From c7c73d8a5da5d6c5f252efdc1e4c8b17bd6675e1 Mon Sep 17 00:00:00 2001 From: David Michael Date: Tue, 7 Nov 2017 17:37:09 -0500 Subject: [PATCH] sys-libs/glibc: Sync with Gentoo stable, to 2.25 --- .../coreos-overlay/sys-libs/glibc/Manifest | 4 +- .../files/2.10/glibc-2.10-gentoo-chk_fail.c | 315 --------------- ...c-2.10-hardened-configure-picdefault.patch | 30 -- ...ibc-2.10-hardened-inittls-nosysenter.patch | 274 ------------- .../files/2.17/glibc-2.17-hardened-pie.patch | 42 -- .../files/2.18/glibc-2.18-gentoo-chk_fail.c | 314 --------------- .../2.18/glibc-2.18-gentoo-stack_chk_fail.c | 322 --------------- ...ibc-2.18-hardened-inittls-nosysenter.patch | 277 ------------- ...c-2.19-hardened-configure-picdefault.patch | 30 -- ...ibc-2.20-hardened-inittls-nosysenter.patch | 306 -------------- .../2.23/glibc-2.23-binutils-update.patch | 57 --- .../files/2.23/glibc-2.23-c-utf8-locale.patch | 270 ------------- .../glibc-2.23-gshadow-handle-erange.patch | 114 ------ .../glibc-2.23-pthread-use-after-free.patch | 132 ------ .../files/2.24/glibc-2.24-c-utf8-locale.patch | 270 ------------- .../glibc-2.25-gentoo-chk_fail.c} | 4 + .../2.6/glibc-2.6-gentoo-stack_chk_fail.c | 321 --------------- .../sys-libs/glibc/files/eblits/common.eblit | 381 ------------------ .../glibc/files/eblits/pkg_postinst.eblit | 21 - .../glibc/files/eblits/pkg_preinst.eblit | 59 --- .../glibc/files/eblits/pkg_pretend.eblit | 137 ------- .../glibc/files/eblits/pkg_setup.eblit | 9 - .../glibc/files/eblits/src_compile.eblit | 35 -- .../glibc/files/eblits/src_configure.eblit | 282 ------------- .../glibc/files/eblits/src_install.eblit | 231 ----------- .../glibc/files/eblits/src_prepare.eblit | 65 --- .../glibc/files/eblits/src_test.eblit | 30 -- .../glibc/files/eblits/src_unpack.eblit | 121 ------ .../sys-libs/glibc/files/nscd-conf.tmpfiles | 2 - ...c-2.23-r6.ebuild => glibc-2.25-r11.ebuild} | 92 +---- .../sys-libs/glibc/metadata.xml | 3 +- 31 files changed, 27 insertions(+), 4523 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch rename sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/{2.20/glibc-2.20-gentoo-chk_fail.c => 2.25/glibc-2.25-gentoo-chk_fail.c} (99%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_setup.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_compile.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_configure.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles rename sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/{glibc-2.23-r6.ebuild => glibc-2.25-r11.ebuild} (63%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest index 5f5a1f1556..2647cc409e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest @@ -1,3 +1,3 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f -DIST glibc-2.23-patches-8.tar.bz2 304199 SHA256 6110777176abfb8d287d82804d98e007c255db6040a1beca589a212772c90482 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2 WHIRLPOOL 1ef9a431d67d7669f34f7db21185d50ddd6dc82c549a9ff274f0b98454417f4098ee771bfe10073be12d3c153ee46ff36e40b46ecb31844ab09791ae29b49074 -DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71 +DIST glibc-2.25-patches-15.tar.bz2 78320 SHA256 63667d2c27d5aa540d5a9c4d8774b169933553a5cc57ff44d1c9ebbe099dc030 SHA512 7204218ea82b677e0f278c4752ddb90aa0c08ac2349d061de81ec91dac204b0f10fe223d7b1055b9e0c21dac97c835f913a90c0168a5000d3be00dd20027c185 WHIRLPOOL 21af5b2efb036d4f7290f75b23f6d2cb79f91178c3374a007fde888060c9c94306e4165cf07077cce9390c0d7b9980a2b5291a32f7b6b56895294df6975ba6d9 +DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c deleted file mode 100644 index 37711e8aac..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c +++ /dev/null @@ -1,315 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2008 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch deleted file mode 100644 index e75ccc788c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.10 by Magnus Granberg - ---- configure.in -+++ configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch deleted file mode 100644 index cb6d8e3c78..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,274 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch deleted file mode 100644 index da4fb82539..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch +++ /dev/null @@ -1,42 +0,0 @@ -2012-11-11 Magnus Granberg - - #442712 - * Makeconfig (+link): Set to +link-pie. - (+link-static-before-libc): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prectorT) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - # Variants of the two previous definitions for statically linking programs. - +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` - +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c deleted file mode 100644 index c1934362f6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c +++ /dev/null @@ -1,314 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c deleted file mode 100644 index 9535c21578..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,322 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * Fixed to support glibc-2.18 by Magnus Granberg - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch deleted file mode 100644 index 8907ab2c6a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,277 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char - GL(dl_phnum) = __ehdr_start.e_phnum; - } - } -- -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -22,14 +22,17 @@ - #include - #include - #include -- -+#include - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - --dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - -+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - static struct - { -@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+#endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+#endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,29 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void * newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch deleted file mode 100644 index 341d8c5028..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.19 by Magnus Granberg - ---- configure.ac -+++ configure.ac -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch deleted file mode 100644 index 35eabe9401..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,306 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_PRE_TLS is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg -Fixed for 2.20 by Francisco Blas Izquierdo Riera - ---- a/csu/libc-start.c -+++ b/csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char - } - } - -+# ifdef INTERNAL_SYSCALL_PRE_TLS -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_PRE_TLS - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- a/csu/libc-tls.c -+++ b/csu/libc-tls.c -@@ -22,12 +22,17 @@ - #include - #include - #include -+#include - - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif -+ - dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - -@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# define __sbrk __sbrk_nosysenter -+#endif - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV - is defined add another #elif here and in the following #ifs. */ - # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" - #endif -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# undef __sbrk -+#endif - - /* Align the TLS block. */ - tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) ---- a/misc/sbrk.c -+++ b/misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used via -+ dynamic loading in a statically linked program update __curbrk from the -+ kernel's brk value. That way two separate instances of __brk and __sbrk -+ can share the heap, returning interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif -+ - void * - __sbrk (intptr_t increment) - { ---- a/sysdeps/unix/sysv/linux/i386/brk.c -+++ b/sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif -+ - int - __brk (void *addr) - { ---- a/sysdeps/unix/sysv/linux/i386/sysdep.h -+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +494,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" ---- a/sysdeps/i386/nptl/tls.h -+++ b/sysdeps/i386/nptl/tls.h -@@ -189,6 +189,15 @@ - desc->vals[3] = 0x51; - } - -+/* We have no sysenter until the tls is initialized which is a -+ problem for PIC. Thus we need to do the right call depending -+ on the situation. */ -+#ifndef INTERNAL_SYSCALL_PRE_TLS -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL -+#else -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS -+#endif -+ - /* Code to initially initialize the thread pointer. This might need - special attention since 'errno' is not yet available and if the - operation can cause a failure 'errno' must not be touched. */ -@@ -209,7 +218,7 @@ - \ - /* Install the TLS. */ \ - INTERNAL_SYSCALL_DECL (err); \ -- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ -+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ - \ - if (_result == 0) \ - /* We know the index in the GDT, now load the segment register. \ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch deleted file mode 100644 index c955b37ac5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 388b4f1a02f3a801965028bbfcd48d905638b797 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Fri, 23 Jun 2017 14:38:46 -0700 -Subject: [PATCH] Avoid .symver on common symbols [BZ #21666] - -The .symver directive on common symbol just creates a new common symbol, -not an alias and the newer assembler with the bug fix for - -https://sourceware.org/bugzilla/show_bug.cgi?id=21661 - -will issue an error. Before the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 5109: 00000000003a0608 8 OBJECT LOCAL DEFAULT 36 loc1 - 5188: 00000000003a0610 8 OBJECT LOCAL DEFAULT 36 loc2 - 5455: 00000000003a0618 8 OBJECT LOCAL DEFAULT 36 locs - 6575: 00000000003a05f0 8 OBJECT GLOBAL DEFAULT 36 locs@GLIBC_2.2.5 - 7156: 00000000003a05f8 8 OBJECT GLOBAL DEFAULT 36 loc1@GLIBC_2.2.5 - 7312: 00000000003a0600 8 OBJECT GLOBAL DEFAULT 36 loc2@GLIBC_2.2.5 - -in libc.so. The versioned loc1, loc2 and locs have the wrong addresses. -After the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 6570: 000000000039e3b8 8 OBJECT GLOBAL DEFAULT 34 locs@GLIBC_2.2.5 - 7151: 000000000039e3c8 8 OBJECT GLOBAL DEFAULT 34 loc1@GLIBC_2.2.5 - 7307: 000000000039e3c0 8 OBJECT GLOBAL DEFAULT 34 loc2@GLIBC_2.2.5 - - [BZ #21666] - * misc/regexp.c (loc1): Add __attribute__ ((nocommon)); - (loc2): Likewise. - (locs): Likewise. ---- -diff --git a/misc/regexp.c b/misc/regexp.c -index 19d76c0..eaea7c3 100644 ---- a/misc/regexp.c -+++ b/misc/regexp.c -@@ -29,14 +29,15 @@ - - #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_23) - --/* Define the variables used for the interface. */ --char *loc1; --char *loc2; -+/* Define the variables used for the interface. Avoid .symver on common -+ symbol, which just creates a new common symbol, not an alias. */ -+char *loc1 __attribute__ ((nocommon)); -+char *loc2 __attribute__ ((nocommon)); - compat_symbol (libc, loc1, loc1, GLIBC_2_0); - compat_symbol (libc, loc2, loc2, GLIBC_2_0); - - /* Although we do not support the use we define this variable as well. */ --char *locs; -+char *locs __attribute__ ((nocommon)); - compat_symbol (libc, locs, locs, GLIBC_2_0); - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch deleted file mode 100644 index f5da4192e0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "C:2015";LC_IDENTIFICATION -+category "C:2015";LC_CTYPE -+category "C:2015";LC_COLLATE -+category "C:2015";LC_TIME -+category "C:2015";LC_NUMERIC -+category "C:2015";LC_MONETARY -+category "C:2015";LC_MESSAGES -+category "C:2015";LC_PAPER -+category "C:2015";LC_NAME -+category "C:2015";LC_ADDRESS -+category "C:2015";LC_TELEPHONE -+category "C:2015";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "" -+% Using "$" for currency_symbol. But maybe would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "" -+mon_decimal_point "" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "";"";/ -+ "";"";/ -+ "";"";/ -+ "" -+ -+% Full weekday names (%A) -+day "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Abbreviated month names (%b) -+abmon "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"" -+ -+% Full month names (%B) -+mon "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "";"" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "" -+noexpr "" -+yesstr "" -+nostr "" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "/ -+" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "/ -+/ -+/ -+/ -+" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "/ -+" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch deleted file mode 100644 index d223e9f088..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch +++ /dev/null @@ -1,114 +0,0 @@ -From 74250a7cdf106d4ca7d9506e6d5dc7c448dc3434 Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Thu, 15 Dec 2016 15:22:57 -0800 -Subject: [PATCH] gshadow: Sync fgetsgent_r.c with grp/fgetgrent_r.c - - [BZ #20338] - * gshadow/fgetsgent_r.c: Include . - (flockfile): New macro. - (funlockfile): Likewise. - (__fgetsgent_r): Sync with __fgetgrent_r. - * nss/nss_files/files-sgrp.c: Fix "fgetsgent_r.c" typo. ---- - gshadow/fgetsgent_r.c | 35 ++++++++++++++++++++++++----------- - nss/nss_files/files-sgrp.c | 2 +- - 2 files changed, 25 insertions(+), 12 deletions(-) - -diff --git a/gshadow/fgetsgent_r.c b/gshadow/fgetsgent_r.c -index b70f6fa..02cd33a 100644 ---- a/gshadow/fgetsgent_r.c -+++ b/gshadow/fgetsgent_r.c -@@ -20,39 +20,44 @@ - #include - #include - -+#include -+#define flockfile(s) _IO_flockfile (s) -+#define funlockfile(s) _IO_funlockfile (s) -+ - /* Define a line parsing function using the common code - used in the nss_files module. */ - - #define STRUCTURE sgrp - #define ENTNAME sgent --#define EXTERN_PARSER 1 -+#define EXTERN_PARSER 1 - struct sgent_data {}; - - #include - - --/* Read one shadow entry from the given stream. */ -+/* Read one entry from the given stream. */ - int - __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, - struct sgrp **result) - { - char *p; -+ int parse_result; - -- _IO_flockfile (stream); -+ flockfile (stream); - do - { - buffer[buflen - 1] = '\xff'; - p = fgets_unlocked (buffer, buflen, stream); -- if (p == NULL && feof_unlocked (stream)) -+ if (__builtin_expect (p == NULL, 0) && feof_unlocked (stream)) - { -- _IO_funlockfile (stream); -+ funlockfile (stream); - *result = NULL; - __set_errno (ENOENT); - return errno; - } -- if (p == NULL || buffer[buflen - 1] != '\xff') -+ if (__builtin_expect (p == NULL, 0) || buffer[buflen - 1] != '\xff') - { -- _IO_funlockfile (stream); -+ funlockfile (stream); - *result = NULL; - __set_errno (ERANGE); - return errno; -@@ -61,13 +66,21 @@ __fgetsgent_r (FILE *stream, struct sgrp *resbuf, char *buffer, size_t buflen, - /* Skip leading blanks. */ - while (isspace (*p)) - ++p; -- } while (*p == '\0' || *p == '#' || /* Ignore empty and comment lines. */ -+ } while (*p == '\0' || *p == '#' /* Ignore empty and comment lines. */ - /* Parse the line. If it is invalid, loop to - get the next line of the file to parse. */ -- ! parse_line (buffer, (void *) resbuf, (void *) buffer, buflen, -- &errno)); -+ || ! (parse_result = parse_line (p, resbuf, -+ (void *) buffer, buflen, -+ &errno))); -+ -+ funlockfile (stream); - -- _IO_funlockfile (stream); -+ if (__builtin_expect (parse_result, 0) == -1) -+ { -+ /* The parser ran out of space. */ -+ *result = NULL; -+ return errno; -+ } - - *result = resbuf; - return 0; -diff --git a/nss/nss_files/files-sgrp.c b/nss/nss_files/files-sgrp.c -index 15dc659..05c3805 100644 ---- a/nss/nss_files/files-sgrp.c -+++ b/nss/nss_files/files-sgrp.c -@@ -23,7 +23,7 @@ - #define DATABASE "gshadow" - struct sgent_data {}; - --/* Our parser function is already defined in sgetspent_r.c, so use that -+/* Our parser function is already defined in sgetsgent_r.c, so use that - to parse lines from the database file. */ - #define EXTERN_PARSER - #include "files-parse.c" --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch deleted file mode 100644 index c9734c0a15..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch +++ /dev/null @@ -1,132 +0,0 @@ -diff -Naur glibc-2.22_orig/nptl/createthread.c glibc-2.22/nptl/createthread.c ---- glibc-2.22_orig/nptl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/createthread.c 2016-09-28 11:27:50.831206703 -0700 -@@ -25,13 +25,13 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* If the implementation needs to do some tweaks to the thread after - it has been created at the OS level, it can set STOPPED_START here. */ - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/nptl/pthread_create.c glibc-2.22/nptl/pthread_create.c ---- glibc-2.22_orig/nptl/pthread_create.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/pthread_create.c 2016-09-28 11:31:20.839209223 -0700 -@@ -72,7 +72,7 @@ - case it is responsible for doing its own cleanup. */ - - static int create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, -+ bool *stopped_start, STACK_VARIABLES_PARMS, - bool *thread_ran); - - #include -@@ -633,14 +633,16 @@ - that cares whether the thread count is correct. */ - atomic_increment (&__nptl_nthreads); - -+ bool stopped_start = false; - bool thread_ran = false; - - /* Start the thread. */ - if (__glibc_unlikely (report_thread_creation (pd))) - { -+ stopped_start = true; - /* Create the thread. We always create the thread stopped - so that it does not get far before we tell the debugger. */ -- retval = create_thread (pd, iattr, true, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - if (retval == 0) - { -@@ -667,7 +669,7 @@ - } - } - else -- retval = create_thread (pd, iattr, false, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - - if (__glibc_unlikely (retval != 0)) -@@ -701,7 +703,8 @@ - } - else - { -- if (pd->stopped_start) -+ /* do not use pd->stopped_start to avoid use after free */ -+ if (stopped_start) - /* The thread blocked on this lock either because we're doing TD_CREATE - event reporting, or for some other reason that create_thread chose. - Now let it run free. */ -diff -Naur glibc-2.22_orig/sysdeps/nacl/createthread.c glibc-2.22/sysdeps/nacl/createthread.c ---- glibc-2.22_orig/sysdeps/nacl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/nacl/createthread.c 2016-09-28 11:27:34.983206513 -0700 -@@ -32,12 +32,12 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - pd->tid = __nacl_get_tid (pd); - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c glibc-2.22/sysdeps/unix/sysv/linux/createthread.c ---- glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/unix/sysv/linux/createthread.c 2016-09-28 11:27:18.275206312 -0700 -@@ -46,7 +46,7 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* Determine whether the newly created threads has to be started - stopped since we have to set the scheduling parameters or set the -@@ -54,10 +54,10 @@ - if (attr != NULL - && (__glibc_unlikely (attr->cpuset != NULL) - || __glibc_unlikely ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0))) -- stopped_start = true; -+ *stopped_start = true; - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -@@ -117,7 +117,7 @@ - /* Set the affinity mask if necessary. */ - if (attr->cpuset != NULL) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setaffinity, err, 3, pd->tid, - attr->cpusetsize, attr->cpuset); -@@ -140,7 +140,7 @@ - /* Set the scheduling parameters. */ - if ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setscheduler, err, 3, pd->tid, - pd->schedpolicy, &pd->schedparam); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch deleted file mode 100644 index 7fabf303f1..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "i18n:2012";LC_IDENTIFICATION -+category "i18n:2012";LC_CTYPE -+category "i18n:2012";LC_COLLATE -+category "i18n:2012";LC_TIME -+category "i18n:2012";LC_NUMERIC -+category "i18n:2012";LC_MONETARY -+category "i18n:2012";LC_MESSAGES -+category "i18n:2012";LC_PAPER -+category "i18n:2012";LC_NAME -+category "i18n:2012";LC_ADDRESS -+category "i18n:2012";LC_TELEPHONE -+category "i18n:2012";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "" -+% Using "$" for currency_symbol. But maybe would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "" -+mon_decimal_point "" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "";"";/ -+ "";"";/ -+ "";"";/ -+ "" -+ -+% Full weekday names (%A) -+day "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Abbreviated month names (%b) -+abmon "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"" -+ -+% Full month names (%B) -+mon "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "";"" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "" -+noexpr "" -+yesstr "" -+nostr "" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "/ -+" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "/ -+/ -+/ -+/ -+" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "/ -+" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c index a8ab9d8a3e..2ef96b75ea 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c @@ -297,3 +297,7 @@ void __chk_fail(void) { __hardened_gentoo_fail(); } + +#ifdef GENTOO_SSP_HANDLER +strong_alias (__stack_chk_fail, __stack_chk_fail_local) +#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c deleted file mode 100644 index 217bf1a907..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,321 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2007 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit deleted file mode 100644 index 370782b4b4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit +++ /dev/null @@ -1,381 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -alt_prefix() { - is_crosscompile && echo /usr/${CTARGET} -} - -if [[ ${EAPI:-0} == [012] ]] ; then - : ${ED:=${D}} - : ${EROOT:=${ROOT}} -fi -# This indirection is for binpkgs. #523332 -_nonfatal() { nonfatal "$@" ; } -if [[ ${EAPI:-0} == [0123] ]] ; then - nonfatal() { "$@" ; } - _nonfatal() { "$@" ; } -fi - -# We need to be able to set alternative headers for -# compiling for non-native platform -# Will also become useful for testing kernel-headers without screwing up -# the whole system. -# note: intentionally undocumented. -alt_headers() { - echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} -} -alt_build_headers() { - if [[ -z ${ALT_BUILD_HEADERS} ]] ; then - ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)" - if tc-is-cross-compiler ; then - ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers) - if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then - local header_path=$(echo '#include ' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h') - ALT_BUILD_HEADERS=${header_path%/linux/version.h} - fi - fi - fi - echo "${ALT_BUILD_HEADERS}" -} - -alt_libdir() { - echo $(alt_prefix)/$(get_libdir) -} -alt_usrlibdir() { - echo $(alt_prefix)/usr/$(get_libdir) -} - -builddir() { - echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1" -} - -setup_target_flags() { - # This largely mucks with compiler flags. None of which should matter - # when building up just the headers. - just_headers && return 0 - - case $(tc-arch) in - x86) - # -march needed for #185404 #199334 - # TODO: When creating the first glibc cross-compile, this test will - # always fail as it does a full link which in turn requires glibc. - # Probably also applies when changing multilib profile settings (e.g. - # enabling x86 when the profile was amd64-only previously). - # We could change main to _start and pass -nostdlib here so that we - # only test the gcc code compilation. Or we could do a compile and - # then look for the symbol via scanelf. - if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - filter-flags '-march=*' - export CFLAGS="-march=${t} ${CFLAGS}" - einfo "Auto adding -march=${t} to CFLAGS #185404" - fi - ;; - amd64) - # -march needed for #185404 #199334 - # Note: This test only matters when the x86 ABI is enabled, so we could - # optimize a bit and elide it. - # TODO: See cross-compile issues listed above for x86. - if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - # Normally the target is x86_64-xxx, so turn that into the -march that - # gcc actually accepts. #528708 - [[ ${t} == "x86_64" ]] && t="x86-64" - filter-flags '-march=*' - # ugly, ugly, ugly. ugly. - CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") - export CFLAGS_x86="${CFLAGS_x86} -march=${t}" - einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" - fi - ;; - mips) - # The mips abi cannot support the GNU style hashes. #233233 - filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both - ;; - ppc) - append-flags "-freorder-blocks" - ;; - sparc) - # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though. - filter-flags "-fcall-used-g7" - append-flags "-fcall-used-g6" - - # If the CHOST is the basic one (e.g. not sparcv9-xxx already), - # try to pick a better one so glibc can use cpu-specific .S files. - # We key off the CFLAGS to get a good value. Also need to handle - # version skew. - # We can't force users to set their CHOST to their exact machine - # as many of these are not recognized by config.sub/gcc and such :(. - # Note: If the mcpu values don't scale, we might try probing CPP defines. - # Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ? - - local cpu - case ${CTARGET} in - sparc64-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparc64v2" - elif version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - ultrasparc3) - cpu="sparc64b" - ;; - *) - # We need to force at least v9a because the base build doesn't - # work with just v9. - # https://sourceware.org/bugzilla/show_bug.cgi?id=19477 - [[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a" - ;; - esac - ;; - sparc-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparcv9v2" - elif version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - ultrasparc3) - cpu="sparcv9b" - ;; - v9|ultrasparc) - cpu="sparcv9" - ;; - v8|supersparc|hypersparc|leon|leon3) - cpu="sparcv8" - ;; - esac - ;; - esac - [[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}" - ;; - esac -} - -setup_flags() { - # Make sure host make.conf doesn't pollute us - if is_crosscompile || tc-is-cross-compiler ; then - CHOST=${CTARGET} strip-unsupported-flags - fi - - # Store our CFLAGS because it's changed depending on which CTARGET - # we are building when pulling glibc on a multilib profile - CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}} - CFLAGS=${CFLAGS_BASE} - CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}} - CXXFLAGS=${CXXFLAGS_BASE} - ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}} - ASFLAGS=${ASFLAGS_BASE} - - # Over-zealous CFLAGS can often cause problems. What may work for one - # person may not work for another. To avoid a large influx of bugs - # relating to failed builds, we strip most CFLAGS out to ensure as few - # problems as possible. - strip-flags - strip-unsupported-flags - filter-flags -m32 -m64 -mabi=* - - # Bug 492892. - filter-flags -frecord-gcc-switches - - unset CBUILD_OPT CTARGET_OPT - if use multilib ; then - CTARGET_OPT=$(get_abi_CTARGET) - [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST) - fi - - setup_target_flags - - if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then - CBUILD_OPT=${CTARGET_OPT} - fi - - # Lock glibc at -O2 -- linuxthreads needs it and we want to be - # conservative here. -fno-strict-aliasing is to work around #155906 - filter-flags -O? - append-flags -O2 -fno-strict-aliasing - - # Can't build glibc itself with fortify code. Newer versions add - # this flag for us, so no need to do it manually. - version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE - - # building glibc with SSP is fraught with difficulty, especially - # due to __stack_chk_fail_local which would mean significant changes - # to the glibc build process. See bug #94325 #293721 - # Note we have to handle both user-given CFLAGS and gcc defaults via - # spec rules here. We can't simply add -fno-stack-protector as it gets - # added before user flags, and we can't just filter-flags because - # _filter_hardened doesn't support globs. - filter-flags -fstack-protector* - gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) - - if use hardened && gcc-specs-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi -} - -want_nptl() { - [[ -z ${LT_VER} ]] && return 0 - want_tls || return 1 - use nptl || return 1 - - # Older versions of glibc had incomplete arch support for nptl. - # But if you're building those now, you can handle USE=nptl yourself. - return 0 -} - -want_linuxthreads() { - [[ -z ${LT_VER} ]] && return 1 - use linuxthreads -} - -want_tls() { - # Archs that can use TLS (Thread Local Storage) - case $(tc-arch) in - x86) - # requires i486 or better #106556 - [[ ${CTARGET} == i[4567]86* ]] && return 0 - return 1 - ;; - esac - - return 0 -} - -want__thread() { - want_tls || return 1 - - # For some reason --with-tls --with__thread is causing segfaults on sparc32. - [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 - - [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} - - # only test gcc -- cant test linking yet - tc-has-tls -c ${CTARGET} - WANT__THREAD=$? - - return ${WANT__THREAD} -} - -use_multiarch() { - # Make sure binutils is new enough to support indirect functions #336792 - # This funky sed supports gold and bfd linkers. - local bver nver - bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}') - case $(tc-arch ${CTARGET}) in - amd64|x86) nver="2.20" ;; - arm) nver="2.22" ;; - hppa) nver="2.23" ;; - ppc|ppc64) nver="2.20" ;; - # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24. - s390) nver="2.24" ;; - sparc) nver="2.21" ;; - *) return 1 ;; - esac - version_is_at_least ${nver} ${bver} -} - -# Setup toolchain variables that had historically -# been defined in the profiles for these archs. -setup_env() { - # silly users - unset LD_RUN_PATH - unset LD_ASSUME_KERNEL - - if is_crosscompile || tc-is-cross-compiler ; then - multilib_env ${CTARGET_OPT:-${CTARGET}} - - if ! use multilib ; then - MULTILIB_ABIS=${DEFAULT_ABI} - else - MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}} - fi - - # If the user has CFLAGS_ in their make.conf, use that, - # and fall back on CFLAGS. - local VAR=CFLAGS_${CTARGET//[-.]/_} - CFLAGS=${!VAR-${CFLAGS}} - fi - - setup_flags - - export ABI=${ABI:-${DEFAULT_ABI:-default}} - - local VAR=CFLAGS_${ABI} - # We need to export CFLAGS with abi information in them because glibc's - # configure script checks CFLAGS for some targets (like mips). Keep - # around the original clean value to avoid appending multiple ABIs on - # top of each other. - : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})} - export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" -} - -foreach_abi() { - setup_env - - local ret=0 - local abilist="" - if use multilib ; then - abilist=$(get_install_abis) - else - abilist=${DEFAULT_ABI} - fi - evar_push ABI - export ABI - for ABI in ${abilist:-default} ; do - setup_env - einfo "Running $1 for ABI ${ABI}" - $1 - : $(( ret |= $? )) - done - evar_pop - return ${ret} -} - -just_headers() { - is_crosscompile && use crosscompile_opts_headers-only -} - -glibc_banner() { - local b="Gentoo ${PVR}" - [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}" - [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}" - [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}" - echo "${b}" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit deleted file mode 100644 index 827cba9b51..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-pkg_postinst() { - # nothing to do if just installing headers - just_headers && return - - if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then - # Generate fastloading iconv module configuration file. - "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" - fi - - if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then - # Reload init ... if in a chroot or a diff init package, ignore - # errors from this step #253697 - /sbin/telinit U 2>/dev/null - - ## COREOS: locale-gen is not installed - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit deleted file mode 100644 index 65c7c958af..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -# Simple test to make sure our new glibc isnt completely broken. -# Make sure we don't test with statically built binaries since -# they will fail. Also, skip if this glibc is a cross compiler. -# -# If coreutils is built with USE=multicall, some of these files -# will just be wrapper scripts, not actual ELFs we can test. -glibc_sanity_check() { - cd / #228809 - - # We enter ${ED} so to avoid trouble if the path contains - # special characters; for instance if the path contains the - # colon character (:), then the linker will try to split it - # and look for the libraries in an unexpected place. This can - # lead to unsafe code execution if the generated prefix is - # within a world-writable directory. - # (e.g. /var/tmp/portage:${HOSTNAME}) - pushd "${ED}"/$(get_libdir) >/dev/null - - local x striptest - for x in cal date env free ls true uname uptime ; do - x=$(type -p ${x}) - [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue - striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue - case ${striptest} in - *"statically linked"*) continue;; - *"ASCII text"*) continue;; - esac - # We need to clear the locale settings as the upgrade might want - # incompatible locale data. This test is not for verifying that. - LC_ALL=C \ - ./ld-*.so --library-path . ${x} > /dev/null \ - || die "simple run test (${x}) failed" - done - - popd >/dev/null -} - -eblit-glibc-pkg_preinst() { - # nothing to do if just installing headers - just_headers && return - - # prepare /etc/ld.so.conf.d/ for files - mkdir -p "${EROOT}"/etc/ld.so.conf.d - - ## COREOS: host.conf is not installed - - [[ ${ROOT} != "/" ]] && return 0 - [[ -d ${ED}/$(get_libdir) ]] || return 0 - [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check - - # For newer EAPIs, this was run in pkg_pretend. - if [[ ${EAPI:-0} == [0123] ]] ; then - check_devpts - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit deleted file mode 100644 index 03c947f3e3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_compile_test() { - local ret save_cflags=${CFLAGS} - CFLAGS+=" $1" - shift - - pushd "${T}" >/dev/null - - rm -f glibc-test* - printf '%b' "$*" > glibc-test.c - - _nonfatal emake -s glibc-test - ret=$? - - popd >/dev/null - - CFLAGS=${save_cflags} - return ${ret} -} - -glibc_run_test() { - local ret - - if [[ ${EMERGE_FROM} == "binary" ]] ; then - # ignore build failures when installing a binary package #324685 - glibc_compile_test "" "$@" 2>/dev/null || return 0 - else - if ! glibc_compile_test "" "$@" ; then - ewarn "Simple build failed ... assuming this is desired #324685" - return 0 - fi - fi - - pushd "${T}" >/dev/null - - ./glibc-test - ret=$? - rm -f glibc-test* - - popd >/dev/null - - return ${ret} -} - -check_devpts() { - ## COREOS: Ignore /dev/pts settings, the chroot has no control over them. - return 0 -} - -eblit-glibc-pkg_pretend() { - # For older EAPIs, this is run in pkg_preinst. - if [[ ${EAPI:-0} != [0123] ]] ; then - check_devpts - fi - - # Prevent native builds from downgrading. - if [[ ${MERGE_TYPE} != "buildonly" ]] && \ - [[ ${ROOT} == "/" ]] && \ - [[ ${CBUILD} == ${CHOST} ]] && \ - [[ ${CHOST} == ${CTARGET} ]] ; then - # The high rev # is to allow people to downgrade between -r# versions. - # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. - # Hopefully we never actually use a r# this high. - if has_version ">${CATEGORY}/${P}-r10000" ; then - eerror "Sanity check to keep you from breaking your system:" - eerror " Downgrading glibc is not supported and a sure way to destruction" - die "aborting to save your system" - fi - - if ! glibc_run_test '#include \nint main(){return getpwuid(0)==0;}\n' - then - eerror "Your patched vendor kernel is broken. You need to get an" - eerror "update from whoever is providing the kernel to you." - eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" - eerror "http://bugs.gentoo.org/262698" - die "keeping your system alive, say thank you" - fi - - if ! glibc_run_test '#include \n#include \nint main(){return syscall(1000)!=-1;}\n' - then - eerror "Your old kernel is broken. You need to update it to" - eerror "a newer version as syscall() will break." - eerror "http://bugs.gentoo.org/279260" - die "keeping your system alive, say thank you" - fi - fi - - # users have had a chance to phase themselves, time to give em the boot - if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then - eerror "You still haven't deleted ${EROOT}/etc/locales.build." - eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." - die "lazy upgrader detected" - fi - - if [[ ${CTARGET} == i386-* ]] ; then - eerror "i386 CHOSTs are no longer supported." - eerror "Chances are you don't actually want/need i386." - eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" - die "please fix your CHOST" - fi - - if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then - ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." - ewarn "This will result in a 50% performance penalty when running with a 32bit" - ewarn "hypervisor, which is probably not what you want." - fi - - use hardened && ! gcc-specs-pie && \ - ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" - - # Make sure host system is up to date #394453 - if has_version ' /dev/null - local addons=$(echo */configure | sed \ - -e 's:/configure::g' \ - -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ - -e 's: \+$::' \ - -e 's! !,!g' \ - -e 's!^!,!' \ - -e '/^,\*$/d') - [[ -d ports ]] && addons+=",ports" - popd > /dev/null - - myconf+=( $(use_enable hardened stackguard-randomization) ) - if has_version ' "${T}"/test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then - sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die - mkdir -p sunrpc - cp $(which rpcgen) sunrpc/cross-rpcgen || die - touch -t 202001010101 sunrpc/cross-rpcgen || die - fi - fi -} - -toolchain-glibc_headers_configure() { - export ABI=default - - local builddir=$(builddir "headers") - mkdir -p "${builddir}" - cd "${builddir}" - - # if we don't have a compiler yet, we cant really test it now ... - # hopefully they don't affect header geneation, so let's hope for - # the best here ... - local v vars=( - ac_cv_header_cpuid_h=yes - libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes - libc_cv_asm_cfi_directives=yes - libc_cv_broken_visibility_attribute=no - libc_cv_c_cleanup=yes - libc_cv_forced_unwind=yes - libc_cv_gcc___thread=yes - libc_cv_mlong_double_128=yes - libc_cv_mlong_double_128ibm=yes - libc_cv_ppc_machine=yes - libc_cv_ppc_rel16=yes - libc_cv_predef_{fortify_source,stack_protector}=no - libc_cv_visibility_attribute=yes - libc_cv_z_combreloc=yes - libc_cv_z_execstack=yes - libc_cv_z_initfirst=yes - libc_cv_z_nodelete=yes - libc_cv_z_nodlopen=yes - libc_cv_z_relro=yes - libc_mips_abi=${ABI} - libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) - # These libs don't have configure flags. - ac_cv_lib_audit_audit_log_user_avc_message=no - ac_cv_lib_cap_cap_init=no - ) - einfo "Forcing cached settings:" - for v in "${vars[@]}" ; do - einfo " ${v}" - export ${v} - done - - # Blow away some random CC settings that screw things up. #550192 - if [[ -d ${S}/sysdeps/mips ]]; then - pushd "${S}"/sysdeps/mips >/dev/null - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die - if version_is_at_least 2.21 ; then - # Force the mips ABI to the default. This is OK because the set of - # installed headers in this phase is the same between the 3 ABIs. - # If this ever changes, this hack will break, but that's unlikely - # as glibc discourages that behavior. - # https://crbug.com/647033 - sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die - fi - popd >/dev/null - fi - - local myconf=() - myconf+=( - --disable-sanity-checks - --enable-hacker-mode - --without-cvs - --disable-werror - --enable-bind-now - --build=${CBUILD_OPT:-${CBUILD}} - --host=${CTARGET_OPT:-${CTARGET}} - --with-headers=$(alt_build_headers) - --prefix="${EPREFIX}/usr" - ${EXTRA_ECONF} - ) - - local addons - [[ -d ${S}/ports ]] && addons+=",ports" - # Newer versions require nptl, so there is no addon for it. - version_is_at_least 2.20 || addons+=",nptl" - myconf+=( --enable-add-ons="${addons#,}" ) - - # Nothing is compiled here which would affect the headers for the target. - # So forcing CC/CFLAGS is sane. - set -- "${S}"/configure "${myconf[@]}" - echo "$@" - CC="$(tc-getBUILD_CC)" \ - CFLAGS="-O1 -pipe" \ - CPPFLAGS="-U_FORTIFY_SOURCE" \ - LDFLAGS="" \ - "$@" || die "failed to configure glibc" -} - -toolchain-glibc_src_configure() { - if just_headers ; then - toolchain-glibc_headers_configure - else - want_linuxthreads && glibc_do_configure linuxthreads - want_nptl && glibc_do_configure nptl - fi -} - -eblit-glibc-src_configure() { - foreach_abi toolchain-glibc_src_configure -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit deleted file mode 100644 index 6d0353f7bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -toolchain-glibc_src_install() { - local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) - cd "${builddir}" - - emake install_root="${D}$(alt_prefix)" install || die - - if want_linuxthreads && want_nptl ; then - einfo "Installing NPTL to $(alt_libdir)/tls/..." - cd "$(builddir nptl)" - dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl - - local l src_lib - for l in libc libm librt libpthread libthread_db ; do - # take care of shared lib first ... - l=${l}.so - if [[ -e ${l} ]] ; then - src_lib=${l} - else - src_lib=$(eval echo */${l}) - fi - cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" - fperms a+rx $(alt_libdir)/tls/${l} - dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) - - # then grab the linker script or the symlink ... - if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then - dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} - else - sed \ - -e "s:/${l}:/tls/${l}:g" \ - -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ - "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} - fi - - # then grab the static lib ... - src_lib=${src_lib/%.so/.a} - [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - src_lib=${src_lib/%.a/_nonshared.a} - if [[ -e ${src_lib} ]] ; then - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - fi - done - - # use the nptl linker instead of the linuxthreads one as the linuxthreads - # one may lack TLS support and that can be really bad for business - cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" - fi - - # Newer versions get fancy with libm linkage to include vectorized support. - # While we don't really need a ldscript here, portage QA checks get upset. - if [[ -e ${ED}$(alt_usrlibdir)/libm-${PV}.a ]] ; then - dosym ../../$(get_libdir)/libm-${PV}.so $(alt_usrlibdir)/libm-${PV}.so - fi - - # We'll take care of the cache ourselves - rm -f "${ED}"/etc/ld.so.cache - - # Everything past this point just needs to be done once ... - is_final_abi || return 0 - - # Make sure the non-native interp can be found on multilib systems even - # if the main library set isn't installed into the right place. Maybe - # we should query the active gcc for info instead of hardcoding it ? - local i ldso_abi ldso_name - local ldso_abi_list=( - # x86 - amd64 /lib64/ld-linux-x86-64.so.2 - x32 /libx32/ld-linux-x32.so.2 - x86 /lib/ld-linux.so.2 - # mips - o32 /lib/ld.so.1 - n32 /lib32/ld.so.1 - n64 /lib64/ld.so.1 - # powerpc - ppc /lib/ld.so.1 - ppc64 /lib64/ld64.so.1 - # s390 - s390 /lib/ld.so.1 - s390x /lib/ld64.so.1 - # sparc - sparc32 /lib/ld-linux.so.2 - sparc64 /lib64/ld-linux.so.2 - ) - case $(tc-endian) in - little) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64.so.1 - ) - ;; - big) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64_be.so.1 - ) - ;; - esac - if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then - dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib - fi - for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do - ldso_abi=${ldso_abi_list[i]} - has ${ldso_abi} $(get_install_abis) || continue - - ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" - if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then - dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} - fi - done - - # With devpts under Linux mounted properly, we do not need the pt_chown - # binary to be setuid. This is because the default owners/perms will be - # exactly what we want. - if in_iuse suid && ! use suid ; then - find "${ED}" -name pt_chown -exec chmod -s {} + - fi - - ################################################################# - # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # - # Make sure we install some symlink hacks so that when we build - # a 2nd stage cross-compiler, gcc finds the target system - # headers correctly. See gcc/doc/gccinstall.info - if is_crosscompile ; then - # We need to make sure that /lib and /usr/lib always exists. - # gcc likes to use relative paths to get to its multilibs like - # /usr/lib/../lib64/. So while we don't install any files into - # /usr/lib/, we do need it to exist. - cd "${ED}"$(alt_libdir)/.. - [[ -e lib ]] || mkdir lib - cd "${ED}"$(alt_usrlibdir)/.. - [[ -e lib ]] || mkdir lib - - dosym usr/include $(alt_prefix)/sys-include - return 0 - fi - - ## COREOS ## - # For reference, the rest of this function has been modified to do: - # - The SDK just gets the full locale archive, no need for locale-gen. - # - CoreOS targets (which are cross compiled) don't get any locales. - # - Config files are installed by baselayout, not glibc. - # - Install nscd/systemd stuff in /usr. - - if ! tc-is-cross-compiler ; then - emake install_root="${D}$(alt_prefix)" localedata/install-locales || die - # Sanity check the above command worked - [[ -f ${ED}/usr/$(get_libdir)/locale/locale-archive ]] || die - else - keepdir /usr/$(get_libdir)/locale - fi - - # Make sure all the ABI's can find the locales and so we only - # have to generate one set - local a - for a in $(get_install_abis) ; do - if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then - dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale - fi - done - - # Clean out any default configs - rm -rf "${ED}"/etc - - cd "${S}" - - # Install misc network config files - insinto /usr/share/baselayout - doins nscd/nscd.conf || die - - if ! in_iuse nscd || use nscd ; then - systemd_dounit nscd/nscd.service || die - systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die - systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die - fi - - echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc - doenvd "${T}"/00glibc || die - - for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do - [[ -s ${d} ]] && dodoc ${d} - done -} - -toolchain-glibc_headers_install() { - local builddir=$(builddir "headers") - cd "${builddir}" - emake install_root="${D}$(alt_prefix)" install-headers || die - if ! version_is_at_least 2.16 ; then - insinto $(alt_headers)/bits - doins bits/stdio_lim.h || die - fi - insinto $(alt_headers)/gnu - doins "${S}"/include/gnu/stubs.h || die "doins include gnu" - # Make sure we install the sys-include symlink so that when - # we build a 2nd stage cross-compiler, gcc finds the target - # system headers correctly. See gcc/doc/gccinstall.info - dosym usr/include $(alt_prefix)/sys-include -} - -src_strip() { - # gdb is lame and requires some debugging information to remain in - # libpthread, so we need to strip it by hand. libthread_db makes no - # sense stripped as it is only used when debugging. - local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}") - env \ - -uRESTRICT \ - CHOST=${CTARGET} \ - STRIP_MASK="/*/{,tls/}${pthread}*" \ - prepallstrip - # if user has stripping enabled and does not have split debug turned on, - # then leave the debugging sections in libpthread. - if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then - ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so - fi -} - -eblit-glibc-src_install() { - if just_headers ; then - export ABI=default - toolchain-glibc_headers_install - return - fi - - foreach_abi toolchain-glibc_src_install - src_strip -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit deleted file mode 100644 index 11ff7af6f8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-src_prepare() { - # XXX: We should do the branchupdate, before extracting the manpages and - # infopages else it does not help much (mtimes change if there is a change - # to them with branchupdate) - if [[ -n ${BRANCH_UPDATE} ]] ; then - epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 - - # Snapshot date patch - einfo "Patching version to display snapshot date ..." - sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h - fi - - # tag, glibc is it - if ! version_is_at_least 2.17 ; then - [[ -e csu/Banner ]] && die "need new banner location" - glibc_banner > csu/Banner - fi - if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then - EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \ - EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \ - EPATCH_SUFFIX="patch" \ - ARCH=$(tc-arch) \ - epatch "${WORKDIR}"/patches - fi - - if just_headers ; then - if [[ -e ports/sysdeps/mips/preconfigure ]] ; then - # mips peeps like to screw with us. if building headers, - # we don't have a real compiler, so we can't let them - # insert -mabi on us. - sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die - find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + - fi - fi - - epatch_user - - gnuconfig_update - - # Glibc is stupid sometimes, and doesn't realize that with a - # static C-Only gcc, -lgcc_eh doesn't exist. - # https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html - # https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html - # But! Finally fixed in recent versions: - # https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html - if ! version_is_at_least 2.16 ; then - echo 'int main(){}' > "${T}"/gcc_eh_test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then - sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" - fi - fi - - cd "${WORKDIR}" - find . -type f '(' -size 0 -o -name "*.orig" ')' -delete - find . -name configure -exec touch {} + - - eprefixify extra/locale/locale-gen - - # Fix permissions on some of the scripts. - chmod u+x "${S}"/scripts/*.sh -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit deleted file mode 100644 index fc5b950f46..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_src_test() { - cd "$(builddir $1)" - nonfatal emake -j1 check && return 0 - einfo "make check failed - re-running with --keep-going to get the rest of the results" - nonfatal emake -j1 -k check - ewarn "make check failed for ${ABI}-${CTARGET}-$1" - return 1 -} - -toolchain-glibc_src_test() { - local ret=0 t - for t in linuxthreads nptl ; do - if want_${t} ; then - glibc_src_test ${t} - : $(( ret |= $? )) - fi - done - return ${ret} -} - -eblit-glibc-src_test() { - # Give tests more time to complete. - export TIMEOUTFACTOR=5 - - foreach_abi toolchain-glibc_src_test || die "tests failed" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit deleted file mode 100644 index 8d4c740717..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" - -int_to_KV() { - local version=$1 major minor micro - major=$((version / 65536)) - minor=$(((version % 65536) / 256)) - micro=$((version % 256)) - echo ${major}.${minor}.${micro} -} - -eend_KV() { - [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]] - eend $? -} - -get_kheader_version() { - printf '#include \nLINUX_VERSION_CODE\n' | \ - $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \ - tail -n 1 -} - -check_nptl_support() { - # don't care about the compiler here as we arent using it - just_headers && return - - local run_kv build_kv want_kv - run_kv=$(int_to_KV $(get_KV)) - build_kv=$(int_to_KV $(get_kheader_version)) - want_kv=${NPTL_KERN_VER} - - ebegin "Checking gcc for __thread support" - if ! eend $(want__thread ; echo $?) ; then - echo - eerror "Could not find a gcc that supports the __thread directive!" - eerror "Please update your binutils/gcc and try again." - die "No __thread support in gcc!" - fi - - if ! is_crosscompile && ! tc-is-cross-compiler ; then - # Building fails on an non-supporting kernel - ebegin "Checking kernel version (${run_kv} >= ${want_kv})" - if ! eend_KV ${run_kv} ${want_kv} ; then - echo - eerror "You need a kernel of at least ${want_kv} for NPTL support!" - die "Kernel version too low!" - fi - fi - - ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})" - if ! eend_KV ${build_kv} ${want_kv} ; then - echo - eerror "You need linux-headers of at least ${want_kv} for NPTL support!" - die "linux-headers version too low!" - fi -} - -unpack_pkg() { - local a=${PN} - [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}" - [[ -n $1 ]] && a="${a}-$1" - if [[ -n ${SNAP_VER} ]] ; then - a="${a}-${SNAP_VER}" - else - if [[ -n $2 ]] ; then - a="${a}-$2" - else - a="${a}-${RELEASE_VER}" - fi - fi - if has ${a}.tar.xz ${A} ; then - unpacker ${a}.tar.xz - else - unpack ${a}.tar.bz2 - fi - [[ -n $1 ]] && { mv ${a} $1 || die ; } -} - -toolchain-glibc_src_unpack() { - # Check NPTL support _before_ we unpack things to save some time - want_nptl && check_nptl_support - - if [[ -n ${EGIT_REPO_URIS} ]] ; then - local i d - for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do - EGIT_REPO_URI=${EGIT_REPO_URIS[$i]} - EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]} - git-2_src_unpack - done - else - unpack_pkg - fi - - cd "${S}" - touch locale/C-translit.h #185476 #218003 - [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER} - [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER} - [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn - - if [[ -n ${PATCH_VER} ]] ; then - cd "${WORKDIR}" - unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 - # pull out all the addons - local d - for d in extra/*/configure ; do - d=${d%/configure} - [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" - mv "${d}" "${S}" || die "moving ${d} failed" - done - fi -} - -eblit-glibc-src_unpack() { - setup_env - - toolchain-glibc_src_unpack - [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles deleted file mode 100644 index 0cf43dcb7a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/nscd-conf.tmpfiles +++ /dev/null @@ -1,2 +0,0 @@ -L /etc/nscd.conf - - - - ../usr/share/baselayout/nscd.conf -d /var/db/nscd - - - - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild similarity index 63% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 07d51f5aaf..45c7b45921 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -1,16 +1,15 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ -EAPI="4" +EAPI="5" -inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix +inherit toolchain-glibc DESCRIPTION="GNU libc6 (also called glibc2) C library" HOMEPAGE="https://www.gnu.org/software/libc/libc.html" LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86" +KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86" RESTRICT="strip" # strip ourself #46186 EMULTILIB_PKG="true" @@ -27,10 +26,13 @@ case ${PV} in ;; esac GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="8" # Gentoo patchset +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="15" # Gentoo patchset : ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires -IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" +GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch" + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla headers-only" # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -71,6 +73,7 @@ COMMON_DEPEND=" ) ) suid? ( caps? ( sys-libs/libcap ) ) selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) " DEPEND="${COMMON_DEPEND} >=app-misc/pax-utils-0.1.10 @@ -82,7 +85,7 @@ RDEPEND="${COMMON_DEPEND} !sys-libs/nss-db" if [[ ${CATEGORY} == cross-* ]] ; then - DEPEND+=" !crosscompile_opts_headers-only? ( + DEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.24 >=${CATEGORY}/gcc-4.7 )" @@ -100,7 +103,7 @@ upstream_uris() { echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 } gentoo_uris() { - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" devspace=${devspace//HTTP/https://dev.gentoo.org/} echo mirror://gentoo/$1 ${devspace//URI/$1} } @@ -110,70 +113,18 @@ SRC_URI=$( ) SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" -# eblit-include [--skip] [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_prepare() { eblit-run src_prepare ; } -src_configure() { eblit-run src_configure ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in pretend setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-pre() { +src_unpack() { [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack } -eblit-src_prepare-post() { +src_prepare() { + toolchain-glibc_src_prepare + cd "${S}" epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 - ## COREOS: features and bug fixes missing from the Gentoo patch set. - epatch "${FILESDIR}"/2.23/glibc-2.23-gshadow-handle-erange.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-c-utf8-locale.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-pthread-use-after-free.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-binutils-update.patch if use hardened ; then # We don't enable these for non-hardened as the output is very terse -- @@ -181,7 +132,7 @@ eblit-src_prepare-post() { # includes backtraces and symbols. einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die if use debug ; then # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. @@ -190,11 +141,6 @@ eblit-src_prepare-post() { -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ debug/Makefile || die fi - - # Build various bits with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - */Makefile || die fi case $(gcc-fullversion) in diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml index e6ebe220ca..a953870436 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml @@ -6,10 +6,11 @@ Gentoo Toolchain Project + build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL) build memusage and memusagestat tools Build, and enable support for, the Name Service Cache Daemon - Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391) + Enable obsolete RPC/NIS layers Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5 enable systemtap static probe points