mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-17 18:06:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1596 from flatcar-linux/dongsu/glibc-2.33-r10

Browse Source 
sys-libs/glibc: update to 2.33-r10
This commit is contained in:
Dongsu Park 2022-01-28 16:58:45 +01:00 committed by GitHub
commit 19a486c58d
4 changed files with 151 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
sdk_container/src/third_party/coreos-overlay/changelog/security/2022-01-28-glibc-2.33-r10.md vendored Normal file
View File

@ -0,0 +1 @@
- glibc ([CVE-2021-3998](https://nvd.nist.gov/vuln/detail/CVE-2021-3998), [CVE-2021-3999](https://nvd.nist.gov/vuln/detail/CVE-2021-3999), [CVE-2022-23218](https://nvd.nist.gov/vuln/detail/CVE-2022-23218), [CVE-2022-23219](https://nvd.nist.gov/vuln/detail/CVE-2022-23219))

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest vendored
View File

@ -1,5 +1,5 @@
DIST gcc-multilib-bootstrap-20201208.tar.xz 5528452 BLAKE2B 16699a6e4df5b2f28a21776ae9e3728b26a9ea251f5580aa5349545ad7c9f6145b9cb6a12ca8f5f96b9cb2a3c70b7e66ca702e4c6f083ac00408e0a20a69e613 SHA512 a243f505e17d0a7e144e8713c077582412f61d6cf7f79baa846de4fb77f5e0f27e11c9a785e14624e04ac52287b32164e7995323aa11caef59113ac438254347 DIST gcc-multilib-bootstrap-20201208.tar.xz 5528452 BLAKE2B 16699a6e4df5b2f28a21776ae9e3728b26a9ea251f5580aa5349545ad7c9f6145b9cb6a12ca8f5f96b9cb2a3c70b7e66ca702e4c6f083ac00408e0a20a69e613 SHA512 a243f505e17d0a7e144e8713c077582412f61d6cf7f79baa846de4fb77f5e0f27e11c9a785e14624e04ac52287b32164e7995323aa11caef59113ac438254347
DIST glibc-2.33-patches-6.tar.xz 64632 BLAKE2B f04ca4320d65c8796c67471cb56d3bf002cc34fb6a81075b85948e41c94df46cb2a3a944cced42d6d2c17ffc11e32a9840810864e655cc0fe18e6e0fe9f3c985 SHA512 b95746cd3415ec9ca275e542a2b5fddd5ce5680aa3bda08e94e96cf431191f7488ef6b7999ff0dfaf7405a4212531a75283e9bd7f5ae65bf572912038877a6df DIST glibc-2.33-patches-8.tar.xz 91220 BLAKE2B 1c9aeaf2d3a58e83aec8ea6eb19776dd05e16430f25de675b467ab18d4fb438374254d06b2072b4272d089237e5f11da6d94a84c38f588b79e94e26b650f6faf SHA512 58d3f444c50e64bbf867cbcc38f4281156c7da3878674038674e1c6706b90919468af9fbd424c2dd949bc2d7d6cb36ed7be2120bb957636cad6b76e56eb54031
DIST glibc-2.33.tar.xz 17031280 BLAKE2B 703d12121c1e2c5d9e0c6ba5341f5fb5c4d9111611a83f2360029b5de9c6e5a5611249d1833684a58ed4afdf49cae614365d87ec8721ba0e5d218f593b1f229d SHA512 4cb5777b68b22b746cc51669e0e9282b43c83f6944e42656e6db7195ebb68f2f9260f130fdeb4e3cfc64efae4f58d96c43d388f52be1eb024ca448084684abdb DIST glibc-2.33.tar.xz 17031280 BLAKE2B 703d12121c1e2c5d9e0c6ba5341f5fb5c4d9111611a83f2360029b5de9c6e5a5611249d1833684a58ed4afdf49cae614365d87ec8721ba0e5d218f593b1f229d SHA512 4cb5777b68b22b746cc51669e0e9282b43c83f6944e42656e6db7195ebb68f2f9260f130fdeb4e3cfc64efae4f58d96c43d388f52be1eb024ca448084684abdb
DIST glibc-systemd-20210814.tar.gz 1469 BLAKE2B 10fa7bcb46d4fdce9c0ab353cbd30871e9b09a347a13a9c9a3b5777f931aa3c826c158d2e49532c604d4a834f2fab4089b67495fb88d0398945dc50d45ad9ef1 SHA512 5346a9ea459a1e6ccf665389f2a294de1e16f1e3e05cdf07e3dd99ed0e4f6f8b52cc333d4bff3c75ac90ab6ce70cd4ab2b3e126f920ce7979abd6dda56315efc DIST glibc-systemd-20210814.tar.gz 1469 BLAKE2B 10fa7bcb46d4fdce9c0ab353cbd30871e9b09a347a13a9c9a3b5777f931aa3c826c158d2e49532c604d4a834f2fab4089b67495fb88d0398945dc50d45ad9ef1 SHA512 5346a9ea459a1e6ccf665389f2a294de1e16f1e3e05cdf07e3dd99ed0e4f6f8b52cc333d4bff3c75ac90ab6ce70cd4ab2b3e126f920ce7979abd6dda56315efc
DIST locale-gen-2.10.tar.gz 7747 BLAKE2B 49f569c5ae5260fca128503bc6f22d6f6f1cda817920c41fdadadf1527bbb4f3eb161f79fa729830666a4673e9092f99f4685ec8fcac8ddea0b8242bca9c1f4f SHA512 e350e60d458d67638e3090711fca05af6fafac06c51b97648244549f8a0621dab7543f09dc7ad4c62392f13bdae8e5875dc6d0b6c3d83efc29d116bc2eef92db DIST locale-gen-2.22.tar.gz 7971 BLAKE2B 2dc66fa69bf51799d0c34459b654fba6998b80a7e322e9b670036c967e269ad921f50195e6e34c4a83c1f0bad191fd5aa3f37defb82271b73acbca07b7e49d08 SHA512 9798b10dbbc792345a7b7a121dec5f4bba9839a8aec010f01a09f3402fd5bf2376f79e03a6a19bc357010db780037a8811c381136ce19be1f1370374906dff38

212
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r7.ebuild → sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r10.ebuild vendored
View File

@ -1,9 +1,15 @@
# Copyright 1999-2021 Gentoo Authors # Copyright 1999-2022 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2 # Distributed under the terms of the GNU General Public License v2
EAPI=7 EAPI=7
PYTHON_COMPAT=( python3_{6..10} ) # Bumping notes: https://wiki.gentoo.org/wiki/Project:Toolchain/sys-libs/glibc
# Please read & adapt the page as necessary if obsolete.
# We avoid Python 3.10 here _for now_ (it does work!) to avoid circular dependencies
# on upgrades as people migrate to libxcrypt.
# https://wiki.gentoo.org/wiki/User:Sam/Portage_help/Circular_dependencies#Python_and_libcrypt
PYTHON_COMPAT=( python3_{7,8,9} )
TMPFILES_OPTIONAL=1 TMPFILES_OPTIONAL=1
inherit python-any-r1 prefix preserve-libs toolchain-funcs flag-o-matic gnuconfig \ inherit python-any-r1 prefix preserve-libs toolchain-funcs flag-o-matic gnuconfig \
@ -17,7 +23,7 @@ SLOT="2.2"
EMULTILIB_PKG="true" EMULTILIB_PKG="true"
# Gentoo patchset (ignored for live ebuilds) # Gentoo patchset (ignored for live ebuilds)
PATCH_VER=6 PATCH_VER=8
PATCH_DEV=dilfridge PATCH_DEV=dilfridge
if [[ ${PV} == 9999* ]]; then if [[ ${PV} == 9999* ]]; then
@ -32,7 +38,7 @@ RELEASE_VER=${PV}
GCC_BOOTSTRAP_VER=20201208 GCC_BOOTSTRAP_VER=20201208
LOCALE_GEN_VER=2.10 LOCALE_GEN_VER=2.22
GLIBC_SYSTEMD_VER=20210814 GLIBC_SYSTEMD_VER=20210814
@ -172,6 +178,12 @@ XFAIL_TEST_LIST=(
# https://sourceware.org/PR19329 # https://sourceware.org/PR19329
# https://bugs.gentoo.org/719674#c12 # https://bugs.gentoo.org/719674#c12
tst-stack4 tst-stack4
# The following tests fail only inside portage
# https://bugs.gentoo.org/831267
tst-system
tst-strerror
tst-strsignal
) )
# #
@ -404,6 +416,9 @@ setup_flags() {
# #492892 # #492892
filter-flags -frecord-gcc-switches filter-flags -frecord-gcc-switches
# #829583
filter-lfs-flags
unset CBUILD_OPT CTARGET_OPT unset CBUILD_OPT CTARGET_OPT
if use multilib ; then if use multilib ; then
CTARGET_OPT=$(get_abi_CTARGET) CTARGET_OPT=$(get_abi_CTARGET)
@ -505,14 +520,104 @@ setup_env() {
einfo "Skip CC ABI injection. We can't use (cross-)compiler yet." einfo "Skip CC ABI injection. We can't use (cross-)compiler yet."
return 0 return 0
fi fi
local VAR=CFLAGS_${ABI}
# Glibc does not work with gold (for various reasons) #269274.
tc-ld-disable-gold
if use doc ; then
export MAKEINFO=makeinfo
else
export MAKEINFO=/dev/null
fi
# Reset CC and CXX to the value at start of emerge
export CC=${__ORIG_CC:-${CC:-$(tc-getCC ${CTARGET})}}
export CXX=${__ORIG_CXX:-${CXX:-$(tc-getCXX ${CTARGET})}}
# and make sure __ORIC_CC and __ORIG_CXX is defined now.
export __ORIG_CC=${CC}
export __ORIG_CXX=${CXX}
if tc-is-clang && ! use custom-cflags && ! is_crosscompile ; then
# If we are running in an otherwise clang/llvm environment, we need to
# recover the proper gcc and binutils settings here, at least until glibc
# is finally building with clang. So let's override everything that is
# set in the clang profiles.
# Want to shoot yourself into the foot? Set USE=custom-cflags, that's always
# a good start into that direction.
# Also, if you're crosscompiling, let's assume you know what you are doing.
# Hopefully.
local current_binutils_path=$(binutils-config -B)
local current_gcc_path=$(gcc-config -B)
einfo "Overriding clang configuration, since it won't work here"
export CC="${current_gcc_path}/gcc"
export CXX="${current_gcc_path}/g++"
export LD="${current_binutils_path}/ld.bfd"
export AR="${current_binutils_path}/ar"
export AS="${current_binutils_path}/as"
export NM="${current_binutils_path}/nm"
export STRIP="${current_binutils_path}/strip"
export RANLIB="${current_binutils_path}/ranlib"
export OBJCOPY="${current_binutils_path}/objcopy"
export STRINGS="${current_binutils_path}/strings"
export OBJDUMP="${current_binutils_path}/objdump"
export READELF="${current_binutils_path}/readelf"
export ADDR2LINE="${current_binutils_path}/addr2line"
# do we need to also do flags munging here? yes! at least...
filter-flags '-fuse-ld=*'
filter-flags '-D_FORTIFY_SOURCE=*'
else
# this is the "normal" case
export CC="$(tc-getCC ${CTARGET})"
export CXX="$(tc-getCXX ${CTARGET})"
# Always use tuple-prefixed toolchain. For non-native ABI glibc's configure
# can't detect them automatically due to ${CHOST} mismatch and fallbacks
# to unprefixed tools. Similar to multilib.eclass:multilib_toolchain_setup().
export NM="$(tc-getNM ${CTARGET})"
export READELF="$(tc-getREADELF ${CTARGET})"
fi
# We need to export CFLAGS with abi information in them because glibc's # We need to export CFLAGS with abi information in them because glibc's
# configure script checks CFLAGS for some targets (like mips). Keep # configure script checks CFLAGS for some targets (like mips). Keep
# around the original clean value to avoid appending multiple ABIs on # around the original clean value to avoid appending multiple ABIs on
# top of each other. # top of each other. (Why does the comment talk about CFLAGS if the code
: ${__GLIBC_CC:=$(tc-getCC ${CTARGET})} # acts on CC?)
export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" export __GLIBC_CC=${CC}
einfo " $(printf '%15s' 'Manual CC:') ${CC}" export __GLIBC_CXX=${CXX}
export __abi_CFLAGS="$(get_abi_CFLAGS)"
# CFLAGS can contain ABI-specific flags like -mfpu=neon, see bug #657760
# To build .S (assembly) files with the same ABI-specific flags
# upstream currently recommends adding CFLAGS to CC/CXX:
# https://sourceware.org/PR23273
# Note: Passing CFLAGS via CPPFLAGS overrides glibc's arch-specific CFLAGS
# and breaks multiarch support. See 659030#c3 for an example.
# The glibc configure script doesn't properly use LDFLAGS all the time.
export CC="${__GLIBC_CC} ${__abi_CFLAGS} ${CFLAGS} ${LDFLAGS}"
# Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548
export CXX="${__GLIBC_CXX} ${__abi_CFLAGS} ${CFLAGS}"
if is_crosscompile; then
# Assume worst-case bootstrap: glibc is buil first time
# when ${CTARGET}-g++ is not available yet. We avoid
# building auxiliary programs that require C++: bug #683074
# It should not affect final result.
export libc_cv_cxx_link_ok=no
# The line above has the same effect. We set CXX explicitly
# to make build logs less confusing.
export CXX=
fi
} }
foreach_abi() { foreach_abi() {
@ -713,6 +818,20 @@ sanity_prechecks() {
fi fi
} }
upgrade_warning() {
if [[ ${MERGE_TYPE} != buildonly && -n ${REPLACING_VERSIONS} && -z ${ROOT} ]]; then
local oldv newv=$(ver_cut 1-2 ${PV})
for oldv in ${REPLACING_VERSIONS}; do
if ver_test ${oldv} -lt ${newv}; then
ewarn "After upgrading glibc, please restart all running processes."
ewarn "Be sure to include init (telinit u) or systemd (systemctl daemon-reexec)."
ewarn "Alternatively, reboot your system."
break
fi
done
fi
}
# #
# the phases # the phases
# #
@ -725,6 +844,7 @@ sanity_prechecks() {
pkg_pretend() { pkg_pretend() {
einfo "Flatcar: Skipping sanity_prechecks for binpkg installation. src_unpack will take care of compile-time prechecks." einfo "Flatcar: Skipping sanity_prechecks for binpkg installation. src_unpack will take care of compile-time prechecks."
# sanity_prechecks # sanity_prechecks
upgrade_warning
} }
pkg_setup() { pkg_setup() {
@ -796,61 +916,13 @@ src_prepare() {
} }
glibc_do_configure() { glibc_do_configure() {
# Glibc does not work with gold (for various reasons) #269274.
tc-ld-disable-gold
# CXX isnt handled by the multilib system, so if we dont unset here
# we accumulate crap across abis
unset CXX
einfo "Configuring glibc for nptl"
if use doc ; then
export MAKEINFO=makeinfo
else
export MAKEINFO=/dev/null
fi
local v local v
for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS MAKEINFO NM READELF; do for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC CXX LD {AS,C,CPP,CXX,LD}FLAGS MAKEINFO NM AR AS STRIP RANLIB OBJCOPY STRINGS OBJDUMP READELF; do
einfo " $(printf '%15s' ${v}:) ${!v}" einfo " $(printf '%15s' ${v}:) ${!v}"
done done
# CFLAGS can contain ABI-specific flags like -mfpu=neon, see bug #657760
# To build .S (assembly) files with the same ABI-specific flags
# upstream currently recommends adding CFLAGS to CC/CXX:
# https://sourceware.org/PR23273
# Note: Passing CFLAGS via CPPFLAGS overrides glibc's arch-specific CFLAGS
# and breaks multiarch support. See 659030#c3 for an example.
# The glibc configure script doesn't properly use LDFLAGS all the time.
export CC="$(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS}"
einfo " $(printf '%15s' 'Manual CC:') ${CC}"
# Some of the tests are written in C++, so we need to force our multlib abis in, bug 623548
export CXX="$(tc-getCXX ${CTARGET}) $(get_abi_CFLAGS) ${CFLAGS}"
if is_crosscompile; then
# Assume worst-case bootstrap: glibc is buil first time
# when ${CTARGET}-g++ is not available yet. We avoid
# building auxiliary programs that require C++: bug #683074
# It should not affect final result.
export libc_cv_cxx_link_ok=no
# The line above has the same effect. We set CXX explicitly
# to make build logs less confusing.
export CXX=
fi
einfo " $(printf '%15s' 'Manual CXX:') ${CXX}"
# Always use tuple-prefixed toolchain. For non-native ABI glibc's configure
# can't detect them automatically due to ${CHOST} mismatch and fallbacks
# to unprefixed tools. Similar to multilib.eclass:multilib_toolchain_setup().
export NM="$(tc-getNM ${CTARGET})"
export READELF="$(tc-getREADELF ${CTARGET})"
einfo " $(printf '%15s' 'Manual NM:') ${NM}"
einfo " $(printf '%15s' 'Manual READELF:') ${READELF}"
echo echo
local myconf=() local myconf=()
case ${CTARGET} in case ${CTARGET} in
@ -1189,13 +1261,13 @@ run_locale_gen() {
root="$2" root="$2"
fi fi
local locale_list="${root}/etc/locale.gen" local locale_list="${root%/}/etc/locale.gen"
pushd "${ED}"/$(get_libdir) >/dev/null pushd "${ED}"/$(get_libdir) >/dev/null
if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
[[ -z ${inplace} ]] && ewarn "Generating all locales; edit /etc/locale.gen to save time/space" [[ -z ${inplace} ]] && ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
locale_list="${root}/usr/share/i18n/SUPPORTED" locale_list="${root%/}/usr/share/i18n/SUPPORTED"
fi fi
set -- locale-gen ${inplace} --jobs $(makeopts_jobs) --config "${locale_list}" \ set -- locale-gen ${inplace} --jobs $(makeopts_jobs) --config "${locale_list}" \
@ -1478,6 +1550,12 @@ glibc_sanity_check() {
# (e.g. /var/tmp/portage:${HOSTNAME}) # (e.g. /var/tmp/portage:${HOSTNAME})
pushd "${ED}"/$(get_libdir) >/dev/null pushd "${ED}"/$(get_libdir) >/dev/null
# first let's find the actual dynamic linker here
# symlinks may point to the wrong abi
local newldso=$(find . -maxdepth 1 -name 'ld-*so' -type f -print -quit)
einfo Last-minute run tests with ${newldso} in /$(get_libdir) ...
local x striptest local x striptest
for x in cal date env free ls true uname uptime ; do for x in cal date env free ls true uname uptime ; do
x=$(type -p ${x}) x=$(type -p ${x})
@ -1490,7 +1568,7 @@ glibc_sanity_check() {
# We need to clear the locale settings as the upgrade might want # We need to clear the locale settings as the upgrade might want
# incompatible locale data. This test is not for verifying that. # incompatible locale data. This test is not for verifying that.
LC_ALL=C \ LC_ALL=C \
./ld-*.so --library-path . ${x} > /dev/null \ ${newldso} --library-path . ${x} > /dev/null \
|| die "simple run test (${x}) failed" || die "simple run test (${x}) failed"
done done
@ -1523,10 +1601,9 @@ pkg_preinst() {
# Keep around libcrypt so that Perl doesn't break when merging libxcrypt # Keep around libcrypt so that Perl doesn't break when merging libxcrypt
# (libxcrypt is the new provider for now of libcrypt.so.{1,2}). # (libxcrypt is the new provider for now of libcrypt.so.{1,2}).
# bug #802207 # bug #802207
if ! use crypt && has_version "${CATEGORY}/${PN}[crypt]"; then if ! use crypt && has_version "${CATEGORY}/${PN}[crypt]" && ! has preserve-libs ${FEATURES}; then
PRESERVED_OLD_LIBCRYPT=1 PRESERVED_OLD_LIBCRYPT=1
preserve_old_lib /$(get_libdir)/libcrypt$(get_libname 1) cp -p "${EROOT}/$(get_libdir)/libcrypt$(get_libname 1)" "${T}/libcrypt$(get_libname 1)" || die
cp "${EROOT}"/usr/include/crypt.h "${T}"/crypt.h || die
else else
PRESERVED_OLD_LIBCRYPT=0 PRESERVED_OLD_LIBCRYPT=0
fi fi
@ -1545,6 +1622,8 @@ pkg_postinst() {
use compile-locales || run_locale_gen "${EROOT}/" use compile-locales || run_locale_gen "${EROOT}/"
fi fi
upgrade_warning
# Check for sanity of /etc/nsswitch.conf, take 2 # Check for sanity of /etc/nsswitch.conf, take 2
if [[ -e ${EROOT}/etc/nsswitch.conf ]] && ! has_version sys-auth/libnss-nis ; then if [[ -e ${EROOT}/etc/nsswitch.conf ]] && ! has_version sys-auth/libnss-nis ; then
local entry local entry
@ -1561,10 +1640,11 @@ pkg_postinst() {
fi fi
if [[ ${PRESERVED_OLD_LIBCRYPT} -eq 1 ]] ; then if [[ ${PRESERVED_OLD_LIBCRYPT} -eq 1 ]] ; then
cp -p "${T}/libcrypt$(get_libname 1)" "${EROOT}/$(get_libdir)/libcrypt$(get_libname 1)" || die
preserve_old_lib_notify /$(get_libdir)/libcrypt$(get_libname 1) preserve_old_lib_notify /$(get_libdir)/libcrypt$(get_libname 1)
cp "${T}"/crypt.h "${EROOT}"/usr/include/crypt.h || eerror "Error restoring crypt.h, please file a bug"
elog "Please ignore a possible later error message about a file collision involving" elog "Please ignore a possible later error message about a file collision involving"
elog "/usr/include/crypt.h. We need to preserve this file for the moment to keep" elog "${EROOT}/$(get_libdir)/libcrypt$(get_libname 1). We need to preserve this file for the moment to keep"
elog "the upgrade working, but it also needs to be overwritten when" elog "the upgrade working, but it also needs to be overwritten when"
elog "sys-libs/libxcrypt is installed. See bug 802210 for more details." elog "sys-libs/libxcrypt is installed. See bug 802210 for more details."
fi fi

4
sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml vendored
View File

@ -1,5 +1,5 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata> <pkgmetadata>
<maintainer type="project"> <maintainer type="project">
<email>toolchain@gentoo.org</email> <email>toolchain@gentoo.org</email>
@ -7,6 +7,7 @@
</maintainer> </maintainer>
<use> <use>
<flag name="cet">Enable Intel Control-flow Enforcement Technology (needs binutils 2.29 and gcc 8)</flag> <flag name="cet">Enable Intel Control-flow Enforcement Technology (needs binutils 2.29 and gcc 8)</flag>
<flag name="clone3">Enable the new clone3 syscall within glibc. Can be disabled to allow compatibility with older Electron applications.</flag>
<flag name="compile-locales">build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow</flag> <flag name="compile-locales">build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow</flag>
<flag name="crypt">build and install libcrypt and crypt.h</flag> <flag name="crypt">build and install libcrypt and crypt.h</flag>
<flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag> <flag name="debug">When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL)</flag>
@ -14,7 +15,6 @@
<flag name="multiarch">enable optimizations for multiple CPU architectures (detected at runtime)</flag> <flag name="multiarch">enable optimizations for multiple CPU architectures (detected at runtime)</flag>
<flag name="multilib-bootstrap">Provide prebuilt libgcc.a and crt files if missing. Only needed for ABI switch.</flag> <flag name="multilib-bootstrap">Provide prebuilt libgcc.a and crt files if missing. Only needed for ABI switch.</flag>
<flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag> <flag name="nscd">Build, and enable support for, the Name Service Cache Daemon</flag>
<flag name="rpc">Enable obsolete RPC/NIS layers</flag>
<flag name="ssp">protect stack of glibc internals</flag> <flag name="ssp">protect stack of glibc internals</flag>
<flag name="static-pie">Enable static PIE support (runtime files for -static-pie gcc option).</flag> <flag name="static-pie">Enable static PIE support (runtime files for -static-pie gcc option).</flag>
<flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag> <flag name="suid">Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag>