diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-libs/glibc | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-libs/glibc')
45 files changed, 7015 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest new file mode 100644 index 000000000000..35e49e8221b2 --- /dev/null +++ b/sys-libs/glibc/Manifest @@ -0,0 +1,28 @@ +DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f +DIST glibc-2.13-patches-11.tar.bz2 114949 SHA256 7db753b6ba3f58b77a95d48cf9fd8c54d843ece9b8ecdc01fd9cc787552a6e54 SHA512 ee3f02f12958220b5d97d72dbac0352d97dd225f9538fb8d036ec469c572ec577fb2648bf39f155d823928a01ab37ed8a1540d309b25b8719130d4a9d36447d1 WHIRLPOOL c26acfa64262c130be786bac905775ac0a2b1037b73259d6d4f387d6bcd5c82452e3525e284010fa687a921a8882b17737b87e7f214af546940f41e55f4edf75 +DIST glibc-2.13.tar.bz2 15725729 SHA256 0173c92a0545e6d99a46a4fbed2da00ba26556f5c6198e2f9f1631ed5318dbb2 SHA512 7fdae9acdbe8cbfda008f107ffd1559c0163ff70730a5bc618f1f15b64096a813a3495e0b2d2be7b7206bef3ed9ca67a68fd2004c8275ffeffa38b70c80887e0 WHIRLPOOL cfaeb0831f177926610d2c89bd6bd20735107ac4738ee0485a2d2e14b13c986e68e64c8f9093b89f135c3d7eb94fc2230b9f3837f3841a8bc2bc886ff5415005 +DIST glibc-2.14.1-patches-10.tar.bz2 167926 SHA256 e93815f125a6d1cfbaa6aa920274ea55c12da0bb4719fafd4bc0bfad27322108 SHA512 520a8e5e63daf33f1ac2d475e2d880718a774dc9228fa1d61792eb17d39a5a3d92dafac7963c4eada71ad06e8d34aea34098e08533dbc6844e9649d84b8980ab WHIRLPOOL a0c246425bffb5ce84ac8e5f25614e2ccb90de668365fc1a3ddf187ab8ae954990d12a5924f83ffa56d563b6c70fa1dbb01263d0219c40279f4267301b83646c +DIST glibc-2.14.1.tar.bz2 15650580 SHA256 6e85a2fa3ebe6b28103361f09d27eeda37a021f24dab73f34064456d5a715b3b SHA512 c83c9d6dae0091b7b6d3c8fb2b9376e58d2574a8016ce1b4d6e870afca3b892e8da2482ddf95d07ae7407a7f4cc84c1f52cb2f975a18c734529ec019204f65b7 WHIRLPOOL 0aee8c43d851375dd18b3b0ec33aad74ab396936f347cbc9f91f182d84ec03d45425be44a7edbc3faa8159dcbf9cbc4a09fa8c70b3da495fff071469fe063959 +DIST glibc-2.15-patches-23.tar.bz2 118999 SHA256 11c38082635822eb7b12d538e3b9c38ee71f6a86be6cebb59f5f2c575be93830 SHA512 ff3792a0029ea24990fe2419579472bd02119ed6a2dab28e85089d232029be5f1c18c643bcb9d577dce78a7c682bb5eee1ed3644f086b5cf19230bcf37ce8a4b WHIRLPOOL 110ddb5989bf1b66a487c9ebae03a3e62ac22b7a28b4c70d142e1c56160bdd50b9f5fa6f4dc4a28cfb28d94281c582fcfc1f60df8ae2ef4e8a946b3b06d2b1b1 +DIST glibc-2.15.tar.xz 10280176 SHA256 321ec482abdc27b03244f7b345ee22dc431bc55daf9c000a4e7b040fbdbecb50 SHA512 fc8bc407cd9edfd79bd286d28c84e0b8224e1f57c1d318e73da098a9693257d78970178fd59f487f0321a079fcb772e8e78473fab52f091b2addb0a48fe8dcf7 WHIRLPOOL 061fc0c9915bd821dc31c2fea8e4f9a75b6c7ec0c935ea713d8c087408a8bf3c600179273438f3d9748fe40b946866b2f160e6da6fee4da51e549a30d0f0ebbc +DIST glibc-2.16.0-patches-12.tar.bz2 95047 SHA256 e8fd08ee1af5ba4c2999657ea7ec3a0669c10fcf36151874a22f9d8e20d535ed SHA512 f377043d51e7b1d9d74af2ae1d40543329b9d6d5e07f7f9d84b1db9773f61864dc1f52253a952b2618bfe170f9cae32fdf748919460605bafaea6bc0c1f1befe WHIRLPOOL 69fe1b2a9ca0f2521bb59089cfccb7393c3fdd335498ab397d17dcb441a8ea0c579a35e3f175025d2c348b72d08ce496a0ed6d577bc1e0b5a65eb5fcef88e04c +DIST glibc-2.16.0.tar.xz 9990512 SHA256 1edc36aa2a6cb7127971fce8e02eecffe9c7956297ad3ef10dd4c09f486d5924 SHA512 be9acc11b77ab3c01d5766fe626a6a51bc3192ac98f9554fbb5c37120cfc6f636c0b7a80beddc180f13b32ad06051d24c1999fa2e64eeb724d55a9498f0f634e WHIRLPOOL 9bfd4358a4488080e12e08deca5fca59c1555853d1c1978b7d1bb3b480eb8fb125dccab38c55644248ae5e18b0167aec85f8a7850bab9e11f980aae6f171eac3 +DIST glibc-2.17-patches-8.tar.bz2 83707 SHA256 477946a4915dcd0cc0565ff8532d219e2ee868f6e821ea71ce579652d01ccbb3 SHA512 6675357e62b554d9d0f8ef70341b8038f8f89591fba384bc3783ef81aead0532486e2218af71da9c6f88a3b8b382edec81bed36eb636ee231eac80e111acbfd8 WHIRLPOOL 946f431b28ec60cc61d44364187f64a2d6e92ed7c9071126cf70277843c656de4dfac9f184f572f9a72c0cb452d879cdb7aca5b9f92f8ff02a8b1a521fffef43 +DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23 +DIST glibc-2.18-patches-4.tar.bz2 95165 SHA256 89b458e22db60847b4ad869e3b5cf32868528b8d73205a692a6c0d07779dd083 SHA512 d881c9c5fe32b967694d4ca5185ff5ffc964449f2ed49fd062e5d57a3c6d9f16eef2f591d2d8e98a1a95a6487f3436ef031839ed8766fd085404b288340b7933 WHIRLPOOL 55f87d0efce1f84b45968f377e868c31102cb5228fe4ff1ffa132770f242f9f4f1843c28e4eb38ee7bed1321507ae12b7284a18199af63df1ecd070233d1076f +DIST glibc-2.18.tar.xz 11150148 SHA256 2cb4e1e381928f1e5e55e71ab1ba8e0ea7ede75ff9709770435bfd018ea257a3 SHA512 27218d2e7dd3bf3908d7af171c490933680e958c579ebd27b43b661e223fd5de2219cc1cf699170405280808c84de476d0ad86dbba35a488ef404e9438552327 WHIRLPOOL 89b877c7db602ffd4374c7fb84db17397b91f889a7de6259f79374cc3fcd00613114cbb93feb518ef25fb2e579fb03843df15d17235c1fe1b6a7e0e64aa8e8fa +DIST glibc-2.19-patches-1.tar.bz2 75062 SHA256 0f4a9be17a659be02079d4e3bbbe04d3cecbe6ab19b2106edb81a83b743b9b22 SHA512 c884235676ad0b7c77ec1db5bc2406b79cb4f9fb341770fe3871292acca10972f46716f9e4a192368d937b24b594229cc45c23607767071807e4df4f3ed7fca3 WHIRLPOOL 53e6181c061365c8b6b3d3b4b355993e6a7e7fb2b1ad80d5463a30edadaed6848eb2e5656090998c82ed75625eaf30e69a2750019f47358ff08c99ffc36ffd08 +DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3 +DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6 +DIST glibc-2.20-patches-1.tar.bz2 78477 SHA256 b3b1c4022503dc433cc4969534f27ee019ab695aed8b722e914d7fb864db5606 SHA512 56e954f11610fa4f9fffc68bdad98114bed7592f5a4f8bd81a0306ee99311db8cb4dd4469a6f2a5a60ff4a9e6d172e49971d389f1b2911df7a408571737c1ee1 WHIRLPOOL 02aeda854ca220ed3b4fe41510d918a8fc4fb9e95a3761a3884e2d2d3c0a515c82e835d7a74e41dc0a20c865de120b60ea4e561cd3f25534568981c8084dce00 +DIST glibc-2.20-patches-3.tar.bz2 30916 SHA256 c10cc881a1ee587dcaaff234c8e05dcc6a6e4d4bbafcae21e6267616a20bb354 SHA512 cbbfccdf0ba0ad7fb740a557a246b647c020dd841aabd256c34bb8c5f4aac2ee0ed50e5f15ac28a161e294a9a3803560317bcf934cc938daa58111d7373b1b66 WHIRLPOOL 2889809da097e148bae7769316f7a744880fce0c1cd74ef16e45e343c5aa02f549ff6f9e13ac114cb061b914d3517151ab803af5683864ed09ebc72326561e64 +DIST glibc-2.20-patches-5.tar.bz2 55986 SHA256 3d3eec9ac9b5d0530f9e05614f4646d64ff93a48865b42c156990bea69247cda SHA512 409f59a028127e02f0c9f91107715b540d8d234475830adc17108a02664be232098d119b43bcc8df9b328ab50c1fffb0868d510e6487ce1c34ec2c7c7a78375b WHIRLPOOL b3c41b01af5d8ae8e901ac48ae124e13ff1c76fbeb35315cb9630c648c03d7abbfb753294cbdfe1dc939bda260e24d8450ffb19cfe5c255b32f8c5500f2c43f3 +DIST glibc-2.20.tar.xz 12283992 SHA256 f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5 SHA512 7a8eea8b71d3ccba766c3f304cab61055446d451ef063309476b26dc40d880562dc33b1b68fbedeedb4b55b84c26415b9202311aaa71ef8c141b6849a814d2fa WHIRLPOOL 042f74d75c62a655ae35348c9cd0bed0845ab199e37a76635eb74c04ed927b5eca77723c38d2dc46f12fca62c1004001887b43946a914b079ad22f6a9cc8daaa +DIST glibc-2.21-patches-4.tar.bz2 32021 SHA256 2a77ab05ff0df464a0f2deb642d9ac9dc7b42d94b333e1db033ef2a33ba0a8e1 SHA512 39e128a550617d9b692e9ec12e77466767907e5066f78141af3089d06241282f06cf333fc9f7c932c5d5ecdd5020fdd79bfb33827332cce765cad2bcc06758cc WHIRLPOOL 98cc3324127c91c97e59f705a05b46abcd499c345eab873605d9fc3e456ec103ccb52f97b2aeaf59b4bfa5f47ed81cce32899aed3d7d46d201f3b6657c00c1dc +DIST glibc-2.21.tar.xz 12322092 SHA256 aeeb362437965a5d3f40b151094ca79def04a115bd363fdd4a9a0c69482923b8 SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d WHIRLPOOL d07fec32bd92eade065a3b6170932b8bd41d07df4aa69dd5a860ebb9678c22bd1e20bf88b1fc05c3ecc18e709c0a63118e12525dc668e0399d7ef7fe4454702d +DIST glibc-2.22-patches-2.tar.bz2 28416 SHA256 6b6107232d36cf1edd5e2691f9f5d9466313d51fee9a97b242ef5841473ad9df SHA512 a5b80c6be0e96354d94754ebf9439a48aa952ffdae0b97e76d780fc431bba2744e40a7e76435ef11c0797cb174f1faf86afcb320a62422a4775bc1ee20f34dbf WHIRLPOOL f09cfb8ecd42929e3e7d50da22cad29339398487a5f358f6a383e59025ba415f13b3321c05eddc3d202b554598ec8dd5b7c45df9dc82ba716b90461380dee816 +DIST glibc-2.22.tar.xz 12969072 SHA256 eb731406903befef1d8f878a46be75ef862b9056ab0cde1626d08a7a05328948 SHA512 a8719f3a4f8aa5fa81711116fdafbea5082c6dfd85bd8c4cdce60571910263ab422b35bb8b55a84d37ccb146442133ba60a84d453ca4a439c8ccd35419bd051b WHIRLPOOL f7e707b3776fc197a2e7bf5633721925507237b154bbc1f94b9fc303c87e6fc039ff0758da6ee55b4c1a0daaa87c6e594a6c96e7b00a7ba8ae98ee29918709a7 +DIST glibc-ports-2.13.tar.bz2 625945 SHA256 b11c4501ae929883447f409c31d65e82822b1c5693075a825a3d54612876ee5a SHA512 39ed578db363dab05e54d5272d3a8a0600493b91985c65a4d043b5a88d617ff46cca2d66d99ae69e92282d8f8a2357e79dcd5b0ae45b505497417d5137866ad6 WHIRLPOOL 766309e315f2f7edbe0b431691ea16f9917dd2f1c8d54b707e819b695f26dedac2d60c3a58499ee1b51a218b982e9930e49f79db096e166576c215a6ccac21e5 +DIST glibc-ports-2.14.1.tar.bz2 630641 SHA256 1c830afb6d4aa166edaa09ec539580377ecbb16ba655d0aad6f5cb5a9a269aa9 SHA512 4ed18be51e2dec4395bf89701b32e443ba02e4e6b26ee1a72684a1f84ef302d58ed8b58f99e4e0ba3f539da0ade668de5881bb2b86fcd065d741448d9c129bae WHIRLPOOL 463aac8660f7f8d9d6e4ee5728aef2948892a54dc250d0543ffb3c2fb636a816384d5984631ab4420b98a51254d62b4b0ad8381a8006ceb1f632de135155939d +DIST glibc-ports-2.15.tar.xz 421820 SHA256 fcc271fcc3a808bf0f3aa1d144bc39b8d0d5f730aed6e206b883961515f0d1b9 SHA512 fc3c80a9a7ede0f35054e5be043fff4b967e6ef6678f42e617dd1dd498920edb4e4c785cf8e3cd97fc2914a35a892e0fd7e1aab24f0c3c8d207765a131bf3744 WHIRLPOOL a8a617eacb326615265832f86a7ef39678364b5b65d5c16d58680ec0debfbca6780018b7da9c1a86bdfffcde58aa1258b96ea4bd50b114901b522e62d48ae4a5 +DIST glibc-ports-2.16.0.tar.xz 925916 SHA256 93a10ac3b9ab70ccc59dfe50a4747d48a7e92f9481656f8a37558a2767ac02f3 SHA512 8653ad9f5cf239a55eb2e236f9510ba227e910168efefd74df8e4951f2e1e4bca69598bc23daa6581e0ba94fe334ac625524fb22f0d38c2a07e373eda1db821b WHIRLPOOL 60b0cb559e28bcab9c6625ccd24a13ecfc301cc055d7e18d1324627912b528ca8cc7c2f999e1e979d2685e407879b1bfffdb61f1536d91fa143cffb7ded72a8a diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c new file mode 100644 index 000000000000..37711e8aacbf --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c @@ -0,0 +1,315 @@ +/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2008 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP and FORTIFY handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP and FORTIFY handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + * Magnus Granberg <zorry[@]ume.nu> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": buffer overflow attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __chk_fail(void) +{ + __hardened_gentoo_chk_fail(NULL, 0); +} + diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch new file mode 100644 index 000000000000..e75ccc788c89 --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu> + +--- configure.in ++++ configure.in +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..cb6d8e3c78ba --- /dev/null +++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch @@ -0,0 +1,274 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -129,6 +130,11 @@ + # endif + _dl_aux_init (auxvec); + # endif ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -23,6 +23,7 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED +@@ -29,6 +30,9 @@ + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + extern ElfW(Phdr) *_dl_phdr; + extern size_t _dl_phnum; + +@@ -141,14 +145,26 @@ + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++# endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *__unbounded newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, ++ __ptrvalue (addr)); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch new file mode 100644 index 000000000000..3315171d953f --- /dev/null +++ b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch @@ -0,0 +1,39 @@ +2010-08-11 Magnus Granberg <zorry@ume.nu> + + #332331 + * Makeconfig (+link): Set to +link-pie. + (+link-static): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch new file mode 100644 index 000000000000..a850a61a272a --- /dev/null +++ b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch @@ -0,0 +1,39 @@ +2012-11-11 Magnus Granberg <zorry@gentoo.org> + + #442712 + * Makeconfig (+link): Set to +link-pie. + (+link-static-before-libc): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prector) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch new file mode 100644 index 000000000000..da4fb82539cf --- /dev/null +++ b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch @@ -0,0 +1,42 @@ +2012-11-11 Magnus Granberg <zorry@gentoo.org> + + #442712 + * Makeconfig (+link): Set to +link-pie. + (+link-static-before-libc): Change $(static-start-installed-name) to + S$(static-start-installed-name). + (+prector): Set to +prectorS. + (+postctor): Set to +postctorS. + +--- libc/Makeconfig ++++ libc/Makeconfig +@@ -447,11 +447,12 @@ + $(common-objpfx)libc% $(+postinit),$^) \ + $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) + endif +++link = $(+link-pie) + # Command for statically linking programs with the C library. + ifndef +link-static + +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ + $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ +- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ ++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ + $(+preinit) $(+prectorT) \ + $(filter-out $(addprefix $(csu-objpfx),start.o \ + $(start-installed-name))\ +@@ -549,11 +550,10 @@ + ifeq ($(elf),yes) + +preinit = $(addprefix $(csu-objpfx),crti.o) + +postinit = $(addprefix $(csu-objpfx),crtn.o) +-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` +-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` +-# Variants of the two previous definitions for linking PIE programs. + +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` + +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` +++prector = $(+prectorS) +++postctor = $(+postctorS) + # Variants of the two previous definitions for statically linking programs. + +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` + +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` + +interp = $(addprefix $(elf-objpfx),interp.os) + endif + csu-objpfx = $(common-objpfx)csu/ diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c new file mode 100644 index 000000000000..c1934362f628 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c @@ -0,0 +1,314 @@ +/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2013 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP and FORTIFY handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP and FORTIFY handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + * Magnus Granberg <zorry[@]ume.nu> + */ + +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": buffer overflow attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** buffer overflow detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __chk_fail(void) +{ + __hardened_gentoo_chk_fail(NULL, 0); +} + diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..9535c2157895 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c @@ -0,0 +1,322 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2013 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * Fixed to support glibc-2.18 by Magnus Granberg - <zorry[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_stack_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": stack smashing attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __stack_chk_fail(void) +{ + __hardened_gentoo_stack_chk_fail(NULL, 0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +__attribute__ ((__noreturn__)) +void __stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func, damaged); +} +#endif diff --git a/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..8907ab2c6a34 --- /dev/null +++ b/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch @@ -0,0 +1,277 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_NOSYSENTER is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> + +--- csu/libc-start.c ++++ csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char + GL(dl_phnum) = __ehdr_start.e_phnum; + } + } +- ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_NOSYSENTER + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- csu/libc-tls.c ++++ csu/libc-tls.c +@@ -22,14 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> +- ++#include <sysdep.h> + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + +-dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif + ++dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + static struct + { +@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); ++# else + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); ++#endif + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); ++# ifdef INTERNAL_SYSCALL_NOSYSENTER ++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align ++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++# else + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); ++#endif + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV +--- misc/sbrk.c ++++ misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used ++ via dynamic loading in a statically linked program update ++ __curbrk from the kernel's brk value. That way two separate ++ instances of __brk and __sbrk can share the heap, returning ++ interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif + void * + __sbrk (intptr_t increment) + { +--- sysdeps/unix/sysv/linux/i386/brk.c ++++ sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,29 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_NOSYSENTER ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ * if the SYSENTER version requires the TLS (which it does on i386). ++ * Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void * newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif + int + __brk (void *addr) + { +--- sysdeps/unix/sysv/linux/i386/sysdep.h ++++ sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# if defined SHARED || defined __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +495,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch new file mode 100644 index 000000000000..341d8c5028e1 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu> + +--- configure.ac ++++ configure.ac +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c new file mode 100644 index 000000000000..a8ab9d8a3e29 --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c @@ -0,0 +1,299 @@ +/* Copyright (C) 2004-2014 Free Software Foundation, Inc. + Copyright (C) 2006-2014 Gentoo Foundation Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Hardened Gentoo SSP and FORTIFY handler + + A failure handler that does not use functions from the rest of glibc; + it uses the INTERNAL_SYSCALL methods directly. This helps ensure no + possibility of recursion into the handler. + + Direct all bug reports to http://bugs.gentoo.org/ + + People who have contributed significantly to the evolution of this file: + Ned Ludd - <solar[@]gentoo.org> + Alexander Gabert - <pappy[@]gentoo.org> + The PaX Team - <pageexec[@]freemail.hu> + Peter S. Mazinger - <ps.m[@]gmx.net> + Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + Robert Connolly - <robert[@]linuxfromscratch.org> + Cory Visi <cory[@]visi.name> + Mike Frysinger <vapier[@]gentoo.org> + Magnus Granberg <zorry[@]gentoo.org> + Kevin F. Quinn - <kevquinn[@]gentoo.org> + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif + +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static const char *__progname = "<ldso>"; +#else +extern const char *__progname; +#endif + +#ifdef GENTOO_SSP_HANDLER +# define ERROR_MSG "stack smashing" +#else +# define ERROR_MSG "buffer overflow" +#endif + +/* Common handler code, used by chk_fail + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__, __always_inline__)) +static inline void +__hardened_gentoo_fail(void) +{ +#define MESSAGE_BUFSIZ 512 + static pid_t pid; + static int plen, i, hlen; + static char message[MESSAGE_BUFSIZ]; + /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */ + static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: "; + static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: "; + static const char msg_terminated[] = " terminated; "; + static const char msg_report[] = "report to " REPORT_BUGS_TO "\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address */ + sock.sun_family = AF_UNIX; + i = 0; + while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) { + sock.sun_path[i] = path_log[i]; + ++i; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + ({ \ + i = 0; \ + while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \ + message[plen + i] = str[i]; \ + ++i; \ + } \ + plen += i; \ + }) + + /* Tersely log the failure */ + plen = 0; + strconcat(msg_header); + hlen = plen; + strconcat(msg_ssd); + if (__progname != NULL) + strconcat(__progname); + else + strconcat(msg_unknown); + strconcat(msg_terminated); + strconcat(msg_report); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen); + if (connect_result != -1) { + INLINE_SYSCALL(write, 3, log_socket, message, plen); + INLINE_SYSCALL(close, 1, log_socket); + } + + /* Time to kill self since we have no idea what is going on */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + /* Remove any user-supplied handler for SIGABRT, before using it. */ +#if 0 + /* + * Note: Disabled because some programs catch & process their + * own crashes. We've already enabled this code path which + * means we want to let core dumps happen. + */ + static struct sigaction default_abort_act; + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) +#endif + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* SIGKILL is only signal which cannot be caught */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway. + * The loop prevents gcc thinking this routine returns. + */ + while (1) + INLINE_SYSCALL(exit, 1, 137); +} + +__attribute__ ((__noreturn__)) +#ifdef GENTOO_SSP_HANDLER +void __stack_chk_fail(void) +#else +void __chk_fail(void) +#endif +{ + __hardened_gentoo_fail(); +} diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..4a537bb52c5f --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c @@ -0,0 +1,2 @@ +#define GENTOO_SSP_HANDLER +#include <debug/chk_fail.c> diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch new file mode 100644 index 000000000000..35eabe94014a --- /dev/null +++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch @@ -0,0 +1,306 @@ +When building glibc PIE (which is not something upstream support), +several modifications are necessary to the glibc build process. + +First, any syscalls in PIEs must be of the PIC variant, otherwise +textrels ensue. Then, any syscalls made before the initialisation +of the TLS will fail on i386, as the sysenter variant on i386 uses +the TLS, giving rise to a chicken-and-egg situation. This patch +defines a PIC syscall variant that doesn't use sysenter, even when the sysenter +version is normally used, and uses the non-sysenter version for the brk +syscall that is performed by the TLS initialisation. Further, the TLS +initialisation is moved in this case prior to the initialisation of +dl_osversion, as that requires further syscalls. + +csu/libc-start.c: Move initial TLS initialization to before the +initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined + +csu/libc-tls.c: Use the no-sysenter version of sbrk when +INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter +version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. + +misc/brk.c: Define a no-sysenter version of brk if +INTERNAL_SYSCALL_PRE_TLS is defined. + +sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS +Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. + +Patch by Kevin F. Quinn <kevquinn@gentoo.org> +Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> +Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org> +Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org> + +--- a/csu/libc-start.c ++++ b/csu/libc-start.c +@@ -28,6 +28,7 @@ + extern int __libc_multiple_libcs; + + #include <tls.h> ++#include <sysdep.h> + #ifndef SHARED + # include <dl-osinfo.h> + extern void __pthread_initialize_minimal (void); +@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char + } + } + ++# ifdef INTERNAL_SYSCALL_PRE_TLS ++ /* Do the initial TLS initialization before _dl_osversion, ++ since the latter uses the uname syscall. */ ++ __pthread_initialize_minimal (); ++# endif + # ifdef DL_SYSDEP_OSCHECK + if (!__libc_multiple_libcs) + { +@@ -138,10 +144,12 @@ + } + # endif + ++# ifndef INTERNAL_SYSCALL_PRE_TLS + /* Initialize the thread library at least a bit since the libgcc + functions are using thread functions if these are available and + we need to setup errno. */ + __pthread_initialize_minimal (); ++# endif + + /* Set up the stack checker's canary. */ + uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); +--- a/csu/libc-tls.c ++++ b/csu/libc-tls.c +@@ -22,12 +22,17 @@ + #include <unistd.h> + #include <stdio.h> + #include <sys/param.h> ++#include <sysdep.h> + + + #ifdef SHARED + #error makefile bug, this file is for static only + #endif + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++extern void *__sbrk_nosysenter (intptr_t __delta); ++#endif ++ + dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; + + +@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t + + The initialized value of _dl_tls_static_size is provided by dl-open.c + to request some surplus that permits dynamic loading of modules with +- IE-model TLS. */ ++ IE-model TLS. ++ ++ Where the normal sbrk would use a syscall that needs the TLS (i386) ++ use the special non-sysenter version instead. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# define __sbrk __sbrk_nosysenter ++#endif + #if TLS_TCB_AT_TP + tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); + tlsblock = __sbrk (tcb_offset + tcbsize + max_align); + #elif TLS_DTV_AT_TP + tcb_offset = roundup (tcbsize, align ?: 1); + tlsblock = __sbrk (tcb_offset + memsz + max_align + + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); + tlsblock += TLS_PRE_TCB_SIZE; + #else + /* In case a model with a different layout for the TCB and DTV + is defined add another #elif here and in the following #ifs. */ + # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" + #endif ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++# undef __sbrk ++#endif + + /* Align the TLS block. */ + tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) +--- a/misc/sbrk.c ++++ b/misc/sbrk.c +@@ -18,6 +18,7 @@ + #include <errno.h> + #include <stdint.h> + #include <unistd.h> ++#include <sysdep.h> + + /* Defined in brk.c. */ + extern void *__curbrk; +@@ -29,6 +30,35 @@ + /* Extend the process's data space by INCREMENT. + If INCREMENT is negative, shrink data space by - INCREMENT. + Return start of new space allocated, or -1 for errors. */ ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++extern int __brk_nosysenter (void *addr); ++void * ++__sbrk_nosysenter (intptr_t increment) ++{ ++ void *oldbrk; ++ ++ /* If this is not part of the dynamic library or the library is used via ++ dynamic loading in a statically linked program update __curbrk from the ++ kernel's brk value. That way two separate instances of __brk and __sbrk ++ can share the heap, returning interleaved pieces of it. */ ++ if (__curbrk == NULL || __libc_multiple_libcs) ++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ ++ return (void *) -1; ++ ++ if (increment == 0) ++ return __curbrk; ++ ++ oldbrk = __curbrk; ++ if (__brk_nosysenter (oldbrk + increment) < 0) ++ return (void *) -1; ++ ++ return oldbrk; ++} ++#endif ++ + void * + __sbrk (intptr_t increment) + { +--- a/sysdeps/unix/sysv/linux/i386/brk.c ++++ b/sysdeps/unix/sysv/linux/i386/brk.c +@@ -31,6 +31,30 @@ + linker. */ + weak_alias (__curbrk, ___brk_addr) + ++#ifdef INTERNAL_SYSCALL_PRE_TLS ++/* This version is used by csu/libc-tls.c whem initialising the TLS ++ if the SYSENTER version requires the TLS (which it does on i386). ++ Obviously using the TLS before it is initialised is broken. */ ++int ++__brk_nosysenter (void *addr) ++{ ++ void *newbrk; ++ ++ INTERNAL_SYSCALL_DECL (err); ++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); ++ ++ __curbrk = newbrk; ++ ++ if (newbrk < addr) ++ { ++ __set_errno (ENOMEM); ++ return -1; ++ } ++ ++ return 0; ++} ++#endif ++ + int + __brk (void *addr) + { +--- a/sysdeps/unix/sysv/linux/i386/sysdep.h ++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h +@@ -187,7 +187,7 @@ + /* The original calling convention for system calls on Linux/i386 is + to use int $0x80. */ + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET + # else + # define ENTER_KERNEL call *_dl_sysinfo +@@ -358,7 +358,7 @@ + possible to use more than four parameters. */ + #undef INTERNAL_SYSCALL + #ifdef I386_USE_SYSENTER +-# ifdef SHARED ++# ifdef __PIC__ + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ + register unsigned int resultvar; \ +@@ -384,6 +384,18 @@ + : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ + ASMFMT_##nr(args) : "memory", "cc"); \ + (int) resultvar; }) ++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ ++ ({ \ ++ register unsigned int resultvar; \ ++ EXTRAVAR_##nr \ ++ asm volatile ( \ ++ LOADARGS_NOSYSENTER_##nr \ ++ "movl %1, %%eax\n\t" \ ++ "int $0x80\n\t" \ ++ RESTOREARGS_NOSYSENTER_##nr \ ++ : "=a" (resultvar) \ ++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ ++ (int) resultvar; }) + # else + # define INTERNAL_SYSCALL(name, err, nr, args...) \ + ({ \ +@@ -447,12 +459,20 @@ + + #define LOADARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define LOADARGS_1 \ + "bpushl .L__X'%k3, %k3\n\t" + # define LOADARGS_5 \ + "movl %%ebx, %4\n\t" \ + "movl %3, %%ebx\n\t" ++# define LOADARGS_NOSYSENTER_1 \ ++ "bpushl .L__X'%k2, %k2\n\t" ++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 ++# define LOADARGS_NOSYSENTER_3 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_4 LOADARGS_3 ++# define LOADARGS_NOSYSENTER_5 \ ++ "movl %%ebx, %3\n\t" \ ++ "movl %2, %%ebx\n\t" + # else + # define LOADARGS_1 \ + "bpushl .L__X'%k2, %k2\n\t" +@@ -474,11 +494,18 @@ + + #define RESTOREARGS_0 + #ifdef __PIC__ +-# if defined I386_USE_SYSENTER && defined SHARED ++# if defined I386_USE_SYSENTER && defined __PIC__ + # define RESTOREARGS_1 \ + "bpopl .L__X'%k3, %k3\n\t" + # define RESTOREARGS_5 \ + "movl %4, %%ebx" ++# define RESTOREARGS_NOSYSENTER_1 \ ++ "bpopl .L__X'%k2, %k2\n\t" ++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 ++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 ++# define RESTOREARGS_NOSYSENTER_5 \ ++ "movl %3, %%ebx" + # else + # define RESTOREARGS_1 \ + "bpopl .L__X'%k2, %k2\n\t" +--- a/sysdeps/i386/nptl/tls.h ++++ b/sysdeps/i386/nptl/tls.h +@@ -189,6 +189,15 @@ + desc->vals[3] = 0x51; + } + ++/* We have no sysenter until the tls is initialized which is a ++ problem for PIC. Thus we need to do the right call depending ++ on the situation. */ ++#ifndef INTERNAL_SYSCALL_PRE_TLS ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL ++#else ++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS ++#endif ++ + /* Code to initially initialize the thread pointer. This might need + special attention since 'errno' is not yet available and if the + operation can cause a failure 'errno' must not be touched. */ +@@ -209,7 +218,7 @@ + \ + /* Install the TLS. */ \ + INTERNAL_SYSCALL_DECL (err); \ +- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ ++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ + \ + if (_result == 0) \ + /* We know the index in the GDT, now load the segment register. \ diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c new file mode 100644 index 000000000000..217bf1a90790 --- /dev/null +++ b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c @@ -0,0 +1,321 @@ +/* Copyright (C) 2005 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, write to the Free + Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA + 02111-1307 USA. */ + +/* Copyright (C) 2006-2007 Gentoo Foundation Inc. + * License terms as above. + * + * Hardened Gentoo SSP handler + * + * An SSP failure handler that does not use functions from the rest of + * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures + * no possibility of recursion into the handler. + * + * Direct all bug reports to http://bugs.gentoo.org/ + * + * Re-written from the glibc-2.3 Hardened Gentoo SSP handler + * by Kevin F. Quinn - <kevquinn[@]gentoo.org> + * + * The following people contributed to the glibc-2.3 Hardened + * Gentoo SSP handler, from which this implementation draws much: + * + * Ned Ludd - <solar[@]gentoo.org> + * Alexander Gabert - <pappy[@]gentoo.org> + * The PaX Team - <pageexec[@]freemail.hu> + * Peter S. Mazinger - <ps.m[@]gmx.net> + * Yoann Vandoorselaere - <yoann[@]prelude-ids.org> + * Robert Connolly - <robert[@]linuxfromscratch.org> + * Cory Visi <cory[@]visi.name> + * Mike Frysinger <vapier[@]gentoo.org> + */ + +#include <errno.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +#include <sys/types.h> + +#include <sysdep-cancel.h> +#include <sys/syscall.h> +#include <bp-checks.h> + +#include <kernel-features.h> + +#include <alloca.h> +/* from sysdeps */ +#include <socketcall.h> +/* for the stuff in bits/socket.h */ +#include <sys/socket.h> +#include <sys/un.h> + + +/* Sanity check on SYSCALL macro names - force compilation + * failure if the names used here do not exist + */ +#if !defined __NR_socketcall && !defined __NR_socket +# error Cannot do syscall socket or socketcall +#endif +#if !defined __NR_socketcall && !defined __NR_connect +# error Cannot do syscall connect or socketcall +#endif +#ifndef __NR_write +# error Cannot do syscall write +#endif +#ifndef __NR_close +# error Cannot do syscall close +#endif +#ifndef __NR_getpid +# error Cannot do syscall getpid +#endif +#ifndef __NR_kill +# error Cannot do syscall kill +#endif +#ifndef __NR_exit +# error Cannot do syscall exit +#endif +#ifdef SSP_SMASH_DUMPS_CORE +# define ENABLE_SSP_SMASH_DUMPS_CORE 1 +# if !defined _KERNEL_NSIG && !defined _NSIG +# error No _NSIG or _KERNEL_NSIG for rt_sigaction +# endif +# if !defined __NR_sigaction && !defined __NR_rt_sigaction +# error Cannot do syscall sigaction or rt_sigaction +# endif +/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size + * of the _kernel_ sigset_t which is not the same as the user sigset_t. + * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for + * some reason. + */ +# ifdef _KERNEL_NSIG +# define _SSP_NSIG _KERNEL_NSIG +# else +# define _SSP_NSIG _NSIG +# endif +#else +# define _SSP_NSIG 0 +# define ENABLE_SSP_SMASH_DUMPS_CORE 0 +#endif + +/* Define DO_SIGACTION - default to newer rt signal interface but + * fallback to old as needed. + */ +#ifdef __NR_rt_sigaction +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) +#else +# define DO_SIGACTION(signum, act, oldact) \ + INLINE_SYSCALL(sigaction, 3, signum, act, oldact) +#endif + +/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ +#if defined(__NR_socket) && defined(__NR_connect) +# define USE_OLD_SOCKETCALL 0 +#else +# define USE_OLD_SOCKETCALL 1 +#endif +/* stub out the __NR_'s so we can let gcc optimize away dead code */ +#ifndef __NR_socketcall +# define __NR_socketcall 0 +#endif +#ifndef __NR_socket +# define __NR_socket 0 +#endif +#ifndef __NR_connect +# define __NR_connect 0 +#endif +#define DO_SOCKET(result, domain, type, protocol) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = domain; \ + socketargs[1] = type; \ + socketargs[2] = protocol; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ + } else \ + result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ + } while (0) +#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ + do { \ + if (USE_OLD_SOCKETCALL) { \ + socketargs[0] = sockfd; \ + socketargs[1] = (unsigned long int)serv_addr; \ + socketargs[2] = addrlen; \ + socketargs[3] = 0; \ + result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ + } else \ + result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ + } while (0) + +#ifndef _PATH_LOG +# define _PATH_LOG "/dev/log" +#endif + +static const char path_log[] = _PATH_LOG; + +/* For building glibc with SSP switched on, define __progname to a + * constant if building for the run-time loader, to avoid pulling + * in more of libc.so into ld.so + */ +#ifdef IS_IN_rtld +static char *__progname = "<rtld>"; +#else +extern char *__progname; +#endif + + +/* Common handler code, used by stack_chk_fail and __stack_smash_handler + * Inlined to ensure no self-references to the handler within itself. + * Data static to avoid putting more than necessary on the stack, + * to aid core debugging. + */ +__attribute__ ((__noreturn__ , __always_inline__)) +static inline void +__hardened_gentoo_stack_chk_fail(char func[], int damaged) +{ +#define MESSAGE_BUFSIZ 256 + static pid_t pid; + static int plen, i; + static char message[MESSAGE_BUFSIZ]; + static const char msg_ssa[] = ": stack smashing attack"; + static const char msg_inf[] = " in function "; + static const char msg_ssd[] = "*** stack smashing detected ***: "; + static const char msg_terminated[] = " - terminated\n"; + static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; + static const char msg_unknown[] = "<unknown>"; + static int log_socket, connect_result; + static struct sockaddr_un sock; + static unsigned long int socketargs[4]; + + /* Build socket address + */ + sock.sun_family = AF_UNIX; + i = 0; + while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { + sock.sun_path[i] = path_log[i]; + i++; + } + sock.sun_path[i] = '\0'; + + /* Try SOCK_DGRAM connection to syslog */ + connect_result = -1; + DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + if (connect_result == -1) { + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + /* Try SOCK_STREAM connection to syslog */ + DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); + if (log_socket != -1) + DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); + } + + /* Build message. Messages are generated both in the old style and new style, + * so that log watchers that are configured for the old-style message continue + * to work. + */ +#define strconcat(str) \ + {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ + {\ + message[plen+i]=str[i];\ + i++;\ + }\ + plen+=i;} + + /* R.Henderson post-gcc-4 style message */ + plen = 0; + strconcat(msg_ssd); + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Dr. Etoh pre-gcc-4 style message */ + plen = 0; + if (__progname != (char *)0) + strconcat(__progname) + else + strconcat(msg_unknown); + strconcat(msg_ssa); + strconcat(msg_inf); + if (func != NULL) + strconcat(func) + else + strconcat(msg_unknown); + strconcat(msg_terminated); + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + /* Direct reports to bugs.gentoo.org */ + plen=0; + strconcat(msg_report); + message[plen++]='\0'; + + /* Write out error message to STDERR, to syslog if open */ + INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); + if (connect_result != -1) + INLINE_SYSCALL(write, 3, log_socket, message, plen); + + if (log_socket != -1) + INLINE_SYSCALL(close, 1, log_socket); + + /* Suicide */ + pid = INLINE_SYSCALL(getpid, 0); + + if (ENABLE_SSP_SMASH_DUMPS_CORE) { + static struct sigaction default_abort_act; + /* Remove any user-supplied handler for SIGABRT, before using it */ + default_abort_act.sa_handler = SIG_DFL; + default_abort_act.sa_sigaction = NULL; + __sigfillset(&default_abort_act.sa_mask); + default_abort_act.sa_flags = 0; + if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) + INLINE_SYSCALL(kill, 2, pid, SIGABRT); + } + + /* Note; actions cannot be added to SIGKILL */ + INLINE_SYSCALL(kill, 2, pid, SIGKILL); + + /* In case the kill didn't work, exit anyway + * The loop prevents gcc thinking this routine returns + */ + while (1) + INLINE_SYSCALL(exit, 0); +} + +__attribute__ ((__noreturn__)) +void __stack_chk_fail(void) +{ + __hardened_gentoo_stack_chk_fail(NULL, 0); +} + +#ifdef ENABLE_OLD_SSP_COMPAT +__attribute__ ((__noreturn__)) +void __stack_smash_handler(char func[], int damaged) +{ + __hardened_gentoo_stack_chk_fail(func, damaged); +} +#endif diff --git a/sys-libs/glibc/files/eblits/common.eblit b/sys-libs/glibc/files/eblits/common.eblit new file mode 100644 index 000000000000..51ba4a923997 --- /dev/null +++ b/sys-libs/glibc/files/eblits/common.eblit @@ -0,0 +1,360 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +alt_prefix() { + is_crosscompile && echo /usr/${CTARGET} +} + +if [[ ${EAPI:-0} == [012] ]] ; then + : ${ED:=${D}} + : ${EROOT:=${ROOT}} +fi +# This indirection is for binpkgs. #523332 +_nonfatal() { nonfatal "$@" ; } +if [[ ${EAPI:-0} == [0123] ]] ; then + nonfatal() { "$@" ; } + _nonfatal() { "$@" ; } +fi + +# We need to be able to set alternative headers for +# compiling for non-native platform +# Will also become useful for testing kernel-headers without screwing up +# the whole system. +# note: intentionally undocumented. +alt_headers() { + echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} +} +alt_build_headers() { + if [[ -z ${ALT_BUILD_HEADERS} ]] ; then + ALT_BUILD_HEADERS=$(alt_headers) + if tc-is-cross-compiler ; then + ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers) + if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then + local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h') + ALT_BUILD_HEADERS=${header_path%/linux/version.h} + fi + fi + fi + echo "${ALT_BUILD_HEADERS}" +} + +alt_libdir() { + echo $(alt_prefix)/$(get_libdir) +} +alt_usrlibdir() { + echo $(alt_prefix)/usr/$(get_libdir) +} + +builddir() { + echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1" +} + +setup_target_flags() { + # This largely mucks with compiler flags. None of which should matter + # when building up just the headers. + just_headers && return 0 + + case $(tc-arch) in + x86) + # -march needed for #185404 #199334 + # TODO: When creating the first glibc cross-compile, this test will + # always fail as it does a full link which in turn requires glibc. + # Probably also applies when changing multilib profile settings (e.g. + # enabling x86 when the profile was amd64-only previously). + # We could change main to _start and pass -nostdlib here so that we + # only test the gcc code compilation. Or we could do a compile and + # then look for the symbol via scanelf. + if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then + local t=${CTARGET_OPT:-${CTARGET}} + t=${t%%-*} + filter-flags '-march=*' + export CFLAGS="-march=${t} ${CFLAGS}" + einfo "Auto adding -march=${t} to CFLAGS #185404" + fi + ;; + amd64) + # -march needed for #185404 #199334 + # Note: This test only matters when the x86 ABI is enabled, so we could + # optimize a bit and elide it. + # TODO: See cross-compile issues listed above for x86. + if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then + local t=${CTARGET_OPT:-${CTARGET}} + t=${t%%-*} + # Normally the target is x86_64-xxx, so turn that into the -march that + # gcc actually accepts. #528708 + [[ ${t} == "x86_64" ]] && t="x86-64" + filter-flags '-march=*' + # ugly, ugly, ugly. ugly. + CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") + export CFLAGS_x86="${CFLAGS_x86} -march=${t}" + einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" + fi + ;; + mips) + # The mips abi cannot support the GNU style hashes. #233233 + filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both + ;; + ppc) + append-flags "-freorder-blocks" + ;; + sparc) + # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though. + filter-flags "-fcall-used-g7" + append-flags "-fcall-used-g6" + filter-flags "-mvis" + + GLIBCMAJOR=$(get_version_component_range 1 ${PV}) + GLIBCMINOR=$(get_version_component_range 2 ${PV}) + + # set CTARGET_OPT so glibc can use cpu-specific .S files for better performance + # - UltraSPARC T1 (niagara) support requires >= glibc 2.8 + # - UltraSPARC T2 (niagara2) support requires >= glibc 2.7 + + if is_crosscompile || [[ ${PROFILE_ARCH} == "sparc64" ]] || { has_multilib_profile && ! tc-is-cross-compiler; } ; then + case ${ABI}:${CTARGET} in + sparc64:*|\ + default:sparc64*) + filter-flags -Wa,-xarch -Wa,-A + + if is-flagq "-mcpu=niagara2" && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.7 ]] ; then + CTARGET_OPT="sparc64v2-unknown-linux-gnu" + append-flags "-Wa,-xarch=v9b" + export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9b" + elif { is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2" ; } && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.6 ]] ; then + CTARGET_OPT="sparc64v-unknown-linux-gnu" + append-flags "-Wa,-xarch=v9b" + export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9b" + elif is-flagq "-mcpu=ultrasparc3" || is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2"; then + CTARGET_OPT="sparc64b-unknown-linux-gnu" + append-flags "-Wa,-xarch=v9b" + export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9b" + else + CTARGET_OPT="sparc64-unknown-linux-gnu" + append-flags "-Wa,-xarch=v9a" + export ASFLAGS="${ASFLAGS} -Wa,-xarch=v9a" + fi + ;; + *) + if is-flagq "-mcpu=niagara2" && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.7 ]] ; then + CTARGET_OPT="sparcv9v2-unknown-linux-gnu" + elif { is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2" ; } && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.6 ]] ; then + CTARGET_OPT="sparcv9v-unknown-linux-gnu" + elif is-flagq "-mcpu=ultrasparc3" || is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2"; then + CTARGET_OPT="sparcv9b-unknown-linux-gnu" + else + CTARGET_OPT="sparcv9-unknown-linux-gnu" + fi + ;; + esac + else + if is-flagq "-mcpu=niagara2" && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.7 ]] ; then + CTARGET_OPT="sparcv9v2-unknown-linux-gnu" + elif { is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2" ; } && [[ ${GLIBCMAJOR}.${GLIBCMINOR} > 2.6 ]] ; then + CTARGET_OPT="sparcv9v-unknown-linux-gnu" + elif is-flagq "-mcpu=ultrasparc3" || is-flagq "-mcpu=niagara" || is-flagq "-mcpu=niagara2"; then + CTARGET_OPT="sparcv9b-unknown-linux-gnu" + elif { is_crosscompile && want_nptl; } || is-flagq "-mcpu=ultrasparc2" || is-flagq "-mcpu=ultrasparc"; then + CTARGET_OPT="sparcv9-unknown-linux-gnu" + fi + fi + ;; + esac +} + +setup_flags() { + # Make sure host make.conf doesn't pollute us + if is_crosscompile || tc-is-cross-compiler ; then + CHOST=${CTARGET} strip-unsupported-flags + fi + + # Store our CFLAGS because it's changed depending on which CTARGET + # we are building when pulling glibc on a multilib profile + CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}} + CFLAGS=${CFLAGS_BASE} + CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}} + CXXFLAGS=${CXXFLAGS_BASE} + ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}} + ASFLAGS=${ASFLAGS_BASE} + + # Over-zealous CFLAGS can often cause problems. What may work for one + # person may not work for another. To avoid a large influx of bugs + # relating to failed builds, we strip most CFLAGS out to ensure as few + # problems as possible. + strip-flags + strip-unsupported-flags + filter-flags -m32 -m64 -mabi=* + + # Bug 492892. + filter-flags -frecord-gcc-switches + + unset CBUILD_OPT CTARGET_OPT + if use multilib ; then + CTARGET_OPT=$(get_abi_CTARGET) + [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST) + fi + + setup_target_flags + + if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then + CBUILD_OPT=${CTARGET_OPT} + fi + + # Lock glibc at -O2 -- linuxthreads needs it and we want to be + # conservative here. -fno-strict-aliasing is to work around #155906 + filter-flags -O? + append-flags -O2 -fno-strict-aliasing + + # Can't build glibc itself with fortify code. Newer versions add + # this flag for us, so no need to do it manually. + version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE + + # building glibc with SSP is fraught with difficulty, especially + # due to __stack_chk_fail_local which would mean significant changes + # to the glibc build process. See bug #94325 #293721 + # Note we have to handle both user-given CFLAGS and gcc defaults via + # spec rules here. We can't simply add -fno-stack-protector as it gets + # added before user flags, and we can't just filter-flags because + # _filter_hardened doesn't support globs. + filter-flags -fstack-protector* + gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) + + if use hardened && gcc-specs-pie ; then + # Force PIC macro definition for all compilations since they're all + # either -fPIC or -fPIE with the default-PIE compiler. + append-cppflags -DPIC + else + # Don't build -fPIE without the default-PIE compiler and the + # hardened-pie patch + filter-flags -fPIE + fi +} + +want_nptl() { + [[ -z ${LT_VER} ]] && return 0 + want_tls || return 1 + use nptl || return 1 + + # Older versions of glibc had incomplete arch support for nptl. + # But if you're building those now, you can handle USE=nptl yourself. + return 0 +} + +want_linuxthreads() { + [[ -z ${LT_VER} ]] && return 1 + use linuxthreads +} + +want_tls() { + # Archs that can use TLS (Thread Local Storage) + case $(tc-arch) in + x86) + # requires i486 or better #106556 + [[ ${CTARGET} == i[4567]86* ]] && return 0 + return 1 + ;; + esac + + return 0 +} + +want__thread() { + want_tls || return 1 + + # For some reason --with-tls --with__thread is causing segfaults on sparc32. + [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 + + [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} + + # only test gcc -- cant test linking yet + tc-has-tls -c ${CTARGET} + WANT__THREAD=$? + + return ${WANT__THREAD} +} + +use_multiarch() { + # Make sure binutils is new enough to support indirect functions #336792 + # This funky sed supports gold and bfd linkers. + local bver nver + bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}') + case $(tc-arch ${CTARGET}) in + amd64|x86) nver="2.20" ;; + arm) nver="2.22" ;; + hppa) nver="2.23" ;; + ppc|ppc64) nver="2.20" ;; + # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24. + s390) nver="2.24" ;; + sparc) nver="2.21" ;; + *) return 1 ;; + esac + version_is_at_least ${nver} ${bver} +} + +# Setup toolchain variables that had historically +# been defined in the profiles for these archs. +setup_env() { + # silly users + unset LD_RUN_PATH + unset LD_ASSUME_KERNEL + + multilib_env ${CTARGET_OPT:-${CTARGET}} + if is_crosscompile || tc-is-cross-compiler ; then + if ! use multilib ; then + MULTILIB_ABIS=${DEFAULT_ABI} + else + MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}} + fi + + # If the user has CFLAGS_<CTARGET> in their make.conf, use that, + # and fall back on CFLAGS. + local VAR=CFLAGS_${CTARGET//[-.]/_} + CFLAGS=${!VAR-${CFLAGS}} + fi + + setup_flags + + export ABI=${ABI:-${DEFAULT_ABI:-default}} + + local VAR=CFLAGS_${ABI} + # We need to export CFLAGS with abi information in them because glibc's + # configure script checks CFLAGS for some targets (like mips). Keep + # around the original clean value to avoid appending multiple ABIs on + # top of each other. + : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})} + export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" +} + +foreach_abi() { + setup_env + + local ret=0 + local abilist="" + if use multilib ; then + abilist=$(get_install_abis) + else + abilist=${DEFAULT_ABI} + fi + evar_push ABI + export ABI + for ABI in ${abilist:-default} ; do + setup_env + einfo "Running $1 for ABI ${ABI}" + $1 + : $(( ret |= $? )) + done + evar_pop + return ${ret} +} + +just_headers() { + is_crosscompile && use crosscompile_opts_headers-only +} + +glibc_banner() { + local b="Gentoo ${PVR}" + [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}" + [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}" + [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}" + echo "${b}" +} diff --git a/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sys-libs/glibc/files/eblits/pkg_postinst.eblit new file mode 100644 index 000000000000..074cf3a0b91b --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_postinst.eblit @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +eblit-glibc-pkg_postinst() { + # nothing to do if just installing headers + just_headers && return + + if ! tc-is-cross-compiler && [[ -x ${ROOT}/usr/sbin/iconvconfig ]] ; then + # Generate fastloading iconv module configuration file. + "${ROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" + fi + + if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then + # Reload init ... if in a chroot or a diff init package, ignore + # errors from this step #253697 + /sbin/telinit U 2>/dev/null + + # if the host locales.gen contains no entries, we'll install everything + local locale_list="${ROOT}etc/locale.gen" + if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then + ewarn "Generating all locales; edit /etc/locale.gen to save time/space" + locale_list="${ROOT}usr/share/i18n/SUPPORTED" + fi + locale-gen -j $(makeopts_jobs) --config "${locale_list}" + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sys-libs/glibc/files/eblits/pkg_preinst.eblit new file mode 100644 index 000000000000..9160aaf8b78d --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_preinst.eblit @@ -0,0 +1,60 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Simple test to make sure our new glibc isnt completely broken. +# Make sure we don't test with statically built binaries since +# they will fail. Also, skip if this glibc is a cross compiler. +# +# If coreutils is built with USE=multicall, some of these files +# will just be wrapper scripts, not actual ELFs we can test. +glibc_sanity_check() { + cd / #228809 + + # We enter ${D} so to avoid trouble if the path contains + # special characters; for instance if the path contains the + # colon character (:), then the linker will try to split it + # and look for the libraries in an unexpected place. This can + # lead to unsafe code execution if the generated prefix is + # within a world-writable directory. + # (e.g. /var/tmp/portage:${HOSTNAME}) + pushd "${ED}"/$(get_libdir) >/dev/null + + local x striptest + for x in cal date env free ls true uname uptime ; do + x=$(type -p ${x}) + [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue + striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue + case ${striptest} in + *"statically linked"*) continue;; + *"ASCII text"*) continue;; + esac + ./ld-*.so --library-path . ${x} > /dev/null \ + || die "simple run test (${x}) failed" + done + + popd >/dev/null +} + +eblit-glibc-pkg_preinst() { + # nothing to do if just installing headers + just_headers && return + + # prepare /etc/ld.so.conf.d/ for files + mkdir -p "${EROOT}"/etc/ld.so.conf.d + + # Default /etc/hosts.conf:multi to on for systems with small dbs. + if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then + sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf + elog "Defaulting /etc/host.conf:multi to on" + fi + + [[ ${ROOT} != "/" ]] && return 0 + [[ -d ${D}/$(get_libdir) ]] || return 0 + glibc_sanity_check + + # For newer EAPIs, this was run in pkg_pretend. + if [[ ${EAPI:-0} == [0123] ]] ; then + check_devpts + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sys-libs/glibc/files/eblits/pkg_pretend.eblit new file mode 100644 index 000000000000..c900ccc62f8b --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_pretend.eblit @@ -0,0 +1,157 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +glibc_compile_test() { + local ret save_cflags=${CFLAGS} + CFLAGS+=" $1" + shift + + pushd "${T}" >/dev/null + + rm -f glibc-test* + printf '%b' "$*" > glibc-test.c + + _nonfatal emake -s glibc-test + ret=$? + + popd >/dev/null + + CFLAGS=${save_cflags} + return ${ret} +} + +glibc_run_test() { + local ret + + if [[ ${EMERGE_FROM} == "binary" ]] ; then + # ignore build failures when installing a binary package #324685 + glibc_compile_test "" "$@" 2>/dev/null || return 0 + else + if ! glibc_compile_test "" "$@" ; then + ewarn "Simple build failed ... assuming this is desired #324685" + return 0 + fi + fi + + pushd "${T}" >/dev/null + + ./glibc-test + ret=$? + rm -f glibc-test* + + popd >/dev/null + + return ${ret} +} + +check_devpts() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown. + + # If merely building the binary package, then there's nothing to verify. + [[ ${MERGE_TYPE} == "buildonly" ]] && return + + # Only sanity check when installing the native glibc. + [[ ${ROOT} != "/" ]] && return + + # Older versions always installed setuid, so no need to check. + in_iuse suid || return + + # If they're opting in to the old suid code, then no need to check. + use suid && return + + if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then + eerror "In order to use glibc with USE=-suid, you must make sure that" + eerror "you have devpts mounted at /dev/pts with the gid=5 option." + eerror "Openrc should do this for you, so you should check /etc/fstab" + eerror "and make sure you do not have any invalid settings there." + # Do not die on older kernels as devpts did not export these settings #489520. + if version_is_at_least 2.6.25 $(uname -r) ; then + die "mount & fix your /dev/pts settings" + fi + fi +} + +eblit-glibc-pkg_pretend() { + # For older EAPIs, this is run in pkg_preinst. + if [[ ${EAPI:-0} != [0123] ]] ; then + check_devpts + fi + + # prevent native builds from downgrading ... maybe update to allow people + # to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2) + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + if has_version '>'${CATEGORY}/${PF} ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "aborting to save your system" + fi + + if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "http://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "http://bugs.gentoo.org/262698" + die "keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall(<bignum>) will break." + eerror "http://bugs.gentoo.org/279260" + die "keeping your system alive, say thank you" + fi + fi + + # users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" + die "please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! gcc-specs-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '<sys-libs/glibc-2.13' && \ + [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]] + then + ebegin "Scanning system for __guard to see if you need to rebuild first ..." + local files=$( + scanelf -qys__guard -F'#s%F' \ + "${EROOT}"/*bin/ \ + "${EROOT}"/lib* \ + "${EROOT}"/usr/*bin/ \ + "${EROOT}"/usr/lib* | \ + egrep -v \ + -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \ + -e "^${EROOT}/sbin/(ldconfig|sln)$" + ) + [[ -z ${files} ]] + if ! eend $? ; then + eerror "Your system still has old SSP __guard symbols. You need to" + eerror "rebuild all the packages that provide these files first:" + eerror "${files}" + die "old __guard detected" + fi + fi +} diff --git a/sys-libs/glibc/files/eblits/pkg_setup.eblit b/sys-libs/glibc/files/eblits/pkg_setup.eblit new file mode 100644 index 000000000000..2aff25870cc3 --- /dev/null +++ b/sys-libs/glibc/files/eblits/pkg_setup.eblit @@ -0,0 +1,9 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit" + +eblit-glibc-pkg_setup() { + [[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend +} diff --git a/sys-libs/glibc/files/eblits/src_compile.eblit b/sys-libs/glibc/files/eblits/src_compile.eblit new file mode 100644 index 000000000000..7a38b3e6e479 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_compile.eblit @@ -0,0 +1,24 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit" + +toolchain-glibc_src_compile() { + local t + for t in linuxthreads nptl ; do + if want_${t} ; then + [[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t} + emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed" + fi + done +} + +eblit-glibc-src_compile() { + if just_headers ; then + [[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure + return + fi + + foreach_abi toolchain-glibc_src_compile +} diff --git a/sys-libs/glibc/files/eblits/src_configure.eblit b/sys-libs/glibc/files/eblits/src_configure.eblit new file mode 100644 index 000000000000..954508ca51aa --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_configure.eblit @@ -0,0 +1,259 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +dump_toolchain_settings() { + echo + + einfo "$*" + + local v + for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do + einfo " $(printf '%15s' ${v}:) ${!v}" + done + + # The glibc configure script doesn't properly use LDFLAGS all the time. + export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}" + einfo " $(printf '%15s' 'Manual CC:') ${CC}" + echo +} + +glibc_do_configure() { + # Glibc does not work with gold (for various reasons) #269274. + tc-ld-disable-gold + + dump_toolchain_settings "Configuring glibc for $1" + + local myconf=() + + # set addons + pushd "${S}" > /dev/null + local addons=$(echo */configure | sed \ + -e 's:/configure::g' \ + -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ + -e 's: \+$::' \ + -e 's! !,!g' \ + -e 's!^!,!' \ + -e '/^,\*$/d') + [[ -d ports ]] && addons+=",ports" + popd > /dev/null + + myconf+=( $(use_enable hardened stackguard-randomization) ) + if has_version '<sys-libs/glibc-2.13' ; then + myconf+=( --enable-old-ssp-compat ) + fi + + [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp ) + + if [[ $1 == "linuxthreads" ]] ; then + if want_tls ; then + myconf+=( --with-tls ) + + if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then + myconf+=( --without-__thread ) + else + myconf+=( --with-__thread ) + fi + else + myconf+=( --without-tls --without-__thread ) + fi + + myconf+=( --disable-sanity-checks ) + addons="linuxthreads${addons}" + myconf+=( --enable-kernel=${LT_KER_VER} ) + elif [[ $1 == "nptl" ]] ; then + # Newer versions require nptl, so there is no addon for it. + version_is_at_least 2.20 || addons="nptl${addons}" + myconf+=( --enable-kernel=${NPTL_KERN_VER} ) + else + die "invalid pthread option" + fi + myconf+=( --enable-add-ons="${addons#,}" ) + + # Since SELinux support is only required for nscd, only enable it if: + # 1. USE selinux + # 2. only for the primary ABI on multilib systems + # 3. Not a crosscompile + if ! is_crosscompile && use selinux ; then + if use multilib ; then + if is_final_abi ; then + myconf+=( --with-selinux ) + else + myconf+=( --without-selinux ) + fi + else + myconf+=( --with-selinux ) + fi + else + myconf+=( --without-selinux ) + fi + + # Force a few tests where we always know the answer but + # configure is incapable of finding it. + if is_crosscompile ; then + export \ + libc_cv_c_cleanup=yes \ + libc_cv_forced_unwind=yes + fi + + myconf+=( + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + $(use_enable profile) + $(use_with gd) + --with-headers=$(alt_build_headers) + --prefix=/usr + --libdir=/usr/$(get_libdir) + --mandir=/usr/share/man + --infodir=/usr/share/info + --libexecdir=/usr/$(get_libdir)/misc/glibc + --with-bugurl=http://bugs.gentoo.org/ + --with-pkgversion="$(glibc_banner)" + $(use_multiarch || echo --disable-multi-arch) + --enable-obsolete-rpc + $(in_iuse systemtap && use_enable systemtap) + $(in_iuse nscd && use_enable nscd) + ${EXTRA_ECONF} + ) + + # There is no configure option for this and we need to export it + # since the glibc build will re-run configure on itself + export libc_cv_slibdir=/$(get_libdir) + + # We take care of patching our binutils to use both hash styles, + # and many people like to force gnu hash style only, so disable + # this overriding check. #347761 + export libc_cv_hashstyle=no + + # Overtime, generating info pages can be painful. So disable this for + # versions older than the latest stable to avoid the issue (this ver + # should be updated from time to time). #464394 #465816 + if ! version_is_at_least 2.17 ; then + export ac_cv_prog_MAKEINFO=: + fi + + local builddir=$(builddir "$1") + mkdir -p "${builddir}" + cd "${builddir}" + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + "$@" || die "failed to configure glibc" + + # ia64 static cross-compilers are a pita in so much that they + # can't produce static ELFs (as the libgcc.a is broken). so + # disable building of the programs for those targets if it + # doesn't work. + # XXX: We could turn this into a compiler test, but ia64 is + # the only one that matters, so this should be fine for now. + if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then + sed -i '1i+link-static = touch $@' config.make + fi + + # If we're trying to migrate between ABI sets, we need + # to lie and use a local copy of gcc. Like if the system + # is built with MULTILIB_ABIS="amd64 x86" but we want to + # add x32 to it, gcc/glibc don't yet support x32. + if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then + echo 'main(){}' > "${T}"/test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then + sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die + mkdir -p sunrpc + cp $(which rpcgen) sunrpc/cross-rpcgen || die + touch -t 202001010101 sunrpc/cross-rpcgen || die + fi + fi +} + +toolchain-glibc_headers_configure() { + export ABI=default + + local builddir=$(builddir "headers") + mkdir -p "${builddir}" + cd "${builddir}" + + # if we don't have a compiler yet, we cant really test it now ... + # hopefully they don't affect header geneation, so let's hope for + # the best here ... + local v vars=( + ac_cv_header_cpuid_h=yes + libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes + libc_cv_asm_cfi_directives=yes + libc_cv_broken_visibility_attribute=no + libc_cv_c_cleanup=yes + libc_cv_forced_unwind=yes + libc_cv_gcc___thread=yes + libc_cv_mlong_double_128=yes + libc_cv_mlong_double_128ibm=yes + libc_cv_ppc_machine=yes + libc_cv_ppc_rel16=yes + libc_cv_predef_{fortify_source,stack_protector}=no + libc_cv_visibility_attribute=yes + libc_cv_z_combreloc=yes + libc_cv_z_execstack=yes + libc_cv_z_initfirst=yes + libc_cv_z_nodelete=yes + libc_cv_z_nodlopen=yes + libc_cv_z_relro=yes + libc_mips_abi=${ABI} + libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) + ) + einfo "Forcing cached settings:" + for v in "${vars[@]}" ; do + einfo " ${v}" + export ${v} + done + + # Blow away some random CC settings that screw things up. #550192 + if [[ -d ${S}/sysdeps/mips ]]; then + pushd "${S}"/sysdeps/mips >/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + popd >/dev/null + fi + + local myconf=() + myconf+=( + --disable-sanity-checks + --enable-hacker-mode + --without-cvs + --disable-werror + --enable-bind-now + --build=${CBUILD_OPT:-${CBUILD}} + --host=${CTARGET_OPT:-${CTARGET}} + --with-headers=$(alt_build_headers) + --prefix=/usr + ${EXTRA_ECONF} + ) + + local addons + [[ -d ${S}/ports ]] && addons+=",ports" + # Newer versions require nptl, so there is no addon for it. + version_is_at_least 2.20 || addons+=",nptl" + myconf+=( --enable-add-ons="${addons#,}" ) + + # Nothing is compiled here which would affect the headers for the target. + # So forcing CC/CFLAGS is sane. + set -- "${S}"/configure "${myconf[@]}" + echo "$@" + CC="$(tc-getBUILD_CC)" \ + CFLAGS="-O1 -pipe" \ + CPPFLAGS="-U_FORTIFY_SOURCE" \ + LDFLAGS="" \ + "$@" || die "failed to configure glibc" +} + +toolchain-glibc_src_configure() { + if just_headers ; then + toolchain-glibc_headers_configure + else + want_linuxthreads && glibc_do_configure linuxthreads + want_nptl && glibc_do_configure nptl + fi +} + +eblit-glibc-src_configure() { + foreach_abi toolchain-glibc_src_configure +} diff --git a/sys-libs/glibc/files/eblits/src_install.eblit b/sys-libs/glibc/files/eblits/src_install.eblit new file mode 100644 index 000000000000..4a8056071a40 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_install.eblit @@ -0,0 +1,244 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +toolchain-glibc_src_install() { + local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) + cd "${builddir}" + + emake install_root="${D}$(alt_prefix)" install || die + + if want_linuxthreads && want_nptl ; then + einfo "Installing NPTL to $(alt_libdir)/tls/..." + cd "$(builddir nptl)" + dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl + + local l src_lib + for l in libc libm librt libpthread libthread_db ; do + # take care of shared lib first ... + l=${l}.so + if [[ -e ${l} ]] ; then + src_lib=${l} + else + src_lib=$(eval echo */${l}) + fi + cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" + fperms a+rx $(alt_libdir)/tls/${l} + dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) + + # then grab the linker script or the symlink ... + if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then + dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} + else + sed \ + -e "s:/${l}:/tls/${l}:g" \ + -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ + "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} + fi + + # then grab the static lib ... + src_lib=${src_lib/%.so/.a} + [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} + cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + src_lib=${src_lib/%.a/_nonshared.a} + if [[ -e ${src_lib} ]] ; then + cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" + fi + done + + # use the nptl linker instead of the linuxthreads one as the linuxthreads + # one may lack TLS support and that can be really bad for business + cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" + fi + + # We'll take care of the cache ourselves + rm -f "${ED}"/etc/ld.so.cache + + # Everything past this point just needs to be done once ... + is_final_abi || return 0 + + # Make sure the non-native interp can be found on multilib systems even + # if the main library set isn't installed into the right place. Maybe + # we should query the active gcc for info instead of hardcoding it ? + local i ldso_abi ldso_name + local ldso_abi_list=( + # x86 + amd64 /lib64/ld-linux-x86-64.so.2 + x32 /libx32/ld-linux-x32.so.2 + x86 /lib/ld-linux.so.2 + # mips + o32 /lib/ld.so.1 + n32 /lib32/ld.so.1 + n64 /lib64/ld.so.1 + # powerpc + ppc /lib/ld.so.1 + ppc64 /lib64/ld64.so.1 + # s390 + s390 /lib/ld.so.1 + s390x /lib/ld64.so.1 + # sparc + sparc32 /lib/ld-linux.so.2 + sparc64 /lib64/ld-linux.so.2 + ) + case $(tc-endian) in + little) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64.so.1 + ) + ;; + big) + ldso_abi_list+=( + # arm + arm64 /lib/ld-linux-aarch64_be.so.1 + ) + ;; + esac + if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then + dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib + fi + for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do + ldso_abi=${ldso_abi_list[i]} + has ${ldso_abi} $(get_install_abis) || continue + + ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" + if [[ ! -L ${D}/${ldso_name} && ! -e ${D}/${ldso_name} ]] ; then + dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} + fi + done + + # With devpts under Linux mounted properly, we do not need the pt_chown + # binary to be setuid. This is because the default owners/perms will be + # exactly what we want. + if in_iuse suid && ! use suid ; then + find "${D}" -name pt_chown -exec chmod -s {} + + fi + + ################################################################# + # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # + # Make sure we install some symlink hacks so that when we build + # a 2nd stage cross-compiler, gcc finds the target system + # headers correctly. See gcc/doc/gccinstall.info + if is_crosscompile ; then + # We need to make sure that /lib and /usr/lib always exists. + # gcc likes to use relative paths to get to its multilibs like + # /usr/lib/../lib64/. So while we don't install any files into + # /usr/lib/, we do need it to exist. + cd "${ED}"$(alt_libdir)/.. + [[ -e lib ]] || mkdir lib + cd "${ED}"$(alt_usrlibdir)/.. + [[ -e lib ]] || mkdir lib + + dosym usr/include $(alt_prefix)/sys-include + return 0 + fi + + # Files for Debian-style locale updating + dodir /usr/share/i18n + sed \ + -e "/^#/d" \ + -e "/SUPPORTED-LOCALES=/d" \ + -e "s: \\\\::g" -e "s:/: :g" \ + "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ + || die "generating /usr/share/i18n/SUPPORTED failed" + cd "${WORKDIR}"/extra/locale + dosbin locale-gen || die + doman *.[0-8] + insinto /etc + doins locale.gen || die + + # Make sure all the ABI's can find the locales and so we only + # have to generate one set + local a + keepdir /usr/$(get_libdir)/locale + for a in $(get_install_abis) ; do + if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then + dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale + fi + done + + cd "${S}" + + # Install misc network config files + insinto /etc + doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die + doins "${WORKDIR}"/extra/etc/*.conf || die + + if ! in_iuse nscd || use nscd ; then + doinitd "${WORKDIR}"/extra/etc/nscd || die + + local nscd_args=( + -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" + ) + version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' ) + sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd + + # Newer versions of glibc include the nscd.service themselves. + # TODO: Drop the $FILESDIR copy once 2.19 goes stable. + if version_is_at_least 2.19 ; then + systemd_dounit nscd/nscd.service || die + systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die + else + systemd_dounit "${FILESDIR}"/nscd.service || die + systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die + fi + else + # Do this since extra/etc/*.conf above might have nscd.conf. + rm -f "${ED}"/etc/nscd.conf + fi + + echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc + doenvd "${T}"/00glibc || die + + for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do + [[ -s ${d} ]] && dodoc ${d} + done + + # Prevent overwriting of the /etc/localtime symlink. We'll handle the + # creation of the "factory" symlink in pkg_postinst(). + rm -f "${ED}"/etc/localtime +} + +toolchain-glibc_headers_install() { + local builddir=$(builddir "headers") + cd "${builddir}" + emake install_root="${D}$(alt_prefix)" install-headers || die + if ! version_is_at_least 2.16 ; then + insinto $(alt_headers)/bits + doins bits/stdio_lim.h || die + fi + insinto $(alt_headers)/gnu + doins "${S}"/include/gnu/stubs.h || die "doins include gnu" + # Make sure we install the sys-include symlink so that when + # we build a 2nd stage cross-compiler, gcc finds the target + # system headers correctly. See gcc/doc/gccinstall.info + dosym usr/include /usr/${CTARGET}/sys-include +} + +src_strip() { + # gdb is lame and requires some debugging information to remain in + # libpthread, so we need to strip it by hand. libthread_db makes no + # sense stripped as it is only used when debugging. + local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}") + env \ + -uRESTRICT \ + CHOST=${CTARGET} \ + STRIP_MASK="/*/{,tls/}${pthread}*" \ + prepallstrip + # if user has stripping enabled and does not have split debug turned on, + # then leave the debugging sections in libpthread. + if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then + ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so + fi +} + +eblit-glibc-src_install() { + if just_headers ; then + export ABI=default + toolchain-glibc_headers_install + return + fi + + foreach_abi toolchain-glibc_src_install + src_strip +} diff --git a/sys-libs/glibc/files/eblits/src_prepare.eblit b/sys-libs/glibc/files/eblits/src_prepare.eblit new file mode 100644 index 000000000000..162cf530c8db --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_prepare.eblit @@ -0,0 +1,63 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +eblit-glibc-src_prepare() { + # XXX: We should do the branchupdate, before extracting the manpages and + # infopages else it does not help much (mtimes change if there is a change + # to them with branchupdate) + if [[ -n ${BRANCH_UPDATE} ]] ; then + epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + + # Snapshot date patch + einfo "Patching version to display snapshot date ..." + sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h + fi + + # tag, glibc is it + if ! version_is_at_least 2.17 ; then + [[ -e csu/Banner ]] && die "need new banner location" + glibc_banner > csu/Banner + fi + if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then + EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \ + EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \ + EPATCH_SUFFIX="patch" \ + ARCH=$(tc-arch) \ + epatch "${WORKDIR}"/patches + fi + + if just_headers ; then + if [[ -e ports/sysdeps/mips/preconfigure ]] ; then + # mips peeps like to screw with us. if building headers, + # we don't have a real compiler, so we can't let them + # insert -mabi on us. + sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die + find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + + fi + fi + + epatch_user + + gnuconfig_update + + # Glibc is stupid sometimes, and doesn't realize that with a + # static C-Only gcc, -lgcc_eh doesn't exist. + # http://sourceware.org/ml/libc-alpha/2003-09/msg00100.html + # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html + # But! Finally fixed in recent versions: + # http://sourceware.org/ml/libc-alpha/2012-05/msg01865.html + if ! version_is_at_least 2.16 ; then + echo 'int main(){}' > "${T}"/gcc_eh_test.c + if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then + sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" + fi + fi + + cd "${WORKDIR}" + find . -type f '(' -size 0 -o -name "*.orig" ')' -delete + find . -name configure -exec touch {} + + + # Fix permissions on some of the scripts. + chmod u+x "${S}"/scripts/*.sh +} diff --git a/sys-libs/glibc/files/eblits/src_test.eblit b/sys-libs/glibc/files/eblits/src_test.eblit new file mode 100644 index 000000000000..fc5b950f4681 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_test.eblit @@ -0,0 +1,30 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +glibc_src_test() { + cd "$(builddir $1)" + nonfatal emake -j1 check && return 0 + einfo "make check failed - re-running with --keep-going to get the rest of the results" + nonfatal emake -j1 -k check + ewarn "make check failed for ${ABI}-${CTARGET}-$1" + return 1 +} + +toolchain-glibc_src_test() { + local ret=0 t + for t in linuxthreads nptl ; do + if want_${t} ; then + glibc_src_test ${t} + : $(( ret |= $? )) + fi + done + return ${ret} +} + +eblit-glibc-src_test() { + # Give tests more time to complete. + export TIMEOUTFACTOR=5 + + foreach_abi toolchain-glibc_src_test || die "tests failed" +} diff --git a/sys-libs/glibc/files/eblits/src_unpack.eblit b/sys-libs/glibc/files/eblits/src_unpack.eblit new file mode 100644 index 000000000000..8d4c74071713 --- /dev/null +++ b/sys-libs/glibc/files/eblits/src_unpack.eblit @@ -0,0 +1,121 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" + +int_to_KV() { + local version=$1 major minor micro + major=$((version / 65536)) + minor=$(((version % 65536) / 256)) + micro=$((version % 256)) + echo ${major}.${minor}.${micro} +} + +eend_KV() { + [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]] + eend $? +} + +get_kheader_version() { + printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \ + $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \ + tail -n 1 +} + +check_nptl_support() { + # don't care about the compiler here as we arent using it + just_headers && return + + local run_kv build_kv want_kv + run_kv=$(int_to_KV $(get_KV)) + build_kv=$(int_to_KV $(get_kheader_version)) + want_kv=${NPTL_KERN_VER} + + ebegin "Checking gcc for __thread support" + if ! eend $(want__thread ; echo $?) ; then + echo + eerror "Could not find a gcc that supports the __thread directive!" + eerror "Please update your binutils/gcc and try again." + die "No __thread support in gcc!" + fi + + if ! is_crosscompile && ! tc-is-cross-compiler ; then + # Building fails on an non-supporting kernel + ebegin "Checking kernel version (${run_kv} >= ${want_kv})" + if ! eend_KV ${run_kv} ${want_kv} ; then + echo + eerror "You need a kernel of at least ${want_kv} for NPTL support!" + die "Kernel version too low!" + fi + fi + + ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})" + if ! eend_KV ${build_kv} ${want_kv} ; then + echo + eerror "You need linux-headers of at least ${want_kv} for NPTL support!" + die "linux-headers version too low!" + fi +} + +unpack_pkg() { + local a=${PN} + [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}" + [[ -n $1 ]] && a="${a}-$1" + if [[ -n ${SNAP_VER} ]] ; then + a="${a}-${SNAP_VER}" + else + if [[ -n $2 ]] ; then + a="${a}-$2" + else + a="${a}-${RELEASE_VER}" + fi + fi + if has ${a}.tar.xz ${A} ; then + unpacker ${a}.tar.xz + else + unpack ${a}.tar.bz2 + fi + [[ -n $1 ]] && { mv ${a} $1 || die ; } +} + +toolchain-glibc_src_unpack() { + # Check NPTL support _before_ we unpack things to save some time + want_nptl && check_nptl_support + + if [[ -n ${EGIT_REPO_URIS} ]] ; then + local i d + for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do + EGIT_REPO_URI=${EGIT_REPO_URIS[$i]} + EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]} + git-2_src_unpack + done + else + unpack_pkg + fi + + cd "${S}" + touch locale/C-translit.h #185476 #218003 + [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER} + [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER} + [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn + + if [[ -n ${PATCH_VER} ]] ; then + cd "${WORKDIR}" + unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 + # pull out all the addons + local d + for d in extra/*/configure ; do + d=${d%/configure} + [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" + mv "${d}" "${S}" || die "moving ${d} failed" + done + fi +} + +eblit-glibc-src_unpack() { + setup_env + + toolchain-glibc_src_unpack + [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare +} diff --git a/sys-libs/glibc/files/nscd b/sys-libs/glibc/files/nscd new file mode 100755 index 000000000000..e47f9b98bdfd --- /dev/null +++ b/sys-libs/glibc/files/nscd @@ -0,0 +1,64 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + use dns ldap net slapd +} + +checkconfig() { + if [ ! -d /var/run/nscd ] ; then + mkdir -p /var/run/nscd + chmod 755 /var/run/nscd + fi + if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then + echo "" + ewarn "nscd run dir is not world readable, you should reset the perms:" + ewarn "chmod 755 /var/run/nscd" + ewarn "chmod a+rw /var/run/nscd/socket" + echo "" + ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd" + echo "" + fi +} + +start() { + checkconfig + + ebegin "Starting Name Service Cache Daemon" + local secure=`while read curline ; do + table=${curline%:*} + entries=${curline##$table:} + table=${table%%[^a-z]*} + case $table in + passwd*|group*|hosts) + for entry in $entries ; do + case $entry in + nisplus*) + /usr/sbin/nscd_nischeck $table || \ + /echo "-S $table,yes" + ;; + esac + done + ;; + esac + done < /etc/nsswitch.conf` + local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)" + mkdir -p "$(dirname ${pidfile})" + save_options pidfile "${pidfile}" + start-stop-daemon --start --quiet \ + --exec /usr/sbin/nscd --pidfile "${pidfile}" \ + -- $secure + eend $? +} + +stop() { + local pidfile="$(get_options pidfile)" + [ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}" + ebegin "Shutting down Name Service Cache Daemon" + start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile} + eend $? +} + +# vim:ts=4 diff --git a/sys-libs/glibc/files/nscd.service b/sys-libs/glibc/files/nscd.service new file mode 100644 index 000000000000..25a3b1d9be0a --- /dev/null +++ b/sys-libs/glibc/files/nscd.service @@ -0,0 +1,15 @@ +[Unit] +Description=Name Service Cache Daemon +After=network.target + +[Service] +ExecStart=/usr/sbin/nscd -F +ExecStop=/usr/sbin/nscd --shutdown +ExecReload=/usr/sbin/nscd -i passwd +ExecReload=/usr/sbin/nscd -i group +ExecReload=/usr/sbin/nscd -i hosts +ExecReload=/usr/sbin/nscd -i services +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/sys-libs/glibc/files/nscd.tmpfilesd b/sys-libs/glibc/files/nscd.tmpfilesd new file mode 100644 index 000000000000..52edbba673cf --- /dev/null +++ b/sys-libs/glibc/files/nscd.tmpfilesd @@ -0,0 +1,4 @@ +# Configuration to create /run/nscd directory +# Used as part of systemd's tmpfiles + +d /run/nscd 0755 root root diff --git a/sys-libs/glibc/files/nsswitch.conf b/sys-libs/glibc/files/nsswitch.conf new file mode 100644 index 000000000000..f28d534edf68 --- /dev/null +++ b/sys-libs/glibc/files/nsswitch.conf @@ -0,0 +1,24 @@ +# /etc/nsswitch.conf: +# $Id$ + +passwd: compat +shadow: compat +group: compat + +# passwd: db files nis +# shadow: db files nis +# group: db files nis + +hosts: files dns +networks: files dns + +services: db files +protocols: db files +rpc: db files +ethers: db files +netmasks: files +netgroup: files +bootparams: files + +automount: files +aliases: files diff --git a/sys-libs/glibc/glibc-2.13-r4.ebuild b/sys-libs/glibc/glibc-2.13-r4.ebuild new file mode 100644 index 000000000000..4cf40a583d00 --- /dev/null +++ b/sys-libs/glibc/glibc-2.13-r4.ebuild @@ -0,0 +1,218 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="alpha amd64 arm hppa ia64 ~m68k ~mips ppc ppc64 s390 ~sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +if [[ ${PV} == *_p* ]] ; then +RELEASE_VER=${PV%_p*} +BRANCH_UPDATE="" +SNAP_VER=${PV#*_p} +else +RELEASE_VER=${PV} +BRANCH_UPDATE="" +SNAP_VER="" +fi +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="11" # Gentoo patchset +PORTS_VER="2.13" # version of glibc ports addon +LT_VER="" # version of linuxthreads addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires +#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl linuxthreads}" +S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)} + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux )" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + else + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.bz2 + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.bz2 + [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2 + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +pkg_setup() { + eblit-run pkg_setup + + # Static binary sanity check #332927 + if [[ ${ROOT} == "/" ]] && \ + has_version "<${CATEGORY}/${P}" && \ + built_with_use sys-apps/coreutils static + then + eerror "Please rebuild coreutils with USE=-static, then install" + eerror "glibc, then you may rebuild coreutils with USE=static." + die "Avoiding system meltdown #332927" + fi +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} diff --git a/sys-libs/glibc/glibc-2.14.1-r3.ebuild b/sys-libs/glibc/glibc-2.14.1-r3.ebuild new file mode 100644 index 000000000000..72b02819a3cb --- /dev/null +++ b/sys-libs/glibc/glibc-2.14.1-r3.ebuild @@ -0,0 +1,246 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="alpha amd64 arm hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="10" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +LT_VER="" # version of linuxthreads addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires +#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl linuxthreads}" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)} + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux )" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.bz2 + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.bz2 + [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2 + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +pkg_setup() { + eblit-run pkg_setup + + # Static binary sanity check #332927 + if [[ ${ROOT} == "/" ]] && \ + has_version "<${CATEGORY}/${P}" && \ + built_with_use sys-apps/coreutils static + then + eerror "Please rebuild coreutils with USE=-static, then install" + eerror "glibc, then you may rebuild coreutils with USE=static." + die "Avoiding system meltdown #332927" + fi +} + +eblit-src_unpack-pre() { + GLIBC_PATCH_EXCLUDE+=" 1200_all_glibc-${PV}-x32.patch" +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.15-r3.ebuild b/sys-libs/glibc/glibc-2.15-r3.ebuild new file mode 100644 index 000000000000..eefde954290e --- /dev/null +++ b/sys-libs/glibc/glibc-2.15-r3.ebuild @@ -0,0 +1,225 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="alpha amd64 arm -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="23" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils for as-needed +# arch: we need to make sure our binutils/gcc supports TLS +DEPEND=">=sys-devel/gcc-3.4.4 + arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) + x86? ( >=sys-devel/gcc-4.3 ) + amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 ) + ppc? ( >=sys-devel/gcc-4.1.0 ) + ppc64? ( >=sys-devel/gcc-4.1.0 ) + >=sys-devel/binutils-2.15.94 + >=app-misc/pax-utils-0.1.10 + virtual/os-headers + !<sys-apps/sandbox-1.2.18.1-r2 + !<sys-apps/portage-2.1.2 + !<sys-devel/patch-2.6 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" +else + DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )" + RDEPEND="${RDEPEND} + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.16.0.ebuild b/sys-libs/glibc/glibc-2.16.0.ebuild new file mode 100644 index 000000000000..588b27c60a5c --- /dev/null +++ b/sys-libs/glibc/glibc-2.16.0.ebuild @@ -0,0 +1,223 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND inner-net" +KEYWORDS="~alpha amd64 arm -hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +BRANCH_UPDATE="" +SNAP_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" ) + EGIT_SOURCEDIRS=( "${S}" "${S}/ports" ) + inherit git-2 + ;; +*_p*) + RELEASE_VER=${PV%_p*} + SNAP_VER=${PV#*_p} + ;; +*) + RELEASE_VER=${PV} + ;; +esac +LIBIDN_VER="" # it's integrated into the main tarball now +PATCH_VER="12" # Gentoo patchset +PORTS_VER=${RELEASE_VER} # version of glibc ports addon +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib selinux suid systemtap profile vanilla crosscompile_opts_headers-only" +[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +SRC_URI=$( + upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 + } + gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} + } + + TARNAME=${PN} + if [[ -n ${SNAP_VER} ]] ; then + TARNAME="${PN}-${RELEASE_VER}" + [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} + upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 + elif [[ -z ${EGIT_REPO_URIS} ]] ; then + upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz + fi + [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 + [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz + [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 + [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 +) + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.16/glibc-2.16-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.17.ebuild b/sys-libs/glibc/glibc-2.17.ebuild new file mode 100644 index 000000000000..91f9b3eccc30 --- /dev/null +++ b/sys-libs/glibc/glibc-2.17.ebuild @@ -0,0 +1,210 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="8" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912 + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.18-r1.ebuild b/sys-libs/glibc/glibc-2.18-r1.ebuild new file mode 100644 index 000000000000..da3d2d723dad --- /dev/null +++ b/sys-libs/glibc/glibc-2.18-r1.ebuild @@ -0,0 +1,210 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="4" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + GLIBC_PATCH_EXCLUDE+=" 00_all_0012-mips-add-clock_-g-s-ettime-symbol-compat-hacks.patch" #456912 #481438 + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.19-r1.ebuild b/sys-libs/glibc/glibc-2.19-r1.ebuild new file mode 100644 index 000000000000..87f73d887957 --- /dev/null +++ b/sys-libs/glibc/glibc-2.19-r1.ebuild @@ -0,0 +1,209 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="3" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.19.ebuild b/sys-libs/glibc/glibc-2.19.ebuild new file mode 100644 index 000000000000..5b171b1bc6fe --- /dev/null +++ b/sys-libs/glibc/glibc-2.19.ebuild @@ -0,0 +1,209 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="1" # Gentoo patchset +NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.20 + >=${CATEGORY}/gcc-4.3 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.20 + >=sys-devel/gcc-4.3 + virtual/os-headers + !vanilla? ( >=sys-libs/timezone-data-2012c )" + RDEPEND+=" + vanilla? ( !sys-libs/timezone-data ) + !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_unpack-post() { + if use hardened ; then + cd "${S}" + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch + + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ + debug/stack_chk_fail.c || die + cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ + debug/chk_fail.c || die + + if use debug ; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug stack handler" + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile \ + || die "Failed to modify debug/Makefile for debug fortify handler" + fi + + # Build nscd with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + nscd/Makefile \ + || die "Failed to ensure nscd builds with ssp-all" + fi +} + +eblit-pkg_preinst-post() { + if [[ ${CTARGET} == arm* ]] ; then + # Backwards compat support for renaming hardfp ldsos #417287 + local oldso='/lib/ld-linux.so.3' + local nldso='/lib/ld-linux-armhf.so.3' + if [[ -e ${D}${nldso} ]] ; then + if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then + ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." + ewarn "Please rebuild all packages using this old ldso as compat" + ewarn "support will be dropped in the future." + ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" + fi + fi + fi +} diff --git a/sys-libs/glibc/glibc-2.20-r1.ebuild b/sys-libs/glibc/glibc-2.20-r1.ebuild new file mode 100644 index 000000000000..21f2ac213b2b --- /dev/null +++ b/sys-libs/glibc/glibc-2.20-r1.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 -hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh -sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="3" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.4 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.4 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi +} diff --git a/sys-libs/glibc/glibc-2.20-r2.ebuild b/sys-libs/glibc/glibc-2.20-r2.ebuild new file mode 100644 index 000000000000..9225619ab638 --- /dev/null +++ b/sys-libs/glibc/glibc-2.20-r2.ebuild @@ -0,0 +1,196 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="alpha amd64 arm arm64 -hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="5" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.4 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.4 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.20.ebuild b/sys-libs/glibc/glibc-2.20.ebuild new file mode 100644 index 000000000000..546c86cc7a15 --- /dev/null +++ b/sys-libs/glibc/glibc-2.20.ebuild @@ -0,0 +1,187 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 -hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh -sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="1" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.4 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.4 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi +} diff --git a/sys-libs/glibc/glibc-2.21-r1.ebuild b/sys-libs/glibc/glibc-2.21-r1.ebuild new file mode 100644 index 000000000000..4f5641ffaab1 --- /dev/null +++ b/sys-libs/glibc/glibc-2.21-r1.ebuild @@ -0,0 +1,196 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="4" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.6 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.6 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-2.22.ebuild b/sys-libs/glibc/glibc-2.22.ebuild new file mode 100644 index 000000000000..506493e4d075 --- /dev/null +++ b/sys-libs/glibc/glibc-2.22.ebuild @@ -0,0 +1,196 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="2" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.6 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.6 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi + + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac +} diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild new file mode 100644 index 000000000000..d0609ff11afe --- /dev/null +++ b/sys-libs/glibc/glibc-9999.ebuild @@ -0,0 +1,188 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="4" + +inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing + +DESCRIPTION="GNU libc6 (also called glibc2) C library" +HOMEPAGE="http://www.gnu.org/software/libc/libc.html" + +LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" +#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +RESTRICT="strip" # strip ourself #46186 +EMULTILIB_PKG="true" + +# Configuration variables +RELEASE_VER="" +case ${PV} in +9999*) + EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" + EGIT_SOURCEDIRS="${S}" + inherit git-2 + ;; +*) + RELEASE_VER=${PV} + ;; +esac +GCC_BOOTSTRAP_VER="4.7.3-r1" +PATCH_VER="" # Gentoo patchset +: ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires + +IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" + +# Here's how the cross-compile logic breaks down ... +# CTARGET - machine that will target the binaries +# CHOST - machine that will host the binaries +# CBUILD - machine that will build the binaries +# If CTARGET != CHOST, it means you want a libc for cross-compiling. +# If CHOST != CBUILD, it means you want to cross-compile the libc. +# CBUILD = CHOST = CTARGET - native build/install +# CBUILD != (CHOST = CTARGET) - cross-compile a native build +# (CBUILD = CHOST) != CTARGET - libc for cross-compiler +# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler +# For install paths: +# CHOST = CTARGET - install into / +# CHOST != CTARGET - install into /usr/CTARGET/ + +export CBUILD=${CBUILD:-${CHOST}} +export CTARGET=${CTARGET:-${CHOST}} +if [[ ${CTARGET} == ${CHOST} ]] ; then + if [[ ${CATEGORY} == cross-* ]] ; then + export CTARGET=${CATEGORY#cross-} + fi +fi + +is_crosscompile() { + [[ ${CHOST} != ${CTARGET} ]] +} + +# Why SLOT 2.2 you ask yourself while sippin your tea ? +# Everyone knows 2.2 > 0, duh. +SLOT="2.2" + +# General: We need a new-enough binutils/gcc to match upstream baseline. +# arch: we need to make sure our binutils/gcc supports TLS. +DEPEND=">=app-misc/pax-utils-0.1.10 + !<sys-apps/sandbox-1.6 + !<sys-apps/portage-2.1.2 + selinux? ( sys-libs/libselinux )" +RDEPEND="!sys-kernel/ps3-sources + sys-apps/gentoo-functions + selinux? ( sys-libs/libselinux ) + !sys-libs/nss-db" + +if [[ ${CATEGORY} == cross-* ]] ; then + DEPEND+=" !crosscompile_opts_headers-only? ( + >=${CATEGORY}/binutils-2.24 + >=${CATEGORY}/gcc-4.6 + )" + [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" +else + DEPEND+=" + >=sys-devel/binutils-2.24 + >=sys-devel/gcc-4.6 + virtual/os-headers" + RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" + PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" +fi + +upstream_uris() { + echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 +} +gentoo_uris() { + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/http://dev.gentoo.org/} + echo mirror://gentoo/$1 ${devspace//URI/$1} +} +SRC_URI=$( + [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz + [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2 +) +SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" + +# eblit-include [--skip] <function> [version] +eblit-include() { + local skipable=false + [[ $1 == "--skip" ]] && skipable=true && shift + [[ $1 == pkg_* ]] && skipable=true + + local e v func=$1 ver=$2 + [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" + for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do + e="${FILESDIR}/eblits/${func}${v}.eblit" + if [[ -e ${e} ]] ; then + source "${e}" + return 0 + fi + done + ${skipable} && return 0 + die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" +} + +# eblit-run-maybe <function> +# run the specified function if it is defined +eblit-run-maybe() { + [[ $(type -t "$@") == "function" ]] && "$@" +} + +# eblit-run <function> [version] +# aka: src_unpack() { eblit-run src_unpack ; } +eblit-run() { + eblit-include --skip common "${*:2}" + eblit-include "$@" + eblit-run-maybe eblit-$1-pre + eblit-${PN}-$1 + eblit-run-maybe eblit-$1-post +} + +src_unpack() { eblit-run src_unpack ; } +src_prepare() { eblit-run src_prepare ; } +src_configure() { eblit-run src_configure ; } +src_compile() { eblit-run src_compile ; } +src_test() { eblit-run src_test ; } +src_install() { eblit-run src_install ; } + +# FILESDIR might not be available during binpkg install +for x in pretend setup {pre,post}inst ; do + e="${FILESDIR}/eblits/pkg_${x}.eblit" + if [[ -e ${e} ]] ; then + . "${e}" + eval "pkg_${x}() { eblit-run pkg_${x} ; }" + fi +done + +eblit-src_unpack-pre() { + [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 +} + +eblit-src_prepare-post() { + cd "${S}" + + if use hardened ; then + einfo "Patching to get working PIE binaries on PIE (hardened) platforms" + gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch + epatch "${FILESDIR}"/2.20/glibc-2.20-hardened-inittls-nosysenter.patch + + # We don't enable these for non-hardened as the output is very terse -- + # it only states that a crash happened. The default upstream behavior + # includes backtraces and symbols. + einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die + cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + + if use debug ; then + # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. + sed -i \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + debug/Makefile || die + fi + + # Build various bits with ssp-all + sed -i \ + -e 's:-fstack-protector$:-fstack-protector-all:' \ + */Makefile || die + fi +} diff --git a/sys-libs/glibc/metadata.xml b/sys-libs/glibc/metadata.xml new file mode 100644 index 000000000000..a113d4369b6c --- /dev/null +++ b/sys-libs/glibc/metadata.xml @@ -0,0 +1,15 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<herd>toolchain</herd> +<use> + <flag name='debug'>When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag> + <flag name='gd'>build memusage and memusagestat tools</flag> + <flag name='nscd'>Build, and enable support for, the Name Service Cache Daemon</flag> + <flag name='suid'>Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag> + <flag name='systemtap'>enable systemtap static probe points</flag> +</use> +<upstream> + <remote-id type="cpe">cpe:/a:gnu:glibc</remote-id> +</upstream> +</pkgmetadata> |