Try SOCK_DGRAM connection to syslog */
- connect_result = -1;
- DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- if (connect_result == -1) {
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
- /* Try SOCK_STREAM connection to syslog */
- DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- }
-
- /* Build message. Messages are generated both in the old style and new style,
- * so that log watchers that are configured for the old-style message continue
- * to work.
- */
-#define strconcat(str) \
- {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
- {\
- message[plen+i]=str[i];\
- i++;\
- }\
- plen+=i;}
-
- /* R.Henderson post-gcc-4 style message */
- plen = 0;
- strconcat(msg_ssd);
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Dr. Etoh pre-gcc-4 style message */
- plen = 0;
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_ssa);
- strconcat(msg_inf);
- if (func != NULL)
- strconcat(func)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Direct reports to bugs.gentoo.org */
- plen=0;
- strconcat(msg_report);
- message[plen++]='\0';
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
-
- /* Suicide */
- pid = INLINE_SYSCALL(getpid, 0);
-
- if (ENABLE_SSP_SMASH_DUMPS_CORE) {
- static struct sigaction default_abort_act;
- /* Remove any user-supplied handler for SIGABRT, before using it */
- default_abort_act.sa_handler = SIG_DFL;
- default_abort_act.sa_sigaction = NULL;
- __sigfillset(&default_abort_act.sa_mask);
- default_abort_act.sa_flags = 0;
- if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
- INLINE_SYSCALL(kill, 2, pid, SIGABRT);
- }
-
- /* Note; actions cannot be added to SIGKILL */
- INLINE_SYSCALL(kill, 2, pid, SIGKILL);
-
- /* In case the kill didn't work, exit anyway
- * The loop prevents gcc thinking this routine returns
- */
- while (1)
- INLINE_SYSCALL(exit, 0);
-}
-
-__attribute__ ((__noreturn__))
-void __chk_fail(void)
-{
- __hardened_gentoo_chk_fail(NULL, 0);
-}
-
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
deleted file mode 100644
index e75ccc788c8..00000000000
--- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Prevent default-fPIE from confusing configure into thinking
-PIC code is default. This causes glibc to build both PIC and
-non-PIC code as normal, which on the hardened compiler generates
-PIC and PIE.
-
-Patch by Kevin F. Quinn <kevquinn@gentoo.org>
-Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu>
-
---- configure.in
-+++ configure.in
-@@ -2145,7 +2145,7 @@
- # error PIC is default.
- #endif
- EOF
--if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
- libc_cv_pic_default=no
- fi
- rm -f conftest.*])
---- configure
-+++ configure
-@@ -7698,7 +7698,7 @@
- # error PIC is default.
- #endif
- EOF
--if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
-+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
- libc_cv_pic_default=no
- fi
- rm -f conftest.*
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
deleted file mode 100644
index cb6d8e3c78b..00000000000
--- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+++ /dev/null
@@ -1,274 +0,0 @@
-When building glibc PIE (which is not something upstream support),
-several modifications are necessary to the glibc build process.
-
-First, any syscalls in PIEs must be of the PIC variant, otherwise
-textrels ensue. Then, any syscalls made before the initialisation
-of the TLS will fail on i386, as the sysenter variant on i386 uses
-the TLS, giving rise to a chicken-and-egg situation. This patch
-defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
-version is normally used, and uses the non-sysenter version for the brk
-syscall that is performed by the TLS initialisation. Further, the TLS
-initialisation is moved in this case prior to the initialisation of
-dl_osversion, as that requires further syscalls.
-
-csu/libc-start.c: Move initial TLS initialization to before the
-initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
-
-csu/libc-tls.c: Use the no-sysenter version of sbrk when
-INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
-version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-misc/brk.c: Define a no-sysenter version of brk if
-INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
-Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
-
-Patch by Kevin F. Quinn <kevquinn@gentoo.org>
-Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
-
---- csu/libc-start.c
-+++ csu/libc-start.c
-@@ -28,6 +28,7 @@
- extern int __libc_multiple_libcs;
-
- #include <tls.h>
-+#include <sysdep.h>
- #ifndef SHARED
- # include <dl-osinfo.h>
- extern void __pthread_initialize_minimal (void);
-@@ -129,6 +130,11 @@
- # endif
- _dl_aux_init (auxvec);
- # endif
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ /* Do the initial TLS initialization before _dl_osversion,
-+ since the latter uses the uname syscall. */
-+ __pthread_initialize_minimal ();
-+# endif
- # ifdef DL_SYSDEP_OSCHECK
- if (!__libc_multiple_libcs)
- {
-@@ -138,10 +144,12 @@
- }
- # endif
-
-+# ifndef INTERNAL_SYSCALL_NOSYSENTER
- /* Initialize the thread library at least a bit since the libgcc
- functions are using thread functions if these are available and
- we need to setup errno. */
- __pthread_initialize_minimal ();
-+# endif
-
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
---- csu/libc-tls.c
-+++ csu/libc-tls.c
-@@ -23,6 +23,7 @@
- #include <unistd.h>
- #include <stdio.h>
- #include <sys/param.h>
-+#include <sysdep.h>
-
-
- #ifdef SHARED
-@@ -29,6 +30,9 @@
- #error makefile bug, this file is for static only
- #endif
-
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+extern void *__sbrk_nosysenter (intptr_t __delta);
-+#endif
- extern ElfW(Phdr) *_dl_phdr;
- extern size_t _dl_phnum;
-
-@@ -141,14 +145,26 @@
-
- The initialized value of _dl_tls_static_size is provided by dl-open.c
- to request some surplus that permits dynamic loading of modules with
-- IE-model TLS. */
-+ IE-model TLS.
-+
-+ Where the normal sbrk would use a syscall that needs the TLS (i386)
-+ use the special non-sysenter version instead. */
- #if TLS_TCB_AT_TP
- tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
-+# else
- tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
-+# endif
- #elif TLS_DTV_AT_TP
- tcb_offset = roundup (tcbsize, align ?: 1);
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
-+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
-+# else
- tlsblock = __sbrk (tcb_offset + memsz + max_align
- + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
-+# endif
- tlsblock += TLS_PRE_TCB_SIZE;
- #else
- /* In case a model with a different layout for the TCB and DTV
---- misc/sbrk.c
-+++ misc/sbrk.c
-@@ -18,6 +18,7 @@
- #include <errno.h>
- #include <stdint.h>
- #include <unistd.h>
-+#include <sysdep.h>
-
- /* Defined in brk.c. */
- extern void *__curbrk;
-@@ -29,6 +30,35 @@
- /* Extend the process's data space by INCREMENT.
- If INCREMENT is negative, shrink data space by - INCREMENT.
- Return start of new space allocated, or -1 for errors. */
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ if the SYSENTER version requires the TLS (which it does on i386).
-+ Obviously using the TLS before it is initialised is broken. */
-+extern int __brk_nosysenter (void *addr);
-+void *
-+__sbrk_nosysenter (intptr_t increment)
-+{
-+ void *oldbrk;
-+
-+ /* If this is not part of the dynamic library or the library is used
-+ via dynamic loading in a statically linked program update
-+ __curbrk from the kernel's brk value. That way two separate
-+ instances of __brk and __sbrk can share the heap, returning
-+ interleaved pieces of it. */
-+ if (__curbrk == NULL || __libc_multiple_libcs)
-+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
-+ return (void *) -1;
-+
-+ if (increment == 0)
-+ return __curbrk;
-+
-+ oldbrk = __curbrk;
-+ if (__brk_nosysenter (oldbrk + increment) < 0)
-+ return (void *) -1;
-+
-+ return oldbrk;
-+}
-+#endif
- void *
- __sbrk (intptr_t increment)
- {
---- sysdeps/unix/sysv/linux/i386/brk.c
-+++ sysdeps/unix/sysv/linux/i386/brk.c
-@@ -31,6 +31,30 @@
- linker. */
- weak_alias (__curbrk, ___brk_addr)
-
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ * if the SYSENTER version requires the TLS (which it does on i386).
-+ * Obviously using the TLS before it is initialised is broken. */
-+int
-+__brk_nosysenter (void *addr)
-+{
-+ void *__unbounded newbrk;
-+
-+ INTERNAL_SYSCALL_DECL (err);
-+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
-+ __ptrvalue (addr));
-+
-+ __curbrk = newbrk;
-+
-+ if (newbrk < addr)
-+ {
-+ __set_errno (ENOMEM);
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+#endif
- int
- __brk (void *addr)
- {
---- sysdeps/unix/sysv/linux/i386/sysdep.h
-+++ sysdeps/unix/sysv/linux/i386/sysdep.h
-@@ -187,7 +187,7 @@
- /* The original calling convention for system calls on Linux/i386 is
- to use int $0x80. */
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# if defined SHARED || defined __PIC__
- # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
- # else
- # define ENTER_KERNEL call *_dl_sysinfo
-@@ -358,7 +358,7 @@
- possible to use more than four parameters. */
- #undef INTERNAL_SYSCALL
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# if defined SHARED || defined __PIC__
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
- register unsigned int resultvar; \
-@@ -384,6 +384,18 @@
- : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
- ASMFMT_##nr(args) : "memory", "cc"); \
- (int) resultvar; })
-+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
-+ ({ \
-+ register unsigned int resultvar; \
-+ EXTRAVAR_##nr \
-+ asm volatile ( \
-+ LOADARGS_NOSYSENTER_##nr \
-+ "movl %1, %%eax\n\t" \
-+ "int $0x80\n\t" \
-+ RESTOREARGS_NOSYSENTER_##nr \
-+ : "=a" (resultvar) \
-+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
-+ (int) resultvar; })
- # else
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
-@@ -447,12 +459,20 @@
-
- #define LOADARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
- # define LOADARGS_1 \
- "bpushl .L__X'%k3, %k3\n\t"
- # define LOADARGS_5 \
- "movl %%ebx, %4\n\t" \
- "movl %3, %%ebx\n\t"
-+# define LOADARGS_NOSYSENTER_1 \
-+ "bpushl .L__X'%k2, %k2\n\t"
-+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
-+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_5 \
-+ "movl %%ebx, %3\n\t" \
-+ "movl %2, %%ebx\n\t"
- # else
- # define LOADARGS_1 \
- "bpushl .L__X'%k2, %k2\n\t"
-@@ -474,11 +495,18 @@
-
- #define RESTOREARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k3, %k3\n\t"
- # define RESTOREARGS_5 \
- "movl %4, %%ebx"
-+# define RESTOREARGS_NOSYSENTER_1 \
-+ "bpopl .L__X'%k2, %k2\n\t"
-+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
-+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_5 \
-+ "movl %3, %%ebx"
- # else
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
deleted file mode 100644
index da4fb82539c..00000000000
--- a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-2012-11-11 Magnus Granberg <zorry@gentoo.org>
-
- #442712
- * Makeconfig (+link): Set to +link-pie.
- (+link-static-before-libc): Change $(static-start-installed-name) to
- S$(static-start-installed-name).
- (+prector): Set to +prectorS.
- (+postctor): Set to +postctorS.
-
---- libc/Makeconfig
-+++ libc/Makeconfig
-@@ -447,11 +447,12 @@
- $(common-objpfx)libc% $(+postinit),$^) \
- $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
- endif
-++link = $(+link-pie)
- # Command for statically linking programs with the C library.
- ifndef +link-static
- +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
- $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
-- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
-+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
- $(+preinit) $(+prectorT) \
- $(filter-out $(addprefix $(csu-objpfx),start.o \
- $(start-installed-name))\
-@@ -549,11 +550,10 @@
- ifeq ($(elf),yes)
- +preinit = $(addprefix $(csu-objpfx),crti.o)
- +postinit = $(addprefix $(csu-objpfx),crtn.o)
--+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
--+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
--# Variants of the two previous definitions for linking PIE programs.
- +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
- +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
-++prector = $(+prectorS)
-++postctor = $(+postctorS)
- # Variants of the two previous definitions for statically linking programs.
- +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
- +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
- +interp = $(addprefix $(elf-objpfx),interp.os)
- endif
- csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
deleted file mode 100644
index c1934362f62..00000000000
--- a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c
+++ /dev/null
@@ -1,314 +0,0 @@
-/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
-
-/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
- * License terms as above.
- *
- * Hardened Gentoo SSP and FORTIFY handler
- *
- * An SSP failure handler that does not use functions from the rest of
- * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
- * no possibility of recursion into the handler.
- *
- * Direct all bug reports to http://bugs.gentoo.org/
- *
- * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
- * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
- *
- * The following people contributed to the glibc-2.3 Hardened
- * Gentoo SSP and FORTIFY handler, from which this implementation draws much:
- *
- * Ned Ludd - <solar[@]gentoo.org>
- * Alexander Gabert - <pappy[@]gentoo.org>
- * The PaX Team - <pageexec[@]freemail.hu>
- * Peter S. Mazinger - <ps.m[@]gmx.net>
- * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
- * Robert Connolly - <robert[@]linuxfromscratch.org>
- * Cory Visi <cory[@]visi.name>
- * Mike Frysinger <vapier[@]gentoo.org>
- * Magnus Granberg <zorry[@]ume.nu>
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/types.h>
-
-#include <sysdep-cancel.h>
-#include <sys/syscall.h>
-
-#include <kernel-features.h>
-
-#include <alloca.h>
-/* from sysdeps */
-#include <socketcall.h>
-/* for the stuff in bits/socket.h */
-#include <sys/socket.h>
-#include <sys/un.h>
-
-/* Sanity check on SYSCALL macro names - force compilation
- * failure if the names used here do not exist
- */
-#if !defined __NR_socketcall && !defined __NR_socket
-# error Cannot do syscall socket or socketcall
-#endif
-#if !defined __NR_socketcall && !defined __NR_connect
-# error Cannot do syscall connect or socketcall
-#endif
-#ifndef __NR_write
-# error Cannot do syscall write
-#endif
-#ifndef __NR_close
-# error Cannot do syscall close
-#endif
-#ifndef __NR_getpid
-# error Cannot do syscall getpid
-#endif
-#ifndef __NR_kill
-# error Cannot do syscall kill
-#endif
-#ifndef __NR_exit
-# error Cannot do syscall exit
-#endif
-#ifdef SSP_SMASH_DUMPS_CORE
-# define ENABLE_SSP_SMASH_DUMPS_CORE 1
-# if !defined _KERNEL_NSIG && !defined _NSIG
-# error No _NSIG or _KERNEL_NSIG for rt_sigaction
-# endif
-# if !defined __NR_sigaction && !defined __NR_rt_sigaction
-# error Cannot do syscall sigaction or rt_sigaction
-# endif
-/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
- * of the _kernel_ sigset_t which is not the same as the user sigset_t.
- * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
- * some reason.
- */
-# ifdef _KERNEL_NSIG
-# define _SSP_NSIG _KERNEL_NSIG
-# else
-# define _SSP_NSIG _NSIG
-# endif
-#else
-# define _SSP_NSIG 0
-# define ENABLE_SSP_SMASH_DUMPS_CORE 0
-#endif
-
-/* Define DO_SIGACTION - default to newer rt signal interface but
- * fallback to old as needed.
- */
-#ifdef __NR_rt_sigaction
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
-#else
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
-#endif
-
-/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
-#if defined(__NR_socket) && defined(__NR_connect)
-# define USE_OLD_SOCKETCALL 0
-#else
-# define USE_OLD_SOCKETCALL 1
-#endif
-
-/* stub out the __NR_'s so we can let gcc optimize away dead code */
-#ifndef __NR_socketcall
-# define __NR_socketcall 0
-#endif
-#ifndef __NR_socket
-# define __NR_socket 0
-#endif
-#ifndef __NR_connect
-# define __NR_connect 0
-#endif
-#define DO_SOCKET(result, domain, type, protocol) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = domain; \
- socketargs[1] = type; \
- socketargs[2] = protocol; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
- } else \
- result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
- } while (0)
-#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = sockfd; \
- socketargs[1] = (unsigned long int)serv_addr; \
- socketargs[2] = addrlen; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
- } else \
- result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
- } while (0)
-
-#ifndef _PATH_LOG
-# define _PATH_LOG "/dev/log"
-#endif
-
-static const char path_log[] = _PATH_LOG;
-
-/* For building glibc with SSP switched on, define __progname to a
- * constant if building for the run-time loader, to avoid pulling
- * in more of libc.so into ld.so
- */
-#ifdef IS_IN_rtld
-static char *__progname = "<rtld>";
-#else
-extern char *__progname;
-#endif
-
-/* Common handler code, used by chk_fail
- * Inlined to ensure no self-references to the handler within itself.
- * Data static to avoid putting more than necessary on the stack,
- * to aid core debugging.
- */
-__attribute__ ((__noreturn__ , __always_inline__))
-static inline void
-__hardened_gentoo_chk_fail(char func[], int damaged)
-{
-#define MESSAGE_BUFSIZ 256
- static pid_t pid;
- static int plen, i;
- static char message[MESSAGE_BUFSIZ];
- static const char msg_ssa[] = ": buffer overflow attack";
- static const char msg_inf[] = " in function ";
- static const char msg_ssd[] = "*** buffer overflow detected ***: ";
- static const char msg_terminated[] = " - terminated\n";
- static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
- static const char msg_unknown[] = "<unknown>";
- static int log_socket, connect_result;
- static struct sockaddr_un sock;
- static unsigned long int socketargs[4];
-
- /* Build socket address
- */
- sock.sun_family = AF_UNIX;
- i = 0;
- while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
- sock.sun_path[i] = path_log[i];
- i++;
- }
- sock.sun_path[i] = '\0';
-
- /* Try SOCK_DGRAM connection to syslog */
- connect_result = -1;
- DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- if (connect_result == -1) {
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
- /* Try SOCK_STREAM connection to syslog */
- DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- }
-
- /* Build message. Messages are generated both in the old style and new style,
- * so that log watchers that are configured for the old-style message continue
- * to work.
- */
-#define strconcat(str) \
- {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
- {\
- message[plen+i]=str[i];\
- i++;\
- }\
- plen+=i;}
-
- /* R.Henderson post-gcc-4 style message */
- plen = 0;
- strconcat(msg_ssd);
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Dr. Etoh pre-gcc-4 style message */
- plen = 0;
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_ssa);
- strconcat(msg_inf);
- if (func != NULL)
- strconcat(func)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Direct reports to bugs.gentoo.org */
- plen=0;
- strconcat(msg_report);
- message[plen++]='\0';
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
-
- /* Suicide */
- pid = INLINE_SYSCALL(getpid, 0);
-
- if (ENABLE_SSP_SMASH_DUMPS_CORE) {
- static struct sigaction default_abort_act;
- /* Remove any user-supplied handler for SIGABRT, before using it */
- default_abort_act.sa_handler = SIG_DFL;
- default_abort_act.sa_sigaction = NULL;
- __sigfillset(&default_abort_act.sa_mask);
- default_abort_act.sa_flags = 0;
- if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
- INLINE_SYSCALL(kill, 2, pid, SIGABRT);
- }
-
- /* Note; actions cannot be added to SIGKILL */
- INLINE_SYSCALL(kill, 2, pid, SIGKILL);
-
- /* In case the kill didn't work, exit anyway
- * The loop prevents gcc thinking this routine returns
- */
- while (1)
- INLINE_SYSCALL(exit, 0);
-}
-
-__attribute__ ((__noreturn__))
-void __chk_fail(void)
-{
- __hardened_gentoo_chk_fail(NULL, 0);
-}
-
diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
deleted file mode 100644
index 9535c215789..00000000000
--- a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c
+++ /dev/null
@@ -1,322 +0,0 @@
-/* Copyright (C) 2005 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
-
-/* Copyright (C) 2006-2013 Gentoo Foundation Inc.
- * License terms as above.
- *
- * Hardened Gentoo SSP handler
- *
- * An SSP failure handler that does not use functions from the rest of
- * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
- * no possibility of recursion into the handler.
- *
- * Direct all bug reports to http://bugs.gentoo.org/
- *
- * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
- * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
- *
- * Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org>
- *
- * The following people contributed to the glibc-2.3 Hardened
- * Gentoo SSP handler, from which this implementation draws much:
- *
- * Ned Ludd - <solar[@]gentoo.org>
- * Alexander Gabert - <pappy[@]gentoo.org>
- * The PaX Team - <pageexec[@]freemail.hu>
- * Peter S. Mazinger - <ps.m[@]gmx.net>
- * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
- * Robert Connolly - <robert[@]linuxfromscratch.org>
- * Cory Visi <cory[@]visi.name>
- * Mike Frysinger <vapier[@]gentoo.org>
- */
-
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/types.h>
-
-#include <sysdep-cancel.h>
-#include <sys/syscall.h>
-
-#include <kernel-features.h>
-
-#include <alloca.h>
-/* from sysdeps */
-#include <socketcall.h>
-/* for the stuff in bits/socket.h */
-#include <sys/socket.h>
-#include <sys/un.h>
-
-
-/* Sanity check on SYSCALL macro names - force compilation
- * failure if the names used here do not exist
- */
-#if !defined __NR_socketcall && !defined __NR_socket
-# error Cannot do syscall socket or socketcall
-#endif
-#if !defined __NR_socketcall && !defined __NR_connect
-# error Cannot do syscall connect or socketcall
-#endif
-#ifndef __NR_write
-# error Cannot do syscall write
-#endif
-#ifndef __NR_close
-# error Cannot do syscall close
-#endif
-#ifndef __NR_getpid
-# error Cannot do syscall getpid
-#endif
-#ifndef __NR_kill
-# error Cannot do syscall kill
-#endif
-#ifndef __NR_exit
-# error Cannot do syscall exit
-#endif
-#ifdef SSP_SMASH_DUMPS_CORE
-# define ENABLE_SSP_SMASH_DUMPS_CORE 1
-# if !defined _KERNEL_NSIG && !defined _NSIG
-# error No _NSIG or _KERNEL_NSIG for rt_sigaction
-# endif
-# if !defined __NR_sigaction && !defined __NR_rt_sigaction
-# error Cannot do syscall sigaction or rt_sigaction
-# endif
-/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
- * of the _kernel_ sigset_t which is not the same as the user sigset_t.
- * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
- * some reason.
- */
-# ifdef _KERNEL_NSIG
-# define _SSP_NSIG _KERNEL_NSIG
-# else
-# define _SSP_NSIG _NSIG
-# endif
-#else
-# define _SSP_NSIG 0
-# define ENABLE_SSP_SMASH_DUMPS_CORE 0
-#endif
-
-/* Define DO_SIGACTION - default to newer rt signal interface but
- * fallback to old as needed.
- */
-#ifdef __NR_rt_sigaction
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
-#else
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
-#endif
-
-/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
-#if defined(__NR_socket) && defined(__NR_connect)
-# define USE_OLD_SOCKETCALL 0
-#else
-# define USE_OLD_SOCKETCALL 1
-#endif
-/* stub out the __NR_'s so we can let gcc optimize away dead code */
-#ifndef __NR_socketcall
-# define __NR_socketcall 0
-#endif
-#ifndef __NR_socket
-# define __NR_socket 0
-#endif
-#ifndef __NR_connect
-# define __NR_connect 0
-#endif
-#define DO_SOCKET(result, domain, type, protocol) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = domain; \
- socketargs[1] = type; \
- socketargs[2] = protocol; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
- } else \
- result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
- } while (0)
-#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = sockfd; \
- socketargs[1] = (unsigned long int)serv_addr; \
- socketargs[2] = addrlen; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
- } else \
- result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
- } while (0)
-
-#ifndef _PATH_LOG
-# define _PATH_LOG "/dev/log"
-#endif
-
-static const char path_log[] = _PATH_LOG;
-
-/* For building glibc with SSP switched on, define __progname to a
- * constant if building for the run-time loader, to avoid pulling
- * in more of libc.so into ld.so
- */
-#ifdef IS_IN_rtld
-static char *__progname = "<rtld>";
-#else
-extern char *__progname;
-#endif
-
-
-/* Common handler code, used by stack_chk_fail and __stack_smash_handler
- * Inlined to ensure no self-references to the handler within itself.
- * Data static to avoid putting more than necessary on the stack,
- * to aid core debugging.
- */
-__attribute__ ((__noreturn__ , __always_inline__))
-static inline void
-__hardened_gentoo_stack_chk_fail(char func[], int damaged)
-{
-#define MESSAGE_BUFSIZ 256
- static pid_t pid;
- static int plen, i;
- static char message[MESSAGE_BUFSIZ];
- static const char msg_ssa[] = ": stack smashing attack";
- static const char msg_inf[] = " in function ";
- static const char msg_ssd[] = "*** stack smashing detected ***: ";
- static const char msg_terminated[] = " - terminated\n";
- static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
- static const char msg_unknown[] = "<unknown>";
- static int log_socket, connect_result;
- static struct sockaddr_un sock;
- static unsigned long int socketargs[4];
-
- /* Build socket address
- */
- sock.sun_family = AF_UNIX;
- i = 0;
- while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
- sock.sun_path[i] = path_log[i];
- i++;
- }
- sock.sun_path[i] = '\0';
-
- /* Try SOCK_DGRAM connection to syslog */
- connect_result = -1;
- DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- if (connect_result == -1) {
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
- /* Try SOCK_STREAM connection to syslog */
- DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- }
-
- /* Build message. Messages are generated both in the old style and new style,
- * so that log watchers that are configured for the old-style message continue
- * to work.
- */
-#define strconcat(str) \
- {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
- {\
- message[plen+i]=str[i];\
- i++;\
- }\
- plen+=i;}
-
- /* R.Henderson post-gcc-4 style message */
- plen = 0;
- strconcat(msg_ssd);
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Dr. Etoh pre-gcc-4 style message */
- plen = 0;
- if (__progname != (char *)0)
- strconcat(__progname)
- else
- strconcat(msg_unknown);
- strconcat(msg_ssa);
- strconcat(msg_inf);
- if (func != NULL)
- strconcat(func)
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- /* Direct reports to bugs.gentoo.org */
- plen=0;
- strconcat(msg_report);
- message[plen++]='\0';
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
- if (connect_result != -1)
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
-
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
-
- /* Suicide */
- pid = INLINE_SYSCALL(getpid, 0);
-
- if (ENABLE_SSP_SMASH_DUMPS_CORE) {
- static struct sigaction default_abort_act;
- /* Remove any user-supplied handler for SIGABRT, before using it */
- default_abort_act.sa_handler = SIG_DFL;
- default_abort_act.sa_sigaction = NULL;
- __sigfillset(&default_abort_act.sa_mask);
- default_abort_act.sa_flags = 0;
- if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
- INLINE_SYSCALL(kill, 2, pid, SIGABRT);
- }
-
- /* Note; actions cannot be added to SIGKILL */
- INLINE_SYSCALL(kill, 2, pid, SIGKILL);
-
- /* In case the kill didn't work, exit anyway
- * The loop prevents gcc thinking this routine returns
- */
- while (1)
- INLINE_SYSCALL(exit, 0);
-}
-
-__attribute__ ((__noreturn__))
-void __stack_chk_fail(void)
-{
- __hardened_gentoo_stack_chk_fail(NULL, 0);
-}
-
-#ifdef ENABLE_OLD_SSP_COMPAT
-__attribute__ ((__noreturn__))
-void __stack_smash_handler(char func[], int damaged)
-{
- __hardened_gentoo_stack_chk_fail(func, damaged);
-}
-#endif
diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
deleted file mode 100644
index 8907ab2c6a3..00000000000
--- a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
+++ /dev/null
@@ -1,277 +0,0 @@
-When building glibc PIE (which is not something upstream support),
-several modifications are necessary to the glibc build process.
-
-First, any syscalls in PIEs must be of the PIC variant, otherwise
-textrels ensue. Then, any syscalls made before the initialisation
-of the TLS will fail on i386, as the sysenter variant on i386 uses
-the TLS, giving rise to a chicken-and-egg situation. This patch
-defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
-version is normally used, and uses the non-sysenter version for the brk
-syscall that is performed by the TLS initialisation. Further, the TLS
-initialisation is moved in this case prior to the initialisation of
-dl_osversion, as that requires further syscalls.
-
-csu/libc-start.c: Move initial TLS initialization to before the
-initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
-
-csu/libc-tls.c: Use the no-sysenter version of sbrk when
-INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
-version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-misc/brk.c: Define a no-sysenter version of brk if
-INTERNAL_SYSCALL_NOSYSENTER is defined.
-
-sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
-Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
-
-Patch by Kevin F. Quinn <kevquinn@gentoo.org>
-Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
-Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
-
---- csu/libc-start.c
-+++ csu/libc-start.c
-@@ -28,6 +28,7 @@
- extern int __libc_multiple_libcs;
-
- #include <tls.h>
-+#include <sysdep.h>
- #ifndef SHARED
- # include <dl-osinfo.h>
- extern void __pthread_initialize_minimal (void);
-@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char
- GL(dl_phnum) = __ehdr_start.e_phnum;
- }
- }
--
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ /* Do the initial TLS initialization before _dl_osversion,
-+ since the latter uses the uname syscall. */
-+ __pthread_initialize_minimal ();
-+# endif
- # ifdef DL_SYSDEP_OSCHECK
- if (!__libc_multiple_libcs)
- {
-@@ -138,10 +144,12 @@
- }
- # endif
-
-+# ifndef INTERNAL_SYSCALL_NOSYSENTER
- /* Initialize the thread library at least a bit since the libgcc
- functions are using thread functions if these are available and
- we need to setup errno. */
- __pthread_initialize_minimal ();
-+# endif
-
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
---- csu/libc-tls.c
-+++ csu/libc-tls.c
-@@ -22,14 +22,17 @@
- #include <unistd.h>
- #include <stdio.h>
- #include <sys/param.h>
--
-+#include <sysdep.h>
-
- #ifdef SHARED
- #error makefile bug, this file is for static only
- #endif
-
--dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+extern void *__sbrk_nosysenter (intptr_t __delta);
-+#endif
-
-+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
-
- static struct
- {
-@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t
-
- The initialized value of _dl_tls_static_size is provided by dl-open.c
- to request some surplus that permits dynamic loading of modules with
-- IE-model TLS. */
-+ IE-model TLS.
-+
-+ Where the normal sbrk would use a syscall that needs the TLS (i386)
-+ use the special non-sysenter version instead. */
- #if TLS_TCB_AT_TP
- tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
-+# else
- tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
-+#endif
- #elif TLS_DTV_AT_TP
- tcb_offset = roundup (tcbsize, align ?: 1);
-+# ifdef INTERNAL_SYSCALL_NOSYSENTER
-+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
-+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
-+# else
- tlsblock = __sbrk (tcb_offset + memsz + max_align
- + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
-+#endif
- tlsblock += TLS_PRE_TCB_SIZE;
- #else
- /* In case a model with a different layout for the TCB and DTV
---- misc/sbrk.c
-+++ misc/sbrk.c
-@@ -18,6 +18,7 @@
- #include <errno.h>
- #include <stdint.h>
- #include <unistd.h>
-+#include <sysdep.h>
-
- /* Defined in brk.c. */
- extern void *__curbrk;
-@@ -29,6 +30,35 @@
- /* Extend the process's data space by INCREMENT.
- If INCREMENT is negative, shrink data space by - INCREMENT.
- Return start of new space allocated, or -1 for errors. */
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ if the SYSENTER version requires the TLS (which it does on i386).
-+ Obviously using the TLS before it is initialised is broken. */
-+extern int __brk_nosysenter (void *addr);
-+void *
-+__sbrk_nosysenter (intptr_t increment)
-+{
-+ void *oldbrk;
-+
-+ /* If this is not part of the dynamic library or the library is used
-+ via dynamic loading in a statically linked program update
-+ __curbrk from the kernel's brk value. That way two separate
-+ instances of __brk and __sbrk can share the heap, returning
-+ interleaved pieces of it. */
-+ if (__curbrk == NULL || __libc_multiple_libcs)
-+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
-+ return (void *) -1;
-+
-+ if (increment == 0)
-+ return __curbrk;
-+
-+ oldbrk = __curbrk;
-+ if (__brk_nosysenter (oldbrk + increment) < 0)
-+ return (void *) -1;
-+
-+ return oldbrk;
-+}
-+#endif
- void *
- __sbrk (intptr_t increment)
- {
---- sysdeps/unix/sysv/linux/i386/brk.c
-+++ sysdeps/unix/sysv/linux/i386/brk.c
-@@ -31,6 +31,29 @@
- linker. */
- weak_alias (__curbrk, ___brk_addr)
-
-+#ifdef INTERNAL_SYSCALL_NOSYSENTER
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ * if the SYSENTER version requires the TLS (which it does on i386).
-+ * Obviously using the TLS before it is initialised is broken. */
-+int
-+__brk_nosysenter (void *addr)
-+{
-+ void * newbrk;
-+
-+ INTERNAL_SYSCALL_DECL (err);
-+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr);
-+
-+ __curbrk = newbrk;
-+
-+ if (newbrk < addr)
-+ {
-+ __set_errno (ENOMEM);
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+#endif
- int
- __brk (void *addr)
- {
---- sysdeps/unix/sysv/linux/i386/sysdep.h
-+++ sysdeps/unix/sysv/linux/i386/sysdep.h
-@@ -187,7 +187,7 @@
- /* The original calling convention for system calls on Linux/i386 is
- to use int $0x80. */
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# if defined SHARED || defined __PIC__
- # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
- # else
- # define ENTER_KERNEL call *_dl_sysinfo
-@@ -358,7 +358,7 @@
- possible to use more than four parameters. */
- #undef INTERNAL_SYSCALL
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# if defined SHARED || defined __PIC__
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
- register unsigned int resultvar; \
-@@ -384,6 +384,18 @@
- : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
- ASMFMT_##nr(args) : "memory", "cc"); \
- (int) resultvar; })
-+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
-+ ({ \
-+ register unsigned int resultvar; \
-+ EXTRAVAR_##nr \
-+ asm volatile ( \
-+ LOADARGS_NOSYSENTER_##nr \
-+ "movl %1, %%eax\n\t" \
-+ "int $0x80\n\t" \
-+ RESTOREARGS_NOSYSENTER_##nr \
-+ : "=a" (resultvar) \
-+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
-+ (int) resultvar; })
- # else
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
-@@ -447,12 +459,20 @@
-
- #define LOADARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
- # define LOADARGS_1 \
- "bpushl .L__X'%k3, %k3\n\t"
- # define LOADARGS_5 \
- "movl %%ebx, %4\n\t" \
- "movl %3, %%ebx\n\t"
-+# define LOADARGS_NOSYSENTER_1 \
-+ "bpushl .L__X'%k2, %k2\n\t"
-+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
-+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_5 \
-+ "movl %%ebx, %3\n\t" \
-+ "movl %2, %%ebx\n\t"
- # else
- # define LOADARGS_1 \
- "bpushl .L__X'%k2, %k2\n\t"
-@@ -474,11 +495,18 @@
-
- #define RESTOREARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k3, %k3\n\t"
- # define RESTOREARGS_5 \
- "movl %4, %%ebx"
-+# define RESTOREARGS_NOSYSENTER_1 \
-+ "bpopl .L__X'%k2, %k2\n\t"
-+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
-+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_5 \
-+ "movl %3, %%ebx"
- # else
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
deleted file mode 100644
index a8ab9d8a3e2..00000000000
--- a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
+++ /dev/null
@@ -1,299 +0,0 @@
-/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
- Copyright (C) 2006-2014 Gentoo Foundation Inc.
- This file is part of the GNU C Library.
-
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
-
-/* Hardened Gentoo SSP and FORTIFY handler
-
- A failure handler that does not use functions from the rest of glibc;
- it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
- possibility of recursion into the handler.
-
- Direct all bug reports to http://bugs.gentoo.org/
-
- People who have contributed significantly to the evolution of this file:
- Ned Ludd - <solar[@]gentoo.org>
- Alexander Gabert - <pappy[@]gentoo.org>
- The PaX Team - <pageexec[@]freemail.hu>
- Peter S. Mazinger - <ps.m[@]gmx.net>
- Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
- Robert Connolly - <robert[@]linuxfromscratch.org>
- Cory Visi <cory[@]visi.name>
- Mike Frysinger <vapier[@]gentoo.org>
- Magnus Granberg <zorry[@]gentoo.org>
- Kevin F. Quinn - <kevquinn[@]gentoo.org>
- */
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <signal.h>
-
-#include <sys/types.h>
-
-#include <sysdep-cancel.h>
-#include <sys/syscall.h>
-
-#include <kernel-features.h>
-
-#include <alloca.h>
-/* from sysdeps */
-#include <socketcall.h>
-/* for the stuff in bits/socket.h */
-#include <sys/socket.h>
-#include <sys/un.h>
-
-/* Sanity check on SYSCALL macro names - force compilation
- * failure if the names used here do not exist
- */
-#if !defined __NR_socketcall && !defined __NR_socket
-# error Cannot do syscall socket or socketcall
-#endif
-#if !defined __NR_socketcall && !defined __NR_connect
-# error Cannot do syscall connect or socketcall
-#endif
-#ifndef __NR_write
-# error Cannot do syscall write
-#endif
-#ifndef __NR_close
-# error Cannot do syscall close
-#endif
-#ifndef __NR_getpid
-# error Cannot do syscall getpid
-#endif
-#ifndef __NR_kill
-# error Cannot do syscall kill
-#endif
-#ifndef __NR_exit
-# error Cannot do syscall exit
-#endif
-#ifdef SSP_SMASH_DUMPS_CORE
-# define ENABLE_SSP_SMASH_DUMPS_CORE 1
-# if !defined _KERNEL_NSIG && !defined _NSIG
-# error No _NSIG or _KERNEL_NSIG for rt_sigaction
-# endif
-# if !defined __NR_sigaction && !defined __NR_rt_sigaction
-# error Cannot do syscall sigaction or rt_sigaction
-# endif
-/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
- * of the _kernel_ sigset_t which is not the same as the user sigset_t.
- * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
- * some reason.
- */
-# ifdef _KERNEL_NSIG
-# define _SSP_NSIG _KERNEL_NSIG
-# else
-# define _SSP_NSIG _NSIG
-# endif
-#else
-# define _SSP_NSIG 0
-# define ENABLE_SSP_SMASH_DUMPS_CORE 0
-#endif
-
-/* Define DO_SIGACTION - default to newer rt signal interface but
- * fallback to old as needed.
- */
-#ifdef __NR_rt_sigaction
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
-#else
-# define DO_SIGACTION(signum, act, oldact) \
- INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
-#endif
-
-/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
-#if defined(__NR_socket) && defined(__NR_connect)
-# define USE_OLD_SOCKETCALL 0
-#else
-# define USE_OLD_SOCKETCALL 1
-#endif
-
-/* stub out the __NR_'s so we can let gcc optimize away dead code */
-#ifndef __NR_socketcall
-# define __NR_socketcall 0
-#endif
-#ifndef __NR_socket
-# define __NR_socket 0
-#endif
-#ifndef __NR_connect
-# define __NR_connect 0
-#endif
-#define DO_SOCKET(result, domain, type, protocol) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = domain; \
- socketargs[1] = type; \
- socketargs[2] = protocol; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
- } else \
- result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
- } while (0)
-#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
- do { \
- if (USE_OLD_SOCKETCALL) { \
- socketargs[0] = sockfd; \
- socketargs[1] = (unsigned long int)serv_addr; \
- socketargs[2] = addrlen; \
- socketargs[3] = 0; \
- result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
- } else \
- result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
- } while (0)
-
-#ifndef _PATH_LOG
-# define _PATH_LOG "/dev/log"
-#endif
-
-static const char path_log[] = _PATH_LOG;
-
-/* For building glibc with SSP switched on, define __progname to a
- * constant if building for the run-time loader, to avoid pulling
- * in more of libc.so into ld.so
- */
-#ifdef IS_IN_rtld
-static const char *__progname = "<ldso>";
-#else
-extern const char *__progname;
-#endif
-
-#ifdef GENTOO_SSP_HANDLER
-# define ERROR_MSG "stack smashing"
-#else
-# define ERROR_MSG "buffer overflow"
-#endif
-
-/* Common handler code, used by chk_fail
- * Inlined to ensure no self-references to the handler within itself.
- * Data static to avoid putting more than necessary on the stack,
- * to aid core debugging.
- */
-__attribute__ ((__noreturn__, __always_inline__))
-static inline void
-__hardened_gentoo_fail(void)
-{
-#define MESSAGE_BUFSIZ 512
- static pid_t pid;
- static int plen, i, hlen;
- static char message[MESSAGE_BUFSIZ];
- /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
- static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
- static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
- static const char msg_terminated[] = " terminated; ";
- static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
- static const char msg_unknown[] = "<unknown>";
- static int log_socket, connect_result;
- static struct sockaddr_un sock;
- static unsigned long int socketargs[4];
-
- /* Build socket address */
- sock.sun_family = AF_UNIX;
- i = 0;
- while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
- sock.sun_path[i] = path_log[i];
- ++i;
- }
- sock.sun_path[i] = '\0';
-
- /* Try SOCK_DGRAM connection to syslog */
- connect_result = -1;
- DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- if (connect_result == -1) {
- if (log_socket != -1)
- INLINE_SYSCALL(close, 1, log_socket);
- /* Try SOCK_STREAM connection to syslog */
- DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
- if (log_socket != -1)
- DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
- }
-
- /* Build message. Messages are generated both in the old style and new style,
- * so that log watchers that are configured for the old-style message continue
- * to work.
- */
-#define strconcat(str) \
- ({ \
- i = 0; \
- while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
- message[plen + i] = str[i]; \
- ++i; \
- } \
- plen += i; \
- })
-
- /* Tersely log the failure */
- plen = 0;
- strconcat(msg_header);
- hlen = plen;
- strconcat(msg_ssd);
- if (__progname != NULL)
- strconcat(__progname);
- else
- strconcat(msg_unknown);
- strconcat(msg_terminated);
- strconcat(msg_report);
-
- /* Write out error message to STDERR, to syslog if open */
- INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
- if (connect_result != -1) {
- INLINE_SYSCALL(write, 3, log_socket, message, plen);
- INLINE_SYSCALL(close, 1, log_socket);
- }
-
- /* Time to kill self since we have no idea what is going on */
- pid = INLINE_SYSCALL(getpid, 0);
-
- if (ENABLE_SSP_SMASH_DUMPS_CORE) {
- /* Remove any user-supplied handler for SIGABRT, before using it. */
-#if 0
- /*
- * Note: Disabled because some programs catch & process their
- * own crashes. We've already enabled this code path which
- * means we want to let core dumps happen.
- */
- static struct sigaction default_abort_act;
- default_abort_act.sa_handler = SIG_DFL;
- default_abort_act.sa_sigaction = NULL;
- __sigfillset(&default_abort_act.sa_mask);
- default_abort_act.sa_flags = 0;
- if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
-#endif
- INLINE_SYSCALL(kill, 2, pid, SIGABRT);
- }
-
- /* SIGKILL is only signal which cannot be caught */
- INLINE_SYSCALL(kill, 2, pid, SIGKILL);
-
- /* In case the kill didn't work, exit anyway.
- * The loop prevents gcc thinking this routine returns.
- */
- while (1)
- INLINE_SYSCALL(exit, 1, 137);
-}
-
-__attribute__ ((__noreturn__))
-#ifdef GENTOO_SSP_HANDLER
-void __stack_chk_fail(void)
-#else
-void __chk_fail(void)
-#endif
-{
- __hardened_gentoo_fail();
-}
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
deleted file mode 100644
index 4a537bb52c5..00000000000
--- a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
+++ /dev/null
@@ -1,2 +0,0 @@
-#define GENTOO_SSP_HANDLER
-#include <debug/chk_fail.c>
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
deleted file mode 100644
index 35eabe94014..00000000000
--- a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
+++ /dev/null
@@ -1,306 +0,0 @@
-When building glibc PIE (which is not something upstream support),
-several modifications are necessary to the glibc build process.
-
-First, any syscalls in PIEs must be of the PIC variant, otherwise
-textrels ensue. Then, any syscalls made before the initialisation
-of the TLS will fail on i386, as the sysenter variant on i386 uses
-the TLS, giving rise to a chicken-and-egg situation. This patch
-defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
-version is normally used, and uses the non-sysenter version for the brk
-syscall that is performed by the TLS initialisation. Further, the TLS
-initialisation is moved in this case prior to the initialisation of
-dl_osversion, as that requires further syscalls.
-
-csu/libc-start.c: Move initial TLS initialization to before the
-initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
-
-csu/libc-tls.c: Use the no-sysenter version of sbrk when
-INTERNAL_SYSCALL_PRE_TLS is defined.
-
-misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
-version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
-
-misc/brk.c: Define a no-sysenter version of brk if
-INTERNAL_SYSCALL_PRE_TLS is defined.
-
-sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
-Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
-
-Patch by Kevin F. Quinn <kevquinn@gentoo.org>
-Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
-Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
-Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
-
---- a/csu/libc-start.c
-+++ b/csu/libc-start.c
-@@ -28,6 +28,7 @@
- extern int __libc_multiple_libcs;
-
- #include <tls.h>
-+#include <sysdep.h>
- #ifndef SHARED
- # include <dl-osinfo.h>
- extern void __pthread_initialize_minimal (void);
-@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
- }
- }
-
-+# ifdef INTERNAL_SYSCALL_PRE_TLS
-+ /* Do the initial TLS initialization before _dl_osversion,
-+ since the latter uses the uname syscall. */
-+ __pthread_initialize_minimal ();
-+# endif
- # ifdef DL_SYSDEP_OSCHECK
- if (!__libc_multiple_libcs)
- {
-@@ -138,10 +144,12 @@
- }
- # endif
-
-+# ifndef INTERNAL_SYSCALL_PRE_TLS
- /* Initialize the thread library at least a bit since the libgcc
- functions are using thread functions if these are available and
- we need to setup errno. */
- __pthread_initialize_minimal ();
-+# endif
-
- /* Set up the stack checker's canary. */
- uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
---- a/csu/libc-tls.c
-+++ b/csu/libc-tls.c
-@@ -22,12 +22,17 @@
- #include <unistd.h>
- #include <stdio.h>
- #include <sys/param.h>
-+#include <sysdep.h>
-
-
- #ifdef SHARED
- #error makefile bug, this file is for static only
- #endif
-
-+#ifdef INTERNAL_SYSCALL_PRE_TLS
-+extern void *__sbrk_nosysenter (intptr_t __delta);
-+#endif
-+
- dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
-
-
-@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
-
- The initialized value of _dl_tls_static_size is provided by dl-open.c
- to request some surplus that permits dynamic loading of modules with
-- IE-model TLS. */
-+ IE-model TLS.
-+
-+ Where the normal sbrk would use a syscall that needs the TLS (i386)
-+ use the special non-sysenter version instead. */
-+#ifdef INTERNAL_SYSCALL_PRE_TLS
-+# define __sbrk __sbrk_nosysenter
-+#endif
- #if TLS_TCB_AT_TP
- tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
- tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
- #elif TLS_DTV_AT_TP
- tcb_offset = roundup (tcbsize, align ?: 1);
- tlsblock = __sbrk (tcb_offset + memsz + max_align
- + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
- tlsblock += TLS_PRE_TCB_SIZE;
- #else
- /* In case a model with a different layout for the TCB and DTV
- is defined add another #elif here and in the following #ifs. */
- # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
- #endif
-+#ifdef INTERNAL_SYSCALL_PRE_TLS
-+# undef __sbrk
-+#endif
-
- /* Align the TLS block. */
- tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
---- a/misc/sbrk.c
-+++ b/misc/sbrk.c
-@@ -18,6 +18,7 @@
- #include <errno.h>
- #include <stdint.h>
- #include <unistd.h>
-+#include <sysdep.h>
-
- /* Defined in brk.c. */
- extern void *__curbrk;
-@@ -29,6 +30,35 @@
- /* Extend the process's data space by INCREMENT.
- If INCREMENT is negative, shrink data space by - INCREMENT.
- Return start of new space allocated, or -1 for errors. */
-+#ifdef INTERNAL_SYSCALL_PRE_TLS
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ if the SYSENTER version requires the TLS (which it does on i386).
-+ Obviously using the TLS before it is initialised is broken. */
-+extern int __brk_nosysenter (void *addr);
-+void *
-+__sbrk_nosysenter (intptr_t increment)
-+{
-+ void *oldbrk;
-+
-+ /* If this is not part of the dynamic library or the library is used via
-+ dynamic loading in a statically linked program update __curbrk from the
-+ kernel's brk value. That way two separate instances of __brk and __sbrk
-+ can share the heap, returning interleaved pieces of it. */
-+ if (__curbrk == NULL || __libc_multiple_libcs)
-+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
-+ return (void *) -1;
-+
-+ if (increment == 0)
-+ return __curbrk;
-+
-+ oldbrk = __curbrk;
-+ if (__brk_nosysenter (oldbrk + increment) < 0)
-+ return (void *) -1;
-+
-+ return oldbrk;
-+}
-+#endif
-+
- void *
- __sbrk (intptr_t increment)
- {
---- a/sysdeps/unix/sysv/linux/i386/brk.c
-+++ b/sysdeps/unix/sysv/linux/i386/brk.c
-@@ -31,6 +31,30 @@
- linker. */
- weak_alias (__curbrk, ___brk_addr)
-
-+#ifdef INTERNAL_SYSCALL_PRE_TLS
-+/* This version is used by csu/libc-tls.c whem initialising the TLS
-+ if the SYSENTER version requires the TLS (which it does on i386).
-+ Obviously using the TLS before it is initialised is broken. */
-+int
-+__brk_nosysenter (void *addr)
-+{
-+ void *newbrk;
-+
-+ INTERNAL_SYSCALL_DECL (err);
-+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
-+
-+ __curbrk = newbrk;
-+
-+ if (newbrk < addr)
-+ {
-+ __set_errno (ENOMEM);
-+ return -1;
-+ }
-+
-+ return 0;
-+}
-+#endif
-+
- int
- __brk (void *addr)
- {
---- a/sysdeps/unix/sysv/linux/i386/sysdep.h
-+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
-@@ -187,7 +187,7 @@
- /* The original calling convention for system calls on Linux/i386 is
- to use int $0x80. */
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# ifdef __PIC__
- # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
- # else
- # define ENTER_KERNEL call *_dl_sysinfo
-@@ -358,7 +358,7 @@
- possible to use more than four parameters. */
- #undef INTERNAL_SYSCALL
- #ifdef I386_USE_SYSENTER
--# ifdef SHARED
-+# ifdef __PIC__
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
- register unsigned int resultvar; \
-@@ -384,6 +384,18 @@
- : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
- ASMFMT_##nr(args) : "memory", "cc"); \
- (int) resultvar; })
-+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
-+ ({ \
-+ register unsigned int resultvar; \
-+ EXTRAVAR_##nr \
-+ asm volatile ( \
-+ LOADARGS_NOSYSENTER_##nr \
-+ "movl %1, %%eax\n\t" \
-+ "int $0x80\n\t" \
-+ RESTOREARGS_NOSYSENTER_##nr \
-+ : "=a" (resultvar) \
-+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
-+ (int) resultvar; })
- # else
- # define INTERNAL_SYSCALL(name, err, nr, args...) \
- ({ \
-@@ -447,12 +459,20 @@
-
- #define LOADARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && defined __PIC__
- # define LOADARGS_1 \
- "bpushl .L__X'%k3, %k3\n\t"
- # define LOADARGS_5 \
- "movl %%ebx, %4\n\t" \
- "movl %3, %%ebx\n\t"
-+# define LOADARGS_NOSYSENTER_1 \
-+ "bpushl .L__X'%k2, %k2\n\t"
-+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
-+# define LOADARGS_NOSYSENTER_3 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_4 LOADARGS_3
-+# define LOADARGS_NOSYSENTER_5 \
-+ "movl %%ebx, %3\n\t" \
-+ "movl %2, %%ebx\n\t"
- # else
- # define LOADARGS_1 \
- "bpushl .L__X'%k2, %k2\n\t"
-@@ -474,11 +494,18 @@
-
- #define RESTOREARGS_0
- #ifdef __PIC__
--# if defined I386_USE_SYSENTER && defined SHARED
-+# if defined I386_USE_SYSENTER && defined __PIC__
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k3, %k3\n\t"
- # define RESTOREARGS_5 \
- "movl %4, %%ebx"
-+# define RESTOREARGS_NOSYSENTER_1 \
-+ "bpopl .L__X'%k2, %k2\n\t"
-+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
-+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
-+# define RESTOREARGS_NOSYSENTER_5 \
-+ "movl %3, %%ebx"
- # else
- # define RESTOREARGS_1 \
- "bpopl .L__X'%k2, %k2\n\t"
---- a/sysdeps/i386/nptl/tls.h
-+++ b/sysdeps/i386/nptl/tls.h
-@@ -189,6 +189,15 @@
- desc->vals[3] = 0x51;
- }
-
-+/* We have no sysenter until the tls is initialized which is a
-+ problem for PIC. Thus we need to do the right call depending
-+ on the situation. */
-+#ifndef INTERNAL_SYSCALL_PRE_TLS
-+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
-+#else
-+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
-+#endif
-+
- /* Code to initially initialize the thread pointer. This might need
- special attention since 'errno' is not yet available and if the
- operation can cause a failure 'errno' must not be touched. */
-@@ -209,7 +218,7 @@
- \
- /* Install the TLS. */ \
- INTERNAL_SYSCALL_DECL (err); \
-- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
-+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
- \
- if (_result == 0) \
- /* We know the index in the GDT, now load the segment register. \
diff --git a/sys-libs/glibc/glibc-2.21-r2.ebuild b/sys-libs/glibc/glibc-2.21-r2.ebuild
deleted file mode 100644
index accbd33c95a..00000000000
--- a/sys-libs/glibc/glibc-2.21-r2.ebuild
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="4"
-
-inherit toolchain-glibc
-
-DESCRIPTION="GNU libc6 (also called glibc2) C library"
-HOMEPAGE="https://www.gnu.org/software/libc/libc.html"
-
-LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
-RESTRICT="strip" # strip ourself #46186
-EMULTILIB_PKG="true"
-
-# Configuration variables
-RELEASE_VER=""
-case ${PV} in
-9999*)
- EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
- inherit git-r3
- ;;
-*)
- RELEASE_VER=${PV}
- ;;
-esac
-GCC_BOOTSTRAP_VER="4.7.3-r1"
-PATCH_VER="7" # Gentoo patchset
-: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires
-
-IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla headers-only"
-
-# Here's how the cross-compile logic breaks down ...
-# CTARGET - machine that will target the binaries
-# CHOST - machine that will host the binaries
-# CBUILD - machine that will build the binaries
-# If CTARGET != CHOST, it means you want a libc for cross-compiling.
-# If CHOST != CBUILD, it means you want to cross-compile the libc.
-# CBUILD = CHOST = CTARGET - native build/install
-# CBUILD != (CHOST = CTARGET) - cross-compile a native build
-# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
-# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
-# For install paths:
-# CHOST = CTARGET - install into /
-# CHOST != CTARGET - install into /usr/CTARGET/
-
-export CBUILD=${CBUILD:-${CHOST}}
-export CTARGET=${CTARGET:-${CHOST}}
-if [[ ${CTARGET} == ${CHOST} ]] ; then
- if [[ ${CATEGORY} == cross-* ]] ; then
- export CTARGET=${CATEGORY#cross-}
- fi
-fi
-
-is_crosscompile() {
- [[ ${CHOST} != ${CTARGET} ]]
-}
-
-# Why SLOT 2.2 you ask yourself while sippin your tea ?
-# Everyone knows 2.2 > 0, duh.
-SLOT="2.2"
-
-# General: We need a new-enough binutils/gcc to match upstream baseline.
-# arch: we need to make sure our binutils/gcc supports TLS.
-DEPEND=">=app-misc/pax-utils-0.1.10
- !<sys-apps/sandbox-1.6
- !<sys-apps/portage-2.1.2
- selinux? ( sys-libs/libselinux )"
-RDEPEND="!sys-kernel/ps3-sources
- sys-apps/gentoo-functions
- selinux? ( sys-libs/libselinux )
- !sys-libs/nss-db"
-
-if [[ ${CATEGORY} == cross-* ]] ; then
- DEPEND+=" !headers-only? (
- >=${CATEGORY}/binutils-2.24
- >=${CATEGORY}/gcc-4.6
- )"
- [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
-else
- DEPEND+="
- >=sys-devel/binutils-2.24
- >=sys-devel/gcc-4.6
- virtual/os-headers"
- RDEPEND+=" vanilla? ( !sys-libs/timezone-data )"
- PDEPEND+=" !vanilla? ( sys-libs/timezone-data )"
-fi
-
-upstream_uris() {
- echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
-}
-gentoo_uris() {
- local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
- devspace=${devspace//HTTP/https://dev.gentoo.org/}
- echo mirror://gentoo/$1 ${devspace//URI/$1}
-}
-SRC_URI=$(
- [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
- [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
-)
-SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
-
-src_unpack() {
- [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
-
- toolchain-glibc_src_unpack
-}
-
-src_prepare() {
- toolchain-glibc_src_prepare
-
- cd "${S}"
-
- epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838
-
- if use hardened ; then
- einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
- tc-enables-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
- epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
-
- # We don't enable these for non-hardened as the output is very terse --
- # it only states that a crash happened. The default upstream behavior
- # includes backtraces and symbols.
- einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
- cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die
- cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die
-
- if use debug ; then
- # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested.
- sed -i \
- -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
- -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
- debug/Makefile || die
- fi
-
- # Build various bits with ssp-all
- sed -i \
- -e 's:-fstack-protector$:-fstack-protector-all:' \
- */Makefile || die
- fi
-
- case $(gcc-fullversion) in
- 4.8.[0-3]|4.9.0)
- eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile"
- eerror "glibc. See https://bugs.gentoo.org/547420 for details."
- die "need to switch compilers #547420"
- ;;
- esac
-}