diff options
| author |   Kevin F. Quinn <kevquinn@gentoo.org> | 2006-12-13 14:10:14 +0000 |
|---|---|---|
| committer | Kevin F. Quinn <kevquinn@gentoo.org> | 2006-12-13 14:10:14 +0000 |
| commit | 8a0620739a3447733f590917656e503c72696077 (patch) | |
| tree | 7e4b1d962239396b118be5c5b91c81f907b26a21 | |
| parent | Fix syntax (diff) | |
| download | kevquinn-8a0620739a3447733f590917656e503c72696077.tar.gz kevquinn-8a0620739a3447733f590917656e503c72696077.tar.bz2 kevquinn-8a0620739a3447733f590917656e503c72696077.zip | |
Update 2.5 with latest 2.4-r4 changes; align both with current CVS.
svn path=/; revision=95
4 files changed, 45 insertions, 32 deletions
diff --git a/hardened/toolchain/sys-libs/glibc/Manifest b/hardened/toolchain/sys-libs/glibc/Manifest index 1cae9e6..124dda6 100644 --- a/hardened/toolchain/sys-libs/glibc/Manifest +++ b/hardened/toolchain/sys-libs/glibc/Manifest @@ -26,7 +26,7 @@ AUX nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc SHA1 42f7f MD5 8d58079469aedb014a800101ef60558f files/nsswitch.conf 503 RMD160 f375f92f6b41029c93382c39cef896261b140cfc files/nsswitch.conf 503 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d files/nsswitch.conf 503 -DIST glibc-2.4-patches-1.18.tar.bz2 182654 RMD160 e771863c12801003abfdca0db573f5cab5ed2120 SHA1 6ad56f8f624a20505484f5d296e4d2879797bd3c SHA256 66a442499adab51728ad5a72bb776c087b4a0257d03d4aad2febf57aed1f45fe +DIST glibc-2.4-patches-1.19.tar.bz2 132880 RMD160 6df74db9b9e85220fba82658036ced5cdc16ae28 SHA1 b42dfd587fdf4df58c5f95853fc3dc4f8f51bee7 SHA256 9ec4cd3df3b8e7f294b3c93138d2f0fd7e8213b4981cfcc9cb58c25f934a23fa DIST glibc-2.4.tar.bz2 15202445 RMD160 ee2712a0e6fab8e086958c1f23221f8d07af3de1 SHA1 35c636e4b474cda0f06e361d5e9caec092fd73d3 SHA256 27aaaaa78b4ab5da76bb29385dc9be087ba7b855a9102eaaa78ce3ec5e2e7fcd DIST glibc-2.5-patches-1.3.tar.bz2 173857 RMD160 3e4dc97f1ec57177084937ce85895efd225e859d SHA1 046b7077544bc2a4155c7ecacfa7b93418ce45be SHA256 ab6deb5ed782551651931381334486feb829f19ae395374c1961f1e9be10130c DIST glibc-2.5.tar.bz2 15321839 RMD160 25a0a460c0db1e5b7c570e5087461696f2096fd2 SHA1 ec9a007c4875062099a4701ac9137fcdb5a71447 SHA256 9b2e12bb1eafb55ab2e5a868532b8e6ec39216c66c25b8998d7474bc4d4eb529 @@ -37,17 +37,17 @@ DIST glibc-linuxthreads-20060605.tar.bz2 247200 RMD160 aaa0a150eec4d63787f86ae04 DIST glibc-ports-2.4.tar.bz2 381472 RMD160 72987098f9fbd5a1ad617bf2136081c0db80a429 SHA1 8b4d93bfbcd5b6a36e09ff08fe0c2a08adc1b886 SHA256 2fbbcaad8a9f8560485c398a9066959fe2713c8bc7e653ec476fb56fed21d19a DIST glibc-ports-2.5.tar.bz2 409372 RMD160 e7e29df135a5f0f72760d10e5ad46de038e40725 SHA1 7da6257e641759ed29c4d316700fce6f604bc812 SHA256 80c38a005325e7539012bd665fb8e06af9ee9bfc74efb236ebff121265bfd463 DIST glibc-powerpc-cpu-addon-v0.01.tgz 22422 RMD160 3483c94ec55819b36aa66fc60462317f8d15e4df SHA1 fd30cde7c7cb42baa2c8fa1ac88eeeeb509cac29 SHA256 0ffa9a432fffb9bfed99c529b631a27534ba848c7ec1d707732338b73a4a8ce9 -EBUILD glibc-2.4-r4.ebuild 40629 RMD160 781afa8ddccb16687ebff1017bf06b2c66139e9b SHA1 16fcda58207f8a6c3d794102b2d32e254fb1ee96 SHA256 d221fbb5ee9a691dcad474666f1f4c3d844b7177597999a68d9425877b28741b -MD5 4aa28812ac767b1dd6be1e449b580ff0 glibc-2.4-r4.ebuild 40629 -RMD160 781afa8ddccb16687ebff1017bf06b2c66139e9b glibc-2.4-r4.ebuild 40629 -SHA256 d221fbb5ee9a691dcad474666f1f4c3d844b7177597999a68d9425877b28741b glibc-2.4-r4.ebuild 40629 -EBUILD glibc-2.5.ebuild 38305 RMD160 662330fc55286b0d197d1db85343456a28491b6a SHA1 e25c19bf2563c608fcfb19fe105662c4c2205ff9 SHA256 44f82cca58bea74a7d98a9b1e0ebc1e036df055af2a9be1e5003f2fbba233169 -MD5 f9765c6a671b658b96e77bb2acb44bd8 glibc-2.5.ebuild 38305 -RMD160 662330fc55286b0d197d1db85343456a28491b6a glibc-2.5.ebuild 38305 -SHA256 44f82cca58bea74a7d98a9b1e0ebc1e036df055af2a9be1e5003f2fbba233169 glibc-2.5.ebuild 38305 -MD5 3b44421b94377c2d6b90dc7f94b2d7c3 files/digest-glibc-2.4-r4 1575 -RMD160 d08695833040cbf0ab8f4e758a58e6bbe732f448 files/digest-glibc-2.4-r4 1575 -SHA256 4b956bd1ea1b389aabbedbfb44ad40e73996025b7e484a4af575bbcdedbacf0f files/digest-glibc-2.4-r4 1575 +EBUILD glibc-2.4-r4.ebuild 40779 RMD160 1088ef4ed62533229df54716fd28a8f063c00121 SHA1 3d446b4d0298c921b2201db23cae3c1b8930d6d7 SHA256 def1ba9bc54cc91dc610766815e1e13c3066c9b5ed0aff59a3e3b763f625d578 +MD5 a2d85053c5c3597de1eb5ebac86db26b glibc-2.4-r4.ebuild 40779 +RMD160 1088ef4ed62533229df54716fd28a8f063c00121 glibc-2.4-r4.ebuild 40779 +SHA256 def1ba9bc54cc91dc610766815e1e13c3066c9b5ed0aff59a3e3b763f625d578 glibc-2.4-r4.ebuild 40779 +EBUILD glibc-2.5.ebuild 38943 RMD160 85a02bbceae516710abc2a75c69a9c138c8e91f8 SHA1 18142de982f69ff2c2b9d0d6eb7453ce55c9944e SHA256 085a9e0e25fe041ccb18fca6f9f151e4d54db02870fa2b8faa1b961ffa867c2b +MD5 24d5b6ce8c83cc156cc7daf63cf27b96 glibc-2.5.ebuild 38943 +RMD160 85a02bbceae516710abc2a75c69a9c138c8e91f8 glibc-2.5.ebuild 38943 +SHA256 085a9e0e25fe041ccb18fca6f9f151e4d54db02870fa2b8faa1b961ffa867c2b glibc-2.5.ebuild 38943 +MD5 e6c60ddb8b06199242d294f97f01c574 files/digest-glibc-2.4-r4 1575 +RMD160 49ff56b0209067c5313646df281c408956cdaa92 files/digest-glibc-2.4-r4 1575 +SHA256 a49f96d87bda9dfbe73ac717c2a1dea7b4715c9c2e6031f404e3d7ee1209efea files/digest-glibc-2.4-r4 1575 MD5 0ef85c335e10127d3e21077ab8034f12 files/digest-glibc-2.5 1280 RMD160 34e5f2b01652b2ae928c40fefe948ff971bb7851 files/digest-glibc-2.5 1280 SHA256 f65c057f070beb912fdc31c87bdec28342093306c3387f73aa831178e3a8d875 files/digest-glibc-2.5 1280 diff --git a/hardened/toolchain/sys-libs/glibc/files/digest-glibc-2.4-r4 b/hardened/toolchain/sys-libs/glibc/files/digest-glibc-2.4-r4 index 06339b8..924d433 100644 --- a/hardened/toolchain/sys-libs/glibc/files/digest-glibc-2.4-r4 +++ b/hardened/toolchain/sys-libs/glibc/files/digest-glibc-2.4-r4 @@ -1,6 +1,6 @@ -MD5 52a83f1344380baf5c0215477ee784e2 glibc-2.4-patches-1.18.tar.bz2 182654 -RMD160 e771863c12801003abfdca0db573f5cab5ed2120 glibc-2.4-patches-1.18.tar.bz2 182654 -SHA256 66a442499adab51728ad5a72bb776c087b4a0257d03d4aad2febf57aed1f45fe glibc-2.4-patches-1.18.tar.bz2 182654 +MD5 a219615c811cb21a1a489d0d2bc94b3a glibc-2.4-patches-1.19.tar.bz2 132880 +RMD160 6df74db9b9e85220fba82658036ced5cdc16ae28 glibc-2.4-patches-1.19.tar.bz2 132880 +SHA256 9ec4cd3df3b8e7f294b3c93138d2f0fd7e8213b4981cfcc9cb58c25f934a23fa glibc-2.4-patches-1.19.tar.bz2 132880 MD5 7e9a88dcd41fbc53801dbe5bdacaf245 glibc-2.4.tar.bz2 15202445 RMD160 ee2712a0e6fab8e086958c1f23221f8d07af3de1 glibc-2.4.tar.bz2 15202445 SHA256 27aaaaa78b4ab5da76bb29385dc9be087ba7b855a9102eaaa78ce3ec5e2e7fcd glibc-2.4.tar.bz2 15202445 diff --git a/hardened/toolchain/sys-libs/glibc/glibc-2.4-r4.ebuild b/hardened/toolchain/sys-libs/glibc/glibc-2.4-r4.ebuild index a601bb5..95e296b 100644 --- a/hardened/toolchain/sys-libs/glibc/glibc-2.4-r4.ebuild +++ b/hardened/toolchain/sys-libs/glibc/glibc-2.4-r4.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.4-r4.ebuild,v 1.14 2006/11/26 16:26:33 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.4-r4.ebuild,v 1.15 2006/12/03 06:45:05 vapier Exp $ # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -27,7 +27,7 @@ GLIBC_MANPAGE_VERSION="none" GLIBC_INFOPAGE_VERSION="none" # Gentoo patchset -PATCH_VER="1.18" +PATCH_VER="1.19" # PPC cpu addon # http://penguinppc.org/dev/glibc/glibc-powerpc-cpu-addon.html @@ -244,6 +244,9 @@ toolchain-glibc_src_unpack() { ${S}/debug/stack_chk_fail.c if use debug; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ ${S}/debug/Makefile || die "Failed to modify debug/Makefile for debug stack handler" @@ -309,8 +312,9 @@ toolchain-glibc_headers_compile() { toolchain-glibc_src_test() { cd "${WORKDIR}"/build-${ABI}-${CTARGET}-$1 || die "cd build-${ABI}-${CTARGET}-$1" - gcc-specs-now && append-flags "-nonow" unset LD_ASSUME_KERNEL + # Don't force bind-now on test programs (some test that lazy binding works) + gcc-specs-now && append-ldflags "-nonow" make check || ewarn "make check failed for ${ABI}-${CTARGET}-$1" } @@ -1151,8 +1155,6 @@ src_unpack() { # fi # fi # cat "${T}"/.ssp.compat - # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis. # Glibc is stupid sometimes, and doesn't realize that with a # static C-Only gcc, -lgcc_eh doesn't exist. diff --git a/hardened/toolchain/sys-libs/glibc/glibc-2.5.ebuild b/hardened/toolchain/sys-libs/glibc/glibc-2.5.ebuild index 8dbe353..43e1bb6 100644 --- a/hardened/toolchain/sys-libs/glibc/glibc-2.5.ebuild +++ b/hardened/toolchain/sys-libs/glibc/glibc-2.5.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.16 2006/11/26 16:26:33 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.5.ebuild,v 1.17 2006/12/03 19:54:20 vapier Exp $ # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -16,7 +16,7 @@ # CHOST = CTARGET - install into / # CHOST != CTARGET - install into /usr/CTARGET/ -KEYWORDS="-* ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~x86" +KEYWORDS="-* ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sh ~x86" BRANCH_UPDATE="" @@ -39,7 +39,7 @@ DESCRIPTION="GNU libc6 (also called glibc2) C library" HOMEPAGE="http://www.gnu.org/software/libc/libc.html" LICENSE="LGPL-2" -IUSE="nls build nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20" +IUSE="nls build nptl nptlonly hardened multilib selinux glibc-omitfp profile glibc-compat20 debug" export CBUILD=${CBUILD:-${CHOST}} export CTARGET=${CTARGET:-${CHOST}} @@ -218,21 +218,32 @@ toolchain-glibc_src_unpack() { echo "Gentoo patchset ${PATCH_VER}" > csu/Banner fi - einfo "Patching to make test failures clear" + einfo "Patching to make test failures clear, and to run all of them." epatch ${FILESDIR}/2.4/glibc-2.4-testfailobvious.patch if use hardened; then - einfo "Installing Gentoo SSP handler" + einfo "Installing Hardened Gentoo SSP handler" cp -f ${FILESDIR}/2.4/glibc-2.4-gentoo-stack_chk_fail.c \ ${S}/debug/stack_chk_fail.c + if use debug; then + # When using Hardened Gentoo stack handler, have smashes dump core for + # analysis - debug only, as core could be an information leak + # (paranoia). + sed -i -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ + ${S}/debug/Makefile || + die "Failed to modify debug/Makefile for debug stack handler" + fi + # Build nscd with ssp-all sed -e -i 's:-fstack-protector$:-fstack-protector-all:' ${S}/nscd/Makefile # Modify static binaries (sln, ldconfig) to use the PIE startfiles. - # If building with a non-PIE compiler, must to build glibc non-PIE, - # regardless of USE=hardened, otherwise you get broken static - # binaries. + # Requires a hardened-pie compiler. If USE=hardened is not set, + # we consider that the user does not really want PIE objects in + # libc.a; we filter PIE in setup_flags and apply this patch + # conditional on USE=hardened. An unconditional patch would be + # significantly more complex, so it's easier to maintain like this. gcc-specs-pie && epatch ${FILESDIR}/2.4/glibc-2.4-hardened-pie.patch fi @@ -288,7 +299,7 @@ toolchain-glibc_headers_compile() { toolchain-glibc_src_test() { cd "${WORKDIR}"/build-${ABI}-${CTARGET}-$1 || die "cd build-${ABI}-${CTARGET}-$1" unset LD_ASSUME_KERNEL - # Don't force bind-now on test programs (some test that lazy binding workds) + # Don't force bind-now on test programs (some test that lazy binding works) gcc-specs-now && append-ldflags "-nonow" make check || ewarn "make check failed for ${ABI}-${CTARGET}-$1" } @@ -705,9 +716,6 @@ setup_flags() { append-flags -finline-limit=2000 fi -# # We dont want these flags for glibc -# filter-ldflags -pie - # Lock glibc at -O2 -- linuxthreads needs it and we want to be # conservative here. -fno-strict-aliasing is to work around #155906 filter-flags -O? @@ -717,6 +725,9 @@ setup_flags() { # due to __stack_chk_fail_local which would mean significant changes # to the glibc build process. See bug #94325 filter-flags -fstack-protector + + # Don't let the compiler automatically build PIEs unless USE=hardened. + use hardened || filter-flags -fPIE } check_kheader_version() { |