diff --git a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-20.10.ebuild b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-20.10.ebuild index bca1033ac0..f74efd1bc8 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-20.10.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-torcx/docker/docker-20.10.ebuild @@ -16,7 +16,7 @@ RDEPEND=" ~app-emulation/containerd-1.6.8 ~app-emulation/docker-proxy-0.8.0_p20210525 ~app-emulation/docker-runc-1.1.3 - =dev-libs/libltdl-2.4.6 + =dev-libs/libltdl-2.4.7 ~sys-process/tini-0.19.0 " diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-lang/perl b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-lang/perl deleted file mode 100644 index 38d1bf6f8d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/dev-lang/perl +++ /dev/null @@ -1,5 +0,0 @@ -if [[ ${EBUILD_PHASE} == configure ]]; then - if tc-is-cross-compiler; then - append-cflags "-fwrapv -fno-strict-aliasing" - fi -fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/flex b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/flex deleted file mode 100644 index bfea8f4030..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/flex +++ /dev/null @@ -1 +0,0 @@ -export EXTRA_ECONF="--disable-bootstrap" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/gettext b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/gettext deleted file mode 100644 index 7495dea677..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/gettext +++ /dev/null @@ -1 +0,0 @@ -EXTRA_ECONF="--with-libncurses-prefix=${ROOT}usr --with-libxml2-prefix=${ROOT}usr" diff --git a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/libtool b/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/libtool deleted file mode 100644 index 47d205fa5f..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/coreos/config/env/sys-devel/libtool +++ /dev/null @@ -1,4 +0,0 @@ -# Remove the *.la masking since libtool's autoconf detection code -# relies on its existence. -INSTALL_MASK=${INSTALL_MASK/\/usr\/lib\*\/\*.la} -PKG_INSTALL_MASK=${PKG_INSTALL_MASK/\/usr\/lib\*\/\*.la} diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use.mask deleted file mode 100644 index 91f11200ab..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.use.mask +++ /dev/null @@ -1,2 +0,0 @@ -# This fails from -Werror=implicit-fallthrough, and it's disabled in the SDK. -sys-devel/gcc sanitize diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index fd1b12628b..094a082988 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -26,15 +26,6 @@ # keywords for wget 1.21.2. =net-misc/wget-1.21.2 ~amd64 ~arm64 -# Upgrade to GCC 10.3.0 to support latest glibc builds -=sys-devel/binutils-2.37_p1 ~amd64 ~arm64 -=sys-libs/binutils-libs-2.37_p1 ~amd64 ~arm64 -# This needs to be kept in-sync otherwise dev container contains -# different binutils than was used by crossdev to build kernel -# which breaks kmod builds -=cross-x86_64-cros-linux-gnu/binutils-2.37_p1 ~amd64 -=cross-aarch64-cros-linux-gnu/binutils-2.37_p1 ~arm64 - =sys-fs/cryptsetup-2.4.1-r1 ~amd64 ~arm64 =sys-libs/libseccomp-2.5.0 ~amd64 ~arm64 @@ -51,7 +42,6 @@ # Required for some CVEs =app-editors/vim-8.2.5066-r1 ~amd64 ~arm64 =app-editors/vim-core-8.2.5066-r1 ~amd64 ~arm64 -=sys-libs/zlib-1.2.12-r2 ~amd64 ~arm64 # Duktape is not yet stable =dev-lang/duktape-2.7.0-r1 ~amd64 ~arm64 @@ -71,3 +61,6 @@ # Required for CVE-2022-27239, CVE-2022-29869 =net-fs/cifs-utils-6.15 ~amd64 ~arm64 + +# Required to fix toolchains build during fsscript in stage 4 of SDK build. +=sys-devel/crossdev-20220709 ~amd64 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use.mask b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use.mask index 8e6ec6044f..811692a9e5 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use.mask +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use.mask @@ -1,6 +1,2 @@ # Allow smartcard support in the SDK for image signing app-crypt/gnupg -smartcard - -# hardened and sanitize are masked for arm64, cross compilers should agree -cross-aarch64-cros-linux-gnu/gcc hardened sanitize -cross-aarch64-cros-linux-gnu/glibc hardened diff --git a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r4.ebuild index f1c75c95f1..03d0a0476a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r4.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-auth/sssd/sssd-2.3.1-r4.ebuild @@ -226,6 +226,9 @@ multilib_src_configure() { ) fi + # Flatcar: Apparently CPP is undefined, which breaks samba + # version detection. + tc-export CPP econf "${myconf[@]}" } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/Manifest new file mode 100644 index 0000000000..f9cbb5a172 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/Manifest @@ -0,0 +1,2 @@ +DIST make-4.3.tar.gz 2317073 BLAKE2B 5a82ce1f30eb034366ac3b87d2ec6698aae17d7b1a611941cf42136b2453b34236ab55382eab0a593c43cee8b036ba4a054f966c41ba766fdbd2862942be5dff SHA512 9a1185cc468368f4ec06478b1cfa343bf90b5cd7c92c0536567db0315b0ee909af53ecce3d44cfd93dd137dbca1ed13af5713e8663590c4fdd21ea635d78496b +DIST make-4.3.tar.gz.sig 566 BLAKE2B 75bf71602e60f97ec8efa81676329047746d960257ef310b89a059144c00628b6a1ddf7a16a2ac2c3e935b8591475f5043a7c7546668ab39abbc4717c75a6528 SHA512 bf13e2943593b153457c8111179e8ae11cef2d9185a986106a1e70946a260bd930505a5e10002c5a60888e11affc07713c367b8680fd511ad87b2e124d303a99 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/README.md b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/README.md new file mode 100644 index 0000000000..6eed06d4d8 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/README.md @@ -0,0 +1,2 @@ +We forked this package to carry a patch that we will try to upstream +to both GNU Make and to Gentoo. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-3.82-darwin-library_search-dylib.patch b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-3.82-darwin-library_search-dylib.patch new file mode 100644 index 0000000000..743583b5a0 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-3.82-darwin-library_search-dylib.patch @@ -0,0 +1,17 @@ +Fixed default libpatttern on Darwin, imported from prefix overlay. +Got merged upstream: +https://savannah.gnu.org/bugs/?37197 +--- a/src/default.c ++++ b/src/default.c +@@ -509,7 +509,11 @@ + #ifdef __MSDOS__ + ".LIBPATTERNS", "lib%.a $(DJDIR)/lib/lib%.a", + #else ++#ifdef __APPLE__ ++ ".LIBPATTERNS", "lib%.dylib lib%.a", ++#else + ".LIBPATTERNS", "lib%.so lib%.a", ++#endif + #endif + #endif + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.2-default-cxx.patch b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.2-default-cxx.patch new file mode 100644 index 0000000000..39e3ee0dd9 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.2-default-cxx.patch @@ -0,0 +1,11 @@ +--- a/src/default.c ++++ b/src/default.c +@@ -530,7 +530,7 @@ static const char *default_variables[] = + "OBJC", "gcc", + #else + "CC", "cc", +- "CXX", "g++", ++ "CXX", "c++", + "OBJC", "cc", + #endif + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.3-handle-tmpfile-fail.patch b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.3-handle-tmpfile-fail.patch new file mode 100644 index 0000000000..340b744673 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/files/make-4.3-handle-tmpfile-fail.patch @@ -0,0 +1,23 @@ +diff -u -r make-4.3/src/output.c make-4.3-fix/src/output.c +--- make-4.3/src/output.c 2020-01-03 07:11:27.000000000 -0000 ++++ make-4.3-fix/src/output.c 2022-08-17 07:35:01.473471281 -0000 +@@ -286,15 +286,16 @@ + FILE *tfile = tmpfile (); + + if (! tfile) +- pfatal_with_name ("tmpfile"); ++ return -1; + + /* Create a duplicate so we can close the stream. */ + fd = dup (fileno (tfile)); +- if (fd < 0) +- pfatal_with_name ("dup"); + + fclose (tfile); + ++ if (fd < 0) ++ return -1; ++ + set_append_mode (fd); + + umask (mask); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/make-4.3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/make-4.3.ebuild new file mode 100644 index 0000000000..533a77aceb --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/make-4.3.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2022 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/make.asc +inherit flag-o-matic verify-sig + +DESCRIPTION="Standard tool to compile source trees" +HOMEPAGE="https://www.gnu.org/software/make/make.html" +if [[ "$(ver_cut 3)" -ge 90 ]] ; then + SRC_URI="https://alpha.gnu.org/gnu//make/${P}.tar.gz" + SRC_URI+=" verify-sig? ( https://alpha.gnu.org/gnu//make/${P}.tar.gz.sig )" +else + SRC_URI="mirror://gnu//make/${P}.tar.gz" + SRC_URI+=" verify-sig? ( mirror://gnu//make/${P}.tar.gz.sig )" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +fi + +LICENSE="GPL-3+" +SLOT="0" +IUSE="guile nls static" + +DEPEND="guile? ( >=dev-scheme/guile-1.8:= )" +BDEPEND="nls? ( sys-devel/gettext ) + verify-sig? ( sec-keys/openpgp-keys-make )" +RDEPEND="${DEPEND} + nls? ( virtual/libintl )" + +PATCHES=( + "${FILESDIR}"/${PN}-3.82-darwin-library_search-dylib.patch + "${FILESDIR}"/${PN}-4.2-default-cxx.patch + "${FILESDIR}"/${PN}-4.3-handle-tmpfile-fail.patch +) + +src_configure() { + use static && append-ldflags -static + local myeconfargs=( + --program-prefix=g + $(use_with guile) + $(use_enable nls) + ) + econf "${myeconfargs[@]}" +} + +src_install() { + emake DESTDIR="${D}" install + dodoc AUTHORS NEWS README* + if [[ ${USERLAND} == "GNU" ]] ; then + # we install everywhere as 'gmake' but on GNU systems, + # symlink 'make' to 'gmake' + dosym gmake /usr/bin/make + dosym gmake.1 /usr/share/man/man1/make.1 + fi +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-devel/make/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/metadata.xml new file mode 100644 index 0000000000..1e62dd9102 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-devel/make/metadata.xml @@ -0,0 +1,11 @@ + + + + + base-system@gentoo.org + Gentoo Base System + + + cpe:/a:gnu:make + + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest index 2127377bbc..306e9e4f39 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest @@ -1,5 +1,5 @@ DIST gcc-multilib-bootstrap-20201208.tar.xz 5528452 BLAKE2B 16699a6e4df5b2f28a21776ae9e3728b26a9ea251f5580aa5349545ad7c9f6145b9cb6a12ca8f5f96b9cb2a3c70b7e66ca702e4c6f083ac00408e0a20a69e613 SHA512 a243f505e17d0a7e144e8713c077582412f61d6cf7f79baa846de4fb77f5e0f27e11c9a785e14624e04ac52287b32164e7995323aa11caef59113ac438254347 -DIST glibc-2.33-patches-8.tar.xz 91220 BLAKE2B 1c9aeaf2d3a58e83aec8ea6eb19776dd05e16430f25de675b467ab18d4fb438374254d06b2072b4272d089237e5f11da6d94a84c38f588b79e94e26b650f6faf SHA512 58d3f444c50e64bbf867cbcc38f4281156c7da3878674038674e1c6706b90919468af9fbd424c2dd949bc2d7d6cb36ed7be2120bb957636cad6b76e56eb54031 +DIST glibc-2.33-patches-11.tar.xz 143916 BLAKE2B ac13b3ccf9681bb6d3c35ecc33e268ea3f67c1809f916019e692dc83e3ce809402a45548da5ca6c7c30d2a45a2638f9fa4254c0355bd4c53bdb216f17aa4e28b SHA512 0ee1dfcf9574543d49ab4fbfe53571258422b6e82b9d12a33e411cee7e517821a4c45c24962b5120783a4efc898afdfa170d33486cc74d94c526bdd14cc84300 DIST glibc-2.33.tar.xz 17031280 BLAKE2B 703d12121c1e2c5d9e0c6ba5341f5fb5c4d9111611a83f2360029b5de9c6e5a5611249d1833684a58ed4afdf49cae614365d87ec8721ba0e5d218f593b1f229d SHA512 4cb5777b68b22b746cc51669e0e9282b43c83f6944e42656e6db7195ebb68f2f9260f130fdeb4e3cfc64efae4f58d96c43d388f52be1eb024ca448084684abdb DIST glibc-systemd-20210814.tar.gz 1469 BLAKE2B 10fa7bcb46d4fdce9c0ab353cbd30871e9b09a347a13a9c9a3b5777f931aa3c826c158d2e49532c604d4a834f2fab4089b67495fb88d0398945dc50d45ad9ef1 SHA512 5346a9ea459a1e6ccf665389f2a294de1e16f1e3e05cdf07e3dd99ed0e4f6f8b52cc333d4bff3c75ac90ab6ce70cd4ab2b3e126f920ce7979abd6dda56315efc DIST locale-gen-2.22.tar.gz 7971 BLAKE2B 2dc66fa69bf51799d0c34459b654fba6998b80a7e322e9b670036c967e269ad921f50195e6e34c4a83c1f0bad191fd5aa3f37defb82271b73acbca07b7e49d08 SHA512 9798b10dbbc792345a7b7a121dec5f4bba9839a8aec010f01a09f3402fd5bf2376f79e03a6a19bc357010db780037a8811c381136ce19be1f1370374906dff38 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r10.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r14.ebuild similarity index 97% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r10.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r14.ebuild index 0a9c733319..421f7ec0c3 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r10.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.33-r14.ebuild @@ -9,7 +9,7 @@ EAPI=7 # We avoid Python 3.10 here _for now_ (it does work!) to avoid circular dependencies # on upgrades as people migrate to libxcrypt. # https://wiki.gentoo.org/wiki/User:Sam/Portage_help/Circular_dependencies#Python_and_libcrypt -PYTHON_COMPAT=( python3_{7,8,9} ) +PYTHON_COMPAT=( python3_{8,9} ) TMPFILES_OPTIONAL=1 inherit python-any-r1 prefix preserve-libs toolchain-funcs flag-o-matic gnuconfig \ @@ -23,13 +23,13 @@ SLOT="2.2" EMULTILIB_PKG="true" # Gentoo patchset (ignored for live ebuilds) -PATCH_VER=8 +PATCH_VER=11 PATCH_DEV=dilfridge if [[ ${PV} == 9999* ]]; then inherit git-r3 else - KEYWORDS="~alpha amd64 ~arm arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86" + KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86" SRC_URI="mirror://gnu/glibc/${P}.tar.xz" SRC_URI+=" https://dev.gentoo.org/~${PATCH_DEV}/distfiles/${P}-patches-${PATCH_VER}.tar.xz" fi @@ -438,33 +438,6 @@ setup_flags() { filter-flags '-fstack-protector*' } -want_tls() { - # Archs that can use TLS (Thread Local Storage) - case $(tc-arch) in - x86) - # requires i486 or better #106556 - [[ ${CTARGET} == i[4567]86* ]] && return 0 - return 1 - ;; - esac - return 0 -} - -want__thread() { - want_tls || return 1 - - # For some reason --with-tls --with__thread is causing segfaults on sparc32. - [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 - - [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} - - # only test gcc -- can't test linking yet - tc-has-tls -c ${CTARGET} - WANT__THREAD=$? - - return ${WANT__THREAD} -} - use_multiarch() { # Allow user to disable runtime arch detection in multilib. use multiarch || return 1 @@ -783,14 +756,6 @@ sanity_prechecks() { # When we actually have to compile something... if ! just_headers && [[ ${MERGE_TYPE} != "binary" ]] ; then - ebegin "Checking gcc for __thread support" - if ! eend $(want__thread ; echo $?) ; then - echo - eerror "Could not find a gcc that supports the __thread directive!" - eerror "Please update your binutils/gcc and try again." - die "No __thread support in gcc!" - fi - if [[ ${CTARGET} == *-linux* ]] ; then local run_kv build_kv want_kv @@ -1168,6 +1133,7 @@ glibc_headers_configure() { --host=${CTARGET_OPT:-${CTARGET}} --with-headers=$(build_eprefix)$(alt_build_headers) --prefix="$(host_eprefix)/usr" + $(use_enable crypt) ${EXTRA_ECONF} ) @@ -1628,7 +1594,7 @@ pkg_postinst() { if [[ -e ${EROOT}/etc/nsswitch.conf ]] && ! has_version sys-auth/libnss-nis ; then local entry for entry in passwd group shadow; do - if egrep -q "^[ \t]*${entry}:.*nis" "${EROOT}"/etc/nsswitch.conf; then + if grep -E -q "^[ \t]*${entry}:.*nis" "${EROOT}"/etc/nsswitch.conf; then ewarn "" ewarn "Your ${EROOT}/etc/nsswitch.conf uses NIS. Support for that has been" ewarn "removed from glibc and is now provided by the package" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml index 613e58eff7..eb25b52087 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml @@ -1,26 +1,28 @@ - - toolchain@gentoo.org - Gentoo Toolchain Project - - - Enable Intel Control-flow Enforcement Technology (needs binutils 2.29 and gcc 8) - Enable the new clone3 syscall within glibc. Can be disabled to allow compatibility with older Electron applications. - build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow - build and install libcrypt and crypt.h - When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL) - build memusage and memusagestat tools - enable optimizations for multiple CPU architectures (detected at runtime) - Provide prebuilt libgcc.a and crt files if missing. Only needed for ABI switch. - Build, and enable support for, the Name Service Cache Daemon - protect stack of glibc internals - Enable static PIE support (runtime files for -static-pie gcc option). - Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5 - enable systemtap static probe points - - - cpe:/a:gnu:glibc - + + toolchain@gentoo.org + Gentoo Toolchain Project + + + Enable Intel Control-flow Enforcement Technology (needs binutils 2.29 and gcc 8) + Enable the new clone3 syscall within glibc. Can be disabled to allow compatibility with older Electron applications. + build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow + build and install libcrypt and crypt.h + When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL) + Add experimental LoongArch patchset + build memusage and memusagestat tools + enable optimizations for multiple CPU architectures (detected at runtime) + Provide prebuilt libgcc.a and crt files if missing. Only needed for ABI switch. + Build, and enable support for, the Name Service Cache Daemon + protect stack of glibc internals + Realign the stack in the 32-bit build for compatibility with older binaries at some performance cost + Enable static PIE support (runtime files for -static-pie gcc option). + Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5 + enable systemtap static probe points + + + cpe:/a:gnu:glibc +