From 87eea1180a7d97a14e507a532a89ddcb30499547 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Tue, 8 Dec 2015 13:16:33 -0800 Subject: [PATCH 1/2] glibc: sync with upstream, bump to latest stable Upgrade to 2.21 --- .../coreos-overlay/sys-libs/glibc/Manifest | 8 +- .../2.10/glibc-2.10-hardened-ssp-compat.patch | 168 ---------- .../files/2.11/glibc-2.11-hardened-pie.patch | 40 --- .../files/2.12/glibc-2.12-hardened-pie.patch | 39 --- .../files/2.16/glibc-2.16-hardened-pie.patch | 39 --- .../glibc-2.17-parsing-in-gethostbyname.patch | 244 -------------- ...glibc-2.3.3-localedef-fix-trampoline.patch | 68 ---- .../2.5/glibc-2.5-gentoo-stack_chk_fail.c | 311 ------------------ ...bc-2.5-hardened-configure-picdefault.patch | 29 -- ...libc-2.5-hardened-inittls-nosysenter.patch | 283 ---------------- .../files/2.5/glibc-2.5-hardened-pie.patch | 39 --- ...libc-2.6-hardened-inittls-nosysenter.patch | 273 --------------- ...libc-2.7-hardened-inittls-nosysenter.patch | 273 --------------- .../sys-libs/glibc/files/eblits/common.eblit | 21 +- .../glibc/files/eblits/pkg_postinst.eblit | 2 +- .../glibc/files/eblits/pkg_preinst.eblit | 22 +- .../glibc/files/eblits/pkg_pretend.eblit | 157 +++++++++ .../glibc/files/eblits/pkg_setup.eblit | 124 +------ .../glibc/files/eblits/src_compile.eblit | 2 +- .../glibc/files/eblits/src_configure.eblit | 10 +- .../glibc/files/eblits/src_install.eblit | 2 +- .../glibc/files/eblits/src_prepare.eblit | 2 +- .../glibc/files/eblits/src_test.eblit | 2 +- .../glibc/files/eblits/src_unpack.eblit | 2 +- .../glibc/files/locale-default-en_US.patch | 13 - .../coreos-overlay/sys-libs/glibc/files/nscd | 2 +- .../sys-libs/glibc/files/nsswitch.conf | 2 +- .../sys-libs/glibc/glibc-2.17-r4.ebuild | 1 - .../sys-libs/glibc/glibc-2.17.ebuild | 221 ------------- .../sys-libs/glibc/glibc-2.19-r1.ebuild | 219 ------------ ...bc-2.20-r2.ebuild => glibc-2.21-r1.ebuild} | 34 +- 31 files changed, 223 insertions(+), 2429 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-parsing-in-gethostbyname.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/locale-default-en_US.patch mode change 100755 => 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd delete mode 120000 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17-r4.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.19-r1.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/{glibc-2.20-r2.ebuild => glibc-2.21-r1.ebuild} (87%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest index b177c7dd04..17f7aad642 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest @@ -1,7 +1,3 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f -DIST glibc-2.17-patches-8.tar.bz2 83707 SHA256 477946a4915dcd0cc0565ff8532d219e2ee868f6e821ea71ce579652d01ccbb3 SHA512 6675357e62b554d9d0f8ef70341b8038f8f89591fba384bc3783ef81aead0532486e2218af71da9c6f88a3b8b382edec81bed36eb636ee231eac80e111acbfd8 WHIRLPOOL 946f431b28ec60cc61d44364187f64a2d6e92ed7c9071126cf70277843c656de4dfac9f184f572f9a72c0cb452d879cdb7aca5b9f92f8ff02a8b1a521fffef43 -DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23 -DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3 -DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6 -DIST glibc-2.20-patches-4.tar.bz2 55075 SHA256 f0d5d1d4a2e9ba11a96b79c089525122fbfdf13004f219ddfcf7046896696529 SHA512 36881a85f9e3f75b7e6bd688aedd7075adc832eb6e795a435eb9f74aab7f4160c95ea8be209a786b4bb4d0785a538a2ca41375c68ca0592bebfcb6b134cdbceb WHIRLPOOL b995733f82146bb5040e2f02afd33cf96c2e7c8efe7edec70d2bc724921aaf47b992e033b2fe0512e33420e1ca2af5b7203d618bf5aa2ebeab87d1350d850364 -DIST glibc-2.20.tar.xz 12283992 SHA256 f84b6d42aecc288d593c397b0a3d02260a33ee686bce0c634eb9b32798f36ba5 SHA512 7a8eea8b71d3ccba766c3f304cab61055446d451ef063309476b26dc40d880562dc33b1b68fbedeedb4b55b84c26415b9202311aaa71ef8c141b6849a814d2fa WHIRLPOOL 042f74d75c62a655ae35348c9cd0bed0845ab199e37a76635eb74c04ed927b5eca77723c38d2dc46f12fca62c1004001887b43946a914b079ad22f6a9cc8daaa +DIST glibc-2.21-patches-5.tar.bz2 34237 SHA256 8f6a5dd094ad2c4b82368ef4b081ce6c634f61ea2783cdc68bcd9250d61682e1 SHA512 19b0e706cee387aa3a9ed40dd20081ffe98eaaf9a5ca027ee4abd3e46c3403af06c5189bd764d8d477cb356507e1142b5fde852ec710cf24e108c307f5843837 WHIRLPOOL 96c4ec00af41c60c238f681ea5448cec4db11dc59b4853eed5ba700aa21f804de2443166aa48d30f76af6b1a2eb74a47a7d1163e2067e5bbdcdbe3e4bf2a38c4 +DIST glibc-2.21.tar.xz 12322092 SHA256 aeeb362437965a5d3f40b151094ca79def04a115bd363fdd4a9a0c69482923b8 SHA512 8cded6693618bec115f678fcbd0b77556f97dfa8337608f66e37224aefa55b38765ba61cb4d58beea37b5934e5ec8e30bad58613707388484906f2a0ce77997d WHIRLPOOL d07fec32bd92eade065a3b6170932b8bd41d07df4aa69dd5a860ebb9678c22bd1e20bf88b1fc05c3ecc18e709c0a63118e12525dc668e0399d7ef7fe4454702d diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch deleted file mode 100644 index a1c9eef6a9..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch +++ /dev/null @@ -1,168 +0,0 @@ -Add backwards compat support for gcc-3.x ssp ... older ssp versions -used __guard and __stack_smash_handler symbols while gcc-4.1 and newer -uses __stack_chk_guard and __stack_chk_fail. - ---- config.h.in -+++ config.h.in -@@ -42,6 +42,9 @@ - assembler instructions per line. Default is `;' */ - #undef ASM_LINE_SEP - -+/* Define if we want to enable support for old ssp symbols */ -+#undef ENABLE_OLD_SSP_COMPAT -+ - /* Define if not using ELF, but `.init' and `.fini' sections are available. */ - #undef HAVE_INITFINI - ---- configure -+++ configure -@@ -1378,6 +1378,9 @@ Optional Features: - --enable-kernel=VERSION compile for compatibility with kernel not older than - VERSION - --enable-all-warnings enable all useful warnings gcc can issue -+ --disable-old-ssp-compat -+ enable support for older ssp symbols -+ [default=no] - --enable-multi-arch enable single DSO with optimizations for multiple - architectures - --enable-experimental-malloc -@@ -6462,6 +6465,20 @@ fi - $as_echo "$libc_cv_ssp" >&6; } - - -+# Check whether --enable-old-ssp-compat or --disable-old-ssp-compat was given. -+if test "${enable_old_ssp_compat+set}" = set; then -+ enableval="$enable_old_ssp_compat" -+ enable_old_ssp_compat=$enableval -+else -+ enable_old_ssp_compat=no -+fi; -+if test "x$enable_old_ssp_compat" = "xyes"; then -+ cat >>confdefs.h <<\_ACEOF -+#define ENABLE_OLD_SSP_COMPAT 1 -+_ACEOF -+ -+fi -+ - { $as_echo "$as_me:$LINENO: checking for -fgnu89-inline" >&5 - $as_echo_n "checking for -fgnu89-inline... " >&6; } - if test "${libc_cv_gnu89_inline+set}" = set; then ---- configure.in -+++ configure.in -@@ -1641,6 +1641,15 @@ fi - rm -f conftest*]) - AC_SUBST(libc_cv_ssp) - -+AC_ARG_ENABLE([old-ssp-compat], -+ AC_HELP_STRING([--enable-old-ssp-compat], -+ [enable support for older ssp symbols @<:@default=no@:>@]), -+ [enable_old_ssp_compat=$enableval], -+ [enable_old_ssp_compat=no]) -+if test "x$enable_old_ssp_compat" = "xyes"; then -+ AC_DEFINE(ENABLE_OLD_SSP_COMPAT) -+fi -+ - AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl - cat > conftest.c < - - * Makeconfig (+link): Set to +link-pie. - (+link-static): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prector) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) --print-file-name=crtbegin.o` --+postctor = `$(CC) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch deleted file mode 100644 index 3315171d95..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch +++ /dev/null @@ -1,39 +0,0 @@ -2010-08-11 Magnus Granberg - - #332331 - * Makeconfig (+link): Set to +link-pie. - (+link-static): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prector) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch deleted file mode 100644 index a850a61a27..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch +++ /dev/null @@ -1,39 +0,0 @@ -2012-11-11 Magnus Granberg - - #442712 - * Makeconfig (+link): Set to +link-pie. - (+link-static-before-libc): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prector) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-parsing-in-gethostbyname.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-parsing-in-gethostbyname.patch deleted file mode 100644 index 606ecefacd..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-parsing-in-gethostbyname.patch +++ /dev/null @@ -1,244 +0,0 @@ -From d5dd6189d506068ed11c8bfa1e1e9bffde04decd Mon Sep 17 00:00:00 2001 -From: Andreas Schwab -Date: Mon, 21 Jan 2013 17:41:28 +0100 -Subject: [PATCH] Fix parsing of numeric hosts in gethostbyname_r - ---- - ChangeLog | 14 ++++++++++ - NEWS | 12 ++++----- - nss/Makefile | 2 +- - nss/digits_dots.c | 73 ++++++++++++++------------------------------------ - nss/getXXbyYY_r.c | 5 +++- - nss/test-digits-dots.c | 38 ++++++++++++++++++++++++++ - 6 files changed, 83 insertions(+), 61 deletions(-) - create mode 100644 nss/test-digits-dots.c - -diff --git nss/Makefile nss/Makefile -index 449a258..553eafa 100644 ---- nss/Makefile -+++ nss/Makefile -@@ -37,7 +37,7 @@ install-bin := getent makedb - makedb-modules = xmalloc hash-string - extra-objs += $(makedb-modules:=.o) - --tests = test-netdb tst-nss-test1 -+tests = test-netdb tst-nss-test1 test-digits-dots - xtests = bug-erange - - include ../Makeconfig -diff --git nss/digits_dots.c nss/digits_dots.c -index 2b86295..e007ef4 100644 ---- nss/digits_dots.c -+++ nss/digits_dots.c -@@ -46,7 +46,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - { - if (h_errnop) - *h_errnop = NETDB_INTERNAL; -- *result = NULL; -+ if (buffer_size == NULL) -+ *status = NSS_STATUS_TRYAGAIN; -+ else -+ *result = NULL; - return -1; - } - -@@ -83,14 +86,16 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - } - - size_needed = (sizeof (*host_addr) -- + sizeof (*h_addr_ptrs) + strlen (name) + 1); -+ + sizeof (*h_addr_ptrs) -+ + sizeof (*h_alias_ptr) + strlen (name) + 1); - - if (buffer_size == NULL) - { - if (buflen < size_needed) - { -+ *status = NSS_STATUS_TRYAGAIN; - if (h_errnop != NULL) -- *h_errnop = TRY_AGAIN; -+ *h_errnop = NETDB_INTERNAL; - __set_errno (ERANGE); - goto done; - } -@@ -109,7 +114,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - *buffer_size = 0; - __set_errno (save); - if (h_errnop != NULL) -- *h_errnop = TRY_AGAIN; -+ *h_errnop = NETDB_INTERNAL; - *result = NULL; - goto done; - } -@@ -149,7 +154,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - if (! ok) - { - *h_errnop = HOST_NOT_FOUND; -- if (buffer_size) -+ if (buffer_size == NULL) -+ *status = NSS_STATUS_NOTFOUND; -+ else - *result = NULL; - goto done; - } -@@ -190,7 +197,7 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - if (buffer_size == NULL) - *status = NSS_STATUS_SUCCESS; - else -- *result = resbuf; -+ *result = resbuf; - goto done; - } - -@@ -201,15 +208,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - - if ((isxdigit (name[0]) && strchr (name, ':') != NULL) || name[0] == ':') - { -- const char *cp; -- char *hostname; -- typedef unsigned char host_addr_t[16]; -- host_addr_t *host_addr; -- typedef char *host_addr_list_t[2]; -- host_addr_list_t *h_addr_ptrs; -- size_t size_needed; -- int addr_size; -- - switch (af) - { - default: -@@ -225,7 +223,10 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - /* This is not possible. We cannot represent an IPv6 address - in an `struct in_addr' variable. */ - *h_errnop = HOST_NOT_FOUND; -- *result = NULL; -+ if (buffer_size == NULL) -+ *status = NSS_STATUS_NOTFOUND; -+ else -+ *result = NULL; - goto done; - - case AF_INET6: -@@ -233,42 +234,6 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - break; - } - -- size_needed = (sizeof (*host_addr) -- + sizeof (*h_addr_ptrs) + strlen (name) + 1); -- -- if (buffer_size == NULL && buflen < size_needed) -- { -- if (h_errnop != NULL) -- *h_errnop = TRY_AGAIN; -- __set_errno (ERANGE); -- goto done; -- } -- else if (buffer_size != NULL && *buffer_size < size_needed) -- { -- char *new_buf; -- *buffer_size = size_needed; -- new_buf = realloc (*buffer, *buffer_size); -- -- if (new_buf == NULL) -- { -- save = errno; -- free (*buffer); -- __set_errno (save); -- *buffer = NULL; -- *buffer_size = 0; -- *result = NULL; -- goto done; -- } -- *buffer = new_buf; -- } -- -- memset (*buffer, '\0', size_needed); -- -- host_addr = (host_addr_t *) *buffer; -- h_addr_ptrs = (host_addr_list_t *) -- ((char *) host_addr + sizeof (*host_addr)); -- hostname = (char *) h_addr_ptrs + sizeof (*h_addr_ptrs); -- - for (cp = name;; ++cp) - { - if (!*cp) -@@ -281,7 +246,9 @@ __nss_hostname_digits_dots (const char *name, struct hostent *resbuf, - if (inet_pton (AF_INET6, name, host_addr) <= 0) - { - *h_errnop = HOST_NOT_FOUND; -- if (buffer_size) -+ if (buffer_size == NULL) -+ *status = NSS_STATUS_NOTFOUND; -+ else - *result = NULL; - goto done; - } -diff --git nss/getXXbyYY_r.c nss/getXXbyYY_r.c -index 1067744..44d00f4 100644 ---- nss/getXXbyYY_r.c -+++ nss/getXXbyYY_r.c -@@ -179,6 +179,9 @@ INTERNAL (REENTRANT_NAME) (ADD_PARAMS, LOOKUP_TYPE *resbuf, char *buffer, - case -1: - return errno; - case 1: -+#ifdef NEED_H_ERRNO -+ any_service = true; -+#endif - goto done; - } - #endif -@@ -288,7 +291,7 @@ done: - /* Either we failed to lookup the functions or the functions themselves - had a system error. Set NETDB_INTERNAL here to let the caller know - that the errno may have the real reason for failure. */ -- *h_errnop = NETDB_INTERNAL; -+ *h_errnop = NETDB_INTERNAL; - else if (status != NSS_STATUS_SUCCESS && !any_service) - /* We were not able to use any service. */ - *h_errnop = NO_RECOVERY; -diff --git nss/test-digits-dots.c nss/test-digits-dots.c -new file mode 100644 -index 0000000..1efa344 ---- /dev/null -+++ nss/test-digits-dots.c -@@ -0,0 +1,38 @@ -+/* Copyright (C) 2013 Free Software Foundation, Inc. -+ This file is part of the GNU C Library. -+ -+ The GNU C Library is free software; you can redistribute it and/or -+ modify it under the terms of the GNU Lesser General Public -+ License as published by the Free Software Foundation; either -+ version 2.1 of the License, or (at your option) any later version. -+ -+ The GNU C Library is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ Lesser General Public License for more details. -+ -+ You should have received a copy of the GNU Lesser General Public -+ License along with the GNU C Library; if not, see -+ . */ -+ -+/* Testcase for BZ #15014 */ -+ -+#include -+#include -+#include -+ -+static int -+do_test (void) -+{ -+ char buf[32]; -+ struct hostent *result = NULL; -+ struct hostent ret; -+ int h_err = 0; -+ int err; -+ -+ err = gethostbyname_r ("1.2.3.4", &ret, buf, sizeof (buf), &result, &h_err); -+ return err == ERANGE && h_err == NETDB_INTERNAL ? EXIT_SUCCESS : EXIT_FAILURE; -+} -+ -+#define TEST_FUNCTION do_test () -+#include "../test-skeleton.c" --- -1.9.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch deleted file mode 100644 index 7c4399f845..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch +++ /dev/null @@ -1,68 +0,0 @@ -#! /bin/sh -e - -# DP: Description: Fix localedef segfault when run under exec-shield, -# PaX or similar. (#231438, #198099) -# DP: Dpatch Author: James Troup -# DP: Patch Author: (probably) Jakub Jelinek -# DP: Upstream status: Unknown -# DP: Status Details: Unknown -# DP: Date: 2004-03-16 - -if [ $# -ne 2 ]; then - echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" - exit 1 -fi -case "$1" in - -patch) patch -d "$2" -f --no-backup-if-mismatch -p1 < $0;; - -unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p1 < $0;; - *) - echo >&2 "`basename $0`: script expects -patch|-unpatch as argument" - exit 1 -esac -exit 0 - ---- glibc-2.3.3-net/locale/programs/3level.h 16 Jun 2003 07:19:09 -0000 1.1.1.5 -+++ glibc-2.3.3-redhat/locale/programs/3level.h 16 Jun 2003 09:32:40 -0000 1.4 -@@ -204,6 +204,42 @@ CONCAT(TABLE,_iterate) (struct TABLE *t, - } - } - } -+ -+/* GCC ATM seems to do a poor job with pointers to nested functions passed -+ to inlined functions. Help it a little bit with this hack. */ -+#define wchead_table_iterate(tp, fn) \ -+do \ -+ { \ -+ struct wchead_table *t = (tp); \ -+ uint32_t index1; \ -+ for (index1 = 0; index1 < t->level1_size; index1++) \ -+ { \ -+ uint32_t lookup1 = t->level1[index1]; \ -+ if (lookup1 != ((uint32_t) ~0)) \ -+ { \ -+ uint32_t lookup1_shifted = lookup1 << t->q; \ -+ uint32_t index2; \ -+ for (index2 = 0; index2 < (1 << t->q); index2++) \ -+ { \ -+ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \ -+ if (lookup2 != ((uint32_t) ~0)) \ -+ { \ -+ uint32_t lookup2_shifted = lookup2 << t->p; \ -+ uint32_t index3; \ -+ for (index3 = 0; index3 < (1 << t->p); index3++) \ -+ { \ -+ struct element_t *lookup3 \ -+ = t->level3[index3 + lookup2_shifted]; \ -+ if (lookup3 != NULL) \ -+ fn ((((index1 << t->q) + index2) << t->p) + index3, \ -+ lookup3); \ -+ } \ -+ } \ -+ } \ -+ } \ -+ } \ -+ } while (0) -+ - #endif - - #ifndef NO_FINALIZE diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c deleted file mode 100644 index e304440003..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,311 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigation && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -#endif - - - -/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */ -#ifdef __NR_socketcall - -# define DO_SOCKET(result,domain,type,protocol) \ - {socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);} - -# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ - {socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);} - -#else - -# define DO_SOCKET(result,domain,type,protocol) \ - {result = INLINE_SYSCALL(socket,3,domain,type,protocol);} - -# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \ - {result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);} - -#endif -/* __NR_socketcall */ - - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[]=_PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -static inline void -__attribute__ ((__noreturn__ , __always_inline__)) -__hardened_gentoo_stack_chk_fail (char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[]=": stack smashing attack"; - static const char msg_inf[]=" in function "; - static const char msg_ssd[]="*** stack smashing detected ***: "; - static const char msg_terminated[]=" - terminated\n"; - static const char msg_report[]="Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[]=""; -#ifdef SSP_SMASH_DUMPS_CORE - static struct sigaction default_abort_act; -#endif - static int log_socket, connect_result; - static struct sockaddr_un sock; -#ifdef __NR_socketcall - static unsigned long int socketargs[4]; -#endif - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i=0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) - { - sock.sun_path[i]=path_log[i]; - i++; - } - sock.sun_path[i]='\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result=-1; - DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0); - if (log_socket != -1) - DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); - if (connect_result == -1) - { - if (log_socket != -1) - INLINE_SYSCALL(close,1,log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0); - if (log_socket != -1) - DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock))); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen=0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); - if (connect_result != -1) - INLINE_SYSCALL(write,3,log_socket,message,plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen=0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func!=NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); - if (connect_result != -1) - INLINE_SYSCALL(write,3,log_socket,message,plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen); - if (connect_result != -1) - INLINE_SYSCALL(write,3,log_socket,message,plen); - - if (log_socket != -1) - INLINE_SYSCALL(close,1,log_socket); - - /* Suicide */ - pid=INLINE_SYSCALL(getpid,0); -#ifdef SSP_SMASH_DUMPS_CORE - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - /* sigaction doesn't exist on amd64; however rt_sigaction seems to - * exist everywhere. rt_sigaction has an extra parameter - the - * size of sigset_t. - */ -# ifdef __NR_sigation - if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0) -# else - /* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG - if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0) -# else - if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0) -# endif -# endif - INLINE_SYSCALL(kill,2,pid,SIGABRT); -#endif - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill,2,pid,SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) INLINE_SYSCALL(exit,0); -} - -void -__attribute__ ((__noreturn__)) - __stack_chk_fail (void) -{ - __hardened_gentoo_stack_chk_fail(NULL,0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -void -__attribute__ ((__noreturn__)) -__stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func,damaged); -} -#endif - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch deleted file mode 100644 index 253a61bb6d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch +++ /dev/null @@ -1,29 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn - ---- configure.in -+++ configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch deleted file mode 100644 index 420e6fdd98..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,283 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn - ---- csu/libc-start.c.orig 2007-01-21 11:51:06.000000000 +0100 -+++ csu/libc-start.c 2007-01-21 11:55:57.000000000 +0100 -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void) -@@ -133,6 +134,14 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP -+ if (__pthread_initialize_minimal) -+# endif -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -142,15 +151,17 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. If there is no thread library and we - handle TLS the function is defined in the libc to initialized the - TLS handling. */ --# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP -+# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP - if (__pthread_initialize_minimal) --# endif -+# endif - __pthread_initialize_minimal (); -+# endif - #endif - - # ifndef SHARED ---- csu/libc-tls.c.orig 2007-01-21 11:37:02.000000000 +0100 -+++ csu/libc-tls.c 2007-01-21 12:09:33.000000000 +0100 -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -30,6 +31,9 @@ - #endif - - #ifdef USE_TLS -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+# endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -142,14 +146,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - # if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - # elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - # else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c.orig 2007-01-21 11:38:27.000000000 +0100 -+++ misc/sbrk.c 2007-01-21 12:07:29.000000000 +0100 -@@ -18,6 +18,7 @@ - - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c.orig 2007-01-21 11:39:16.000000000 +0100 -+++ sysdeps/unix/sysv/linux/i386/brk.c 2007-01-21 11:44:01.000000000 +0100 -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h.orig 2007-01-21 13:08:00.000000000 +0100 -+++ sysdeps/unix/sysv/linux/i386/sysdep.h 2007-01-21 13:19:10.000000000 +0100 -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch deleted file mode 100644 index 46f3de4f78..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch +++ /dev/null @@ -1,39 +0,0 @@ -Change link commands for glibc executables to build PIEs - -Patch by Kevin F. Quinn - ---- Makeconfig -+++ Makeconfig -@@ -415,10 +415,10 @@ - - # Command for linking programs with the C library. - ifndef +link --+link = $(CC) -nostdlib -nostartfiles -o $@ \ -++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \ - $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ - $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \ -- $(addprefix $(csu-objpfx),$(start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(start-installed-name)) \ - $(+preinit) $(+prector) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -429,7 +429,7 @@ - ifndef +link-static - +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prector) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -528,8 +528,8 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) --print-file-name=crtbegin.o` --+postctor = `$(CC) --print-file-name=crtend.o` -++prector = `$(CC) --print-file-name=crtbeginS.o` -++postctor = `$(CC) --print-file-name=crtendS.o` - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch deleted file mode 100644 index be8ca1963c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,273 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - #endif - - # ifndef SHARED ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch deleted file mode 100644 index ecf57a911b..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,273 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit index 2f7471ed32..51ba4a9239 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/common.eblit,v 1.45 2014/10/18 23:09:51 vapier Exp $ +# $Id$ alt_prefix() { is_crosscompile && echo /usr/${CTARGET} @@ -58,6 +58,13 @@ setup_target_flags() { case $(tc-arch) in x86) # -march needed for #185404 #199334 + # TODO: When creating the first glibc cross-compile, this test will + # always fail as it does a full link which in turn requires glibc. + # Probably also applies when changing multilib profile settings (e.g. + # enabling x86 when the profile was amd64-only previously). + # We could change main to _start and pass -nostdlib here so that we + # only test the gcc code compilation. Or we could do a compile and + # then look for the symbol via scanelf. if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then local t=${CTARGET_OPT:-${CTARGET}} t=${t%%-*} @@ -68,9 +75,15 @@ setup_target_flags() { ;; amd64) # -march needed for #185404 #199334 + # Note: This test only matters when the x86 ABI is enabled, so we could + # optimize a bit and elide it. + # TODO: See cross-compile issues listed above for x86. if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then local t=${CTARGET_OPT:-${CTARGET}} t=${t%%-*} + # Normally the target is x86_64-xxx, so turn that into the -march that + # gcc actually accepts. #528708 + [[ ${t} == "x86_64" ]] && t="x86-64" filter-flags '-march=*' # ugly, ugly, ugly. ugly. CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") @@ -78,6 +91,10 @@ setup_target_flags() { einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" fi ;; + mips) + # The mips abi cannot support the GNU style hashes. #233233 + filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both + ;; ppc) append-flags "-freorder-blocks" ;; diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit index 9e5447d267..074cf3a0b9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit @@ -1,6 +1,6 @@ # Copyright 1999-2012 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/pkg_postinst.eblit,v 1.2 2012/04/15 20:04:44 vapier Exp $ +# $Id$ eblit-glibc-pkg_postinst() { # nothing to do if just installing headers diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit index 0fcb24a09e..cb8f461b0d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit @@ -1,6 +1,6 @@ -# Copyright 1999-2014 Gentoo Foundation +# Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/pkg_preinst.eblit,v 1.13 2014/08/10 03:35:56 vapier Exp $ +# $Id$ # Simple test to make sure our new glibc isnt completely broken. # Make sure we don't test with statically built binaries since @@ -29,6 +29,9 @@ glibc_sanity_check() { *"statically linked"*) continue;; *"ASCII text"*) continue;; esac + # We need to clear the locale settings as the upgrade might want + # incompatible locale data. This test is not for verifying that. + LC_ALL=C \ ./ld-*.so --library-path . ${x} > /dev/null \ || die "simple run test (${x}) failed" done @@ -53,17 +56,8 @@ eblit-glibc-pkg_preinst() { [[ -d ${D}/$(get_libdir) ]] || return 0 glibc_sanity_check - # Make sure devpts is mounted correctly for use w/out setuid pt_chown. - if in_iuse suid && ! use suid ; then - if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then - eerror "In order to use glibc with USE=-suid, you must make sure that" - eerror "you have devpts mounted at /dev/pts with the gid=5 option." - eerror "Openrc should do this for you, so you should check /etc/fstab" - eerror "and make sure you do not have any invalid settings there." - # Do not die on older kernels as devpts did not export these settings #489520. - if version_is_at_least 2.6.25 $(uname -r) ; then - die "mount & fix your /dev/pts settings" - fi - fi + # For newer EAPIs, this was run in pkg_pretend. + if [[ ${EAPI:-0} == [0123] ]] ; then + check_devpts fi } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit new file mode 100644 index 0000000000..c900ccc62f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit @@ -0,0 +1,157 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +glibc_compile_test() { + local ret save_cflags=${CFLAGS} + CFLAGS+=" $1" + shift + + pushd "${T}" >/dev/null + + rm -f glibc-test* + printf '%b' "$*" > glibc-test.c + + _nonfatal emake -s glibc-test + ret=$? + + popd >/dev/null + + CFLAGS=${save_cflags} + return ${ret} +} + +glibc_run_test() { + local ret + + if [[ ${EMERGE_FROM} == "binary" ]] ; then + # ignore build failures when installing a binary package #324685 + glibc_compile_test "" "$@" 2>/dev/null || return 0 + else + if ! glibc_compile_test "" "$@" ; then + ewarn "Simple build failed ... assuming this is desired #324685" + return 0 + fi + fi + + pushd "${T}" >/dev/null + + ./glibc-test + ret=$? + rm -f glibc-test* + + popd >/dev/null + + return ${ret} +} + +check_devpts() { + # Make sure devpts is mounted correctly for use w/out setuid pt_chown. + + # If merely building the binary package, then there's nothing to verify. + [[ ${MERGE_TYPE} == "buildonly" ]] && return + + # Only sanity check when installing the native glibc. + [[ ${ROOT} != "/" ]] && return + + # Older versions always installed setuid, so no need to check. + in_iuse suid || return + + # If they're opting in to the old suid code, then no need to check. + use suid && return + + if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then + eerror "In order to use glibc with USE=-suid, you must make sure that" + eerror "you have devpts mounted at /dev/pts with the gid=5 option." + eerror "Openrc should do this for you, so you should check /etc/fstab" + eerror "and make sure you do not have any invalid settings there." + # Do not die on older kernels as devpts did not export these settings #489520. + if version_is_at_least 2.6.25 $(uname -r) ; then + die "mount & fix your /dev/pts settings" + fi + fi +} + +eblit-glibc-pkg_pretend() { + # For older EAPIs, this is run in pkg_preinst. + if [[ ${EAPI:-0} != [0123] ]] ; then + check_devpts + fi + + # prevent native builds from downgrading ... maybe update to allow people + # to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2) + if [[ ${MERGE_TYPE} != "buildonly" ]] && \ + [[ ${ROOT} == "/" ]] && \ + [[ ${CBUILD} == ${CHOST} ]] && \ + [[ ${CHOST} == ${CTARGET} ]] ; then + if has_version '>'${CATEGORY}/${PF} ; then + eerror "Sanity check to keep you from breaking your system:" + eerror " Downgrading glibc is not supported and a sure way to destruction" + die "aborting to save your system" + fi + + if ! glibc_run_test '#include \nint main(){return getpwuid(0)==0;}\n' + then + eerror "Your patched vendor kernel is broken. You need to get an" + eerror "update from whoever is providing the kernel to you." + eerror "http://sourceware.org/bugzilla/show_bug.cgi?id=5227" + eerror "http://bugs.gentoo.org/262698" + die "keeping your system alive, say thank you" + fi + + if ! glibc_run_test '#include \n#include \nint main(){return syscall(1000)!=-1;}\n' + then + eerror "Your old kernel is broken. You need to update it to" + eerror "a newer version as syscall() will break." + eerror "http://bugs.gentoo.org/279260" + die "keeping your system alive, say thank you" + fi + fi + + # users have had a chance to phase themselves, time to give em the boot + if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then + eerror "You still haven't deleted ${EROOT}/etc/locales.build." + eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." + die "lazy upgrader detected" + fi + + if [[ ${CTARGET} == i386-* ]] ; then + eerror "i386 CHOSTs are no longer supported." + eerror "Chances are you don't actually want/need i386." + eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" + die "please fix your CHOST" + fi + + if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then + ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." + ewarn "This will result in a 50% performance penalty when running with a 32bit" + ewarn "hypervisor, which is probably not what you want." + fi + + use hardened && ! gcc-specs-pie && \ + ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" + + # Make sure host system is up to date #394453 + if has_version '/dev/null - - rm -f glibc-test* - printf '%b' "$*" > glibc-test.c - - _nonfatal emake -s glibc-test - ret=$? - - popd >/dev/null - - CFLAGS=${save_cflags} - return ${ret} -} - -glibc_run_test() { - local ret - - if [[ ${EMERGE_FROM} == "binary" ]] ; then - # ignore build failures when installing a binary package #324685 - glibc_compile_test "" "$@" 2>/dev/null || return 0 - else - if ! glibc_compile_test "" "$@" ; then - ewarn "Simple build failed ... assuming this is desired #324685" - return 0 - fi - fi - - pushd "${T}" >/dev/null - - ./glibc-test - ret=$? - rm -f glibc-test* - - popd >/dev/null - - return ${ret} -} +[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit" eblit-glibc-pkg_setup() { - # prevent native builds from downgrading ... maybe update to allow people - # to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2) - if [[ ${MERGE_TYPE} != "buildonly" ]] && \ - [[ ${ROOT} == "/" ]] && \ - [[ ${CBUILD} == ${CHOST} ]] && \ - [[ ${CHOST} == ${CTARGET} ]] ; then - if has_version '>'${CATEGORY}/${PF} ; then - eerror "Sanity check to keep you from breaking your system:" - eerror " Downgrading glibc is not supported and a sure way to destruction" - die "aborting to save your system" - fi - - if ! glibc_run_test '#include \nint main(){return getpwuid(0)==0;}\n' - then - eerror "Your patched vendor kernel is broken. You need to get an" - eerror "update from whoever is providing the kernel to you." - eerror "http://sourceware.org/bugzilla/show_bug.cgi?id=5227" - eerror "http://bugs.gentoo.org/262698" - die "keeping your system alive, say thank you" - fi - - if ! glibc_run_test '#include \n#include \nint main(){return syscall(1000)!=-1;}\n' - then - eerror "Your old kernel is broken. You need to update it to" - eerror "a newer version as syscall() will break." - eerror "http://bugs.gentoo.org/279260" - die "keeping your system alive, say thank you" - fi - fi - - # users have had a chance to phase themselves, time to give em the boot - if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then - eerror "You still haven't deleted ${EROOT}/etc/locales.build." - eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." - die "lazy upgrader detected" - fi - - if [[ ${CTARGET} == i386-* ]] ; then - eerror "i386 CHOSTs are no longer supported." - eerror "Chances are you don't actually want/need i386." - eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" - die "please fix your CHOST" - fi - - if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then - ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." - ewarn "This will result in a 50% performance penalty when running with a 32bit" - ewarn "hypervisor, which is probably not what you want." - fi - - use hardened && ! gcc-specs-pie && \ - ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" - - # Make sure host system is up to date #394453 - if has_version '/dev/null + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die + sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die + popd >/dev/null + fi + local myconf=() myconf+=( --disable-sanity-checks diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit index 8030d935a6..4a8056071a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_install.eblit,v 1.38 2014/09/10 18:15:55 vapier Exp $ +# $Id$ toolchain-glibc_src_install() { local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit index dc57faee3e..162cf530c8 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_prepare.eblit,v 1.1 2014/09/10 05:59:03 vapier Exp $ +# $Id$ eblit-glibc-src_prepare() { # XXX: We should do the branchupdate, before extracting the manpages and diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit index 210cca3a46..fc5b950f46 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_test.eblit,v 1.9 2014/09/17 22:53:43 vapier Exp $ +# $Id$ glibc_src_test() { cd "$(builddir $1)" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit index 94f33b5e72..8d4c740717 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/eblits/src_unpack.eblit,v 1.27 2014/09/10 05:59:03 vapier Exp $ +# $Id$ [[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/locale-default-en_US.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/locale-default-en_US.patch deleted file mode 100644 index 83f75a4895..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/locale-default-en_US.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- extra/locale/locale.gen.orig 2014-03-18 10:38:23.993988978 -0700 -+++ extra/locale/locale.gen 2014-03-18 10:38:38.140049907 -0700 -@@ -15,8 +15,8 @@ - # rebuilt for you. After updating this file, you can simply run `locale-gen` - # yourself instead of re-emerging glibc. - --#en_US ISO-8859-1 --#en_US.UTF-8 UTF-8 -+en_US ISO-8859-1 -+en_US.UTF-8 UTF-8 - #ja_JP.EUC-JP EUC-JP - #ja_JP.UTF-8 UTF-8 - #ja_JP EUC-JP diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd old mode 100755 new mode 100644 index b102de0705..e47f9b98bd --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nscd,v 1.7 2007/02/23 12:09:39 uberlord Exp $ +# $Id$ depend() { use dns ldap net slapd diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nsswitch.conf b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nsswitch.conf index eb169614d4..f28d534edf 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nsswitch.conf +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nsswitch.conf @@ -1,5 +1,5 @@ # /etc/nsswitch.conf: -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $ +# $Id$ passwd: compat shadow: compat diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17-r4.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17-r4.ebuild deleted file mode 120000 index 4528bca682..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17-r4.ebuild +++ /dev/null @@ -1 +0,0 @@ -glibc-2.17.ebuild \ No newline at end of file diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17.ebuild deleted file mode 100644 index 24083dc217..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.17.ebuild +++ /dev/null @@ -1,221 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.17.ebuild,v 1.34 2014/04/05 16:05:07 vapier Exp $ - -inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing - -DESCRIPTION="GNU libc6 (also called glibc2) C library" -HOMEPAGE="http://www.gnu.org/software/libc/libc.html" - -LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -RESTRICT="strip" # strip ourself #46186 -EMULTILIB_PKG="true" - -# Configuration variables -RELEASE_VER="" -case ${PV} in -9999*) - EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" - EGIT_SOURCEDIRS="${S}" - inherit git-2 - ;; -*) - RELEASE_VER=${PV} - ;; -esac -GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="8" # Gentoo patchset -NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires - -IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" - -# Here's how the cross-compile logic breaks down ... -# CTARGET - machine that will target the binaries -# CHOST - machine that will host the binaries -# CBUILD - machine that will build the binaries -# If CTARGET != CHOST, it means you want a libc for cross-compiling. -# If CHOST != CBUILD, it means you want to cross-compile the libc. -# CBUILD = CHOST = CTARGET - native build/install -# CBUILD != (CHOST = CTARGET) - cross-compile a native build -# (CBUILD = CHOST) != CTARGET - libc for cross-compiler -# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler -# For install paths: -# CHOST = CTARGET - install into / -# CHOST != CTARGET - install into /usr/CTARGET/ - -export CBUILD=${CBUILD:-${CHOST}} -export CTARGET=${CTARGET:-${CHOST}} -if [[ ${CTARGET} == ${CHOST} ]] ; then - if [[ ${CATEGORY} == cross-* ]] ; then - export CTARGET=${CATEGORY#cross-} - fi -fi - -[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} - -is_crosscompile() { - [[ ${CHOST} != ${CTARGET} ]] -} - -# Why SLOT 2.2 you ask yourself while sippin your tea ? -# Everyone knows 2.2 > 0, duh. -SLOT="2.2" - -# General: We need a new-enough binutils/gcc to match upstream baseline. -# arch: we need to make sure our binutils/gcc supports TLS. -DEPEND=">=app-misc/pax-utils-0.1.10 - ! [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-pre() { - GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912 - [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 -} - -eblit-src_unpack-post() { - cd "${WORKDIR}" - epatch "${FILESDIR}"/locale-default-en_US.patch - - if use hardened ; then - cd "${S}" - einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch - epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch - epatch "${FILESDIR}"/2.17/glibc-2.17-parsing-in-gethostbyname.patch - - einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" - cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \ - debug/stack_chk_fail.c || die - cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \ - debug/chk_fail.c || die - - if use debug ; then - # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis - debug only, as core could be an information leak - # (paranoia). - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug stack handler" - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug fortify handler" - fi - - # Build nscd with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - nscd/Makefile \ - || die "Failed to ensure nscd builds with ssp-all" - fi -} - -eblit-pkg_preinst-post() { - if [[ ${CTARGET} == arm* ]] ; then - # Backwards compat support for renaming hardfp ldsos #417287 - local oldso='/lib/ld-linux.so.3' - local nldso='/lib/ld-linux-armhf.so.3' - if [[ -e ${D}${nldso} ]] ; then - if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then - ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." - ewarn "Please rebuild all packages using this old ldso as compat" - ewarn "support will be dropped in the future." - ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" - fi - fi - fi -} - -# CoreOS tweaks: -# - drop host.conf and gai.conf -# - nsswitch.conf and rpc are provided by baselayout -eblit-src_install-post() { - rm -f "${D}"/etc/{gai.conf,host.conf,nsswitch.conf,rpc} || die -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.19-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.19-r1.ebuild deleted file mode 100644 index d93ba66ae2..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.19-r1.ebuild +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.19-r1.ebuild,v 1.11 2014/10/26 08:05:50 vapier Exp $ - -inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing - -DESCRIPTION="GNU libc6 (also called glibc2) C library" -HOMEPAGE="http://www.gnu.org/software/libc/libc.html" - -LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" -RESTRICT="strip" # strip ourself #46186 -EMULTILIB_PKG="true" - -# Configuration variables -RELEASE_VER="" -case ${PV} in -9999*) - EGIT_REPO_URIS="git://sourceware.org/git/glibc.git" - EGIT_SOURCEDIRS="${S}" - inherit git-2 - ;; -*) - RELEASE_VER=${PV} - ;; -esac -GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="3" # Gentoo patchset -NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires - -IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" - -# Here's how the cross-compile logic breaks down ... -# CTARGET - machine that will target the binaries -# CHOST - machine that will host the binaries -# CBUILD - machine that will build the binaries -# If CTARGET != CHOST, it means you want a libc for cross-compiling. -# If CHOST != CBUILD, it means you want to cross-compile the libc. -# CBUILD = CHOST = CTARGET - native build/install -# CBUILD != (CHOST = CTARGET) - cross-compile a native build -# (CBUILD = CHOST) != CTARGET - libc for cross-compiler -# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler -# For install paths: -# CHOST = CTARGET - install into / -# CHOST != CTARGET - install into /usr/CTARGET/ - -export CBUILD=${CBUILD:-${CHOST}} -export CTARGET=${CTARGET:-${CHOST}} -if [[ ${CTARGET} == ${CHOST} ]] ; then - if [[ ${CATEGORY} == cross-* ]] ; then - export CTARGET=${CATEGORY#cross-} - fi -fi - -[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20} - -is_crosscompile() { - [[ ${CHOST} != ${CTARGET} ]] -} - -# Why SLOT 2.2 you ask yourself while sippin your tea ? -# Everyone knows 2.2 > 0, duh. -SLOT="2.2" - -# General: We need a new-enough binutils/gcc to match upstream baseline. -# arch: we need to make sure our binutils/gcc supports TLS. -DEPEND=">=app-misc/pax-utils-0.1.10 - ! [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-pre() { - [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 -} - -eblit-src_unpack-post() { - cd "${WORKDIR}" - epatch "${FILESDIR}"/locale-default-en_US.patch - - if use hardened ; then - cd "${S}" - einfo "Patching to get working PIE binaries on PIE (hardened) platforms" - gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch - epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch - epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch - - einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" - cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \ - debug/stack_chk_fail.c || die - cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \ - debug/chk_fail.c || die - - if use debug ; then - # When using Hardened Gentoo stack handler, have smashes dump core for - # analysis - debug only, as core could be an information leak - # (paranoia). - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug stack handler" - sed -i \ - -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ - debug/Makefile \ - || die "Failed to modify debug/Makefile for debug fortify handler" - fi - - # Build nscd with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - nscd/Makefile \ - || die "Failed to ensure nscd builds with ssp-all" - fi -} - -eblit-pkg_preinst-post() { - if [[ ${CTARGET} == arm* ]] ; then - # Backwards compat support for renaming hardfp ldsos #417287 - local oldso='/lib/ld-linux.so.3' - local nldso='/lib/ld-linux-armhf.so.3' - if [[ -e ${D}${nldso} ]] ; then - if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then - ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})." - ewarn "Please rebuild all packages using this old ldso as compat" - ewarn "support will be dropped in the future." - ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}" - fi - fi - fi -} - -# CoreOS tweaks: -# - drop host.conf and gai.conf -# - nsswitch.conf and rpc are provided by baselayout -eblit-src_install-post() { - rm -f "${D}"/etc/{gai.conf,host.conf,nsswitch.conf,rpc} || die -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.20-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r1.ebuild similarity index 87% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.20-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r1.ebuild index 861b8471a5..9963ae3152 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.20-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.21-r1.ebuild @@ -1,16 +1,16 @@ # Copyright 1999-2015 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.20-r2.ebuild,v 1.2 2015/03/22 20:38:54 zlogene Exp $ +# $Id$ EAPI="4" inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing DESCRIPTION="GNU libc6 (also called glibc2) C library" -HOMEPAGE="http://www.gnu.org/software/libc/libc.html" +HOMEPAGE="https://www.gnu.org/software/libc/libc.html" LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="~alpha amd64 ~arm ~arm64 -hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86" RESTRICT="strip" # strip ourself #46186 EMULTILIB_PKG="true" @@ -27,7 +27,7 @@ case ${PV} in ;; esac GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="4" # Gentoo patchset +PATCH_VER="5" # Gentoo patchset : ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only" @@ -76,13 +76,13 @@ RDEPEND="!sys-kernel/ps3-sources if [[ ${CATEGORY} == cross-* ]] ; then DEPEND+=" !crosscompile_opts_headers-only? ( >=${CATEGORY}/binutils-2.24 - >=${CATEGORY}/gcc-4.4 + >=${CATEGORY}/gcc-4.6 )" [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers" else DEPEND+=" >=sys-devel/binutils-2.24 - >=sys-devel/gcc-4.4 + >=sys-devel/gcc-4.6 virtual/os-headers" RDEPEND+=" vanilla? ( !sys-libs/timezone-data )" PDEPEND+=" !vanilla? ( sys-libs/timezone-data )" @@ -92,8 +92,8 @@ upstream_uris() { echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 } gentoo_uris() { - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI HTTP~blueness/glibc/URI" - devspace=${devspace//HTTP/http://dev.gentoo.org/} + local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + devspace=${devspace//HTTP/https://dev.gentoo.org/} echo mirror://gentoo/$1 ${devspace//URI/$1} } SRC_URI=$( @@ -145,7 +145,7 @@ src_test() { eblit-run src_test ; } src_install() { eblit-run src_install ; } # FILESDIR might not be available during binpkg install -for x in setup {pre,post}inst ; do +for x in pretend setup {pre,post}inst ; do e="${FILESDIR}/eblits/pkg_${x}.eblit" if [[ -e ${e} ]] ; then . "${e}" @@ -158,9 +158,6 @@ eblit-src_unpack-pre() { } eblit-src_prepare-post() { - cd "${WORKDIR}" - epatch "${FILESDIR}"/locale-default-en_US.patch - cd "${S}" if use hardened ; then @@ -188,11 +185,12 @@ eblit-src_prepare-post() { -e 's:-fstack-protector$:-fstack-protector-all:' \ */Makefile || die fi -} -# CoreOS tweaks: -# - drop host.conf and gai.conf -# - nsswitch.conf and rpc are provided by baselayout -eblit-src_install-post() { - rm -f "${D}"/etc/{gai.conf,host.conf,nsswitch.conf,rpc} || die + case $(gcc-fullversion) in + 4.8.[0-3]|4.9.0) + eerror "You need to switch to a newer compiler; gcc-4.8.[0-3] and gcc-4.9.0 miscompile" + eerror "glibc. See https://bugs.gentoo.org/547420 for details." + die "need to switch compilers #547420" + ;; + esac } From bf8fe18b5a52f30660a43227394824e6a82dd3ea Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Tue, 8 Dec 2015 13:19:44 -0800 Subject: [PATCH 2/2] glibc: apply CoreOS tweaks This time around our changes take a slightly different approach. Instead of editing the ebuild to undo things done in the common eblit code the eblits are edited directly, allowing for better customization. Also, managing locales is now different. Inside the SDK all locales are built at compile time, avoiding the need for locale-gen which is slow and complicates setup of the SDK chroot. For cross-compiled targets (CoreOS itself) final images don't include locale info either, again no need for locale-gen. The SDK is a bit bigger now, the compressed tarball is 20MB bigger and 200MB bigger extracted on disk. Considering how big it already is this shouldn't be that big of a deal. --- .../glibc/files/eblits/pkg_postinst.eblit | 8 +-- .../glibc/files/eblits/pkg_preinst.eblit | 6 +- .../glibc/files/eblits/src_install.eblit | 64 +++++-------------- 3 files changed, 19 insertions(+), 59 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit index 074cf3a0b9..9bf6336146 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit @@ -16,12 +16,6 @@ eblit-glibc-pkg_postinst() { # errors from this step #253697 /sbin/telinit U 2>/dev/null - # if the host locales.gen contains no entries, we'll install everything - local locale_list="${ROOT}etc/locale.gen" - if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then - ewarn "Generating all locales; edit /etc/locale.gen to save time/space" - locale_list="${ROOT}usr/share/i18n/SUPPORTED" - fi - locale-gen -j $(makeopts_jobs) --config "${locale_list}" + ## COREOS: locale-gen is not installed fi } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit index cb8f461b0d..4c19b76728 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit @@ -46,11 +46,7 @@ eblit-glibc-pkg_preinst() { # prepare /etc/ld.so.conf.d/ for files mkdir -p "${EROOT}"/etc/ld.so.conf.d - # Default /etc/hosts.conf:multi to on for systems with small dbs. - if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then - sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf - elog "Defaulting /etc/host.conf:multi to on" - fi + ## COREOS: host.conf is not installed [[ ${ROOT} != "/" ]] && return 0 [[ -d ${D}/$(get_libdir) ]] || return 0 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit index 4a8056071a..faadfb8af6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit @@ -133,70 +133,40 @@ toolchain-glibc_src_install() { return 0 fi - # Files for Debian-style locale updating - dodir /usr/share/i18n - sed \ - -e "/^#/d" \ - -e "/SUPPORTED-LOCALES=/d" \ - -e "s: \\\\::g" -e "s:/: :g" \ - "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \ - || die "generating /usr/share/i18n/SUPPORTED failed" - cd "${WORKDIR}"/extra/locale - dosbin locale-gen || die - doman *.[0-8] - insinto /etc - doins locale.gen || die + ## COREOS ## + # For reference, the rest of this function has been modified to do: + # - The SDK just gets the full locale archive, no need for locale-gen. + # - CoreOS targets (which are cross compiled) don't get any locales. + # - Config files are installed by baselayout, not glibc. + # - Forget about nscd for now, we have the use flag off anyway. + + if ! tc-is-cross-compiler ; then + emake install_root="${D}$(alt_prefix)" localedata/install-locales || die + # Sanity check the above command worked + [[ -f ${ED}/usr/$(get_libdir)/locale/locale-archive ]] || die + else + keepdir /usr/$(get_libdir)/locale + fi # Make sure all the ABI's can find the locales and so we only # have to generate one set local a - keepdir /usr/$(get_libdir)/locale for a in $(get_install_abis) ; do if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale fi done - cd "${S}" - - # Install misc network config files - insinto /etc - doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die - doins "${WORKDIR}"/extra/etc/*.conf || die - - if ! in_iuse nscd || use nscd ; then - doinitd "${WORKDIR}"/extra/etc/nscd || die - - local nscd_args=( - -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):" - ) - version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' ) - sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd - - # Newer versions of glibc include the nscd.service themselves. - # TODO: Drop the $FILESDIR copy once 2.19 goes stable. - if version_is_at_least 2.19 ; then - systemd_dounit nscd/nscd.service || die - systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die - else - systemd_dounit "${FILESDIR}"/nscd.service || die - systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die - fi - else - # Do this since extra/etc/*.conf above might have nscd.conf. - rm -f "${ED}"/etc/nscd.conf - fi + # Clean out any default configs + rm -rf "${ED}"/etc echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc doenvd "${T}"/00glibc || die + cd "${S}" for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do [[ -s ${d} ]] && dodoc ${d} done - - # Prevent overwriting of the /etc/localtime symlink. We'll handle the - # creation of the "factory" symlink in pkg_postinst(). - rm -f "${ED}"/etc/localtime } toolchain-glibc_headers_install() {