From 1550d10e5a680cfed88114df949eed3c6fa2b1c3 Mon Sep 17 00:00:00 2001 From: Magnus Granberg Date: Wed, 5 Mar 2014 19:25:54 +0000 Subject: Update picdefault patch for glibc 2.19 #503088 (Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key FD79807F) --- sys-libs/glibc/ChangeLog | 6 ++++- .../glibc-2.19-hardened-configure-picdefault.patch | 30 ++++++++++++++++++++++ sys-libs/glibc/glibc-2.19.ebuild | 4 +-- 3 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch (limited to 'sys-libs/glibc') diff --git a/sys-libs/glibc/ChangeLog b/sys-libs/glibc/ChangeLog index d7cdec70908b..055d842f1a75 100644 --- a/sys-libs/glibc/ChangeLog +++ b/sys-libs/glibc/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-libs/glibc # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.981 2014/02/08 14:59:42 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/ChangeLog,v 1.982 2014/03/05 19:25:54 zorry Exp $ + + 05 Mar 2014; Magnus Granberg glibc-2.19.ebuild, + +files/2.19/glibc-2.19-hardened-configure-picdefault.patch: + Update picdefault patch for glibc 2.19 #503088 *glibc-2.19 (08 Feb 2014) diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch new file mode 100644 index 000000000000..341d8c5028e1 --- /dev/null +++ b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch @@ -0,0 +1,30 @@ +Prevent default-fPIE from confusing configure into thinking +PIC code is default. This causes glibc to build both PIC and +non-PIC code as normal, which on the hardened compiler generates +PIC and PIE. + +Patch by Kevin F. Quinn +Fixed for glibc 2.19 by Magnus Granberg + +--- configure.ac ++++ configure.ac +@@ -2145,7 +2145,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then + libc_cv_pic_default=no + fi + rm -f conftest.*]) +--- configure ++++ configure +@@ -7698,7 +7698,7 @@ + # error PIC is default. + #endif + EOF +-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then ++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then + libc_cv_pic_default=no + fi + rm -f conftest.* diff --git a/sys-libs/glibc/glibc-2.19.ebuild b/sys-libs/glibc/glibc-2.19.ebuild index 2d64f6141828..824fea023ffe 100644 --- a/sys-libs/glibc/glibc-2.19.ebuild +++ b/sys-libs/glibc/glibc-2.19.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.19.ebuild,v 1.1 2014/02/08 14:59:42 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.19.ebuild,v 1.2 2014/03/05 19:25:54 zorry Exp $ inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing @@ -160,7 +160,7 @@ eblit-src_unpack-post() { cd "${S}" einfo "Patching to get working PIE binaries on PIE (hardened) platforms" gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch + epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" -- cgit v1.2.3-65-gdbad