Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler variant.

(Portage version: 2.1.2.2)

3 files changed, 22 insertions, 7 deletions

diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog
index 33d27fe7619b..e289c1dd20c6 100644
--- a/sys-libs/glibc/ChangeLog
+++ b/sys-libs/glibc/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-libs/glibc
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.506 2007/03/13 06:09:44 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.507 2007/03/15 16:09:05 kevquinn Exp $
+
+  15 Mar 2007; Kevin F. Quinn <kevquinn@gentoo.org>
+  files/2.5/glibc-2.5-hardened-pie.patch, glibc-2.5-r1.ebuild:
+  Fix 2.5-hardened-pie.spec (bug #170731), and make 2.5-r1 robust against compiler variant.
 
 *glibc-2.5-r1 (13 Mar 2007)
 
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
index 280d6e1bbaf8..46f3de4f7875 100644
--- a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
@@ -11,7 +11,7 @@ Patch by Kevin F. Quinn <kevquinn@gentoo.org>
 -+link = $(CC) -nostdlib -nostartfiles -o $@ \
 ++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
  	      $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- 	      $(combreloc-LDFLAGS) $(relro-LDFLAGS) \
+ 	      $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
 -	      $(addprefix $(csu-objpfx),$(start-installed-name)) \
 +	      $(addprefix $(csu-objpfx),S$(start-installed-name)) \
  	      $(+preinit) $(+prector) \
diff --git a/sys-libs/glibc/glibc-2.5-r1.ebuild b/sys-libs/glibc/glibc-2.5-r1.ebuild
index f065a60e4208..c6db55fceb84 100644
--- a/sys-libs/glibc/glibc-2.5-r1.ebuild
+++ b/sys-libs/glibc/glibc-2.5-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.2 2007/03/13 08:23:22 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5-r1.ebuild,v 1.3 2007/03/15 16:09:05 kevquinn Exp $
 
 # Here's how the cross-compile logic breaks down ...
 #  CTARGET - machine that will target the binaries
@@ -221,12 +221,12 @@ toolchain-glibc_src_unpack() {
 	if use hardened ; then
 		cd "${S}"
 		einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
-		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
+		gcc-specs-pie && epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-pie.patch
 		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-configure-picdefault.patch
 		epatch "${FILESDIR}"/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
 
 		einfo "Installing Hardened Gentoo SSP handler"
-		cp -f "${FILESDIR}"/2.5/glibc-2.4-gentoo-stack_chk_fail.c \
+		cp -f "${FILESDIR}"/2.5/glibc-2.5-gentoo-stack_chk_fail.c \
 			debug/stack_chk_fail.c || die
 
 		if use debug ; then
@@ -724,8 +724,16 @@ setup_flags() {
 	# to the glibc build process. See bug #94325
 	filter-flags -fstack-protector
 
-	# Don't let the compiler automatically build PIEs unless USE=hardened.
-	use hardened || filter-flags -fPIE
+	if use hardened && gcc-specs-pie ; then
+		# Force PIC macro definition for all compilations since they're all
+		# either -fPIC or -fPIE with the default-PIE compiler.
+		append-flags -DPIC
+		export ASFLAGS="${ASFLAGS} -DPIC"
+	else
+		# Don't build -fPIE without the default-PIE compiler and the
+		# hardened-pie patch
+		filter-flags -fPIE
+	fi
 }
 
 check_kheader_version() {
@@ -1081,6 +1089,9 @@ pkg_setup() {
 		eerror "You do not have pax-utils installed."
 		die "install pax-utils"
 	fi
+
+	use hardened && ! gcc-specs-pie && \
+		ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
 }
 
 src_unpack() {