diff options
author | Magnus Granberg (Zorry) <zorry@ume.nu> | 2009-09-20 05:02:55 +0200 |
---|---|---|
committer | Magnus Granberg (Zorry) <zorry@ume.nu> | 2009-09-20 05:02:55 +0200 |
commit | cd0543e57953e8cfcc723045b84504df5af1978d (patch) | |
tree | c338110177381084a4c9bca7f653db505f586ce4 | |
parent | update patchset to match current tree. (diff) | |
download | hardened-dev-cd0543e57953e8cfcc723045b84504df5af1978d.tar.gz hardened-dev-cd0543e57953e8cfcc723045b84504df5af1978d.tar.bz2 hardened-dev-cd0543e57953e8cfcc723045b84504df5af1978d.zip |
sys-libs/glibc-2.10.1 is in the tree bug #270274 and syslog for fortify
-rw-r--r-- | sys-libs/glibc/Manifest | 8 | ||||
-rw-r--r-- | sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch | 30 | ||||
-rw-r--r-- | sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch | 274 | ||||
-rw-r--r-- | sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch | 168 | ||||
-rw-r--r-- | sys-libs/glibc/glibc-2.10.1.ebuild | 240 |
5 files changed, 0 insertions, 720 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest index 1c16ebca..f92c2a6a 100644 --- a/sys-libs/glibc/Manifest +++ b/sys-libs/glibc/Manifest @@ -1,6 +1,3 @@ -AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 RMD160 744bdbfb73f1dbced4cb33cb5aa92f3b41d3b4fb SHA1 21e0f83598f5342032a794315f0e3dac07f647da SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 -AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 RMD160 163e53f0f4f0bd003ef1c50a4eaaa8f4a82695fe SHA1 df23c6756114e1451e6f120723af1b621037c28e SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 -AUX 2.10/glibc-2.10-hardened-ssp-compat.patch 4802 RMD160 02bd17455d64b6661ae5f44329357dc254cdf118 SHA1 b40cf1a8f17e448861746ba39aa20afd66a47b2d SHA256 bd6f0aa8eace0a935731749e101d5fe30210f9edb65f2f5ccd425cef581ddce4 AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 RMD160 7ab81bac4b9625043b1e7edea6fb5707696c144d SHA1 25a0b018eb44f3c9818876a12e9ec817e305d80b SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 AUX 2.5/glibc-2.5-hardened-pie.patch 1569 RMD160 8746aeb9f9c68ca153d93cf92c9df93d0fb324d6 SHA1 c2ec8d9286af38017f5bee5a8823f642c067201d SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 AUX 2.6/glibc-2.6-gentoo-chk_fail.c 9407 RMD160 230701dfacfe2481eb49e5384fe4ebb508bd3af2 SHA1 0e9330d57de714dd1ecd7040d3eabf4723cdee7c SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e @@ -26,16 +23,11 @@ AUX nscd.conf 1158 RMD160 50651e89a0cb206b1d37dae8840527694fe561b5 SHA1 5f5166aa AUX nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc SHA1 42f7f5cc3de75c69bf60d806ac8490106ea63326 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d AUX test-__thread.c 53 RMD160 dcc9960f3bf26c935f41dc5c408613963885ad58 SHA1 dcb60595b2730a8a05eb045563f13cd615830acf SHA256 28a7836b810cf21f6071126d6b19dbdbf567f2544f9283700d125ad653d7519e AUX test-sysctl_h.c 54 RMD160 b7c2e5956e0a232193610701ccc57a8d56615a36 SHA1 d727fbe809fbec9157661fbdb6c8077a68d95044 SHA256 19337cae62f1ebc23ca8d8de8a98e7f03c9dd77a671100995d6e7c8a3833e759 -DIST glibc-2.10.1-patches-3.tar.bz2 94174 RMD160 30c60f12792a3e5abfda3c38b83c68d16ee2d7fb SHA1 f27d678001544f8eee4b8bd70139a8d70db1d3ab SHA256 67bef941afa0dbd6d8879680c8bca133d3b3e65c62e253b189ed398635aec867 -DIST glibc-2.10.1.tar.bz2 16106243 RMD160 ca102519ab32714e788a0db5dd43c2f9962c86e9 SHA1 cb478cf9d6e2c905a1a4f4a2cae44a320b8dc50b SHA256 cbad3e637eab613184405a87a2bf08a41991a0e512a3ced60d120effc73de667 DIST glibc-2.8-20080602.tar.bz2 16235726 RMD160 8781f2b1dbd22c6579208a689be38a444b5242c7 SHA1 68c2bfcf5f385449c3cb7efbf1f0d425d14cdaad SHA256 142eaba19eb85121206ee034fd828ca5dcd1bf2bfa940fef92c37457c06a6d48 DIST glibc-2.8-patches-6.tar.bz2 103171 RMD160 c6a9710e53fa6b3698aea1a5f0a497155cf2a1c5 SHA1 39fe516a150621fc34418e23ac1c38cb1f7c1406 SHA256 dc335095de83ff4ff405c9aaf5b3ee3d82148888c73b31081ae1c706510973c2 DIST glibc-2.8-ports-20080602.tar.bz2 469234 RMD160 57ae79a79c6f82f5ff217e9052f4569c136dca7d SHA1 c3a45ea27c9eb1bf99f1caafe085b50951089384 SHA256 1f3665e80b5832f7d281c109bc2f5412521cc9ccc3bd7b499fd493ff5eb9aa9b DIST glibc-2.9-20081201.tar.bz2 16430489 RMD160 1e1feb4ee9c0892a0544c05adb6dd249544621cf SHA1 5756ca3b543a370c4ec9ffc8038b72bf0aa61c71 SHA256 6f8e515775e20ed48610860d10315adda418a3649b3465f36ee5cd467364a8f6 DIST glibc-2.9-patches-5.tar.bz2 101693 RMD160 8cd377be020bf95a30862d77c215c16dc544602f SHA1 103839660f4e55871bf68835f8fec83d9afecdec SHA256 6f61c3e212c82eb118780573ac80d61835ff3a98fbea68b6f03a52009cce7d35 DIST glibc-2.9-ports-20081201.tar.bz2 487663 RMD160 80eb0035ed2e021e79755d4151ccd6d73cd78d8d SHA1 90a6ecbce37aabe6093c4dd0c8817cbf86321627 SHA256 19bb6e89855171d7ae01aef92054dfe4524521fbc13c67bfaa3ee81944210744 -DIST glibc-libidn-2.10.1.tar.bz2 102248 RMD160 0fbb3ecc09f59f0b9e90e0669bd9cd6075164173 SHA1 50c1ac0d9ddff6eb83f75aa1c4cb84ba6fffa0cd SHA256 0fa72d1dd06a30642d3bb20a659f4ed0f4af54a205d7102896b68169b38676dc -DIST glibc-ports-2.10.1.tar.bz2 584860 RMD160 1f094d4df18306ccb01037d07f0a0e3014fdfc60 SHA1 3cc9eff22d624c5fb6d951bbcb31b40112238fe7 SHA256 b1f1ec9720036a3a33598b8478eef102535444a083d5b5813a6981ed74ab4071 -EBUILD glibc-2.10.1.ebuild 7977 RMD160 31578e360a6bfef799555efa8b3fcf7362e45e1a SHA1 62eb52ab0531ca2332f30d3914cafbef244ad3b6 SHA256 c4e5ce4eb6efbac65826a45ba30d7a8eda4d96179b827e189b87149996560801 EBUILD glibc-2.8_p20080602-r3.ebuild 13728 RMD160 d30e8a99f4457056fae2a1b9ef239f0466b45367 SHA1 a314d2b0c3c1c3bc308f25c4faa1d16bd8ca274c SHA256 f46a10aa3391d5bdd1e3b6ed1594c38029c82c56b56d8f7d4b86e1bb4c1340f5 EBUILD glibc-2.9_p20081201-r4.ebuild 8023 RMD160 bccf2564ea221ee4d4d3982fe060d5043ba0e98a SHA1 8a9de34e334928195ae148742442a958e8cd9e56 SHA256 73193ce7c305620cbbf83d0ecb2f6118cc1624de471f27cdd4dd0f9ed3cebd80 diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch deleted file mode 100644 index e75ccc78..00000000 --- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn <kevquinn@gentoo.org> -Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu> - ---- configure.in -+++ configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch deleted file mode 100644 index cb6d8e3c..00000000 --- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,274 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn <kevquinn@gentoo.org> -Fixed for 2.10 by Magnus Granberg <zorry@ume.nu> - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include <tls.h> -+#include <sysdep.h> - #ifndef SHARED - # include <dl-osinfo.h> - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include <unistd.h> - #include <stdio.h> - #include <sys/param.h> -+#include <sysdep.h> - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include <errno.h> - #include <stdint.h> - #include <unistd.h> -+#include <sysdep.h> - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch deleted file mode 100644 index a1c9eef6..00000000 --- a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch +++ /dev/null @@ -1,168 +0,0 @@ -Add backwards compat support for gcc-3.x ssp ... older ssp versions -used __guard and __stack_smash_handler symbols while gcc-4.1 and newer -uses __stack_chk_guard and __stack_chk_fail. - ---- config.h.in -+++ config.h.in -@@ -42,6 +42,9 @@ - assembler instructions per line. Default is `;' */ - #undef ASM_LINE_SEP - -+/* Define if we want to enable support for old ssp symbols */ -+#undef ENABLE_OLD_SSP_COMPAT -+ - /* Define if not using ELF, but `.init' and `.fini' sections are available. */ - #undef HAVE_INITFINI - ---- configure -+++ configure -@@ -1378,6 +1378,9 @@ Optional Features: - --enable-kernel=VERSION compile for compatibility with kernel not older than - VERSION - --enable-all-warnings enable all useful warnings gcc can issue -+ --disable-old-ssp-compat -+ enable support for older ssp symbols -+ [default=no] - --enable-multi-arch enable single DSO with optimizations for multiple - architectures - --enable-experimental-malloc -@@ -6462,6 +6465,20 @@ fi - $as_echo "$libc_cv_ssp" >&6; } - - -+# Check whether --enable-old-ssp-compat or --disable-old-ssp-compat was given. -+if test "${enable_old_ssp_compat+set}" = set; then -+ enableval="$enable_old_ssp_compat" -+ enable_old_ssp_compat=$enableval -+else -+ enable_old_ssp_compat=no -+fi; -+if test "x$enable_old_ssp_compat" = "xyes"; then -+ cat >>confdefs.h <<\_ACEOF -+#define ENABLE_OLD_SSP_COMPAT 1 -+_ACEOF -+ -+fi -+ - { $as_echo "$as_me:$LINENO: checking for -fgnu89-inline" >&5 - $as_echo_n "checking for -fgnu89-inline... " >&6; } - if test "${libc_cv_gnu89_inline+set}" = set; then ---- configure.in -+++ configure.in -@@ -1641,6 +1641,15 @@ fi - rm -f conftest*]) - AC_SUBST(libc_cv_ssp) - -+AC_ARG_ENABLE([old-ssp-compat], -+ AC_HELP_STRING([--enable-old-ssp-compat], -+ [enable support for older ssp symbols @<:@default=no@:>@]), -+ [enable_old_ssp_compat=$enableval], -+ [enable_old_ssp_compat=no]) -+if test "x$enable_old_ssp_compat" = "xyes"; then -+ AC_DEFINE(ENABLE_OLD_SSP_COMPAT) -+fi -+ - AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl - cat > conftest.c <<EOF - int foo; ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -37,6 +37,9 @@ extern void __pthread_initialize_minimal - uintptr_t __stack_chk_guard attribute_relro; - # endif - #endif -+#ifdef ENABLE_OLD_SSP_COMPAT -+uintptr_t __guard attribute_relro; -+#endif - - #ifdef HAVE_PTR_NTHREADS - /* We need atomic operations. */ -@@ -141,6 +145,9 @@ LIBC_START_MAIN (int (*main) (int, char - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); -+#ifdef ENABLE_OLD_SSP_COMPAT -+ __guard = stack_chk_guard; -+#endif - # ifdef THREAD_SET_STACK_GUARD - THREAD_SET_STACK_GUARD (stack_chk_guard); - # else ---- csu/Versions -+++ csu/Versions -@@ -17,6 +17,12 @@ libc { - # New special glibc functions. - gnu_get_libc_release; gnu_get_libc_version; - } -+ GLIBC_2.3.2 { -+%ifdef ENABLE_OLD_SSP_COMPAT -+ # global objects and functions for the old propolice patch in gcc -+ __guard; -+%endif -+ } - GLIBC_PRIVATE { - %if HAVE___THREAD - # This version is for the TLS symbol, GLIBC_2.0 is the old object symbol. ---- debug/Versions -+++ debug/Versions -@@ -10,6 +10,12 @@ libc { - # These are to support some gcc features. - __cyg_profile_func_enter; __cyg_profile_func_exit; - } -+%ifdef ENABLE_OLD_SSP_COMPAT -+ GLIBC_2.3.2 { -+ # backwards ssp compat support; alias to __stack_chk_fail -+ __stack_smash_handler; -+ } -+%endif - GLIBC_2.3.4 { - __chk_fail; - __memcpy_chk; __memmove_chk; __mempcpy_chk; __memset_chk; __stpcpy_chk; ---- elf/rtld.c -+++ elf/rtld.c -@@ -89,6 +89,9 @@ INTDEF(_dl_argv) - in thread local area. */ - uintptr_t __stack_chk_guard attribute_relro; - #endif -+#ifdef ENABLE_OLD_SSP_COMPAT -+uintptr_t __guard attribute_relro; -+#endif - - /* Only exported for architectures that don't store the pointer guard - value in thread local area. */ -@@ -1817,6 +1821,9 @@ ERROR: ld.so: object '%s' cannot be load - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random); -+#ifdef ENABLE_OLD_SSP_COMPAT -+ __guard = stack_chk_guard; -+#endif - #ifdef THREAD_SET_STACK_GUARD - THREAD_SET_STACK_GUARD (stack_chk_guard); - #else ---- elf/Versions -+++ elf/Versions -@@ -43,6 +43,12 @@ ld { - # runtime interface to TLS - __tls_get_addr; - } -+%ifdef ENABLE_OLD_SSP_COMPAT -+ GLIBC_2.3.2 { -+ # backwards ssp compat support -+ __guard; -+ } -+%endif - GLIBC_2.4 { - # stack canary - __stack_chk_guard; ---- Versions.def -+++ Versions.def -@@ -109,6 +109,9 @@ ld { - GLIBC_2.0 - GLIBC_2.1 - GLIBC_2.3 -+%ifdef ENABLE_OLD_SSP_COMPAT -+ GLIBC_2.3.2 -+%endif - GLIBC_2.4 - GLIBC_PRIVATE - } diff --git a/sys-libs/glibc/glibc-2.10.1.ebuild b/sys-libs/glibc/glibc-2.10.1.ebuild deleted file mode 100644 index 57158706..00000000 --- a/sys-libs/glibc/glibc-2.10.1.ebuild +++ /dev/null @@ -1,240 +0,0 @@ -# Copyright 1999-2009 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: $ - -inherit eutils versionator libtool toolchain-funcs flag-o-matic gnuconfig multilib - -DESCRIPTION="GNU libc6 (also called glibc2) C library" -HOMEPAGE="http://www.gnu.org/software/libc/libc.html" - -LICENSE="LGPL-2" -KEYWORDS="~amd64 ~x86" -RESTRICT="strip" # strip ourself #46186 -EMULTILIB_PKG="true" - -# Configuration variables -if [[ ${PV} == *_p* ]] ; then -RELEASE_VER=${PV%_p*} -BRANCH_UPDATE="" -SNAP_VER=${PV#*_p} -LIBIDN_VER="" -else -RELEASE_VER=${PV} -BRANCH_UPDATE="" -SNAP_VER="" -LIBIDN_VER=${RELEASE_VER} -fi -MANPAGE_VER="" # pregenerated manpages -INFOPAGE_VER="" # pregenerated infopages -PATCH_VER="3" # Gentoo patchset -PORTS_VER=${RELEASE_VER} # version of glibc ports addon -LT_VER="" # version of linuxthreads addon -NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires -#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires - -IUSE="debug gd glibc-omitfp hardened multilib nls selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl nptlonly}" -S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}} - -# Here's how the cross-compile logic breaks down ... -# CTARGET - machine that will target the binaries -# CHOST - machine that will host the binaries -# CBUILD - machine that will build the binaries -# If CTARGET != CHOST, it means you want a libc for cross-compiling. -# If CHOST != CBUILD, it means you want to cross-compile the libc. -# CBUILD = CHOST = CTARGET - native build/install -# CBUILD != (CHOST = CTARGET) - cross-compile a native build -# (CBUILD = CHOST) != CTARGET - libc for cross-compiler -# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler -# For install paths: -# CHOST = CTARGET - install into / -# CHOST != CTARGET - install into /usr/CTARGET/ - -export CBUILD=${CBUILD:-${CHOST}} -export CTARGET=${CTARGET:-${CHOST}} -if [[ ${CTARGET} == ${CHOST} ]] ; then - if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then - export CTARGET=${CATEGORY/cross-} - fi -fi - -[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20} - -is_crosscompile() { - [[ ${CHOST} != ${CTARGET} ]] -} -alt_libdir() { - if is_crosscompile ; then - echo /usr/${CTARGET}/$(get_libdir) - else - echo /$(get_libdir) - fi -} - -if is_crosscompile ; then - SLOT="${CTARGET}-2.2" -else - # Why SLOT 2.2 you ask yourself while sippin your tea ? - # Everyone knows 2.2 > 0, duh. - SLOT="2.2" - PROVIDE="virtual/libc" -fi - -# General: We need a new-enough binutils for as-needed -# arch: we need to make sure our binutils/gcc supports TLS -DEPEND=">=sys-devel/gcc-3.4.4 - arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 ) - ppc? ( >=sys-devel/gcc-4.1.0 ) - ppc64? ( >=sys-devel/gcc-4.1.0 ) - >=sys-devel/binutils-2.15.94 - ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)} - >=sys-devel/gcc-config-1.3.12 - >=app-misc/pax-utils-0.1.10 - virtual/os-headers - nls? ( sys-devel/gettext ) - >=sys-apps/sandbox-1.2.18.1-r2 - >=sys-apps/portage-2.1.2 - selinux? ( sys-libs/libselinux )" -RDEPEND="!sys-kernel/ps3-sources - nls? ( sys-devel/gettext ) - selinux? ( sys-libs/libselinux )" - -if [[ ${CATEGORY/cross-} != ${CATEGORY} ]] ; then - DEPEND="${DEPEND} ${CATEGORY}/gcc" - [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers" -else - DEPEND="${DEPEND} >=sys-libs/timezone-data-2007c" - RDEPEND="${RDEPEND} sys-libs/timezone-data" -fi - -SRC_URI=$( - upstream_uris() { - echo mirror://gnu/glibc/$1 ftp://sources.redhat.com/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 - } - gentoo_uris() { - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" - devspace=${devspace//HTTP/http://dev.gentoo.org/} - echo mirror://gentoo/$1 ${devspace//URI/$1} - } - - TARNAME=${PN} - if [[ -n ${SNAP_VER} ]] ; then - TARNAME="${PN}-${RELEASE_VER}" - [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER} - upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2 - else - upstream_uris ${TARNAME}-${RELEASE_VER}.tar.bz2 - fi - [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2 - [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.bz2 - [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2 - [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 - [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 - [[ -n ${MANPAGE_VER} ]] && gentoo_uris glibc-manpages-${MANPAGE_VER}.tar.bz2 - [[ -n ${INFOPAGE_VER} ]] && gentoo_uris glibc-infopages-${INFOPAGE_VER}.tar.bz2 -) - -# eblit-include [--skip] <function> [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe <function> -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run <function> [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-post() { - if use hardened ; then - cd "${S}" - einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch - - einfo "Patching Glibc to support older SSP __guard" - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-ssp-compat.patch - - einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" - cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ - debug/stack_chk_fail.c || die - cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-chk_fail.c \ - debug/chk_fail.c || die - - if use debug ; then - # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis - debug only, as core could be an information leak - # (paranoia). - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug stack handler" - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug fortify handler" - fi - - # Build nscd with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - nscd/Makefile \ - || die "Failed to ensure nscd builds with ssp-all" - fi -} - -maint_pkg_create() { - local base="/usr/local/src/gnu/glibc/glibc-${PV:0:1}_${PV:2:1}" - cd ${base} - local stamp=$(date +%Y%m%d) - local d - for d in libc ports ; do - #(cd ${d} && cvs up) - case ${d} in - libc) tarball="${P}";; - ports) tarball="${PN}-ports-${PV}";; - esac - rm -f ${tarball}* - ln -sf ${d} ${tarball} - tar hcf - ${tarball} --exclude-vcs | lzma > "${T}"/${tarball}.tar.lzma - du -b "${T}"/${tarball}.tar.lzma - done -} |