diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest index fb4bf04409..7644627f1c 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/Manifest @@ -1 +1,2 @@ -DIST qemu-2.9.0.tar.bz2 28720490 SHA256 00bfb217b1bb03c7a6c3261b819cfccbfb5a58e3e2ceff546327d271773c6c14 SHA512 4b28966eec0ca44681e35fcfb64a4eaef7c280b8d65c91d03f2efa37f76278fd8c1680e5798c7a30dbfcc8f3c05f4a803f48b8a2dfec3a4181bac079b2a5e422 WHIRLPOOL d79fe89eb271a56aee0cbd328e5f96999176b711afb5683d164b7b99d91e6dd2bfaf6e2ff4cd820a941c94f28116765cb07ffd5809d75c2f9654a67d56bfc0c1 +DIST qemu-2.11.1-patches-r1.tar.xz 2064 SHA256 08b198d69a14fe852b86c00fbab24832223046407dd170be6d862571e8582536 SHA512 12de7b4777ec98871d0786291534f61b37534feef64b556caeab72e020ff14d61fe19d24cb151ebfdb912df2a7ba72c0d882566b368d88d02c9f1354c2adae4a WHIRLPOOL 91da9ad3278ac130baacf57627a6a4535baef87b480a5321fd049815f2defd9c5ed0ce8bcef1d28e0c7075cc4ea7329decf57d22404915857b3aed319f59f92d +DIST qemu-2.11.1.tar.bz2 32819412 SHA256 d9df2213ceed32e91dab7bc9dd19c1af83f91ba72c7aeef7605dfaaf81732ccb SHA512 1b692bbdfc3dc785738c7192aa2a3f9cf53d9f5bf3b3f49fa8692050dc50f7056c8a4d1b527d48ffb2a674a0fd3a46d87addd1eaaa758f35eec1ab5adfe32354 WHIRLPOOL 2de03a00ab3fba1fe2ca8cd11a0948aede5db567a00a2213bf27517501de6fee04e8bd5443dd0af6aed554e20d8371cd4e69b142cb87e7a30abbf16e8aceab06 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch new file mode 100644 index 0000000000..1562bb3c64 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.11.0-glibc-2.27.patch @@ -0,0 +1,54 @@ +From 75e5b70e6b5dcc4f2219992d7cffa462aa406af0 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Tue, 28 Nov 2017 11:51:27 +0100 +Subject: [PATCH] memfd: fix configure test +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Recent glibc added memfd_create in sys/mman.h. This conflicts with +the definition in util/memfd.c: + + /builddir/build/BUILD/qemu-2.11.0-rc1/util/memfd.c:40:12: error: static declaration of memfd_create follows non-static declaration + +Fix the configure test, and remove the sys/memfd.h inclusion since the +file actually does not exist---it is a typo in the memfd_create(2) man +page. + +Cc: Marc-André Lureau +Signed-off-by: Paolo Bonzini +--- + configure | 2 +- + util/memfd.c | 4 +--- + 2 files changed, 2 insertions(+), 4 deletions(-) + +diff --git a/configure b/configure +index 9c8aa5a98b..99ccc1725a 100755 +--- a/configure ++++ b/configure +@@ -3923,7 +3923,7 @@ fi + # check if memfd is supported + memfd=no + cat > $TMPC << EOF +-#include ++#include + + int main(void) + { +diff --git a/util/memfd.c b/util/memfd.c +index 4571d1aba8..412e94a405 100644 +--- a/util/memfd.c ++++ b/util/memfd.c +@@ -31,9 +31,7 @@ + + #include "qemu/memfd.h" + +-#ifdef CONFIG_MEMFD +-#include +-#elif defined CONFIG_LINUX ++#if defined CONFIG_LINUX && !defined CONFIG_MEMFD + #include + #include + +-- +2.11.0 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch deleted file mode 100644 index 346e7713f7..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-7493.patch +++ /dev/null @@ -1,174 +0,0 @@ -From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001 -From: Greg Kurz -Date: Fri, 5 May 2017 14:48:08 +0200 -Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493) - -When using the mapped-file security mode, we shouldn't let the client mess -with the metadata. The current code already tries to hide the metadata dir -from the client by skipping it in local_readdir(). But the client can still -access or modify it through several other operations. This can be used to -escalate privileges in the guest. - -Affected backend operations are: -- local_mknod() -- local_mkdir() -- local_open2() -- local_symlink() -- local_link() -- local_unlinkat() -- local_renameat() -- local_rename() -- local_name_to_path() - -Other operations are safe because they are only passed a fid path, which -is computed internally in local_name_to_path(). - -This patch converts all the functions listed above to fail and return -EINVAL when being passed the name of the metadata dir. This may look -like a poor choice for errno, but there's no such thing as an illegal -path name on Linux and I could not think of anything better. - -This fixes CVE-2017-7493. - -Reported-by: Leo Gaspard -Signed-off-by: Greg Kurz -Reviewed-by: Eric Blake ---- - hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 56 insertions(+), 2 deletions(-) - -diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c -index f3ebca4f7a..a2486566af 100644 ---- a/hw/9pfs/9p-local.c -+++ b/hw/9pfs/9p-local.c -@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs) - return telldir(fs->dir.stream); - } - -+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name) -+{ -+ return !strcmp(name, VIRTFS_META_DIR); -+} -+ - static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs) - { - struct dirent *entry; -@@ -465,8 +470,8 @@ again: - if (ctx->export_flags & V9FS_SM_MAPPED) { - entry->d_type = DT_UNKNOWN; - } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) { -- if (!strcmp(entry->d_name, VIRTFS_META_DIR)) { -- /* skp the meta data directory */ -+ if (local_is_mapped_file_metadata(ctx, entry->d_name)) { -+ /* skip the meta data directory */ - goto again; - } - entry->d_type = DT_UNKNOWN; -@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - /* - * Mark all the open to not follow symlinks - */ -@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, - int err = -1; - int dirfd; - -+ if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(fs_ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(fs_ctx, dir_path->data); - if (dirfd == -1) { - return -1; -@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath, - int ret = -1; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, odirpath); - if (odirfd == -1) { - goto out; -@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path, - static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path, - const char *name, V9fsPath *target) - { -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - if (dir_path) { - v9fs_path_sprintf(target, "%s/%s", dir_path->data, name); - } else if (strcmp(name, "/")) { -@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir, - int ret; - int odirfd, ndirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ (local_is_mapped_file_metadata(ctx, old_name) || -+ local_is_mapped_file_metadata(ctx, new_name))) { -+ errno = EINVAL; -+ return -1; -+ } -+ - odirfd = local_opendir_nofollow(ctx, olddir->data); - if (odirfd == -1) { - return -1; -@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir, - int ret; - int dirfd; - -+ if (ctx->export_flags & V9FS_SM_MAPPED_FILE && -+ local_is_mapped_file_metadata(ctx, name)) { -+ errno = EINVAL; -+ return -1; -+ } -+ - dirfd = local_opendir_nofollow(ctx, dir->data); - if (dirfd == -1) { - return -1; --- -2.13.0 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch deleted file mode 100644 index 31fb69bf89..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8112.patch +++ /dev/null @@ -1,22 +0,0 @@ -CVE-2017-8112 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04494.html ---- - hw/scsi/vmw_pvscsi.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c -index 7557546..4a106da 100644 ---- a/hw/scsi/vmw_pvscsi.c -+++ b/hw/scsi/vmw_pvscsi.c -@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri) - uint32_t len_log2; - uint32_t ring_size; - -- if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { -+ if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) { - return -1; - } - ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch deleted file mode 100644 index 4f7f870210..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8309.patch +++ /dev/null @@ -1,22 +0,0 @@ -bug #616870 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html ---- - audio/audio.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/audio/audio.c b/audio/audio.c -index c8898d8422..beafed209b 100644 ---- a/audio/audio.c -+++ b/audio/audio.c -@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque) - sw = sw1; - } - QLIST_REMOVE (cap, entries); -+ g_free (cap->hw.mix_buf); -+ g_free (cap->buf); - g_free (cap); - } - return; --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch deleted file mode 100644 index 0a34dae671..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8379.patch +++ /dev/null @@ -1,76 +0,0 @@ -bug #616872 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05599.html ---- - ui/input.c | 14 +++++++++++--- - 1 file changed, 11 insertions(+), 3 deletions(-) - -diff --git a/ui/input.c b/ui/input.c -index ed88cda6d6..fb1f404095 100644 ---- a/ui/input.c -+++ b/ui/input.c -@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue = - QTAILQ_HEAD_INITIALIZER(kbd_queue); - static QEMUTimer *kbd_timer; - static uint32_t kbd_default_delay_ms = 10; -+static uint32_t queue_count; -+static uint32_t queue_limit = 1024; - - QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev, - QemuInputHandler *handler) -@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque) - break; - } - QTAILQ_REMOVE(queue, item, node); -+ queue_count--; - g_free(item); - } - } -@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue, - item->delay_ms = delay_ms; - item->timer = timer; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - - if (start_timer) { - timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) -@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue, - item->src = src; - item->evt = evt; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) -@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue) - - item->type = QEMU_INPUT_QUEUE_SYNC; - QTAILQ_INSERT_TAIL(queue, item, node); -+ queue_count++; - } - - void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt) -@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down) - qemu_input_event_send(src, evt); - qemu_input_event_sync(); - qapi_free_InputEvent(evt); -- } else { -+ } else if (queue_count < queue_limit) { - qemu_input_queue_event(&kbd_queue, src, evt); - qemu_input_queue_sync(&kbd_queue); - } -@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms) - kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process, - &kbd_queue); - } -- qemu_input_queue_delay(&kbd_queue, kbd_timer, -- delay_ms ? delay_ms : kbd_default_delay_ms); -+ if (queue_count < queue_limit) { -+ qemu_input_queue_delay(&kbd_queue, kbd_timer, -+ delay_ms ? delay_ms : kbd_default_delay_ms); -+ } - } - - InputEvent *qemu_input_event_new_btn(InputButton btn, bool down) --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch deleted file mode 100644 index 08911dd0bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/files/qemu-2.9.0-CVE-2017-8380.patch +++ /dev/null @@ -1,34 +0,0 @@ -bug #616874 - -https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html ---- - hw/scsi/megasas.c | 10 +++++----- - 1 file changed, 5 insertions(+), 5 deletions(-) - -diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c -index 84b8caf..804122a 100644 ---- a/hw/scsi/megasas.c -+++ b/hw/scsi/megasas.c -@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr, - case MFI_SEQ: - trace_megasas_mmio_writel("MFI_SEQ", val); - /* Magic sequence to start ADP reset */ -- if (adp_reset_seq[s->adp_reset] == val) { -- s->adp_reset++; -+ if (adp_reset_seq[s->adp_reset++] == val) { -+ if (s->adp_reset == 6) { -+ s->adp_reset = 0; -+ s->diag = MFI_DIAG_WRITE_ENABLE; -+ } - } else { - s->adp_reset = 0; - s->diag = 0; - } -- if (s->adp_reset == 6) { -- s->diag = MFI_DIAG_WRITE_ENABLE; -- } - break; - case MFI_DIAG: - trace_megasas_mmio_writel("MFI_DIAG", val); --- -2.9.3 diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml index 3fe0408cc4..61c159a658 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/metadata.xml @@ -9,6 +9,7 @@ Adds support for braille displays using brltty Enables support for Linux's Async IO Enable alsa output for sound emulation + Enable disassembly support with dev-libs/capstone Support ISOs / -cdrom directives vis HTTP or HTTPS. Enables firmware device tree support Enables GlusterFS cluster fileystem via diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild similarity index 86% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild index 3bcf97ea40..766846a3be 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.9.0-r2.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/qemu/qemu-2.11.1-r2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI="6" @@ -8,6 +8,8 @@ PYTHON_REQ_USE="ncurses,readline" PLOCALES="bg de_DE fr_FR hu it tr zh_CN" +FIRMWARE_ABI_VERSION="2.9.0-r52" + inherit eutils flag-o-matic linux-info toolchain-funcs multilib python-r1 \ user udev fcaps readme.gentoo-r1 pax-utils l10n @@ -18,6 +20,9 @@ if [[ ${PV} = *9999* ]]; then else SRC_URI="http://wiki.qemu-project.org/download/${P}.tar.bz2" KEYWORDS="amd64 arm64 ~ppc ~ppc64 x86 ~x86-fbsd" + + # Gentoo specific patchsets: + SRC_URI+=" https://dev.gentoo.org/~tamiko/distfiles/${P}-patches-r1.tar.xz" fi DESCRIPTION="QEMU + Kernel-based Virtual Machine userland tools" @@ -27,7 +32,7 @@ LICENSE="GPL-2 LGPL-2 BSD-2" SLOT="0" IUSE="accessibility +aio alsa bluetooth bzip2 +caps +curl debug +fdt glusterfs gnutls gtk gtk2 infiniband iscsi +jpeg kernel_linux - kernel_FreeBSD lzo ncurses nfs nls numa opengl +pin-upstream-blobs +png + kernel_FreeBSD lzo ncurses nfs nls numa opengl pin-upstream-blobs +png pulseaudio python rbd sasl +seccomp sdl sdl2 selinux smartcard snappy spice ssh static static-user systemtap tci test usb usbredir vde +vhost-net virgl virtfs +vnc vte xattr xen xfs" @@ -54,7 +59,7 @@ REQUIRED_USE="${PYTHON_REQUIRED_USE} qemu_softmmu_targets_ppc? ( fdt ) qemu_softmmu_targets_ppc64? ( fdt ) sdl2? ( sdl ) - static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio ) + static? ( static-user !alsa !bluetooth !gtk !gtk2 !opengl !pulseaudio !snappy ) virtfs? ( xattr ) vte? ( gtk )" @@ -87,7 +92,7 @@ SOFTMMU_TOOLS_DEPEND=" bzip2? ( app-arch/bzip2[static-libs(+)] ) caps? ( sys-libs/libcap-ng[static-libs(+)] ) curl? ( >=net-misc/curl-7.15.4[static-libs(+)] ) - fdt? ( >=sys-apps/dtc-1.4.0[static-libs(+)] ) + fdt? ( >=sys-apps/dtc-1.4.2[static-libs(+)] ) glusterfs? ( >=sys-cluster/glusterfs-3.4.0[static-libs(+)] ) gnutls? ( dev-libs/nettle:=[static-libs(+)] @@ -111,7 +116,7 @@ SOFTMMU_TOOLS_DEPEND=" sys-libs/ncurses:0=[unicode] sys-libs/ncurses:0=[static-libs(+)] ) - nfs? ( >=net-fs/libnfs-1.9.3[static-libs(+)] ) + nfs? ( >=net-fs/libnfs-1.9.3:=[static-libs(+)] ) numa? ( sys-process/numactl[static-libs(+)] ) opengl? ( virtual/opengl @@ -135,7 +140,7 @@ SOFTMMU_TOOLS_DEPEND=" ) seccomp? ( >=sys-libs/libseccomp-2.1.0[static-libs(+)] ) smartcard? ( >=app-emulation/libcacard-2.5.0[static-libs(+)] ) - snappy? ( app-arch/snappy[static-libs(+)] ) + snappy? ( app-arch/snappy:= ) spice? ( >=app-emulation/spice-protocol-0.12.3 >=app-emulation/spice-0.12.0[static-libs(+)] @@ -150,17 +155,26 @@ SOFTMMU_TOOLS_DEPEND=" xfs? ( sys-fs/xfsprogs[static-libs(+)] )" X86_FIRMWARE_DEPEND=" - >=sys-firmware/ipxe-1.0.0_p20130624 pin-upstream-blobs? ( - ~sys-firmware/seabios-1.10.1 + ~sys-firmware/edk2-ovmf-2017_pre20170505[binary] + ~sys-firmware/ipxe-1.0.0_p20160620 + ~sys-firmware/seabios-1.10.2[binary,seavgabios] ~sys-firmware/sgabios-0.1_pre8 - ~sys-firmware/vgabios-0.7a ) !pin-upstream-blobs? ( - sys-firmware/seabios + sys-firmware/edk2 + sys-firmware/ipxe + >=sys-firmware/seabios-1.10.2[seavgabios] sys-firmware/sgabios - sys-firmware/vgabios )" +PPC64_FIRMWARE_DEPEND=" + pin-upstream-blobs? ( + ~sys-firmware/seabios-1.10.2[binary,seavgabios] + ) + !pin-upstream-blobs? ( + >=sys-firmware/seabios-1.10.2[seavgabios] + ) +" CDEPEND=" !static? ( @@ -168,7 +182,9 @@ CDEPEND=" ${SOFTMMU_TOOLS_DEPEND//\[static-libs(+)]} ) qemu_softmmu_targets_i386? ( ${X86_FIRMWARE_DEPEND} ) - qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} )" + qemu_softmmu_targets_x86_64? ( ${X86_FIRMWARE_DEPEND} ) + qemu_softmmu_targets_ppc64? ( ${PPC64_FIRMWARE_DEPEND} ) +" DEPEND="${CDEPEND} dev-lang/perl =dev-lang/python-2* @@ -191,11 +207,8 @@ RDEPEND="${CDEPEND} PATCHES=( "${FILESDIR}"/${PN}-2.5.0-cflags.patch "${FILESDIR}"/${PN}-2.5.0-sysmacros.patch - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8309.patch # bug 616870 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8379.patch # bug 616872 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8380.patch # bug 616874 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-8112.patch # bug 616636 - "${FILESDIR}"/${PN}-2.9.0-CVE-2017-7493.patch # bug 618808 + "${FILESDIR}"/${PN}-2.11.0-glibc-2.27.patch + "${WORKDIR}"/patches # fix for vpc creation in qemu-img "${FILESDIR}"/0001-block-fix-vpc-max_table_entries-computation.patch @@ -209,6 +222,7 @@ QA_PREBUILT=" usr/share/qemu/openbios-sparc32 usr/share/qemu/palcode-clipper usr/share/qemu/s390-ccw.img + usr/share/qemu/s390-netboot.img usr/share/qemu/u-boot.e500" QA_WX_LOAD="usr/bin/qemu-i386 @@ -278,7 +292,11 @@ pkg_pretend() { ERROR_VHOST_NET+=" support" if use amd64 || use x86 || use amd64-linux || use x86-linux; then - CONFIG_CHECK+=" ~KVM_AMD ~KVM_INTEL" + if grep -q AuthenticAMD /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_AMD" + elif grep -q GenuineIntel /proc/cpuinfo; then + CONFIG_CHECK+=" ~KVM_INTEL" + fi fi use python && CONFIG_CHECK+=" ~DEBUG_FS" @@ -364,6 +382,9 @@ src_prepare() { # Run after we've applied all patches. handle_locales + + # Remove bundled copy of libfdt + rm -r dtc || die } ## @@ -483,7 +504,6 @@ qemu_src_configure() { --disable-linux-user --enable-system --disable-tools - --with-system-pixman ) local static_flag="static" ;; @@ -513,6 +533,9 @@ qemu_src_configure() { tc-enables-pie && conf_opts+=( --enable-pie ) fi + #bug #647570 + conf_opts+=( --disable-capstone ) + echo "../configure ${conf_opts[*]}" cd "${builddir}" ../configure "${conf_opts[@]}" || die "configure failed" @@ -681,27 +704,31 @@ src_install() { cd "${S}" dodoc Changelog MAINTAINERS docs/specs/pci-ids.txt newdoc pc-bios/README README.pc-bios - dodoc docs/qmp-*.txt if [[ -n ${softmmu_targets} ]]; then # Remove SeaBIOS since we're using the SeaBIOS packaged one rm "${ED}/usr/share/qemu/bios.bin" + rm "${ED}/usr/share/qemu/bios-256k.bin" if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then dosym ../seabios/bios.bin /usr/share/qemu/bios.bin + dosym ../seabios/bios-256k.bin /usr/share/qemu/bios-256k.bin fi - # Remove vgabios since we're using the vgabios packaged one + # Remove vgabios since we're using the seavgabios packaged one rm "${ED}/usr/share/qemu/vgabios.bin" rm "${ED}/usr/share/qemu/vgabios-cirrus.bin" rm "${ED}/usr/share/qemu/vgabios-qxl.bin" rm "${ED}/usr/share/qemu/vgabios-stdvga.bin" + rm "${ED}/usr/share/qemu/vgabios-virtio.bin" rm "${ED}/usr/share/qemu/vgabios-vmware.bin" - if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386; then - dosym ../vgabios/vgabios.bin /usr/share/qemu/vgabios.bin - dosym ../vgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin - dosym ../vgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin - dosym ../vgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin - dosym ../vgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin + # PPC64 loads vgabios-stdvga + if use qemu_softmmu_targets_x86_64 || use qemu_softmmu_targets_i386 || use qemu_softmmu_targets_ppc64; then + dosym ../seavgabios/vgabios-isavga.bin /usr/share/qemu/vgabios.bin + dosym ../seavgabios/vgabios-cirrus.bin /usr/share/qemu/vgabios-cirrus.bin + dosym ../seavgabios/vgabios-qxl.bin /usr/share/qemu/vgabios-qxl.bin + dosym ../seavgabios/vgabios-stdvga.bin /usr/share/qemu/vgabios-stdvga.bin + dosym ../seavgabios/vgabios-virtio.bin /usr/share/qemu/vgabios-virtio.bin + dosym ../seavgabios/vgabios-vmware.bin /usr/share/qemu/vgabios-vmware.bin fi # Remove sgabios since we're using the sgabios packaged one @@ -726,20 +753,50 @@ src_install() { readme.gentoo_create_doc } -pkg_postinst() { - DISABLE_AUTOFORMATTING=true - readme.gentoo_print_elog +firmware_abi_change() { + local pv + for pv in ${REPLACING_VERSIONS}; do + if ! version_is_at_least ${FIRMWARE_ABI_VERSION} ${pv}; then + return 0 + fi + done + return 1 +} +pkg_postinst() { if [[ -n ${softmmu_targets} ]] && use kernel_linux; then udev_reload fi fcaps cap_net_admin /usr/libexec/qemu-bridge-helper + + DISABLE_AUTOFORMATTING=true + readme.gentoo_print_elog + + if use pin-upstream-blobs && firmware_abi_change; then + ewarn "This version of qemu pins new versions of firmware blobs:" + ewarn " $(best_version sys-firmware/edk2-ovmf)" + ewarn " $(best_version sys-firmware/ipxe)" + ewarn " $(best_version sys-firmware/seabios)" + ewarn " $(best_version sys-firmware/sgabios)" + ewarn "This might break resume of hibernated guests (started with a different" + ewarn "firmware version) and live migration to/from qemu versions with different" + ewarn "firmware. Please (cold) restart all running guests. For functional" + ewarn "guest migration ensure that all" + ewarn "hosts run at least" + ewarn " app-emulation/qemu-${FIRMWARE_ABI_VERSION}." + fi } pkg_info() { echo "Using:" echo " $(best_version app-emulation/spice-protocol)" + echo " $(best_version sys-firmware/edk2-ovmf)" + if has_version 'sys-firmware/edk2-ovmf[binary]'; then + echo " USE=binary" + else + echo " USE=''" + fi echo " $(best_version sys-firmware/ipxe)" echo " $(best_version sys-firmware/seabios)" if has_version 'sys-firmware/seabios[binary]'; then @@ -747,5 +804,5 @@ pkg_info() { else echo " USE=''" fi - echo " $(best_version sys-firmware/vgabios)" + echo " $(best_version sys-firmware/sgabios)" } diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest deleted file mode 100644 index 07da4f2253..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST gentoolkit-0.3.2.tar.gz 3198294 SHA256 f3bb38d663c1b153447556b5265df5a11b6ed78411e761335b692111c823d9dd SHA512 e174ac7f12d45703515876ea558a661e1d0c5d4cc71d2d64ee793786e2a2d3d2b309500b6e1891774e3415de74922efc77553c0103d695f5dda91def9a6ac637 WHIRLPOOL 67192702f72f437cc31aeeef8bf005c83a4a9322e9fa0de3c1e0d229bfb95d7363f14a8902da5ffbf49dee45cd587286899ea1ead017cd7d18d0f852cc7fd9fb diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch deleted file mode 100644 index 204748a64d..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-fix-int-coercion.patch +++ /dev/null @@ -1,25 +0,0 @@ -From e07c6f2ea4963e6f9cdf6ee5eceaaf6f30319eda Mon Sep 17 00:00:00 2001 -From: David Michael -Date: Tue, 17 Jan 2017 13:20:43 -0800 -Subject: [PATCH] gentoolkit/glsa: Fix AttributeError from int coercion - ---- - pym/gentoolkit/glsa/__init__.py | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/pym/gentoolkit/glsa/__init__.py b/pym/gentoolkit/glsa/__init__.py -index ba1eed7..0ed539e 100644 ---- a/pym/gentoolkit/glsa/__init__.py -+++ b/pym/gentoolkit/glsa/__init__.py -@@ -567,6 +567,8 @@ class Glsa: - (self.revised, count) = self.revised.split(":") - else: - count = 1 -+ else: -+ count = count.value - - self.revised = format_date(self.revised) - --- -2.7.4 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch deleted file mode 100644 index 282846c472..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/files/0.3.2-helpers.py-589686.patch +++ /dev/null @@ -1,30 +0,0 @@ -From bc92540f8ce498e8305103619c7085b670ba19b1 Mon Sep 17 00:00:00 2001 -From: Paul Varner -Date: Mon, 25 Jul 2016 13:01:06 -0500 -Subject: Add missing import of io.open when using python2.7 - -This fixes the traceback when running equery changes with Python 2.7 - -X-Gentoo-bug: 589686 -X-Gentoo-bug-url: https://bugs.gentoo.org/show_bug.cgi?id=589686 ---- - pym/gentoolkit/helpers.py | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/pym/gentoolkit/helpers.py b/pym/gentoolkit/helpers.py -index 0d985b6..8d25393 100644 ---- a/pym/gentoolkit/helpers.py -+++ b/pym/gentoolkit/helpers.py -@@ -26,6 +26,9 @@ __docformat__ = 'epytext' - # ======= - - import os -+import sys -+if sys.hexversion < 0x3000000: -+ from io import open - import re - from functools import partial - from itertools import chain --- -cgit v0.12 - diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild deleted file mode 100644 index 96b5c11286..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/gentoolkit-0.3.2-r1.ebuild +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -EAPI="6" - -PYTHON_COMPAT=(python{2_7,3_4,3_5} pypy) -PYTHON_REQ_USE="xml(+),threads(+)" - -inherit distutils-r1 - -DESCRIPTION="Collection of administration scripts for Gentoo" -HOMEPAGE="https://wiki.gentoo.org/wiki/Project:Portage-Tools" -SRC_URI="http://dev.gentoo.org/~dolsen/releases/gentoolkit/${P}.tar.gz" - -LICENSE="GPL-2" -SLOT="0" -IUSE="" - -KEYWORDS="alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" - -DEPEND="sys-apps/portage[${PYTHON_USEDEP}]" -RDEPEND="${DEPEND} - !<=app-portage/gentoolkit-dev-0.2.7 - sys-apps/gawk - sys-apps/gentoo-functions" - -PATCHES=( - "${FILESDIR}"/${PV}-helpers.py-589686.patch - "${FILESDIR}"/${PV}-fix-int-coercion.patch -) - -python_prepare_all() { - python_setup - echo VERSION="${PVR}" "${PYTHON}" setup.py set_version - VERSION="${PVR}" "${PYTHON}" setup.py set_version - distutils-r1_python_prepare_all -} - -python_install_all() { - distutils-r1_python_install_all - - # remove on Gentoo Prefix platforms where it's broken anyway - if use prefix; then - elog "The revdep-rebuild command is removed, the preserve-libs" - elog "feature of portage will handle issues." - rm "${ED}"/usr/bin/revdep-rebuild* - rm "${ED}"/usr/share/man/man1/revdep-rebuild.1 - rm -rf "${ED}"/etc/revdep-rebuild - rm -rf "${ED}"/var - fi -} - -pkg_postinst() { - # Create cache directory for revdep-rebuild - mkdir -p -m 0755 "${EROOT%/}"/var/cache - mkdir -p -m 0700 "${EROOT%/}"/var/cache/revdep-rebuild - - # Only show the elog information on a new install - if [[ ! ${REPLACING_VERSIONS} ]]; then - elog - elog "For further information on gentoolkit, please read the gentoolkit" - elog "guide: https://wiki.gentoo.org/wiki/Gentoolkit" - elog - elog "Another alternative to equery is app-portage/portage-utils" - elog - elog "Additional tools that may be of interest:" - elog - elog " app-admin/eclean-kernel" - elog " app-portage/diffmask" - elog " app-portage/flaggie" - elog " app-portage/install-mask" - elog " app-portage/portpeek" - elog " app-portage/smart-live-rebuild" - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml b/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml deleted file mode 100644 index 011e78ec74..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/app-portage/gentoolkit/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - tools-portage@gentoo.org - Gentoo Portage tools team - - -Gentoolkit is a collection of useful adminstration scripts particular to -the Gentoo Linux distribution. It contains rough drafts and -implementations of features that may in time make it into Portage, or -into full-fledged tools in their own right. - - diff --git a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 b/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 deleted file mode 100644 index 4effa10822..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/metadata/md5-cache/app-portage/gentoolkit-0.3.2-r1 +++ /dev/null @@ -1,14 +0,0 @@ -DEFINED_PHASES=compile configure install postinst prepare test -DEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] -DESCRIPTION=Collection of administration scripts for Gentoo -EAPI=6 -HOMEPAGE=https://wiki.gentoo.org/wiki/Project:Portage-Tools -IUSE=python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5 -KEYWORDS=alpha amd64 arm arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~ppc-aix ~amd64-fbsd ~x86-fbsd ~x64-freebsd ~hppa-hpux ~ia64-hpux ~x86-interix ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris -LICENSE=GPL-2 -RDEPEND=sys-apps/portage[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] !<=app-portage/gentoolkit-dev-0.2.7 sys-apps/gawk sys-apps/gentoo-functions python_targets_pypy? ( >=virtual/pypy-5:0=[xml(+),threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[xml(+),threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[xml(+),threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[xml(+),threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] -REQUIRED_USE=|| ( python_targets_pypy python_targets_python2_7 python_targets_python3_4 python_targets_python3_5 ) -SLOT=0 -SRC_URI=http://dev.gentoo.org/~dolsen/releases/gentoolkit/gentoolkit-0.3.2.tar.gz -_eclasses_=distutils-r1 372bbe39047c0a2550319a3a82f3e063 multibuild 72647e255187a1fadc81097b3657e5c3 multilib 97f470f374f2e94ccab04a2fb21d811e multiprocessing 6f5991c7101863d0b29df63990ad852e python-r1 e9350ec46bb5c9f3504b4fbe8b8d8987 python-utils-r1 c9de01becf9df3f8c10aeec3dc693f5d toolchain-funcs 185a06792159ca143528e7010368e8af xdg-utils f2c8335407f0b935b0a96d4adf23ef25 -_md5_=14632264c91528bd0437c56ad47d3466 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords index 49f9726a51..305dacc3cc 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/arm64/package.accept_keywords @@ -35,7 +35,6 @@ =net-libs/libnftnl-1.0.6 ** =net-libs/serf-1.3.8-r1 ~arm64 =net-misc/bridge-utils-1.5 ~arm64 -=net-misc/curl-7.57.0 ~arm64 =net-misc/iperf-3.1.3 ** =net-misc/socat-1.7.3.2 ~arm64 =net-misc/wget-1.19.1-r2 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index 88f9c8c8c7..ebe5d30135 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -48,9 +48,6 @@ dev-util/checkbashisms # All versions are ~amd64 and not enabled on arm64 =sys-apps/nvme-cli-1.1 ** -# https://curl.haxx.se/docs/adv_20170419.html -=net-misc/curl-7.54.0 ** - # CVE-2017-8779 =net-nds/rpcbind-0.2.4-r1 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults index 11b26cb160..ff205e130c 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/make.defaults @@ -13,6 +13,7 @@ FEATURES="nodoc noinfo noman" # Remove bash-completion files as we don't install bash-completion. # Remove locale LC_MESSAGES files. INSTALL_MASK="${INSTALL_MASK} + /usr/sbin/locale-gen /usr/share/bash-completion /usr/share/gtk-doc /usr/share/locale diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r2.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-2017.06-r2.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild index 2a2236d6b1..0fed3aeb11 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-firmware/edk2/edk2-99999.ebuild @@ -37,9 +37,7 @@ DEPEND=" RDEPEND=" !sys-firmware/edk2-armvirt !sys-firmware/edk2-ovmf - amd64? ( - qemu? ( app-emulation/qemu ) - )" + " src_unpack() { [[ ${EGIT_REPO_URI} ]] && git-r3_src_unpack diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest index 5f5a1f1556..2647cc409e 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/Manifest @@ -1,3 +1,3 @@ DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f -DIST glibc-2.23-patches-8.tar.bz2 304199 SHA256 6110777176abfb8d287d82804d98e007c255db6040a1beca589a212772c90482 SHA512 470814bbbd9d4ee5fa2dd7570a2e14b0229723e373e801472856fd6c2f089499eddc300f69b49af8ba0edbdca583ee3ca521fdb5c642509717cafea0ad925fd2 WHIRLPOOL 1ef9a431d67d7669f34f7db21185d50ddd6dc82c549a9ff274f0b98454417f4098ee771bfe10073be12d3c153ee46ff36e40b46ecb31844ab09791ae29b49074 -DIST glibc-2.23.tar.xz 13455260 SHA256 94efeb00e4603c8546209cefb3e1a50a5315c86fa9b078b6fad758e187ce13e9 SHA512 b82953388cd028e174cb08f082557bbce0dad8b67b17d31b29f90102fd52a51e03d591448ecb64882a1c1d5303afffc7f6ede85cee4c784a9284fbc9b4ad26cf WHIRLPOOL 7c7e3bf55a89a04bac917b9ca5a1cbb1613f22c427d2766f114b5a36f9635856005b823852ef5d3b73462b577fe4e5865e68e7b64633d48a95fa1e5eaa831a71 +DIST glibc-2.25-patches-15.tar.bz2 78320 SHA256 63667d2c27d5aa540d5a9c4d8774b169933553a5cc57ff44d1c9ebbe099dc030 SHA512 7204218ea82b677e0f278c4752ddb90aa0c08ac2349d061de81ec91dac204b0f10fe223d7b1055b9e0c21dac97c835f913a90c0168a5000d3be00dd20027c185 WHIRLPOOL 21af5b2efb036d4f7290f75b23f6d2cb79f91178c3374a007fde888060c9c94306e4165cf07077cce9390c0d7b9980a2b5291a32f7b6b56895294df6975ba6d9 +DIST glibc-2.25.tar.xz 13873900 SHA256 067bd9bb3390e79aa45911537d13c3721f1d9d3769931a30c2681bfee66f23a0 SHA512 5b7a2418d5b8a1b6a907c6c7fb6477ee2a473151cb45e03d0d4cdd9a33497c90b1ee39e2e7e885e2b25743dcd3747336ef114b4a73eb001da1fd79f29e0f9a6e WHIRLPOOL dc2fafaa4a0e5581268338453838a03ed0c5e7a2af844e8fb7086ab8d3ae48efbdbe6f25db1d089ae669cd2f8b0412f690d965506753d86f8525da2df59b7953 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c deleted file mode 100644 index 37711e8aac..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c +++ /dev/null @@ -1,315 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2008 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch deleted file mode 100644 index e75ccc788c..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.10 by Magnus Granberg - ---- configure.in -+++ configure.in -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch deleted file mode 100644 index cb6d8e3c78..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,274 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -129,6 +130,11 @@ - # endif - _dl_aux_init (auxvec); - # endif -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - - #ifdef SHARED -@@ -29,6 +30,9 @@ - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - extern ElfW(Phdr) *_dl_phdr; - extern size_t _dl_phnum; - -@@ -141,14 +145,26 @@ - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+# endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *__unbounded newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, -+ __ptrvalue (addr)); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch deleted file mode 100644 index da4fb82539..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch +++ /dev/null @@ -1,42 +0,0 @@ -2012-11-11 Magnus Granberg - - #442712 - * Makeconfig (+link): Set to +link-pie. - (+link-static-before-libc): Change $(static-start-installed-name) to - S$(static-start-installed-name). - (+prector): Set to +prectorS. - (+postctor): Set to +postctorS. - ---- libc/Makeconfig -+++ libc/Makeconfig -@@ -447,11 +447,12 @@ - $(common-objpfx)libc% $(+postinit),$^) \ - $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit) - endif -++link = $(+link-pie) - # Command for statically linking programs with the C library. - ifndef +link-static - +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \ - $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \ -- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \ -+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \ - $(+preinit) $(+prectorT) \ - $(filter-out $(addprefix $(csu-objpfx),start.o \ - $(start-installed-name))\ -@@ -549,11 +550,10 @@ - ifeq ($(elf),yes) - +preinit = $(addprefix $(csu-objpfx),crti.o) - +postinit = $(addprefix $(csu-objpfx),crtn.o) --+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o` --+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` --# Variants of the two previous definitions for linking PIE programs. - +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o` - +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o` -++prector = $(+prectorS) -++postctor = $(+postctorS) - # Variants of the two previous definitions for statically linking programs. - +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o` - +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o` - +interp = $(addprefix $(elf-objpfx),interp.os) - endif - csu-objpfx = $(common-objpfx)csu/ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c deleted file mode 100644 index c1934362f6..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-chk_fail.c +++ /dev/null @@ -1,314 +0,0 @@ -/* Copyright (C) 2004, 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP and FORTIFY handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP and FORTIFY handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - * Magnus Granberg - */ - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif - -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - -/* Common handler code, used by chk_fail - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": buffer overflow attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** buffer overflow detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __chk_fail(void) -{ - __hardened_gentoo_chk_fail(NULL, 0); -} - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c deleted file mode 100644 index 9535c21578..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,322 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2013 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * Fixed to support glibc-2.18 by Magnus Granberg - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch deleted file mode 100644 index 8907ab2c6a..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.18/glibc-2.18-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,277 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_NOSYSENTER is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg - ---- csu/libc-start.c -+++ csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,7 +170,11 @@ LIBC_START_MAIN (int (*main) (int, char - GL(dl_phnum) = __ehdr_start.e_phnum; - } - } -- -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_NOSYSENTER - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- csu/libc-tls.c -+++ csu/libc-tls.c -@@ -22,14 +22,17 @@ - #include - #include - #include -- -+#include - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - --dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif - -+dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - static struct - { -@@ -139,14 +142,26 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align); -+# else - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); -+#endif - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); -+# ifdef INTERNAL_SYSCALL_NOSYSENTER -+ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align -+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+# else - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); -+#endif - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV ---- misc/sbrk.c -+++ misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used -+ via dynamic loading in a statically linked program update -+ __curbrk from the kernel's brk value. That way two separate -+ instances of __brk and __sbrk can share the heap, returning -+ interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif - void * - __sbrk (intptr_t increment) - { ---- sysdeps/unix/sysv/linux/i386/brk.c -+++ sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,29 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_NOSYSENTER -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ * if the SYSENTER version requires the TLS (which it does on i386). -+ * Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void * newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif - int - __brk (void *addr) - { ---- sysdeps/unix/sysv/linux/i386/sysdep.h -+++ sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# if defined SHARED || defined __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +495,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ ) - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch deleted file mode 100644 index 341d8c5028..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch +++ /dev/null @@ -1,30 +0,0 @@ -Prevent default-fPIE from confusing configure into thinking -PIC code is default. This causes glibc to build both PIC and -non-PIC code as normal, which on the hardened compiler generates -PIC and PIE. - -Patch by Kevin F. Quinn -Fixed for glibc 2.19 by Magnus Granberg - ---- configure.ac -+++ configure.ac -@@ -2145,7 +2145,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then - libc_cv_pic_default=no - fi - rm -f conftest.*]) ---- configure -+++ configure -@@ -7698,7 +7698,7 @@ - # error PIC is default. - #endif - EOF --if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then -+if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then - libc_cv_pic_default=no - fi - rm -f conftest.* diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch deleted file mode 100644 index 35eabe9401..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch +++ /dev/null @@ -1,306 +0,0 @@ -When building glibc PIE (which is not something upstream support), -several modifications are necessary to the glibc build process. - -First, any syscalls in PIEs must be of the PIC variant, otherwise -textrels ensue. Then, any syscalls made before the initialisation -of the TLS will fail on i386, as the sysenter variant on i386 uses -the TLS, giving rise to a chicken-and-egg situation. This patch -defines a PIC syscall variant that doesn't use sysenter, even when the sysenter -version is normally used, and uses the non-sysenter version for the brk -syscall that is performed by the TLS initialisation. Further, the TLS -initialisation is moved in this case prior to the initialisation of -dl_osversion, as that requires further syscalls. - -csu/libc-start.c: Move initial TLS initialization to before the -initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined - -csu/libc-tls.c: Use the no-sysenter version of sbrk when -INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter -version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined. - -misc/brk.c: Define a no-sysenter version of brk if -INTERNAL_SYSCALL_PRE_TLS is defined. - -sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS -Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED. - -Patch by Kevin F. Quinn -Fixed for 2.10 by Magnus Granberg -Fixed for 2.18 by Magnus Granberg -Fixed for 2.20 by Francisco Blas Izquierdo Riera - ---- a/csu/libc-start.c -+++ b/csu/libc-start.c -@@ -28,6 +28,7 @@ - extern int __libc_multiple_libcs; - - #include -+#include - #ifndef SHARED - # include - extern void __pthread_initialize_minimal (void); -@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char - } - } - -+# ifdef INTERNAL_SYSCALL_PRE_TLS -+ /* Do the initial TLS initialization before _dl_osversion, -+ since the latter uses the uname syscall. */ -+ __pthread_initialize_minimal (); -+# endif - # ifdef DL_SYSDEP_OSCHECK - if (!__libc_multiple_libcs) - { -@@ -138,10 +144,12 @@ - } - # endif - -+# ifndef INTERNAL_SYSCALL_PRE_TLS - /* Initialize the thread library at least a bit since the libgcc - functions are using thread functions if these are available and - we need to setup errno. */ - __pthread_initialize_minimal (); -+# endif - - /* Set up the stack checker's canary. */ - uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (); ---- a/csu/libc-tls.c -+++ b/csu/libc-tls.c -@@ -22,12 +22,17 @@ - #include - #include - #include -+#include - - - #ifdef SHARED - #error makefile bug, this file is for static only - #endif - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+extern void *__sbrk_nosysenter (intptr_t __delta); -+#endif -+ - dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS]; - - -@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t - - The initialized value of _dl_tls_static_size is provided by dl-open.c - to request some surplus that permits dynamic loading of modules with -- IE-model TLS. */ -+ IE-model TLS. -+ -+ Where the normal sbrk would use a syscall that needs the TLS (i386) -+ use the special non-sysenter version instead. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# define __sbrk __sbrk_nosysenter -+#endif - #if TLS_TCB_AT_TP - tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign); - tlsblock = __sbrk (tcb_offset + tcbsize + max_align); - #elif TLS_DTV_AT_TP - tcb_offset = roundup (tcbsize, align ?: 1); - tlsblock = __sbrk (tcb_offset + memsz + max_align - + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size)); - tlsblock += TLS_PRE_TCB_SIZE; - #else - /* In case a model with a different layout for the TCB and DTV - is defined add another #elif here and in the following #ifs. */ - # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined" - #endif -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+# undef __sbrk -+#endif - - /* Align the TLS block. */ - tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1) ---- a/misc/sbrk.c -+++ b/misc/sbrk.c -@@ -18,6 +18,7 @@ - #include - #include - #include -+#include - - /* Defined in brk.c. */ - extern void *__curbrk; -@@ -29,6 +30,35 @@ - /* Extend the process's data space by INCREMENT. - If INCREMENT is negative, shrink data space by - INCREMENT. - Return start of new space allocated, or -1 for errors. */ -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+extern int __brk_nosysenter (void *addr); -+void * -+__sbrk_nosysenter (intptr_t increment) -+{ -+ void *oldbrk; -+ -+ /* If this is not part of the dynamic library or the library is used via -+ dynamic loading in a statically linked program update __curbrk from the -+ kernel's brk value. That way two separate instances of __brk and __sbrk -+ can share the heap, returning interleaved pieces of it. */ -+ if (__curbrk == NULL || __libc_multiple_libcs) -+ if (__brk_nosysenter (0) < 0) /* Initialize the break. */ -+ return (void *) -1; -+ -+ if (increment == 0) -+ return __curbrk; -+ -+ oldbrk = __curbrk; -+ if (__brk_nosysenter (oldbrk + increment) < 0) -+ return (void *) -1; -+ -+ return oldbrk; -+} -+#endif -+ - void * - __sbrk (intptr_t increment) - { ---- a/sysdeps/unix/sysv/linux/i386/brk.c -+++ b/sysdeps/unix/sysv/linux/i386/brk.c -@@ -31,6 +31,30 @@ - linker. */ - weak_alias (__curbrk, ___brk_addr) - -+#ifdef INTERNAL_SYSCALL_PRE_TLS -+/* This version is used by csu/libc-tls.c whem initialising the TLS -+ if the SYSENTER version requires the TLS (which it does on i386). -+ Obviously using the TLS before it is initialised is broken. */ -+int -+__brk_nosysenter (void *addr) -+{ -+ void *newbrk; -+ -+ INTERNAL_SYSCALL_DECL (err); -+ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr); -+ -+ __curbrk = newbrk; -+ -+ if (newbrk < addr) -+ { -+ __set_errno (ENOMEM); -+ return -1; -+ } -+ -+ return 0; -+} -+#endif -+ - int - __brk (void *addr) - { ---- a/sysdeps/unix/sysv/linux/i386/sysdep.h -+++ b/sysdeps/unix/sysv/linux/i386/sysdep.h -@@ -187,7 +187,7 @@ - /* The original calling convention for system calls on Linux/i386 is - to use int $0x80. */ - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET - # else - # define ENTER_KERNEL call *_dl_sysinfo -@@ -358,7 +358,7 @@ - possible to use more than four parameters. */ - #undef INTERNAL_SYSCALL - #ifdef I386_USE_SYSENTER --# ifdef SHARED -+# ifdef __PIC__ - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ - register unsigned int resultvar; \ -@@ -384,6 +384,18 @@ - : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \ - ASMFMT_##nr(args) : "memory", "cc"); \ - (int) resultvar; }) -+# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \ -+ ({ \ -+ register unsigned int resultvar; \ -+ EXTRAVAR_##nr \ -+ asm volatile ( \ -+ LOADARGS_NOSYSENTER_##nr \ -+ "movl %1, %%eax\n\t" \ -+ "int $0x80\n\t" \ -+ RESTOREARGS_NOSYSENTER_##nr \ -+ : "=a" (resultvar) \ -+ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \ -+ (int) resultvar; }) - # else - # define INTERNAL_SYSCALL(name, err, nr, args...) \ - ({ \ -@@ -447,12 +459,20 @@ - - #define LOADARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define LOADARGS_1 \ - "bpushl .L__X'%k3, %k3\n\t" - # define LOADARGS_5 \ - "movl %%ebx, %4\n\t" \ - "movl %3, %%ebx\n\t" -+# define LOADARGS_NOSYSENTER_1 \ -+ "bpushl .L__X'%k2, %k2\n\t" -+# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1 -+# define LOADARGS_NOSYSENTER_3 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_4 LOADARGS_3 -+# define LOADARGS_NOSYSENTER_5 \ -+ "movl %%ebx, %3\n\t" \ -+ "movl %2, %%ebx\n\t" - # else - # define LOADARGS_1 \ - "bpushl .L__X'%k2, %k2\n\t" -@@ -474,11 +494,18 @@ - - #define RESTOREARGS_0 - #ifdef __PIC__ --# if defined I386_USE_SYSENTER && defined SHARED -+# if defined I386_USE_SYSENTER && defined __PIC__ - # define RESTOREARGS_1 \ - "bpopl .L__X'%k3, %k3\n\t" - # define RESTOREARGS_5 \ - "movl %4, %%ebx" -+# define RESTOREARGS_NOSYSENTER_1 \ -+ "bpopl .L__X'%k2, %k2\n\t" -+# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1 -+# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3 -+# define RESTOREARGS_NOSYSENTER_5 \ -+ "movl %3, %%ebx" - # else - # define RESTOREARGS_1 \ - "bpopl .L__X'%k2, %k2\n\t" ---- a/sysdeps/i386/nptl/tls.h -+++ b/sysdeps/i386/nptl/tls.h -@@ -189,6 +189,15 @@ - desc->vals[3] = 0x51; - } - -+/* We have no sysenter until the tls is initialized which is a -+ problem for PIC. Thus we need to do the right call depending -+ on the situation. */ -+#ifndef INTERNAL_SYSCALL_PRE_TLS -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL -+#else -+# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS -+#endif -+ - /* Code to initially initialize the thread pointer. This might need - special attention since 'errno' is not yet available and if the - operation can cause a failure 'errno' must not be touched. */ -@@ -209,7 +218,7 @@ - \ - /* Install the TLS. */ \ - INTERNAL_SYSCALL_DECL (err); \ -- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ -+ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \ - \ - if (_result == 0) \ - /* We know the index in the GDT, now load the segment register. \ diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch deleted file mode 100644 index c955b37ac5..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-binutils-update.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 388b4f1a02f3a801965028bbfcd48d905638b797 Mon Sep 17 00:00:00 2001 -From: "H.J. Lu" -Date: Fri, 23 Jun 2017 14:38:46 -0700 -Subject: [PATCH] Avoid .symver on common symbols [BZ #21666] - -The .symver directive on common symbol just creates a new common symbol, -not an alias and the newer assembler with the bug fix for - -https://sourceware.org/bugzilla/show_bug.cgi?id=21661 - -will issue an error. Before the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 5109: 00000000003a0608 8 OBJECT LOCAL DEFAULT 36 loc1 - 5188: 00000000003a0610 8 OBJECT LOCAL DEFAULT 36 loc2 - 5455: 00000000003a0618 8 OBJECT LOCAL DEFAULT 36 locs - 6575: 00000000003a05f0 8 OBJECT GLOBAL DEFAULT 36 locs@GLIBC_2.2.5 - 7156: 00000000003a05f8 8 OBJECT GLOBAL DEFAULT 36 loc1@GLIBC_2.2.5 - 7312: 00000000003a0600 8 OBJECT GLOBAL DEFAULT 36 loc2@GLIBC_2.2.5 - -in libc.so. The versioned loc1, loc2 and locs have the wrong addresses. -After the fix, we got - -$ readelf -sW libc.so | grep "loc[12s]" - 6570: 000000000039e3b8 8 OBJECT GLOBAL DEFAULT 34 locs@GLIBC_2.2.5 - 7151: 000000000039e3c8 8 OBJECT GLOBAL DEFAULT 34 loc1@GLIBC_2.2.5 - 7307: 000000000039e3c0 8 OBJECT GLOBAL DEFAULT 34 loc2@GLIBC_2.2.5 - - [BZ #21666] - * misc/regexp.c (loc1): Add __attribute__ ((nocommon)); - (loc2): Likewise. - (locs): Likewise. ---- -diff --git a/misc/regexp.c b/misc/regexp.c -index 19d76c0..eaea7c3 100644 ---- a/misc/regexp.c -+++ b/misc/regexp.c -@@ -29,14 +29,15 @@ - - #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_23) - --/* Define the variables used for the interface. */ --char *loc1; --char *loc2; -+/* Define the variables used for the interface. Avoid .symver on common -+ symbol, which just creates a new common symbol, not an alias. */ -+char *loc1 __attribute__ ((nocommon)); -+char *loc2 __attribute__ ((nocommon)); - compat_symbol (libc, loc1, loc1, GLIBC_2_0); - compat_symbol (libc, loc2, loc2, GLIBC_2_0); - - /* Although we do not support the use we define this variable as well. */ --char *locs; -+char *locs __attribute__ ((nocommon)); - compat_symbol (libc, locs, locs, GLIBC_2_0); - - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch deleted file mode 100644 index f5da4192e0..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-c-utf8-locale.patch +++ /dev/null @@ -1,270 +0,0 @@ -From 2eda7b462b415105f5a05c1323372d4e39d46439 Mon Sep 17 00:00:00 2001 -From: Mike FABIAN -Date: Mon, 10 Aug 2015 15:58:12 +0200 -Subject: [PATCH] Add a C.UTF-8 locale - ---- - localedata/SUPPORTED | 1 + - localedata/locales/C | 238 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 2 files changed, 239 insertions(+) - create mode 100644 localedata/locales/C - -diff --git a/localedata/SUPPORTED b/localedata/SUPPORTED -index 8ca023e..2a78391 100644 ---- a/localedata/SUPPORTED -+++ b/localedata/SUPPORTED -@@ -1,6 +1,7 @@ - # This file names the currently supported and somewhat tested locales. - # If you have any additions please file a glibc bug report. - SUPPORTED-LOCALES=\ -+C.UTF-8/UTF-8 \ - aa_DJ.UTF-8/UTF-8 \ - aa_DJ/ISO-8859-1 \ - aa_ER/UTF-8 \ -diff --git a/localedata/locales/C b/localedata/locales/C -new file mode 100644 -index 0000000..fdf460e ---- /dev/null -+++ b/localedata/locales/C -@@ -0,0 +1,238 @@ -+escape_char / -+comment_char % -+% Locale for C locale in UTF-8 -+ -+LC_IDENTIFICATION -+title "C locale" -+source "" -+address "" -+contact "" -+email "mfabian@redhat.com" -+tel "" -+fax "" -+language "C" -+territory "" -+revision "1.0" -+date "2015-08-10" -+% -+category "C:2015";LC_IDENTIFICATION -+category "C:2015";LC_CTYPE -+category "C:2015";LC_COLLATE -+category "C:2015";LC_TIME -+category "C:2015";LC_NUMERIC -+category "C:2015";LC_MONETARY -+category "C:2015";LC_MESSAGES -+category "C:2015";LC_PAPER -+category "C:2015";LC_NAME -+category "C:2015";LC_ADDRESS -+category "C:2015";LC_TELEPHONE -+category "C:2015";LC_MEASUREMENT -+END LC_IDENTIFICATION -+ -+LC_CTYPE -+copy "i18n" -+ -+translit_start -+include "translit_combining";"" -+translit_end -+ -+END LC_CTYPE -+ -+LC_COLLATE -+order_start forward -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+ -+.. -+ -+UNDEFINED -+order_end -+END LC_COLLATE -+ -+LC_MONETARY -+% This is the 14652 i18n fdcc-set definition for -+% the LC_MONETARY category -+% (except for the int_curr_symbol and currency_symbol, they are empty in -+% the 14652 i18n fdcc-set definition and also empty in -+% glibc/locale/C-monetary.c. But localedef complains in that case). -+% -+% Using "USD" for int_curr_symbol. But maybe "XXX" would be better? -+% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217) -+int_curr_symbol "" -+% Using "$" for currency_symbol. But maybe would be better? -+% U+00A4 is the "generic currency symbol" -+% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29) -+currency_symbol "" -+mon_decimal_point "" -+mon_thousands_sep "" -+mon_grouping -1 -+positive_sign "" -+negative_sign "" -+int_frac_digits -1 -+frac_digits -1 -+p_cs_precedes -1 -+int_p_sep_by_space -1 -+p_sep_by_space -1 -+n_cs_precedes -1 -+int_n_sep_by_space -1 -+n_sep_by_space -1 -+p_sign_posn -1 -+n_sign_posn -1 -+% -+END LC_MONETARY -+ -+LC_NUMERIC -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+decimal_point "" -+thousands_sep "" -+grouping -1 -+END LC_NUMERIC -+ -+LC_TIME -+% This is the POSIX Locale definition for -+% the LC_TIME category. -+% -+% Abbreviated weekday names (%a) -+abday "";"";/ -+ "";"";/ -+ "";"";/ -+ "" -+ -+% Full weekday names (%A) -+day "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Abbreviated month names (%b) -+abmon "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"";/ -+ "";"" -+ -+% Full month names (%B) -+mon "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "";/ -+ "" -+ -+% Week description, consists of three fields: -+% 1. Number of days in a week. -+% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday). -+% 3. The weekday number to be contained in the first week of the year. -+% -+% ISO 8601 conforming applications should use the values 7, 19971201 (a -+% Monday), and 4 (Thursday), respectively. -+week 7;19971201;4 -+first_weekday 1 -+first_workday 1 -+ -+% Appropriate date and time representation (%c) -+% "%a %b %e %H:%M:%S %Y" -+d_t_fmt "" -+ -+% Appropriate date representation (%x) -+% "%m/%d/%y" -+d_fmt "" -+ -+% Appropriate time representation (%X) -+% "%H:%M:%S" -+t_fmt "" -+ -+% Appropriate AM/PM time representation (%r) -+% "%I:%M:%S %p" -+t_fmt_ampm "" -+ -+% Equivalent of AM/PM (%p) "AM"/"PM" -+% -+am_pm "";"" -+ -+% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y" -+date_fmt "" -+END LC_TIME -+ -+LC_MESSAGES -+% This is the POSIX Locale definition for -+% the LC_NUMERIC category. -+% -+yesexpr "" -+noexpr "" -+yesstr "" -+nostr "" -+END LC_MESSAGES -+ -+LC_PAPER -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_PAPER category. -+% (A4 paper, this is also used in the built in C/POSIX -+% locale in glibc/locale/C-paper.c) -+height 297 -+width 210 -+END LC_PAPER -+ -+LC_NAME -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_NAME category. -+% "%p%t%g%t%m%t%f" -+% (also used in the built in C/POSIX locale in glibc/locale/C-name.c) -+name_fmt "/ -+" -+END LC_NAME -+ -+LC_ADDRESS -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_ADDRESS category. -+% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N" -+% (also used in the built in C/POSIX locale in glibc/locale/C-address.c) -+postal_fmt "/ -+/ -+/ -+/ -+" -+END LC_ADDRESS -+ -+LC_TELEPHONE -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_TELEPHONE category. -+% "+%c %a %l" -+tel_int_fmt "/ -+" -+% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c) -+END LC_TELEPHONE -+ -+LC_MEASUREMENT -+% This is the ISO/IEC 14652 "i18n" definition for -+% the LC_MEASUREMENT category. -+% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c) -+%metric -+measurement 1 -+END LC_MEASUREMENT -+ --- -2.4.3 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch deleted file mode 100644 index c9734c0a15..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-pthread-use-after-free.patch +++ /dev/null @@ -1,132 +0,0 @@ -diff -Naur glibc-2.22_orig/nptl/createthread.c glibc-2.22/nptl/createthread.c ---- glibc-2.22_orig/nptl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/createthread.c 2016-09-28 11:27:50.831206703 -0700 -@@ -25,13 +25,13 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* If the implementation needs to do some tweaks to the thread after - it has been created at the OS level, it can set STOPPED_START here. */ - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/nptl/pthread_create.c glibc-2.22/nptl/pthread_create.c ---- glibc-2.22_orig/nptl/pthread_create.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/nptl/pthread_create.c 2016-09-28 11:31:20.839209223 -0700 -@@ -72,7 +72,7 @@ - case it is responsible for doing its own cleanup. */ - - static int create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, -+ bool *stopped_start, STACK_VARIABLES_PARMS, - bool *thread_ran); - - #include -@@ -633,14 +633,16 @@ - that cares whether the thread count is correct. */ - atomic_increment (&__nptl_nthreads); - -+ bool stopped_start = false; - bool thread_ran = false; - - /* Start the thread. */ - if (__glibc_unlikely (report_thread_creation (pd))) - { -+ stopped_start = true; - /* Create the thread. We always create the thread stopped - so that it does not get far before we tell the debugger. */ -- retval = create_thread (pd, iattr, true, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - if (retval == 0) - { -@@ -667,7 +669,7 @@ - } - } - else -- retval = create_thread (pd, iattr, false, STACK_VARIABLES_ARGS, -+ retval = create_thread (pd, iattr, &stopped_start, STACK_VARIABLES_ARGS, - &thread_ran); - - if (__glibc_unlikely (retval != 0)) -@@ -701,7 +703,8 @@ - } - else - { -- if (pd->stopped_start) -+ /* do not use pd->stopped_start to avoid use after free */ -+ if (stopped_start) - /* The thread blocked on this lock either because we're doing TD_CREATE - event reporting, or for some other reason that create_thread chose. - Now let it run free. */ -diff -Naur glibc-2.22_orig/sysdeps/nacl/createthread.c glibc-2.22/sysdeps/nacl/createthread.c ---- glibc-2.22_orig/sysdeps/nacl/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/nacl/createthread.c 2016-09-28 11:27:34.983206513 -0700 -@@ -32,12 +32,12 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - pd->tid = __nacl_get_tid (pd); - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -diff -Naur glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c glibc-2.22/sysdeps/unix/sysv/linux/createthread.c ---- glibc-2.22_orig/sysdeps/unix/sysv/linux/createthread.c 2015-08-04 23:42:21.000000000 -0700 -+++ glibc-2.22/sysdeps/unix/sysv/linux/createthread.c 2016-09-28 11:27:18.275206312 -0700 -@@ -46,7 +46,7 @@ - - static int - create_thread (struct pthread *pd, const struct pthread_attr *attr, -- bool stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) -+ bool *stopped_start, STACK_VARIABLES_PARMS, bool *thread_ran) - { - /* Determine whether the newly created threads has to be started - stopped since we have to set the scheduling parameters or set the -@@ -54,10 +54,10 @@ - if (attr != NULL - && (__glibc_unlikely (attr->cpuset != NULL) - || __glibc_unlikely ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0))) -- stopped_start = true; -+ *stopped_start = true; - -- pd->stopped_start = stopped_start; -- if (__glibc_unlikely (stopped_start)) -+ pd->stopped_start = *stopped_start; -+ if (__glibc_unlikely (*stopped_start)) - /* We make sure the thread does not run far by forcing it to get a - lock. We lock it here too so that the new thread cannot continue - until we tell it to. */ -@@ -117,7 +117,7 @@ - /* Set the affinity mask if necessary. */ - if (attr->cpuset != NULL) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setaffinity, err, 3, pd->tid, - attr->cpusetsize, attr->cpuset); -@@ -140,7 +140,7 @@ - /* Set the scheduling parameters. */ - if ((attr->flags & ATTR_FLAG_NOTINHERITSCHED) != 0) - { -- assert (stopped_start); -+ assert (*stopped_start); - - res = INTERNAL_SYSCALL (sched_setscheduler, err, 3, pd->tid, - pd->schedpolicy, &pd->schedparam); diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.24/glibc-2.24-c-utf8-locale.patch rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-c-utf8-locale.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c index a8ab9d8a3e..2ef96b75ea 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gentoo-chk_fail.c @@ -297,3 +297,7 @@ void __chk_fail(void) { __hardened_gentoo_fail(); } + +#ifdef GENTOO_SSP_HANDLER +strong_alias (__stack_chk_fail, __stack_chk_fail_local) +#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.23/glibc-2.23-gshadow-handle-erange.patch rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.25/glibc-2.25-gshadow-handle-erange.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c deleted file mode 100644 index 217bf1a907..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c +++ /dev/null @@ -1,321 +0,0 @@ -/* Copyright (C) 2005 Free Software Foundation, Inc. - This file is part of the GNU C Library. - - The GNU C Library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - - The GNU C Library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with the GNU C Library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA - 02111-1307 USA. */ - -/* Copyright (C) 2006-2007 Gentoo Foundation Inc. - * License terms as above. - * - * Hardened Gentoo SSP handler - * - * An SSP failure handler that does not use functions from the rest of - * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures - * no possibility of recursion into the handler. - * - * Direct all bug reports to http://bugs.gentoo.org/ - * - * Re-written from the glibc-2.3 Hardened Gentoo SSP handler - * by Kevin F. Quinn - - * - * The following people contributed to the glibc-2.3 Hardened - * Gentoo SSP handler, from which this implementation draws much: - * - * Ned Ludd - - * Alexander Gabert - - * The PaX Team - - * Peter S. Mazinger - - * Yoann Vandoorselaere - - * Robert Connolly - - * Cory Visi - * Mike Frysinger - */ - -#include -#include -#include -#include - -#include - -#include -#include -#include - -#include - -#include -/* from sysdeps */ -#include -/* for the stuff in bits/socket.h */ -#include -#include - - -/* Sanity check on SYSCALL macro names - force compilation - * failure if the names used here do not exist - */ -#if !defined __NR_socketcall && !defined __NR_socket -# error Cannot do syscall socket or socketcall -#endif -#if !defined __NR_socketcall && !defined __NR_connect -# error Cannot do syscall connect or socketcall -#endif -#ifndef __NR_write -# error Cannot do syscall write -#endif -#ifndef __NR_close -# error Cannot do syscall close -#endif -#ifndef __NR_getpid -# error Cannot do syscall getpid -#endif -#ifndef __NR_kill -# error Cannot do syscall kill -#endif -#ifndef __NR_exit -# error Cannot do syscall exit -#endif -#ifdef SSP_SMASH_DUMPS_CORE -# define ENABLE_SSP_SMASH_DUMPS_CORE 1 -# if !defined _KERNEL_NSIG && !defined _NSIG -# error No _NSIG or _KERNEL_NSIG for rt_sigaction -# endif -# if !defined __NR_sigaction && !defined __NR_rt_sigaction -# error Cannot do syscall sigaction or rt_sigaction -# endif -/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size - * of the _kernel_ sigset_t which is not the same as the user sigset_t. - * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for - * some reason. - */ -# ifdef _KERNEL_NSIG -# define _SSP_NSIG _KERNEL_NSIG -# else -# define _SSP_NSIG _NSIG -# endif -#else -# define _SSP_NSIG 0 -# define ENABLE_SSP_SMASH_DUMPS_CORE 0 -#endif - -/* Define DO_SIGACTION - default to newer rt signal interface but - * fallback to old as needed. - */ -#ifdef __NR_rt_sigaction -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8) -#else -# define DO_SIGACTION(signum, act, oldact) \ - INLINE_SYSCALL(sigaction, 3, signum, act, oldact) -#endif - -/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */ -#if defined(__NR_socket) && defined(__NR_connect) -# define USE_OLD_SOCKETCALL 0 -#else -# define USE_OLD_SOCKETCALL 1 -#endif -/* stub out the __NR_'s so we can let gcc optimize away dead code */ -#ifndef __NR_socketcall -# define __NR_socketcall 0 -#endif -#ifndef __NR_socket -# define __NR_socket 0 -#endif -#ifndef __NR_connect -# define __NR_connect 0 -#endif -#define DO_SOCKET(result, domain, type, protocol) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = domain; \ - socketargs[1] = type; \ - socketargs[2] = protocol; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \ - } else \ - result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \ - } while (0) -#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \ - do { \ - if (USE_OLD_SOCKETCALL) { \ - socketargs[0] = sockfd; \ - socketargs[1] = (unsigned long int)serv_addr; \ - socketargs[2] = addrlen; \ - socketargs[3] = 0; \ - result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \ - } else \ - result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \ - } while (0) - -#ifndef _PATH_LOG -# define _PATH_LOG "/dev/log" -#endif - -static const char path_log[] = _PATH_LOG; - -/* For building glibc with SSP switched on, define __progname to a - * constant if building for the run-time loader, to avoid pulling - * in more of libc.so into ld.so - */ -#ifdef IS_IN_rtld -static char *__progname = ""; -#else -extern char *__progname; -#endif - - -/* Common handler code, used by stack_chk_fail and __stack_smash_handler - * Inlined to ensure no self-references to the handler within itself. - * Data static to avoid putting more than necessary on the stack, - * to aid core debugging. - */ -__attribute__ ((__noreturn__ , __always_inline__)) -static inline void -__hardened_gentoo_stack_chk_fail(char func[], int damaged) -{ -#define MESSAGE_BUFSIZ 256 - static pid_t pid; - static int plen, i; - static char message[MESSAGE_BUFSIZ]; - static const char msg_ssa[] = ": stack smashing attack"; - static const char msg_inf[] = " in function "; - static const char msg_ssd[] = "*** stack smashing detected ***: "; - static const char msg_terminated[] = " - terminated\n"; - static const char msg_report[] = "Report to http://bugs.gentoo.org/\n"; - static const char msg_unknown[] = ""; - static int log_socket, connect_result; - static struct sockaddr_un sock; - static unsigned long int socketargs[4]; - - /* Build socket address - */ - sock.sun_family = AF_UNIX; - i = 0; - while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) { - sock.sun_path[i] = path_log[i]; - i++; - } - sock.sun_path[i] = '\0'; - - /* Try SOCK_DGRAM connection to syslog */ - connect_result = -1; - DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - if (connect_result == -1) { - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - /* Try SOCK_STREAM connection to syslog */ - DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0); - if (log_socket != -1) - DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock)); - } - - /* Build message. Messages are generated both in the old style and new style, - * so that log watchers that are configured for the old-style message continue - * to work. - */ -#define strconcat(str) \ - {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \ - {\ - message[plen+i]=str[i];\ - i++;\ - }\ - plen+=i;} - - /* R.Henderson post-gcc-4 style message */ - plen = 0; - strconcat(msg_ssd); - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Dr. Etoh pre-gcc-4 style message */ - plen = 0; - if (__progname != (char *)0) - strconcat(__progname) - else - strconcat(msg_unknown); - strconcat(msg_ssa); - strconcat(msg_inf); - if (func != NULL) - strconcat(func) - else - strconcat(msg_unknown); - strconcat(msg_terminated); - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - /* Direct reports to bugs.gentoo.org */ - plen=0; - strconcat(msg_report); - message[plen++]='\0'; - - /* Write out error message to STDERR, to syslog if open */ - INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen); - if (connect_result != -1) - INLINE_SYSCALL(write, 3, log_socket, message, plen); - - if (log_socket != -1) - INLINE_SYSCALL(close, 1, log_socket); - - /* Suicide */ - pid = INLINE_SYSCALL(getpid, 0); - - if (ENABLE_SSP_SMASH_DUMPS_CORE) { - static struct sigaction default_abort_act; - /* Remove any user-supplied handler for SIGABRT, before using it */ - default_abort_act.sa_handler = SIG_DFL; - default_abort_act.sa_sigaction = NULL; - __sigfillset(&default_abort_act.sa_mask); - default_abort_act.sa_flags = 0; - if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0) - INLINE_SYSCALL(kill, 2, pid, SIGABRT); - } - - /* Note; actions cannot be added to SIGKILL */ - INLINE_SYSCALL(kill, 2, pid, SIGKILL); - - /* In case the kill didn't work, exit anyway - * The loop prevents gcc thinking this routine returns - */ - while (1) - INLINE_SYSCALL(exit, 0); -} - -__attribute__ ((__noreturn__)) -void __stack_chk_fail(void) -{ - __hardened_gentoo_stack_chk_fail(NULL, 0); -} - -#ifdef ENABLE_OLD_SSP_COMPAT -__attribute__ ((__noreturn__)) -void __stack_smash_handler(char func[], int damaged) -{ - __hardened_gentoo_stack_chk_fail(func, damaged); -} -#endif diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit deleted file mode 100644 index 370782b4b4..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/common.eblit +++ /dev/null @@ -1,381 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -alt_prefix() { - is_crosscompile && echo /usr/${CTARGET} -} - -if [[ ${EAPI:-0} == [012] ]] ; then - : ${ED:=${D}} - : ${EROOT:=${ROOT}} -fi -# This indirection is for binpkgs. #523332 -_nonfatal() { nonfatal "$@" ; } -if [[ ${EAPI:-0} == [0123] ]] ; then - nonfatal() { "$@" ; } - _nonfatal() { "$@" ; } -fi - -# We need to be able to set alternative headers for -# compiling for non-native platform -# Will also become useful for testing kernel-headers without screwing up -# the whole system. -# note: intentionally undocumented. -alt_headers() { - echo ${ALT_HEADERS:=$(alt_prefix)/usr/include} -} -alt_build_headers() { - if [[ -z ${ALT_BUILD_HEADERS} ]] ; then - ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)" - if tc-is-cross-compiler ; then - ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers) - if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then - local header_path=$(echo '#include ' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h') - ALT_BUILD_HEADERS=${header_path%/linux/version.h} - fi - fi - fi - echo "${ALT_BUILD_HEADERS}" -} - -alt_libdir() { - echo $(alt_prefix)/$(get_libdir) -} -alt_usrlibdir() { - echo $(alt_prefix)/usr/$(get_libdir) -} - -builddir() { - echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1" -} - -setup_target_flags() { - # This largely mucks with compiler flags. None of which should matter - # when building up just the headers. - just_headers && return 0 - - case $(tc-arch) in - x86) - # -march needed for #185404 #199334 - # TODO: When creating the first glibc cross-compile, this test will - # always fail as it does a full link which in turn requires glibc. - # Probably also applies when changing multilib profile settings (e.g. - # enabling x86 when the profile was amd64-only previously). - # We could change main to _start and pass -nostdlib here so that we - # only test the gcc code compilation. Or we could do a compile and - # then look for the symbol via scanelf. - if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - filter-flags '-march=*' - export CFLAGS="-march=${t} ${CFLAGS}" - einfo "Auto adding -march=${t} to CFLAGS #185404" - fi - ;; - amd64) - # -march needed for #185404 #199334 - # Note: This test only matters when the x86 ABI is enabled, so we could - # optimize a bit and elide it. - # TODO: See cross-compile issues listed above for x86. - if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then - local t=${CTARGET_OPT:-${CTARGET}} - t=${t%%-*} - # Normally the target is x86_64-xxx, so turn that into the -march that - # gcc actually accepts. #528708 - [[ ${t} == "x86_64" ]] && t="x86-64" - filter-flags '-march=*' - # ugly, ugly, ugly. ugly. - CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}") - export CFLAGS_x86="${CFLAGS_x86} -march=${t}" - einfo "Auto adding -march=${t} to CFLAGS_x86 #185404" - fi - ;; - mips) - # The mips abi cannot support the GNU style hashes. #233233 - filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both - ;; - ppc) - append-flags "-freorder-blocks" - ;; - sparc) - # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though. - filter-flags "-fcall-used-g7" - append-flags "-fcall-used-g6" - - # If the CHOST is the basic one (e.g. not sparcv9-xxx already), - # try to pick a better one so glibc can use cpu-specific .S files. - # We key off the CFLAGS to get a good value. Also need to handle - # version skew. - # We can't force users to set their CHOST to their exact machine - # as many of these are not recognized by config.sub/gcc and such :(. - # Note: If the mcpu values don't scale, we might try probing CPP defines. - # Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ? - - local cpu - case ${CTARGET} in - sparc64-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparc64v2" - elif version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparc64v" - elif version_is_at_least 2.2.3 ; then - cpu="sparc64b" - fi - ;; - ultrasparc3) - cpu="sparc64b" - ;; - *) - # We need to force at least v9a because the base build doesn't - # work with just v9. - # https://sourceware.org/bugzilla/show_bug.cgi?id=19477 - [[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a" - ;; - esac - ;; - sparc-*) - case $(get-flag mcpu) in - niagara[234]) - if version_is_at_least 2.8 ; then - cpu="sparcv9v2" - elif version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - niagara) - if version_is_at_least 2.4 ; then - cpu="sparcv9v" - elif version_is_at_least 2.2.3 ; then - cpu="sparcv9b" - else - cpu="sparcv9" - fi - ;; - ultrasparc3) - cpu="sparcv9b" - ;; - v9|ultrasparc) - cpu="sparcv9" - ;; - v8|supersparc|hypersparc|leon|leon3) - cpu="sparcv8" - ;; - esac - ;; - esac - [[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}" - ;; - esac -} - -setup_flags() { - # Make sure host make.conf doesn't pollute us - if is_crosscompile || tc-is-cross-compiler ; then - CHOST=${CTARGET} strip-unsupported-flags - fi - - # Store our CFLAGS because it's changed depending on which CTARGET - # we are building when pulling glibc on a multilib profile - CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}} - CFLAGS=${CFLAGS_BASE} - CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}} - CXXFLAGS=${CXXFLAGS_BASE} - ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}} - ASFLAGS=${ASFLAGS_BASE} - - # Over-zealous CFLAGS can often cause problems. What may work for one - # person may not work for another. To avoid a large influx of bugs - # relating to failed builds, we strip most CFLAGS out to ensure as few - # problems as possible. - strip-flags - strip-unsupported-flags - filter-flags -m32 -m64 -mabi=* - - # Bug 492892. - filter-flags -frecord-gcc-switches - - unset CBUILD_OPT CTARGET_OPT - if use multilib ; then - CTARGET_OPT=$(get_abi_CTARGET) - [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST) - fi - - setup_target_flags - - if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then - CBUILD_OPT=${CTARGET_OPT} - fi - - # Lock glibc at -O2 -- linuxthreads needs it and we want to be - # conservative here. -fno-strict-aliasing is to work around #155906 - filter-flags -O? - append-flags -O2 -fno-strict-aliasing - - # Can't build glibc itself with fortify code. Newer versions add - # this flag for us, so no need to do it manually. - version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE - - # building glibc with SSP is fraught with difficulty, especially - # due to __stack_chk_fail_local which would mean significant changes - # to the glibc build process. See bug #94325 #293721 - # Note we have to handle both user-given CFLAGS and gcc defaults via - # spec rules here. We can't simply add -fno-stack-protector as it gets - # added before user flags, and we can't just filter-flags because - # _filter_hardened doesn't support globs. - filter-flags -fstack-protector* - gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector) - - if use hardened && gcc-specs-pie ; then - # Force PIC macro definition for all compilations since they're all - # either -fPIC or -fPIE with the default-PIE compiler. - append-cppflags -DPIC - else - # Don't build -fPIE without the default-PIE compiler and the - # hardened-pie patch - filter-flags -fPIE - fi -} - -want_nptl() { - [[ -z ${LT_VER} ]] && return 0 - want_tls || return 1 - use nptl || return 1 - - # Older versions of glibc had incomplete arch support for nptl. - # But if you're building those now, you can handle USE=nptl yourself. - return 0 -} - -want_linuxthreads() { - [[ -z ${LT_VER} ]] && return 1 - use linuxthreads -} - -want_tls() { - # Archs that can use TLS (Thread Local Storage) - case $(tc-arch) in - x86) - # requires i486 or better #106556 - [[ ${CTARGET} == i[4567]86* ]] && return 0 - return 1 - ;; - esac - - return 0 -} - -want__thread() { - want_tls || return 1 - - # For some reason --with-tls --with__thread is causing segfaults on sparc32. - [[ ${PROFILE_ARCH} == "sparc" ]] && return 1 - - [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD} - - # only test gcc -- cant test linking yet - tc-has-tls -c ${CTARGET} - WANT__THREAD=$? - - return ${WANT__THREAD} -} - -use_multiarch() { - # Make sure binutils is new enough to support indirect functions #336792 - # This funky sed supports gold and bfd linkers. - local bver nver - bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}') - case $(tc-arch ${CTARGET}) in - amd64|x86) nver="2.20" ;; - arm) nver="2.22" ;; - hppa) nver="2.23" ;; - ppc|ppc64) nver="2.20" ;; - # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24. - s390) nver="2.24" ;; - sparc) nver="2.21" ;; - *) return 1 ;; - esac - version_is_at_least ${nver} ${bver} -} - -# Setup toolchain variables that had historically -# been defined in the profiles for these archs. -setup_env() { - # silly users - unset LD_RUN_PATH - unset LD_ASSUME_KERNEL - - if is_crosscompile || tc-is-cross-compiler ; then - multilib_env ${CTARGET_OPT:-${CTARGET}} - - if ! use multilib ; then - MULTILIB_ABIS=${DEFAULT_ABI} - else - MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}} - fi - - # If the user has CFLAGS_ in their make.conf, use that, - # and fall back on CFLAGS. - local VAR=CFLAGS_${CTARGET//[-.]/_} - CFLAGS=${!VAR-${CFLAGS}} - fi - - setup_flags - - export ABI=${ABI:-${DEFAULT_ABI:-default}} - - local VAR=CFLAGS_${ABI} - # We need to export CFLAGS with abi information in them because glibc's - # configure script checks CFLAGS for some targets (like mips). Keep - # around the original clean value to avoid appending multiple ABIs on - # top of each other. - : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})} - export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}" -} - -foreach_abi() { - setup_env - - local ret=0 - local abilist="" - if use multilib ; then - abilist=$(get_install_abis) - else - abilist=${DEFAULT_ABI} - fi - evar_push ABI - export ABI - for ABI in ${abilist:-default} ; do - setup_env - einfo "Running $1 for ABI ${ABI}" - $1 - : $(( ret |= $? )) - done - evar_pop - return ${ret} -} - -just_headers() { - is_crosscompile && use crosscompile_opts_headers-only -} - -glibc_banner() { - local b="Gentoo ${PVR}" - [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}" - [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}" - [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}" - echo "${b}" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit deleted file mode 100644 index 827cba9b51..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_postinst.eblit +++ /dev/null @@ -1,21 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-pkg_postinst() { - # nothing to do if just installing headers - just_headers && return - - if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then - # Generate fastloading iconv module configuration file. - "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}" - fi - - if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then - # Reload init ... if in a chroot or a diff init package, ignore - # errors from this step #253697 - /sbin/telinit U 2>/dev/null - - ## COREOS: locale-gen is not installed - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit deleted file mode 100644 index 65c7c958af..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_preinst.eblit +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -# Simple test to make sure our new glibc isnt completely broken. -# Make sure we don't test with statically built binaries since -# they will fail. Also, skip if this glibc is a cross compiler. -# -# If coreutils is built with USE=multicall, some of these files -# will just be wrapper scripts, not actual ELFs we can test. -glibc_sanity_check() { - cd / #228809 - - # We enter ${ED} so to avoid trouble if the path contains - # special characters; for instance if the path contains the - # colon character (:), then the linker will try to split it - # and look for the libraries in an unexpected place. This can - # lead to unsafe code execution if the generated prefix is - # within a world-writable directory. - # (e.g. /var/tmp/portage:${HOSTNAME}) - pushd "${ED}"/$(get_libdir) >/dev/null - - local x striptest - for x in cal date env free ls true uname uptime ; do - x=$(type -p ${x}) - [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue - striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue - case ${striptest} in - *"statically linked"*) continue;; - *"ASCII text"*) continue;; - esac - # We need to clear the locale settings as the upgrade might want - # incompatible locale data. This test is not for verifying that. - LC_ALL=C \ - ./ld-*.so --library-path . ${x} > /dev/null \ - || die "simple run test (${x}) failed" - done - - popd >/dev/null -} - -eblit-glibc-pkg_preinst() { - # nothing to do if just installing headers - just_headers && return - - # prepare /etc/ld.so.conf.d/ for files - mkdir -p "${EROOT}"/etc/ld.so.conf.d - - ## COREOS: host.conf is not installed - - [[ ${ROOT} != "/" ]] && return 0 - [[ -d ${ED}/$(get_libdir) ]] || return 0 - [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check - - # For newer EAPIs, this was run in pkg_pretend. - if [[ ${EAPI:-0} == [0123] ]] ; then - check_devpts - fi -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit deleted file mode 100644 index 03c947f3e3..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/pkg_pretend.eblit +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_compile_test() { - local ret save_cflags=${CFLAGS} - CFLAGS+=" $1" - shift - - pushd "${T}" >/dev/null - - rm -f glibc-test* - printf '%b' "$*" > glibc-test.c - - _nonfatal emake -s glibc-test - ret=$? - - popd >/dev/null - - CFLAGS=${save_cflags} - return ${ret} -} - -glibc_run_test() { - local ret - - if [[ ${EMERGE_FROM} == "binary" ]] ; then - # ignore build failures when installing a binary package #324685 - glibc_compile_test "" "$@" 2>/dev/null || return 0 - else - if ! glibc_compile_test "" "$@" ; then - ewarn "Simple build failed ... assuming this is desired #324685" - return 0 - fi - fi - - pushd "${T}" >/dev/null - - ./glibc-test - ret=$? - rm -f glibc-test* - - popd >/dev/null - - return ${ret} -} - -check_devpts() { - ## COREOS: Ignore /dev/pts settings, the chroot has no control over them. - return 0 -} - -eblit-glibc-pkg_pretend() { - # For older EAPIs, this is run in pkg_preinst. - if [[ ${EAPI:-0} != [0123] ]] ; then - check_devpts - fi - - # Prevent native builds from downgrading. - if [[ ${MERGE_TYPE} != "buildonly" ]] && \ - [[ ${ROOT} == "/" ]] && \ - [[ ${CBUILD} == ${CHOST} ]] && \ - [[ ${CHOST} == ${CTARGET} ]] ; then - # The high rev # is to allow people to downgrade between -r# versions. - # We want to block 2.20->2.19, but 2.20-r3->2.20-r2 should be fine. - # Hopefully we never actually use a r# this high. - if has_version ">${CATEGORY}/${P}-r10000" ; then - eerror "Sanity check to keep you from breaking your system:" - eerror " Downgrading glibc is not supported and a sure way to destruction" - die "aborting to save your system" - fi - - if ! glibc_run_test '#include \nint main(){return getpwuid(0)==0;}\n' - then - eerror "Your patched vendor kernel is broken. You need to get an" - eerror "update from whoever is providing the kernel to you." - eerror "https://sourceware.org/bugzilla/show_bug.cgi?id=5227" - eerror "http://bugs.gentoo.org/262698" - die "keeping your system alive, say thank you" - fi - - if ! glibc_run_test '#include \n#include \nint main(){return syscall(1000)!=-1;}\n' - then - eerror "Your old kernel is broken. You need to update it to" - eerror "a newer version as syscall() will break." - eerror "http://bugs.gentoo.org/279260" - die "keeping your system alive, say thank you" - fi - fi - - # users have had a chance to phase themselves, time to give em the boot - if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then - eerror "You still haven't deleted ${EROOT}/etc/locales.build." - eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher." - die "lazy upgrader detected" - fi - - if [[ ${CTARGET} == i386-* ]] ; then - eerror "i386 CHOSTs are no longer supported." - eerror "Chances are you don't actually want/need i386." - eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml" - die "please fix your CHOST" - fi - - if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then - ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS." - ewarn "This will result in a 50% performance penalty when running with a 32bit" - ewarn "hypervisor, which is probably not what you want." - fi - - use hardened && ! gcc-specs-pie && \ - ewarn "PIE hardening not applied, as your compiler doesn't default to PIE" - - # Make sure host system is up to date #394453 - if has_version ' /dev/null - local addons=$(echo */configure | sed \ - -e 's:/configure::g' \ - -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \ - -e 's: \+$::' \ - -e 's! !,!g' \ - -e 's!^!,!' \ - -e '/^,\*$/d') - [[ -d ports ]] && addons+=",ports" - popd > /dev/null - - myconf+=( $(use_enable hardened stackguard-randomization) ) - if has_version ' "${T}"/test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then - sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die - mkdir -p sunrpc - cp $(which rpcgen) sunrpc/cross-rpcgen || die - touch -t 202001010101 sunrpc/cross-rpcgen || die - fi - fi -} - -toolchain-glibc_headers_configure() { - export ABI=default - - local builddir=$(builddir "headers") - mkdir -p "${builddir}" - cd "${builddir}" - - # if we don't have a compiler yet, we cant really test it now ... - # hopefully they don't affect header geneation, so let's hope for - # the best here ... - local v vars=( - ac_cv_header_cpuid_h=yes - libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes - libc_cv_asm_cfi_directives=yes - libc_cv_broken_visibility_attribute=no - libc_cv_c_cleanup=yes - libc_cv_forced_unwind=yes - libc_cv_gcc___thread=yes - libc_cv_mlong_double_128=yes - libc_cv_mlong_double_128ibm=yes - libc_cv_ppc_machine=yes - libc_cv_ppc_rel16=yes - libc_cv_predef_{fortify_source,stack_protector}=no - libc_cv_visibility_attribute=yes - libc_cv_z_combreloc=yes - libc_cv_z_execstack=yes - libc_cv_z_initfirst=yes - libc_cv_z_nodelete=yes - libc_cv_z_nodlopen=yes - libc_cv_z_relro=yes - libc_mips_abi=${ABI} - libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard) - # These libs don't have configure flags. - ac_cv_lib_audit_audit_log_user_avc_message=no - ac_cv_lib_cap_cap_init=no - ) - einfo "Forcing cached settings:" - for v in "${vars[@]}" ; do - einfo " ${v}" - export ${v} - done - - # Blow away some random CC settings that screw things up. #550192 - if [[ -d ${S}/sysdeps/mips ]]; then - pushd "${S}"/sysdeps/mips >/dev/null - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die - sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die - if version_is_at_least 2.21 ; then - # Force the mips ABI to the default. This is OK because the set of - # installed headers in this phase is the same between the 3 ABIs. - # If this ever changes, this hack will break, but that's unlikely - # as glibc discourages that behavior. - # https://crbug.com/647033 - sed -i -e 's:abiflag=.*:abiflag=_ABIO32:' preconfigure || die - fi - popd >/dev/null - fi - - local myconf=() - myconf+=( - --disable-sanity-checks - --enable-hacker-mode - --without-cvs - --disable-werror - --enable-bind-now - --build=${CBUILD_OPT:-${CBUILD}} - --host=${CTARGET_OPT:-${CTARGET}} - --with-headers=$(alt_build_headers) - --prefix="${EPREFIX}/usr" - ${EXTRA_ECONF} - ) - - local addons - [[ -d ${S}/ports ]] && addons+=",ports" - # Newer versions require nptl, so there is no addon for it. - version_is_at_least 2.20 || addons+=",nptl" - myconf+=( --enable-add-ons="${addons#,}" ) - - # Nothing is compiled here which would affect the headers for the target. - # So forcing CC/CFLAGS is sane. - set -- "${S}"/configure "${myconf[@]}" - echo "$@" - CC="$(tc-getBUILD_CC)" \ - CFLAGS="-O1 -pipe" \ - CPPFLAGS="-U_FORTIFY_SOURCE" \ - LDFLAGS="" \ - "$@" || die "failed to configure glibc" -} - -toolchain-glibc_src_configure() { - if just_headers ; then - toolchain-glibc_headers_configure - else - want_linuxthreads && glibc_do_configure linuxthreads - want_nptl && glibc_do_configure nptl - fi -} - -eblit-glibc-src_configure() { - foreach_abi toolchain-glibc_src_configure -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit deleted file mode 100644 index 6d0353f7bf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_install.eblit +++ /dev/null @@ -1,231 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -toolchain-glibc_src_install() { - local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl)) - cd "${builddir}" - - emake install_root="${D}$(alt_prefix)" install || die - - if want_linuxthreads && want_nptl ; then - einfo "Installing NPTL to $(alt_libdir)/tls/..." - cd "$(builddir nptl)" - dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl - - local l src_lib - for l in libc libm librt libpthread libthread_db ; do - # take care of shared lib first ... - l=${l}.so - if [[ -e ${l} ]] ; then - src_lib=${l} - else - src_lib=$(eval echo */${l}) - fi - cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}" - fperms a+rx $(alt_libdir)/tls/${l} - dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib}) - - # then grab the linker script or the symlink ... - if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then - dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l} - else - sed \ - -e "s:/${l}:/tls/${l}:g" \ - -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \ - "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l} - fi - - # then grab the static lib ... - src_lib=${src_lib/%.so/.a} - [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a} - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - src_lib=${src_lib/%.a/_nonshared.a} - if [[ -e ${src_lib} ]] ; then - cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}" - fi - done - - # use the nptl linker instead of the linuxthreads one as the linuxthreads - # one may lack TLS support and that can be really bad for business - cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp" - fi - - # Newer versions get fancy with libm linkage to include vectorized support. - # While we don't really need a ldscript here, portage QA checks get upset. - if [[ -e ${ED}$(alt_usrlibdir)/libm-${PV}.a ]] ; then - dosym ../../$(get_libdir)/libm-${PV}.so $(alt_usrlibdir)/libm-${PV}.so - fi - - # We'll take care of the cache ourselves - rm -f "${ED}"/etc/ld.so.cache - - # Everything past this point just needs to be done once ... - is_final_abi || return 0 - - # Make sure the non-native interp can be found on multilib systems even - # if the main library set isn't installed into the right place. Maybe - # we should query the active gcc for info instead of hardcoding it ? - local i ldso_abi ldso_name - local ldso_abi_list=( - # x86 - amd64 /lib64/ld-linux-x86-64.so.2 - x32 /libx32/ld-linux-x32.so.2 - x86 /lib/ld-linux.so.2 - # mips - o32 /lib/ld.so.1 - n32 /lib32/ld.so.1 - n64 /lib64/ld.so.1 - # powerpc - ppc /lib/ld.so.1 - ppc64 /lib64/ld64.so.1 - # s390 - s390 /lib/ld.so.1 - s390x /lib/ld64.so.1 - # sparc - sparc32 /lib/ld-linux.so.2 - sparc64 /lib64/ld-linux.so.2 - ) - case $(tc-endian) in - little) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64.so.1 - ) - ;; - big) - ldso_abi_list+=( - # arm - arm64 /lib/ld-linux-aarch64_be.so.1 - ) - ;; - esac - if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then - dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib - fi - for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do - ldso_abi=${ldso_abi_list[i]} - has ${ldso_abi} $(get_install_abis) || continue - - ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}" - if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then - dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name} - fi - done - - # With devpts under Linux mounted properly, we do not need the pt_chown - # binary to be setuid. This is because the default owners/perms will be - # exactly what we want. - if in_iuse suid && ! use suid ; then - find "${ED}" -name pt_chown -exec chmod -s {} + - fi - - ################################################################# - # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY # - # Make sure we install some symlink hacks so that when we build - # a 2nd stage cross-compiler, gcc finds the target system - # headers correctly. See gcc/doc/gccinstall.info - if is_crosscompile ; then - # We need to make sure that /lib and /usr/lib always exists. - # gcc likes to use relative paths to get to its multilibs like - # /usr/lib/../lib64/. So while we don't install any files into - # /usr/lib/, we do need it to exist. - cd "${ED}"$(alt_libdir)/.. - [[ -e lib ]] || mkdir lib - cd "${ED}"$(alt_usrlibdir)/.. - [[ -e lib ]] || mkdir lib - - dosym usr/include $(alt_prefix)/sys-include - return 0 - fi - - ## COREOS ## - # For reference, the rest of this function has been modified to do: - # - The SDK just gets the full locale archive, no need for locale-gen. - # - CoreOS targets (which are cross compiled) don't get any locales. - # - Config files are installed by baselayout, not glibc. - # - Install nscd/systemd stuff in /usr. - - if ! tc-is-cross-compiler ; then - emake install_root="${D}$(alt_prefix)" localedata/install-locales || die - # Sanity check the above command worked - [[ -f ${ED}/usr/$(get_libdir)/locale/locale-archive ]] || die - else - keepdir /usr/$(get_libdir)/locale - fi - - # Make sure all the ABI's can find the locales and so we only - # have to generate one set - local a - for a in $(get_install_abis) ; do - if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then - dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale - fi - done - - # Clean out any default configs - rm -rf "${ED}"/etc - - cd "${S}" - - # Install misc network config files - insinto /usr/share/baselayout - doins nscd/nscd.conf || die - - if ! in_iuse nscd || use nscd ; then - systemd_dounit nscd/nscd.service || die - systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die - systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die - fi - - echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc - doenvd "${T}"/00glibc || die - - for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do - [[ -s ${d} ]] && dodoc ${d} - done -} - -toolchain-glibc_headers_install() { - local builddir=$(builddir "headers") - cd "${builddir}" - emake install_root="${D}$(alt_prefix)" install-headers || die - if ! version_is_at_least 2.16 ; then - insinto $(alt_headers)/bits - doins bits/stdio_lim.h || die - fi - insinto $(alt_headers)/gnu - doins "${S}"/include/gnu/stubs.h || die "doins include gnu" - # Make sure we install the sys-include symlink so that when - # we build a 2nd stage cross-compiler, gcc finds the target - # system headers correctly. See gcc/doc/gccinstall.info - dosym usr/include $(alt_prefix)/sys-include -} - -src_strip() { - # gdb is lame and requires some debugging information to remain in - # libpthread, so we need to strip it by hand. libthread_db makes no - # sense stripped as it is only used when debugging. - local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}") - env \ - -uRESTRICT \ - CHOST=${CTARGET} \ - STRIP_MASK="/*/{,tls/}${pthread}*" \ - prepallstrip - # if user has stripping enabled and does not have split debug turned on, - # then leave the debugging sections in libpthread. - if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then - ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so - fi -} - -eblit-glibc-src_install() { - if just_headers ; then - export ABI=default - toolchain-glibc_headers_install - return - fi - - foreach_abi toolchain-glibc_src_install - src_strip -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit deleted file mode 100644 index 11ff7af6f8..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_prepare.eblit +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 1999-2017 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -eblit-glibc-src_prepare() { - # XXX: We should do the branchupdate, before extracting the manpages and - # infopages else it does not help much (mtimes change if there is a change - # to them with branchupdate) - if [[ -n ${BRANCH_UPDATE} ]] ; then - epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2 - - # Snapshot date patch - einfo "Patching version to display snapshot date ..." - sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h - fi - - # tag, glibc is it - if ! version_is_at_least 2.17 ; then - [[ -e csu/Banner ]] && die "need new banner location" - glibc_banner > csu/Banner - fi - if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then - EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \ - EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \ - EPATCH_SUFFIX="patch" \ - ARCH=$(tc-arch) \ - epatch "${WORKDIR}"/patches - fi - - if just_headers ; then - if [[ -e ports/sysdeps/mips/preconfigure ]] ; then - # mips peeps like to screw with us. if building headers, - # we don't have a real compiler, so we can't let them - # insert -mabi on us. - sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die - find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} + - fi - fi - - epatch_user - - gnuconfig_update - - # Glibc is stupid sometimes, and doesn't realize that with a - # static C-Only gcc, -lgcc_eh doesn't exist. - # https://sourceware.org/ml/libc-alpha/2003-09/msg00100.html - # https://sourceware.org/ml/libc-alpha/2005-02/msg00042.html - # But! Finally fixed in recent versions: - # https://sourceware.org/ml/libc-alpha/2012-05/msg01865.html - if ! version_is_at_least 2.16 ; then - echo 'int main(){}' > "${T}"/gcc_eh_test.c - if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then - sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh" - fi - fi - - cd "${WORKDIR}" - find . -type f '(' -size 0 -o -name "*.orig" ')' -delete - find . -name configure -exec touch {} + - - eprefixify extra/locale/locale-gen - - # Fix permissions on some of the scripts. - chmod u+x "${S}"/scripts/*.sh -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit deleted file mode 100644 index fc5b950f46..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_test.eblit +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -glibc_src_test() { - cd "$(builddir $1)" - nonfatal emake -j1 check && return 0 - einfo "make check failed - re-running with --keep-going to get the rest of the results" - nonfatal emake -j1 -k check - ewarn "make check failed for ${ABI}-${CTARGET}-$1" - return 1 -} - -toolchain-glibc_src_test() { - local ret=0 t - for t in linuxthreads nptl ; do - if want_${t} ; then - glibc_src_test ${t} - : $(( ret |= $? )) - fi - done - return ${ret} -} - -eblit-glibc-src_test() { - # Give tests more time to complete. - export TIMEOUTFACTOR=5 - - foreach_abi toolchain-glibc_src_test || die "tests failed" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit deleted file mode 100644 index 8d4c740717..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/files/eblits/src_unpack.eblit +++ /dev/null @@ -1,121 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Id$ - -[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit" - -int_to_KV() { - local version=$1 major minor micro - major=$((version / 65536)) - minor=$(((version % 65536) / 256)) - micro=$((version % 256)) - echo ${major}.${minor}.${micro} -} - -eend_KV() { - [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]] - eend $? -} - -get_kheader_version() { - printf '#include \nLINUX_VERSION_CODE\n' | \ - $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \ - tail -n 1 -} - -check_nptl_support() { - # don't care about the compiler here as we arent using it - just_headers && return - - local run_kv build_kv want_kv - run_kv=$(int_to_KV $(get_KV)) - build_kv=$(int_to_KV $(get_kheader_version)) - want_kv=${NPTL_KERN_VER} - - ebegin "Checking gcc for __thread support" - if ! eend $(want__thread ; echo $?) ; then - echo - eerror "Could not find a gcc that supports the __thread directive!" - eerror "Please update your binutils/gcc and try again." - die "No __thread support in gcc!" - fi - - if ! is_crosscompile && ! tc-is-cross-compiler ; then - # Building fails on an non-supporting kernel - ebegin "Checking kernel version (${run_kv} >= ${want_kv})" - if ! eend_KV ${run_kv} ${want_kv} ; then - echo - eerror "You need a kernel of at least ${want_kv} for NPTL support!" - die "Kernel version too low!" - fi - fi - - ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})" - if ! eend_KV ${build_kv} ${want_kv} ; then - echo - eerror "You need linux-headers of at least ${want_kv} for NPTL support!" - die "linux-headers version too low!" - fi -} - -unpack_pkg() { - local a=${PN} - [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}" - [[ -n $1 ]] && a="${a}-$1" - if [[ -n ${SNAP_VER} ]] ; then - a="${a}-${SNAP_VER}" - else - if [[ -n $2 ]] ; then - a="${a}-$2" - else - a="${a}-${RELEASE_VER}" - fi - fi - if has ${a}.tar.xz ${A} ; then - unpacker ${a}.tar.xz - else - unpack ${a}.tar.bz2 - fi - [[ -n $1 ]] && { mv ${a} $1 || die ; } -} - -toolchain-glibc_src_unpack() { - # Check NPTL support _before_ we unpack things to save some time - want_nptl && check_nptl_support - - if [[ -n ${EGIT_REPO_URIS} ]] ; then - local i d - for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do - EGIT_REPO_URI=${EGIT_REPO_URIS[$i]} - EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]} - git-2_src_unpack - done - else - unpack_pkg - fi - - cd "${S}" - touch locale/C-translit.h #185476 #218003 - [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER} - [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER} - [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn - - if [[ -n ${PATCH_VER} ]] ; then - cd "${WORKDIR}" - unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2 - # pull out all the addons - local d - for d in extra/*/configure ; do - d=${d%/configure} - [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}" - mv "${d}" "${S}" || die "moving ${d} failed" - done - fi -} - -eblit-glibc-src_unpack() { - setup_env - - toolchain-glibc_src_unpack - [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild similarity index 63% rename from sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild index 07d51f5aaf..1c80ea228f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.23-r6.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/glibc-2.25-r11.ebuild @@ -1,16 +1,15 @@ -# Copyright 1999-2017 Gentoo Foundation +# Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Id$ -EAPI="4" +EAPI="5" -inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix +inherit toolchain-glibc DESCRIPTION="GNU libc6 (also called glibc2) C library" HOMEPAGE="https://www.gnu.org/software/libc/libc.html" LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh ~sparc x86" +KEYWORDS="alpha amd64 ~arm arm64 ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86" RESTRICT="strip" # strip ourself #46186 EMULTILIB_PKG="true" @@ -27,10 +26,16 @@ case ${PV} in ;; esac GCC_BOOTSTRAP_VER="4.7.3-r1" -PATCH_VER="8" # Gentoo patchset +# patches live at https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/glibc/ +PATCH_VER="15" # Gentoo patchset : ${NPTL_KERN_VER:="2.6.32"} # min kernel version nptl requires -IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla crosscompile_opts_headers-only" +GLIBC_PATCH_EXCLUDE+=" 0005_all_sys-types.h-drop-sys-sysmacros.h-include.patch" + +IUSE="audit caps debug gd hardened multilib nscd +rpc selinux systemtap profile suid vanilla headers-only" + +# Drop this after updating profiles. +IUSE+=" crosscompile_opts_headers-only" # Here's how the cross-compile logic breaks down ... # CTARGET - machine that will target the binaries @@ -71,6 +76,7 @@ COMMON_DEPEND=" ) ) suid? ( caps? ( sys-libs/libcap ) ) selinux? ( sys-libs/libselinux ) + systemtap? ( dev-util/systemtap ) " DEPEND="${COMMON_DEPEND} >=app-misc/pax-utils-0.1.10 @@ -82,7 +88,7 @@ RDEPEND="${COMMON_DEPEND} !sys-libs/nss-db" if [[ ${CATEGORY} == cross-* ]] ; then - DEPEND+=" !crosscompile_opts_headers-only? ( + DEPEND+=" !headers-only? ( >=${CATEGORY}/binutils-2.24 >=${CATEGORY}/gcc-4.7 )" @@ -100,7 +106,7 @@ upstream_uris() { echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1 } gentoo_uris() { - local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI" + local devspace="HTTP~vapier/dist/URI HTTP~dilfridge/distfiles/URI HTTP~tamiko/distfiles/URI HTTP~slyfox/distfiles/URI" devspace=${devspace//HTTP/https://dev.gentoo.org/} echo mirror://gentoo/$1 ${devspace//URI/$1} } @@ -110,70 +116,21 @@ SRC_URI=$( ) SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}" -# eblit-include [--skip] [version] -eblit-include() { - local skipable=false - [[ $1 == "--skip" ]] && skipable=true && shift - [[ $1 == pkg_* ]] && skipable=true - - local e v func=$1 ver=$2 - [[ -z ${func} ]] && die "Usage: eblit-include [version]" - for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do - e="${FILESDIR}/eblits/${func}${v}.eblit" - if [[ -e ${e} ]] ; then - source "${e}" - return 0 - fi - done - ${skipable} && return 0 - die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/" -} - -# eblit-run-maybe -# run the specified function if it is defined -eblit-run-maybe() { - [[ $(type -t "$@") == "function" ]] && "$@" -} - -# eblit-run [version] -# aka: src_unpack() { eblit-run src_unpack ; } -eblit-run() { - eblit-include --skip common "${*:2}" - eblit-include "$@" - eblit-run-maybe eblit-$1-pre - eblit-${PN}-$1 - eblit-run-maybe eblit-$1-post -} - -src_unpack() { eblit-run src_unpack ; } -src_prepare() { eblit-run src_prepare ; } -src_configure() { eblit-run src_configure ; } -src_compile() { eblit-run src_compile ; } -src_test() { eblit-run src_test ; } -src_install() { eblit-run src_install ; } - -# FILESDIR might not be available during binpkg install -for x in pretend setup {pre,post}inst ; do - e="${FILESDIR}/eblits/pkg_${x}.eblit" - if [[ -e ${e} ]] ; then - . "${e}" - eval "pkg_${x}() { eblit-run pkg_${x} ; }" - fi -done - -eblit-src_unpack-pre() { +src_unpack() { [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2 + + toolchain-glibc_src_unpack } -eblit-src_prepare-post() { +src_prepare() { + toolchain-glibc_src_prepare + cd "${S}" epatch "${FILESDIR}"/2.19/${PN}-2.19-ia64-gcc-4.8-reloc-hack.patch #503838 - ## COREOS: features and bug fixes missing from the Gentoo patch set. - epatch "${FILESDIR}"/2.23/glibc-2.23-gshadow-handle-erange.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-c-utf8-locale.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-pthread-use-after-free.patch - epatch "${FILESDIR}"/2.23/glibc-2.23-binutils-update.patch + ## COREOS: Apply features and fixes missing from the Gentoo patch set. + epatch "${FILESDIR}"/${PV}/${P}-gshadow-handle-erange.patch + epatch "${FILESDIR}"/${PV}/${P}-c-utf8-locale.patch if use hardened ; then # We don't enable these for non-hardened as the output is very terse -- @@ -181,7 +138,7 @@ eblit-src_prepare-post() { # includes backtraces and symbols. einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler" cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-stack_chk_fail.c debug/stack_chk_fail.c || die - cp "${FILESDIR}"/2.20/glibc-2.20-gentoo-chk_fail.c debug/chk_fail.c || die + cp "${FILESDIR}"/2.25/glibc-2.25-gentoo-chk_fail.c debug/chk_fail.c || die if use debug ; then # Allow SIGABRT to dump core on non-hardened systems, or when debug is requested. @@ -190,11 +147,6 @@ eblit-src_prepare-post() { -e '/^CFLAGS-backtrace.c/ iCPPFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \ debug/Makefile || die fi - - # Build various bits with ssp-all - sed -i \ - -e 's:-fstack-protector$:-fstack-protector-all:' \ - */Makefile || die fi case $(gcc-fullversion) in @@ -205,3 +157,38 @@ eblit-src_prepare-post() { ;; esac } + +## COREOS: Redefine some eclass-provided functions for local changes. + +# For reference, this function has been modified to do: +# - Config files are installed by baselayout, not glibc. +# - Install nscd/systemd stuff in /usr. +src_install() { + toolchain-glibc_src_install "$@" + + # Work around #627378 on the boards. + if [[ ${ROOT:-/} =~ ^/build/ ]] ; then + local libm=("${ED}"/usr/lib*/libm-${PV}.so) + libm="${libm[0]:${#ED}}" + if [ -h "${ED}$libm" ] ; then + rm -f "${ED}$libm" + mv "${ED}${libm#/usr}" "${ED}$libm" + fi + fi + + # Use tmpfiles to put nscd.conf in /etc and create directories. + insinto /usr/share/baselayout + if ! in_iuse nscd || use nscd ; then + doins "${S}"/nscd/nscd.conf || die + systemd_newtmpfilesd "${FILESDIR}"/nscd-conf.tmpfiles nscd-conf.conf || die + fi + + # Clean out any default configs. + rm -rf "${ED}"/etc + + # Restore this one for the SDK. + test ! -e "${T}"/00glibc || doenvd "${T}"/00glibc +} + +# Ignore /dev/pts settings, since the chroot has no control over them. +check_devpts() { : ; } diff --git a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml index e6ebe220ca..a953870436 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml +++ b/sdk_container/src/third_party/coreos-overlay/sys-libs/glibc/metadata.xml @@ -6,10 +6,11 @@ Gentoo Toolchain Project + build *all* locales in src_install; this is generally meant for stage building only as it ignores /etc/locale.gen file and can be pretty slow When USE=hardened, allow fortify/stack violations to dump core (SIGABRT) and not kill self (SIGKILL) build memusage and memusagestat tools Build, and enable support for, the Name Service Cache Daemon - Enable obsolete RPC/NIS layers (disabling is experimental -- see bug 381391) + Enable obsolete RPC/NIS layers Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5 enable systemtap static probe points